Fixed heap overflow (CVE-2016-3074)

2016-04-28 12:38:59 +02:00 · 2016-04-28 12:38:59 +02:00 · 8bd65163f5
parent b15c4cf3c5
commit 8bd65163f5
1 changed files with 10 additions and 1 deletions
--- a/gd.spec
+++ b/gd.spec
@ -5,7 +5,7 @@
 Summary:       A graphics library for quick creation of PNG or JPEG images
 Name:          gd
 Version:       2.1.1
-Release:       4%{?prever}%{?short}%{?dist}
+Release:       5%{?prever}%{?short}%{?dist}
 Group:         System Environment/Libraries
 License:       MIT
 URL:           http://libgd.bitbucket.org/
@ -18,9 +18,12 @@ Source0:       https://bitbucket.org/libgd/gd-libgd/downloads/libgd-%{version}%{
 %endif
 # Missing in official archive, need for autoreconf
 Source2:       getver.pl
+# Test data for CVE-2016-3074 test
+Source3:       invalid_neg_size.gd2

 Patch1:        gd-2.1.0-multilib.patch
 Patch2:        gd-2.1.1-libvpx.patch
+Patch3:        gd-heap-overflow.patch

 BuildRequires: freetype-devel
 BuildRequires: fontconfig-devel
@ -79,6 +82,7 @@ files for gd, a graphics library for creating PNG and JPEG graphics.
 %setup -q -n libgd-%{version}%{?prever:-%{prever}}
 %patch1 -p1 -b .mlib
 %patch2 -p1 -b .vpx
+%patch3 -p1

 # Workaround for missing file
 cp %{SOURCE2} config/getver.pl
@ -117,6 +121,8 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libgd.a


 %check
+cp %SOURCE3 tests/gd2/
+
 : Upstream test suite
 make check

@ -147,6 +153,9 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc


 %changelog
+* Thu Apr 28 2016 Marek Skalicky <mskalick@redhat.com> - 2.1.1-5
+- Fixed heap overflow (CVE-2016-3074)
+
 * Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.1-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild