Compare commits
2 Commits
Author | SHA1 | Date |
---|---|---|
Marek Skalický | fd352fa1c0 | |
Remi Collet | 4a3b43888e |
|
@ -8,3 +8,4 @@ gd-2.0.35.tar.bz2
|
|||
/libgd-2.2.2.tar.xz
|
||||
/libgd-2.2.3.tar.xz
|
||||
/libgd-2.2.4.tar.xz
|
||||
/libgd-2.2.5.tar.xz
|
||||
|
|
|
@ -1,42 +0,0 @@
|
|||
From 2b3dd57a6ccb2940f2e9119ae04e14362e2a1f61 Mon Sep 17 00:00:00 2001
|
||||
From: Remi Collet <fedora@famillecollet.com>
|
||||
Date: Fri, 22 Jul 2016 08:14:12 +0200
|
||||
Subject: [PATCH] Fix gd2/gd2_read.c:8:6: error: 'error' may be used
|
||||
uninitialized in this function [-Werror=maybe-uninitialized]
|
||||
|
||||
Also report about any error, not only the last one.
|
||||
---
|
||||
tests/gd2/gd2_read.c | 6 +-----
|
||||
1 file changed, 1 insertion(+), 5 deletions(-)
|
||||
|
||||
diff --git a/tests/gd2/gd2_read.c b/tests/gd2/gd2_read.c
|
||||
index 94fe069..8ce8bd1 100644
|
||||
--- a/tests/gd2/gd2_read.c
|
||||
+++ b/tests/gd2/gd2_read.c
|
||||
@@ -5,7 +5,7 @@
|
||||
|
||||
int main(int argc, char *argv[])
|
||||
{
|
||||
- int error, i = 0;
|
||||
+ int error = 0, i = 0;
|
||||
gdImagePtr im, exp;
|
||||
FILE *fp;
|
||||
char *path[] = {
|
||||
@@ -40,8 +40,6 @@ int main(int argc, char *argv[])
|
||||
gdTestErrorMsg("image %s differs from expected result\n", path[i]);
|
||||
gdImageDestroy(im);
|
||||
error = 1;
|
||||
- } else {
|
||||
- error = 0;
|
||||
}
|
||||
if (exp) {
|
||||
gdImageDestroy(exp);
|
||||
@@ -52,8 +50,6 @@ int main(int argc, char *argv[])
|
||||
gdTestErrorMsg("image %s should have failed to be loaded\n", path[i]);
|
||||
gdImageDestroy(im);
|
||||
error = 1;
|
||||
- } else {
|
||||
- error = 0;
|
||||
}
|
||||
}
|
||||
i++;
|
|
@ -1,50 +0,0 @@
|
|||
From c9b601a658a79e6ea2aad29fbf60ca6e24ccef1e Mon Sep 17 00:00:00 2001
|
||||
From: "Christoph M. Becker" <cmbecker69@gmx.de>
|
||||
Date: Wed, 18 Jan 2017 13:59:02 +0100
|
||||
Subject: [PATCH] Fix build issue regarding INT_MAX
|
||||
|
||||
For portability gd_gd2.c needs to include <limits.h>.
|
||||
---
|
||||
src/gd_gd2.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/src/gd_gd2.c b/src/gd_gd2.c
|
||||
index c2904ca..049c4c5 100644
|
||||
--- a/src/gd_gd2.c
|
||||
+++ b/src/gd_gd2.c
|
||||
@@ -74,6 +74,7 @@
|
||||
|
||||
/* 2.0.29: no more errno.h, makes windows happy */
|
||||
#include <math.h>
|
||||
+#include <limits.h>
|
||||
#include <string.h>
|
||||
#include "gd.h"
|
||||
#include "gd_errors.h"
|
||||
|
||||
|
||||
From 55ac28a293eaa8c531870c8bb8ecc04b333975f4 Mon Sep 17 00:00:00 2001
|
||||
From: "Christoph M. Becker" <cmbecker69@gmx.de>
|
||||
Date: Thu, 19 Jan 2017 01:02:58 +0100
|
||||
Subject: [PATCH] Fix #357: 2.2.4: Segfault in test suite.
|
||||
|
||||
We make sure to never pass a negative `int` as argument to a `size_t`
|
||||
parameter.
|
||||
---
|
||||
src/gd_io_dp.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/src/gd_io_dp.c b/src/gd_io_dp.c
|
||||
index eda2eeb..cb38794 100644
|
||||
--- a/src/gd_io_dp.c
|
||||
+++ b/src/gd_io_dp.c
|
||||
@@ -292,6 +292,10 @@ static int dynamicGetbuf(gdIOCtxPtr ctx, void *buf, int len)
|
||||
rlen = dp->realSize - dp->pos;
|
||||
}
|
||||
|
||||
+ if (rlen < 0) {
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
memcpy(buf, (void *) ((char *)dp->data + dp->pos), rlen);
|
||||
dp->pos += rlen;
|
||||
|
|
@ -0,0 +1,62 @@
|
|||
From a11f47475e6443b7f32d21f2271f28f417e2ac04 Mon Sep 17 00:00:00 2001
|
||||
From: "Christoph M. Becker" <cmbecker69@gmx.de>
|
||||
Date: Wed, 29 Nov 2017 19:37:38 +0100
|
||||
Subject: [PATCH] Fix #420: Potential infinite loop in gdImageCreateFromGifCtx
|
||||
|
||||
Due to a signedness confusion in `GetCode_` a corrupt GIF file can
|
||||
trigger an infinite loop. Furthermore we make sure that a GIF without
|
||||
any palette entries is treated as invalid *after* open palette entries
|
||||
have been removed.
|
||||
|
||||
CVE-2018-5711
|
||||
|
||||
See also https://bugs.php.net/bug.php?id=75571.
|
||||
---
|
||||
src/gd_gif_in.c | 12 ++++++------
|
||||
tests/gif/.gitignore | 1 +
|
||||
tests/gif/CMakeLists.txt | 1 +
|
||||
tests/gif/Makemodule.am | 2 ++
|
||||
tests/gif/php_bug_75571.c | 28 ++++++++++++++++++++++++++++
|
||||
tests/gif/php_bug_75571.gif | Bin 0 -> 1731 bytes
|
||||
6 files changed, 38 insertions(+), 6 deletions(-)
|
||||
create mode 100644 tests/gif/php_bug_75571.c
|
||||
create mode 100644 tests/gif/php_bug_75571.gif
|
||||
|
||||
diff --git a/src/gd_gif_in.c b/src/gd_gif_in.c
|
||||
index daf26e79..0a8bd717 100644
|
||||
--- a/src/gd_gif_in.c
|
||||
+++ b/src/gd_gif_in.c
|
||||
@@ -335,11 +335,6 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromGifCtx(gdIOCtxPtr fd)
|
||||
return 0;
|
||||
}
|
||||
|
||||
- if(!im->colorsTotal) {
|
||||
- gdImageDestroy(im);
|
||||
- return 0;
|
||||
- }
|
||||
-
|
||||
/* Check for open colors at the end, so
|
||||
* we can reduce colorsTotal and ultimately
|
||||
* BitsPerPixel */
|
||||
@@ -351,6 +346,11 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromGifCtx(gdIOCtxPtr fd)
|
||||
}
|
||||
}
|
||||
|
||||
+ if(!im->colorsTotal) {
|
||||
+ gdImageDestroy(im);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
return im;
|
||||
}
|
||||
|
||||
@@ -447,7 +447,7 @@ static int
|
||||
GetCode_(gdIOCtx *fd, CODE_STATIC_DATA *scd, int code_size, int flag, int *ZeroDataBlockP)
|
||||
{
|
||||
int i, j, ret;
|
||||
- unsigned char count;
|
||||
+ int count;
|
||||
|
||||
if(flag) {
|
||||
scd->curbit = 0;
|
||||
|
36
gd.spec
36
gd.spec
|
@ -1,11 +1,7 @@
|
|||
#global prever rc2
|
||||
#global commit 725ba9de4005144d137d2a7a70f760068fc3d306
|
||||
#global short %(c=%{commit}; echo ${c:0:7})
|
||||
|
||||
Summary: A graphics library for quick creation of PNG or JPEG images
|
||||
Name: gd
|
||||
Version: 2.2.4
|
||||
Release: 3%{?prever}%{?short}%{?dist}
|
||||
Version: 2.2.5
|
||||
Release: 2%{?prever}%{?short}%{?dist}
|
||||
Group: System Environment/Libraries
|
||||
License: MIT
|
||||
URL: http://libgd.github.io/
|
||||
|
@ -18,8 +14,8 @@ Source0: https://github.com/libgd/libgd/releases/download/gd-%{version}/li
|
|||
%endif
|
||||
|
||||
Patch1: gd-2.1.0-multilib.patch
|
||||
Patch2: gd-2.2.3-tests.patch
|
||||
Patch3: gd-2.2.4-upstream.patch
|
||||
# CVE-2018-5711 - https://github.com/libgd/libgd/commit/a11f47475e6443b7f32d21f2271f28f417e2ac04
|
||||
Patch2: gd-2.2.5-upstream.patch
|
||||
|
||||
BuildRequires: freetype-devel
|
||||
BuildRequires: fontconfig-devel
|
||||
|
@ -80,16 +76,7 @@ files for gd, a graphics library for creating PNG and JPEG graphics.
|
|||
%prep
|
||||
%setup -q -n libgd-%{version}%{?prever:-%{prever}}
|
||||
%patch1 -p1 -b .mlib
|
||||
%patch2 -p1 -b .build
|
||||
%patch3 -p1 -b .upstream
|
||||
|
||||
%if 0%{?fedora} >= 26
|
||||
# TODO - tests using freetype 2.7 are failing
|
||||
# https://github.com/libgd/libgd/issues/302
|
||||
# https://github.com/libgd/libgd/issues/217
|
||||
sed -i -e "s|libgd_test_programs +=|libgd_freetype_test_program =|" tests/freetype/Makemodule.am
|
||||
sed -i -e "s|libgd_test_programs +=|libgd_freetype_test_program +=|" tests/gdimagestringft/Makemodule.am
|
||||
%endif
|
||||
%patch2 -p1 -b .upstream
|
||||
|
||||
: $(perl config/getver.pl)
|
||||
|
||||
|
@ -138,11 +125,6 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libgd.a
|
|||
# See https://github.com/libgd/libgd/issues/359
|
||||
XFAIL_TESTS="gdimagegrayscale/basic $XFAIL_TESTS"
|
||||
%endif
|
||||
%if 0%{?fedora} >= 26
|
||||
# See https://github.com/libgd/libgd/issues/363
|
||||
XFAIL_TESTS="freetype/bug00132 $XFAIL_TESTS"
|
||||
XFAIL_TESTS="gdimagestringft/gdimagestringft_bbox $XFAIL_TESTS"
|
||||
%endif
|
||||
|
||||
export XFAIL_TESTS
|
||||
|
||||
|
@ -175,6 +157,14 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc
|
|||
|
||||
|
||||
%changelog
|
||||
* Mon Mar 26 2018 Marek Skalický <mskalick@redhat.com> - 2.2.5-2
|
||||
- Fix CVE-2018-5711 - Potential infinite loop in gdImageCreateFromGifCtx
|
||||
|
||||
* Wed Aug 30 2017 Remi Collet <remi@fedoraproject.org> - 2.2.5-1
|
||||
- Update to 2.2.5
|
||||
- fix double-free in gdImagePngPtr(). CVE-2017-6362
|
||||
- fix buffer over-read into uninitialized memory. CVE-2017-7890
|
||||
|
||||
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.4-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
||||
|
||||
|
|
2
sources
2
sources
|
@ -1 +1 @@
|
|||
SHA512 (libgd-2.2.4.tar.xz) = 07903f322c4f6ab392508b0f60c38ca133699111ea92995dc6cd9379210d598bcb24a46c19657884d9e252f8663d0ee8c89c600e3a382a5ae598198c190f39b5
|
||||
SHA512 (libgd-2.2.5.tar.xz) = 946675b0a9dbecdee3dda927d496a35d6b5b071d3252a82cd649db0d959a82fcc65ce067ec34d07eed0e0497cd92cc0d93803609a4854f42d284e950764044d0
|
||||
|
|
Loading…
Reference in New Issue