v2.2.4
This commit is contained in:
parent
e2ae5b49bc
commit
b4e3dcda6c
1
.gitignore
vendored
1
.gitignore
vendored
@ -7,3 +7,4 @@ gd-2.0.35.tar.bz2
|
|||||||
/libgd-2.2.1.tar.xz
|
/libgd-2.2.1.tar.xz
|
||||||
/libgd-2.2.2.tar.xz
|
/libgd-2.2.2.tar.xz
|
||||||
/libgd-2.2.3.tar.xz
|
/libgd-2.2.3.tar.xz
|
||||||
|
/libgd-2.2.4.tar.xz
|
||||||
|
@ -1,26 +0,0 @@
|
|||||||
From 53110871935244816bbb9d131da0bccff734bfe9 Mon Sep 17 00:00:00 2001
|
|
||||||
From: "Christoph M. Becker" <cmbecker69@gmx.de>
|
|
||||||
Date: Wed, 12 Oct 2016 11:15:32 +0200
|
|
||||||
Subject: [PATCH] Avoid potentially dangerous signed to unsigned conversion
|
|
||||||
|
|
||||||
We make sure to never pass a negative `rlen` as size to memcpy(). See
|
|
||||||
also <https://bugs.php.net/bug.php?id=73280>.
|
|
||||||
|
|
||||||
Patch provided by Emmanuel Law.
|
|
||||||
---
|
|
||||||
src/gd_io_dp.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/src/gd_io_dp.c b/src/gd_io_dp.c
|
|
||||||
index 135eda3..228bfa5 100644
|
|
||||||
--- a/src/gd_io_dp.c
|
|
||||||
+++ b/src/gd_io_dp.c
|
|
||||||
@@ -276,7 +276,7 @@ static int dynamicGetbuf(gdIOCtxPtr ctx, void *buf, int len)
|
|
||||||
if(remain >= len) {
|
|
||||||
rlen = len;
|
|
||||||
} else {
|
|
||||||
- if(remain == 0) {
|
|
||||||
+ if(remain <= 0) {
|
|
||||||
/* 2.0.34: EOF is incorrect. We use 0 for
|
|
||||||
* errors and EOF, just like fileGetbuf,
|
|
||||||
* which is a simple fread() wrapper.
|
|
@ -1,33 +0,0 @@
|
|||||||
From 2806adfdc27a94d333199345394d7c302952b95f Mon Sep 17 00:00:00 2001
|
|
||||||
From: trylab <trylab@users.noreply.github.com>
|
|
||||||
Date: Tue, 6 Sep 2016 18:35:32 +0800
|
|
||||||
Subject: [PATCH] Fix integer overflow in gdImageWebpCtx
|
|
||||||
|
|
||||||
Integer overflow can be happened in expression gdImageSX(im) * 4 *
|
|
||||||
gdImageSY(im). It could lead to heap buffer overflow in the following
|
|
||||||
code. This issue has been reported to the PHP Bug Tracking System. The
|
|
||||||
proof-of-concept file will be supplied some days later. This issue was
|
|
||||||
discovered by Ke Liu of Tencent's Xuanwu LAB.
|
|
||||||
---
|
|
||||||
src/gd_webp.c | 8 ++++++++
|
|
||||||
1 file changed, 8 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/src/gd_webp.c b/src/gd_webp.c
|
|
||||||
index 8eb4dee..9886399 100644
|
|
||||||
--- a/src/gd_webp.c
|
|
||||||
+++ b/src/gd_webp.c
|
|
||||||
@@ -199,6 +199,14 @@ BGD_DECLARE(void) gdImageWebpCtx (gdImagePtr im, gdIOCtx * outfile, int quality)
|
|
||||||
quantization = 80;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if (overflow2(gdImageSX(im), 4)) {
|
|
||||||
+ return;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (overflow2(gdImageSX(im) * 4, gdImageSY(im))) {
|
|
||||||
+ return;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
argb = (uint8_t *)gdMalloc(gdImageSX(im) * 4 * gdImageSY(im));
|
|
||||||
if (!argb) {
|
|
||||||
return;
|
|
50
gd-2.2.4-upstream.patch
Normal file
50
gd-2.2.4-upstream.patch
Normal file
@ -0,0 +1,50 @@
|
|||||||
|
From c9b601a658a79e6ea2aad29fbf60ca6e24ccef1e Mon Sep 17 00:00:00 2001
|
||||||
|
From: "Christoph M. Becker" <cmbecker69@gmx.de>
|
||||||
|
Date: Wed, 18 Jan 2017 13:59:02 +0100
|
||||||
|
Subject: [PATCH] Fix build issue regarding INT_MAX
|
||||||
|
|
||||||
|
For portability gd_gd2.c needs to include <limits.h>.
|
||||||
|
---
|
||||||
|
src/gd_gd2.c | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/src/gd_gd2.c b/src/gd_gd2.c
|
||||||
|
index c2904ca..049c4c5 100644
|
||||||
|
--- a/src/gd_gd2.c
|
||||||
|
+++ b/src/gd_gd2.c
|
||||||
|
@@ -74,6 +74,7 @@
|
||||||
|
|
||||||
|
/* 2.0.29: no more errno.h, makes windows happy */
|
||||||
|
#include <math.h>
|
||||||
|
+#include <limits.h>
|
||||||
|
#include <string.h>
|
||||||
|
#include "gd.h"
|
||||||
|
#include "gd_errors.h"
|
||||||
|
|
||||||
|
|
||||||
|
From 55ac28a293eaa8c531870c8bb8ecc04b333975f4 Mon Sep 17 00:00:00 2001
|
||||||
|
From: "Christoph M. Becker" <cmbecker69@gmx.de>
|
||||||
|
Date: Thu, 19 Jan 2017 01:02:58 +0100
|
||||||
|
Subject: [PATCH] Fix #357: 2.2.4: Segfault in test suite.
|
||||||
|
|
||||||
|
We make sure to never pass a negative `int` as argument to a `size_t`
|
||||||
|
parameter.
|
||||||
|
---
|
||||||
|
src/gd_io_dp.c | 4 ++++
|
||||||
|
1 file changed, 4 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/gd_io_dp.c b/src/gd_io_dp.c
|
||||||
|
index eda2eeb..cb38794 100644
|
||||||
|
--- a/src/gd_io_dp.c
|
||||||
|
+++ b/src/gd_io_dp.c
|
||||||
|
@@ -292,6 +292,10 @@ static int dynamicGetbuf(gdIOCtxPtr ctx, void *buf, int len)
|
||||||
|
rlen = dp->realSize - dp->pos;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if (rlen < 0) {
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
memcpy(buf, (void *) ((char *)dp->data + dp->pos), rlen);
|
||||||
|
dp->pos += rlen;
|
||||||
|
|
Binary file not shown.
33
gd.spec
33
gd.spec
@ -4,8 +4,8 @@
|
|||||||
|
|
||||||
Summary: A graphics library for quick creation of PNG or JPEG images
|
Summary: A graphics library for quick creation of PNG or JPEG images
|
||||||
Name: gd
|
Name: gd
|
||||||
Version: 2.2.3
|
Version: 2.2.4
|
||||||
Release: 5%{?prever}%{?short}%{?dist}
|
Release: 1%{?prever}%{?short}%{?dist}
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
License: MIT
|
License: MIT
|
||||||
URL: http://libgd.github.io/
|
URL: http://libgd.github.io/
|
||||||
@ -19,11 +19,7 @@ Source0: https://github.com/libgd/libgd/releases/download/gd-%{version}/li
|
|||||||
|
|
||||||
Patch1: gd-2.1.0-multilib.patch
|
Patch1: gd-2.1.0-multilib.patch
|
||||||
Patch2: gd-2.2.3-tests.patch
|
Patch2: gd-2.2.3-tests.patch
|
||||||
Patch3: gd-2.2.3-overflow-in-gdImageWebpCtx.patch
|
Patch3: gd-2.2.4-upstream.patch
|
||||||
Patch4: gd-2.2.3-dynamicGetbuf-negative-rlen.patch
|
|
||||||
# TODO - created by one of upstream maintainers, but not in upstream yet
|
|
||||||
# https://github.com/libgd/libgd/pull/353
|
|
||||||
Patch5: gd-2.2.x-fix-invalid-read-in-gdImageCreateFromTiffPtr.patch
|
|
||||||
|
|
||||||
BuildRequires: freetype-devel
|
BuildRequires: freetype-devel
|
||||||
BuildRequires: fontconfig-devel
|
BuildRequires: fontconfig-devel
|
||||||
@ -39,6 +35,8 @@ BuildRequires: pkgconfig
|
|||||||
BuildRequires: libtool
|
BuildRequires: libtool
|
||||||
BuildRequires: perl
|
BuildRequires: perl
|
||||||
BuildRequires: perl-generators
|
BuildRequires: perl-generators
|
||||||
|
# for fontconfig/basic test
|
||||||
|
BuildRequires: liberation-sans-fonts
|
||||||
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
@ -83,10 +81,7 @@ files for gd, a graphics library for creating PNG and JPEG graphics.
|
|||||||
%setup -q -n libgd-%{version}%{?prever:-%{prever}}
|
%setup -q -n libgd-%{version}%{?prever:-%{prever}}
|
||||||
%patch1 -p1 -b .mlib
|
%patch1 -p1 -b .mlib
|
||||||
%patch2 -p1 -b .build
|
%patch2 -p1 -b .build
|
||||||
%patch3 -p1 -b .gdImageWebpCtx
|
%patch3 -p1 -b .upstream
|
||||||
%patch4 -p1 -b .dynamicGetbuf
|
|
||||||
# Patch5 adds some non-text files (.tiff)
|
|
||||||
patch -p1 --binary < %{PATCH5}
|
|
||||||
|
|
||||||
%if 0%{?fedora} >= 26
|
%if 0%{?fedora} >= 26
|
||||||
# TODO - tests using freetype 2.7 are failing
|
# TODO - tests using freetype 2.7 are failing
|
||||||
@ -139,6 +134,18 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libgd.a
|
|||||||
|
|
||||||
|
|
||||||
%check
|
%check
|
||||||
|
%ifarch %{ix86}
|
||||||
|
# See https://github.com/libgd/libgd/issues/359
|
||||||
|
XFAIL_TESTS="gdimagegrayscale/basic $XFAIL_TESTS"
|
||||||
|
%endif
|
||||||
|
%if 0%{?fedora} >= 26
|
||||||
|
# See https://github.com/libgd/libgd/issues/363
|
||||||
|
XFAIL_TESTS="freetype/bug00132 $XFAIL_TESTS"
|
||||||
|
XFAIL_TESTS="gdimagestringft/gdimagestringft_bbox $XFAIL_TESTS"
|
||||||
|
%endif
|
||||||
|
|
||||||
|
export XFAIL_TESTS
|
||||||
|
|
||||||
: Upstream test suite
|
: Upstream test suite
|
||||||
make check
|
make check
|
||||||
|
|
||||||
@ -161,7 +168,6 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc
|
|||||||
%exclude %{_bindir}/gdlib-config
|
%exclude %{_bindir}/gdlib-config
|
||||||
|
|
||||||
%files devel
|
%files devel
|
||||||
%doc ChangeLog
|
|
||||||
%{_bindir}/gdlib-config
|
%{_bindir}/gdlib-config
|
||||||
%{_includedir}/*
|
%{_includedir}/*
|
||||||
%{_libdir}/*.so
|
%{_libdir}/*.so
|
||||||
@ -169,6 +175,9 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Jan 18 2017 Remi Collet <remi@fedoraproject.org> - 2.2.4-1
|
||||||
|
- Update to 2.2.4
|
||||||
|
|
||||||
* Tue Dec 06 2016 Marek Skalický <mskalick@redhat.com> - 2.2.3-5
|
* Tue Dec 06 2016 Marek Skalický <mskalick@redhat.com> - 2.2.3-5
|
||||||
- Fix invalid read in gdImageCreateFromTiffPtr() ( CVE-2016-6911)
|
- Fix invalid read in gdImageCreateFromTiffPtr() ( CVE-2016-6911)
|
||||||
- Disable tests using freetype in Fedora 26 (freetype > 2.6)
|
- Disable tests using freetype in Fedora 26 (freetype > 2.6)
|
||||||
|
Loading…
Reference in New Issue
Block a user