v2.2.4
This commit is contained in:
Remi Collet
parent
e2ae5b49bc
commit
b4e3dcda6c
1
.gitignore
vendored
1
.gitignore
vendored
@ -7,3 +7,4 @@ gd-2.0.35.tar.bz2
|
||||
/libgd-2.2.1.tar.xz
|
||||
/libgd-2.2.2.tar.xz
|
||||
/libgd-2.2.3.tar.xz
|
||||
/libgd-2.2.4.tar.xz
|
||||
|
||||
@ -1,26 +0,0 @@
|
||||
From 53110871935244816bbb9d131da0bccff734bfe9 Mon Sep 17 00:00:00 2001
|
||||
From: "Christoph M. Becker" <cmbecker69@gmx.de>
|
||||
Date: Wed, 12 Oct 2016 11:15:32 +0200
|
||||
Subject: [PATCH] Avoid potentially dangerous signed to unsigned conversion
|
||||
|
||||
We make sure to never pass a negative `rlen` as size to memcpy(). See
|
||||
also <https://bugs.php.net/bug.php?id=73280>.
|
||||
|
||||
Patch provided by Emmanuel Law.
|
||||
---
|
||||
src/gd_io_dp.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/gd_io_dp.c b/src/gd_io_dp.c
|
||||
index 135eda3..228bfa5 100644
|
||||
--- a/src/gd_io_dp.c
|
||||
+++ b/src/gd_io_dp.c
|
||||
@@ -276,7 +276,7 @@ static int dynamicGetbuf(gdIOCtxPtr ctx, void *buf, int len)
|
||||
if(remain >= len) {
|
||||
rlen = len;
|
||||
} else {
|
||||
- if(remain == 0) {
|
||||
+ if(remain <= 0) {
|
||||
/* 2.0.34: EOF is incorrect. We use 0 for
|
||||
* errors and EOF, just like fileGetbuf,
|
||||
* which is a simple fread() wrapper.
|
||||
@ -1,33 +0,0 @@
|
||||
From 2806adfdc27a94d333199345394d7c302952b95f Mon Sep 17 00:00:00 2001
|
||||
From: trylab <trylab@users.noreply.github.com>
|
||||
Date: Tue, 6 Sep 2016 18:35:32 +0800
|
||||
Subject: [PATCH] Fix integer overflow in gdImageWebpCtx
|
||||
|
||||
Integer overflow can be happened in expression gdImageSX(im) * 4 *
|
||||
gdImageSY(im). It could lead to heap buffer overflow in the following
|
||||
code. This issue has been reported to the PHP Bug Tracking System. The
|
||||
proof-of-concept file will be supplied some days later. This issue was
|
||||
discovered by Ke Liu of Tencent's Xuanwu LAB.
|
||||
---
|
||||
src/gd_webp.c | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/src/gd_webp.c b/src/gd_webp.c
|
||||
index 8eb4dee..9886399 100644
|
||||
--- a/src/gd_webp.c
|
||||
+++ b/src/gd_webp.c
|
||||
@@ -199,6 +199,14 @@ BGD_DECLARE(void) gdImageWebpCtx (gdImagePtr im, gdIOCtx * outfile, int quality)
|
||||
quantization = 80;
|
||||
}
|
||||
|
||||
+ if (overflow2(gdImageSX(im), 4)) {
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ if (overflow2(gdImageSX(im) * 4, gdImageSY(im))) {
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
argb = (uint8_t *)gdMalloc(gdImageSX(im) * 4 * gdImageSY(im));
|
||||
if (!argb) {
|
||||
return;
|
||||
50
gd-2.2.4-upstream.patch
Normal file
50
gd-2.2.4-upstream.patch
Normal file
@ -0,0 +1,50 @@
|
||||
From c9b601a658a79e6ea2aad29fbf60ca6e24ccef1e Mon Sep 17 00:00:00 2001
|
||||
From: "Christoph M. Becker" <cmbecker69@gmx.de>
|
||||
Date: Wed, 18 Jan 2017 13:59:02 +0100
|
||||
Subject: [PATCH] Fix build issue regarding INT_MAX
|
||||
|
||||
For portability gd_gd2.c needs to include <limits.h>.
|
||||
---
|
||||
src/gd_gd2.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/src/gd_gd2.c b/src/gd_gd2.c
|
||||
index c2904ca..049c4c5 100644
|
||||
--- a/src/gd_gd2.c
|
||||
+++ b/src/gd_gd2.c
|
||||
@@ -74,6 +74,7 @@
|
||||
|
||||
/* 2.0.29: no more errno.h, makes windows happy */
|
||||
#include <math.h>
|
||||
+#include <limits.h>
|
||||
#include <string.h>
|
||||
#include "gd.h"
|
||||
#include "gd_errors.h"
|
||||
|
||||
|
||||
From 55ac28a293eaa8c531870c8bb8ecc04b333975f4 Mon Sep 17 00:00:00 2001
|
||||
From: "Christoph M. Becker" <cmbecker69@gmx.de>
|
||||
Date: Thu, 19 Jan 2017 01:02:58 +0100
|
||||
Subject: [PATCH] Fix #357: 2.2.4: Segfault in test suite.
|
||||
|
||||
We make sure to never pass a negative `int` as argument to a `size_t`
|
||||
parameter.
|
||||
---
|
||||
src/gd_io_dp.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/src/gd_io_dp.c b/src/gd_io_dp.c
|
||||
index eda2eeb..cb38794 100644
|
||||
--- a/src/gd_io_dp.c
|
||||
+++ b/src/gd_io_dp.c
|
||||
@@ -292,6 +292,10 @@ static int dynamicGetbuf(gdIOCtxPtr ctx, void *buf, int len)
|
||||
rlen = dp->realSize - dp->pos;
|
||||
}
|
||||
|
||||
+ if (rlen < 0) {
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
memcpy(buf, (void *) ((char *)dp->data + dp->pos), rlen);
|
||||
dp->pos += rlen;
|
||||
|
||||
Binary file not shown.
33
gd.spec
33
gd.spec
@ -4,8 +4,8 @@
|
||||
|
||||
Summary: A graphics library for quick creation of PNG or JPEG images
|
||||
Name: gd
|
||||
Version: 2.2.3
|
||||
Release: 5%{?prever}%{?short}%{?dist}
|
||||
Version: 2.2.4
|
||||
Release: 1%{?prever}%{?short}%{?dist}
|
||||
Group: System Environment/Libraries
|
||||
License: MIT
|
||||
URL: http://libgd.github.io/
|
||||
@ -19,11 +19,7 @@ Source0: https://github.com/libgd/libgd/releases/download/gd-%{version}/li
|
||||
|
||||
Patch1: gd-2.1.0-multilib.patch
|
||||
Patch2: gd-2.2.3-tests.patch
|
||||
Patch3: gd-2.2.3-overflow-in-gdImageWebpCtx.patch
|
||||
Patch4: gd-2.2.3-dynamicGetbuf-negative-rlen.patch
|
||||
# TODO - created by one of upstream maintainers, but not in upstream yet
|
||||
# https://github.com/libgd/libgd/pull/353
|
||||
Patch5: gd-2.2.x-fix-invalid-read-in-gdImageCreateFromTiffPtr.patch
|
||||
Patch3: gd-2.2.4-upstream.patch
|
||||
|
||||
BuildRequires: freetype-devel
|
||||
BuildRequires: fontconfig-devel
|
||||
@ -39,6 +35,8 @@ BuildRequires: pkgconfig
|
||||
BuildRequires: libtool
|
||||
BuildRequires: perl
|
||||
BuildRequires: perl-generators
|
||||
# for fontconfig/basic test
|
||||
BuildRequires: liberation-sans-fonts
|
||||
|
||||
|
||||
%description
|
||||
@ -83,10 +81,7 @@ files for gd, a graphics library for creating PNG and JPEG graphics.
|
||||
%setup -q -n libgd-%{version}%{?prever:-%{prever}}
|
||||
%patch1 -p1 -b .mlib
|
||||
%patch2 -p1 -b .build
|
||||
%patch3 -p1 -b .gdImageWebpCtx
|
||||
%patch4 -p1 -b .dynamicGetbuf
|
||||
# Patch5 adds some non-text files (.tiff)
|
||||
patch -p1 --binary < %{PATCH5}
|
||||
%patch3 -p1 -b .upstream
|
||||
|
||||
%if 0%{?fedora} >= 26
|
||||
# TODO - tests using freetype 2.7 are failing
|
||||
@ -139,6 +134,18 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libgd.a
|
||||
|
||||
|
||||
%check
|
||||
%ifarch %{ix86}
|
||||
# See https://github.com/libgd/libgd/issues/359
|
||||
XFAIL_TESTS="gdimagegrayscale/basic $XFAIL_TESTS"
|
||||
%endif
|
||||
%if 0%{?fedora} >= 26
|
||||
# See https://github.com/libgd/libgd/issues/363
|
||||
XFAIL_TESTS="freetype/bug00132 $XFAIL_TESTS"
|
||||
XFAIL_TESTS="gdimagestringft/gdimagestringft_bbox $XFAIL_TESTS"
|
||||
%endif
|
||||
|
||||
export XFAIL_TESTS
|
||||
|
||||
: Upstream test suite
|
||||
make check
|
||||
|
||||
@ -161,7 +168,6 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc
|
||||
%exclude %{_bindir}/gdlib-config
|
||||
|
||||
%files devel
|
||||
%doc ChangeLog
|
||||
%{_bindir}/gdlib-config
|
||||
%{_includedir}/*
|
||||
%{_libdir}/*.so
|
||||
@ -169,6 +175,9 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc
|
||||
|
||||
|
||||
%changelog
|
||||
* Wed Jan 18 2017 Remi Collet <remi@fedoraproject.org> - 2.2.4-1
|
||||
- Update to 2.2.4
|
||||
|
||||
* Tue Dec 06 2016 Marek Skalický <mskalick@redhat.com> - 2.2.3-5
|
||||
- Fix invalid read in gdImageCreateFromTiffPtr() ( CVE-2016-6911)
|
||||
- Disable tests using freetype in Fedora 26 (freetype > 2.6)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user