[arch-commits] Commit in gd/repos/extra-x86_64 (6 files)

Pierre Schmitz pierre at archlinux.org
Sun May 12 09:04:27 UTC 2019


    Date: Sunday, May 12, 2019 @ 09:04:27
  Author: pierre
Revision: 352912

archrelease: copy trunk to extra-x86_64

Added:
  gd/repos/extra-x86_64/PKGBUILD
    (from rev 352911, gd/trunk/PKGBUILD)
  gd/repos/extra-x86_64/gd-CVE-2018-1000222.patch
    (from rev 352911, gd/trunk/gd-CVE-2018-1000222.patch)
  gd/repos/extra-x86_64/gd-CVE-2018-5711.patch
    (from rev 352911, gd/trunk/gd-CVE-2018-5711.patch)
  gd/repos/extra-x86_64/gd-CVE-2019-6977.patch
    (from rev 352911, gd/trunk/gd-CVE-2019-6977.patch)
  gd/repos/extra-x86_64/gd-CVE-2019-6978.patch
    (from rev 352911, gd/trunk/gd-CVE-2019-6978.patch)
Deleted:
  gd/repos/extra-x86_64/PKGBUILD

---------------------------+
 PKGBUILD                  |   84 +++++++++++--------
 gd-CVE-2018-1000222.patch |   64 +++++++++++++++
 gd-CVE-2018-5711.patch    |   37 ++++++++
 gd-CVE-2019-6977.patch    |   15 +++
 gd-CVE-2019-6978.patch    |  187 ++++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 352 insertions(+), 35 deletions(-)

Deleted: PKGBUILD
===================================================================
--- PKGBUILD	2019-05-12 09:04:13 UTC (rev 352911)
+++ PKGBUILD	2019-05-12 09:04:27 UTC (rev 352912)
@@ -1,35 +0,0 @@
-# $Id$
-# Maintainer: Pierre Schmitz <pierre at archlinux.de>
-
-pkgname=gd
-pkgver=2.2.5
-pkgrel=1
-pkgdesc="Library for the dynamic creation of images by programmers"
-arch=('i686' 'x86_64')
-url="http://www.libgd.org/"
-license=('custom')
-depends=('fontconfig' 'libxpm' 'libwebp')
-optdepends=('perl: bdftogd script')
-checkdepends=('ttf-liberation')
-source=("https://github.com/libgd/libgd/releases/download/gd-${pkgver}/libgd-${pkgver}.tar.xz")
-md5sums=('8d8d6a6189513ecee6e893b1fb109bf8')
-
-build() {
-  cd libgd-${pkgver}
-  ./configure \
-    --prefix=/usr \
-    --disable-rpath
-  make
-}
-
-check() {
-  cd libgd-${pkgver}
-  # see https://github.com/libgd/libgd/issues/302
-  [[ ${CARCH} == 'i686' ]] || FREETYPE_PROPERTIES='truetype:interpreter-version=35' make check
-}
-
-package() {
-  cd libgd-${pkgver}
-  make DESTDIR="${pkgdir}" install
-  install -D -m644 COPYING "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
-}

Copied: gd/repos/extra-x86_64/PKGBUILD (from rev 352911, gd/trunk/PKGBUILD)
===================================================================
--- PKGBUILD	                        (rev 0)
+++ PKGBUILD	2019-05-12 09:04:27 UTC (rev 352912)
@@ -0,0 +1,49 @@
+# Maintainer: Pierre Schmitz <pierre at archlinux.de>
+
+pkgname=gd
+pkgver=2.2.5
+pkgrel=2
+pkgdesc="Library for the dynamic creation of images by programmers"
+arch=('x86_64')
+url="https://libgd.github.io/"
+license=('custom')
+depends=('fontconfig' 'libxpm' 'libwebp')
+optdepends=('perl: bdftogd script')
+checkdepends=('ttf-liberation')
+source=("https://github.com/libgd/libgd/releases/download/gd-${pkgver}/libgd-${pkgver}.tar.xz"
+        'gd-CVE-2018-1000222.patch' 'gd-CVE-2018-5711.patch'
+        'gd-CVE-2019-6977.patch' 'gd-CVE-2019-6978.patch')
+sha1sums=('b777b005c401b6fa310ccf09eeb29f6c6e17ab2c'
+          'f17097d44735face67cf5eb3c85878f45d0f72c9'
+          '4a4c0acc19ee4d5ceb6dd8b090b65381a39bf18e'
+          'bd2444b04cf648d9bc60268f0c890c5950a46d36'
+          'fc04932562f7a806a6041605bde43976c173a646')
+
+prepare() {
+  cd libgd-${pkgver}
+  # security patches from openSUSE:
+  # https://build.opensuse.org/package/show/openSUSE:Factory/gd
+  patch -p1 -i "${srcdir}/gd-CVE-2018-1000222.patch"
+  patch -p1 -i "${srcdir}/gd-CVE-2018-5711.patch"
+  patch -p1 -i "${srcdir}/gd-CVE-2019-6977.patch"
+  patch -p1 -i "${srcdir}/gd-CVE-2019-6978.patch"
+}
+
+build() {
+  cd libgd-${pkgver}
+  ./configure \
+    --prefix=/usr \
+    --disable-rpath
+  make
+}
+
+check() {
+  cd libgd-${pkgver}
+  make check
+}
+
+package() {
+  cd libgd-${pkgver}
+  make DESTDIR="${pkgdir}" install
+  install -D -m644 COPYING "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
+}

Copied: gd/repos/extra-x86_64/gd-CVE-2018-1000222.patch (from rev 352911, gd/trunk/gd-CVE-2018-1000222.patch)
===================================================================
--- gd-CVE-2018-1000222.patch	                        (rev 0)
+++ gd-CVE-2018-1000222.patch	2019-05-12 09:04:27 UTC (rev 352912)
@@ -0,0 +1,64 @@
+diff --git a/src/gd_bmp.c b/src/gd_bmp.c
+index bde0b9d3..78f40d9a 100644
+--- a/src/gd_bmp.c
++++ b/src/gd_bmp.c
+@@ -47,6 +47,8 @@ static int bmp_read_4bit(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info, bmp
+ static int bmp_read_8bit(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info, bmp_hdr_t *header);
+ static int bmp_read_rle(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info);
+ 
++static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression);
++
+ #define BMP_DEBUG(s)
+ 
+ static int gdBMPPutWord(gdIOCtx *out, int w)
+@@ -87,8 +89,10 @@ BGD_DECLARE(void *) gdImageBmpPtr(gdImagePtr im, int *size, int compression)
+ 	void *rv;
+ 	gdIOCtx *out = gdNewDynamicCtx(2048, NULL);
+ 	if (out == NULL) return NULL;
+-	gdImageBmpCtx(im, out, compression);
+-	rv = gdDPExtractData(out, size);
++	if (!_gdImageBmpCtx(im, out, compression))
++		rv = gdDPExtractData(out, size);
++	else
++		rv = NULL;
+ 	out->gd_free(out);
+ 	return rv;
+ }
+@@ -141,6 +145,11 @@ BGD_DECLARE(void) gdImageBmp(gdImagePtr im, FILE *outFile, int compression)
+ 		compression - whether to apply RLE or not.
+ */
+ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
++{
++	_gdImageBmpCtx(im, out, compression);
++}
++
++static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
+ {
+ 	int bitmap_size = 0, info_size, total_size, padding;
+ 	int i, row, xpos, pixel;
+@@ -148,6 +157,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
+ 	unsigned char *uncompressed_row = NULL, *uncompressed_row_start = NULL;
+ 	FILE *tmpfile_for_compression = NULL;
+ 	gdIOCtxPtr out_original = NULL;
++	int ret = 1;
+ 
+ 	/* No compression if its true colour or we don't support seek */
+ 	if (im->trueColor) {
+@@ -325,6 +335,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
+ 		out_original = NULL;
+ 	}
+ 
++	ret = 0;
+ cleanup:
+ 	if (tmpfile_for_compression) {
+ #ifdef _WIN32
+@@ -338,7 +349,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
+ 	if (out_original) {
+ 		out_original->gd_free(out_original);
+ 	}
+-	return;
++	return ret;
+ }
+ 
+ static int compress_row(unsigned char *row, int length)
+

Copied: gd/repos/extra-x86_64/gd-CVE-2018-5711.patch (from rev 352911, gd/trunk/gd-CVE-2018-5711.patch)
===================================================================
--- gd-CVE-2018-5711.patch	                        (rev 0)
+++ gd-CVE-2018-5711.patch	2019-05-12 09:04:27 UTC (rev 352912)
@@ -0,0 +1,37 @@
+Index: libgd-2.2.5/src/gd_gif_in.c
+===================================================================
+--- libgd-2.2.5.orig/src/gd_gif_in.c	2018-01-22 15:19:35.417382486 +0100
++++ libgd-2.2.5/src/gd_gif_in.c	2018-01-22 15:21:28.683291084 +0100
+@@ -335,11 +335,6 @@ terminated:
+ 		return 0;
+ 	}
+ 
+-	if(!im->colorsTotal) {
+-		gdImageDestroy(im);
+-		return 0;
+-	}
+-
+ 	/* Check for open colors at the end, so
+ 	 * we can reduce colorsTotal and ultimately
+ 	 * BitsPerPixel */
+@@ -351,6 +346,11 @@ terminated:
+ 		}
+ 	}
+ 
++	if(!im->colorsTotal) {
++		gdImageDestroy(im);
++		return 0;
++	}
++
+ 	return im;
+ }
+ 
+@@ -447,7 +447,7 @@ static int
+ GetCode_(gdIOCtx *fd, CODE_STATIC_DATA *scd, int code_size, int flag, int *ZeroDataBlockP)
+ {
+ 	int i, j, ret;
+-	unsigned char count;
++	int count;
+ 
+ 	if(flag) {
+ 		scd->curbit = 0;

Copied: gd/repos/extra-x86_64/gd-CVE-2019-6977.patch (from rev 352911, gd/trunk/gd-CVE-2019-6977.patch)
===================================================================
--- gd-CVE-2019-6977.patch	                        (rev 0)
+++ gd-CVE-2019-6977.patch	2019-05-12 09:04:27 UTC (rev 352912)
@@ -0,0 +1,15 @@
+Index: libgd-2.2.5/src/gd_color_match.c
+===================================================================
+--- libgd-2.2.5.orig/src/gd_color_match.c	2019-01-31 12:56:44.944336318 +0100
++++ libgd-2.2.5/src/gd_color_match.c	2019-01-31 12:58:11.368836899 +0100
+@@ -31,8 +31,8 @@ BGD_DECLARE(int) gdImageColorMatch (gdIm
+ 		return -4; /* At least 1 color must be allocated */
+ 	}
+ 
+-	buf = (unsigned long *)gdMalloc(sizeof(unsigned long) * 5 * im2->colorsTotal);
+-	memset (buf, 0, sizeof(unsigned long) * 5 * im2->colorsTotal );
++	buf = (unsigned long *)gdMalloc(sizeof(unsigned long) * 5 * gdMaxColors);
++	memset (buf, 0, sizeof(unsigned long) * 5 * gdMaxColors );
+ 
+ 	for (x=0; x < im1->sx; x++) {
+ 		for( y=0; y<im1->sy; y++ ) {

Copied: gd/repos/extra-x86_64/gd-CVE-2019-6978.patch (from rev 352911, gd/trunk/gd-CVE-2019-6978.patch)
===================================================================
--- gd-CVE-2019-6978.patch	                        (rev 0)
+++ gd-CVE-2019-6978.patch	2019-05-12 09:04:27 UTC (rev 352912)
@@ -0,0 +1,187 @@
+Index: libgd-2.2.5/src/gd_gif_out.c
+===================================================================
+--- libgd-2.2.5.orig/src/gd_gif_out.c	2017-08-30 13:05:54.000000000 +0200
++++ libgd-2.2.5/src/gd_gif_out.c	2019-01-31 09:47:44.703693790 +0100
+@@ -99,6 +99,7 @@ static void char_init(GifCtx *ctx);
+ static void char_out(int c, GifCtx *ctx);
+ static void flush_char(GifCtx *ctx);
+ 
++static int _gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out);
+ 
+ 
+ 
+@@ -131,8 +132,11 @@ BGD_DECLARE(void *) gdImageGifPtr(gdImag
+ 	void *rv;
+ 	gdIOCtx *out = gdNewDynamicCtx(2048, NULL);
+ 	if (out == NULL) return NULL;
+-	gdImageGifCtx(im, out);
+-	rv = gdDPExtractData(out, size);
++	if (!_gdImageGifCtx(im, out)) {
++		rv = gdDPExtractData(out, size);
++	} else {
++		rv = NULL;
++	}
+ 	out->gd_free(out);
+ 	return rv;
+ }
+@@ -221,6 +225,12 @@ BGD_DECLARE(void) gdImageGif(gdImagePtr
+ */
+ BGD_DECLARE(void) gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out)
+ {
++	_gdImageGifCtx(im, out);
++}
++
++/* returns 0 on success, 1 on failure */
++static int _gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out)
++{
+ 	gdImagePtr pim = 0, tim = im;
+ 	int interlace, BitsPerPixel;
+ 	interlace = im->interlace;
+@@ -231,7 +241,7 @@ BGD_DECLARE(void) gdImageGifCtx(gdImageP
+ 		based temporary image. */
+ 		pim = gdImageCreatePaletteFromTrueColor(im, 1, 256);
+ 		if(!pim) {
+-			return;
++			return 1;
+ 		}
+ 		tim = pim;
+ 	}
+@@ -247,6 +257,8 @@ BGD_DECLARE(void) gdImageGifCtx(gdImageP
+ 		/* Destroy palette based temporary image. */
+ 		gdImageDestroy(	pim);
+ 	}
++
++	return 0;
+ }
+ 
+ 
+Index: libgd-2.2.5/src/gd_jpeg.c
+===================================================================
+--- libgd-2.2.5.orig/src/gd_jpeg.c	2017-08-30 13:05:54.000000000 +0200
++++ libgd-2.2.5/src/gd_jpeg.c	2019-01-31 09:47:44.707693815 +0100
+@@ -123,6 +123,8 @@ static void fatal_jpeg_error(j_common_pt
+ 	exit(99);
+ }
+ 
++static int _gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality);
++
+ /*
+  * Write IM to OUTFILE as a JFIF-formatted JPEG image, using quality
+  * QUALITY.  If QUALITY is in the range 0-100, increasing values
+@@ -237,8 +239,11 @@ BGD_DECLARE(void *) gdImageJpegPtr(gdIma
+ 	void *rv;
+ 	gdIOCtx *out = gdNewDynamicCtx(2048, NULL);
+ 	if (out == NULL) return NULL;
+-	gdImageJpegCtx(im, out, quality);
+-	rv = gdDPExtractData(out, size);
++	if (!_gdImageJpegCtx(im, out, quality)) {
++		rv = gdDPExtractData(out, size);
++	} else {
++		rv = NULL;
++	}
+ 	out->gd_free(out);
+ 	return rv;
+ }
+@@ -260,6 +265,12 @@ void jpeg_gdIOCtx_dest(j_compress_ptr ci
+ */
+ BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality)
+ {
++	_gdImageJpegCtx(im, outfile, quality);
++}
++
++/* returns 0 on success, 1 on failure */
++static int _gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality)
++{
+ 	struct jpeg_compress_struct cinfo;
+ 	struct jpeg_error_mgr jerr;
+ 	int i, j, jidx;
+@@ -293,7 +304,7 @@ BGD_DECLARE(void) gdImageJpegCtx(gdImage
+ 		if(row) {
+ 			gdFree(row);
+ 		}
+-		return;
++		return 1;
+ 	}
+ 
+ 	cinfo.err->emit_message = jpeg_emit_message;
+@@ -334,7 +345,7 @@ BGD_DECLARE(void) gdImageJpegCtx(gdImage
+ 	if(row == 0) {
+ 		gd_error("gd-jpeg: error: unable to allocate JPEG row structure: gdCalloc returns NULL\n");
+ 		jpeg_destroy_compress(&cinfo);
+-		return;
++		return 1;
+ 	}
+ 
+ 	rowptr[0] = row;
+@@ -411,6 +422,7 @@ BGD_DECLARE(void) gdImageJpegCtx(gdImage
+ 	jpeg_finish_compress(&cinfo);
+ 	jpeg_destroy_compress(&cinfo);
+ 	gdFree(row);
++	return 0;
+ }
+ 
+ 
+Index: libgd-2.2.5/src/gd_wbmp.c
+===================================================================
+--- libgd-2.2.5.orig/src/gd_wbmp.c	2017-08-30 13:05:54.000000000 +0200
++++ libgd-2.2.5/src/gd_wbmp.c	2019-01-31 09:47:44.707693815 +0100
+@@ -88,6 +88,8 @@ int gd_getin(void *in)
+ 	return (gdGetC((gdIOCtx *)in));
+ }
+ 
++static int _gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out);
++
+ /*
+ 	Function: gdImageWBMPCtx
+ 
+@@ -101,13 +103,19 @@ int gd_getin(void *in)
+ */
+ BGD_DECLARE(void) gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out)
+ {
++	_gdImageWBMPCtx(image, fg, out);
++}
++
++/* returns 0 on success, 1 on failure */
++static int _gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out)
++{
+ 	int x, y, pos;
+ 	Wbmp *wbmp;
+ 
+ 	/* create the WBMP */
+ 	if((wbmp = createwbmp(gdImageSX(image), gdImageSY(image), WBMP_WHITE)) == NULL) {
+ 		gd_error("Could not create WBMP\n");
+-		return;
++		return 1;
+ 	}
+ 
+ 	/* fill up the WBMP structure */
+@@ -123,11 +131,15 @@ BGD_DECLARE(void) gdImageWBMPCtx(gdImage
+ 
+ 	/* write the WBMP to a gd file descriptor */
+ 	if(writewbmp(wbmp, &gd_putout, out)) {
++		freewbmp(wbmp);
+ 		gd_error("Could not save WBMP\n");
++		return 1;
+ 	}
+ 
+ 	/* des submitted this bugfix: gdFree the memory. */
+ 	freewbmp(wbmp);
++
++	return 0;
+ }
+ 
+ /*
+@@ -271,8 +283,11 @@ BGD_DECLARE(void *) gdImageWBMPPtr(gdIma
+ 	void *rv;
+ 	gdIOCtx *out = gdNewDynamicCtx(2048, NULL);
+ 	if (out == NULL) return NULL;
+-	gdImageWBMPCtx(im, fg, out);
+-	rv = gdDPExtractData(out, size);
++	if (!_gdImageWBMPCtx(im, fg, out)) {
++		rv = gdDPExtractData(out, size);
++	} else {
++		rv = NULL;
++	}
+ 	out->gd_free(out);
+ 	return rv;
+ }


More information about the arch-commits mailing list