summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMax Rees <maxcrees@me.com>2020-03-03 13:44:15 +0000
committerMax Rees <maxcrees@me.com>2020-03-09 21:27:45 -0500
commitc343566407755f9eb65e10b6a4dfe165a28330b6 (patch)
tree6aeaecd9e349d93a6ad7c3d62f82ed448d26d806
parent3c2bf265c6afba11823913a0d8f018782985f8d4 (diff)
downloadpackages-c343566407755f9eb65e10b6a4dfe165a28330b6.tar.gz
packages-c343566407755f9eb65e10b6a4dfe165a28330b6.tar.bz2
packages-c343566407755f9eb65e10b6a4dfe165a28330b6.tar.xz
packages-c343566407755f9eb65e10b6a4dfe165a28330b6.zip
user/libgd: patch CVE-2018-14553 (#240)
-rw-r--r--user/libgd/APKBUILD16
-rw-r--r--user/libgd/CVE-2018-14553.patch99
2 files changed, 112 insertions, 3 deletions
diff --git a/user/libgd/APKBUILD b/user/libgd/APKBUILD
index 27de81126..2a537dfca 100644
--- a/user/libgd/APKBUILD
+++ b/user/libgd/APKBUILD
@@ -2,20 +2,22 @@
# Maintainer:
pkgname=libgd
pkgver=2.2.5
-pkgrel=1
+pkgrel=2
pkgdesc="Library for dynamic image creation"
url="http://libgd.github.io/"
arch="all"
options="!check" # Upstream bug 201 regression.
license="MIT"
depends=""
-makedepends="bash fontconfig-dev freetype-dev libjpeg-turbo-dev libpng-dev
- libwebp-dev zlib-dev"
+makedepends="autoconf automake bash fontconfig-dev freetype-dev
+ libjpeg-turbo-dev libpng-dev libtool libwebp-dev tiff-dev zlib-dev
+ "
subpackages="$pkgname-dev"
replaces="gd"
source="https://github.com/$pkgname/$pkgname/releases/download/gd-$pkgver/$pkgname-$pkgver.tar.xz
CVE-2016-7568.patch
CVE-2018-5711.patch
+ CVE-2018-14553.patch
CVE-2018-1000222.patch
CVE-2019-6977.patch
CVE-2019-6978.patch
@@ -27,6 +29,13 @@ source="https://github.com/$pkgname/$pkgname/releases/download/gd-$pkgver/$pkgna
# - CVE-2018-1000222
# - CVE-2019-6977
# - CVE-2019-6978
+# 2.2.5-r2:
+# - CVE-2018-14553
+
+prepare() {
+ default_prepare
+ autoreconf -vif
+}
build() {
./configure \
@@ -58,6 +67,7 @@ dev() {
sha512sums="e4598e17a277a75e02255402182cab139cb3f2cffcd68ec05cc10bbeaf6bc7aa39162c3445cd4a7efc1a26b72b9152bbedb187351e3ed099ea51767319997a6b libgd-2.2.5.tar.xz
8310d11a2398e8617c9defc4500b9ce3897ac1026002ffa36000f1d1f8df19336005e8c1f6587533f1d787a4a54d7a3a28ad25bddbc966a018aedf4d8704a716 CVE-2016-7568.patch
d6577566814cbe2d93b141a4216b32acdeb2989dc1712eb137565081b913151bbb4c69911c96b2bb7c90695078a85152d368aad183de494d1283fde25021751b CVE-2018-5711.patch
+353491fab6c6e0916dca910c9d14f0e0efab6d9d88c48f6f3f2f69e60312489039b25d26980e7c5c2c04ed9e56003b99eae77bd412fbbed1d8eb47d561f7af74 CVE-2018-14553.patch
d12462f1b159d50b9032435e9767a5d76e1797a88be950ed33dda7aa17005b7cb60560d04b9520e46d8111e1669d42ce28cb2c508f9c8825d545ac0335d2a10b CVE-2018-1000222.patch
df84e469515f684d79ebad163e137401627310a984ac1ae6a4d31b739b3dc6d9144f101e9bfc3211af1d7cdbaa827721d21a9fe528e69b9b60a943ec8a7ab74b CVE-2019-6977.patch
3bf31941365a878bef899afa14a89e4ad0fbfb3280d34b2118c8484698e15eff600751ae3ce146a4f006e6c21730cb18899bae3538f6cc2651025274b40cf1ca CVE-2019-6978.patch"
diff --git a/user/libgd/CVE-2018-14553.patch b/user/libgd/CVE-2018-14553.patch
new file mode 100644
index 000000000..7510101d1
--- /dev/null
+++ b/user/libgd/CVE-2018-14553.patch
@@ -0,0 +1,99 @@
+From a93eac0e843148dc2d631c3ba80af17e9c8c860f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?F=C3=A1bio=20Cabral=20Pacheco?= <fcabralpacheco@gmail.com>
+Date: Fri, 20 Dec 2019 12:03:33 -0300
+Subject: [PATCH] Fix potential NULL pointer dereference in gdImageClone()
+
+---
+ src/gd.c | 9 +--------
+ tests/gdimageclone/CMakeLists.txt | 1 +
+ tests/gdimageclone/Makemodule.am | 3 ++-
+ tests/gdimageclone/style.c | 30 ++++++++++++++++++++++++++++++
+ 5 files changed, 35 insertions(+), 9 deletions(-)
+ create mode 100644 tests/gdimageclone/style.c
+
+diff --git a/src/gd.c b/src/gd.c
+index 592a0286..d564d1f9 100644
+--- a/src/gd.c
++++ b/src/gd.c
+@@ -2865,14 +2865,6 @@ BGD_DECLARE(gdImagePtr) gdImageClone (gdImagePtr src) {
+ }
+ }
+
+- if (src->styleLength > 0) {
+- dst->styleLength = src->styleLength;
+- dst->stylePos = src->stylePos;
+- for (i = 0; i < src->styleLength; i++) {
+- dst->style[i] = src->style[i];
+- }
+- }
+-
+ dst->interlace = src->interlace;
+
+ dst->alphaBlendingFlag = src->alphaBlendingFlag;
+@@ -2907,6 +2899,7 @@ BGD_DECLARE(gdImagePtr) gdImageClone (gdImagePtr src) {
+
+ if (src->style) {
+ gdImageSetStyle(dst, src->style, src->styleLength);
++ dst->stylePos = src->stylePos;
+ }
+
+ for (i = 0; i < gdMaxColors; i++) {
+diff --git a/tests/gdimageclone/CMakeLists.txt b/tests/gdimageclone/CMakeLists.txt
+index e6ccc318..662f4e96 100644
+--- a/tests/gdimageclone/CMakeLists.txt
++++ b/tests/gdimageclone/CMakeLists.txt
+@@ -1,5 +1,6 @@
+ LIST(APPEND TESTS_FILES
+ bug00300
++ style
+ )
+
+ ADD_GD_TESTS()
+diff --git a/tests/gdimageclone/Makemodule.am b/tests/gdimageclone/Makemodule.am
+index 4b1b54c0..51abf5c1 100644
+--- a/tests/gdimageclone/Makemodule.am
++++ b/tests/gdimageclone/Makemodule.am
+@@ -1,5 +1,6 @@
+ libgd_test_programs += \
+- gdimageclone/bug00300
++ gdimageclone/bug00300 \
++ gdimageclone/style
+
+ EXTRA_DIST += \
+ gdimageclone/CMakeLists.txt
+diff --git a/tests/gdimageclone/style.c b/tests/gdimageclone/style.c
+new file mode 100644
+index 00000000..c2b246ed
+--- /dev/null
++++ b/tests/gdimageclone/style.c
+@@ -0,0 +1,30 @@
++/**
++ * Cloning an image should exactly reproduce all style related data
++ */
++
++
++#include <string.h>
++#include "gd.h"
++#include "gdtest.h"
++
++
++int main()
++{
++ gdImagePtr im, clone;
++ int style[] = {0, 0, 0};
++
++ im = gdImageCreate(8, 8);
++ gdImageSetStyle(im, style, sizeof(style)/sizeof(style[0]));
++
++ clone = gdImageClone(im);
++ gdTestAssert(clone != NULL);
++
++ gdTestAssert(clone->styleLength == im->styleLength);
++ gdTestAssert(clone->stylePos == im->stylePos);
++ gdTestAssert(!memcmp(clone->style, im->style, sizeof(style)/sizeof(style[0])));
++
++ gdImageDestroy(clone);
++ gdImageDestroy(im);
++
++ return gdNumFailures();
++}