diff options
Diffstat (limited to 'user/libgd')
-rw-r--r-- | user/libgd/APKBUILD | 44 | ||||
-rw-r--r-- | user/libgd/CVE-2016-7568.patch | 33 | ||||
-rw-r--r-- | user/libgd/revert-318-removal-of-macros.patch | 27 |
3 files changed, 59 insertions, 45 deletions
diff --git a/user/libgd/APKBUILD b/user/libgd/APKBUILD index 13f07cfe0..57525510d 100644 --- a/user/libgd/APKBUILD +++ b/user/libgd/APKBUILD @@ -1,24 +1,44 @@ # Contributor: Carlo Landmeter <clandmeter@gmail.com> -# Maintainer: +# Maintainer: Zach van Rijn <me@zv.io> pkgname=libgd -pkgver=2.2.5 -pkgrel=0 +pkgver=2.3.3 +pkgrel=1 pkgdesc="Library for dynamic image creation" url="http://libgd.github.io/" arch="all" -options="!check" # Upstream bug 201 regression. +options="!check" # Multiple test suite failures. Assumes SSE+ math. license="MIT" depends="" -makedepends="bash fontconfig-dev freetype-dev libjpeg-turbo-dev libpng-dev - libwebp-dev zlib-dev" +makedepends="autoconf automake bash fontconfig-dev freetype-dev + libjpeg-turbo-dev libpng-dev libtool libwebp-dev libxpm-dev tiff-dev + zlib-dev + " +# While the fontconfig/basic test checks for what happens if an empty +# fontlist is passed to gdImageStringFT(), there still needs to be at +# least one font installed on the system... +checkdepends="ttf-liberation" subpackages="$pkgname-dev" replaces="gd" source="https://github.com/$pkgname/$pkgname/releases/download/gd-$pkgver/$pkgname-$pkgver.tar.xz - CVE-2016-7568.patch + revert-318-removal-of-macros.patch " +# secfixes: +# 2.3.3-r0: +# - CVE-2019-11038 +# - CVE-2019-6977 +# - CVE-2019-6978 +# 2.2.5-r1: +# - CVE-2018-5711 +# - CVE-2018-1000222 +# - CVE-2019-6977 +# - CVE-2019-6978 +# 2.2.5-r2: +# - CVE-2018-14553 +# 2.3.0-r0: +# - CVE-2019-11038 + build() { - cd "$builddir" ./configure \ --build=$CBUILD \ --host=$CHOST \ @@ -26,17 +46,16 @@ build() { --sysconfdir=/etc \ --mandir=/usr/share/man \ --infodir=/usr/share/info \ + --with-xpm \ --disable-werror make } check() { - cd "$builddir" make check } package() { - cd "$builddir" make DESTDIR="$pkgdir" install } @@ -44,8 +63,9 @@ dev() { default_dev depends="$pkgname perl" replaces="gd-dev" + mkdir -p "$subpkgdir"/usr/bin mv "$pkgdir"/usr/bin/bdftogd "$subpkgdir"/usr/bin } -sha512sums="e4598e17a277a75e02255402182cab139cb3f2cffcd68ec05cc10bbeaf6bc7aa39162c3445cd4a7efc1a26b72b9152bbedb187351e3ed099ea51767319997a6b libgd-2.2.5.tar.xz -8310d11a2398e8617c9defc4500b9ce3897ac1026002ffa36000f1d1f8df19336005e8c1f6587533f1d787a4a54d7a3a28ad25bddbc966a018aedf4d8704a716 CVE-2016-7568.patch" +sha512sums="aa49d4381d604a4360d556419d603df2ffd689a6dcc10f8e5e1d158ddaa3ab89912f6077ca77da4e370055074007971cf6d356ec9bf26dcf39bcff3208bc7e6c libgd-2.3.3.tar.xz +623e312e20f1994c6ae26f7fdac45b0eb7f4e65b83160ca4e22495c37b162b2dbde21ede6aab189e566b8934bb22aafdb80e9263cd87118013233927a2ab3601 revert-318-removal-of-macros.patch" diff --git a/user/libgd/CVE-2016-7568.patch b/user/libgd/CVE-2016-7568.patch deleted file mode 100644 index 56156411e..000000000 --- a/user/libgd/CVE-2016-7568.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 2806adfdc27a94d333199345394d7c302952b95f Mon Sep 17 00:00:00 2001 -From: trylab <trylab@users.noreply.github.com> -Date: Tue, 6 Sep 2016 18:35:32 +0800 -Subject: [PATCH] Fix integer overflow in gdImageWebpCtx - -Integer overflow can be happened in expression gdImageSX(im) * 4 * -gdImageSY(im). It could lead to heap buffer overflow in the following -code. This issue has been reported to the PHP Bug Tracking System. The -proof-of-concept file will be supplied some days later. This issue was -discovered by Ke Liu of Tencent's Xuanwu LAB. ---- - src/gd_webp.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/src/gd_webp.c b/src/gd_webp.c -index 8eb4dee..9886399 100644 ---- a/src/gd_webp.c -+++ b/src/gd_webp.c -@@ -199,6 +199,14 @@ BGD_DECLARE(void) gdImageWebpCtx (gdImagePtr im, gdIOCtx * outfile, int quality) - quality = 80; - } - -+ if (overflow2(gdImageSX(im), 4)) { -+ return; -+ } -+ -+ if (overflow2(gdImageSX(im) * 4, gdImageSY(im))) { -+ return; -+ } -+ - argb = (uint8_t *)gdMalloc(gdImageSX(im) * 4 * gdImageSY(im)); - if (!argb) { - return; diff --git a/user/libgd/revert-318-removal-of-macros.patch b/user/libgd/revert-318-removal-of-macros.patch new file mode 100644 index 000000000..85ea9c05d --- /dev/null +++ b/user/libgd/revert-318-removal-of-macros.patch @@ -0,0 +1,27 @@ +From f4bc1f5c26925548662946ed7cfa473c190a104a Mon Sep 17 00:00:00 2001 +From: Remi Collet <remi@remirepo.net> +Date: Mon, 13 Sep 2021 14:57:52 +0200 +Subject: [PATCH] Revert "Fix #318, these macros are not used as planed, we + have separate functions for each" + +This reverts commit bdc281eadb1d58d5c0c7bbc1125ee4674256df08. +--- + src/gd.h | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/gd.h b/src/gd.h +index 305603952..1ad9e6378 100644 +--- a/src/gd.h ++++ b/src/gd.h +@@ -1604,6 +1604,11 @@ BGD_DECLARE(void) gdImageFlipHorizontal(gdImagePtr im); + BGD_DECLARE(void) gdImageFlipVertical(gdImagePtr im); + BGD_DECLARE(void) gdImageFlipBoth(gdImagePtr im); + ++#define GD_FLIP_HORINZONTAL 1 /* typo, kept for BC */ ++#define GD_FLIP_HORIZONTAL 1 ++#define GD_FLIP_VERTICAL 2 ++#define GD_FLIP_BOTH 3 ++ + /** + * Group: Crop + * |