1 |
commit: 04cf9aa3bf7e0746e85461c3c56d9f9a95ce6fba |
2 |
Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> |
3 |
AuthorDate: Fri Sep 14 19:11:20 2018 +0000 |
4 |
Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Sep 14 19:15:47 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=04cf9aa3 |
7 |
|
8 |
media-libs/gd: Fix CVE-2018-1000222 |
9 |
|
10 |
Thanks-to: Eddie Chapman <maracay <AT> ehuk.net> |
11 |
Bug: https://bugs.gentoo.org/664732 |
12 |
Package-Manager: Portage-2.3.49, Repoman-2.3.10 |
13 |
|
14 |
.../gd/files/gd-2.2.5-CVE-2018-1000222.patch | 73 ++++++++++++++++++++++ |
15 |
media-libs/gd/gd-2.2.5-r1.ebuild | 64 +++++++++++++++++++ |
16 |
2 files changed, 137 insertions(+) |
17 |
|
18 |
diff --git a/media-libs/gd/files/gd-2.2.5-CVE-2018-1000222.patch b/media-libs/gd/files/gd-2.2.5-CVE-2018-1000222.patch |
19 |
new file mode 100644 |
20 |
index 00000000000..80f9712bf8e |
21 |
--- /dev/null |
22 |
+++ b/media-libs/gd/files/gd-2.2.5-CVE-2018-1000222.patch |
23 |
@@ -0,0 +1,73 @@ |
24 |
+From ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5 Mon Sep 17 00:00:00 2001 |
25 |
+From: Mike Frysinger <vapier@g.o> |
26 |
+Date: Sat, 14 Jul 2018 13:54:08 -0400 |
27 |
+Subject: [PATCH] bmp: check return value in gdImageBmpPtr |
28 |
+ |
29 |
+Closes #447. |
30 |
+--- |
31 |
+ src/gd_bmp.c | 17 ++++++++++++++--- |
32 |
+ 1 file changed, 14 insertions(+), 3 deletions(-) |
33 |
+ |
34 |
+diff --git a/src/gd_bmp.c b/src/gd_bmp.c |
35 |
+index bde0b9d3..78f40d9a 100644 |
36 |
+--- a/src/gd_bmp.c |
37 |
++++ b/src/gd_bmp.c |
38 |
+@@ -47,6 +47,8 @@ static int bmp_read_4bit(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info, bmp |
39 |
+ static int bmp_read_8bit(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info, bmp_hdr_t *header); |
40 |
+ static int bmp_read_rle(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info); |
41 |
+ |
42 |
++static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression); |
43 |
++ |
44 |
+ #define BMP_DEBUG(s) |
45 |
+ |
46 |
+ static int gdBMPPutWord(gdIOCtx *out, int w) |
47 |
+@@ -87,8 +89,10 @@ BGD_DECLARE(void *) gdImageBmpPtr(gdImagePtr im, int *size, int compression) |
48 |
+ void *rv; |
49 |
+ gdIOCtx *out = gdNewDynamicCtx(2048, NULL); |
50 |
+ if (out == NULL) return NULL; |
51 |
+- gdImageBmpCtx(im, out, compression); |
52 |
+- rv = gdDPExtractData(out, size); |
53 |
++ if (!_gdImageBmpCtx(im, out, compression)) |
54 |
++ rv = gdDPExtractData(out, size); |
55 |
++ else |
56 |
++ rv = NULL; |
57 |
+ out->gd_free(out); |
58 |
+ return rv; |
59 |
+ } |
60 |
+@@ -141,6 +145,11 @@ BGD_DECLARE(void) gdImageBmp(gdImagePtr im, FILE *outFile, int compression) |
61 |
+ compression - whether to apply RLE or not. |
62 |
+ */ |
63 |
+ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) |
64 |
++{ |
65 |
++ _gdImageBmpCtx(im, out, compression); |
66 |
++} |
67 |
++ |
68 |
++static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) |
69 |
+ { |
70 |
+ int bitmap_size = 0, info_size, total_size, padding; |
71 |
+ int i, row, xpos, pixel; |
72 |
+@@ -148,6 +157,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) |
73 |
+ unsigned char *uncompressed_row = NULL, *uncompressed_row_start = NULL; |
74 |
+ FILE *tmpfile_for_compression = NULL; |
75 |
+ gdIOCtxPtr out_original = NULL; |
76 |
++ int ret = 1; |
77 |
+ |
78 |
+ /* No compression if its true colour or we don't support seek */ |
79 |
+ if (im->trueColor) { |
80 |
+@@ -325,6 +335,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) |
81 |
+ out_original = NULL; |
82 |
+ } |
83 |
+ |
84 |
++ ret = 0; |
85 |
+ cleanup: |
86 |
+ if (tmpfile_for_compression) { |
87 |
+ #ifdef _WIN32 |
88 |
+@@ -338,7 +349,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) |
89 |
+ if (out_original) { |
90 |
+ out_original->gd_free(out_original); |
91 |
+ } |
92 |
+- return; |
93 |
++ return ret; |
94 |
+ } |
95 |
+ |
96 |
+ static int compress_row(unsigned char *row, int length) |
97 |
|
98 |
diff --git a/media-libs/gd/gd-2.2.5-r1.ebuild b/media-libs/gd/gd-2.2.5-r1.ebuild |
99 |
new file mode 100644 |
100 |
index 00000000000..79f1957b3f5 |
101 |
--- /dev/null |
102 |
+++ b/media-libs/gd/gd-2.2.5-r1.ebuild |
103 |
@@ -0,0 +1,64 @@ |
104 |
+# Copyright 1999-2018 Gentoo Foundation |
105 |
+# Distributed under the terms of the GNU General Public License v2 |
106 |
+ |
107 |
+EAPI="6" |
108 |
+ |
109 |
+inherit libtool ltprune multilib-minimal |
110 |
+ |
111 |
+DESCRIPTION="A graphics library for fast image creation" |
112 |
+HOMEPAGE="http://libgd.org/ http://www.boutell.com/gd/" |
113 |
+SRC_URI="https://github.com/libgd/libgd/releases/download/${P}/lib${P}.tar.xz" |
114 |
+ |
115 |
+LICENSE="gd IJG HPND BSD" |
116 |
+SLOT="2/3" |
117 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris" |
118 |
+IUSE="fontconfig jpeg png static-libs tiff truetype webp xpm zlib" |
119 |
+ |
120 |
+# fontconfig has prefixed font paths, details see bug #518970 |
121 |
+REQUIRED_USE="prefix? ( fontconfig )" |
122 |
+ |
123 |
+RDEPEND="fontconfig? ( >=media-libs/fontconfig-2.10.92[${MULTILIB_USEDEP}] ) |
124 |
+ jpeg? ( >=virtual/jpeg-0-r2:0=[${MULTILIB_USEDEP}] ) |
125 |
+ png? ( >=media-libs/libpng-1.6.10:0=[${MULTILIB_USEDEP}] ) |
126 |
+ tiff? ( media-libs/tiff:0[${MULTILIB_USEDEP}] ) |
127 |
+ truetype? ( >=media-libs/freetype-2.5.0.1[${MULTILIB_USEDEP}] ) |
128 |
+ webp? ( media-libs/libwebp:=[${MULTILIB_USEDEP}] ) |
129 |
+ xpm? ( >=x11-libs/libXpm-3.5.10-r1[${MULTILIB_USEDEP}] >=x11-libs/libXt-1.1.4[${MULTILIB_USEDEP}] ) |
130 |
+ zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )" |
131 |
+DEPEND="${RDEPEND} |
132 |
+ >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]" |
133 |
+ |
134 |
+S="${WORKDIR}/lib${P}" |
135 |
+ |
136 |
+PATCHES=( "${FILESDIR}/${P}-CVE-2018-1000222.patch" ) |
137 |
+ |
138 |
+src_prepare() { |
139 |
+ default |
140 |
+ elibtoolize # for shared library on Solaris |
141 |
+} |
142 |
+ |
143 |
+multilib_src_configure() { |
144 |
+ # we aren't actually {en,dis}abling X here ... the configure |
145 |
+ # script uses it just to add explicit -I/-L paths which we |
146 |
+ # don't care about on Gentoo systems. |
147 |
+ local myeconfargs=( |
148 |
+ --disable-werror |
149 |
+ --without-x |
150 |
+ --without-liq |
151 |
+ $(use_enable static-libs static) |
152 |
+ $(use_with fontconfig) |
153 |
+ $(use_with png) |
154 |
+ $(use_with tiff) |
155 |
+ $(use_with truetype freetype) |
156 |
+ $(use_with jpeg) |
157 |
+ $(use_with webp) |
158 |
+ $(use_with xpm) |
159 |
+ $(use_with zlib) |
160 |
+ ) |
161 |
+ ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" |
162 |
+} |
163 |
+ |
164 |
+multilib_src_install_all() { |
165 |
+ dodoc README.md |
166 |
+ prune_libtool_files |
167 |
+} |