[arch-commits] Commit in gd/trunk (5 files)
Date: Monday, March 23, 2020 @ 18:43:46 Author: pierre Revision: 378409 upgpkg: gd 2.3.0-1 Modified: gd/trunk/PKGBUILD Deleted: gd/trunk/gd-CVE-2018-1000222.patch gd/trunk/gd-CVE-2018-5711.patch gd/trunk/gd-CVE-2019-6977.patch gd/trunk/gd-CVE-2019-6978.patch ---+ PKGBUILD | 27 +- gd-CVE-2018-1000222.patch | 64 --- gd-CVE-2018-5711.patch| 37 gd-CVE-2019-6977.patch| 15 --- gd-CVE-2019-6978.patch| 187 5 files changed, 7 insertions(+), 323 deletions(-) Modified: PKGBUILD === --- PKGBUILD2020-03-23 14:29:59 UTC (rev 378408) +++ PKGBUILD2020-03-23 18:43:46 UTC (rev 378409) @@ -1,8 +1,8 @@ # Maintainer: Pierre Schmitz pkgname=gd -pkgver=2.2.5 -pkgrel=2 +pkgver=2.3.0 +pkgrel=1 pkgdesc="Library for the dynamic creation of images by programmers" arch=('x86_64') url="https://libgd.github.io/; @@ -10,27 +10,12 @@ depends=('fontconfig' 'libxpm' 'libwebp') optdepends=('perl: bdftogd script') checkdepends=('ttf-liberation') -source=("https://github.com/libgd/libgd/releases/download/gd-${pkgver}/libgd-${pkgver}.tar.xz; -'gd-CVE-2018-1000222.patch' 'gd-CVE-2018-5711.patch' -'gd-CVE-2019-6977.patch' 'gd-CVE-2019-6978.patch') -sha1sums=('b777b005c401b6fa310ccf09eeb29f6c6e17ab2c' - 'f17097d44735face67cf5eb3c85878f45d0f72c9' - '4a4c0acc19ee4d5ceb6dd8b090b65381a39bf18e' - 'bd2444b04cf648d9bc60268f0c890c5950a46d36' - 'fc04932562f7a806a6041605bde43976c173a646') +source=("https://github.com/libgd/libgd/releases/download/gd-${pkgver}/libgd-${pkgver}.tar.xz;) +sha1sums=('ec75c84aa6326a7ade3302d5c18471f440b2ca1e') -prepare() { +build() { cd libgd-${pkgver} - # security patches from openSUSE: - # https://build.opensuse.org/package/show/openSUSE:Factory/gd - patch -p1 -i "${srcdir}/gd-CVE-2018-1000222.patch" - patch -p1 -i "${srcdir}/gd-CVE-2018-5711.patch" - patch -p1 -i "${srcdir}/gd-CVE-2019-6977.patch" - patch -p1 -i "${srcdir}/gd-CVE-2019-6978.patch" -} -build() { - cd libgd-${pkgver} ./configure \ --prefix=/usr \ --disable-rpath @@ -39,11 +24,13 @@ check() { cd libgd-${pkgver} + make check } package() { cd libgd-${pkgver} + make DESTDIR="${pkgdir}" install install -D -m644 COPYING "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" } Deleted: gd-CVE-2018-1000222.patch === --- gd-CVE-2018-1000222.patch 2020-03-23 14:29:59 UTC (rev 378408) +++ gd-CVE-2018-1000222.patch 2020-03-23 18:43:46 UTC (rev 378409) @@ -1,64 +0,0 @@ -diff --git a/src/gd_bmp.c b/src/gd_bmp.c -index bde0b9d3..78f40d9a 100644 a/src/gd_bmp.c -+++ b/src/gd_bmp.c -@@ -47,6 +47,8 @@ static int bmp_read_4bit(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info, bmp - static int bmp_read_8bit(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info, bmp_hdr_t *header); - static int bmp_read_rle(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info); - -+static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression); -+ - #define BMP_DEBUG(s) - - static int gdBMPPutWord(gdIOCtx *out, int w) -@@ -87,8 +89,10 @@ BGD_DECLARE(void *) gdImageBmpPtr(gdImagePtr im, int *size, int compression) - void *rv; - gdIOCtx *out = gdNewDynamicCtx(2048, NULL); - if (out == NULL) return NULL; -- gdImageBmpCtx(im, out, compression); -- rv = gdDPExtractData(out, size); -+ if (!_gdImageBmpCtx(im, out, compression)) -+ rv = gdDPExtractData(out, size); -+ else -+ rv = NULL; - out->gd_free(out); - return rv; - } -@@ -141,6 +145,11 @@ BGD_DECLARE(void) gdImageBmp(gdImagePtr im, FILE *outFile, int compression) - compression - whether to apply RLE or not. - */ - BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) -+{ -+ _gdImageBmpCtx(im, out, compression); -+} -+ -+static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) - { - int bitmap_size = 0, info_size, total_size, padding; - int i, row, xpos, pixel; -@@ -148,6 +157,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) - unsigned char *uncompressed_row = NULL, *uncompressed_row_start = NULL; - FILE *tmpfile_for_compression = NULL; - gdIOCtxPtr out_original = NULL; -+ int ret = 1; - - /* No compression if its true colour or we don't support seek */ - if (im->trueColor) { -@@ -325,6 +335,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) - out_original = NULL; - } - -+ ret = 0; - cleanup: - if (tmpfile_for_compression) { - #ifdef _WIN32 -@@ -338,7 +349,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) -
[arch-commits] Commit in gd/trunk (5 files)
Date: Sunday, May 12, 2019 @ 09:04:13 Author: pierre Revision: 352911 Fix several security issues Unfortunately upstream does not provide updated releases Added: gd/trunk/gd-CVE-2018-1000222.patch gd/trunk/gd-CVE-2018-5711.patch gd/trunk/gd-CVE-2019-6977.patch gd/trunk/gd-CVE-2019-6978.patch Modified: gd/trunk/PKGBUILD ---+ PKGBUILD | 25 - gd-CVE-2018-1000222.patch | 64 +++ gd-CVE-2018-5711.patch| 37 gd-CVE-2019-6977.patch| 15 +++ gd-CVE-2019-6978.patch| 187 5 files changed, 323 insertions(+), 5 deletions(-) Modified: PKGBUILD === --- PKGBUILD2019-05-12 06:56:40 UTC (rev 352910) +++ PKGBUILD2019-05-12 09:04:13 UTC (rev 352911) @@ -2,7 +2,7 @@ pkgname=gd pkgver=2.2.5 -pkgrel=1 +pkgrel=2 pkgdesc="Library for the dynamic creation of images by programmers" arch=('x86_64') url="https://libgd.github.io/; @@ -10,9 +10,25 @@ depends=('fontconfig' 'libxpm' 'libwebp') optdepends=('perl: bdftogd script') checkdepends=('ttf-liberation') -source=("https://github.com/libgd/libgd/releases/download/gd-${pkgver}/libgd-${pkgver}.tar.xz;) -md5sums=('8d8d6a6189513ecee6e893b1fb109bf8') +source=("https://github.com/libgd/libgd/releases/download/gd-${pkgver}/libgd-${pkgver}.tar.xz; +'gd-CVE-2018-1000222.patch' 'gd-CVE-2018-5711.patch' +'gd-CVE-2019-6977.patch' 'gd-CVE-2019-6978.patch') +sha1sums=('b777b005c401b6fa310ccf09eeb29f6c6e17ab2c' + 'f17097d44735face67cf5eb3c85878f45d0f72c9' + '4a4c0acc19ee4d5ceb6dd8b090b65381a39bf18e' + 'bd2444b04cf648d9bc60268f0c890c5950a46d36' + 'fc04932562f7a806a6041605bde43976c173a646') +prepare() { + cd libgd-${pkgver} + # security patches from openSUSE: + # https://build.opensuse.org/package/show/openSUSE:Factory/gd + patch -p1 -i "${srcdir}/gd-CVE-2018-1000222.patch" + patch -p1 -i "${srcdir}/gd-CVE-2018-5711.patch" + patch -p1 -i "${srcdir}/gd-CVE-2019-6977.patch" + patch -p1 -i "${srcdir}/gd-CVE-2019-6978.patch" +} + build() { cd libgd-${pkgver} ./configure \ @@ -23,8 +39,7 @@ check() { cd libgd-${pkgver} - # see https://github.com/libgd/libgd/issues/302 - [[ ${CARCH} == 'i686' ]] || FREETYPE_PROPERTIES='truetype:interpreter-version=35' make check + make check } package() { Added: gd-CVE-2018-1000222.patch === --- gd-CVE-2018-1000222.patch (rev 0) +++ gd-CVE-2018-1000222.patch 2019-05-12 09:04:13 UTC (rev 352911) @@ -0,0 +1,64 @@ +diff --git a/src/gd_bmp.c b/src/gd_bmp.c +index bde0b9d3..78f40d9a 100644 +--- a/src/gd_bmp.c b/src/gd_bmp.c +@@ -47,6 +47,8 @@ static int bmp_read_4bit(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info, bmp + static int bmp_read_8bit(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info, bmp_hdr_t *header); + static int bmp_read_rle(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info); + ++static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression); ++ + #define BMP_DEBUG(s) + + static int gdBMPPutWord(gdIOCtx *out, int w) +@@ -87,8 +89,10 @@ BGD_DECLARE(void *) gdImageBmpPtr(gdImagePtr im, int *size, int compression) + void *rv; + gdIOCtx *out = gdNewDynamicCtx(2048, NULL); + if (out == NULL) return NULL; +- gdImageBmpCtx(im, out, compression); +- rv = gdDPExtractData(out, size); ++ if (!_gdImageBmpCtx(im, out, compression)) ++ rv = gdDPExtractData(out, size); ++ else ++ rv = NULL; + out->gd_free(out); + return rv; + } +@@ -141,6 +145,11 @@ BGD_DECLARE(void) gdImageBmp(gdImagePtr im, FILE *outFile, int compression) + compression - whether to apply RLE or not. + */ + BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) ++{ ++ _gdImageBmpCtx(im, out, compression); ++} ++ ++static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) + { + int bitmap_size = 0, info_size, total_size, padding; + int i, row, xpos, pixel; +@@ -148,6 +157,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) + unsigned char *uncompressed_row = NULL, *uncompressed_row_start = NULL; + FILE *tmpfile_for_compression = NULL; + gdIOCtxPtr out_original = NULL; ++ int ret = 1; + + /* No compression if its true colour or we don't support seek */ + if (im->trueColor) { +@@ -325,6 +335,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) + out_original = NULL; + } + ++ ret = 0; + cleanup: + if (tmpfile_for_compression) { + #ifdef _WIN32 +@@ -338,7 +349,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) + if (out_original) { +