update to 2.3.2
This commit is contained in:
zhouwenpei
parent
060ea20931
commit
15501ea83e
@ -1,30 +0,0 @@
|
||||
From 8b111b2b4a4842179be66db68d84dda91a246032 Mon Sep 17 00:00:00 2001
|
||||
From: maryam ebrahimzadeh <maryam.ebr@student.sharif.edu>
|
||||
Date: Mon, 19 Jul 2021 10:07:13 +0430
|
||||
Subject: [PATCH 1/1] fix read out-of-bands in reading tga header file
|
||||
https://github.com/libgd/libgd/commit/8b111b2b4a4842179be66db68d84dda91a246032
|
||||
|
||||
---
|
||||
src/gd_tga.c | 6 +++++-
|
||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/gd_tga.c b/src/gd_tga.c
|
||||
index cae9428..286febb 100644
|
||||
--- a/src/gd_tga.c
|
||||
+++ b/src/gd_tga.c
|
||||
@@ -191,7 +191,11 @@ int read_header_tga(gdIOCtx *ctx, oTga *tga)
|
||||
return -1;
|
||||
}
|
||||
|
||||
- gdGetBuf(tga->ident, tga->identsize, ctx);
|
||||
+
|
||||
+ if (gdGetBuf(tga->ident, tga->identsize, ctx) != tga->identsize) {
|
||||
+ gd_error("fail to read header ident");
|
||||
+ return -1;
|
||||
+ }
|
||||
}
|
||||
|
||||
return 1;
|
||||
--
|
||||
2.30.2
|
||||
|
||||
@ -1,77 +0,0 @@
|
||||
From e95059590fadaabd9aadc0c0489804d75a3c5d52 Mon Sep 17 00:00:00 2001
|
||||
From: maryam ebrahimzadeh <maryam.ebr@student.sharif.edu>
|
||||
Date: Mon, 19 Jul 2021 18:52:50 +0430
|
||||
Subject: [PATCH 1/3] gdImageGd2Ptr memory leak
|
||||
|
||||
Conflict:NA
|
||||
Reference:https://github.com/libgd/libgd/commit/c5fd25ce0e48fd5618a972ca9f5e28d6d62006af
|
||||
---
|
||||
src/gd_gd2.c | 18 +++++++++++++++---
|
||||
1 file changed, 15 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/gd_gd2.c b/src/gd_gd2.c
|
||||
index 760e85b..0b7e624 100644
|
||||
--- a/src/gd_gd2.c
|
||||
+++ b/src/gd_gd2.c
|
||||
@@ -910,9 +910,11 @@ _gd2PutHeader (gdImagePtr im, gdIOCtx * out, int cs, int fmt, int cx, int cy)
|
||||
|
||||
}
|
||||
|
||||
-static void
|
||||
+/* returns 0 on success, 1 on failure */
|
||||
+static int
|
||||
_gdImageGd2 (gdImagePtr im, gdIOCtx * out, int cs, int fmt)
|
||||
{
|
||||
+ int ret = 0;
|
||||
int ncx, ncy, cx, cy;
|
||||
int x, y, ylo, yhi, xlo, xhi;
|
||||
int chunkLen;
|
||||
@@ -974,10 +976,12 @@ _gdImageGd2 (gdImagePtr im, gdIOCtx * out, int cs, int fmt)
|
||||
/* */
|
||||
chunkData = gdCalloc (cs * bytesPerPixel * cs, 1);
|
||||
if (!chunkData) {
|
||||
+ ret = 1;
|
||||
goto fail;
|
||||
}
|
||||
compData = gdCalloc (compMax, 1);
|
||||
if (!compData) {
|
||||
+ ret = 1;
|
||||
goto fail;
|
||||
}
|
||||
|
||||
@@ -992,6 +996,7 @@ _gdImageGd2 (gdImagePtr im, gdIOCtx * out, int cs, int fmt)
|
||||
|
||||
chunkIdx = gdCalloc (idxSize * sizeof (t_chunk_info), 1);
|
||||
if (!chunkIdx) {
|
||||
+ ret = 1;
|
||||
goto fail;
|
||||
}
|
||||
};
|
||||
@@ -1106,6 +1111,8 @@ fail:
|
||||
gdFree (chunkIdx);
|
||||
}
|
||||
GD2_DBG (printf ("Done\n"));
|
||||
+
|
||||
+ return ret;
|
||||
|
||||
}
|
||||
|
||||
@@ -1128,8 +1135,13 @@ BGD_DECLARE(void *) gdImageGd2Ptr (gdImagePtr im, int cs, int fmt, int *size)
|
||||
void *rv;
|
||||
gdIOCtx *out = gdNewDynamicCtx (2048, NULL);
|
||||
if (out == NULL) return NULL;
|
||||
- _gdImageGd2 (im, out, cs, fmt);
|
||||
- rv = gdDPExtractData (out, size);
|
||||
+
|
||||
+ if (_gdImageGd2(im, out, cs, fmt)) {
|
||||
+ rv = NULL;
|
||||
+ } else {
|
||||
+ rv = gdDPExtractData(out, size);
|
||||
+ }
|
||||
+
|
||||
out->gd_free (out);
|
||||
return rv;
|
||||
}
|
||||
--
|
||||
2.27.0
|
||||
|
||||
@ -1,82 +0,0 @@
|
||||
From e5c84f0b7a2e2cef8d8630bd8c26a2f859e959ff Mon Sep 17 00:00:00 2001
|
||||
From: Pierre Joye <pierre.php@gmail.com>
|
||||
Date: Tue, 7 Sep 2021 22:03:21 +0700
|
||||
Subject: [PATCH 1/2] Partial fix for #750
|
||||
|
||||
Conflict:NA
|
||||
Reference:https://github.com/libgd/libgd/commit/6f5136821be86e7068fcdf651ae9420b5d42e9a9
|
||||
|
||||
---
|
||||
src/gd_bmp.c | 15 +++++++++++----
|
||||
src/gd_webp.c | 7 ++++++-
|
||||
2 files changed, 17 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/src/gd_bmp.c b/src/gd_bmp.c
|
||||
index e186ac9..ab56a3e 100644
|
||||
--- a/src/gd_bmp.c
|
||||
+++ b/src/gd_bmp.c
|
||||
@@ -30,6 +30,7 @@
|
||||
#include <stdlib.h>
|
||||
#include "gd.h"
|
||||
#include "gdhelpers.h"
|
||||
+#include "gd_errors.h"
|
||||
#include "bmp.h"
|
||||
|
||||
static int compress_row(unsigned char *uncompressed_row, int length);
|
||||
@@ -265,8 +266,11 @@ static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
|
||||
}
|
||||
bitmap_size += compressed_size;
|
||||
|
||||
-
|
||||
- gdPutBuf(uncompressed_row, compressed_size, out);
|
||||
+ if (gdPutBuf(uncompressed_row, compressed_size, out) != compressed_size){
|
||||
+ gd_error("gd-bmp write error\n");
|
||||
+ error = 1;
|
||||
+ break;
|
||||
+ }
|
||||
gdPutC(BMP_RLE_COMMAND, out);
|
||||
gdPutC(BMP_RLE_ENDOFLINE, out);
|
||||
bitmap_size += 2;
|
||||
@@ -325,7 +329,10 @@ static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
|
||||
if (buffer_size == 0) {
|
||||
break;
|
||||
}
|
||||
- gdPutBuf(copy_buffer , buffer_size, out_original);
|
||||
+ if (gdPutBuf(copy_buffer , buffer_size, out_original) != buffer_size) {
|
||||
+ gd_error("gd-bmp write error\n");
|
||||
+ error = 1;
|
||||
+ }
|
||||
}
|
||||
gdFree(copy_buffer);
|
||||
|
||||
@@ -335,7 +342,7 @@ static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
|
||||
out_original = NULL;
|
||||
}
|
||||
|
||||
- ret = 0;
|
||||
+ ret = error;
|
||||
cleanup:
|
||||
if (tmpfile_for_compression) {
|
||||
#ifdef _WIN32
|
||||
diff --git a/src/gd_webp.c b/src/gd_webp.c
|
||||
index a0b4787..af0bf2c 100644
|
||||
--- a/src/gd_webp.c
|
||||
+++ b/src/gd_webp.c
|
||||
@@ -223,8 +223,13 @@ static int _gdImageWebpCtx (gdImagePtr im, gdIOCtx * outfile, int quality)
|
||||
ret = 1;
|
||||
goto freeargb;
|
||||
}
|
||||
- gdPutBuf(out, out_size, outfile);
|
||||
+
|
||||
+ int res = gdPutBuf(out, out_size, outfile);
|
||||
free(out);
|
||||
+ if (res != out_size) {
|
||||
+ gd_error("gd-webp write error\n");
|
||||
+ ret = 1;
|
||||
+ }
|
||||
|
||||
freeargb:
|
||||
gdFree(argb);
|
||||
--
|
||||
2.27.0
|
||||
|
||||
13
gd.spec
13
gd.spec
@ -1,6 +1,6 @@
|
||||
Name: gd
|
||||
Version: 2.3.2
|
||||
Release: 2
|
||||
Version: 2.3.3
|
||||
Release: 1
|
||||
Summary: A graphics library for quick creation of PNG or JPEG images
|
||||
License: MIT
|
||||
URL: http://libgd.github.io/
|
||||
@ -9,10 +9,6 @@ Source0: https://github.com/libgd/libgd/releases/download/gd-%{version}/l
|
||||
# Missing, temporary workaround, fixed upstream for next version
|
||||
Source1: https://raw.githubusercontent.com/libgd/libgd/gd-%{version}/config/getlib.sh
|
||||
|
||||
Patch6000: backport-CVE-2021-38115.patch
|
||||
Patch6001: backport-CVE-2021-40812.patch
|
||||
Patch6002: backport-CVE-2021-40145.patch
|
||||
|
||||
BuildRequires: freetype-devel fontconfig-devel gettext-devel libjpeg-devel libpng-devel libtiff-devel libwebp-devel
|
||||
BuildRequires: libX11-devel libXpm-devel zlib-devel pkgconfig libtool perl-interpreter perl-generators liberation-sans-fonts
|
||||
|
||||
@ -82,7 +78,7 @@ export CFLAGS="$CFLAGS -ffp-contract=off"
|
||||
%make_install
|
||||
|
||||
%check
|
||||
export XFAIL_TESTS
|
||||
export TMPDIR=/tmp
|
||||
make check
|
||||
|
||||
grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc
|
||||
@ -111,6 +107,9 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc
|
||||
%exclude %{_libdir}/libgd.a
|
||||
|
||||
%changelog
|
||||
* Sat Oct 29 2022 zhouwenpei <zhouwenpei1@h-partners.com> - 2.3.3-1
|
||||
- update to 2.3.3
|
||||
|
||||
* Fri Apr 08 2022 dongyuzhen <dongyuzhen@h-partners.com> - 2.3.2-2
|
||||
- fix CVE-2021-40145
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
#!/bin/sh
|
||||
|
||||
GETVER="${0%/*}/getver.pl"
|
||||
GETVER="${0%/*}/getver.sh"
|
||||
GDLIB_MAJOR=$("${GETVER}" MAJOR)
|
||||
GDLIB_MINOR=$("${GETVER}" MINOR)
|
||||
GDLIB_REVISION=$("${GETVER}" RELEASE)
|
||||
|
||||
Binary file not shown.
BIN
libgd-2.3.3.tar.xz
Normal file
BIN
libgd-2.3.3.tar.xz
Normal file
Binary file not shown.
Loading…
x
Reference in New Issue
Block a user