pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2015Q1]: pkgsrc/graphics/gd Pullup ticket #4659 - requested by...
details: https://anonhg.NetBSD.org/pkgsrc/rev/c401da77d1bc
branches: pkgsrc-2015Q1
changeset: 649157:c401da77d1bc
user: bsiegert <bsiegert%pkgsrc.org@localhost>
date: Tue Apr 14 18:19:23 2015 +0000
description:
Pullup ticket #4659 - requested by tnn
graphics/gd - security fix
Revisions pulled up:
- graphics/gd/Makefile 1.103
- graphics/gd/distinfo 1.36
- graphics/gd/patches/patch-src_gd__gif__in.c 1.1
---
Module Name: pkgsrc
Committed By: tnn
Date: Sun Apr 12 15:09:33 UTC 2015
Modified Files:
pkgsrc/graphics/gd: Makefile distinfo
Added Files:
pkgsrc/graphics/gd/patches: patch-src_gd__gif__in.c
Log Message:
Upstream patch for overflow in gif parser (CVE-2014-9709)
diffstat:
graphics/gd/Makefile | 4 +-
graphics/gd/distinfo | 3 +-
graphics/gd/patches/patch-src_gd__gif__in.c | 45 +++++++++++++++++++++++++++++
3 files changed, 49 insertions(+), 3 deletions(-)
diffs (77 lines):
diff -r 76439ee8e6ea -r c401da77d1bc graphics/gd/Makefile
--- a/graphics/gd/Makefile Wed Apr 08 20:53:41 2015 +0000
+++ b/graphics/gd/Makefile Tue Apr 14 18:19:23 2015 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.102 2014/12/09 11:42:10 wiz Exp $
+# $NetBSD: Makefile,v 1.102.4.1 2015/04/14 18:19:23 bsiegert Exp $
DISTNAME= libgd-2.1.0
PKGNAME= ${DISTNAME:S/libgd/gd/}
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= graphics
MASTER_SITES= http://cdn.bitbucket.org/libgd/gd-libgd/downloads/
EXTRACT_SUFX= .tar.xz
diff -r 76439ee8e6ea -r c401da77d1bc graphics/gd/distinfo
--- a/graphics/gd/distinfo Wed Apr 08 20:53:41 2015 +0000
+++ b/graphics/gd/distinfo Tue Apr 14 18:19:23 2015 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.35 2013/11/11 21:34:40 dholland Exp $
+$NetBSD: distinfo,v 1.35.12.1 2015/04/14 18:19:23 bsiegert Exp $
SHA1 (libgd-2.1.0.tar.xz) = 66c56fc07246b66ba649c83e996fd2085ea2f9e2
RMD160 (libgd-2.1.0.tar.xz) = 3fcdf88e1ca653ffd40ddba607dbc317ca87bf63
@@ -6,3 +6,4 @@
SHA1 (patch-aa) = 00198349dd9cff60f1f5738524096a251057eb16
SHA1 (patch-ab) = 300ffacf47d7421fc9efb7b3fd9e93f011de1b4b
SHA1 (patch-src_gd__bmp.c) = 4db300a26cebae6fb6f14564c5648608d7ed6cc5
+SHA1 (patch-src_gd__gif__in.c) = 4c18302fa45b482b28f5b618681354690eaa9b2d
diff -r 76439ee8e6ea -r c401da77d1bc graphics/gd/patches/patch-src_gd__gif__in.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/gd/patches/patch-src_gd__gif__in.c Tue Apr 14 18:19:23 2015 +0000
@@ -0,0 +1,45 @@
+$NetBSD: patch-src_gd__gif__in.c,v 1.1.2.2 2015/04/14 18:19:23 bsiegert Exp $
+
+CVE-2014-9709
+https://bitbucket.org/libgd/gd-libgd/commits/47eb44b2e90ca88a08dca9f9a1aa9041e9587f43/raw/
+
+From 47eb44b2e90ca88a08dca9f9a1aa9041e9587f43 Mon Sep 17 00:00:00 2001
+From: Remi Collet <fedora%famillecollet.com@localhost>
+Date: Sat, 13 Dec 2014 08:48:18 +0100
+Subject: [PATCH] Fix possible buffer read overflow detected by
+ -fsanitize=address, thanks to Jan Bee
+
+---
+ src/gd_gif_in.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/src/gd_gif_in.c b/src/gd_gif_in.c
+index b3b4ca3..13a663c 100644
+--- src/gd_gif_in.c
++++ src/gd_gif_in.c
+@@ -75,8 +75,10 @@ static struct {
+
+ #define STACK_SIZE ((1<<(MAX_LWZ_BITS))*2)
+
++#define CSD_BUF_SIZE 280
++
+ typedef struct {
+- unsigned char buf[280];
++ unsigned char buf[CSD_BUF_SIZE];
+ int curbit;
+ int lastbit;
+ int done;
+@@ -468,7 +470,12 @@ GetCode_(gdIOCtx *fd, CODE_STATIC_DATA *scd, int code_size, int flag, int *ZeroD
+
+ ret = 0;
+ for (i = scd->curbit, j = 0; j < code_size; ++i, ++j) {
+- ret |= ((scd->buf[i / 8] & (1 << (i % 8))) != 0) << j;
++ if (i < CSD_BUF_SIZE * 8) {
++ ret |= ((scd->buf[i / 8] & (1 << (i % 8))) != 0) << j;
++ } else {
++ ret = -1;
++ break;
++ }
+ }
+
+ scd->curbit += code_size;
Home |
Main Index |
Thread Index |
Old Index