OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gd?expand=0&rev=4

gd-png-loop-CVE-2007-2756.patch

@@ -0,0 +1,15 @@
+--- gd_png.c	1 Apr 2007 20:41:01 -0000	1.21.2.1
++++ gd_png.c	16 May 2007 19:06:11 -0000
+@@ -81,7 +81,11 @@ gdPngErrorHandler (png_structp png_ptr, 
+ static void
+ gdPngReadData (png_structp png_ptr, png_bytep data, png_size_t length)
+ {
+-  gdGetBuf (data, length, (gdIOCtx *) png_get_io_ptr (png_ptr));
++  int check;
++  check = gdGetBuf (data, length, (gdIOCtx *) png_get_io_ptr (png_ptr));
++  if (check != length) {
++    png_error(png_ptr, "Read Error: truncated data");
++  }
+ }
+ 
+ static void

gd.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue May 29 17:16:32 CEST 2007 - nadvornik@suse.cz
+
+- fixed infinite loop on truncated png images 
+  CVE-2007-2756 [#276525]
+
 -------------------------------------------------------------------
 Thu May  3 17:54:51 CEST 2007 - prusnak@suse.cz
 

gd.spec

@@ -17,7 +17,7 @@ Group:          System/Libraries
 Obsoletes:      gdlib 
 Autoreqprov:    on
 Version:        2.0.34
-Release:        11
+Release:        21
 URL:            http://www.boutell.com/gd/
 Summary:        A Drawing Library for Programs That Use PNG and JPEG Output
 Source:         gd-%{version}.tar.bz2
@@ -27,6 +27,7 @@ Patch2:         gd-format.patch
 Patch3:         gd-aliasing.patch
 Patch4:         gd-security.patch
 Patch6:         gd-fontpath.patch
+Patch7:         gd-png-loop-CVE-2007-2756.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -68,6 +69,7 @@ Authors:
 %patch3
 %patch4
 %patch6
+%patch7
 
 %build
 %{suse_update_config -f}
@@ -136,6 +138,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/*.la
 
 %changelog
+* Tue May 29 2007 - nadvornik@suse.cz
+- fixed infinite loop on truncated png images
+  CVE-2007-2756 [#276525]
 * Thu May 03 2007 - prusnak@suse.cz
 - changed expat to libexpat-devel in Requires of devel subpackage
 * Tue Feb 20 2007 - nadvornik@suse.cz