- security update:

* CVE-2018-5711 [bsc#1076391] + gd-CVE-2018-5711.patch OBS-URL: https://build.opensuse.org/package/show/graphics/gd?expand=0&rev=44
2018-01-22 14:59:43 +00:00 · 2018-01-22 14:59:43 +00:00 · d0aa601a9b
commit d0aa601a9b
parent e845ee2783
3 changed files with 47 additions and 1 deletions
--- a/gd-CVE-2018-5711.patch
+++ b/gd-CVE-2018-5711.patch
@ -0,0 +1,37 @@
+Index: libgd-2.2.5/src/gd_gif_in.c
+===================================================================
+--- libgd-2.2.5.orig/src/gd_gif_in.c	2018-01-22 15:19:35.417382486 +0100
+++ libgd-2.2.5/src/gd_gif_in.c	2018-01-22 15:21:28.683291084 +0100
+@@ -335,11 +335,6 @@ terminated:
+ 		return 0;
+ 	}
+ 
+-	if(!im->colorsTotal) {
+-		gdImageDestroy(im);
+-		return 0;
+-	}
+-
+ 	/* Check for open colors at the end, so
+ 	 * we can reduce colorsTotal and ultimately
+ 	 * BitsPerPixel */
+@@ -351,6 +346,11 @@ terminated:
+ 		}
+ 	}
+ 
+	if(!im->colorsTotal) {
+		gdImageDestroy(im);
+		return 0;
+	}
+
+ 	return im;
+ }
+ 
+@@ -447,7 +447,7 @@ static int
+ GetCode_(gdIOCtx *fd, CODE_STATIC_DATA *scd, int code_size, int flag, int *ZeroDataBlockP)
+ {
+ 	int i, j, ret;
+-	unsigned char count;
+	int count;
+ 
+ 	if(flag) {
+ 		scd->curbit = 0;
--- a/gd.changes
+++ b/gd.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon Jan 22 14:58:51 UTC 2018 - pgajdos@suse.com
+
+- security update:
+  * CVE-2018-5711 [bsc#1076391]
+    + gd-CVE-2018-5711.patch
+
 -------------------------------------------------------------------
 Tue Sep  5 13:49:20 UTC 2017 - pgajdos@suse.com

--- a/gd.spec
+++ b/gd.spec
@ -1,7 +1,7 @@
 #
 # spec file for package gd
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -33,6 +33,7 @@ Patch1:         gd-fontpath.patch
 Patch2:         gd-format.patch
 # could be upstreamed
 Patch3:         gd-aliasing.patch
+Patch4:         gd-CVE-2018-5711.patch
 # needed for tests
 BuildRequires:  dejavu
 BuildRequires:  libjpeg-devel
@ -92,6 +93,7 @@ the formats accepted for inline images by most browsers.
 %patch1
 %patch2
 %patch3
+%patch4 -p1
 chmod 644 COPYING

 %build