From c9e164982ebea513ddfc53228bcb4bb41dcfab33beb484c2c2a7e346aaf3b46b Mon Sep 17 00:00:00 2001 From: Petr Gajdos Date: Wed, 4 Mar 2020 10:11:45 +0000 Subject: [PATCH] - security update - added patches fix CVE-2018-14553 [bsc#1165471], null pointer dereference in gdImageClone() + gd-CVE-2018-14553.patch OBS-URL: https://build.opensuse.org/package/show/graphics/gd?expand=0&rev=60 --- gd-CVE-2018-14553.patch | 27 +++++++++++++++++++++++++++ gd.changes | 8 ++++++++ gd.spec | 7 +++++-- 3 files changed, 40 insertions(+), 2 deletions(-) create mode 100644 gd-CVE-2018-14553.patch diff --git a/gd-CVE-2018-14553.patch b/gd-CVE-2018-14553.patch new file mode 100644 index 0000000..b4a7162 --- /dev/null +++ b/gd-CVE-2018-14553.patch @@ -0,0 +1,27 @@ +diff --git a/src/gd.c b/src/gd.c +index 592a0286..d564d1f9 100644 +--- a/src/gd.c ++++ b/src/gd.c +@@ -2865,14 +2865,6 @@ BGD_DECLARE(gdImagePtr) gdImageClone (gdImagePtr src) { + } + } + +- if (src->styleLength > 0) { +- dst->styleLength = src->styleLength; +- dst->stylePos = src->stylePos; +- for (i = 0; i < src->styleLength; i++) { +- dst->style[i] = src->style[i]; +- } +- } +- + dst->interlace = src->interlace; + + dst->alphaBlendingFlag = src->alphaBlendingFlag; +@@ -2907,6 +2899,7 @@ BGD_DECLARE(gdImagePtr) gdImageClone (gdImagePtr src) { + + if (src->style) { + gdImageSetStyle(dst, src->style, src->styleLength); ++ dst->stylePos = src->stylePos; + } + + for (i = 0; i < gdMaxColors; i++) { diff --git a/gd.changes b/gd.changes index f9cb33e..5705885 100644 --- a/gd.changes +++ b/gd.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Wed Mar 4 10:11:14 UTC 2020 - pgajdos@suse.com + +- security update +- added patches + fix CVE-2018-14553 [bsc#1165471], null pointer dereference in gdImageClone() + + gd-CVE-2018-14553.patch + ------------------------------------------------------------------- Tue Jul 16 09:12:06 UTC 2019 - pgajdos@suse.com diff --git a/gd.spec b/gd.spec index e2dca9e..c243052 100644 --- a/gd.spec +++ b/gd.spec @@ -1,7 +1,7 @@ # # spec file for package gd # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,7 +24,7 @@ Release: 0 Summary: A Drawing Library for Programs That Use PNG and JPEG Output License: MIT Group: System/Libraries -Url: https://libgd.github.io/ +URL: https://libgd.github.io/ Source: https://github.com/libgd/libgd/releases/download/%{name}-%{version}/%{prjname}-%{version}.tar.xz Source1: baselibs.conf # might be upstreamed, but could be suse specific also (/usr/share/fonts/Type1 font dir) @@ -40,6 +40,8 @@ Patch7: gd-CVE-2019-6978.patch Patch8: gd-CVE-2019-6977.patch # CVE-2019-11038 [bsc#1140118] Patch9: gd-CVE-2019-11038.patch +# CVE-2018-14553 [bsc#1165471], null pointer dereference in gdImageClone() +Patch10: gd-CVE-2018-14553.patch # needed for tests BuildRequires: dejavu BuildRequires: libjpeg-devel @@ -96,6 +98,7 @@ the formats accepted for inline images by most browsers. %patch7 -p1 %patch8 -p1 %patch9 -p1 +%patch10 -p1 chmod 644 COPYING %build