pool/gd
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 781431 from graphics

Browse Source 
- security update
- added patches
  fix CVE-2018-14553 [bsc#1165471], null pointer dereference in gdImageClone()
  + gd-CVE-2018-14553.patch

OBS-URL: https://build.opensuse.org/request/show/781431
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gd?expand=0&rev=53
This commit is contained in:
Dominique Leuenberger 2020-03-06 20:25:47 +00:00 committed by Git OBS Bridge
commit fb2c080c62
3 changed files with 40 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
gd-CVE-2018-14553.patch Normal file
View File

@ -0,0 +1,27 @@
diff --git a/src/gd.c b/src/gd.c
index 592a0286..d564d1f9 100644
--- a/src/gd.c
+++ b/src/gd.c
@@ -2865,14 +2865,6 @@ BGD_DECLARE(gdImagePtr) gdImageClone (gdImagePtr src) {
}
}
- if (src->styleLength > 0) {
- dst->styleLength = src->styleLength;
- dst->stylePos = src->stylePos;
- for (i = 0; i < src->styleLength; i++) {
- dst->style[i] = src->style[i];
- }
- }
-
dst->interlace = src->interlace;
dst->alphaBlendingFlag = src->alphaBlendingFlag;
@@ -2907,6 +2899,7 @@ BGD_DECLARE(gdImagePtr) gdImageClone (gdImagePtr src) {
if (src->style) {
gdImageSetStyle(dst, src->style, src->styleLength);
+ dst->stylePos = src->stylePos;
}
for (i = 0; i < gdMaxColors; i++) {

8
gd.changes
View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Wed Mar 4 10:11:14 UTC 2020 - pgajdos@suse.com
- security update
- added patches
fix CVE-2018-14553 [bsc#1165471], null pointer dereference in gdImageClone()
+ gd-CVE-2018-14553.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jul 16 09:12:06 UTC 2019 - pgajdos@suse.com Tue Jul 16 09:12:06 UTC 2019 - pgajdos@suse.com

7
gd.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package gd # spec file for package gd
# #
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2020 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -24,7 +24,7 @@ Release: 0
Summary: A Drawing Library for Programs That Use PNG and JPEG Output Summary: A Drawing Library for Programs That Use PNG and JPEG Output
License: MIT License: MIT
Group: System/Libraries Group: System/Libraries
Url: https://libgd.github.io/ URL: https://libgd.github.io/
Source: https://github.com/libgd/libgd/releases/download/%{name}-%{version}/%{prjname}-%{version}.tar.xz Source: https://github.com/libgd/libgd/releases/download/%{name}-%{version}/%{prjname}-%{version}.tar.xz
Source1: baselibs.conf Source1: baselibs.conf
# might be upstreamed, but could be suse specific also (/usr/share/fonts/Type1 font dir) # might be upstreamed, but could be suse specific also (/usr/share/fonts/Type1 font dir)
@ -40,6 +40,8 @@ Patch7: gd-CVE-2019-6978.patch
Patch8: gd-CVE-2019-6977.patch Patch8: gd-CVE-2019-6977.patch
# CVE-2019-11038 [bsc#1140118] # CVE-2019-11038 [bsc#1140118]
Patch9: gd-CVE-2019-11038.patch Patch9: gd-CVE-2019-11038.patch
# CVE-2018-14553 [bsc#1165471], null pointer dereference in gdImageClone()
Patch10: gd-CVE-2018-14553.patch
# needed for tests # needed for tests
BuildRequires: dejavu BuildRequires: dejavu
BuildRequires: libjpeg-devel BuildRequires: libjpeg-devel
@ -96,6 +98,7 @@ the formats accepted for inline images by most browsers.
%patch7 -p1 %patch7 -p1
%patch8 -p1 %patch8 -p1
%patch9 -p1 %patch9 -p1
%patch10 -p1
chmod 644 COPYING chmod 644 COPYING
%build %build