mirror/guix
1
0
Fork 0
mirror of https://git.savannah.gnu.org/git/guix.git synced 2025-01-19 05:57:04 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

gnu: gd: Update to 2.2.1 [fixes CVE-2015-{8874, 8877}].

Browse source 
* gnu/packages/patches/gd-CVE-2016-3074.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/gd.scm (gd): Update to 2.2.1.
[source]: Remove patch. Update source URL.
This commit is contained in:
Leo Famulari 2016-05-27 11:42:22 -04:00
parent 9da459f350
commit b5d08d7c28
No known key found for this signature in database
GPG key ID: 2646FA30BACA7F08
3 changed files with 5 additions and 43 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
gnu/local.mk
View file

@ -498,7 +498,6 @@ dist_patch_DATA = \
%D%/packages/patches/gcc-cross-environment-variables.patch \ %D%/packages/patches/gcc-cross-environment-variables.patch \
%D%/packages/patches/gcc-libvtv-runpath.patch \ %D%/packages/patches/gcc-libvtv-runpath.patch \
%D%/packages/patches/gcc-5.0-libvtv-runpath.patch \ %D%/packages/patches/gcc-5.0-libvtv-runpath.patch \
%D%/packages/patches/gd-CVE-2016-3074.patch \
%D%/packages/patches/geoclue-config.patch \ %D%/packages/patches/geoclue-config.patch \
%D%/packages/patches/ghostscript-CVE-2015-3228.patch \ %D%/packages/patches/ghostscript-CVE-2015-3228.patch \
%D%/packages/patches/ghostscript-runpath.patch \ %D%/packages/patches/ghostscript-runpath.patch \

11
gnu/packages/gd.scm
View file

@ -37,20 +37,19 @@ (define-public gd
(package (package
(name "gd") (name "gd")
;; Note: With libgd.org now pointing to bitbucket.org, genuine old ;; Note: With libgd.org now pointing to github.com, genuine old
;; tarballs are no longer available. Notably, versions 2.0.x are ;; tarballs are no longer available. Notably, versions 2.0.x are
;; missing. ;; missing.
(version "2.1.1") (version "2.2.1")
(source (origin (source (origin
(method url-fetch) (method url-fetch)
(uri (string-append (uri (string-append
"https://bitbucket.org/libgd/gd-libgd/downloads/" "https://github.com/libgd/libgd/releases/download/gd-"
"libgd-" version ".tar.xz")) version "/libgd-" version ".tar.xz"))
(sha256 (sha256
(base32 (base32
"11djy9flzxczphigqgp7fbbblbq35gqwwhn9xfcckawlapa1xnls")) "0xmrqka1ggqgml84xbmkw1y0r0lg7qn657v5b1my8pry92p651vh"))))
(patches (search-patches "gd-CVE-2016-3074.patch"))))
(build-system gnu-build-system) (build-system gnu-build-system)
(native-inputs (native-inputs
`(("pkg-config" ,pkg-config))) `(("pkg-config" ,pkg-config)))

36
gnu/packages/patches/gd-CVE-2016-3074.patch
View file

@ -1,36 +0,0 @@
Adapted from upstream commit 2bb97f407c1145c850416a3bfbcc8cf124e68a19
(gd2: handle corrupt images better (CVE-2016-3074)).
This patch omits the upstream changes to '.gitignore', and the test
added in files 'tests/Makefile.am', 'tests/gd2/gd2_read_corrupt.c', and
'tests/gd2/invalid_neg_size.gd2'.
We omit the test because its input data,
'tests/gd2/invalid_neg_size.gd2', is provided as a binary Git diff,
which is not supported by `patch`.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3074
https://github.com/libgd/libgd/commit/2bb97f407c1145c850416a3bfbcc8cf124e68a19
---
.gitignore | 1 +
src/gd_gd2.c | 2 ++
tests/Makefile.am | 3 ++-
tests/gd2/gd2_read_corrupt.c | 25 +++++++++++++++++++++++++
tests/gd2/invalid_neg_size.gd2 | Bin 0 -> 1676 bytes
5 files changed, 30 insertions(+), 1 deletion(-)
create mode 100644 tests/gd2/gd2_read_corrupt.c
create mode 100644 tests/gd2/invalid_neg_size.gd2
diff --git a/src/gd_gd2.c b/src/gd_gd2.c
index 6f28461..a50b33d 100644
--- a/src/gd_gd2.c
+++ b/src/gd_gd2.c
@@ -165,6 +165,8 @@ _gd2GetHeader (gdIOCtxPtr in, int *sx, int *sy,
if (gdGetInt (&cidx[i].size, in) != 1) {
goto fail2;
};
+ if (cidx[i].offset < 0 || cidx[i].size < 0)
+ goto fail2;
};
*chunkIdx = cidx;
};