diff options
| author | tnn <tnn@pkgsrc.org> | 2015-04-12 15:09:32 +0000 |
|---|---|---|
| committer | tnn <tnn@pkgsrc.org> | 2015-04-12 15:09:32 +0000 |
| commit | a2512a743aeda3a8618f80f628b03e6ae5d7b286 (patch) | |
| tree | 4bb27e259d17eb904cc3db8da75b94be452d7644 /graphics/gd | |
| parent | f1b001235a85220b88c7e8311633cf502e67d978 (diff) | |
| download | pkgsrc-a2512a743aeda3a8618f80f628b03e6ae5d7b286.tar.gz | |
Upstream patch for overflow in gif parser (CVE-2014-9709)
Diffstat (limited to 'graphics/gd')
| -rw-r--r-- | graphics/gd/Makefile | 4 | ||||
| -rw-r--r-- | graphics/gd/distinfo | 3 | ||||
| -rw-r--r-- | graphics/gd/patches/patch-src_gd__gif__in.c | 45 |
3 files changed, 49 insertions, 3 deletions
diff --git a/graphics/gd/Makefile b/graphics/gd/Makefile index 2806feb1307..a06ca963e24 100644 --- a/graphics/gd/Makefile +++ b/graphics/gd/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.102 2014/12/09 11:42:10 wiz Exp $ +# $NetBSD: Makefile,v 1.103 2015/04/12 15:09:32 tnn Exp $ DISTNAME= libgd-2.1.0 PKGNAME= ${DISTNAME:S/libgd/gd/} -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= graphics MASTER_SITES= http://cdn.bitbucket.org/libgd/gd-libgd/downloads/ EXTRACT_SUFX= .tar.xz diff --git a/graphics/gd/distinfo b/graphics/gd/distinfo index 9c7522941b3..78c3f4c6068 100644 --- a/graphics/gd/distinfo +++ b/graphics/gd/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.35 2013/11/11 21:34:40 dholland Exp $ +$NetBSD: distinfo,v 1.36 2015/04/12 15:09:32 tnn Exp $ SHA1 (libgd-2.1.0.tar.xz) = 66c56fc07246b66ba649c83e996fd2085ea2f9e2 RMD160 (libgd-2.1.0.tar.xz) = 3fcdf88e1ca653ffd40ddba607dbc317ca87bf63 @@ -6,3 +6,4 @@ Size (libgd-2.1.0.tar.xz) = 2004304 bytes SHA1 (patch-aa) = 00198349dd9cff60f1f5738524096a251057eb16 SHA1 (patch-ab) = 300ffacf47d7421fc9efb7b3fd9e93f011de1b4b SHA1 (patch-src_gd__bmp.c) = 4db300a26cebae6fb6f14564c5648608d7ed6cc5 +SHA1 (patch-src_gd__gif__in.c) = 4c18302fa45b482b28f5b618681354690eaa9b2d diff --git a/graphics/gd/patches/patch-src_gd__gif__in.c b/graphics/gd/patches/patch-src_gd__gif__in.c new file mode 100644 index 00000000000..b53c98d0303 --- /dev/null +++ b/graphics/gd/patches/patch-src_gd__gif__in.c @@ -0,0 +1,45 @@ +$NetBSD: patch-src_gd__gif__in.c,v 1.1 2015/04/12 15:09:33 tnn Exp $ + +CVE-2014-9709 +https://bitbucket.org/libgd/gd-libgd/commits/47eb44b2e90ca88a08dca9f9a1aa9041e9587f43/raw/ + +From 47eb44b2e90ca88a08dca9f9a1aa9041e9587f43 Mon Sep 17 00:00:00 2001 +From: Remi Collet <fedora@famillecollet.com> +Date: Sat, 13 Dec 2014 08:48:18 +0100 +Subject: [PATCH] Fix possible buffer read overflow detected by + -fsanitize=address, thanks to Jan Bee + +--- + src/gd_gif_in.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/src/gd_gif_in.c b/src/gd_gif_in.c +index b3b4ca3..13a663c 100644 +--- src/gd_gif_in.c ++++ src/gd_gif_in.c +@@ -75,8 +75,10 @@ static struct { + + #define STACK_SIZE ((1<<(MAX_LWZ_BITS))*2) + ++#define CSD_BUF_SIZE 280 ++ + typedef struct { +- unsigned char buf[280]; ++ unsigned char buf[CSD_BUF_SIZE]; + int curbit; + int lastbit; + int done; +@@ -468,7 +470,12 @@ GetCode_(gdIOCtx *fd, CODE_STATIC_DATA *scd, int code_size, int flag, int *ZeroD + + ret = 0; + for (i = scd->curbit, j = 0; j < code_size; ++i, ++j) { +- ret |= ((scd->buf[i / 8] & (1 << (i % 8))) != 0) << j; ++ if (i < CSD_BUF_SIZE * 8) { ++ ret |= ((scd->buf[i / 8] & (1 << (i % 8))) != 0) << j; ++ } else { ++ ret = -1; ++ break; ++ } + } + + scd->curbit += code_size; |