summaryrefslogtreecommitdiff
path: root/graphics
diff options
context:
space:
mode:
authortnn <tnn>2015-04-12 15:09:32 +0000
committertnn <tnn>2015-04-12 15:09:32 +0000
commit926fb0bbd0ebdfac30d4a794e3cbd8ded6738b0b (patch)
tree4bb27e259d17eb904cc3db8da75b94be452d7644 /graphics
parent8e1cabc995175ef2cd3568c1d5ab6b7845530f52 (diff)
downloadpkgsrc-926fb0bbd0ebdfac30d4a794e3cbd8ded6738b0b.tar.gz
Upstream patch for overflow in gif parser (CVE-2014-9709)
Diffstat (limited to 'graphics')
-rw-r--r--graphics/gd/Makefile4
-rw-r--r--graphics/gd/distinfo3
-rw-r--r--graphics/gd/patches/patch-src_gd__gif__in.c45
3 files changed, 49 insertions, 3 deletions
diff --git a/graphics/gd/Makefile b/graphics/gd/Makefile
index 2806feb1307..a06ca963e24 100644
--- a/graphics/gd/Makefile
+++ b/graphics/gd/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.102 2014/12/09 11:42:10 wiz Exp $
+# $NetBSD: Makefile,v 1.103 2015/04/12 15:09:32 tnn Exp $
DISTNAME= libgd-2.1.0
PKGNAME= ${DISTNAME:S/libgd/gd/}
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= graphics
MASTER_SITES= http://cdn.bitbucket.org/libgd/gd-libgd/downloads/
EXTRACT_SUFX= .tar.xz
diff --git a/graphics/gd/distinfo b/graphics/gd/distinfo
index 9c7522941b3..78c3f4c6068 100644
--- a/graphics/gd/distinfo
+++ b/graphics/gd/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.35 2013/11/11 21:34:40 dholland Exp $
+$NetBSD: distinfo,v 1.36 2015/04/12 15:09:32 tnn Exp $
SHA1 (libgd-2.1.0.tar.xz) = 66c56fc07246b66ba649c83e996fd2085ea2f9e2
RMD160 (libgd-2.1.0.tar.xz) = 3fcdf88e1ca653ffd40ddba607dbc317ca87bf63
@@ -6,3 +6,4 @@ Size (libgd-2.1.0.tar.xz) = 2004304 bytes
SHA1 (patch-aa) = 00198349dd9cff60f1f5738524096a251057eb16
SHA1 (patch-ab) = 300ffacf47d7421fc9efb7b3fd9e93f011de1b4b
SHA1 (patch-src_gd__bmp.c) = 4db300a26cebae6fb6f14564c5648608d7ed6cc5
+SHA1 (patch-src_gd__gif__in.c) = 4c18302fa45b482b28f5b618681354690eaa9b2d
diff --git a/graphics/gd/patches/patch-src_gd__gif__in.c b/graphics/gd/patches/patch-src_gd__gif__in.c
new file mode 100644
index 00000000000..b53c98d0303
--- /dev/null
+++ b/graphics/gd/patches/patch-src_gd__gif__in.c
@@ -0,0 +1,45 @@
+$NetBSD: patch-src_gd__gif__in.c,v 1.1 2015/04/12 15:09:33 tnn Exp $
+
+CVE-2014-9709
+https://bitbucket.org/libgd/gd-libgd/commits/47eb44b2e90ca88a08dca9f9a1aa9041e9587f43/raw/
+
+From 47eb44b2e90ca88a08dca9f9a1aa9041e9587f43 Mon Sep 17 00:00:00 2001
+From: Remi Collet <fedora@famillecollet.com>
+Date: Sat, 13 Dec 2014 08:48:18 +0100
+Subject: [PATCH] Fix possible buffer read overflow detected by
+ -fsanitize=address, thanks to Jan Bee
+
+---
+ src/gd_gif_in.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/src/gd_gif_in.c b/src/gd_gif_in.c
+index b3b4ca3..13a663c 100644
+--- src/gd_gif_in.c
++++ src/gd_gif_in.c
+@@ -75,8 +75,10 @@ static struct {
+
+ #define STACK_SIZE ((1<<(MAX_LWZ_BITS))*2)
+
++#define CSD_BUF_SIZE 280
++
+ typedef struct {
+- unsigned char buf[280];
++ unsigned char buf[CSD_BUF_SIZE];
+ int curbit;
+ int lastbit;
+ int done;
+@@ -468,7 +470,12 @@ GetCode_(gdIOCtx *fd, CODE_STATIC_DATA *scd, int code_size, int flag, int *ZeroD
+
+ ret = 0;
+ for (i = scd->curbit, j = 0; j < code_size; ++i, ++j) {
+- ret |= ((scd->buf[i / 8] & (1 << (i % 8))) != 0) << j;
++ if (i < CSD_BUF_SIZE * 8) {
++ ret |= ((scd->buf[i / 8] & (1 << (i % 8))) != 0) << j;
++ } else {
++ ret = -1;
++ break;
++ }
+ }
+
+ scd->curbit += code_size;
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-25 13:39:36 +0000