aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJ0WI <J0WI@users.noreply.github.com>2020-04-08 16:04:31 +0200
committerJ0WI <J0WI@users.noreply.github.com>2020-04-08 16:08:35 +0200
commit3deb517cec296a32e5b25f1a75a48c2026a44af4 (patch)
treed4938eb1877b02e7f92ce0675ffdce5e8f9ef369
parente30587e6d086657c2b20040a01408e6a321fc5fc (diff)
downloadaports-3deb517cec296a32e5b25f1a75a48c2026a44af4.tar.bz2
aports-3deb517cec296a32e5b25f1a75a48c2026a44af4.tar.xz
main/gd: patch CVE-2018-14553 and CVE-2019-11038
-rw-r--r--main/gd/APKBUILD17
-rw-r--r--main/gd/CVE-2018-14553.patch32
-rw-r--r--main/gd/CVE-2019-11038.patch36
3 files changed, 80 insertions, 5 deletions
diff --git a/main/gd/APKBUILD b/main/gd/APKBUILD
index 34582ea156..b6e28a3cde 100644
--- a/main/gd/APKBUILD
+++ b/main/gd/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
pkgname=gd
pkgver=2.2.5
-pkgrel=2
+pkgrel=3
_pkgreal=lib$pkgname
pkgdesc="Library for the dynamic creation of images by programmers"
url="https://libgd.github.io/"
@@ -13,7 +13,9 @@ makedepends="bash libpng-dev libjpeg-turbo-dev libwebp-dev freetype-dev zlib-dev
subpackages="$pkgname-dev $_pkgreal:libs"
source="https://github.com/$_pkgreal/$_pkgreal/releases/download/$pkgname-$pkgver/$_pkgreal-$pkgver.tar.xz
CVE-2018-1000222.patch
+ CVE-2018-14553.patch
CVE-2018-5711.patch
+ CVE-2019-11038.patch
CVE-2019-6977.patch
CVE-2019-6978.patch
"
@@ -23,12 +25,15 @@ case "$CARCH" in
esac
# secfixes:
+# 2.2.5-r3:
+# - CVE-2018-14553
+# - CVE-2019-11038
# 2.2.5-r2:
-# - CVE-2018-5711
-# - CVE-2019-6977
-# - CVE-2019-6978
+# - CVE-2018-5711
+# - CVE-2019-6977
+# - CVE-2019-6978
# 2.2.5-r1:
-# - CVE-2018-1000222
+# - CVE-2018-1000222
build() {
cd "$builddir"
@@ -62,6 +67,8 @@ dev() {
sha512sums="e4598e17a277a75e02255402182cab139cb3f2cffcd68ec05cc10bbeaf6bc7aa39162c3445cd4a7efc1a26b72b9152bbedb187351e3ed099ea51767319997a6b libgd-2.2.5.tar.xz
d12462f1b159d50b9032435e9767a5d76e1797a88be950ed33dda7aa17005b7cb60560d04b9520e46d8111e1669d42ce28cb2c508f9c8825d545ac0335d2a10b CVE-2018-1000222.patch
+9bf1677d69d04f41eba48b48e853ad706f3097edb1a96c3b681b516708be0ba199c463e7b3e44f52921e14028a7c4d74977d66e7f456b9f96d935ce9db342c0e CVE-2018-14553.patch
b23929f10ad75fa97d2ff797ef44d185cfe6de4f26b649e8e507b6fc41ebdb527ab4633d10df955c92d677428d9ed1707d9997954a1bcfb0070995191211d886 CVE-2018-5711.patch
+a56397fb310c94d4dc9c565dcec17ffd7411e1957ba45f1093e9fffad74192c244b1ef4f9d954c052f589fd5b4d1cc37ca5d53d8db569cee09a7bdc38bfc4eaf CVE-2019-11038.patch
5214ac4148c618f3fef3bb3b6675e41a76e31465cd8dac326ee99dc1ae4cfe760749997d2941743efa48e79b8dbdb536d6b6d79d9bc4e5363f2c50da52ab5cac CVE-2019-6977.patch
2f70f041b531a23d0bac5c5370a3fb135ca8facaa7baf1554baf35135cc9c6e21de9c09400d939e133ad090b9aa23fa901ea7b5cd9ea20d11edc38257601eb97 CVE-2019-6978.patch"
diff --git a/main/gd/CVE-2018-14553.patch b/main/gd/CVE-2018-14553.patch
new file mode 100644
index 0000000000..816bd9ccc9
--- /dev/null
+++ b/main/gd/CVE-2018-14553.patch
@@ -0,0 +1,32 @@
+From a93eac0e843148dc2d631c3ba80af17e9c8c860f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?F=C3=A1bio=20Cabral=20Pacheco?= <fcabralpacheco@gmail.com>
+Date: Fri, 20 Dec 2019 12:03:33 -0300
+Subject: [PATCH] Fix potential NULL pointer dereference in gdImageClone()
+
+diff --git a/src/gd.c b/src/gd.c
+index 592a0286..d564d1f9 100644
+--- a/src/gd.c
++++ b/src/gd.c
+@@ -2865,14 +2865,6 @@ BGD_DECLARE(gdImagePtr) gdImageClone (gdImagePtr src) {
+ }
+ }
+
+- if (src->styleLength > 0) {
+- dst->styleLength = src->styleLength;
+- dst->stylePos = src->stylePos;
+- for (i = 0; i < src->styleLength; i++) {
+- dst->style[i] = src->style[i];
+- }
+- }
+-
+ dst->interlace = src->interlace;
+
+ dst->alphaBlendingFlag = src->alphaBlendingFlag;
+@@ -2907,6 +2899,7 @@ BGD_DECLARE(gdImagePtr) gdImageClone (gdImagePtr src) {
+
+ if (src->style) {
+ gdImageSetStyle(dst, src->style, src->styleLength);
++ dst->stylePos = src->stylePos;
+ }
+
+ for (i = 0; i < gdMaxColors; i++) {
diff --git a/main/gd/CVE-2019-11038.patch b/main/gd/CVE-2019-11038.patch
new file mode 100644
index 0000000000..1ccb9c1c15
--- /dev/null
+++ b/main/gd/CVE-2019-11038.patch
@@ -0,0 +1,36 @@
+From e13a342c079aeb73e31dfa19eaca119761bac3f3 Mon Sep 17 00:00:00 2001
+From: Jonas Meurer <jonas@freesources.org>
+Date: Tue, 11 Jun 2019 12:16:46 +0200
+Subject: [PATCH] Fix #501: Uninitialized read in gdImageCreateFromXbm
+ (CVE-2019-11038)
+
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-11038
+Bug-Debian: https://bugs.debian.org/929821
+Bug: https://github.com/libgd/libgd/issues/501
+
+We have to ensure that `sscanf()` does indeed read a hex value here,
+and bail out otherwise.
+
+Original patch by Christoph M. Becker <cmbecker69@gmx.de> for PHP libgd ext.
+https://git.php.net/?p=php-src.git;a=commit;h=ed6dee9a198c904ad5e03113e58a2d2c200f5184
+---
+ src/gd_xbm.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/gd_xbm.c b/src/gd_xbm.c
+index 4ca41acf..cf0545ef 100644
+--- a/src/gd_xbm.c
++++ b/src/gd_xbm.c
+@@ -169,7 +169,11 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromXbm(FILE * fd)
+ }
+ h[3] = ch;
+ }
+- sscanf(h, "%x", &b);
++ if (sscanf(h, "%x", &b) != 1) {
++ gd_error("invalid XBM");
++ gdImageDestroy(im);
++ return 0;
++ }
+ for (bit = 1; bit <= max_bit; bit = bit << 1) {
+ gdImageSetPixel(im, x++, y, (b & bit) ? 1 : 0);
+ if (x == im->sx) {