Date: Sunday, May 12, 2019 @ 09:04:27 Author: pierre Revision: 352912
archrelease: copy trunk to extra-x86_64 Added: gd/repos/extra-x86_64/PKGBUILD (from rev 352911, gd/trunk/PKGBUILD) gd/repos/extra-x86_64/gd-CVE-2018-1000222.patch (from rev 352911, gd/trunk/gd-CVE-2018-1000222.patch) gd/repos/extra-x86_64/gd-CVE-2018-5711.patch (from rev 352911, gd/trunk/gd-CVE-2018-5711.patch) gd/repos/extra-x86_64/gd-CVE-2019-6977.patch (from rev 352911, gd/trunk/gd-CVE-2019-6977.patch) gd/repos/extra-x86_64/gd-CVE-2019-6978.patch (from rev 352911, gd/trunk/gd-CVE-2019-6978.patch) Deleted: gd/repos/extra-x86_64/PKGBUILD ---------------------------+ PKGBUILD | 84 +++++++++++-------- gd-CVE-2018-1000222.patch | 64 +++++++++++++++ gd-CVE-2018-5711.patch | 37 ++++++++ gd-CVE-2019-6977.patch | 15 +++ gd-CVE-2019-6978.patch | 187 ++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 352 insertions(+), 35 deletions(-) Deleted: PKGBUILD =================================================================== --- PKGBUILD 2019-05-12 09:04:13 UTC (rev 352911) +++ PKGBUILD 2019-05-12 09:04:27 UTC (rev 352912) @@ -1,35 +0,0 @@ -# $Id$ -# Maintainer: Pierre Schmitz <pie...@archlinux.de> - -pkgname=gd -pkgver=2.2.5 -pkgrel=1 -pkgdesc="Library for the dynamic creation of images by programmers" -arch=('i686' 'x86_64') -url="http://www.libgd.org/" -license=('custom') -depends=('fontconfig' 'libxpm' 'libwebp') -optdepends=('perl: bdftogd script') -checkdepends=('ttf-liberation') -source=("https://github.com/libgd/libgd/releases/download/gd-${pkgver}/libgd-${pkgver}.tar.xz") -md5sums=('8d8d6a6189513ecee6e893b1fb109bf8') - -build() { - cd libgd-${pkgver} - ./configure \ - --prefix=/usr \ - --disable-rpath - make -} - -check() { - cd libgd-${pkgver} - # see https://github.com/libgd/libgd/issues/302 - [[ ${CARCH} == 'i686' ]] || FREETYPE_PROPERTIES='truetype:interpreter-version=35' make check -} - -package() { - cd libgd-${pkgver} - make DESTDIR="${pkgdir}" install - install -D -m644 COPYING "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" -} Copied: gd/repos/extra-x86_64/PKGBUILD (from rev 352911, gd/trunk/PKGBUILD) =================================================================== --- PKGBUILD (rev 0) +++ PKGBUILD 2019-05-12 09:04:27 UTC (rev 352912) @@ -0,0 +1,49 @@ +# Maintainer: Pierre Schmitz <pie...@archlinux.de> + +pkgname=gd +pkgver=2.2.5 +pkgrel=2 +pkgdesc="Library for the dynamic creation of images by programmers" +arch=('x86_64') +url="https://libgd.github.io/" +license=('custom') +depends=('fontconfig' 'libxpm' 'libwebp') +optdepends=('perl: bdftogd script') +checkdepends=('ttf-liberation') +source=("https://github.com/libgd/libgd/releases/download/gd-${pkgver}/libgd-${pkgver}.tar.xz" + 'gd-CVE-2018-1000222.patch' 'gd-CVE-2018-5711.patch' + 'gd-CVE-2019-6977.patch' 'gd-CVE-2019-6978.patch') +sha1sums=('b777b005c401b6fa310ccf09eeb29f6c6e17ab2c' + 'f17097d44735face67cf5eb3c85878f45d0f72c9' + '4a4c0acc19ee4d5ceb6dd8b090b65381a39bf18e' + 'bd2444b04cf648d9bc60268f0c890c5950a46d36' + 'fc04932562f7a806a6041605bde43976c173a646') + +prepare() { + cd libgd-${pkgver} + # security patches from openSUSE: + # https://build.opensuse.org/package/show/openSUSE:Factory/gd + patch -p1 -i "${srcdir}/gd-CVE-2018-1000222.patch" + patch -p1 -i "${srcdir}/gd-CVE-2018-5711.patch" + patch -p1 -i "${srcdir}/gd-CVE-2019-6977.patch" + patch -p1 -i "${srcdir}/gd-CVE-2019-6978.patch" +} + +build() { + cd libgd-${pkgver} + ./configure \ + --prefix=/usr \ + --disable-rpath + make +} + +check() { + cd libgd-${pkgver} + make check +} + +package() { + cd libgd-${pkgver} + make DESTDIR="${pkgdir}" install + install -D -m644 COPYING "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" +} Copied: gd/repos/extra-x86_64/gd-CVE-2018-1000222.patch (from rev 352911, gd/trunk/gd-CVE-2018-1000222.patch) =================================================================== --- gd-CVE-2018-1000222.patch (rev 0) +++ gd-CVE-2018-1000222.patch 2019-05-12 09:04:27 UTC (rev 352912) @@ -0,0 +1,64 @@ +diff --git a/src/gd_bmp.c b/src/gd_bmp.c +index bde0b9d3..78f40d9a 100644 +--- a/src/gd_bmp.c ++++ b/src/gd_bmp.c +@@ -47,6 +47,8 @@ static int bmp_read_4bit(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info, bmp + static int bmp_read_8bit(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info, bmp_hdr_t *header); + static int bmp_read_rle(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info); + ++static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression); ++ + #define BMP_DEBUG(s) + + static int gdBMPPutWord(gdIOCtx *out, int w) +@@ -87,8 +89,10 @@ BGD_DECLARE(void *) gdImageBmpPtr(gdImagePtr im, int *size, int compression) + void *rv; + gdIOCtx *out = gdNewDynamicCtx(2048, NULL); + if (out == NULL) return NULL; +- gdImageBmpCtx(im, out, compression); +- rv = gdDPExtractData(out, size); ++ if (!_gdImageBmpCtx(im, out, compression)) ++ rv = gdDPExtractData(out, size); ++ else ++ rv = NULL; + out->gd_free(out); + return rv; + } +@@ -141,6 +145,11 @@ BGD_DECLARE(void) gdImageBmp(gdImagePtr im, FILE *outFile, int compression) + compression - whether to apply RLE or not. + */ + BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) ++{ ++ _gdImageBmpCtx(im, out, compression); ++} ++ ++static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) + { + int bitmap_size = 0, info_size, total_size, padding; + int i, row, xpos, pixel; +@@ -148,6 +157,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) + unsigned char *uncompressed_row = NULL, *uncompressed_row_start = NULL; + FILE *tmpfile_for_compression = NULL; + gdIOCtxPtr out_original = NULL; ++ int ret = 1; + + /* No compression if its true colour or we don't support seek */ + if (im->trueColor) { +@@ -325,6 +335,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) + out_original = NULL; + } + ++ ret = 0; + cleanup: + if (tmpfile_for_compression) { + #ifdef _WIN32 +@@ -338,7 +349,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) + if (out_original) { + out_original->gd_free(out_original); + } +- return; ++ return ret; + } + + static int compress_row(unsigned char *row, int length) + Copied: gd/repos/extra-x86_64/gd-CVE-2018-5711.patch (from rev 352911, gd/trunk/gd-CVE-2018-5711.patch) =================================================================== --- gd-CVE-2018-5711.patch (rev 0) +++ gd-CVE-2018-5711.patch 2019-05-12 09:04:27 UTC (rev 352912) @@ -0,0 +1,37 @@ +Index: libgd-2.2.5/src/gd_gif_in.c +=================================================================== +--- libgd-2.2.5.orig/src/gd_gif_in.c 2018-01-22 15:19:35.417382486 +0100 ++++ libgd-2.2.5/src/gd_gif_in.c 2018-01-22 15:21:28.683291084 +0100 +@@ -335,11 +335,6 @@ terminated: + return 0; + } + +- if(!im->colorsTotal) { +- gdImageDestroy(im); +- return 0; +- } +- + /* Check for open colors at the end, so + * we can reduce colorsTotal and ultimately + * BitsPerPixel */ +@@ -351,6 +346,11 @@ terminated: + } + } + ++ if(!im->colorsTotal) { ++ gdImageDestroy(im); ++ return 0; ++ } ++ + return im; + } + +@@ -447,7 +447,7 @@ static int + GetCode_(gdIOCtx *fd, CODE_STATIC_DATA *scd, int code_size, int flag, int *ZeroDataBlockP) + { + int i, j, ret; +- unsigned char count; ++ int count; + + if(flag) { + scd->curbit = 0; Copied: gd/repos/extra-x86_64/gd-CVE-2019-6977.patch (from rev 352911, gd/trunk/gd-CVE-2019-6977.patch) =================================================================== --- gd-CVE-2019-6977.patch (rev 0) +++ gd-CVE-2019-6977.patch 2019-05-12 09:04:27 UTC (rev 352912) @@ -0,0 +1,15 @@ +Index: libgd-2.2.5/src/gd_color_match.c +=================================================================== +--- libgd-2.2.5.orig/src/gd_color_match.c 2019-01-31 12:56:44.944336318 +0100 ++++ libgd-2.2.5/src/gd_color_match.c 2019-01-31 12:58:11.368836899 +0100 +@@ -31,8 +31,8 @@ BGD_DECLARE(int) gdImageColorMatch (gdIm + return -4; /* At least 1 color must be allocated */ + } + +- buf = (unsigned long *)gdMalloc(sizeof(unsigned long) * 5 * im2->colorsTotal); +- memset (buf, 0, sizeof(unsigned long) * 5 * im2->colorsTotal ); ++ buf = (unsigned long *)gdMalloc(sizeof(unsigned long) * 5 * gdMaxColors); ++ memset (buf, 0, sizeof(unsigned long) * 5 * gdMaxColors ); + + for (x=0; x < im1->sx; x++) { + for( y=0; y<im1->sy; y++ ) { Copied: gd/repos/extra-x86_64/gd-CVE-2019-6978.patch (from rev 352911, gd/trunk/gd-CVE-2019-6978.patch) =================================================================== --- gd-CVE-2019-6978.patch (rev 0) +++ gd-CVE-2019-6978.patch 2019-05-12 09:04:27 UTC (rev 352912) @@ -0,0 +1,187 @@ +Index: libgd-2.2.5/src/gd_gif_out.c +=================================================================== +--- libgd-2.2.5.orig/src/gd_gif_out.c 2017-08-30 13:05:54.000000000 +0200 ++++ libgd-2.2.5/src/gd_gif_out.c 2019-01-31 09:47:44.703693790 +0100 +@@ -99,6 +99,7 @@ static void char_init(GifCtx *ctx); + static void char_out(int c, GifCtx *ctx); + static void flush_char(GifCtx *ctx); + ++static int _gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out); + + + +@@ -131,8 +132,11 @@ BGD_DECLARE(void *) gdImageGifPtr(gdImag + void *rv; + gdIOCtx *out = gdNewDynamicCtx(2048, NULL); + if (out == NULL) return NULL; +- gdImageGifCtx(im, out); +- rv = gdDPExtractData(out, size); ++ if (!_gdImageGifCtx(im, out)) { ++ rv = gdDPExtractData(out, size); ++ } else { ++ rv = NULL; ++ } + out->gd_free(out); + return rv; + } +@@ -221,6 +225,12 @@ BGD_DECLARE(void) gdImageGif(gdImagePtr + */ + BGD_DECLARE(void) gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out) + { ++ _gdImageGifCtx(im, out); ++} ++ ++/* returns 0 on success, 1 on failure */ ++static int _gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out) ++{ + gdImagePtr pim = 0, tim = im; + int interlace, BitsPerPixel; + interlace = im->interlace; +@@ -231,7 +241,7 @@ BGD_DECLARE(void) gdImageGifCtx(gdImageP + based temporary image. */ + pim = gdImageCreatePaletteFromTrueColor(im, 1, 256); + if(!pim) { +- return; ++ return 1; + } + tim = pim; + } +@@ -247,6 +257,8 @@ BGD_DECLARE(void) gdImageGifCtx(gdImageP + /* Destroy palette based temporary image. */ + gdImageDestroy( pim); + } ++ ++ return 0; + } + + +Index: libgd-2.2.5/src/gd_jpeg.c +=================================================================== +--- libgd-2.2.5.orig/src/gd_jpeg.c 2017-08-30 13:05:54.000000000 +0200 ++++ libgd-2.2.5/src/gd_jpeg.c 2019-01-31 09:47:44.707693815 +0100 +@@ -123,6 +123,8 @@ static void fatal_jpeg_error(j_common_pt + exit(99); + } + ++static int _gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality); ++ + /* + * Write IM to OUTFILE as a JFIF-formatted JPEG image, using quality + * QUALITY. If QUALITY is in the range 0-100, increasing values +@@ -237,8 +239,11 @@ BGD_DECLARE(void *) gdImageJpegPtr(gdIma + void *rv; + gdIOCtx *out = gdNewDynamicCtx(2048, NULL); + if (out == NULL) return NULL; +- gdImageJpegCtx(im, out, quality); +- rv = gdDPExtractData(out, size); ++ if (!_gdImageJpegCtx(im, out, quality)) { ++ rv = gdDPExtractData(out, size); ++ } else { ++ rv = NULL; ++ } + out->gd_free(out); + return rv; + } +@@ -260,6 +265,12 @@ void jpeg_gdIOCtx_dest(j_compress_ptr ci + */ + BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality) + { ++ _gdImageJpegCtx(im, outfile, quality); ++} ++ ++/* returns 0 on success, 1 on failure */ ++static int _gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality) ++{ + struct jpeg_compress_struct cinfo; + struct jpeg_error_mgr jerr; + int i, j, jidx; +@@ -293,7 +304,7 @@ BGD_DECLARE(void) gdImageJpegCtx(gdImage + if(row) { + gdFree(row); + } +- return; ++ return 1; + } + + cinfo.err->emit_message = jpeg_emit_message; +@@ -334,7 +345,7 @@ BGD_DECLARE(void) gdImageJpegCtx(gdImage + if(row == 0) { + gd_error("gd-jpeg: error: unable to allocate JPEG row structure: gdCalloc returns NULL\n"); + jpeg_destroy_compress(&cinfo); +- return; ++ return 1; + } + + rowptr[0] = row; +@@ -411,6 +422,7 @@ BGD_DECLARE(void) gdImageJpegCtx(gdImage + jpeg_finish_compress(&cinfo); + jpeg_destroy_compress(&cinfo); + gdFree(row); ++ return 0; + } + + +Index: libgd-2.2.5/src/gd_wbmp.c +=================================================================== +--- libgd-2.2.5.orig/src/gd_wbmp.c 2017-08-30 13:05:54.000000000 +0200 ++++ libgd-2.2.5/src/gd_wbmp.c 2019-01-31 09:47:44.707693815 +0100 +@@ -88,6 +88,8 @@ int gd_getin(void *in) + return (gdGetC((gdIOCtx *)in)); + } + ++static int _gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out); ++ + /* + Function: gdImageWBMPCtx + +@@ -101,13 +103,19 @@ int gd_getin(void *in) + */ + BGD_DECLARE(void) gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out) + { ++ _gdImageWBMPCtx(image, fg, out); ++} ++ ++/* returns 0 on success, 1 on failure */ ++static int _gdImageWBMPCtx(gdImagePtr image, int fg, gdIOCtx *out) ++{ + int x, y, pos; + Wbmp *wbmp; + + /* create the WBMP */ + if((wbmp = createwbmp(gdImageSX(image), gdImageSY(image), WBMP_WHITE)) == NULL) { + gd_error("Could not create WBMP\n"); +- return; ++ return 1; + } + + /* fill up the WBMP structure */ +@@ -123,11 +131,15 @@ BGD_DECLARE(void) gdImageWBMPCtx(gdImage + + /* write the WBMP to a gd file descriptor */ + if(writewbmp(wbmp, &gd_putout, out)) { ++ freewbmp(wbmp); + gd_error("Could not save WBMP\n"); ++ return 1; + } + + /* des submitted this bugfix: gdFree the memory. */ + freewbmp(wbmp); ++ ++ return 0; + } + + /* +@@ -271,8 +283,11 @@ BGD_DECLARE(void *) gdImageWBMPPtr(gdIma + void *rv; + gdIOCtx *out = gdNewDynamicCtx(2048, NULL); + if (out == NULL) return NULL; +- gdImageWBMPCtx(im, fg, out); +- rv = gdDPExtractData(out, size); ++ if (!_gdImageWBMPCtx(im, fg, out)) { ++ rv = gdDPExtractData(out, size); ++ } else { ++ rv = NULL; ++ } + out->gd_free(out); + return rv; + }