commit gd for openSUSE:Leap:15.2

Thu, 19 Mar 2020 21:53:24 -0700 

Hello community,

here is the log from the commit of package gd for openSUSE:Leap:15.2 checked in 
at 2020-03-20 05:52:22
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.2/gd (Old)
 and      /work/SRC/openSUSE:Leap:15.2/.gd.new.3160 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "gd"

Fri Mar 20 05:52:22 2020 rev:21 rq:782135 version:2.2.5

Changes:
--------
--- /work/SRC/openSUSE:Leap:15.2/gd/gd.changes  2020-01-15 14:59:07.689706908 
+0100
+++ /work/SRC/openSUSE:Leap:15.2/.gd.new.3160/gd.changes        2020-03-20 
05:52:27.576045626 +0100
@@ -1,0 +2,16 @@
+Wed Mar  4 10:11:21 UTC 2020 - pgaj...@suse.com
+
+- security update
+- added patches
+  fix CVE-2018-14553 [bsc#1165471], null pointer dereference in gdImageClone()
+  + gd-CVE-2018-14553.patch
+
+-------------------------------------------------------------------
+Tue Jul 16 09:12:15 UTC 2019 - pgaj...@suse.com
+
+- security update
+- added patches
+  CVE-2019-11038 [bsc#1140120]
+  + gd-CVE-2019-11038.patch
+
+-------------------------------------------------------------------

New:
----
  gd-CVE-2018-14553.patch
  gd-CVE-2019-11038.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ gd.spec ++++++
--- /var/tmp/diff_new_pack.auy8uN/_old  2020-03-20 05:52:27.972045890 +0100
+++ /var/tmp/diff_new_pack.auy8uN/_new  2020-03-20 05:52:27.972045890 +0100
@@ -37,6 +37,10 @@
 Patch5:         gd-CVE-2018-1000222.patch
 Patch6:         gd-CVE-2019-6978.patch
 Patch7:         gd-CVE-2019-6977.patch
+# CVE-2019-11038 [bsc#1140118]
+Patch8:         gd-CVE-2019-11038.patch
+# CVE-2018-14553 [bsc#1165471], null pointer dereference in gdImageClone()
+Patch9:         gd-CVE-2018-14553.patch
 # needed for tests
 BuildRequires:  dejavu
 BuildRequires:  libjpeg-devel
@@ -103,6 +107,8 @@
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
+%patch8 -p1
+%patch9 -p1
 chmod 644 COPYING
 
 %build

++++++ gd-CVE-2018-14553.patch ++++++
diff --git a/src/gd.c b/src/gd.c
index 592a0286..d564d1f9 100644
--- a/src/gd.c
+++ b/src/gd.c
@@ -2865,14 +2865,6 @@ BGD_DECLARE(gdImagePtr) gdImageClone (gdImagePtr src) {
                }
        }
 
-       if (src->styleLength > 0) {
-               dst->styleLength = src->styleLength;
-               dst->stylePos    = src->stylePos;
-               for (i = 0; i < src->styleLength; i++) {
-                       dst->style[i] = src->style[i];
-               }
-       }
-
        dst->interlace   = src->interlace;
 
        dst->alphaBlendingFlag = src->alphaBlendingFlag;
@@ -2907,6 +2899,7 @@ BGD_DECLARE(gdImagePtr) gdImageClone (gdImagePtr src) {
 
        if (src->style) {
                gdImageSetStyle(dst, src->style, src->styleLength);
+               dst->stylePos = src->stylePos;
        }
 
        for (i = 0; i < gdMaxColors; i++) {
++++++ gd-CVE-2019-11038.patch ++++++
diff --git a/src/gd_xbm.c b/src/gd_xbm.c
index 4ca41acf..cf0545ef 100644
--- a/src/gd_xbm.c
+++ b/src/gd_xbm.c
@@ -169,7 +169,11 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromXbm(FILE * fd)
                        }
                        h[3] = ch;
                }
-               sscanf(h, "%x", &b);
+               if (sscanf(h, "%x", &b) != 1) {
+                       gd_error("invalid XBM");
+                       gdImageDestroy(im);
+                       return 0;
+               }
                for (bit = 1; bit <= max_bit; bit = bit << 1) {
                        gdImageSetPixel(im, x++, y, (b & bit) ? 1 : 0);
                        if (x == im->sx) {

Reply via email to