Author: arekm Date: Mon Jul 2 20:18:29 2012 GMT Module: packages Tag: HEAD ---- Log message: - rel 10; patches from FC (CVE-2009-3546, misc fixes)
---- Files affected: packages/gd: gd.spec (1.136 -> 1.137) , gd-2.0.33-BoxBound.patch (NONE -> 1.1) (NEW), gd-2.0.35-AALineThick.patch (NONE -> 1.1) (NEW), gd-2.0.35-overflow.patch (NONE -> 1.1) (NEW), gd-2.0.35-security3.patch (NONE -> 1.1) (NEW), gd-loop.patch (NONE -> 1.1) (NEW) ---- Diffs: ================================================================ Index: packages/gd/gd.spec diff -u packages/gd/gd.spec:1.136 packages/gd/gd.spec:1.137 --- packages/gd/gd.spec:1.136 Fri Mar 30 20:47:50 2012 +++ packages/gd/gd.spec Mon Jul 2 22:18:24 2012 @@ -10,21 +10,26 @@ Summary(pt_BR.UTF-8): Biblioteca para manipulação de imagens Name: gd Version: 2.0.35 -Release: 9 +Release: 10 License: BSD-like Group: Libraries Source0: http://www.libgd.org/releases/%{name}-%{version}.tar.bz2 # Source0-md5: 6c6c3dbb7bf079e0bb5fbbfd3bb8a71c Patch0: %{name}-fontpath.patch Patch1: %{name}-rotate_from_php.patch +Patch2: %{name}-2.0.33-BoxBound.patch +Patch3: %{name}-2.0.35-AALineThick.patch +Patch4: %{name}-2.0.35-overflow.patch +Patch5: %{name}-2.0.35-security3.patch +Patch6: %{name}-loop.patch URL: http://www.libgd.org/ BuildRequires: autoconf >= 2.54 BuildRequires: automake %{?with_fontconfig:BuildRequires: fontconfig-devel} BuildRequires: freetype-devel >= 2.0 BuildRequires: gettext-devel -BuildRequires: libpng-devel >= 2:1.4.0 BuildRequires: libjpeg-devel +BuildRequires: libpng-devel >= 2:1.4.0 BuildRequires: libtiff-devel BuildRequires: libtool >= 1:1.4.3 %{?with_xpm:BuildRequires: xorg-lib-libXpm-devel} @@ -144,6 +149,11 @@ %setup -q %patch0 -p1 %patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 # hack to avoid inclusion of -s in --ldflags %{__perl} -pi -e 's,\@LDFLAGS\@,,g' config/gdlib-config.in @@ -213,6 +223,9 @@ All persons listed below can be reached at <cvs_login>@pld-linux.org $Log$ +Revision 1.137 2012/07/02 20:18:24 arekm +- rel 10; patches from FC (CVE-2009-3546, misc fixes) + Revision 1.136 2012/03/30 18:47:50 cactus - rel 9 ================================================================ Index: packages/gd/gd-2.0.33-BoxBound.patch diff -u /dev/null packages/gd/gd-2.0.33-BoxBound.patch:1.1 --- /dev/null Mon Jul 2 22:18:29 2012 +++ packages/gd/gd-2.0.33-BoxBound.patch Mon Jul 2 22:18:24 2012 @@ -0,0 +1,22 @@ +--- gd-2.0.33/gdft.c.pom 2004-11-02 22:00:48.000000000 +0100 ++++ gd-2.0.33/gdft.c 2006-11-21 09:25:49.000000000 +0100 +@@ -1237,7 +1237,8 @@ + glyph_min.x = penf.x + slot->metrics.horiBearingX; + glyph_min.y = penf.y - slot->metrics.horiBearingY; + +-#if 0 ++// #if 0 - this version of glyph_max.x setting fixes problem with ++// too large bouonding box + if (ch == ' ') /* special case for trailing space */ + { + glyph_max.x = penf.x + horiAdvance; +@@ -1246,7 +1247,8 @@ + { + glyph_max.x = glyph_min.x + slot->metrics.width; + } +-#else ++//#else ++#if 0 + glyph_max.x = penf.x + horiAdvance; + #endif + glyph_max.y = glyph_min.y + slot->metrics.height; ================================================================ Index: packages/gd/gd-2.0.35-AALineThick.patch diff -u /dev/null packages/gd/gd-2.0.35-AALineThick.patch:1.1 --- /dev/null Mon Jul 2 22:18:29 2012 +++ packages/gd/gd-2.0.35-AALineThick.patch Mon Jul 2 22:18:24 2012 @@ -0,0 +1,66 @@ +diff -up gd-2.0.35/gd.c.AALineThick gd-2.0.35/gd.c +--- gd-2.0.35/gd.c.AALineThick 2007-06-19 22:25:51.000000000 +0200 ++++ gd-2.0.35/gd.c 2012-02-28 11:02:09.708015922 +0100 +@@ -3474,6 +3474,8 @@ static void gdImageAALine (gdImagePtr im + /* keep them as 32bits */ + long x, y, inc; + long dx, dy,tmp; ++ int w, wid, wstart; ++ int thick = im->thick; + + if (!im->trueColor) { + /* TBB: don't crash when the image is of the wrong type */ +@@ -3502,6 +3504,25 @@ static void gdImageAALine (gdImagePtr im + gdImageSetAAPixelColor(im, x1, y1, col, 0xFF); + return; + } ++ else { ++ double ag; ++ if (abs(dy) < abs(dx)) ++ ag = cos (atan2 (dy, dx)); ++ else ++ ag = sin (atan2 (dy, dx)); ++ if (ag != 0) ++ { ++ wid = abs(thick / ag); ++ } ++ else ++ { ++ wid = 1; ++ } ++ if (wid == 0) ++ { ++ wid = 1; ++ } ++ } + if (abs(dx) > abs(dy)) { + if (dx < 0) { + tmp = x1; +@@ -3518,8 +3539,11 @@ static void gdImageAALine (gdImagePtr im + inc = (dy * 65536) / dx; + /* TBB: set the last pixel for consistency (<=) */ + while ((x >> 16) <= x2) { +- gdImageSetAAPixelColor(im, x >> 16, y >> 16, col, (y >> 8) & 0xFF); +- gdImageSetAAPixelColor(im, x >> 16, (y >> 16) + 1,col, (~y >> 8) & 0xFF); ++ wstart = (y >> 16) - wid / 2; ++ for (w = wstart; w < wstart + wid; w++) { ++ gdImageSetAAPixelColor(im, (x >> 16) , w , col , (y >> 8) & 0xFF); ++ gdImageSetAAPixelColor(im, (x >> 16) , w + 1 , col, (~y >> 8) & 0xFF); ++ } + x += (1 << 16); + y += inc; + } +@@ -3539,8 +3563,11 @@ static void gdImageAALine (gdImagePtr im + inc = (dx * 65536) / dy; + /* TBB: set the last pixel for consistency (<=) */ + while ((y>>16) <= y2) { +- gdImageSetAAPixelColor(im, x >> 16, y >> 16, col, (x >> 8) & 0xFF); +- gdImageSetAAPixelColor(im, (x >> 16) + 1, (y >> 16),col, (~x >> 8) & 0xFF); ++ wstart = (x >> 16) - wid / 2; ++ for (w = wstart; w < wstart + wid; w++) { ++ gdImageSetAAPixelColor(im, w , y >> 16 , col, (x >> 8) & 0xFF); ++ gdImageSetAAPixelColor(im, w + 1, y >> 16, col, (~x >> 8) & 0xFF); ++ } + x += inc; + y += (1<<16); + } ================================================================ Index: packages/gd/gd-2.0.35-overflow.patch diff -u /dev/null packages/gd/gd-2.0.35-overflow.patch:1.1 --- /dev/null Mon Jul 2 22:18:29 2012 +++ packages/gd/gd-2.0.35-overflow.patch Mon Jul 2 22:18:24 2012 @@ -0,0 +1,13 @@ +--- gd-2.0.35/gd_gd.c.pom 2006-04-05 17:52:22.000000000 +0200 ++++ gd-2.0.35/gd_gd.c 2007-09-05 11:31:39.000000000 +0200 +@@ -149,6 +149,10 @@ _gdCreateFromFile (gdIOCtx * in, int *sx + { + im = gdImageCreate (*sx, *sy); + } ++ if (!im) ++ { ++ goto fail1; ++ } + if (!_gdGetColors (in, im, gd2xFlag)) + { + goto fail2; ================================================================ Index: packages/gd/gd-2.0.35-security3.patch diff -u /dev/null packages/gd/gd-2.0.35-security3.patch:1.1 --- /dev/null Mon Jul 2 22:18:29 2012 +++ packages/gd/gd-2.0.35-security3.patch Mon Jul 2 22:18:24 2012 @@ -0,0 +1,12 @@ +--- gd-2.0.28/gd_gd.c 2004-05-24 17:28:12.000000000 +0200 ++++ gd-2.0.28_new/gd_gd.c 2009-12-08 15:19:16.159836680 +0100 +@@ -44,6 +44,9 @@ + { + goto fail1; + } ++ if (im->colorsTotal > gdMaxColors) { ++ goto fail1; ++ } + } + /* Int to accommodate truecolor single-color transparency */ + if (!gdGetInt (&im->transparent, in)) ================================================================ Index: packages/gd/gd-loop.patch diff -u /dev/null packages/gd/gd-loop.patch:1.1 --- /dev/null Mon Jul 2 22:18:29 2012 +++ packages/gd/gd-loop.patch Mon Jul 2 22:18:24 2012 @@ -0,0 +1,24 @@ +diff -up gd-2.0.35/gd_gif_in.c.loop gd-2.0.35/gd_gif_in.c +--- gd-2.0.35/gd_gif_in.c.loop 2007-06-14 15:51:41.000000000 -0400 ++++ gd-2.0.35/gd_gif_in.c 2008-07-21 11:20:25.000000000 -0400 +@@ -453,16 +453,17 @@ LWZReadByte_(gdIOCtx *fd, LZW_STATIC_DAT + return sd->firstcode; + } else if (code == sd->end_code) { + int count; ++ int max_count = 1024; + unsigned char buf[260]; + + if (*ZeroDataBlockP) + return -2; + +- while ((count = GetDataBlock(fd, buf, ZeroDataBlockP)) > 0) ++ while ((count = GetDataBlock(fd, buf, ZeroDataBlockP)) > 0 && --max_count >= 0 ) + ; + +- if (count != 0) +- return -2; ++ if (count != 0 || max_count < 0 ) ++ return -2; + } + + incode = code; ================================================================ ---- CVS-web: http://cvs.pld-linux.org/packages/gd/gd.spec?r1=1.136&r2=1.137 _______________________________________________ pld-cvs-commit mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
