diff options
| author | Mark H Weaver <[email protected]> | 2016-07-28 13:47:25 -0400 |
|---|---|---|
| committer | Mark H Weaver <[email protected]> | 2016-07-29 13:56:39 -0400 |
| commit | a81445737db53110281e39f211ca7d4b14f393d3 (patch) | |
| tree | 1abb5255b176890db82f0ffef50d705a41a24cad /gnu/packages/patches/gd-CVE-2016-6214.patch | |
| parent | f54510d29b27a403c90f9bafd0b84109a91d8469 (diff) | |
gnu: gd: Update to 2.2.3 [fixes CVE-2016-6207].
* gnu/packages/patches/gd-CVE-2016-5766.patch,
gnu/packages/patches/gd-CVE-2016-6128.patch,
gnu/packages/patches/gd-CVE-2016-6132.patch,
gnu/packages/patches/gd-CVE-2016-6214.patch,
gnu/packages/patches/gd-fix-test-on-i686.patch: Delete files.
* gnu/packages/patches/gd-fix-tests-on-i686.patch: New file.
* gnu/local.mk (dist_patch_DATA): Update accordingly.
* gnu/packages/gd.scm (gd): Update to 2.2.3.
[source]: Update patches field accordingly.
Diffstat (limited to 'gnu/packages/patches/gd-CVE-2016-6214.patch')
| -rw-r--r-- | gnu/packages/patches/gd-CVE-2016-6214.patch | 66 |
1 files changed, 0 insertions, 66 deletions
diff --git a/gnu/packages/patches/gd-CVE-2016-6214.patch b/gnu/packages/patches/gd-CVE-2016-6214.patch deleted file mode 100644 index 7894a32bb1..0000000000 --- a/gnu/packages/patches/gd-CVE-2016-6214.patch +++ /dev/null @@ -1,66 +0,0 @@ -Fix CVE-2016-6214 (read out-of-bounds when parsing TGA files). - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6214 - -Adapted from upstream commit: -https://github.com/libgd/libgd/commit/341aa68843ceceae9ba6e083431f14a07bd92308 - -Since `patch` cannot apply Git binary diffs, we omit the addition of -'tests/tga/bug00247a.c' and its associated binary data. - -From 341aa68843ceceae9ba6e083431f14a07bd92308 Mon Sep 17 00:00:00 2001 -From: "Christoph M. Becker" <[email protected]> -Date: Tue, 12 Jul 2016 19:23:13 +0200 -Subject: [PATCH] Unsupported TGA bpp/alphabit combinations should error - gracefully - -Currently, only 24bpp without alphabits and 32bpp with 8 alphabits are -really supported. All other combinations will be rejected with a warning. - -(cherry picked from commit cb1a0b7e54e9aa118270c23a4a6fe560e4590dc9) ---- - src/gd_tga.c | 16 ++++++---------- - tests/tga/.gitignore | 1 + - tests/tga/CMakeLists.txt | 1 + - tests/tga/Makemodule.am | 4 +++- - tests/tga/bug00247a.c | 19 +++++++++++++++++++ - tests/tga/bug00247a.tga | Bin 0 -> 36 bytes - 6 files changed, 30 insertions(+), 11 deletions(-) - create mode 100644 tests/tga/bug00247a.c - create mode 100644 tests/tga/bug00247a.tga - -diff --git a/src/gd_tga.c b/src/gd_tga.c -index 20fe2d2..b4f8fa6 100644 ---- a/src/gd_tga.c -+++ b/src/gd_tga.c -@@ -99,7 +99,7 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromTgaCtx(gdIOCtx* ctx) - if (tga->bits == TGA_BPP_24) { - *tpix = gdTrueColor(tga->bitmap[bitmap_caret + 2], tga->bitmap[bitmap_caret + 1], tga->bitmap[bitmap_caret]); - bitmap_caret += 3; -- } else if (tga->bits == TGA_BPP_32 || tga->alphabits) { -+ } else if (tga->bits == TGA_BPP_32 && tga->alphabits) { - register int a = tga->bitmap[bitmap_caret + 3]; - - *tpix = gdTrueColorAlpha(tga->bitmap[bitmap_caret + 2], tga->bitmap[bitmap_caret + 1], tga->bitmap[bitmap_caret], gdAlphaMax - (a >> 1)); -@@ -159,16 +159,12 @@ int read_header_tga(gdIOCtx *ctx, oTga *tga) - printf("wxh: %i %i\n", tga->width, tga->height); - #endif - -- switch(tga->bits) { -- case 8: -- case 16: -- case 24: -- case 32: -- break; -- default: -- gd_error("bps %i not supported", tga->bits); -+ if (!((tga->bits == TGA_BPP_24 && tga->alphabits == 0) -+ || (tga->bits == TGA_BPP_32 && tga->alphabits == 8))) -+ { -+ gd_error_ex(GD_WARNING, "gd-tga: %u bits per pixel with %u alpha bits not supported\n", -+ tga->bits, tga->alphabits); - return -1; -- break; - } - - tga->ident = NULL; |