diff --git a/backport-CVE-2021-38115.patch b/backport-CVE-2021-38115.patch deleted file mode 100644 index eb4ca9a98575e5ddc730590bfb6460d14ff7b3aa..0000000000000000000000000000000000000000 --- a/backport-CVE-2021-38115.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 8b111b2b4a4842179be66db68d84dda91a246032 Mon Sep 17 00:00:00 2001 -From: maryam ebrahimzadeh -Date: Mon, 19 Jul 2021 10:07:13 +0430 -Subject: [PATCH 1/1] fix read out-of-bands in reading tga header file -https://github.com/libgd/libgd/commit/8b111b2b4a4842179be66db68d84dda91a246032 - ---- - src/gd_tga.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/src/gd_tga.c b/src/gd_tga.c -index cae9428..286febb 100644 ---- a/src/gd_tga.c -+++ b/src/gd_tga.c -@@ -191,7 +191,11 @@ int read_header_tga(gdIOCtx *ctx, oTga *tga) - return -1; - } - -- gdGetBuf(tga->ident, tga->identsize, ctx); -+ -+ if (gdGetBuf(tga->ident, tga->identsize, ctx) != tga->identsize) { -+ gd_error("fail to read header ident"); -+ return -1; -+ } - } - - return 1; --- -2.30.2 - diff --git a/backport-CVE-2021-40145.patch b/backport-CVE-2021-40145.patch deleted file mode 100644 index e99e5f53ce64d21cab0ff7a44eb1892963aaa970..0000000000000000000000000000000000000000 --- a/backport-CVE-2021-40145.patch +++ /dev/null @@ -1,77 +0,0 @@ -From e95059590fadaabd9aadc0c0489804d75a3c5d52 Mon Sep 17 00:00:00 2001 -From: maryam ebrahimzadeh -Date: Mon, 19 Jul 2021 18:52:50 +0430 -Subject: [PATCH 1/3] gdImageGd2Ptr memory leak - -Conflict:NA -Reference:https://github.com/libgd/libgd/commit/c5fd25ce0e48fd5618a972ca9f5e28d6d62006af ---- - src/gd_gd2.c | 18 +++++++++++++++--- - 1 file changed, 15 insertions(+), 3 deletions(-) - -diff --git a/src/gd_gd2.c b/src/gd_gd2.c -index 760e85b..0b7e624 100644 ---- a/src/gd_gd2.c -+++ b/src/gd_gd2.c -@@ -910,9 +910,11 @@ _gd2PutHeader (gdImagePtr im, gdIOCtx * out, int cs, int fmt, int cx, int cy) - - } - --static void -+/* returns 0 on success, 1 on failure */ -+static int - _gdImageGd2 (gdImagePtr im, gdIOCtx * out, int cs, int fmt) - { -+ int ret = 0; - int ncx, ncy, cx, cy; - int x, y, ylo, yhi, xlo, xhi; - int chunkLen; -@@ -974,10 +976,12 @@ _gdImageGd2 (gdImagePtr im, gdIOCtx * out, int cs, int fmt) - /* */ - chunkData = gdCalloc (cs * bytesPerPixel * cs, 1); - if (!chunkData) { -+ ret = 1; - goto fail; - } - compData = gdCalloc (compMax, 1); - if (!compData) { -+ ret = 1; - goto fail; - } - -@@ -992,6 +996,7 @@ _gdImageGd2 (gdImagePtr im, gdIOCtx * out, int cs, int fmt) - - chunkIdx = gdCalloc (idxSize * sizeof (t_chunk_info), 1); - if (!chunkIdx) { -+ ret = 1; - goto fail; - } - }; -@@ -1106,6 +1111,8 @@ fail: - gdFree (chunkIdx); - } - GD2_DBG (printf ("Done\n")); -+ -+ return ret; - - } - -@@ -1128,8 +1135,13 @@ BGD_DECLARE(void *) gdImageGd2Ptr (gdImagePtr im, int cs, int fmt, int *size) - void *rv; - gdIOCtx *out = gdNewDynamicCtx (2048, NULL); - if (out == NULL) return NULL; -- _gdImageGd2 (im, out, cs, fmt); -- rv = gdDPExtractData (out, size); -+ -+ if (_gdImageGd2(im, out, cs, fmt)) { -+ rv = NULL; -+ } else { -+ rv = gdDPExtractData(out, size); -+ } -+ - out->gd_free (out); - return rv; - } --- -2.27.0 - diff --git a/backport-CVE-2021-40812.patch b/backport-CVE-2021-40812.patch deleted file mode 100644 index 3d0fb52dc56ab7b9c4773333d220a5d1db480366..0000000000000000000000000000000000000000 --- a/backport-CVE-2021-40812.patch +++ /dev/null @@ -1,82 +0,0 @@ -From e5c84f0b7a2e2cef8d8630bd8c26a2f859e959ff Mon Sep 17 00:00:00 2001 -From: Pierre Joye -Date: Tue, 7 Sep 2021 22:03:21 +0700 -Subject: [PATCH 1/2] Partial fix for #750 - -Conflict:NA -Reference:https://github.com/libgd/libgd/commit/6f5136821be86e7068fcdf651ae9420b5d42e9a9 - ---- - src/gd_bmp.c | 15 +++++++++++---- - src/gd_webp.c | 7 ++++++- - 2 files changed, 17 insertions(+), 5 deletions(-) - -diff --git a/src/gd_bmp.c b/src/gd_bmp.c -index e186ac9..ab56a3e 100644 ---- a/src/gd_bmp.c -+++ b/src/gd_bmp.c -@@ -30,6 +30,7 @@ - #include - #include "gd.h" - #include "gdhelpers.h" -+#include "gd_errors.h" - #include "bmp.h" - - static int compress_row(unsigned char *uncompressed_row, int length); -@@ -265,8 +266,11 @@ static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) - } - bitmap_size += compressed_size; - -- -- gdPutBuf(uncompressed_row, compressed_size, out); -+ if (gdPutBuf(uncompressed_row, compressed_size, out) != compressed_size){ -+ gd_error("gd-bmp write error\n"); -+ error = 1; -+ break; -+ } - gdPutC(BMP_RLE_COMMAND, out); - gdPutC(BMP_RLE_ENDOFLINE, out); - bitmap_size += 2; -@@ -325,7 +329,10 @@ static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) - if (buffer_size == 0) { - break; - } -- gdPutBuf(copy_buffer , buffer_size, out_original); -+ if (gdPutBuf(copy_buffer , buffer_size, out_original) != buffer_size) { -+ gd_error("gd-bmp write error\n"); -+ error = 1; -+ } - } - gdFree(copy_buffer); - -@@ -335,7 +342,7 @@ static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression) - out_original = NULL; - } - -- ret = 0; -+ ret = error; - cleanup: - if (tmpfile_for_compression) { - #ifdef _WIN32 -diff --git a/src/gd_webp.c b/src/gd_webp.c -index a0b4787..af0bf2c 100644 ---- a/src/gd_webp.c -+++ b/src/gd_webp.c -@@ -223,8 +223,13 @@ static int _gdImageWebpCtx (gdImagePtr im, gdIOCtx * outfile, int quality) - ret = 1; - goto freeargb; - } -- gdPutBuf(out, out_size, outfile); -+ -+ int res = gdPutBuf(out, out_size, outfile); - free(out); -+ if (res != out_size) { -+ gd_error("gd-webp write error\n"); -+ ret = 1; -+ } - - freeargb: - gdFree(argb); --- -2.27.0 - diff --git a/gd.spec b/gd.spec index cd3c2214d37749ca4dff0c0f7509279da91954da..97c46ee6a22b3eb7df50b0068cc7fd8186fff510 100644 --- a/gd.spec +++ b/gd.spec @@ -1,6 +1,6 @@ Name: gd -Version: 2.3.2 -Release: 2 +Version: 2.3.3 +Release: 1 Summary: A graphics library for quick creation of PNG or JPEG images License: MIT URL: http://libgd.github.io/ @@ -9,10 +9,6 @@ Source0: https://github.com/libgd/libgd/releases/download/gd-%{version}/l # Missing, temporary workaround, fixed upstream for next version Source1: https://raw.githubusercontent.com/libgd/libgd/gd-%{version}/config/getlib.sh -Patch6000: backport-CVE-2021-38115.patch -Patch6001: backport-CVE-2021-40812.patch -Patch6002: backport-CVE-2021-40145.patch - BuildRequires: freetype-devel fontconfig-devel gettext-devel libjpeg-devel libpng-devel libtiff-devel libwebp-devel BuildRequires: libX11-devel libXpm-devel zlib-devel pkgconfig libtool perl-interpreter perl-generators liberation-sans-fonts @@ -82,7 +78,7 @@ export CFLAGS="$CFLAGS -ffp-contract=off" %make_install %check -export XFAIL_TESTS +export TMPDIR=/tmp make check grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc @@ -111,6 +107,9 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc %exclude %{_libdir}/libgd.a %changelog +* Sat Oct 29 2022 zhouwenpei - 2.3.3-1 +- update to 2.3.3 + * Fri Apr 08 2022 dongyuzhen - 2.3.2-2 - fix CVE-2021-40145 diff --git a/getlib.sh b/getlib.sh index 4835cf6c470cd7034fecc76e27500a78f207180d..5070e30059b73517d45b9945176e2b5bb34cdb2c 100644 --- a/getlib.sh +++ b/getlib.sh @@ -1,6 +1,6 @@ #!/bin/sh -GETVER="${0%/*}/getver.pl" +GETVER="${0%/*}/getver.sh" GDLIB_MAJOR=$("${GETVER}" MAJOR) GDLIB_MINOR=$("${GETVER}" MINOR) GDLIB_REVISION=$("${GETVER}" RELEASE) diff --git a/libgd-2.3.2.tar.xz b/libgd-2.3.2.tar.xz deleted file mode 100644 index 178ab1ef2acd44f6a82dcdf6daa280f4e5fc3fad..0000000000000000000000000000000000000000 Binary files a/libgd-2.3.2.tar.xz and /dev/null differ diff --git a/libgd-2.3.3.tar.xz b/libgd-2.3.3.tar.xz new file mode 100644 index 0000000000000000000000000000000000000000..331aa23776cc38562108c1ef8d01febe5e0b6772 Binary files /dev/null and b/libgd-2.3.3.tar.xz differ