diff options
| author | Mark H Weaver <mhw@netris.org> | 2016-07-28 13:47:25 -0400 |
|---|---|---|
| committer | Mark H Weaver <mhw@netris.org> | 2016-07-29 13:56:39 -0400 |
| commit | a81445737db53110281e39f211ca7d4b14f393d3 (patch) | |
| tree | 1abb5255b176890db82f0ffef50d705a41a24cad /gnu/packages/patches/gd-CVE-2016-6132.patch | |
| parent | f54510d29b27a403c90f9bafd0b84109a91d8469 (diff) | |
gnu: gd: Update to 2.2.3 [fixes CVE-2016-6207].
* gnu/packages/patches/gd-CVE-2016-5766.patch,
gnu/packages/patches/gd-CVE-2016-6128.patch,
gnu/packages/patches/gd-CVE-2016-6132.patch,
gnu/packages/patches/gd-CVE-2016-6214.patch,
gnu/packages/patches/gd-fix-test-on-i686.patch: Delete files.
* gnu/packages/patches/gd-fix-tests-on-i686.patch: New file.
* gnu/local.mk (dist_patch_DATA): Update accordingly.
* gnu/packages/gd.scm (gd): Update to 2.2.3.
[source]: Update patches field accordingly.
Diffstat (limited to 'gnu/packages/patches/gd-CVE-2016-6132.patch')
| -rw-r--r-- | gnu/packages/patches/gd-CVE-2016-6132.patch | 55 |
1 files changed, 0 insertions, 55 deletions
diff --git a/gnu/packages/patches/gd-CVE-2016-6132.patch b/gnu/packages/patches/gd-CVE-2016-6132.patch deleted file mode 100644 index 4c475b71b2..0000000000 --- a/gnu/packages/patches/gd-CVE-2016-6132.patch +++ /dev/null @@ -1,55 +0,0 @@ -Fix CVE-2016-6132 (read out-of-bounds when parsing TGA files). - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6132 - -Copied from upstream commit: -https://github.com/libgd/libgd/commit/ead349e99868303b37f5e6e9d9d680c9dc71ff8d - -From ead349e99868303b37f5e6e9d9d680c9dc71ff8d Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org> -Date: Tue, 12 Jul 2016 11:24:09 +0200 -Subject: [PATCH] Fix #247, A read out-of-bands was found in the parsing of TGA - files (CVE-2016-6132) - ---- - src/gd_tga.c | 13 +++++++++++-- - 1 file changed, 11 insertions(+), 2 deletions(-) - -diff --git a/src/gd_tga.c b/src/gd_tga.c -index ef20f86..20fe2d2 100644 ---- a/src/gd_tga.c -+++ b/src/gd_tga.c -@@ -237,7 +237,11 @@ int read_image_tga( gdIOCtx *ctx, oTga *tga ) - return -1; - } - -- gdGetBuf(conversion_buffer, image_block_size, ctx); -+ if (gdGetBuf(conversion_buffer, image_block_size, ctx) != image_block_size) { -+ gd_error("gd-tga: premature end of image data\n"); -+ gdFree(conversion_buffer); -+ return -1; -+ } - - while (buffer_caret < image_block_size) { - tga->bitmap[buffer_caret] = (int) conversion_buffer[buffer_caret]; -@@ -257,11 +261,16 @@ int read_image_tga( gdIOCtx *ctx, oTga *tga ) - } - conversion_buffer = (unsigned char *) gdMalloc(image_block_size * sizeof(unsigned char)); - if (conversion_buffer == NULL) { -+ gd_error("gd-tga: premature end of image data\n"); - gdFree( decompression_buffer ); - return -1; - } - -- gdGetBuf( conversion_buffer, image_block_size, ctx ); -+ if (gdGetBuf(conversion_buffer, image_block_size, ctx) != image_block_size) { -+ gdFree(conversion_buffer); -+ gdFree(decompression_buffer); -+ return -1; -+ } - - buffer_caret = 0; - --- -2.9.1 - |