diff options
author | J0WI <J0WI@users.noreply.github.com> | 2020-04-08 16:04:31 +0200 |
---|---|---|
committer | Leo <thinkabit.ukim@gmail.com> | 2020-04-09 00:20:57 +0000 |
commit | b7a6616325748291eb409fbe35ebf1a7c7070558 (patch) | |
tree | 98309f5ed68e403151b0e1256acaa6eba50a6d25 | |
parent | 1a97c2d43dcdd4cfc0f2995208b823c8cf3fad17 (diff) | |
download | alpine_aports-b7a6616325748291eb409fbe35ebf1a7c7070558.tar.bz2 alpine_aports-b7a6616325748291eb409fbe35ebf1a7c7070558.tar.xz alpine_aports-b7a6616325748291eb409fbe35ebf1a7c7070558.zip |
main/gd: patch CVE-2018-14553 and CVE-2019-11038
-rw-r--r-- | main/gd/APKBUILD | 17 | ||||
-rw-r--r-- | main/gd/CVE-2018-14553.patch | 32 | ||||
-rw-r--r-- | main/gd/CVE-2019-11038.patch | 36 |
3 files changed, 80 insertions, 5 deletions
diff --git a/main/gd/APKBUILD b/main/gd/APKBUILD index 9a5ffe91c0..a8abc50656 100644 --- a/main/gd/APKBUILD +++ b/main/gd/APKBUILD | |||
@@ -2,7 +2,7 @@ | |||
2 | # Maintainer: Carlo Landmeter <clandmeter@gmail.com> | 2 | # Maintainer: Carlo Landmeter <clandmeter@gmail.com> |
3 | pkgname=gd | 3 | pkgname=gd |
4 | pkgver=2.2.5 | 4 | pkgver=2.2.5 |
5 | pkgrel=3 | 5 | pkgrel=4 |
6 | _pkgreal=lib$pkgname | 6 | _pkgreal=lib$pkgname |
7 | pkgdesc="Library for the dynamic creation of images by programmers" | 7 | pkgdesc="Library for the dynamic creation of images by programmers" |
8 | url="https://libgd.github.io/" | 8 | url="https://libgd.github.io/" |
@@ -13,7 +13,9 @@ makedepends="bash libpng-dev libjpeg-turbo-dev libwebp-dev freetype-dev zlib-dev | |||
13 | subpackages="$pkgname-dev $_pkgreal:libs" | 13 | subpackages="$pkgname-dev $_pkgreal:libs" |
14 | source="https://github.com/$_pkgreal/$_pkgreal/releases/download/$pkgname-$pkgver/$_pkgreal-$pkgver.tar.xz | 14 | source="https://github.com/$_pkgreal/$_pkgreal/releases/download/$pkgname-$pkgver/$_pkgreal-$pkgver.tar.xz |
15 | CVE-2018-1000222.patch | 15 | CVE-2018-1000222.patch |
16 | CVE-2018-14553.patch | ||
16 | CVE-2018-5711.patch | 17 | CVE-2018-5711.patch |
18 | CVE-2019-11038.patch | ||
17 | CVE-2019-6977.patch | 19 | CVE-2019-6977.patch |
18 | CVE-2019-6978.patch | 20 | CVE-2019-6978.patch |
19 | " | 21 | " |
@@ -23,12 +25,15 @@ case "$CARCH" in | |||
23 | esac | 25 | esac |
24 | 26 | ||
25 | # secfixes: | 27 | # secfixes: |
28 | # 2.2.5-r3: | ||
29 | # - CVE-2018-14553 | ||
30 | # - CVE-2019-11038 | ||
26 | # 2.2.5-r2: | 31 | # 2.2.5-r2: |
27 | # - CVE-2018-5711 | 32 | # - CVE-2018-5711 |
28 | # - CVE-2019-6977 | 33 | # - CVE-2019-6977 |
29 | # - CVE-2019-6978 | 34 | # - CVE-2019-6978 |
30 | # 2.2.5-r1: | 35 | # 2.2.5-r1: |
31 | # - CVE-2018-1000222 | 36 | # - CVE-2018-1000222 |
32 | 37 | ||
33 | build() { | 38 | build() { |
34 | cd "$builddir" | 39 | cd "$builddir" |
@@ -62,6 +67,8 @@ dev() { | |||
62 | 67 | ||
63 | sha512sums="e4598e17a277a75e02255402182cab139cb3f2cffcd68ec05cc10bbeaf6bc7aa39162c3445cd4a7efc1a26b72b9152bbedb187351e3ed099ea51767319997a6b libgd-2.2.5.tar.xz | 68 | sha512sums="e4598e17a277a75e02255402182cab139cb3f2cffcd68ec05cc10bbeaf6bc7aa39162c3445cd4a7efc1a26b72b9152bbedb187351e3ed099ea51767319997a6b libgd-2.2.5.tar.xz |
64 | d12462f1b159d50b9032435e9767a5d76e1797a88be950ed33dda7aa17005b7cb60560d04b9520e46d8111e1669d42ce28cb2c508f9c8825d545ac0335d2a10b CVE-2018-1000222.patch | 69 | d12462f1b159d50b9032435e9767a5d76e1797a88be950ed33dda7aa17005b7cb60560d04b9520e46d8111e1669d42ce28cb2c508f9c8825d545ac0335d2a10b CVE-2018-1000222.patch |
70 | 9bf1677d69d04f41eba48b48e853ad706f3097edb1a96c3b681b516708be0ba199c463e7b3e44f52921e14028a7c4d74977d66e7f456b9f96d935ce9db342c0e CVE-2018-14553.patch | ||
65 | b23929f10ad75fa97d2ff797ef44d185cfe6de4f26b649e8e507b6fc41ebdb527ab4633d10df955c92d677428d9ed1707d9997954a1bcfb0070995191211d886 CVE-2018-5711.patch | 71 | b23929f10ad75fa97d2ff797ef44d185cfe6de4f26b649e8e507b6fc41ebdb527ab4633d10df955c92d677428d9ed1707d9997954a1bcfb0070995191211d886 CVE-2018-5711.patch |
72 | a56397fb310c94d4dc9c565dcec17ffd7411e1957ba45f1093e9fffad74192c244b1ef4f9d954c052f589fd5b4d1cc37ca5d53d8db569cee09a7bdc38bfc4eaf CVE-2019-11038.patch | ||
66 | 5214ac4148c618f3fef3bb3b6675e41a76e31465cd8dac326ee99dc1ae4cfe760749997d2941743efa48e79b8dbdb536d6b6d79d9bc4e5363f2c50da52ab5cac CVE-2019-6977.patch | 73 | 5214ac4148c618f3fef3bb3b6675e41a76e31465cd8dac326ee99dc1ae4cfe760749997d2941743efa48e79b8dbdb536d6b6d79d9bc4e5363f2c50da52ab5cac CVE-2019-6977.patch |
67 | 2f70f041b531a23d0bac5c5370a3fb135ca8facaa7baf1554baf35135cc9c6e21de9c09400d939e133ad090b9aa23fa901ea7b5cd9ea20d11edc38257601eb97 CVE-2019-6978.patch" | 74 | 2f70f041b531a23d0bac5c5370a3fb135ca8facaa7baf1554baf35135cc9c6e21de9c09400d939e133ad090b9aa23fa901ea7b5cd9ea20d11edc38257601eb97 CVE-2019-6978.patch" |
diff --git a/main/gd/CVE-2018-14553.patch b/main/gd/CVE-2018-14553.patch new file mode 100644 index 0000000000..816bd9ccc9 --- /dev/null +++ b/main/gd/CVE-2018-14553.patch | |||
@@ -0,0 +1,32 @@ | |||
1 | From a93eac0e843148dc2d631c3ba80af17e9c8c860f Mon Sep 17 00:00:00 2001 | ||
2 | From: =?UTF-8?q?F=C3=A1bio=20Cabral=20Pacheco?= <fcabralpacheco@gmail.com> | ||
3 | Date: Fri, 20 Dec 2019 12:03:33 -0300 | ||
4 | Subject: [PATCH] Fix potential NULL pointer dereference in gdImageClone() | ||
5 | |||
6 | diff --git a/src/gd.c b/src/gd.c | ||
7 | index 592a0286..d564d1f9 100644 | ||
8 | --- a/src/gd.c | ||
9 | +++ b/src/gd.c | ||
10 | @@ -2865,14 +2865,6 @@ BGD_DECLARE(gdImagePtr) gdImageClone (gdImagePtr src) { | ||
11 | } | ||
12 | } | ||
13 | |||
14 | - if (src->styleLength > 0) { | ||
15 | - dst->styleLength = src->styleLength; | ||
16 | - dst->stylePos = src->stylePos; | ||
17 | - for (i = 0; i < src->styleLength; i++) { | ||
18 | - dst->style[i] = src->style[i]; | ||
19 | - } | ||
20 | - } | ||
21 | - | ||
22 | dst->interlace = src->interlace; | ||
23 | |||
24 | dst->alphaBlendingFlag = src->alphaBlendingFlag; | ||
25 | @@ -2907,6 +2899,7 @@ BGD_DECLARE(gdImagePtr) gdImageClone (gdImagePtr src) { | ||
26 | |||
27 | if (src->style) { | ||
28 | gdImageSetStyle(dst, src->style, src->styleLength); | ||
29 | + dst->stylePos = src->stylePos; | ||
30 | } | ||
31 | |||
32 | for (i = 0; i < gdMaxColors; i++) { | ||
diff --git a/main/gd/CVE-2019-11038.patch b/main/gd/CVE-2019-11038.patch new file mode 100644 index 0000000000..1ccb9c1c15 --- /dev/null +++ b/main/gd/CVE-2019-11038.patch | |||
@@ -0,0 +1,36 @@ | |||
1 | From e13a342c079aeb73e31dfa19eaca119761bac3f3 Mon Sep 17 00:00:00 2001 | ||
2 | From: Jonas Meurer <jonas@freesources.org> | ||
3 | Date: Tue, 11 Jun 2019 12:16:46 +0200 | ||
4 | Subject: [PATCH] Fix #501: Uninitialized read in gdImageCreateFromXbm | ||
5 | (CVE-2019-11038) | ||
6 | |||
7 | Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-11038 | ||
8 | Bug-Debian: https://bugs.debian.org/929821 | ||
9 | Bug: https://github.com/libgd/libgd/issues/501 | ||
10 | |||
11 | We have to ensure that `sscanf()` does indeed read a hex value here, | ||
12 | and bail out otherwise. | ||
13 | |||
14 | Original patch by Christoph M. Becker <cmbecker69@gmx.de> for PHP libgd ext. | ||
15 | https://git.php.net/?p=php-src.git;a=commit;h=ed6dee9a198c904ad5e03113e58a2d2c200f5184 | ||
16 | --- | ||
17 | src/gd_xbm.c | 6 +++++- | ||
18 | 1 file changed, 5 insertions(+), 1 deletion(-) | ||
19 | |||
20 | diff --git a/src/gd_xbm.c b/src/gd_xbm.c | ||
21 | index 4ca41acf..cf0545ef 100644 | ||
22 | --- a/src/gd_xbm.c | ||
23 | +++ b/src/gd_xbm.c | ||
24 | @@ -169,7 +169,11 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromXbm(FILE * fd) | ||
25 | } | ||
26 | h[3] = ch; | ||
27 | } | ||
28 | - sscanf(h, "%x", &b); | ||
29 | + if (sscanf(h, "%x", &b) != 1) { | ||
30 | + gd_error("invalid XBM"); | ||
31 | + gdImageDestroy(im); | ||
32 | + return 0; | ||
33 | + } | ||
34 | for (bit = 1; bit <= max_bit; bit = bit << 1) { | ||
35 | gdImageSetPixel(im, x++, y, (b & bit) ? 1 : 0); | ||
36 | if (x == im->sx) { | ||