aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJ0WI <J0WI@users.noreply.github.com>2021-09-08 17:04:34 +0200
committerJ0WI <J0WI@users.noreply.github.com>2021-09-08 17:10:01 +0200
commitf0553ace280669808b577e43e25fb53ce4225162 (patch)
tree7045ee0e6844ceaaf089b597ac0831533943117c
parent178222d4dbc28360486d10441d6c9ad5c032e55a (diff)
downloadaports-f0553ace280669808b577e43e25fb53ce4225162.tar.gz
aports-f0553ace280669808b577e43e25fb53ce4225162.tar.bz2
aports-f0553ace280669808b577e43e25fb53ce4225162.tar.xz
main/gd: security fixes
-rw-r--r--main/gd/APKBUILD17
-rw-r--r--main/gd/CVE-2021-38115.patch26
-rw-r--r--main/gd/CVE-2021-40145.patch124
3 files changed, 164 insertions, 3 deletions
diff --git a/main/gd/APKBUILD b/main/gd/APKBUILD
index e4726b31b2..88444f78b9 100644
--- a/main/gd/APKBUILD
+++ b/main/gd/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Carlo Landmeter <clandmeter@alpinelinux.org>
pkgname=gd
pkgver=2.3.2
-pkgrel=0
+pkgrel=1
_pkgreal=lib$pkgname
pkgdesc="Library for the dynamic creation of images by programmers"
url="https://libgd.github.io/"
@@ -16,15 +16,22 @@ makedepends="
zlib-dev
"
subpackages="$pkgname-dev $_pkgreal:libs"
-source="https://github.com/$_pkgreal/$_pkgreal/releases/download/gd-$pkgver/$_pkgreal-$pkgver.tar.xz"
+source="https://github.com/$_pkgreal/$_pkgreal/releases/download/gd-$pkgver/$_pkgreal-$pkgver.tar.xz
+ CVE-2021-38115.patch
+ CVE-2021-40145.patch
+ "
builddir="$srcdir/$_pkgreal-$pkgver"
# https://github.com/libgd/libgd/issues/359
options="!check"
# secfixes:
+# 2.3.0-r1:
+# - CVE-2021-38115
+# - CVE-2021-40145
# 2.3.0-r0:
# - CVE-2019-11038
# - CVE-2018-14553
+# - CVE-2017-6363
# 2.2.5-r2:
# - CVE-2018-5711
# - CVE-2019-6977
@@ -60,4 +67,8 @@ dev() {
mv "$pkgdir"/usr/bin/bdftogd "$subpkgdir"/usr/bin/
}
-sha512sums="a31c6dbb64e7b725b63f3b400f7bebc289e2d776bdca0595af23006841660dc93a56c2247b98f8a584438a826f9e9ff0bea17d0b3900e48e281580b1308794d2 libgd-2.3.2.tar.xz"
+sha512sums="
+a31c6dbb64e7b725b63f3b400f7bebc289e2d776bdca0595af23006841660dc93a56c2247b98f8a584438a826f9e9ff0bea17d0b3900e48e281580b1308794d2 libgd-2.3.2.tar.xz
+cf455c3487dd3ef074abb0d89c2763e5652b11273a63eb050212dbed911e6fe9b65bf26c2de8ac9dc32d8225c096389075f518296280c3109c19612daafdb043 CVE-2021-38115.patch
+778ec72d6bcccd5fac032bb165f198cd588bc59e8358cb0933fe2e7e688416d693c517b0c2afd1c3b682619404a94bb4f0babbdf895774e83c869a34f191f84a CVE-2021-40145.patch
+"
diff --git a/main/gd/CVE-2021-38115.patch b/main/gd/CVE-2021-38115.patch
new file mode 100644
index 0000000000..94083594e0
--- /dev/null
+++ b/main/gd/CVE-2021-38115.patch
@@ -0,0 +1,26 @@
+From 8b111b2b4a4842179be66db68d84dda91a246032 Mon Sep 17 00:00:00 2001
+From: maryam ebrahimzadeh <maryam.ebr@student.sharif.edu>
+Date: Mon, 19 Jul 2021 10:07:13 +0430
+Subject: [PATCH] fix read out-of-bands in reading tga header file
+
+---
+ src/gd_tga.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/gd_tga.c b/src/gd_tga.c
+index cae9428da..286febb28 100644
+--- a/src/gd_tga.c
++++ b/src/gd_tga.c
+@@ -191,7 +191,11 @@ int read_header_tga(gdIOCtx *ctx, oTga *tga)
+ return -1;
+ }
+
+- gdGetBuf(tga->ident, tga->identsize, ctx);
++
++ if (gdGetBuf(tga->ident, tga->identsize, ctx) != tga->identsize) {
++ gd_error("fail to read header ident");
++ return -1;
++ }
+ }
+
+ return 1;
diff --git a/main/gd/CVE-2021-40145.patch b/main/gd/CVE-2021-40145.patch
new file mode 100644
index 0000000000..3f6b855eb2
--- /dev/null
+++ b/main/gd/CVE-2021-40145.patch
@@ -0,0 +1,124 @@
+From e95059590fadaabd9aadc0c0489804d75a3c5d52 Mon Sep 17 00:00:00 2001
+From: maryam ebrahimzadeh <maryam.ebr@student.sharif.edu>
+Date: Mon, 19 Jul 2021 18:52:50 +0430
+Subject: [PATCH 1/3] gdImageGd2Ptr memory leak
+
+---
+ src/gd_gd2.c | 18 ++++++++++++++----
+ 1 file changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/src/gd_gd2.c b/src/gd_gd2.c
+index 760e85b9f..84ec53375 100644
+--- a/src/gd_gd2.c
++++ b/src/gd_gd2.c
+@@ -1,4 +1,4 @@
+-/*
++
/*
+ * gd_gd2.c
+ *
+ * Implements the I/O and support for the GD2 format.
+@@ -910,9 +910,11 @@ _gd2PutHeader (gdImagePtr im, gdIOCtx * out, int cs, int fmt, int cx, int cy)
+
+ }
+
+-static void
++/* returns 0 on success, 1 on failure */
++static int
+ _gdImageGd2 (gdImagePtr im, gdIOCtx * out, int cs, int fmt)
+ {
++ int ret = 0;
+ int ncx, ncy, cx, cy;
+ int x, y, ylo, yhi, xlo, xhi;
+ int chunkLen;
+@@ -974,10 +976,12 @@ _gdImageGd2 (gdImagePtr im, gdIOCtx * out, int cs, int fmt)
+ /* */
+ chunkData = gdCalloc (cs * bytesPerPixel * cs, 1);
+ if (!chunkData) {
++ ret = 1;
+ goto fail;
+ }
+ compData = gdCalloc (compMax, 1);
+ if (!compData) {
++ ret = 1;
+ goto fail;
+ }
+
+@@ -992,6 +996,7 @@ _gdImageGd2 (gdImagePtr im, gdIOCtx * out, int cs, int fmt)
+
+ chunkIdx = gdCalloc (idxSize * sizeof (t_chunk_info), 1);
+ if (!chunkIdx) {
++ ret = 1;
+ goto fail;
+ }
+ };
+@@ -1107,6 +1112,8 @@ _gdImageGd2 (gdImagePtr im, gdIOCtx * out, int cs, int fmt)
+ }
+ GD2_DBG (printf ("Done\n"));
+
++ return ret;
++
+ }
+
+ /*
+@@ -1128,8 +1135,11 @@ BGD_DECLARE(void *) gdImageGd2Ptr (gdImagePtr im, int cs, int fmt, int *size)
+ void *rv;
+ gdIOCtx *out = gdNewDynamicCtx (2048, NULL);
+ if (out == NULL) return NULL;
+- _gdImageGd2 (im, out, cs, fmt);
+- rv = gdDPExtractData (out, size);
++ if (_gdImageGd2(im, out, cs, fmt)) {
++ rv = NULL;
++ } else {
++ rv = gdDPExtractData(out, size);
++ }
+ out->gd_free (out);
+ return rv;
+ }
+
+From e8eeb8dde5bc4c9d4e7ae1ab43d9fd1780ceb792 Mon Sep 17 00:00:00 2001
+From: Maryam Ebrahimzadeh <61263086+me22bee@users.noreply.github.com>
+Date: Tue, 24 Aug 2021 11:46:07 +0430
+Subject: [PATCH 2/3] trigger the github actions
+
+---
+ src/gd_gd2.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/gd_gd2.c b/src/gd_gd2.c
+index 84ec53375..097c93d0d 100644
+--- a/src/gd_gd2.c
++++ b/src/gd_gd2.c
+@@ -1135,11 +1135,13 @@ BGD_DECLARE(void *) gdImageGd2Ptr (gdImagePtr im, int cs, int fmt, int *size)
+ void *rv;
+ gdIOCtx *out = gdNewDynamicCtx (2048, NULL);
+ if (out == NULL) return NULL;
++
+ if (_gdImageGd2(im, out, cs, fmt)) {
+ rv = NULL;
+ } else {
+ rv = gdDPExtractData(out, size);
+ }
++
+ out->gd_free (out);
+ return rv;
+ }
+
+From a1d4caace613d31209b42d22d9f7ebe37c381f9a Mon Sep 17 00:00:00 2001
+From: Maryam Ebrahimzadeh <61263086+me22bee@users.noreply.github.com>
+Date: Tue, 24 Aug 2021 12:02:23 +0430
+Subject: [PATCH 3/3] remove non-printable bytes
+
+---
+ src/gd_gd2.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/gd_gd2.c b/src/gd_gd2.c
+index 097c93d0d..5c57d44a6 100644
+--- a/src/gd_gd2.c
++++ b/src/gd_gd2.c
+@@ -1,4 +1,4 @@
+-
/*
++/*
+ * gd_gd2.c
+ *
+ * Implements the I/O and support for the GD2 format.