diff --git a/SOURCES/gd-CVE-2016-5766.patch b/SOURCES/gd-CVE-2016-5766.patch new file mode 100644 index 0000000..6ae98b9 --- /dev/null +++ b/SOURCES/gd-CVE-2016-5766.patch @@ -0,0 +1,27 @@ +created according to: https://github.com/libgd/libgd/commit/aba3db8 + https://github.com/libgd/libgd/commit/a6a0e7feabb2a9738086a5dc96348f233c87fa79 + https://github.com/libgd/libgd/commit/48bbc25 +diff -urN '--exclude=cscope.*' gd-2.0.35/gd_gd2.c fixed/gd_gd2.c +--- gd-2.0.35/gd_gd2.c 2007-01-04 13:40:48.000000000 +0100 ++++ fixed/gd_gd2.c 2020-11-04 08:46:03.800937688 +0100 +@@ -169,11 +169,17 @@ + { + nc = (*ncx) * (*ncy); + GD2_DBG (printf ("Reading %d chunk index entries\n", nc)); ++ if (overflow2(sizeof(t_chunk_info), nc)) { ++ goto fail1; ++ } + sidx = sizeof (t_chunk_info) * nc; ++ if (sidx <=0) { ++ goto fail1; ++ } + cidx = gdCalloc (sidx, 1); +- if (!cidx) { +- goto fail1; +- } ++ if (cidx == NULL) { ++ goto fail1; ++ } + for (i = 0; i < nc; i++) + { + if (gdGetInt (&cidx[i].offset, in) != 1) diff --git a/SPECS/gd.spec b/SPECS/gd.spec index ef9bc7e..8f62295 100644 --- a/SPECS/gd.spec +++ b/SPECS/gd.spec @@ -1,7 +1,7 @@ Summary: A graphics library for quick creation of PNG or JPEG images Name: gd Version: 2.0.35 -Release: 26%{?dist} +Release: 27%{?dist} Group: System Environment/Libraries License: MIT URL: http://www.libgd.org/Main_Page @@ -22,6 +22,7 @@ Patch14: gd-sa2.patch Patch15: gd-sa3.patch Patch16: gd-sa4.patch Patch17: gd-aarch64.patch +Patch18: gd-CVE-2016-5766.patch BuildRequires: freetype-devel, fontconfig-devel, libX11-devel, libXpm-devel BuildRequires: libjpeg-devel, libpng-devel, zlib-devel, pkgconfig # we need cmake for building test suite @@ -64,7 +65,7 @@ files for gd, a graphics library for creating PNG and JPEG graphics. %patch3 -p1 -b .mlib %patch4 -p1 -b .loop %patch6 -p1 -b .overflow -%patch5 -p1 -b .sparc64 +%patch5 -p1 -b .sparc64 %patch7 -p1 -b .AALineThick %patch8 -p1 -b .bb %patch9 -p1 -b .fonts @@ -76,6 +77,7 @@ files for gd, a graphics library for creating PNG and JPEG graphics. %patch15 -p1 -b .sa3 %patch16 -p1 -b .sa4 %patch17 -p1 -b .aarch64 +%patch18 -p1 %build %configure --disable-rpath @@ -119,6 +121,11 @@ popd %{_libdir}/pkgconfig/gdlib.pc %changelog +* Wed Nov 4 2020 Filip Januš - 2.0.35-27 +- Fix CVE-2016-5766 +- Resolves: #1356813 +- Upstream patch: https://github.com/libgd/libgd/commit/aba3db8 + * Fri Jan 24 2014 Daniel Mach - 2.0.35-26 - Mass rebuild 2014-01-24