diff options
| author | Marius Bakke <mbakke@fastmail.com> | 2020-03-26 14:24:43 +0100 |
|---|---|---|
| committer | Marius Bakke <mbakke@fastmail.com> | 2020-03-26 22:35:35 +0100 |
| commit | 736d772b82bfd693cd9412e2857e029fa6309269 (patch) | |
| tree | 0935a47c181dbeda2f59502c0e63664e30ab450a /gnu/packages/patches/gd-CVE-2019-6977.patch | |
| parent | 8595c7b0bc84b354321ec8f6ccca54322f277eb6 (diff) | |
| download | guix-736d772b82bfd693cd9412e2857e029fa6309269.tar.gz | |
gnu: gd: Update to 2.3.0.
* gnu/packages/patches/gd-fix-tests-on-i686.patch: Adjust context. * gnu/packages/patches/gd-CVE-2018-1000222.patch, gnu/packages/patches/gd-CVE-2018-5711.patch, gnu/packages/patches/gd-CVE-2019-6977.patch, gnu/packages/patches/gd-CVE-2019-6978.patch, gnu/packages/patches/gd-freetype-test-failure.patch: Delete files. * gnu/packages/patches/gd-brect-bounds.patch: New file. * gnu/local.mk (dist_patch_DATA): Adjust accordingly * gnu/packages/gd.scm (gd): Update to 2.3.0. [source](patches): Remove obsolete. * gnu/packages/gd.scm (gd): [propagated-inputs]: Move LIBJPEG-TURBO and FONTCONFIG ... [inputs]: ... here.
Diffstat (limited to 'gnu/packages/patches/gd-CVE-2019-6977.patch')
| -rw-r--r-- | gnu/packages/patches/gd-CVE-2019-6977.patch | 36 |
1 files changed, 0 insertions, 36 deletions
diff --git a/gnu/packages/patches/gd-CVE-2019-6977.patch b/gnu/packages/patches/gd-CVE-2019-6977.patch deleted file mode 100644 index b21a8ac619..0000000000 --- a/gnu/packages/patches/gd-CVE-2019-6977.patch +++ /dev/null @@ -1,36 +0,0 @@ -Fix CVE-2019-6977: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6977 - -Patch copied from Debian: - -https://salsa.debian.org/debian/libgd2/commit/2d7d3b68bb79843e5271a05543e996fd5a3a8cd1 - -Description: Heap-based buffer overflow in gdImageColorMatch -Origin: other, https://gist.github.com/cmb69/1f36d285eb297ed326f5c821d7aafced -Bug-PHP: https://bugs.php.net/bug.php?id=77270 -Bug-Debian: https://bugs.debian.org/920645 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-6977 -Forwarded: no -Author: "Christoph M. Becker" <cmbecker69@gmx.de> -Last-Update: 2019-02-01 - -At least some of the image reading functions may return images which -use color indexes greater than or equal to im->colorsTotal. We cater -to this by always using a buffer size which is sufficient for -`gdMaxColors` in `gdImageColorMatch()`. ---- - ---- a/src/gd_color_match.c -+++ b/src/gd_color_match.c -@@ -31,8 +31,8 @@ BGD_DECLARE(int) gdImageColorMatch (gdIm - return -4; /* At least 1 color must be allocated */ - } - -- buf = (unsigned long *)gdMalloc(sizeof(unsigned long) * 5 * im2->colorsTotal); -- memset (buf, 0, sizeof(unsigned long) * 5 * im2->colorsTotal ); -+ buf = (unsigned long *)gdMalloc(sizeof(unsigned long) * 5 * gdMaxColors); -+ memset (buf, 0, sizeof(unsigned long) * 5 * gdMaxColors ); - - for (x=0; x < im1->sx; x++) { - for( y=0; y<im1->sy; y++ ) { |