packages: gd/gd.spec, gd/gd-2.0.33-BoxBound.patch (NEW), gd/gd-2.0.35-AALin...
arekm
arekm at pld-linux.org
Mon Jul 2 22:18:29 CEST 2012
Author: arekm Date: Mon Jul 2 20:18:29 2012 GMT
Module: packages Tag: HEAD
---- Log message:
- rel 10; patches from FC (CVE-2009-3546, misc fixes)
---- Files affected:
packages/gd:
gd.spec (1.136 -> 1.137) , gd-2.0.33-BoxBound.patch (NONE -> 1.1) (NEW), gd-2.0.35-AALineThick.patch (NONE -> 1.1) (NEW), gd-2.0.35-overflow.patch (NONE -> 1.1) (NEW), gd-2.0.35-security3.patch (NONE -> 1.1) (NEW), gd-loop.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: packages/gd/gd.spec
diff -u packages/gd/gd.spec:1.136 packages/gd/gd.spec:1.137
--- packages/gd/gd.spec:1.136 Fri Mar 30 20:47:50 2012
+++ packages/gd/gd.spec Mon Jul 2 22:18:24 2012
@@ -10,21 +10,26 @@
Summary(pt_BR.UTF-8): Biblioteca para manipulação de imagens
Name: gd
Version: 2.0.35
-Release: 9
+Release: 10
License: BSD-like
Group: Libraries
Source0: http://www.libgd.org/releases/%{name}-%{version}.tar.bz2
# Source0-md5: 6c6c3dbb7bf079e0bb5fbbfd3bb8a71c
Patch0: %{name}-fontpath.patch
Patch1: %{name}-rotate_from_php.patch
+Patch2: %{name}-2.0.33-BoxBound.patch
+Patch3: %{name}-2.0.35-AALineThick.patch
+Patch4: %{name}-2.0.35-overflow.patch
+Patch5: %{name}-2.0.35-security3.patch
+Patch6: %{name}-loop.patch
URL: http://www.libgd.org/
BuildRequires: autoconf >= 2.54
BuildRequires: automake
%{?with_fontconfig:BuildRequires: fontconfig-devel}
BuildRequires: freetype-devel >= 2.0
BuildRequires: gettext-devel
-BuildRequires: libpng-devel >= 2:1.4.0
BuildRequires: libjpeg-devel
+BuildRequires: libpng-devel >= 2:1.4.0
BuildRequires: libtiff-devel
BuildRequires: libtool >= 1:1.4.3
%{?with_xpm:BuildRequires: xorg-lib-libXpm-devel}
@@ -144,6 +149,11 @@
%setup -q
%patch0 -p1
%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
+%patch6 -p1
# hack to avoid inclusion of -s in --ldflags
%{__perl} -pi -e 's,\@LDFLAGS\@,,g' config/gdlib-config.in
@@ -213,6 +223,9 @@
All persons listed below can be reached at <cvs_login>@pld-linux.org
$Log$
+Revision 1.137 2012/07/02 20:18:24 arekm
+- rel 10; patches from FC (CVE-2009-3546, misc fixes)
+
Revision 1.136 2012/03/30 18:47:50 cactus
- rel 9
================================================================
Index: packages/gd/gd-2.0.33-BoxBound.patch
diff -u /dev/null packages/gd/gd-2.0.33-BoxBound.patch:1.1
--- /dev/null Mon Jul 2 22:18:29 2012
+++ packages/gd/gd-2.0.33-BoxBound.patch Mon Jul 2 22:18:24 2012
@@ -0,0 +1,22 @@
+--- gd-2.0.33/gdft.c.pom 2004-11-02 22:00:48.000000000 +0100
++++ gd-2.0.33/gdft.c 2006-11-21 09:25:49.000000000 +0100
+@@ -1237,7 +1237,8 @@
+ glyph_min.x = penf.x + slot->metrics.horiBearingX;
+ glyph_min.y = penf.y - slot->metrics.horiBearingY;
+
+-#if 0
++// #if 0 - this version of glyph_max.x setting fixes problem with
++// too large bouonding box
+ if (ch == ' ') /* special case for trailing space */
+ {
+ glyph_max.x = penf.x + horiAdvance;
+@@ -1246,7 +1247,8 @@
+ {
+ glyph_max.x = glyph_min.x + slot->metrics.width;
+ }
+-#else
++//#else
++#if 0
+ glyph_max.x = penf.x + horiAdvance;
+ #endif
+ glyph_max.y = glyph_min.y + slot->metrics.height;
================================================================
Index: packages/gd/gd-2.0.35-AALineThick.patch
diff -u /dev/null packages/gd/gd-2.0.35-AALineThick.patch:1.1
--- /dev/null Mon Jul 2 22:18:29 2012
+++ packages/gd/gd-2.0.35-AALineThick.patch Mon Jul 2 22:18:24 2012
@@ -0,0 +1,66 @@
+diff -up gd-2.0.35/gd.c.AALineThick gd-2.0.35/gd.c
+--- gd-2.0.35/gd.c.AALineThick 2007-06-19 22:25:51.000000000 +0200
++++ gd-2.0.35/gd.c 2012-02-28 11:02:09.708015922 +0100
+@@ -3474,6 +3474,8 @@ static void gdImageAALine (gdImagePtr im
+ /* keep them as 32bits */
+ long x, y, inc;
+ long dx, dy,tmp;
++ int w, wid, wstart;
++ int thick = im->thick;
+
+ if (!im->trueColor) {
+ /* TBB: don't crash when the image is of the wrong type */
+@@ -3502,6 +3504,25 @@ static void gdImageAALine (gdImagePtr im
+ gdImageSetAAPixelColor(im, x1, y1, col, 0xFF);
+ return;
+ }
++ else {
++ double ag;
++ if (abs(dy) < abs(dx))
++ ag = cos (atan2 (dy, dx));
++ else
++ ag = sin (atan2 (dy, dx));
++ if (ag != 0)
++ {
++ wid = abs(thick / ag);
++ }
++ else
++ {
++ wid = 1;
++ }
++ if (wid == 0)
++ {
++ wid = 1;
++ }
++ }
+ if (abs(dx) > abs(dy)) {
+ if (dx < 0) {
+ tmp = x1;
+@@ -3518,8 +3539,11 @@ static void gdImageAALine (gdImagePtr im
+ inc = (dy * 65536) / dx;
+ /* TBB: set the last pixel for consistency (<=) */
+ while ((x >> 16) <= x2) {
+- gdImageSetAAPixelColor(im, x >> 16, y >> 16, col, (y >> 8) & 0xFF);
+- gdImageSetAAPixelColor(im, x >> 16, (y >> 16) + 1,col, (~y >> 8) & 0xFF);
++ wstart = (y >> 16) - wid / 2;
++ for (w = wstart; w < wstart + wid; w++) {
++ gdImageSetAAPixelColor(im, (x >> 16) , w , col , (y >> 8) & 0xFF);
++ gdImageSetAAPixelColor(im, (x >> 16) , w + 1 , col, (~y >> 8) & 0xFF);
++ }
+ x += (1 << 16);
+ y += inc;
+ }
+@@ -3539,8 +3563,11 @@ static void gdImageAALine (gdImagePtr im
+ inc = (dx * 65536) / dy;
+ /* TBB: set the last pixel for consistency (<=) */
+ while ((y>>16) <= y2) {
+- gdImageSetAAPixelColor(im, x >> 16, y >> 16, col, (x >> 8) & 0xFF);
+- gdImageSetAAPixelColor(im, (x >> 16) + 1, (y >> 16),col, (~x >> 8) & 0xFF);
++ wstart = (x >> 16) - wid / 2;
++ for (w = wstart; w < wstart + wid; w++) {
++ gdImageSetAAPixelColor(im, w , y >> 16 , col, (x >> 8) & 0xFF);
++ gdImageSetAAPixelColor(im, w + 1, y >> 16, col, (~x >> 8) & 0xFF);
++ }
+ x += inc;
+ y += (1<<16);
+ }
================================================================
Index: packages/gd/gd-2.0.35-overflow.patch
diff -u /dev/null packages/gd/gd-2.0.35-overflow.patch:1.1
--- /dev/null Mon Jul 2 22:18:29 2012
+++ packages/gd/gd-2.0.35-overflow.patch Mon Jul 2 22:18:24 2012
@@ -0,0 +1,13 @@
+--- gd-2.0.35/gd_gd.c.pom 2006-04-05 17:52:22.000000000 +0200
++++ gd-2.0.35/gd_gd.c 2007-09-05 11:31:39.000000000 +0200
+@@ -149,6 +149,10 @@ _gdCreateFromFile (gdIOCtx * in, int *sx
+ {
+ im = gdImageCreate (*sx, *sy);
+ }
++ if (!im)
++ {
++ goto fail1;
++ }
+ if (!_gdGetColors (in, im, gd2xFlag))
+ {
+ goto fail2;
================================================================
Index: packages/gd/gd-2.0.35-security3.patch
diff -u /dev/null packages/gd/gd-2.0.35-security3.patch:1.1
--- /dev/null Mon Jul 2 22:18:29 2012
+++ packages/gd/gd-2.0.35-security3.patch Mon Jul 2 22:18:24 2012
@@ -0,0 +1,12 @@
+--- gd-2.0.28/gd_gd.c 2004-05-24 17:28:12.000000000 +0200
++++ gd-2.0.28_new/gd_gd.c 2009-12-08 15:19:16.159836680 +0100
+@@ -44,6 +44,9 @@
+ {
+ goto fail1;
+ }
++ if (im->colorsTotal > gdMaxColors) {
++ goto fail1;
++ }
+ }
+ /* Int to accommodate truecolor single-color transparency */
+ if (!gdGetInt (&im->transparent, in))
================================================================
Index: packages/gd/gd-loop.patch
diff -u /dev/null packages/gd/gd-loop.patch:1.1
--- /dev/null Mon Jul 2 22:18:29 2012
+++ packages/gd/gd-loop.patch Mon Jul 2 22:18:24 2012
@@ -0,0 +1,24 @@
+diff -up gd-2.0.35/gd_gif_in.c.loop gd-2.0.35/gd_gif_in.c
+--- gd-2.0.35/gd_gif_in.c.loop 2007-06-14 15:51:41.000000000 -0400
++++ gd-2.0.35/gd_gif_in.c 2008-07-21 11:20:25.000000000 -0400
+@@ -453,16 +453,17 @@ LWZReadByte_(gdIOCtx *fd, LZW_STATIC_DAT
+ return sd->firstcode;
+ } else if (code == sd->end_code) {
+ int count;
++ int max_count = 1024;
+ unsigned char buf[260];
+
+ if (*ZeroDataBlockP)
+ return -2;
+
+- while ((count = GetDataBlock(fd, buf, ZeroDataBlockP)) > 0)
++ while ((count = GetDataBlock(fd, buf, ZeroDataBlockP)) > 0 && --max_count >= 0 )
+ ;
+
+- if (count != 0)
+- return -2;
++ if (count != 0 || max_count < 0 )
++ return -2;
+ }
+
+ incode = code;
================================================================
---- CVS-web:
http://cvs.pld-linux.org/packages/gd/gd.spec?r1=1.136&r2=1.137
More information about the pld-cvs-commit
mailing list