diff options
| author | Dirk Meyer <dinoex@FreeBSD.org> | 2016-10-16 18:41:21 +0000 |
|---|---|---|
| committer | Dirk Meyer <dinoex@FreeBSD.org> | 2016-10-16 18:41:21 +0000 |
| commit | 1bdfe798a60633dedfbbdb07641d969695c817e1 (patch) | |
| tree | 32adb5983557d0ccb59e3f99c2978e321c0d2bed /graphics/gd | |
| parent | b0fd6630fa7b2c084635e7c269bdffc18ec0d5c0 (diff) | |
| download | ports-1bdfe798a60633dedfbbdb07641d969695c817e1.tar.gz ports-1bdfe798a60633dedfbbdb07641d969695c817e1.zip | |
- fix option WEBP
- make option WEBP default
PR: 211368
- Security patch, port was not vulnerable
Security: https://github.com/libgd/libgd/issues/308
Security: http://seclists.org/oss-sec/2016/q3/626
Security: CVE-2016-7568
PR: 213020
Notes
Notes:
svn path=/head/; revision=424078
Diffstat (limited to 'graphics/gd')
| -rw-r--r-- | graphics/gd/Makefile | 5 | ||||
| -rw-r--r-- | graphics/gd/files/patch-gd_webp.c | 27 |
2 files changed, 29 insertions, 3 deletions
diff --git a/graphics/gd/Makefile b/graphics/gd/Makefile index eb73ece00d53..c26caf2b24ff 100644 --- a/graphics/gd/Makefile +++ b/graphics/gd/Makefile @@ -3,7 +3,7 @@ PORTNAME= libgd PORTVERSION= 2.2.3 -PORTREVISION?= 0 +PORTREVISION?= 1 PORTEPOCH= 1 CATEGORIES+= graphics MASTER_SITES= https://github.com/${PORTNAME}/${PORTNAME}/releases/download/gd-${PORTVERSION}/ @@ -25,7 +25,7 @@ GNU_CONFIGURE= yes USE_LDCONFIG= yes OPTIONS_DEFINE= FONTCONFIG ICONV XPM WEBP -OPTIONS_DEFAULT=FONTCONFIG +OPTIONS_DEFAULT=FONTCONFIG WEBP NO_OPTIONS_SORT=yes FONTCONFIG_LIB_DEPENDS+= libfontconfig.so:x11-fonts/fontconfig FONTCONFIG_CONFIGURE_OFF= --with-fontconfig=no @@ -36,7 +36,6 @@ XPM_CONFIGURE_ON= --with-x XPM_CONFIGURE_OFF= --with-xpm=no WEBP_LIB_DEPENDS= libwebp.so:graphics/webp WEBP_CONFIGURE_OFF= --without-webp -WEBP_BROKEN= circular dependencies .include <bsd.port.options.mk> diff --git a/graphics/gd/files/patch-gd_webp.c b/graphics/gd/files/patch-gd_webp.c new file mode 100644 index 000000000000..829890f6eda3 --- /dev/null +++ b/graphics/gd/files/patch-gd_webp.c @@ -0,0 +1,27 @@ +LibGD Issue: https://github.com/libgd/libgd/issues/308 +Commit: https://github.com/libgd/libgd/commit/40bec0f38f50e8510f5bb71a82f516d46facde03 + +Fix integer overflow in gdImageWebpCtx + +Integer overflow can be happened in expression gdImageSX(im) * 4 * +gdImageSY(im). It could lead to heap buffer overflow in the following +code. This issue has been reported to the PHP Bug Tracking System. The +proof-of-concept file will be supplied some days later. This issue was +discovered by Ke Liu of Tencent's Xuanwu LAB. +--- src/gd_webp.c.orig 2016-07-21 10:06:42.000000000 +0200 ++++ src/gd_webp.c 2016-10-16 20:27:17.150066000 +0200 +@@ -126,6 +126,14 @@ + quantization = 80; + } + ++ if (overflow2(gdImageSX(im), 4)) { ++ return; ++ } ++ ++ if (overflow2(gdImageSX(im) * 4, gdImageSY(im))) { ++ return; ++ } ++ + argb = (uint8_t *)gdMalloc(gdImageSX(im) * 4 * gdImageSY(im)); + if (!argb) { + return; |