summaryrefslogtreecommitdiff
path: root/media-libs/gd
diff options
context:
space:
mode:
Diffstat (limited to 'media-libs/gd')
-rw-r--r--media-libs/gd/Manifest2
-rw-r--r--media-libs/gd/files/gd-2.2.5-CVE-2018-1000222.patch73
-rw-r--r--media-libs/gd/gd-2.2.5-r1.ebuild64
3 files changed, 139 insertions, 0 deletions
diff --git a/media-libs/gd/Manifest b/media-libs/gd/Manifest
index 3823e1d2f25b..a97b90a55f9e 100644
--- a/media-libs/gd/Manifest
+++ b/media-libs/gd/Manifest
@@ -1,3 +1,5 @@
+AUX gd-2.2.5-CVE-2018-1000222.patch 2491 BLAKE2B 492923989fe07fa6993fd9ac7d234d8777b944e45cbce5f92aaf5bc53bd1502039ff75937e829f1ad6bceac8813bf68704a42d3688401a3b55fdfcd19649a533 SHA512 d12462f1b159d50b9032435e9767a5d76e1797a88be950ed33dda7aa17005b7cb60560d04b9520e46d8111e1669d42ce28cb2c508f9c8825d545ac0335d2a10b
DIST libgd-2.2.5.tar.xz 2594092 BLAKE2B 222a7e012fbf9924ac391ee96c7cd3dec96afd78c6d43dfb680b33e7143e7df87fe6be75bbfe8fb93e916302d7daf08271214c84da28712e93a36465566cb2bd SHA512 e4598e17a277a75e02255402182cab139cb3f2cffcd68ec05cc10bbeaf6bc7aa39162c3445cd4a7efc1a26b72b9152bbedb187351e3ed099ea51767319997a6b
+EBUILD gd-2.2.5-r1.ebuild 2112 BLAKE2B 656de4e9a96b42c564c02aa86571c3350a5ebb150ab294aa5fc8fbe856fe55ae6deda6cd09d7d2009ae86a86df3249f1dbd880968ec2c9c7d4cd52a3eb8d805e SHA512 59f19c94094173aa1702f7a918e9499dc9d5e412f14ff1150b22690f2192f035413f68ad3465f41b60e36ca7acd2a8c42b0cb6ee91733c3bd647c470fc290e88
EBUILD gd-2.2.5.ebuild 2036 BLAKE2B 642b02819339f66ece89a28aaaa68d1d07522b3477b36660bfbfe17f922ed67c3f923ae8a13b709f43d317c4ca30d39699482fbf8789408922314c681a9c5ab1 SHA512 88a1002d150a7e4063832ddd1773536355aab8b0f1af8ee3a3d2ec9804fcd6900292d63db467365830d5cded14c7741dce07c04e7038bbfb3712044372a1c02f
MISC metadata.xml 1507 BLAKE2B 34dbcbc70165ebe74ea14e6394e2691bda7523e4c848b13a512de8f0707c194a7da3de41a8fe483d7a8b2aa1af8f0d164ea210605ae76480dbf22b976b53d2f5 SHA512 0ac3c1ca25c190333e7f97dbb05e197e62e76abeaa045966fa3024dbeb22d541d78794df08d450e887591909a25dfb6a4fef861ed62f7f055b129e17b1329919
diff --git a/media-libs/gd/files/gd-2.2.5-CVE-2018-1000222.patch b/media-libs/gd/files/gd-2.2.5-CVE-2018-1000222.patch
new file mode 100644
index 000000000000..80f9712bf8e3
--- /dev/null
+++ b/media-libs/gd/files/gd-2.2.5-CVE-2018-1000222.patch
@@ -0,0 +1,73 @@
+From ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Sat, 14 Jul 2018 13:54:08 -0400
+Subject: [PATCH] bmp: check return value in gdImageBmpPtr
+
+Closes #447.
+---
+ src/gd_bmp.c | 17 ++++++++++++++---
+ 1 file changed, 14 insertions(+), 3 deletions(-)
+
+diff --git a/src/gd_bmp.c b/src/gd_bmp.c
+index bde0b9d3..78f40d9a 100644
+--- a/src/gd_bmp.c
++++ b/src/gd_bmp.c
+@@ -47,6 +47,8 @@ static int bmp_read_4bit(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info, bmp
+ static int bmp_read_8bit(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info, bmp_hdr_t *header);
+ static int bmp_read_rle(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info);
+
++static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression);
++
+ #define BMP_DEBUG(s)
+
+ static int gdBMPPutWord(gdIOCtx *out, int w)
+@@ -87,8 +89,10 @@ BGD_DECLARE(void *) gdImageBmpPtr(gdImagePtr im, int *size, int compression)
+ void *rv;
+ gdIOCtx *out = gdNewDynamicCtx(2048, NULL);
+ if (out == NULL) return NULL;
+- gdImageBmpCtx(im, out, compression);
+- rv = gdDPExtractData(out, size);
++ if (!_gdImageBmpCtx(im, out, compression))
++ rv = gdDPExtractData(out, size);
++ else
++ rv = NULL;
+ out->gd_free(out);
+ return rv;
+ }
+@@ -141,6 +145,11 @@ BGD_DECLARE(void) gdImageBmp(gdImagePtr im, FILE *outFile, int compression)
+ compression - whether to apply RLE or not.
+ */
+ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
++{
++ _gdImageBmpCtx(im, out, compression);
++}
++
++static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
+ {
+ int bitmap_size = 0, info_size, total_size, padding;
+ int i, row, xpos, pixel;
+@@ -148,6 +157,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
+ unsigned char *uncompressed_row = NULL, *uncompressed_row_start = NULL;
+ FILE *tmpfile_for_compression = NULL;
+ gdIOCtxPtr out_original = NULL;
++ int ret = 1;
+
+ /* No compression if its true colour or we don't support seek */
+ if (im->trueColor) {
+@@ -325,6 +335,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
+ out_original = NULL;
+ }
+
++ ret = 0;
+ cleanup:
+ if (tmpfile_for_compression) {
+ #ifdef _WIN32
+@@ -338,7 +349,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
+ if (out_original) {
+ out_original->gd_free(out_original);
+ }
+- return;
++ return ret;
+ }
+
+ static int compress_row(unsigned char *row, int length)
diff --git a/media-libs/gd/gd-2.2.5-r1.ebuild b/media-libs/gd/gd-2.2.5-r1.ebuild
new file mode 100644
index 000000000000..22a71924d8da
--- /dev/null
+++ b/media-libs/gd/gd-2.2.5-r1.ebuild
@@ -0,0 +1,64 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit libtool multilib-minimal
+
+DESCRIPTION="Graphics library for fast image creation"
+HOMEPAGE="https://libgd.org/ https://www.boutell.com/gd/"
+SRC_URI="https://github.com/libgd/libgd/releases/download/${P}/lib${P}.tar.xz"
+
+LICENSE="gd IJG HPND BSD"
+SLOT="2/3"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="fontconfig jpeg png static-libs tiff truetype webp xpm zlib"
+
+# fontconfig has prefixed font paths, details see bug #518970
+REQUIRED_USE="prefix? ( fontconfig )"
+
+RDEPEND="fontconfig? ( >=media-libs/fontconfig-2.10.92[${MULTILIB_USEDEP}] )
+ jpeg? ( >=virtual/jpeg-0-r2:0=[${MULTILIB_USEDEP}] )
+ png? ( >=media-libs/libpng-1.6.10:0=[${MULTILIB_USEDEP}] )
+ tiff? ( media-libs/tiff:0[${MULTILIB_USEDEP}] )
+ truetype? ( >=media-libs/freetype-2.5.0.1[${MULTILIB_USEDEP}] )
+ webp? ( media-libs/libwebp:=[${MULTILIB_USEDEP}] )
+ xpm? ( >=x11-libs/libXpm-3.5.10-r1[${MULTILIB_USEDEP}] >=x11-libs/libXt-1.1.4[${MULTILIB_USEDEP}] )
+ zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+ >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]"
+
+S="${WORKDIR}/lib${P}"
+
+PATCHES=( "${FILESDIR}/${P}-CVE-2018-1000222.patch" )
+
+src_prepare() {
+ default
+ elibtoolize # for shared library on Solaris
+}
+
+multilib_src_configure() {
+ # we aren't actually {en,dis}abling X here ... the configure
+ # script uses it just to add explicit -I/-L paths which we
+ # don't care about on Gentoo systems.
+ local myeconfargs=(
+ --disable-werror
+ --without-x
+ --without-liq
+ $(use_enable static-libs static)
+ $(use_with fontconfig)
+ $(use_with png)
+ $(use_with tiff)
+ $(use_with truetype freetype)
+ $(use_with jpeg)
+ $(use_with webp)
+ $(use_with xpm)
+ $(use_with zlib)
+ )
+ ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
+}
+
+multilib_src_install_all() {
+ dodoc README.md
+ find "${D}" -name '*.la' -delete || die
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-03 11:46:57 +0000