From ecc43a771ad82f369d2dccb3d2d4586250828e6e Mon Sep 17 00:00:00 2001 From: Gustavo Zacarias Date: Sun, 26 Jun 2016 17:54:11 -0300 Subject: [PATCH] gd: security bump to version 2.2.2 Drop upstreamed patches. Drop autoreconf since it's no longer required. Patch 0002-no-zlib.patch is no longer required, and is in fact harmful. Update homepage URL. Fixes: CVE-2015-8874 - #215 Stack overflow with gdImageFillToBorder CVE-2016-3074 - gd2: handle corrupt images better CVE-2016-5767 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow Signed-off-by: Gustavo Zacarias Signed-off-by: Thomas Petazzoni --- ...> 0002-gd_bmp-fix-build-with-uClibc.patch} | 0 package/gd/0002-no-zlib.patch | 51 --- package/gd/0004-webp-pre.patch | 37 -- package/gd/0005-webp.patch | 418 ------------------ package/gd/Config.in | 2 +- package/gd/gd.hash | 2 +- package/gd/gd.mk | 5 +- 7 files changed, 4 insertions(+), 511 deletions(-) rename package/gd/{0003-gd_bmp-fix-build-with-uClibc.patch => 0002-gd_bmp-fix-build-with-uClibc.patch} (100%) delete mode 100644 package/gd/0002-no-zlib.patch delete mode 100644 package/gd/0004-webp-pre.patch delete mode 100644 package/gd/0005-webp.patch diff --git a/package/gd/0003-gd_bmp-fix-build-with-uClibc.patch b/package/gd/0002-gd_bmp-fix-build-with-uClibc.patch similarity index 100% rename from package/gd/0003-gd_bmp-fix-build-with-uClibc.patch rename to package/gd/0002-gd_bmp-fix-build-with-uClibc.patch diff --git a/package/gd/0002-no-zlib.patch b/package/gd/0002-no-zlib.patch deleted file mode 100644 index 65cf7f8f19..0000000000 --- a/package/gd/0002-no-zlib.patch +++ /dev/null @@ -1,51 +0,0 @@ -[PATCH] gd_gd2: provide dummy implementations for all public symbols when !zlib - -gd_gd2.c only provides dummy implementations for some of it's public symbols -when zlib isn't found, causing build failures in several of the tools. - -Fix it by providing dummy implementations for all of them. - -Signed-off-by: Peter Korsgaard ---- - gd_gd2.c | 30 ++++++++++++++++++++++++++++++ - 1 file changed, 30 insertions(+) - -Index: gd-2.0.35/gd_gd2.c -=================================================================== ---- gd-2.0.35.orig/src/gd_gd2.c -+++ gd-2.0.35/src/gd_gd2.c -@@ -1068,4 +1068,34 @@ - fprintf (stderr, "GD2 support is not available - no libz\n"); - return NULL; - } -+ -+BGD_DECLARE(gdImagePtr) gdImageCreateFromGd2Part (FILE * inFile, int srcx, int srcy, int w, int h) -+{ -+ fprintf (stderr, "GD2 support is not available - no libz\n"); -+ return NULL; -+} -+ -+BGD_DECLARE(gdImagePtr) gdImageCreateFromGd2PartPtr (int size, void *data, int srcx, int srcy, int w, -+ int h) -+{ -+ fprintf (stderr, "GD2 support is not available - no libz\n"); -+ return NULL; -+} -+ -+BGD_DECLARE(gdImagePtr) gdImageCreateFromGd2PartCtx (gdIOCtx * in, int srcx, int srcy, int w, int h) -+{ -+ fprintf (stderr, "GD2 support is not available - no libz\n"); -+ return NULL; -+} -+ -+BGD_DECLARE(void) gdImageGd2 (gdImagePtr im, FILE * outFile, int cs, int fmt) -+{ -+ fprintf (stderr, "GD2 support is not available - no libz\n"); -+} -+ -+BGD_DECLARE(void *) gdImageGd2Ptr (gdImagePtr im, int cs, int fmt, int *size) -+{ -+ fprintf (stderr, "GD2 support is not available - no libz\n"); -+ return NULL; -+} - #endif /* HAVE_LIBZ */ diff --git a/package/gd/0004-webp-pre.patch b/package/gd/0004-webp-pre.patch deleted file mode 100644 index a4bc068b18..0000000000 --- a/package/gd/0004-webp-pre.patch +++ /dev/null @@ -1,37 +0,0 @@ -Patch committed upstream -https://bitbucket.org/libgd/gd-libgd/commits/c7e5dc617c7466c44935cdefbe7e79de319f98ca?at=master - -Downloaded from Gentoo -https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/media-libs/gd/files/gd-2.1.1-webp-pre.patch?revision=1.1&view=markup - -Signed-off-by: Bernd Kuhls - ---- -https://bugs.gentoo.org/545956 - -From c7e5dc617c7466c44935cdefbe7e79de319f98ca Mon Sep 17 00:00:00 2001 -From: Pierre Joye -Date: Sat, 17 Jan 2015 08:20:17 +0100 -Subject: [PATCH] fix #111, invalid default quantization - ---- - src/gd_webp.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/gd_webp.c b/src/gd_webp.c -index fae3861..a3ae1ac 100644 ---- a/src/gd_webp.c -+++ b/src/gd_webp.c -@@ -185,6 +185,9 @@ BGD_DECLARE(void) gdImageWebpCtx (gdImagePtr im, gdIOCtx * outfile, int quantiza - gd_error("gd-webp error: cannot allocate Y buffer"); - return; - } -+ if (quantization == -1) { -+ quantization = 80; -+ } - vp8_quality = mapQualityToVP8QP(quantization); - - U = Y + width * height; --- -2.3.5 - diff --git a/package/gd/0005-webp.patch b/package/gd/0005-webp.patch deleted file mode 100644 index f648a87536..0000000000 --- a/package/gd/0005-webp.patch +++ /dev/null @@ -1,418 +0,0 @@ -Patch committed upstream -https://bitbucket.org/libgd/gd-libgd/commits/a79232c5fa692c3b6e3f5bc95ecfc455424c3f54?at=master - -Downloaded from Gentoo -https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/media-libs/gd/files/gd-2.1.1-webp.patch?revision=1.1&view=markup - -Signed-off-by: Bernd Kuhls - ---- -https://bugs.gentoo.org/545956 - -From a79232c5fa692c3b6e3f5bc95ecfc455424c3f54 Mon Sep 17 00:00:00 2001 -From: Pierre Joye -Date: Tue, 20 Jan 2015 04:55:11 +0100 -Subject: [PATCH] fix #129, drop VPX usage in favor of libwebp - ---- - configure.ac | 80 +++++------------ - src/gd_webp.c | 231 +++++++++++++++++++++----------------------------- - tests/Makefile.am | 2 +- - tests/webp/bug00111.c | 2 +- - 4 files changed, 122 insertions(+), 193 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 1024a3a..8923186 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -317,63 +317,6 @@ if test "$with_xpm" != no; then - fi - AM_CONDITIONAL([HAVE_LIBXPM], test "$with_xpm" = yes) - --dnl check for libvpx by default --AC_ARG_WITH(vpx,dnl --[ --with-vpx=DIR where to find the vpx library]) -- --case $with_vpx in --no) ;; --yes|"") -- PKG_CHECK_MODULES([LIBVPX], vpx, [with_vpx=yes], -- [ -- PKG_CHECK_MODULES([LIBVPX], libvpx, [with_vpx=yes], -- [ -- if test "$with_vpx" = yes; then -- AC_MSG_ERROR([VPX support requested, but not found]) -- fi -- with_vpx=no -- ]) -- ]) -- ;; --*) -- save_LIBS="$LIBS" -- save_CPPFLAGS="$CPPFLAGS" -- -- if test -d "$with_vpx"; then -- LIBVPX_CFLAGS="-I$with_vpx/include" -- LIBVPX_LIBS="-L$with_vpx/lib -lvpx" -- fi -- -- CPPFLAGS="$CPPFLAGS $LIBVPX_CFLAGS" -- LIBS="$LIBS $LIBVPX_LIBS" -- -- AC_CHECK_LIB(vpx,vpx_codec_destroy, -- [ -- if test -z "$LIBVPX_LIBS"; then -- LIBVPX_LIBS="-lvpx" -- fi -- with_vpx=yes -- ],[ -- if test "$with_vpx" != ""; then -- AC_MSG_ERROR([vpx support requested, but not found]) -- else -- with_vpx=no -- fi -- ]) -- -- CPPFLAGS="$save_CPPFLAGS" -- LIBS="$save_LIBS" -- ;; --esac -- --if test "$with_vpx" != no; then -- CPPFLAGS="$CPPFLAGS $LIBVPX_CFLAGS" -- LIBS="$LIBS $LIBVPX_LIBS" -- FEATURES="GD_VPX $FEATURES" -- AC_DEFINE(HAVE_LIBVPX, 1, [ Define if you have the VPX library. ]) --fi --AM_CONDITIONAL([HAVE_LIBVPX], test "$with_vpx" = yes) -- - dnl check for libtiff by default - AC_ARG_WITH(tiff,dnl - [ --with-tiff=DIR where to find the TIFF library]) -@@ -437,6 +380,27 @@ if test "$mingw_cv_win32_host" = yes; then - AC_DEFINE([BGDWIN32], [], [Define is you are building for Win32 API]) - fi - -+ -+dnl check for libwebp by default -+AC_ARG_WITH(webp,dnl -+[ --with-webp=DIR where to find the webp library], -+ [if test -d "$withval"; then -+ LDFLAGS="$LDFLAGS -L$withval/lib" -+ CFLAGS="$CFLAGS -I$withval/include" -+ fi], -+ withval=yes) -+ -+if test "$withval" != no; then -+ AC_CHECK_LIB(webp,WebPGetInfo, -+ [LIBS="-lwebp $LIBS" -+ FEATURES="GD_WEBP $FEATURES" -+ AC_DEFINE(HAVE_LIBWEBP, 1, [ Define if you have the webp library. ])]) -+ with_webp=yes -+else -+ with_webp=no -+fi -+AM_CONDITIONAL([HAVE_LIBWEBP], test "$with_webp" = yes) -+ - dnl report configuration - AC_MSG_RESULT([ - ** Configuration summary for $PACKAGE $VERSION: -@@ -444,7 +408,7 @@ AC_MSG_RESULT([ - Support for Zlib: $with_zlib - Support for PNG library: $with_png - Support for JPEG library: $ac_cv_lib_jpeg_jpeg_set_defaults -- Support for VPX library: $with_vpx -+ Support for WebP library: $with_webp - Support for TIFF library: $with_tiff - Support for Freetype 2.x library: $with_freetype - Support for Fontconfig library: $with_fontconfig -diff --git a/src/gd_webp.c b/src/gd_webp.c -index a3ae1ac..c44bd80 100644 ---- a/src/gd_webp.c -+++ b/src/gd_webp.c -@@ -2,33 +2,21 @@ - #include "config.h" - #endif /* HAVE_CONFIG_H */ - -+ -+#ifdef HAVE_LIBWEBP - #include - #include - #include - #include - #include "gd.h" - #include "gd_errors.h" -- --#ifdef HAVE_LIBVPX --#include "webpimg.h" - #include "gdhelpers.h" -+#include "webp/decode.h" -+#include "webp/encode.h" - --extern void gd_YUV420toRGBA(uint8* Y, -- uint8* U, -- uint8* V, -- gdImagePtr im); -- --extern void gd_RGBAToYUV420(gdImagePtr im2, -- uint8* Y, -- uint8* U, -- uint8* V); -- --const char * gdWebpGetVersionString() --{ -- return "not defined"; --} -+#define GD_WEBP_ALLOC_STEP (4*1024) - --BGD_DECLARE(gdImagePtr) gdImageCreateFromWebp (FILE * inFile) -+gdImagePtr gdImageCreateFromWebp (FILE * inFile) - { - gdImagePtr im; - gdIOCtx *in = gdNewFileCtx(inFile); -@@ -38,42 +26,16 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromWebp (FILE * inFile) - return im; - } - --BGD_DECLARE(gdImagePtr) gdImageCreateFromWebpPtr (int size, void *data) -+gdImagePtr gdImageCreateFromWebpCtx (gdIOCtx * infile) - { -- int width, height, ret; -- unsigned char *Y = NULL; -- unsigned char *U = NULL; -- unsigned char *V = NULL; -- gdImagePtr im; -- -- ret = WebPDecode(data, size, &Y, &U, &V, &width, &height); -- if (ret != webp_success) { -- if (Y) free(Y); -- if (U) free(U); -- if (V) free(V); -- gd_error("WebP decode: fail to decode input data"); -- return NULL; -- } -- im = gdImageCreateTrueColor(width, height); -- if (!im) { -- return NULL; -- } -- gd_YUV420toRGBA(Y, U, V, im); -- return im; --} -- --#define GD_WEBP_ALLOC_STEP (4*1024) -- --BGD_DECLARE(gdImagePtr) gdImageCreateFromWebpCtx (gdIOCtx * infile) --{ -- int width, height, ret; -- unsigned char *filedata = NULL; -+ int width, height; -+ uint8_t *filedata = NULL; -+ uint8_t *argb = NULL; - unsigned char *read, *temp; -- unsigned char *Y = NULL; -- unsigned char *U = NULL; -- unsigned char *V = NULL; - size_t size = 0, n; - gdImagePtr im; -+ int x, y; -+ uint8_t *p; - - do { - temp = gdRealloc(filedata, size+GD_WEBP_ALLOC_STEP); -@@ -89,23 +51,97 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromWebpCtx (gdIOCtx * infile) - } - - n = gdGetBuf(read, GD_WEBP_ALLOC_STEP, infile); -- size += n; -- } while (n>0); -+ if (n>0 && n!=EOF) { -+ size += n; -+ } -+ } while (n>0 && n!=EOF); - -- ret = WebPDecode(filedata, size, &Y, &U, &V, &width, &height); -- gdFree(filedata); -- if (ret != webp_success) { -- if (Y) free(Y); -- if (U) free(U); -- if (V) free(V); -- gd_error("WebP decode: fail to decode input data"); -+ if (WebPGetInfo(filedata,size, &width, &height) == 0) { -+ gd_error("gd-webp cannot get webp info"); - return NULL; - } -+ - im = gdImageCreateTrueColor(width, height); -- gd_YUV420toRGBA(Y, U, V, im); -+ if (!im) { -+ return NULL; -+ } -+ argb = WebPDecodeARGB(filedata, size, &width, &height); -+ if (!argb) { -+ gd_error("gd-webp cannot allocate temporary buffer"); -+ gdFree(argb); -+ return NULL; -+ } -+ for (y = 0, p = argb; y < height; y++) { -+ for (x = 0; x < width; x++) { -+ register uint8_t a = gdAlphaMax - (*(p++) >> 1); -+ register uint8_t r = *(p++); -+ register uint8_t g = *(p++); -+ register uint8_t b = *(p++); -+ im->tpixels[y][x] = gdTrueColorAlpha(r, g, b, a); -+ } -+ } -+ gdFree(filedata); -+ free(argb); -+ im->saveAlphaFlag = 1; - return im; - } - -+void gdImageWebpCtx (gdImagePtr im, gdIOCtx * outfile, int quantization) -+{ -+ uint8_t *argb; -+ int x, y; -+ uint8_t *p; -+ uint8_t *out; -+ size_t out_size; -+ -+ if (im == NULL) { -+ return; -+ } -+ -+ if (!gdImageTrueColor(im)) { -+ gd_error("Paletter image not supported by webp"); -+ return; -+ } -+ -+ if (quantization == -1) { -+ quantization = 80; -+ } -+ -+ argb = (uint8_t *)gdMalloc(gdImageSX(im) * 4 * gdImageSY(im)); -+ if (!argb) { -+ return; -+ } -+ p = argb; -+ for (y = 0; y < gdImageSY(im); y++) { -+ for (x = 0; x < gdImageSX(im); x++) { -+ register int c; -+ register char a; -+ c = im->tpixels[y][x]; -+ a = gdTrueColorGetAlpha(c); -+ if (a == 127) { -+ a = 0; -+ } else { -+ a = 255 - ((a << 1) + (a >> 6)); -+ } -+ *(p++) = gdTrueColorGetRed(c); -+ *(p++) = gdTrueColorGetGreen(c); -+ *(p++) = gdTrueColorGetBlue(c); -+ *(p++) = a; -+ } -+ } -+ out_size = WebPEncodeRGBA(argb, gdImageSX(im), gdImageSY(im), gdImageSX(im) * 4, quantization, &out); -+ printf("outsize: %i\n", out_size); -+ if (out_size == 0) { -+ gd_error("gd-webp encoding failed"); -+ goto freeargb; -+ } -+ gdPutBuf(out, out_size, outfile); -+ free(out); -+ -+freeargb: -+ gdFree(argb); -+} -+ - BGD_DECLARE(void) gdImageWebpEx (gdImagePtr im, FILE * outFile, int quantization) - { - gdIOCtx *out = gdNewFileCtx(outFile); -@@ -116,7 +152,7 @@ BGD_DECLARE(void) gdImageWebpEx (gdImagePtr im, FILE * outFile, int quantization - BGD_DECLARE(void) gdImageWebp (gdImagePtr im, FILE * outFile) - { - gdIOCtx *out = gdNewFileCtx(outFile); -- gdImageWebpCtx(im, out, -1); -+ gdImageWebpCtx(im, out, -1); - out->gd_free(out); - } - -@@ -140,75 +176,4 @@ BGD_DECLARE(void *) gdImageWebpPtrEx (gdImagePtr im, int *size, int quantization - out->gd_free(out); - return rv; - } -- --/* -- * Maps normalized QP (quality) to VP8 QP -- */ --int mapQualityToVP8QP(int quality) { --#define MIN_QUALITY 0 --#define MAX_QUALITY 100 --#define MIN_VP8QP 1 --#define MAX_VP8QP 63 -- const float scale = MAX_VP8QP - MIN_VP8QP; -- const float vp8qp = -- scale * (MAX_QUALITY - quality) / (MAX_QUALITY - MIN_QUALITY) + MIN_VP8QP; -- if (quality < MIN_QUALITY || quality > MAX_QUALITY) { -- gd_error("Wrong quality value %d.", quality); -- return -1; -- } -- -- return (int)(vp8qp + 0.5); --} -- --/* This routine is based in part on code from Dale Lutz (Safe Software Inc.) -- * and in part on demo code from Chapter 15 of "PNG: The Definitive Guide" -- * (http://www.cdrom.com/pub/png/pngbook.html). -- */ --BGD_DECLARE(void) gdImageWebpCtx (gdImagePtr im, gdIOCtx * outfile, int quantization) --{ -- int width = im->sx; -- int height = im->sy; -- -- int yuv_width, yuv_height, yuv_nbytes, ret; -- int vp8_quality; -- unsigned char *Y = NULL, -- *U = NULL, -- *V = NULL; -- unsigned char *filedata = NULL; -- -- /* Conversion to Y,U,V buffer */ -- yuv_width = (width + 1) >> 1; -- yuv_height = (height + 1) >> 1; -- yuv_nbytes = width * height + 2 * yuv_width * yuv_height; -- -- if ((Y = (unsigned char *)gdCalloc(yuv_nbytes, sizeof(unsigned char))) == NULL) { -- gd_error("gd-webp error: cannot allocate Y buffer"); -- return; -- } -- if (quantization == -1) { -- quantization = 80; -- } -- vp8_quality = mapQualityToVP8QP(quantization); -- -- U = Y + width * height; -- V = U + yuv_width * yuv_height; -- gd_RGBAToYUV420(im, Y, U, V); -- -- /* Encode Y,U,V and write data to file */ -- ret = WebPEncode(Y, U, V, width, height, width, yuv_width, yuv_height, yuv_width, -- vp8_quality, &filedata, &yuv_nbytes, NULL); -- gdFree(Y); -- -- if (ret != webp_success) { -- if (filedata) { -- free(filedata); -- } -- gd_error("gd-webp error: WebP Encoder failed"); -- return; -- } -- -- gdPutBuf (filedata, yuv_nbytes, outfile); -- free(filedata); --} -- --#endif /* HAVE_LIBVPX */ -+#endif /* HAVE_LIBWEBP */ --- -2.3.5 - diff --git a/package/gd/Config.in b/package/gd/Config.in index e83863508b..28b0b0fbe0 100644 --- a/package/gd/Config.in +++ b/package/gd/Config.in @@ -8,7 +8,7 @@ config BR2_PACKAGE_GD useful in World Wide Web applications, where PNG is one of the formats accepted for inline images by most browsers. - http://libgd.bitbucket.org/ + https://libgd.github.io/ if BR2_PACKAGE_GD diff --git a/package/gd/gd.hash b/package/gd/gd.hash index 8edbb1ad52..d08220a825 100644 --- a/package/gd/gd.hash +++ b/package/gd/gd.hash @@ -1,2 +1,2 @@ # Locally calculated -sha256 9ada1ed45594abc998ebc942cef12b032fbad672e73efc22bc9ff54f5df2b285 libgd-2.1.1.tar.xz +sha256 489f756ce07f0c034b1a794f4d34fdb4d829256112cb3c36feb40bb56b79218c libgd-2.2.2.tar.xz diff --git a/package/gd/gd.mk b/package/gd/gd.mk index c0562418a8..8de8d15325 100644 --- a/package/gd/gd.mk +++ b/package/gd/gd.mk @@ -4,10 +4,9 @@ # ################################################################################ -GD_VERSION = 2.1.1 +GD_VERSION = 2.2.2 GD_SOURCE = libgd-$(GD_VERSION).tar.xz -GD_SITE = https://bitbucket.org/libgd/gd-libgd/downloads -GD_AUTORECONF = YES +GD_SITE = https://github.com/libgd/libgd/releases/download/gd-$(GD_VERSION) GD_INSTALL_STAGING = YES GD_LICENSE = GD license GD_LICENSE_FILES = COPYING -- 2.30.2