svn commit: r424078 - in head/graphics/gd: . files
Dirk Meyer
dinoex at FreeBSD.org
Sun Oct 16 18:41:22 UTC 2016
Author: dinoex
Date: Sun Oct 16 18:41:21 2016
New Revision: 424078
URL: https://svnweb.freebsd.org/changeset/ports/424078
Log:
- fix option WEBP
- make option WEBP default
PR: 211368
- Security patch, port was not vulnerable
Security: https://github.com/libgd/libgd/issues/308
Security: http://seclists.org/oss-sec/2016/q3/626
Security: CVE-2016-7568
PR: 213020
Added:
head/graphics/gd/files/patch-gd_webp.c (contents, props changed)
Modified:
head/graphics/gd/Makefile
Modified: head/graphics/gd/Makefile
==============================================================================
--- head/graphics/gd/Makefile Sun Oct 16 18:35:02 2016 (r424077)
+++ head/graphics/gd/Makefile Sun Oct 16 18:41:21 2016 (r424078)
@@ -3,7 +3,7 @@
PORTNAME= libgd
PORTVERSION= 2.2.3
-PORTREVISION?= 0
+PORTREVISION?= 1
PORTEPOCH= 1
CATEGORIES+= graphics
MASTER_SITES= https://github.com/${PORTNAME}/${PORTNAME}/releases/download/gd-${PORTVERSION}/
@@ -25,7 +25,7 @@ GNU_CONFIGURE= yes
USE_LDCONFIG= yes
OPTIONS_DEFINE= FONTCONFIG ICONV XPM WEBP
-OPTIONS_DEFAULT=FONTCONFIG
+OPTIONS_DEFAULT=FONTCONFIG WEBP
NO_OPTIONS_SORT=yes
FONTCONFIG_LIB_DEPENDS+= libfontconfig.so:x11-fonts/fontconfig
FONTCONFIG_CONFIGURE_OFF= --with-fontconfig=no
@@ -36,7 +36,6 @@ XPM_CONFIGURE_ON= --with-x
XPM_CONFIGURE_OFF= --with-xpm=no
WEBP_LIB_DEPENDS= libwebp.so:graphics/webp
WEBP_CONFIGURE_OFF= --without-webp
-WEBP_BROKEN= circular dependencies
.include <bsd.port.options.mk>
Added: head/graphics/gd/files/patch-gd_webp.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/graphics/gd/files/patch-gd_webp.c Sun Oct 16 18:41:21 2016 (r424078)
@@ -0,0 +1,27 @@
+LibGD Issue: https://github.com/libgd/libgd/issues/308
+Commit: https://github.com/libgd/libgd/commit/40bec0f38f50e8510f5bb71a82f516d46facde03
+
+Fix integer overflow in gdImageWebpCtx
+
+Integer overflow can be happened in expression gdImageSX(im) * 4 *
+gdImageSY(im). It could lead to heap buffer overflow in the following
+code. This issue has been reported to the PHP Bug Tracking System. The
+proof-of-concept file will be supplied some days later. This issue was
+discovered by Ke Liu of Tencent's Xuanwu LAB.
+--- src/gd_webp.c.orig 2016-07-21 10:06:42.000000000 +0200
++++ src/gd_webp.c 2016-10-16 20:27:17.150066000 +0200
+@@ -126,6 +126,14 @@
+ quantization = 80;
+ }
+
++ if (overflow2(gdImageSX(im), 4)) {
++ return;
++ }
++
++ if (overflow2(gdImageSX(im) * 4, gdImageSY(im))) {
++ return;
++ }
++
+ argb = (uint8_t *)gdMalloc(gdImageSX(im) * 4 * gdImageSY(im));
+ if (!argb) {
+ return;
More information about the svn-ports-all
mailing list