Fixes the following security issues:
CVE-2017-6362: Double-free in gdImagePngPtr()
CVE-2017-7890: Buffer over-read into uninitialized memory
Drop patches no more needed:
0001-gdlib-config.patch: @LIBICONV@ is nowadays correct AC_SUBST'ed by
configure
0002-gd_bmp-fix-build-with-uClibc.patch: upstream uses ceil() since
6913dd3cd2
While we're at it, add a hash for the license file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
CVE-2016-9317 - gdImageCreate() doesn't check for oversized images and
as such is prone to DoS vulnerabilities.
CVE-2016-6912 - double-free in gdImageWebPtr()
(without CVE):
Potential unsigned underflow in gd_interpolation.c
DOS vulnerability in gdImageCreateFromGd2Ctx()
Signed Integer Overflow gd_io.c
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Security related fixes:
This flaw is caused by loading data from external sources (file, custom ctx,
etc) and are hard to validate before calling libgd APIs:
- fix php bug 72339, Integer Overflow in _gd2GetHeader (CVE-2016-5766)
- bug #248, fix Out-Of-Bounds Read in read_image_tga
- gd: Buffer over-read issue when parsing crafted TGA file (CVE-2016-6132)
Using application provided parameters, in these cases invalid data causes
the issues:
- Integer overflow error within _gdContributionsAlloc() (CVE-2016-6207)
- fix php bug 72494, invalid color index not handled, can lead to crash ( CVE-2016-6128)
- improve color check for CropThreshold
The build system now enables -Wall and -Werror by default, so pass
--disable-werror to disable that. Notice that this issue has been fixed
upstream post-2.2.3:
https://github.com/libgd/libgd/issues/339
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop upstreamed patches.
Drop autoreconf since it's no longer required.
Patch 0002-no-zlib.patch is no longer required, and is in fact harmful.
Update homepage URL.
Fixes:
CVE-2015-8874 - #215 Stack overflow with gdImageFillToBorder
CVE-2016-3074 - gd2: handle corrupt images better
CVE-2016-5767 - Integer Overflow in gdImagePaletteToTrueColor()
resulting in heap overflow
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Also add hash file.
Remove CVE patch since it's upstream.
Rename patches to new naming convention.
Kill some whitespace.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
First of two patches to fix
http://autobuild.buildroot.net/results/238/2386edb7f95920e84a35811a33f4333ee0a7a860/
gd links against libiconv if it is already built, depend on libiconv
to get reproducable builds.
readelf output without libiconv present:
$ output/host/opt/ext-toolchain/bfin-linux-uclibc/bin/bfin-linux-uclibc-readelf \
-a output/staging/usr/lib/libgd.a | grep iconv
15: 00000000 12 FUNC GLOBAL HIDDEN 1 _iconv_open
16: 0000000c 12 FUNC GLOBAL HIDDEN 1 _iconv
17: 00000018 12 FUNC GLOBAL HIDDEN 1 _iconv_close
readelf output with libiconv present:
$ output/host/opt/ext-toolchain/bfin-linux-uclibc/bin/bfin-linux-uclibc-readelf \
-a output/staging/usr/lib/libgd.a | grep iconv
000000e4 0000100a R_BFIN_PCREL24 00000000 _libiconv_open + 0
00000140 0000140a R_BFIN_PCREL24 00000000 _libiconv + 0
0000019a 0000160a R_BFIN_PCREL24 00000000 _libiconv_close + 0
16: 00000000 0 NOTYPE GLOBAL DEFAULT UND _libiconv_open
20: 00000000 0 NOTYPE GLOBAL DEFAULT UND _libiconv
22: 00000000 0 NOTYPE GLOBAL DEFAULT UND _libiconv_close
[Peter: also add to LIBS so it ends up in gdlib-config --libs output]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS,
make the same change for FOO_CONF_OPT.
Sed command used:
find * -type f | xargs sed -i 's#_CONF_OPT\>#&S#g'
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Since the trailing slash is stripped from $($(PKG)_SITE) by pkg-generic.mk:
$(call DOWNLOAD,$($(PKG)_SITE:/=)/$($(PKG)_SOURCE))
so it is redundant.
This patch removes it from $(PKG)_SITE variable for BR consistency.
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Drop obsolete/applied patches. Refresh the rest, and add sequence numbers.
Add a patch fixing build against uClibc when UCLIBC_HAS_LONG_DOUBLE_MATH is
missing.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This patch fixes the following whitespace problems in Config.in files:
- trailing whitespace
- spaces instead of tabs for indentation
- help text not indented with tab + 2 spaces
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Use the <pkg>_CONFIG_SCRIPTS mechanism in all packages for which it
does all what the package was doing. A few packages, like libxslt, are
for now left out, since they need some additional fixup (for example a
fixup of includedir).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
The gd package configure call 'libpng-config' to get the compiler
flags required to use the libpng. The configure correctly allow to
specify the path of the staging libpng-config by using the
ac_cv_path_LIBPNG_CONFIG but the configure.ac call simply
'libpng-config' instead of the specified one. The configure.ac is now
modified to call the specified libpng_config.
[Peter: explictly pass --without-png instead of auto detect]
Signed-off-by: Jean-Christian de Rivaz <jc@eclis.ch>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>