Package: libgd2 / 2.2.5-5.2

Metadata

Package Version Patches format
libgd2 2.2.5-5.2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
0004 Fix error ISO C99 requires at least one argument for.patch | (download)

tests/gdimagefile/gdnametest.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 fix error: iso c99 requires at least one argument for the "..." in a
 variadic macro


disable tests gdimagegrayscale as it breaks on 32 bit.patch | (download)

tests/CMakeLists.txt | 1 0 + 1 - 0 !
tests/Makefile.am | 1 0 + 1 - 0 !
2 files changed, 2 deletions(-)

 disable-tests-gdimagegrayscale-as-it-breaks-on-32-bit


0005 Fix tiff_invalid_read check.patch | (download)

src/gd_io_dp.c | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 fix tiff_invalid_read check


0004 Fix OOB read due to crafted GD GD2 images.patch | (download)

src/gd_gd.c | 5 4 + 1 - 0 !
tests/gd/CMakeLists.txt | 1 1 + 0 - 0 !
tests/gd/Makemodule.am | 2 2 + 0 - 0 !
tests/gd/crafted_transparency.c | 38 38 + 0 - 0 !
tests/gd/crafted_transparency.gd | 3 3 + 0 - 0 !
5 files changed, 48 insertions(+), 1 deletion(-)

 fix oob read due to crafted gd/gd2 images

The code in `gdImageScaleBilinearPalette()` and probably elsewhere
relies on `im->transparent` to be in bounds. Therefore, we have to make
sure that we never allow `im->transparent` to be set to an illegal
value.

0005 Disable failing test that breaks some builds.patch | (download)

tests/gdimagecopyresampled/Makemodule.am | 3 1 + 2 - 0 !
1 file changed, 1 insertion(+), 2 deletions(-)

 disable failing test that breaks some builds


0006 Disable gdimagerotate bug00067 because it FTBFS on i.patch | (download)

tests/gdimagerotate/Makemodule.am | 4 0 + 4 - 0 !
1 file changed, 4 deletions(-)

 disable gdimagerotate/bug00067 because it ftbfs on i386


tests make a little change for autopkgtest.patch | (download)

tests/Makefile.am | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
Fix 420 Potential infinite loop in gdImageCreateFrom.patch | (download)

src/gd_gif_in.c | 12 6 + 6 - 0 !
1 file changed, 6 insertions(+), 6 deletions(-)

 fix #420: potential infinite loop in gdimagecreatefromgifctx
bmp check return value in gdImageBmpPtr.patch | (download)

src/gd_bmp.c | 17 14 + 3 - 0 !
1 file changed, 14 insertions(+), 3 deletions(-)

 bmp: check return value in gdimagebmpptr
CVE 2019 6977.patch | (download)

src/gd_color_match.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 heap-based buffer overflow in gdimagecolormatch
Fix 492 Potential double free in gdImage Ptr.patch | (download)

src/gd_gif_out.c | 18 15 + 3 - 0 !
src/gd_jpeg.c | 20 16 + 4 - 0 !
src/gd_wbmp.c | 21 18 + 3 - 0 !
tests/jpeg/CMakeLists.txt | 1 1 + 0 - 0 !
tests/jpeg/Makemodule.am | 3 2 + 1 - 0 !
tests/jpeg/jpeg_ptr_double_free.c | 31 31 + 0 - 0 !
6 files changed, 83 insertions(+), 11 deletions(-)

 fix #492: potential double-free in gdimage*ptr()
Fix 501 Uninitialized read in gdImageCreateFromXbm.patch | (download)

src/gd_xbm.c | 6 5 + 1 - 0 !
1 file changed, 5 insertions(+), 1 deletion(-)

 fix #501: uninitialized read in gdimagecreatefromxbm
 (CVE-2019-11038)

Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-11038
Bug-Debian: https://bugs.debian.org/929821
Bug: https://github.com/libgd/libgd/issues/501

We have to ensure that `sscanf()` does indeed read a hex value here,
and bail out otherwise.

Original patch by Christoph M. Becker <cmbecker69@gmx.de> for PHP libgd ext.
https://git.php.net/?p=php-src.git;a=commit;h=ed6dee9a198c904ad5e03113e58a2d2c200f5184