diff options
| author |   Yi Zhao <yi.zhao@windriver.com> | 2017-08-18 14:55:11 +0800 |
|---|---|---|
| committer |   Martin Jansa <Martin.Jansa@gmail.com> | 2017-08-28 11:06:02 +0200 |
| commit | a7f02b1fe59e1c35e0abfe5f716df0fcd8b9d204 (patch) | |
| tree | 5924ee10d0af275e07e3b5a01baf0180416b6236 /meta-oe/recipes-support/gd/gd/CVE-2016-10168.patch | |
| parent | 2ee20c389a3db6e1bb633e06ffd2ade43a70e14d (diff) | |
| download | meta-openembedded-contrib-a7f02b1fe59e1c35e0abfe5f716df0fcd8b9d204.tar.gz | |
gd: update to 2.2.4
* Remove the following patches which already merged in upstream:
fix-gcc-unused-functions.patch
.gitignore-the-new-test-case.patch
CVE-2016-10166.patch
CVE-2016-10167.patch
CVE-2016-10168.patch
CVE-2016-6906-1.patch
CVE-2016-6906-2.patch
Fix-290-TGA-RLE-decoding-is-broken.patch
* Update LICENSE's MD5 check sum.
The COPYING file has been update with the following commits in
upstream:
commit f863b3c2d300ff5344f6752e5813b0d6985e79c4
Resolve #282: COPYING vs. docs/naturaldocs/license.txt
commit 9ccdaedbd9a2cfd1c8a9a258c09af161e796bd41
Sync COPYING and docs/naturaldocs/license.txt
These two commits updated the copyright statement regarding the
authorship of gd and adjust the format.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Diffstat (limited to 'meta-oe/recipes-support/gd/gd/CVE-2016-10168.patch')
| -rw-r--r-- | meta-oe/recipes-support/gd/gd/CVE-2016-10168.patch | 38 |
1 files changed, 0 insertions, 38 deletions
diff --git a/meta-oe/recipes-support/gd/gd/CVE-2016-10168.patch b/meta-oe/recipes-support/gd/gd/CVE-2016-10168.patch deleted file mode 100644 index aef1060c45..0000000000 --- a/meta-oe/recipes-support/gd/gd/CVE-2016-10168.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 2d37bdc03a6e2b820fe380016f22592a7733e0be Mon Sep 17 00:00:00 2001 -From: Catalin Enache <catalin.enache@windriver.com> -Date: Fri, 7 Apr 2017 12:32:49 +0300 -Subject: [PATCH] Fix #354: Signed Integer Overflow gd_io.c - -GD2 stores the number of horizontal and vertical chunks as words (i.e. 2 -byte unsigned). These values are multiplied and assigned to an int when -reading the image, what can cause integer overflows. We have to avoid -that, and also make sure that either chunk count is actually greater -than zero. If illegal chunk counts are detected, we bail out from -reading the image. - -Upstream-Status: Backport -CVE: CVE-2016-10168 - -Signed-off-by: Catalin Enache <catalin.enache@windriver.com> ---- - src/gd_gd2.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/gd_gd2.c b/src/gd_gd2.c -index bae65ea..9006bd2 100644 ---- a/src/gd_gd2.c -+++ b/src/gd_gd2.c -@@ -151,6 +151,10 @@ _gd2GetHeader (gdIOCtxPtr in, int *sx, int *sy, - GD2_DBG (printf ("%d Chunks vertically\n", *ncy)); - - if (gd2_compressed (*fmt)) { -+ if (*ncx <= 0 || *ncy <= 0 || *ncx > INT_MAX / *ncy) { -+ GD2_DBG(printf ("Illegal chunk counts: %d * %d\n", *ncx, *ncy)); -+ goto fail1; -+ } - nc = (*ncx) * (*ncy); - - GD2_DBG (printf ("Reading %d chunk index entries\n", nc)); --- -2.10.2 - |