summaryrefslogtreecommitdiffstats
path: root/meta-oe
diff options
context:
space:
mode:
authorYi Zhao <yi.zhao@windriver.com>2017-08-18 14:55:11 +0800
committerMartin Jansa <Martin.Jansa@gmail.com>2017-08-28 11:06:02 +0200
commita7f02b1fe59e1c35e0abfe5f716df0fcd8b9d204 (patch)
tree5924ee10d0af275e07e3b5a01baf0180416b6236 /meta-oe
parent2ee20c389a3db6e1bb633e06ffd2ade43a70e14d (diff)
downloadmeta-openembedded-a7f02b1fe59e1c35e0abfe5f716df0fcd8b9d204.tar.gz
gd: update to 2.2.4
* Remove the following patches which already merged in upstream: fix-gcc-unused-functions.patch .gitignore-the-new-test-case.patch CVE-2016-10166.patch CVE-2016-10167.patch CVE-2016-10168.patch CVE-2016-6906-1.patch CVE-2016-6906-2.patch Fix-290-TGA-RLE-decoding-is-broken.patch * Update LICENSE's MD5 check sum. The COPYING file has been update with the following commits in upstream: commit f863b3c2d300ff5344f6752e5813b0d6985e79c4 Resolve #282: COPYING vs. docs/naturaldocs/license.txt commit 9ccdaedbd9a2cfd1c8a9a258c09af161e796bd41 Sync COPYING and docs/naturaldocs/license.txt These two commits updated the copyright statement regarding the authorship of gd and adjust the format. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Diffstat (limited to 'meta-oe')
-rw-r--r--meta-oe/recipes-support/gd/files/fix-gcc-unused-functions.patch43
-rw-r--r--meta-oe/recipes-support/gd/gd/.gitignore-the-new-test-case.patch24
-rw-r--r--meta-oe/recipes-support/gd/gd/CVE-2016-10166.patch60
-rw-r--r--meta-oe/recipes-support/gd/gd/CVE-2016-10167.patch48
-rw-r--r--meta-oe/recipes-support/gd/gd/CVE-2016-10168.patch38
-rw-r--r--meta-oe/recipes-support/gd/gd/CVE-2016-6906-1.patch167
-rw-r--r--meta-oe/recipes-support/gd/gd/CVE-2016-6906-2.patch135
-rw-r--r--meta-oe/recipes-support/gd/gd/Fix-290-TGA-RLE-decoding-is-broken.patch359
-rw-r--r--meta-oe/recipes-support/gd/gd_2.2.4.bb (renamed from meta-oe/recipes-support/gd/gd_2.2.3.bb)27
9 files changed, 4 insertions, 897 deletions
diff --git a/meta-oe/recipes-support/gd/files/fix-gcc-unused-functions.patch b/meta-oe/recipes-support/gd/files/fix-gcc-unused-functions.patch
deleted file mode 100644
index 02cb5ad75..000000000
--- a/meta-oe/recipes-support/gd/files/fix-gcc-unused-functions.patch
+++ /dev/null
@@ -1,43 +0,0 @@
1gdft.c: remove functions that cause warnings about being unused
2
3Upstream-Status: Backport (Fixed in master branch)
4
5Signed-off-by: Derek Straka <derek@asterius.io>
6--- git/src/gdft.c.orig 2016-08-12 10:20:41.418440091 -0400
7+++ git/src/gdft.c 2016-08-12 10:22:34.226442987 -0400
8@@ -139,16 +139,6 @@
9 }
10 #else
11
12-#ifndef HAVE_LIBFONTCONFIG
13-static char * font_pattern(char **fontpath, char *fontpattern)
14-{
15- (void)fontpath;
16- (void)fontpattern;
17-
18- return "libgd was not built with FontConfig support\n";
19-}
20-#endif /* HAVE_LIBFONTCONFIG */
21-
22 #include "gdcache.h"
23 /* 2.0.16 Christophe Thomas: starting with FreeType 2.1.6, this is
24 mandatory, and it has been supported for a long while. */
25@@ -446,16 +436,15 @@
26 return (strcmp (a->fontlist, b->fontlist) == 0 && a->flags == b->flags);
27 }
28
29+#ifdef HAVE_LIBFONTCONFIG
30 static int useFontConfig(int flag)
31 {
32-#ifdef HAVE_LIBFONTCONFIG
33 if (fontConfigFlag) {
34 return (!(flag & gdFTEX_FONTPATHNAME));
35 }
36-#endif
37 return flag & gdFTEX_FONTCONFIG;
38 }
39-
40+#endif
41 static void *
42 fontFetch (char **error, void *key)
43 {
diff --git a/meta-oe/recipes-support/gd/gd/.gitignore-the-new-test-case.patch b/meta-oe/recipes-support/gd/gd/.gitignore-the-new-test-case.patch
deleted file mode 100644
index eab4975cb..000000000
--- a/meta-oe/recipes-support/gd/gd/.gitignore-the-new-test-case.patch
+++ /dev/null
@@ -1,24 +0,0 @@
1From 8520274759cb8f95e483b02a445aff225e13467b Mon Sep 17 00:00:00 2001
2From: "Christoph M. Becker" <cmbecker69@gmx.de>
3Date: Tue, 16 Aug 2016 16:00:27 +0200
4Subject: [PATCH] .gitignore the new test case
5
6Upstream-Status: Backport
7
8Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
9---
10 tests/tga/.gitignore | 1 +
11 1 file changed, 1 insertion(+)
12
13diff --git a/tests/tga/.gitignore b/tests/tga/.gitignore
14index e88e124..7a659b1 100644
15--- a/tests/tga/.gitignore
16+++ b/tests/tga/.gitignore
17@@ -4,3 +4,4 @@
18 /bug00248
19 /bug00248a
20 /tga_null
21+/tga_read
22--
232.10.2
24
diff --git a/meta-oe/recipes-support/gd/gd/CVE-2016-10166.patch b/meta-oe/recipes-support/gd/gd/CVE-2016-10166.patch
deleted file mode 100644
index 7ccfbeabc..000000000
--- a/meta-oe/recipes-support/gd/gd/CVE-2016-10166.patch
+++ /dev/null
@@ -1,60 +0,0 @@
1From c92240c1670c20c2f854761d3a89ab61dd158c91 Mon Sep 17 00:00:00 2001
2From: "Christoph M. Becker" <cmbecker69@gmx.de>
3Date: Sat, 6 Aug 2016 10:08:53 +0200
4Subject: [PATCH] Fix potential unsigned underflow
5
6No need to decrease `u`, so we don't do it. While we're at it, we also factor
7out the overflow check of the loop, what improves performance and readability.
8
9This issue has been reported by Stefan Esser to security@libgd.org.
10
11Upstream-Status: Backport
12CVE: CVE-2016-10166
13
14Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
15---
16 src/gd_interpolation.c | 19 ++++++++++---------
17 1 file changed, 10 insertions(+), 9 deletions(-)
18
19diff --git a/src/gd_interpolation.c b/src/gd_interpolation.c
20index 7e7943d..9944349 100644
21--- a/src/gd_interpolation.c
22+++ b/src/gd_interpolation.c
23@@ -829,8 +829,13 @@ static inline LineContribType * _gdContributionsAlloc(unsigned int line_length,
24 {
25 unsigned int u = 0;
26 LineContribType *res;
27- int overflow_error = 0;
28+ size_t weights_size;
29
30+ if (overflow2(windows_size, sizeof(double))) {
31+ return NULL;
32+ } else {
33+ weights_size = windows_size * sizeof(double);
34+ }
35 res = (LineContribType *) gdMalloc(sizeof(LineContribType));
36 if (!res) {
37 return NULL;
38@@ -847,15 +852,11 @@ static inline LineContribType * _gdContributionsAlloc(unsigned int line_length,
39 return NULL;
40 }
41 for (u = 0 ; u < line_length ; u++) {
42- if (overflow2(windows_size, sizeof(double))) {
43- overflow_error = 1;
44- } else {
45- res->ContribRow[u].Weights = (double *) gdMalloc(windows_size * sizeof(double));
46- }
47- if (overflow_error == 1 || res->ContribRow[u].Weights == NULL) {
48+ res->ContribRow[u].Weights = (double *) gdMalloc(weights_size);
49+ if (res->ContribRow[u].Weights == NULL) {
50 unsigned int i;
51- u--;
52- for (i=0;i<=u;i++) {
53+
54+ for (i=0;i<u;i++) {
55 gdFree(res->ContribRow[i].Weights);
56 }
57 gdFree(res->ContribRow);
58--
592.10.2
60
diff --git a/meta-oe/recipes-support/gd/gd/CVE-2016-10167.patch b/meta-oe/recipes-support/gd/gd/CVE-2016-10167.patch
deleted file mode 100644
index 54ef22cb6..000000000
--- a/meta-oe/recipes-support/gd/gd/CVE-2016-10167.patch
+++ /dev/null
@@ -1,48 +0,0 @@
1From 6ab531ef0d82efb9e00236ee5ea23928335d221f Mon Sep 17 00:00:00 2001
2From: Catalin Enache <catalin.enache@windriver.com>
3Date: Fri, 7 Apr 2017 12:30:22 +0300
4Subject: [PATCH] Fix DOS vulnerability in gdImageCreateFromGd2Ctx()
5
6We must not pretend that there are image data if there are none. Instead
7we fail reading the image file gracefully.
8
9Upstream-Status: Backport
10CVE: CVE-2016-10167
11
12Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
13---
14 src/gd_gd2.c | 14 ++++++--------
15 1 file changed, 6 insertions(+), 8 deletions(-)
16
17diff --git a/src/gd_gd2.c b/src/gd_gd2.c
18index 8df93c1..bae65ea 100644
19--- a/src/gd_gd2.c
20+++ b/src/gd_gd2.c
21@@ -445,18 +445,16 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromGd2Ctx (gdIOCtxPtr in)
22
23 if (im->trueColor) {
24 if (!gdGetInt (&im->tpixels[y][x], in)) {
25- /*printf("EOF while reading\n"); */
26- /*gdImageDestroy(im); */
27- /*return 0; */
28- im->tpixels[y][x] = 0;
29+ gd_error("gd2: EOF while reading\n");
30+ gdImageDestroy(im);
31+ return NULL;
32 }
33 } else {
34 int ch;
35 if (!gdGetByte (&ch, in)) {
36- /*printf("EOF while reading\n"); */
37- /*gdImageDestroy(im); */
38- /*return 0; */
39- ch = 0;
40+ gd_error("gd2: EOF while reading\n");
41+ gdImageDestroy(im);
42+ return NULL;
43 }
44 im->pixels[y][x] = ch;
45 }
46--
472.10.2
48
diff --git a/meta-oe/recipes-support/gd/gd/CVE-2016-10168.patch b/meta-oe/recipes-support/gd/gd/CVE-2016-10168.patch
deleted file mode 100644
index aef1060c4..000000000
--- a/meta-oe/recipes-support/gd/gd/CVE-2016-10168.patch
+++ /dev/null
@@ -1,38 +0,0 @@
1From 2d37bdc03a6e2b820fe380016f22592a7733e0be Mon Sep 17 00:00:00 2001
2From: Catalin Enache <catalin.enache@windriver.com>
3Date: Fri, 7 Apr 2017 12:32:49 +0300
4Subject: [PATCH] Fix #354: Signed Integer Overflow gd_io.c
5
6GD2 stores the number of horizontal and vertical chunks as words (i.e. 2
7byte unsigned). These values are multiplied and assigned to an int when
8reading the image, what can cause integer overflows. We have to avoid
9that, and also make sure that either chunk count is actually greater
10than zero. If illegal chunk counts are detected, we bail out from
11reading the image.
12
13Upstream-Status: Backport
14CVE: CVE-2016-10168
15
16Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
17---
18 src/gd_gd2.c | 4 ++++
19 1 file changed, 4 insertions(+)
20
21diff --git a/src/gd_gd2.c b/src/gd_gd2.c
22index bae65ea..9006bd2 100644
23--- a/src/gd_gd2.c
24+++ b/src/gd_gd2.c
25@@ -151,6 +151,10 @@ _gd2GetHeader (gdIOCtxPtr in, int *sx, int *sy,
26 GD2_DBG (printf ("%d Chunks vertically\n", *ncy));
27
28 if (gd2_compressed (*fmt)) {
29+ if (*ncx <= 0 || *ncy <= 0 || *ncx > INT_MAX / *ncy) {
30+ GD2_DBG(printf ("Illegal chunk counts: %d * %d\n", *ncx, *ncy));
31+ goto fail1;
32+ }
33 nc = (*ncx) * (*ncy);
34
35 GD2_DBG (printf ("Reading %d chunk index entries\n", nc));
36--
372.10.2
38
diff --git a/meta-oe/recipes-support/gd/gd/CVE-2016-6906-1.patch b/meta-oe/recipes-support/gd/gd/CVE-2016-6906-1.patch
deleted file mode 100644
index 97b7f7249..000000000
--- a/meta-oe/recipes-support/gd/gd/CVE-2016-6906-1.patch
+++ /dev/null
@@ -1,167 +0,0 @@
1From fb0e0cce0b9f25389ab56604c3547351617e1415 Mon Sep 17 00:00:00 2001
2From: "Christoph M. Becker" <cmbecker69@gmx.de>
3Date: Tue, 16 Aug 2016 16:26:19 +0200
4Subject: [PATCH] Fix OOB reads of the TGA decompression buffer
5
6It is possible to craft TGA files which will overflow the decompression
7buffer, but not the image's bitmap. Therefore we augment the check for the
8bitmap's overflow with a check for the buffer's overflow.
9
10This issue had been reported by Ibrahim El-Sayed to security@libgd.org.
11
12CVE-2016-6906
13
14Upstream-Status: Backport
15CVE: CVE-2016-6906
16
17Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
18---
19 src/gd_tga.c | 6 ++++--
20 tests/tga/.gitignore | 1 +
21 tests/tga/CMakeLists.txt | 1 +
22 tests/tga/Makemodule.am | 2 ++
23 tests/tga/heap_overflow.c | 51 ++++++++++++++++++++++++++++++++++++++++++++
24 tests/tga/heap_overflow.tga | Bin 0 -> 605 bytes
25 6 files changed, 59 insertions(+), 2 deletions(-)
26 create mode 100644 tests/tga/heap_overflow.c
27 create mode 100644 tests/tga/heap_overflow.tga
28
29diff --git a/src/gd_tga.c b/src/gd_tga.c
30index 8737b04..68e4b17 100644
31--- a/src/gd_tga.c
32+++ b/src/gd_tga.c
33@@ -300,7 +300,8 @@ int read_image_tga( gdIOCtx *ctx, oTga *tga )
34 encoded_pixels = ( ( decompression_buffer[ buffer_caret ] & ~TGA_RLE_FLAG ) + 1 );
35 buffer_caret++;
36
37- if ((bitmap_caret + (encoded_pixels * pixel_block_size)) > image_block_size) {
38+ if ((bitmap_caret + (encoded_pixels * pixel_block_size)) > image_block_size
39+ || buffer_caret + pixel_block_size > rle_size) {
40 gdFree( decompression_buffer );
41 gdFree( conversion_buffer );
42 return -1;
43@@ -316,7 +317,8 @@ int read_image_tga( gdIOCtx *ctx, oTga *tga )
44 encoded_pixels = decompression_buffer[ buffer_caret ] + 1;
45 buffer_caret++;
46
47- if ((bitmap_caret + (encoded_pixels * pixel_block_size)) > image_block_size) {
48+ if ((bitmap_caret + (encoded_pixels * pixel_block_size)) > image_block_size
49+ || buffer_caret + (encoded_pixels * pixel_block_size) > rle_size) {
50 gdFree( decompression_buffer );
51 gdFree( conversion_buffer );
52 return -1;
53diff --git a/tests/tga/.gitignore b/tests/tga/.gitignore
54index 7a659b1..cf0556b 100644
55--- a/tests/tga/.gitignore
56+++ b/tests/tga/.gitignore
57@@ -3,5 +3,6 @@
58 /bug00247a
59 /bug00248
60 /bug00248a
61+/heap_overflow
62 /tga_null
63 /tga_read
64diff --git a/tests/tga/CMakeLists.txt b/tests/tga/CMakeLists.txt
65index 789fb14..11542a0 100644
66--- a/tests/tga/CMakeLists.txt
67+++ b/tests/tga/CMakeLists.txt
68@@ -5,6 +5,7 @@ LIST(APPEND TESTS_FILES
69 bug00247a
70 bug00248
71 bug00248a
72+ heap_overflow
73 tga_read
74 )
75
76diff --git a/tests/tga/Makemodule.am b/tests/tga/Makemodule.am
77index a1e6af6..916d707 100644
78--- a/tests/tga/Makemodule.am
79+++ b/tests/tga/Makemodule.am
80@@ -4,6 +4,7 @@ libgd_test_programs += \
81 tga/bug00247a \
82 tga/bug00248 \
83 tga/bug00248a \
84+ tga/heap_overflow \
85 tga/tga_null \
86 tga/tga_read
87
88@@ -14,6 +15,7 @@ EXTRA_DIST += \
89 tga/bug00247a.tga \
90 tga/bug00248.tga \
91 tga/bug00248a.tga \
92+ tga/heap_overflow.tga \
93 tga/tga_read_rgb.png \
94 tga/tga_read_rgb.tga \
95 tga/tga_read_rgb_rle.tga
96diff --git a/tests/tga/heap_overflow.c b/tests/tga/heap_overflow.c
97new file mode 100644
98index 0000000..0e9a2d0
99--- /dev/null
100+++ b/tests/tga/heap_overflow.c
101@@ -0,0 +1,51 @@
102+/**
103+ * Test that the crafted TGA file doesn't trigger OOB reads.
104+ */
105+
106+
107+#include "gd.h"
108+#include "gdtest.h"
109+
110+
111+static size_t read_test_file(char **buffer, char *basename);
112+
113+
114+int main()
115+{
116+ gdImagePtr im;
117+ char *buffer;
118+ size_t size;
119+
120+ size = read_test_file(&buffer, "heap_overflow.tga");
121+ im = gdImageCreateFromTgaPtr(size, (void *) buffer);
122+ gdTestAssert(im == NULL);
123+ free(buffer);
124+
125+ return gdNumFailures();
126+}
127+
128+
129+static size_t read_test_file(char **buffer, char *basename)
130+{
131+ char *filename;
132+ FILE *fp;
133+ size_t exp_size, act_size;
134+
135+ filename = gdTestFilePath2("tga", basename);
136+ fp = fopen(filename, "rb");
137+ gdTestAssert(fp != NULL);
138+
139+ fseek(fp, 0, SEEK_END);
140+ exp_size = ftell(fp);
141+ fseek(fp, 0, SEEK_SET);
142+
143+ *buffer = malloc(exp_size);
144+ gdTestAssert(*buffer != NULL);
145+ act_size = fread(*buffer, sizeof(**buffer), exp_size, fp);
146+ gdTestAssert(act_size == exp_size);
147+
148+ fclose(fp);
149+ free(filename);
150+
151+ return act_size;
152+}
153diff --git a/tests/tga/heap_overflow.tga b/tests/tga/heap_overflow.tga
154new file mode 100644
155index 0000000000000000000000000000000000000000..e9bc0ecb2a847ac6edba92dd0ff61167b49002cd
156GIT binary patch
157literal 605
158zcmZQz;9`IQ9tIu;g&7<$F3o7Yg1qzyh6tefy9wZAs2d<Uh*yuz=?XwW4Qvuv#g2nS
159zp93+mT0rVR>T&8(2TGy=f_l)@gSap~$FayUFu(!|SyJIFga^{8fGj~vwq8kkVgvv>
160Cavop+
161
162literal 0
163HcmV?d00001
164
165--
1662.10.2
167
diff --git a/meta-oe/recipes-support/gd/gd/CVE-2016-6906-2.patch b/meta-oe/recipes-support/gd/gd/CVE-2016-6906-2.patch
deleted file mode 100644
index 8b6de9711..000000000
--- a/meta-oe/recipes-support/gd/gd/CVE-2016-6906-2.patch
+++ /dev/null
@@ -1,135 +0,0 @@
1From 58b6dde319c301b0eae27d12e2a659e067d80558 Mon Sep 17 00:00:00 2001
2From: "Christoph M. Becker" <cmbecker69@gmx.de>
3Date: Tue, 16 Aug 2016 16:26:19 +0200
4Subject: [PATCH] Fix OOB reads of the TGA decompression buffer
5
6It is possible to craft TGA files which will overflow the decompression
7buffer, but not the image's bitmap. Therefore we also have to check for
8potential decompression buffer overflows.
9
10This issue had been reported by Ibrahim El-Sayed to security@libgd.org;
11a modified case exposing an off-by-one error of the first patch had been
12provided by Konrad Beckmann.
13
14This commit is an amendment to commit fb0e0cce, so we use CVE-2016-6906
15as well.
16
17Upstream-Status: Backport
18CVE: CVE-2016-6906
19
20Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
21---
22 src/gd_tga.c | 8 +++++++-
23 tests/tga/Makemodule.am | 3 ++-
24 tests/tga/heap_overflow.c | 16 ++++++++++++----
25 tests/tga/heap_overflow_1.tga | Bin 0 -> 605 bytes
26 tests/tga/heap_overflow_2.tga | Bin 0 -> 8746 bytes
27 5 files changed, 21 insertions(+), 6 deletions(-)
28 create mode 100644 tests/tga/heap_overflow_1.tga
29 create mode 100644 tests/tga/heap_overflow_2.tga
30
31diff --git a/src/gd_tga.c b/src/gd_tga.c
32index 68e4b17..f80f0b1 100644
33--- a/src/gd_tga.c
34+++ b/src/gd_tga.c
35@@ -295,7 +295,13 @@ int read_image_tga( gdIOCtx *ctx, oTga *tga )
36 buffer_caret = 0;
37
38 while( bitmap_caret < image_block_size ) {
39-
40+
41+ if (buffer_caret + pixel_block_size > rle_size) {
42+ gdFree( decompression_buffer );
43+ gdFree( conversion_buffer );
44+ return -1;
45+ }
46+
47 if ((decompression_buffer[buffer_caret] & TGA_RLE_FLAG) == TGA_RLE_FLAG) {
48 encoded_pixels = ( ( decompression_buffer[ buffer_caret ] & ~TGA_RLE_FLAG ) + 1 );
49 buffer_caret++;
50diff --git a/tests/tga/Makemodule.am b/tests/tga/Makemodule.am
51index 916d707..ab08dbf 100644
52--- a/tests/tga/Makemodule.am
53+++ b/tests/tga/Makemodule.am
54@@ -15,7 +15,8 @@ EXTRA_DIST += \
55 tga/bug00247a.tga \
56 tga/bug00248.tga \
57 tga/bug00248a.tga \
58- tga/heap_overflow.tga \
59+ tga/heap_overflow_1.tga \
60+ tga/heap_overflow_2.tga \
61 tga/tga_read_rgb.png \
62 tga/tga_read_rgb.tga \
63 tga/tga_read_rgb_rle.tga
64diff --git a/tests/tga/heap_overflow.c b/tests/tga/heap_overflow.c
65index 0e9a2d0..ddd4b63 100644
66--- a/tests/tga/heap_overflow.c
67+++ b/tests/tga/heap_overflow.c
68@@ -1,5 +1,5 @@
69 /**
70- * Test that the crafted TGA file doesn't trigger OOB reads.
71+ * Test that crafted TGA files don't trigger OOB reads.
72 */
73
74
75@@ -7,21 +7,29 @@
76 #include "gdtest.h"
77
78
79+static void check_file(char *basename);
80 static size_t read_test_file(char **buffer, char *basename);
81
82
83 int main()
84 {
85+ check_file("heap_overflow_1.tga");
86+ check_file("heap_overflow_2.tga");
87+
88+ return gdNumFailures();
89+}
90+
91+
92+static void check_file(char *basename)
93+{
94 gdImagePtr im;
95 char *buffer;
96 size_t size;
97
98- size = read_test_file(&buffer, "heap_overflow.tga");
99+ size = read_test_file(&buffer, basename);
100 im = gdImageCreateFromTgaPtr(size, (void *) buffer);
101 gdTestAssert(im == NULL);
102 free(buffer);
103-
104- return gdNumFailures();
105 }
106
107
108diff --git a/tests/tga/heap_overflow_1.tga b/tests/tga/heap_overflow_1.tga
109new file mode 100644
110index 0000000000000000000000000000000000000000..e9bc0ecb2a847ac6edba92dd0ff61167b49002cd
111GIT binary patch
112literal 605
113zcmZQz;9`IQ9tIu;g&7<$F3o7Yg1qzyh6tefy9wZAs2d<Uh*yuz=?XwW4Qvuv#g2nS
114zp93+mT0rVR>T&8(2TGy=f_l)@gSap~$FayUFu(!|SyJIFga^{8fGj~vwq8kkVgvv>
115Cavop+
116
117literal 0
118HcmV?d00001
119
120diff --git a/tests/tga/heap_overflow_2.tga b/tests/tga/heap_overflow_2.tga
121new file mode 100644
122index 0000000000000000000000000000000000000000..2b681f2df8941d6823aa761be0a7fa3c02c92cbf
123GIT binary patch
124literal 8746
125zcmeIxF$#b%6a>*<djij4?cuz+Vi5?!RIY)@*eDAQ@`zPSwQE1NTI<YQEqdQG#s5@h
126zwDFtAoIjm)CIQa|$z*q(vz}DbnPjrN&RI{Y=}a=&UFWPP)joCZ<31}ey8!(}FZZ71
127zWop>#e)AY=opmMw&j!h4cb&7IRMVMcvb)Y%PpaumGTB|{tS8lUCYkK6bJmk;IzMDC
128D4PYIN
129
130literal 0
131HcmV?d00001
132
133--
1342.10.2
135
diff --git a/meta-oe/recipes-support/gd/gd/Fix-290-TGA-RLE-decoding-is-broken.patch b/meta-oe/recipes-support/gd/gd/Fix-290-TGA-RLE-decoding-is-broken.patch
deleted file mode 100644
index 64f5c6296..000000000
--- a/meta-oe/recipes-support/gd/gd/Fix-290-TGA-RLE-decoding-is-broken.patch
+++ /dev/null
@@ -1,359 +0,0 @@
1From 4f8e26f2a40ffaa3a5b77be6a49989a1a42e2b83 Mon Sep 17 00:00:00 2001
2From: "Christoph M. Becker" <cmbecker69@gmx.de>
3Date: Tue, 16 Aug 2016 14:27:23 +0200
4Subject: [PATCH] Fix #290: TGA RLE decoding is broken
5
6We make it work only, for now. Actually, it doesn't make sense that
7`oTga::bitmap` is an `int *` as we're storing only bytes there. If this
8will be changed, we can even get rid of the `conversion_buffer` in
9`read_image_tga` altogether, and read the image data into the
10`decompression_buffer` (if RLE'd) or the `tga->bitmap` (if uncompressed)
11directly.
12
13Upstream-Status: Backport
14
15Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
16---
17 src/gd_tga.c | 18 ++++++++++--------
18 tests/tga/CMakeLists.txt | 1 +
19 tests/tga/Makemodule.am | 8 ++++++--
20 tests/tga/tga_read.c | 40 ++++++++++++++++++++++++++++++++++++++++
21 tests/tga/tga_read_rgb.png | Bin 0 -> 2349 bytes
22 tests/tga/tga_read_rgb.tga | Bin 0 -> 90444 bytes
23 tests/tga/tga_read_rgb_rle.tga | Bin 0 -> 9987 bytes
24 7 files changed, 57 insertions(+), 10 deletions(-)
25 create mode 100644 tests/tga/tga_read.c
26 create mode 100644 tests/tga/tga_read_rgb.png
27 create mode 100644 tests/tga/tga_read_rgb.tga
28 create mode 100644 tests/tga/tga_read_rgb_rle.tga
29
30diff --git a/src/gd_tga.c b/src/gd_tga.c
31index ec6781f..8737b04 100644
32--- a/src/gd_tga.c
33+++ b/src/gd_tga.c
34@@ -207,12 +207,13 @@ int read_image_tga( gdIOCtx *ctx, oTga *tga )
35 {
36 int pixel_block_size = (tga->bits / 8);
37 int image_block_size = (tga->width * tga->height) * pixel_block_size;
38- uint8_t* decompression_buffer = NULL;
39+ int* decompression_buffer = NULL;
40 unsigned char* conversion_buffer = NULL;
41 int buffer_caret = 0;
42 int bitmap_caret = 0;
43 int i = 0;
44 int encoded_pixels;
45+ int rle_size;
46
47 if(overflow2(tga->width, tga->height)) {
48 return -1;
49@@ -266,7 +267,7 @@ int read_image_tga( gdIOCtx *ctx, oTga *tga )
50 /*! \brief Read in RLE compressed RGB TGA
51 * Chunk load the pixel data from an RLE compressed RGB type TGA.
52 */
53- decompression_buffer = (uint8_t*) gdMalloc(image_block_size * sizeof(uint8_t));
54+ decompression_buffer = (int*) gdMalloc(image_block_size * sizeof(int));
55 if (decompression_buffer == NULL) {
56 return -1;
57 }
58@@ -277,7 +278,8 @@ int read_image_tga( gdIOCtx *ctx, oTga *tga )
59 return -1;
60 }
61
62- if (gdGetBuf(conversion_buffer, image_block_size, ctx) != image_block_size) {
63+ rle_size = gdGetBuf(conversion_buffer, image_block_size, ctx);
64+ if (rle_size <= 0) {
65 gdFree(conversion_buffer);
66 gdFree(decompression_buffer);
67 return -1;
68@@ -285,7 +287,7 @@ int read_image_tga( gdIOCtx *ctx, oTga *tga )
69
70 buffer_caret = 0;
71
72- while( buffer_caret < image_block_size) {
73+ while( buffer_caret < rle_size) {
74 decompression_buffer[buffer_caret] = (int)conversion_buffer[buffer_caret];
75 buffer_caret++;
76 }
77@@ -298,14 +300,14 @@ int read_image_tga( gdIOCtx *ctx, oTga *tga )
78 encoded_pixels = ( ( decompression_buffer[ buffer_caret ] & ~TGA_RLE_FLAG ) + 1 );
79 buffer_caret++;
80
81- if ((bitmap_caret + (encoded_pixels * pixel_block_size)) >= image_block_size) {
82+ if ((bitmap_caret + (encoded_pixels * pixel_block_size)) > image_block_size) {
83 gdFree( decompression_buffer );
84 gdFree( conversion_buffer );
85 return -1;
86 }
87
88 for (i = 0; i < encoded_pixels; i++) {
89- memcpy(tga->bitmap + bitmap_caret, decompression_buffer + buffer_caret, pixel_block_size);
90+ memcpy(tga->bitmap + bitmap_caret, decompression_buffer + buffer_caret, pixel_block_size * sizeof(int));
91 bitmap_caret += pixel_block_size;
92 }
93 buffer_caret += pixel_block_size;
94@@ -314,13 +316,13 @@ int read_image_tga( gdIOCtx *ctx, oTga *tga )
95 encoded_pixels = decompression_buffer[ buffer_caret ] + 1;
96 buffer_caret++;
97
98- if ((bitmap_caret + (encoded_pixels * pixel_block_size)) >= image_block_size) {
99+ if ((bitmap_caret + (encoded_pixels * pixel_block_size)) > image_block_size) {
100 gdFree( decompression_buffer );
101 gdFree( conversion_buffer );
102 return -1;
103 }
104
105- memcpy(tga->bitmap + bitmap_caret, decompression_buffer + buffer_caret, encoded_pixels * pixel_block_size);
106+ memcpy(tga->bitmap + bitmap_caret, decompression_buffer + buffer_caret, encoded_pixels * pixel_block_size * sizeof(int));
107 bitmap_caret += (encoded_pixels * pixel_block_size);
108 buffer_caret += (encoded_pixels * pixel_block_size);
109 }
110diff --git a/tests/tga/CMakeLists.txt b/tests/tga/CMakeLists.txt
111index c3a589c..789fb14 100644
112--- a/tests/tga/CMakeLists.txt
113+++ b/tests/tga/CMakeLists.txt
114@@ -5,6 +5,7 @@ LIST(APPEND TESTS_FILES
115 bug00247a
116 bug00248
117 bug00248a
118+ tga_read
119 )
120
121 ADD_GD_TESTS()
122diff --git a/tests/tga/Makemodule.am b/tests/tga/Makemodule.am
123index dff828f..a1e6af6 100644
124--- a/tests/tga/Makemodule.am
125+++ b/tests/tga/Makemodule.am
126@@ -4,7 +4,8 @@ libgd_test_programs += \
127 tga/bug00247a \
128 tga/bug00248 \
129 tga/bug00248a \
130- tga/tga_null
131+ tga/tga_null \
132+ tga/tga_read
133
134 EXTRA_DIST += \
135 tga/CMakeLists.txt \
136@@ -12,4 +13,7 @@ EXTRA_DIST += \
137 tga/bug00247.tga \
138 tga/bug00247a.tga \
139 tga/bug00248.tga \
140- tga/bug00248a.tga
141+ tga/bug00248a.tga \
142+ tga/tga_read_rgb.png \
143+ tga/tga_read_rgb.tga \
144+ tga/tga_read_rgb_rle.tga
145diff --git a/tests/tga/tga_read.c b/tests/tga/tga_read.c
146new file mode 100644
147index 0000000..310b72f
148--- /dev/null
149+++ b/tests/tga/tga_read.c
150@@ -0,0 +1,40 @@
151+/**
152+ * Basic test case for reading TGA files.
153+ */
154+
155+
156+#include "gd.h"
157+#include "gdtest.h"
158+
159+
160+static void assert_equals(char *exp, char *orig);
161+
162+
163+int main()
164+{
165+ assert_equals("tga_read_rgb.png", "tga_read_rgb.tga");
166+ assert_equals("tga_read_rgb.png", "tga_read_rgb_rle.tga");
167+
168+ return gdNumFailures();
169+}
170+
171+
172+static void assert_equals(char *exp, char *orig)
173+{
174+ gdImagePtr im;
175+ FILE *fp;
176+ char *filename;
177+
178+ fp = gdTestFileOpen2("tga", orig);
179+ gdTestAssertMsg(fp != NULL, "can't open %s", orig);
180+
181+ im = gdImageCreateFromTga(fp);
182+ gdTestAssertMsg(im != NULL, "can't read %s", orig);
183+ fclose(fp);
184+
185+ filename = gdTestFilePath2("tga", exp);
186+ gdAssertImageEqualsToFile(filename, im);
187+ gdFree(filename);
188+
189+ gdImageDestroy(im);
190+}
191diff --git a/tests/tga/tga_read_rgb.png b/tests/tga/tga_read_rgb.png
192new file mode 100644
193index 0000000000000000000000000000000000000000..bc468e3d927eaeb77d2f5c3bc35b970457f60f18
194GIT binary patch
195literal 2349
196zcmZ`*c{tSX7XOaO7-6K6b&RD_MnXy$nHe#bsVG~TvfZ*vO?Jle8%ar+AySDfStFGh
197zG#*)pL0RUPJ(FedBaE?x-*o@D_deZwpZ7WMdCuo~-t)faoX_)~lW+lNCI*p(001C{
198zHOJWSbt_+Pfp_!w<m@>WzS`|-X@&uIeytaE1*v>QB*5J9HUNl9{Spw6`Sc(k6uyJC
199zHWeNNLm|3~tCo{U002|57?VrEU+1$sy;a&|;-kbZl`6E_C%>gqbDtC=57F3fUD$)k
200zSG5DTL6#NnU=7wGcCw|<f|{rZi)5q<cVW*NQPQCY0xPU0_nGG#D?wR37BO^o^261%
201z+}quQI_1ZP=gTNp-n|;#)z~^;78o=e@tRYrS#8Jc>M{W*OdYEgjJp6u9Rb7l#X%t`
202zun;^h28uEP=P3Px?|rNGF#17D%A(CJ_ar|?n^0nq!~w+Wg23867ryn!Zlb|~&7A~z
203zqkP=IPyLrOM?58>2rEq=&{*9OMU!HNWJkg`(`y(=2{WLg392OTDyiM2$iCLcv5LCG
204zjWwRq46Da$pV|V^4Gvs36k1dWF^V4c8j%3~jN{*0*$phpF|-#zi@;k@t-s?cqW&sd
205zPh{x~@zm`!5V23*L&Qb=_elN~nEEqQhrhNZiRU#|qjK>6ptaYgj*sAcuS+t-7X5aB
206zUI5f*aL0Dut+y0vde?tg7QMa^0`(plvuD^Q>)J(abQY>@6P_*YY;XJ54VC^_f7F2x
207z21ee^35}!<L@bW?<-JgJ-%sahFv68xPXghCl|CsCc-P-A{`kl_3By}Mq}YnYYmSt4
208z8h8mx?<zBgq9CzV4*#zR8t}x5Or8!9Rn6LgajJ!B)ebxEtrwC@*p4M@D51#?OEY}<
209zqJHu+sCRU2YXNxiq(DP@*(Ui?Jz;IQ@O$Lbf}e8Nwij*L&iUd$N4-Ykfp$vDx#uv?
210z#_eULpAbPvN<tVA>Ek##rQDAOW+@)2?%}XiiSi^ted1PQu{v0&?bA^r%z?7*An3_H
211zvYFv8{p8fsCguNR$#3=6O{^H&8kT9N92CeaRAj3Y_cNl-znY8JZ{MpO#OK}A<_w9J
212zWMI2Kl?xv|S-FTV(aUG_`UWTZOFJGgv2)>JR#*H2Uad(wyqbIZt?w|Dw|k<eY&&9F
213zcr!zDg7=#H^=^MC+W02GN{78K=4Kuq90c@$7f$7+h)^YFm}-?3cEdU+Ivh5RC<+Yy
214zOz(7r<tT|Z34S@glz^9lpp@OstDBGA(iwk<LQ#r@i_)^MV*Re3^qB#j7N}4etZfK>
215zt6<wtj&M2(TLgTh3AH(}4;f4j=<Iu^axvT0!8B)K0O!7g?WnhIyGH5@EtT77&?E{6
216zB5<#{PWJOxQkF}LskzI@;(qVCjE%v-h|S8;`k#h^W5wR-cadW2H2Mk+7QZhqSRd!M
217zcQ8fpx~O^(^O#2gXiWDX&u@lZT#qjPG~Xh0UobVq#~Lumf!%S9`Jhf%MH?4Re5-17
218z7BP>D>=sy59jEGoeEx_W13BnmhAs?*j6#bG1a@#16O~1>q+P2@%QN~``Ws7=WX;F9
219z`=p5I$1ig*G|iW8vslr2^8hj+A0HWDoT-@fn5I53ZWWp!r8fMghmpjdqC%E#%2HFI
220zY&A(g!Li3+$<B^y8^Hw5!sXd&k%Ev!a;~aB#joj1?2ntu9|!GAFUwyc0oe_~y<}?E
221zUh@HUbCI(x2W1rmg7ckzRL2Ew#cdujut+*-t0g)81Tu+3ZH4uP`r1d1kSooU@5ybL
222zR5_J%A5sbak)KrSf>(r|V*&yCb;Ha(&ACi9w;?kQ7q1$hwjli^);+KIJAh|K&YL#E
223z+b(`PZN>V_5?v`hu-U429K9fO%8*k8pE=jDkn5ZJK|Vgl*@&QE^;mwlCxWbq4(hyi
224zUuz)bk@5^HOk@gB`SaWZfX07Eom07js%np8Xot&?YP8R+3|jrR4c#zO{LO<?^G84O
225zoP}G`MK)LZDo_$#nWR09X>NY_mL~1^BUG})*4b;Z_zq+`Q@kzUHC&`trCiQYum;1?
226zBic+0Bl>LLYU?>!B3k!Ils}uXR*`OEr3`f<P@HZFk`0fP5`^X=BOtC?@!vUq7B4OF
227zZEw6+3eoFRE@xEw(%DfIybhJuo03Du2ldm$20Sn3hj15Lu&gPQp=N%r%hME$*j{^@
228zRTffQhH7JLB-70qVkSm$9Zt`mahHLT7O^JnNqAAJs0C^n+1uj_E-}S^?&_U=H?;D_
229z1U9UJAz|+7z|Yq(6${A~5fhc}hH5twnKukf#Dn_JnQ$J4-Z$d}*Trq>?aKr2p19c6
230zYJ}r+^s>6aD~mrp;oIUhlig4sM)Jg3=J{K;dp#BCzRu1sU3D1wJl{jA^Y#ShVT+|^
231zUyjiM&wD~v3zy}K!zWm%3cpu#(*)cmxw1+n+C7V|hcZ6h8CZLubXt&J)h$6yflV6>
232zOVv_gDb*glO9FLL8x6bqM6(F#pGhGy+jjOyt9-daMWGrJKF{XvnT#^TeYaq2MG)qw
233zJ=RV;Mwg*goOa?(wM=EH<#AS$egRj*wnm+Bu4Pb{$-O}GZSiuT1UdBDwv2Rz)b3+L
234zRA=nkaWHB7I$T~B%;KynnS0b@3YpKqt$2;qzwLf>DZ4RFCQB!=QQ`Ft&y_PThuDsA
235zckawmbFnA9Tl7+Ez%a)>>T+Nh@8UxzrZP`<pHEXVd#|2v=f_b#A@|oAzbk6Q_>|O)
236zgw?Xli!)-)xrF2z=thH-TI;|>UVYK64@asT%484CF-pjk+~~wA+Z%fZYua+sDJ<Nf
237zfO`bfl}ig_0&C7BCuBa)xZ?-mQO=bQ2N5;>Sw}~|(tM}hK+z>+^8QQhOsTxl+2AJ+
238zX8WjlS|;0WRv7s_Bk=@u$v3GL@qC?&jcNEv<o68kaz!pHOs@;#CSh|{!j&zrsfn8j
239z6|o#^6C2NO9!G&u;Q0U5hkpCs|2Z3I$nNY~x}Tl<rOB|1KiB|RQyiuYbv@>9Cook&
240
241literal 0
242HcmV?d00001
243
244diff --git a/tests/tga/tga_read_rgb.tga b/tests/tga/tga_read_rgb.tga
245new file mode 100644
246index 0000000000000000000000000000000000000000..5f11f5a080f3424dff6ff368db6af140a5777e23
247GIT binary patch
248literal 90444
249zcmeI4Kab?b5yc6Af(;c(13`fU*%&xb;tQC_*aPhI`Y#kR+DO4FyO7x>23DD|fPu*!
250zc$3RVz$FeASlIpmlR7c>{0XS{cwI!Xhn!*0&G0z9w?L_y)m6=&?%yLhCt|YfC)vBd
251z@3Mbp-(`!RR#lbBv<6~842S_SAO^&M7!U(uKn#chF(3xSfEW-1Vn7Ut0Wly3#DEwO
252z17bi7hygJm2E>3E5CdYM&A?}$ex4m_TFdrYYCYz+9zh#Fz&|9|x2zKn^W#B#+TPQk
253zkGJqug1wSH+UqE;=D8ly$2|8{dOgm*N*~8rNAWn%b(B8lxv$dearRaEIL<nX$9b-!
254z^fAwUm0pjtuhPeH)=@mpa~-9RdG4$9dYpZgK8~}F;&GnqD1FRxU!~XM?5p%~oOKkB
255z^IXTEkMH5{66|-Z6BF}fVs88T*I)i3JJhoOSJ|O9w{_I#nWx?l)duSh)duUtlh$At
256z17Cjm-|T(t=^t5ksQGyXeY}RR66}rB$6N4TCD<$JL)!2RcC~{xmhcaW#u{p)fITEy
257zttmer=|ik~9;VU``gjIkB^qnU`Ab-pXwrv%OZ+UJZKV%gx2JNgp5i>D59woyTux<9
258z(uedh6&9yB59vetm?D=`nUnM(eN2VLDb7RskUpl!<y7V*eMlcuVR4G{kUpf3DRMcL
259zIY}SV$5dFH;yfm%k4wB~a-Co=-1}Dr-lw`wu&?y~m97o@G#T{q3H)`Uv4-!7EMeD)
260zw)K9=Z~mTThuUAV|7C~TzV%W6$E~45nY6k?xn!MZFO2s+{6m8MjdfuTKfpgE*thW<
261z{Cw2@xOHLsAGrJk{yNcELpGPN>qM)WwmHy;dAx?N66{Tw1IK#{s}k%La$6ep^HE#+
262za9lo1VAA+y4Y_=oz@+gjedzt&v$!^qahUWWUeAKpvG42Bhn^$GX6~HMCw)jC=fvyS
263zbCo`%kFl9Mr}If4(#JXRI`&+p59woU=FaJS(ueeMPP~piSLs9g7@N6sI-m3*eVh}o
264zW6yPB`q2AV`u~)Z`u~(cA78-VB^qn^p2#KaF44B$FA47vAM{(Ncz3vdANUYI_Vq~T
265zJFok7_+8Hr{@dw6AD4;m*uMzx*i#=x;yd<VQBUIaym%dZzk)u#fWJ#L*6_E}FJX6y
266zR{!R@|ExhDui;aE=k$%!$6N58@;j%mqz`GsGuYJ*`gjJP^1JEGWequh2}}9ibmmGQ
267z`krwX_ipJ!*U+x(reg27kUpdjX`!D1>7##b#EsTQ`Va%U4)il1ee|!5xY623A7Vh)
268zfqn+0kN&k0H(DF%Lk#FT(9eMM(Z4q0Mr$K|hyh&(`Wcv*KJ@;s-aDDpdnZ93Q+a<^
269z`j9>*rH}Wyw|@5N=h^$%`<z>~{m%qin`x{~&_)6OkZ858w2#x+NA1ID_95uwC47}=
270zz52*T_`_V+ZoXxF%76dsKew<oecZR}82QUk$J(XkqFq?rVsrM=+dI91F>*dfeUR^p
271zOs8;+{5;gLHn&=|ON(1<&R+VEKDzjZ2Kw$F(#J>m?+&_ubg5)Jru)Zfp6{oApOQYd
272zwa^ujKBNz5CFMK%pzr4xvxIHj*iUG$U^$H6v1y&(p%Guen9G_f*dx5vTC9wj2G56n
273z|5yYq@Of%s<Hq`6AI$y@fakh_U0A;Ni03elS1=yhthu+C<>UB*F_<5lxjeqIJnut3
274z$IoG`U%^;I&v~(rw(xbnjlQMNoBDNqtoebp40e+5=NOml8^f{p%x`^%M%@zTb9U92
275zey`caUXzcCKJMFfjC?Z2I$CbIXp=9ClcgtjY;nf67)H!$*JzV-%cp;I=eWXg*SM{G
276z<g|2%V~)!lp64;Nt>)excV35he&noN-o;q_P5nGz@Fe=cxFsxRdfmf(i(%wkbmVOi
277z<GmvulgFhoW*&QO%(TX~{yvYo+;Ngy9%9Bgxif~z9^;-Z_AjlDKIHhib%?RP2szXo
278zb1ZKaayY(coc$}-*dLD9FsrNkam>0$*aBw#8>@*ua-LwUy=ULlxgBeMVC(4mz?d=L
279z_l$AfL*EMCbKYVYeX+I**76U1IV`@fly#^3k7J@WwoB=3qAm}dkd@q$&?aw;nHAPY
280zkGSW%b<U`^)n{WM$234rTl(r4|H<k?-x@VGuhRF0{=)U=9sRs-S^X9J$Kr45=K*VE
281z?x@dK7_WdC|75w=hTj*&HZG^d4C4MiQTjTz(eKCSdA4$}-^NU9?0BsB7<EJRv5M<>
282zjM~z1wy>NiUh`*t=0grOa$~XBqwf(`bL{&Nv(L)Dt+i$hM%}T0Ywn2gyzFaqH+62u
283znjhFYg+6XEuIZ!mnU_qvoEF0_&M_9A1#2Vj?;)kd&10{Pnbz3W-{(;`L?3xqJ!<_u
284zq|pK5ox157qc4Ur$oM{eY<ASIP~Xx3bHlid(;DrJ#oyG=1J0<AOW0kav99wzjQAR6
285z`Y5~h4E?#wX&8>;RaY%z$lG}i?DabAc{6t3SU!%Lz54L^aXXxotd-Wsw#6;B%OjUM
286zD?;50zR?BR9J{qHINtkNk>fv?*DlXfkI5XH*VMTkYkuIY=KN6KHP49M!q(h-<VYWW
287zLC^-DH?WQ4)wtdAz7+ZEP_y$|;Kr`MgL4d5yYXXo?W<x{=lvjcT_Syye%-B&oGX~!
288zW14-9bW>S=?Dw6+?RztJJVw_s>il&!w;aSvSk0-$y1eBu-};Bt`kXMv2A<sC!l)bG
289zQ%nb~b#d{XpA~t{XF&S`wt&^23BL6loVw@AAFds+>%V`jj1%vpoYuag&vZk-^mW!o
290z{6l{K=$sQ6J4jooBdbp^vdU+vg?&!%Lto8v6gS<p*3sv%&2eF-hXQTt&W>B3NxTo|
291zJ$0?XuD>^IF^>ND-+x>CivCBKX=F=Z==0BJ%qu%s7{p9R-CoAQ)Ykbp4&p1v+l7tI
292ze2ZJmd-QdlGs;=m81zx!;LnQM`!EhYwMczD`tjIK-E-v+*Av$l%x)axyw+1Q)CIlg
293zpM1yqC=fG!(BE)O{-I56_<INY%evG32YWu48COQeJ6T1%gpnoM6RdT;#c>h(*uRR#
294zY-)Yn+8oQ(mKHZ3`i<p!4%SDH{&lEtt)tJeHuC&D>#-1P*4OgH`*7Y<*NSTlW~l?u
295z_^$TWzM?kP5H+#s8MCx~HSd@q%j9RD)x0AwhZ#4y8?Rv;{hN@pf@l0b9J7w+TUZ@E
296zj+<H^_ig0Zm>gprYP!Z|KdsSc$gk`Cn0;;JbB;C+{UXjy-E-v+*ORR^SdQ-lUL&6M
297zE`2O_=z-(-dq`>LH1C-49PDc6tVLb!*r{V7-Y|}SUhiYZIQE8p%=dqYHMKtO+pL3i
298zjmdEt=NMNo`wWHEBeo9lt#z~<?~%K5<8;=D_u;&!u9e>laJ+!s!q&m=;i;P(W_sz|
299zBlPomtc10+gk#qFF$;fAwz2;Oj7$x+MW|c2nmQKZxy4=HEn;Mob_2U$U;Kx7t2XYp
300zW90GN9LL7I568{8;kbmqa&-lc87nNd%d-|%1?#Ly-E-v+*Av(!|E7m#AN`)8pWK^1
301zntzY?IclF~1)z(S(?_E{e>U+xocGkVirDA1zqJQA=ChN3KDzOHqxR`m0J^w<*>l{g
302z?@XzCuKeM83jEu>fu366a~1CyYgpX3=-Vg7kFx^M1fQvL7@yhf*{XNl#rtsHQ`d?+
303z3Jt6x9e7RncENo8opuGF3A<;QHd_C`JU)Bso-2R2o@}k54}K5X^yq~5lcnX#pLPYH
304z5BttRos|2|Cf<khp1M}?+Cv8mSnjO#eI(A;@rPf5)IC@J>GY(v)!K>yF(3xSfEW-1
305zVn7Ut0Wly3#DEwO17bi7hygJm2E>3E5CdXB42S_SAO^&M7!U(uKn#chF(3xSfEW-1
306pVn7Ut0Wly3rpJK2`Txh?|LN;LKmWt?-@f?SH@|xR>#u*F{Rp+*(8>S+
307
308literal 0
309HcmV?d00001
310
311diff --git a/tests/tga/tga_read_rgb_rle.tga b/tests/tga/tga_read_rgb_rle.tga
312new file mode 100644
313index 0000000000000000000000000000000000000000..ce845ad0c3da65205af25854d64568b1cf0921e3
314GIT binary patch
315literal 9987
316zcmeI2J!~9R5Xbk<L5NgWrh*l6K@rf2A`LFK334O|$EPT_a+TuJx!kjzIGiJ2I<P>x
317ziiRRbk%9(oq!dtCIspYA&6UugGcC>X|IOQdZ+$+;#>5ek&eFVnJ3DVa{%>aX?a5Je
318zF>-%5qwk}eQT$4wzvw%Lr!o5$L%T1%_;U0&GrMhYD|*=1u+QBMI7bBz5GWAXUI?5o
319z4)=h152)YuP~W$``}B?1quuDQ!tKvI-d*GdmoNVj?N0AU(FV5-mWdwpH55x49>GD6
320z=%BBmXlU4mV>@qJ8fX!<cQoubnZc3TbVtK}?@1Y0!9an5mD0dE28xA&sM>=CL?@={
321z0-|RLqE&j)8olUxtrw;AqBVNamHEBs60Ks5R&l9p6>VC@T4)u!Z+{g<yLY2MYn^Q1
322zd9ELFE4tU$u)n0?3plJ1J?v}PZ)msyr`8V<5?$KSu-0S-M?&o#4QoBb4;grXfdT`M
323zN=c*-Fi>D%n-xb5tYDzPz)HDn9RtO}K-2&bfLTDa$ReF=%5-@43+;@(Xqh_Lqg5;e
324zg}THltzs{<ie37oodrXq8PIa=9O>E>BBIs4hP5RP*Wqxy6Qz9`Y(v8pI6+HwtX$ra
325zy1k}`<+7Ep?x=h3^=RRT3_QR<fq_Rg0|yu=Ft9z}zzPNm46Kv})-g~l4EUq{0-{A0
326z@uf#ui57)+Y^yj$Kb#Ty+&-!K64#`N?AC_rx07^75BGbIkyuBfFo`X6d}cobiI>AG
327z_yH!{gxCD>ho1(boNM2tG;8-@MK-H=sqwzy_Dk<p<<Y;ghphqw-d=+40((iXvX>d}
328zeC*AO?;PyiJI7egrh5aA*tASEv0P|sHWdv;37nkl7;GWQvslElsh1w>E)mVkrK5Wr
329zvyT~j8_(=*6BF=71Iw<4W?fOstUs?=BFaQ*Da#xiBX|}K8QkJdG}zFPqlKLAcr83*
330zWg<d$C_)R@Zt(9GMk4VnKb+4e=emmuJZ@>Q+HzQdV{TOj;%(7%jzp+KJSs$|sS9Fk
331zi>8|_;%+MHn6)L%h}LxJYN%Lsjm=l2JEG}rgt!}vT81WTD?iXN22oo(>Q%FW$7$$!
332zt&?$T0IopDHZ|A}nmLfzok8W3vju;nlA35T-r~-!Mh%-@xp^A6E=V4LfMg^hw4o2J
333zZI)js`N&kV*g%#wDTZ~m<nWLi1ePizuWxAjE=soYvC=mb&tTOxu05X^q<~*Zj<9wL
334zP=$-ZWz~5>cOy6~E}sky$N;c`=y|Ej2+1ZQ2f9i4w?h@e2{8NMT~!94nB@itGuLH}
335zXVpo_fLn+Ny=`_6ub%qVxz9IOHOQr&m-w|E<2CfOb2=CaIW-6=RoY?8DbvigNhHcJ
336zG#i_20Ls>TP|sG<1T!>Hm<6C_+a^z4YoiJ>5de05QI0M6IheVSK%5>}CEC#MwBHBI
337ziIa1Wpa&iZ_r@?tJkJ5<afw}YS{54Q*|ADIR<0rq7ju0Ezq{lB$w1gObbznQZdZVC
338zC{fEsk6_CHMd|PuWL7zD?Gbil$1PB(y&Zkn_I|ZCmODo!ml!;5_YN=f8&f%XLJ69i
339zw+YreoXy~Iho>|{-W{nZBP!8&Q$t}P*I~(hRwZ6%$Lp+>-V88<W1vX?KTsG@4Mp7*
340zP43JO--G~U!gJBc0<A+dG0?19zUEwf+}?LWRX6~j_TKxg%r*$-xiTt}Yajv!vcmP)
341zqnTh(gvtWBmMHdlF_;5HXb)v)Q_z7o(;nJBIi5s&D7DGOkh+Oa-OSuJgOmf2R1I-V
342zRL&L6j_DV<hr<B?9Mn_S!{H7Uhx4N2TcLZ}5FFv{ZJA>rG8_ARaUB|->lMt--ZnEI
343zTJ7{U4;S{j2Ay9PTlySLkZpPkSyjD9xB@11Gqz?H&}bm6INZyXa|<usjtD%sjy+Z`
344zO^{AKuWKHIUn2Ss=N8*9c5f<jyF%cp-^Zcb5%Fp{gGhMmxXnNb1>}y*$KYeSt=BT^
345z9)n8f69who6DC3I4i6#*smWsw#8aACPLFDXvaYploY`rTzv^v6%`=fZ=~tM<Gx7U2
346zGVu^u%W!94&zt&L+f3G5W^S(`9GhA$F^gxQaDFP%)PFP84q_$@7HzQb60>~+#d%*t
347zf%)V_G>Dlk3}01X6V9YA0}KH#x+MuyPXYm7$4BlC*YhI}#g|)Uh0-v*i7ggcv&@^C
348zjYO%ac80KpJfmhZkwXX$pH_*;t&cQIT_(xF6ht!Iic3UdT(%7ihfT|wtXWA&V1Sf;
349zU3WEU`G(*m{rfc5Lu-SUf;0gW_gTQ5!wKEEk(Qj)=S2;}8FVa^9uYEg=U`?TJS&;e
350zZ|IGrGhpnT4H$<N0L>R>%fn7eg+%K9in1ezX3K%Y`r6i<mRK!fyE0L3T&%#2e?}WI
351zcSMQE6&v2hGddfHYR&MD28%5H1s1ZQZU%;X@Wf!oTq<&1f;-%4`%tL#0yUz{`gTy@
352x8%~Vp2_Ce5$E=Cyg!2^tf$X%_aF4$a-uv+CN7vrJ_RjTJKYsJtTUTF;{sH~|7$pDz
353
354literal 0
355HcmV?d00001
356
357--
3582.10.2
359
diff --git a/meta-oe/recipes-support/gd/gd_2.2.3.bb b/meta-oe/recipes-support/gd/gd_2.2.4.bb
index 562170694..4932bb7b6 100644
--- a/meta-oe/recipes-support/gd/gd_2.2.3.bb
+++ b/meta-oe/recipes-support/gd/gd_2.2.4.bb
@@ -9,20 +9,14 @@ HOMEPAGE = "http://libgd.bitbucket.org/"
9 9
10SECTION = "libs" 10SECTION = "libs"
11LICENSE = "GD" 11LICENSE = "GD"
12LIC_FILES_CHKSUM = "file://COPYING;md5=c97638cafd3581eb87abd37332137669" 12LIC_FILES_CHKSUM = "file://COPYING;md5=07384b3aa2e0d39afca0d6c40286f545"
13
13DEPENDS = "freetype libpng jpeg zlib tiff" 14DEPENDS = "freetype libpng jpeg zlib tiff"
14 15
15SRC_URI = "git://github.com/libgd/libgd.git;branch=GD-2.2 \ 16SRC_URI = "git://github.com/libgd/libgd.git;branch=GD-2.2 \
16 file://fix-gcc-unused-functions.patch \ 17 "
17 file://CVE-2016-10166.patch \
18 file://CVE-2016-10167.patch \
19 file://CVE-2016-10168.patch \
20 file://.gitignore-the-new-test-case.patch \
21 file://Fix-290-TGA-RLE-decoding-is-broken.patch;apply=no \
22 file://CVE-2016-6906-1.patch;apply=no \
23 file://CVE-2016-6906-2.patch;apply=no"
24 18
25SRCREV = "46ceef5970bf3a847ff61d1bdde7501d66c11d0c" 19SRCREV = "de09874b15a4c88772db35ced842330f5de23e76"
26 20
27S = "${WORKDIR}/git" 21S = "${WORKDIR}/git"
28 22
@@ -39,19 +33,6 @@ EXTRA_OECONF += " --disable-rpath \
39 33
40EXTRA_OEMAKE = 'LDFLAGS="${LDFLAGS}"' 34EXTRA_OEMAKE = 'LDFLAGS="${LDFLAGS}"'
41 35
42do_git_apply () {
43 cd ${S}
44 if [ ! -f tests/tga/tga_read_rgb.png ]; then
45 git apply ${S}/../Fix-290-TGA-RLE-decoding-is-broken.patch
46 git apply ${S}/../CVE-2016-6906-1.patch
47 git apply ${S}/../CVE-2016-6906-2.patch
48 fi
49}
50
51do_patch_append() {
52 bb.build.exec_func('do_git_apply', d)
53}
54
55do_install_append() { 36do_install_append() {
56 # cleanup buildpaths from gdlib.pc 37 # cleanup buildpaths from gdlib.pc
57 sed -i -e 's#${STAGING_DIR_HOST}##g' ${D}${libdir}/pkgconfig/gdlib.pc 38 sed -i -e 's#${STAGING_DIR_HOST}##g' ${D}${libdir}/pkgconfig/gdlib.pc
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-07-02 04:38:28 +0000