Gitiles
Code Review Sign In
gerrit.openbmc.org / stefanberger / openbmc / 1a4b7ee28bf7413af6513fb45ad0d0736048f866^! / . / meta-openembedded / meta-oe / recipes-support / gd
commit1a4b7ee28bf7413af6513fb45ad0d0736048f866[log] [tgz]
authorBrad Bishop <bradleyb@fuzziesquirrel.com>Sun Dec 16 17:11:34 2018 -0800
committerBrad Bishop <bradleyb@fuzziesquirrel.com>Tue Jan 08 18:21:44 2019 -0500
tree79f6d8ea698cab8f2eaf4f54b793d2ca7a1451ce
parent5b9ede0403237c7dace972affa65cf64a1aadd0e [diff]
reset upstream subtrees to yocto 2.6

Reset the following subtrees on thud HEAD:

  poky: 87e3a9739d
  meta-openembedded: 6094ae18c8
  meta-security: 31dc4e7532
  meta-raspberrypi: a48743dc36
  meta-xilinx: c42016e2e6

Also re-apply backports that didn't make it into thud:
  poky:
    17726d0 systemd-systemctl-native: handle Install wildcards

  meta-openembedded:
    4321a5d libtinyxml2: update to 7.0.1
    042f0a3 libcereal: Add native and nativesdk classes
    e23284f libcereal: Allow empty package
    030e8d4 rsyslog: curl-less build with fmhttp PACKAGECONFIG
    179a1b9 gtest: update to 1.8.1

Squashed OpenBMC subtree compatibility updates:
  meta-aspeed:
    Brad Bishop (1):
          aspeed: add yocto 2.6 compatibility

  meta-ibm:
    Brad Bishop (1):
          ibm: prepare for yocto 2.6

  meta-ingrasys:
    Brad Bishop (1):
          ingrasys: set layer compatibility to yocto 2.6

  meta-openpower:
    Brad Bishop (1):
          openpower: set layer compatibility to yocto 2.6

  meta-phosphor:
    Brad Bishop (3):
          phosphor: set layer compatibility to thud
          phosphor: libgpg-error: drop patches
          phosphor: react to fitimage artifact rename

    Ed Tanous (4):
          Dropbear: upgrade options for latest upgrade
          yocto2.6: update openssl options
          busybox: remove upstream watchdog patch
          systemd: Rebase CONFIG_CGROUP_BPF patch

Change-Id: I7b1fe71cca880d0372a82d94b5fd785323e3a9e7
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>

diff --git a/meta-openembedded/meta-oe/recipes-support/gd/gd/0001-annotate.c-gdft.c-Replace-strncpy-with-memccpy-to-fi.patch b/meta-openembedded/meta-oe/recipes-support/gd/gd/0001-annotate.c-gdft.c-Replace-strncpy-with-memccpy-to-fi.patch
new file mode 100644
index 0000000..c377b37
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-support/gd/gd/0001-annotate.c-gdft.c-Replace-strncpy-with-memccpy-to-fi.patch

@@ -0,0 +1,46 @@
+From 85c7694a5cf34597909bdd1ca6931b0f99904c2e Mon Sep 17 00:00:00 2001
+From: Robert Yang <liezhi.yang@windriver.com>
+Date: Tue, 19 Jun 2018 00:40:49 -0700
+Subject: [PATCH] annotate.c/gdft.c: Replace strncpy with memccpy to fix
+ -Wstringop-truncation.
+
+Fixed for gcc8:
+git/src/gdft.c:1699:2: error: 'strncpy' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation]
+
+Upstream-Status: Submitted [https://github.com/libgd/libgd/pull/442]
+
+Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
+---
+ src/annotate.c | 2 +-
+ src/gdft.c     | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/annotate.c b/src/annotate.c
+index 00aaf49..17df813 100644
+--- a/src/annotate.c
++++ b/src/annotate.c
+@@ -104,7 +104,7 @@ int main(int argc, char *argv[])
+ 					fprintf(stderr, "Font maximum length is 1024, %d given\n", font_len);
+ 					goto badLine;
+ 				}
+-				strncpy(font, st, font_len);
++				memcpy(font, st, font_len);
+ 			}
+ 		} else if(!strcmp(st, "align")) {
+ 			char *st = strtok(0, " \t\r\n");
+diff --git a/src/gdft.c b/src/gdft.c
+index 9fa8295..81dbe41 100644
+--- a/src/gdft.c
++++ b/src/gdft.c
+@@ -1696,7 +1696,7 @@ static char * font_path(char **fontpath, char *name_list)
+ 		gdFree(path);
+ 		return "could not alloc full list of fonts";
+ 	}
+-	strncpy(fontlist, name_list, name_list_len);
++	memcpy(fontlist, name_list, name_list_len);
+ 	fontlist[name_list_len] = 0;
+ 
+ 	/*
+-- 
+2.10.2
+

diff --git a/meta-openembedded/meta-oe/recipes-support/gd/gd/CVE-2018-1000222.patch b/meta-openembedded/meta-oe/recipes-support/gd/gd/CVE-2018-1000222.patch
new file mode 100644
index 0000000..25924d1
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-support/gd/gd/CVE-2018-1000222.patch

@@ -0,0 +1,82 @@
+From 4b1e18a00ce7c4b7e6919c3b3109a034393b805a Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Sat, 14 Jul 2018 13:54:08 -0400
+Subject: [PATCH] bmp: check return value in gdImageBmpPtr
+
+Closes #447.
+
+(cherry picked from commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5)
+
+Upstream-Status: Backport [https://github.com/libgd/libgd/commit/4b1e18a00ce7c4b7e6919c3b3109a034393b805a]
+CVE: CVE-2018-1000222
+Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
+---
+ src/gd_bmp.c | 17 ++++++++++++++---
+ 1 file changed, 14 insertions(+), 3 deletions(-)
+
+diff --git a/src/gd_bmp.c b/src/gd_bmp.c
+index ccafdcd..d625da1 100644
+--- a/src/gd_bmp.c
++++ b/src/gd_bmp.c
+@@ -48,6 +48,8 @@ static int bmp_read_4bit(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info, bmp
+ static int bmp_read_8bit(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info, bmp_hdr_t *header);
+ static int bmp_read_rle(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info);
+ 
++static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression);
++
+ #define BMP_DEBUG(s)
+ 
+ static int gdBMPPutWord(gdIOCtx *out, int w)
+@@ -88,8 +90,10 @@ BGD_DECLARE(void *) gdImageBmpPtr(gdImagePtr im, int *size, int compression)
+ 	void *rv;
+ 	gdIOCtx *out = gdNewDynamicCtx(2048, NULL);
+ 	if (out == NULL) return NULL;
+-	gdImageBmpCtx(im, out, compression);
+-	rv = gdDPExtractData(out, size);
++	if (!_gdImageBmpCtx(im, out, compression))
++		rv = gdDPExtractData(out, size);
++	else
++		rv = NULL;
+ 	out->gd_free(out);
+ 	return rv;
+ }
+@@ -142,6 +146,11 @@ BGD_DECLARE(void) gdImageBmp(gdImagePtr im, FILE *outFile, int compression)
+ 		compression - whether to apply RLE or not.
+ */
+ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
++{
++	_gdImageBmpCtx(im, out, compression);
++}
++
++static int _gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
+ {
+ 	int bitmap_size = 0, info_size, total_size, padding;
+ 	int i, row, xpos, pixel;
+@@ -149,6 +158,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
+ 	unsigned char *uncompressed_row = NULL, *uncompressed_row_start = NULL;
+ 	FILE *tmpfile_for_compression = NULL;
+ 	gdIOCtxPtr out_original = NULL;
++	int ret = 1;
+ 
+ 	/* No compression if its true colour or we don't support seek */
+ 	if (im->trueColor) {
+@@ -326,6 +336,7 @@ BGD_DECLARE(void) gdImageBmpCtx(gdImagePtr im, gdIOCtxPtr out, int compression)
+ 		out_original = NULL;
+ 	}
+ 
++	ret = 0;
+ cleanup:
+ 	if (tmpfile_for_compression) {
+ #ifdef _WIN32
+@@ -339,7 +350,7 @@ cleanup:
+ 	if (out_original) {
+ 		out_original->gd_free(out_original);
+ 	}
+-	return;
++	return ret;
+ }
+ 
+ static int compress_row(unsigned char *row, int length)
+-- 
+2.17.1
+

diff --git a/meta-openembedded/meta-oe/recipes-support/gd/gd_2.2.5.bb b/meta-openembedded/meta-oe/recipes-support/gd/gd_2.2.5.bb
index 63d9acf..548d2c5 100644
--- a/meta-openembedded/meta-oe/recipes-support/gd/gd_2.2.5.bb
+++ b/meta-openembedded/meta-oe/recipes-support/gd/gd_2.2.5.bb

@@ -14,6 +14,8 @@
 DEPENDS = "freetype libpng jpeg zlib tiff"
 
 SRC_URI = "git://github.com/libgd/libgd.git;branch=GD-2.2 \
+           file://0001-annotate.c-gdft.c-Replace-strncpy-with-memccpy-to-fi.patch \
+           file://CVE-2018-1000222.patch \
           "
 
 SRCREV = "8255231b68889597d04d451a72438ab92a405aba"