Merge remote-tracking branch 'dev/13-4-stable' into 13-4-stable

8606a1db · GitLab Release Tools Bot · a73fe0c3 · efb53163 · 8606a1db · 8606a1db
Commit 8606a1db authored 4 years ago by GitLab Release Tools Bot
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,15 @@
 The latest version of this file can be found at the master branch of the
 omnibus-gitlab repository.
+## 13.4.7 (2020-12-07)
+### Security (3 changes)
+- Update GnuPG to version 2.2.23.
+- Update libxml2 to version 2.9.10.
+- Update GraphicsMagick to 1.3.35 and patch PNG vulnerability.
 ## 13.4.6 (2020-11-03)
 ### Fixed (1 change)

--- a/GITALY_SERVER_VERSION
+++ b/GITALY_SERVER_VERSION
-13.4.6
+13.4.7
\ No newline at end of file
--- a/VERSION
+++ b/VERSION
-13.4.6-ee
+13.4.7-ee
\ No newline at end of file
--- a/config/patches/graphicsmagick/png-vulnerability-fix.patch
+++ b/config/patches/graphicsmagick/png-vulnerability-fix.patch
+Patch adapted from https://sourceforge.net/p/graphicsmagick/code/ci/50395430a37188d0d197e71bd85ed6dd0f649ee3/.
+diff --git a/coders/png.c b/coders/png.c
+index 60ce8dc..5878e60 100644
+--- a/coders/png.c
+++ b/coders/png.c
+@@ -5304,7 +5304,7 @@ static Image *ReadMNGImage(const ImageInfo *image_info,
+               if (logging)
+                 (void) LogMagickEvent(CoderEvent,GetMagickModule(),
+                                       "MAGN chunk (%lu bytes): "
+-                                      "First_magnified_object_id=%u, Last_magnified_object_id=%u, "
+                                      "First_magnified_object_id=%u, Las t_magnified_object_id=%u, "
+                                       "MB=%u, ML=%u, MR=%u, MT=%u, MX=%u, MY=%u, "
+                                       "X_method=%u, Y_method=%u",
+                                       length,
+@@ -5679,6 +5679,8 @@ static Image *ReadMNGImage(const ImageInfo *image_info,
+           /*
+             If magnifying and a supported method is requested then
+             magnify the image.
+
+            http://www.libpng.org/pub/mng/spec/mng-1.0-20010209-pdg.html#mng-MAGN
+           */
+           if (((mng_info->magn_methx > 0) && (mng_info->magn_methx <= 5)) &&
+               ((mng_info->magn_methy > 0) && (mng_info->magn_methy <= 5)))
+@@ -5689,7 +5691,28 @@ static Image *ReadMNGImage(const ImageInfo *image_info,
+               if (logging)
+                 (void) LogMagickEvent(CoderEvent,GetMagickModule(),
+-                                      "  Processing MNG MAGN chunk");
+                                      "  Processing MNG MAGN chunk: MB=%u, ML=%u,"
+                                      " MR=%u, MT=%u, MX=%u, MY=%u,"
+                                      " X_method=%u, Y_method=%u",
+                                      mng_info->magn_mb,mng_info->magn_ml,
+                                      mng_info->magn_mr,mng_info->magn_mt,
+                                      mng_info->magn_mx,mng_info->magn_my,
+                                      mng_info->magn_methx,
+                                      mng_info->magn_methy);
+
+              /*
+                If the image width is 1, then X magnification is done
+                by simple pixel replication.
+              */
+              if (image->columns == 1)
+                  mng_info->magn_methx = 1;
+
+              /*
+                If the image height is 1, then Y magnification is done
+                by simple pixel replication.
+              */
+              if (image->rows == 1)
+                  mng_info->magn_methy = 1;
+               if (mng_info->magn_methx == 1)
+                 {
+@@ -5734,12 +5757,10 @@ static Image *ReadMNGImage(const ImageInfo *image_info,
+                   Image
+                     *large_image;
+-                  int
+-                    yy;
+-
+                   long
+                     m,
+-                    y;
+                    y,
+                    yy;
+                   register long
+                     x;
--- a/config/patches/libxml2/50f06b3efb638efb0abd95dc62dca05ae67882c2.patch
+++ b/config/patches/libxml2/50f06b3efb638efb0abd95dc62dca05ae67882c2.patch
+From 50f06b3efb638efb0abd95dc62dca05ae67882c2 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Fri, 7 Aug 2020 21:54:27 +0200
+Subject: [PATCH] Fix out-of-bounds read with 'xmllint --htmlout'
+Make sure that truncated UTF-8 sequences don't cause an out-of-bounds
+array access.
+Thanks to @SuhwanSong and the Agency for Defense Development (ADD) for
+the report.
+Fixes #178.
+---
+ xmllint.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+diff --git a/xmllint.c b/xmllint.c
+index f6a8e4636..c647486f3 100644
+--- a/xmllint.c
+++ b/xmllint.c
+@@ -528,6 +528,12 @@ static void
+ xmlHTMLEncodeSend(void) {
+     char *result;
+    /*
+     * xmlEncodeEntitiesReentrant assumes valid UTF-8, but the buffer might
+     * end with a truncated UTF-8 sequence. This is a hack to at least avoid
+     * an out-of-bounds read.
+     */
+    memset(&buffer[sizeof(buffer)-4], 0, 4);
+     result = (char *) xmlEncodeEntitiesReentrant(NULL, BAD_CAST buffer);
+     if (result) {
+ 	xmlGenericError(xmlGenericErrorContext, "%s", result);
+--
+GitLab
\ No newline at end of file
--- a/config/software/gnupg.rb
+++ b/config/software/gnupg.rb
@@ -15,7 +15,7 @@
 #
 name 'gnupg'
-default_version '2.2.22'
+default_version '2.2.23'
 dependency 'libassuan'
 dependency 'npth'
@@ -30,7 +30,7 @@ license_file 'COPYING.LGPL3'
 skip_transitive_dependency_licensing true
 source url: "https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-#{version}.tar.bz2",
-       sha256: '7c1370565e1910b9d8c4e0fb57b9de34aa062ec7bb91abad5803d791f38d855b'
+       sha256: '10b55e49d78b3e49f1edb58d7541ecbdad92ddaeeb885b6f486ed23d1cd1da5c'
 relative_path "gnupg-#{version}"

--- a/config/software/graphicsmagick.rb
+++ b/config/software/graphicsmagick.rb
@@ -15,7 +15,7 @@
 #
 name 'graphicsmagick'
-default_version '1.3.34'
+default_version '1.3.35'
 license 'MIT'
 license_file 'Copyright.txt'
@@ -28,13 +28,15 @@ dependency 'libtiff'
 dependency 'zlib'
 source url: "https://ftp.icm.edu.pl/pub/unix/graphics/GraphicsMagick/1.3/GraphicsMagick-#{version}.tar.gz",
-       sha256: '4717f7a32d964c515d83706fd52d34e089c2ffa35f8fbf43c923ce19343cf2f4'
+       sha256: 'd96d5ce2ef7e0e90166551e38742713728bfd33d6f18495a9ddda938700fc055'
 relative_path "GraphicsMagick-#{version}"
 build do
  env = with_standard_compiler_flags(with_embedded_path)
+  patch source: "png-vulnerability-fix.patch"
  configure_command = [
    './configure',
    "--prefix=#{install_dir}/embedded",

--- a/config/software/libxml2.rb
+++ b/config/software/libxml2.rb
@@ -15,7 +15,7 @@
 #
 name 'libxml2'
-default_version '2.9.9'
+default_version '2.9.10'
 license 'MIT'
 license_file 'COPYING'
@@ -27,8 +27,8 @@ dependency 'libiconv'
 dependency 'liblzma'
 dependency 'config_guess'
-version '2.9.9' do
+version '2.9.10' do
-  source md5: 'c04a5a0a042eaa157e8e8c9eabe76bd6'
+  source sha256: 'aafee193ffb8fe0c82d4afef6ef91972cbaf5feea100edc2f262750611b4be1f'
 end
 source url: "ftp://xmlsoft.org/libxml2/libxml2-#{version}.tar.gz"
@@ -38,6 +38,8 @@ relative_path "libxml2-#{version}"
 build do
  env = with_standard_compiler_flags(with_embedded_path)
+  patch source: '50f06b3efb638efb0abd95dc62dca05ae67882c2.patch', env: env
  configure_command = [
    "--with-zlib=#{install_dir}/embedded",
    "--with-iconv=#{install_dir}/embedded",