diff options
| author | tron <tron@pkgsrc.org> | 2009-10-22 21:28:32 +0000 |
|---|---|---|
| committer | tron <tron@pkgsrc.org> | 2009-10-22 21:28:32 +0000 |
| commit | bdb03361e54c4f90e26f141a84a6b4445a9ba6eb (patch) | |
| tree | 49c04ccd0cbae4b7976a76919777e52b6d368b1a | |
| parent | f84221a1a5958cefcd5d1555194436e234ab2a40 (diff) | |
| download | pkgsrc-bdb03361e54c4f90e26f141a84a6b4445a9ba6eb.tar.gz | |
Pullup ticket #2919 - requested by taca
gd: security patch
Revisions pulled up:
- graphics/gd/Makefile 1.81
- graphics/gd/distinfo 1.30-1.31
- graphics/gd/patches/patch-ad 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Oct 22 14:39:55 UTC 2009
Modified Files:
pkgsrc/graphics/gd: Makefile distinfo
Added Files:
pkgsrc/graphics/gd/patches: patch-ad
Log Message:
Fix gd library security problem refering PHP's SVN repositry.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546
Bump PKGREVISION.
(This fix is for php5 only and I don't know about php4.)
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Oct 22 15:20:53 UTC 2009
Modified Files:
pkgsrc/graphics/gd: distinfo
Log Message:
Oops, update distinfo.
| -rw-r--r-- | graphics/gd/Makefile | 4 | ||||
| -rw-r--r-- | graphics/gd/distinfo | 3 | ||||
| -rw-r--r-- | graphics/gd/patches/patch-ad | 18 |
3 files changed, 22 insertions, 3 deletions
diff --git a/graphics/gd/Makefile b/graphics/gd/Makefile index 46124a9b15a..d2984091a37 100644 --- a/graphics/gd/Makefile +++ b/graphics/gd/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.80 2009/08/26 19:56:39 sno Exp $ +# $NetBSD: Makefile,v 1.80.2.1 2009/10/22 21:28:32 tron Exp $ DISTNAME= gd-2.0.35 -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES= graphics MASTER_SITES= http://www.libgd.org/releases/ EXTRACT_SUFX= .tar.bz2 diff --git a/graphics/gd/distinfo b/graphics/gd/distinfo index 5e897f0bc77..210883a9f69 100644 --- a/graphics/gd/distinfo +++ b/graphics/gd/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.29 2009/04/12 00:29:26 sno Exp $ +$NetBSD: distinfo,v 1.29.4.1 2009/10/22 21:28:32 tron Exp $ SHA1 (gd-2.0.35.tar.bz2) = ccf34a610abff2dbf133a20c4d2a4aa94939018a RMD160 (gd-2.0.35.tar.bz2) = f452a2c333b2ba9b7b4c143983ec2af18a335516 @@ -6,3 +6,4 @@ Size (gd-2.0.35.tar.bz2) = 1212730 bytes SHA1 (patch-aa) = 726107579811ce1f33b00bd4dbf13040c48120bb SHA1 (patch-ab) = 082f5baa2c147fb62381c21ecb3ce11a1891a2aa SHA1 (patch-ac) = d166ed4d0a3510c610e8aa233d312e15d96f4667 +SHA1 (patch-ad) = 27631984f613c4c1c6f57cea23c36ae7d48271ac diff --git a/graphics/gd/patches/patch-ad b/graphics/gd/patches/patch-ad new file mode 100644 index 00000000000..97959238b9e --- /dev/null +++ b/graphics/gd/patches/patch-ad @@ -0,0 +1,18 @@ +$NetBSD: patch-ad,v 1.1.2.2 2009/10/22 21:28:32 tron Exp $ + +* Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546, + similar chagne from PHP's SVN repositry r289557. + +--- gd_gd.c.orig 2006-04-06 00:52:22.000000000 +0900 ++++ gd_gd.c +@@ -44,6 +44,10 @@ _gdGetColors (gdIOCtx * in, gdImagePtr i + { + goto fail1; + } ++ if (im->colorsTotal > gdMaxColors) ++ { ++ goto fail1; ++ } + } + /* Int to accommodate truecolor single-color transparency */ + if (!gdGetInt (&im->transparent, in)) |