diff options
author | ghen <ghen> | 2006-06-15 12:56:54 +0000 |
---|---|---|
committer | ghen <ghen> | 2006-06-15 12:56:54 +0000 |
commit | 9f5f10a71fad27a28e879495c7e6907e28b07c8e (patch) | |
tree | 0765aa87354559cc85e77222c2242f902a700daf | |
parent | 5910a2986e7bc62a78fd55b20449b5cb7b6541cb (diff) | |
download | pkgsrc-9f5f10a71fad27a28e879495c7e6907e28b07c8e.tar.gz |
Pullup ticket 1702 - requested by salo
security fix for gd
Revisions pulled up:
- pkgsrc/graphics/gd/Makefile 1.68, 1.69, 1.70
- pkgsrc/graphics/gd/distinfo 1.23
- pkgsrc/graphics/gd/patches/patch-ac 1.3
Module Name: pkgsrc
Committed By: minskim
Date: Sun May 14 18:19:08 UTC 2006
Modified Files:
pkgsrc/graphics/gd: Makefile
Log Message:
Fix a pkglint warning.
---
Module Name: pkgsrc
Committed By: minskim
Date: Sun May 14 18:22:38 UTC 2006
Modified Files:
pkgsrc/graphics/gd: Makefile
Log Message:
This package installs a perl script. Add a dependency on perl using
USE_TOOLS.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: salo
Date: Wed Jun 14 21:42:33 UTC 2006
Modified Files:
pkgsrc/graphics/gd: Makefile distinfo
Added Files:
pkgsrc/graphics/gd/patches: patch-ac
Log Message:
Security fix for CVE-2006-2906:
"The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas
Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote
attackers to cause a denial of service (CPU consumption) via malformed
GIF data that causes an infinite loop."
Patch from Xavier Roche via Ubuntu.
-rw-r--r-- | graphics/gd/Makefile | 7 | ||||
-rw-r--r-- | graphics/gd/distinfo | 3 | ||||
-rw-r--r-- | graphics/gd/patches/patch-ac | 65 |
3 files changed, 71 insertions, 4 deletions
diff --git a/graphics/gd/Makefile b/graphics/gd/Makefile index a618b0ec00c..ad549a4ffb6 100644 --- a/graphics/gd/Makefile +++ b/graphics/gd/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.66 2006/02/05 23:09:30 joerg Exp $ +# $NetBSD: Makefile,v 1.66.2.1 2006/06/15 12:56:54 ghen Exp $ DISTNAME= gd-2.0.33 -PKGREVISION= 2 +PKGREVISION= 5 CATEGORIES= graphics MASTER_SITES= http://www.boutell.com/gd/http/ @@ -12,8 +12,9 @@ COMMENT= Graphics library for the dynamic creation of images PKG_INSTALLATION_TYPES= overwrite pkgviews USE_LIBTOOL= YES +USE_TOOLS+= perl:run GNU_CONFIGURE= YES -REPLACE_PERL= bdftogd +REPLACE_PERL+= bdftogd PTHREAD_AUTO_VARS= yes .include "../../devel/zlib/buildlink3.mk" diff --git a/graphics/gd/distinfo b/graphics/gd/distinfo index 5a556cee191..9085d8152b2 100644 --- a/graphics/gd/distinfo +++ b/graphics/gd/distinfo @@ -1,7 +1,8 @@ -$NetBSD: distinfo,v 1.22 2005/06/06 18:38:08 minskim Exp $ +$NetBSD: distinfo,v 1.22.8.1 2006/06/15 12:56:54 ghen Exp $ SHA1 (gd-2.0.33.tar.gz) = 89548efb01116a740c796a8df80de16d19856811 RMD160 (gd-2.0.33.tar.gz) = 6c573638387bb36044f3d4d480b10229445b9a6b Size (gd-2.0.33.tar.gz) = 587617 bytes SHA1 (patch-aa) = 38f0aa7043dba517405312d4eef59347e3c0185a SHA1 (patch-ab) = 082f5baa2c147fb62381c21ecb3ce11a1891a2aa +SHA1 (patch-ac) = 154abdaff73099617a1b57f4d2f19358aaf2a043 diff --git a/graphics/gd/patches/patch-ac b/graphics/gd/patches/patch-ac new file mode 100644 index 00000000000..2f4bfd8bf9c --- /dev/null +++ b/graphics/gd/patches/patch-ac @@ -0,0 +1,65 @@ +$NetBSD: patch-ac,v 1.2.20.1 2006/06/15 12:56:54 ghen Exp $ + +Security fix for CVE-2006-2906, from Xavier Roche via Ubuntu. + +--- gd_gif_in.c.orig 2004-11-01 19:28:56.000000000 +0100 ++++ gd_gif_in.c 2006-06-14 23:30:38.000000000 +0200 +@@ -118,6 +118,7 @@ + char version[4]; + /* 2.0.28: threadsafe storage */ + int ZeroDataBlock = FALSE; ++ int maxcount = 1024; + + gdImagePtr im = 0; + if (! ReadOK(fd,buf,6)) { +@@ -164,6 +165,8 @@ + } + + if (c != ',') { /* Not a valid start character */ ++ if (--maxcount < 0) ++ goto terminated; /* Looping */ + continue; + } + +@@ -242,6 +245,7 @@ + DoExtension(gdIOCtx *fd, int label, int *Transparent, int *ZeroDataBlockP) + { + static unsigned char buf[256]; ++ int maxcount = 1024; + + switch (label) { + case 0xf9: /* Graphic Control Extension */ +@@ -254,13 +258,13 @@ + if ((buf[0] & 0x1) != 0) + *Transparent = buf[3]; + +- while (GetDataBlock(fd, (unsigned char*) buf, ZeroDataBlockP) != 0) ++ while (GetDataBlock(fd, (unsigned char*) buf, ZeroDataBlockP) != 0 && --maxcount >= 0) + ; + return FALSE; + default: + break; + } +- while (GetDataBlock(fd, (unsigned char*) buf, ZeroDataBlockP) != 0) ++ while (GetDataBlock(fd, (unsigned char*) buf, ZeroDataBlockP) != 0 && --maxcount >= 0) + ; + + return FALSE; +@@ -419,14 +423,15 @@ + } else if (code == end_code) { + int count; + unsigned char buf[260]; ++ int maxcount = 1024; + + if (*ZeroDataBlockP) + return -2; + +- while ((count = GetDataBlock(fd, buf, ZeroDataBlockP)) > 0) ++ while ((count = GetDataBlock(fd, buf, ZeroDataBlockP)) > 0 && --maxcount >= 0) + ; + +- if (count != 0) ++ if (count != 0 || maxcount < 0) + return -2; + } + |