diff options
author | tron <tron> | 2009-10-22 21:25:08 +0000 |
---|---|---|
committer | tron <tron> | 2009-10-22 21:25:08 +0000 |
commit | c055a9523e6fee3a29417fedb29273b6a57b5165 (patch) | |
tree | 45d9346078dfb16ca30394a82793ef2025fa0af8 | |
parent | 4b4ccbe4cf37917bf173ab37e680f8a14946e1aa (diff) | |
download | pkgsrc-c055a9523e6fee3a29417fedb29273b6a57b5165.tar.gz |
Pullup ticket #2918 - requested by taca:
php-gd: security patch
Revisions pulled up:
- graphics/php-gd/Makefile 1.20
- lang/php5/distinfo 1.68
- lang/php5/patches/patch-ay 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Oct 22 14:37:47 UTC 2009
Modified Files:
pkgsrc/graphics/php-gd: Makefile
pkgsrc/lang/php5: distinfo
Added Files:
pkgsrc/lang/php5/patches: patch-ay
Log Message:
Add a patch from PHP's SVN repositry to fix gd library security problem.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546>
-rw-r--r-- | graphics/php-gd/Makefile | 4 | ||||
-rw-r--r-- | lang/php5/distinfo | 3 | ||||
-rw-r--r-- | lang/php5/patches/patch-ay | 17 |
3 files changed, 21 insertions, 3 deletions
diff --git a/graphics/php-gd/Makefile b/graphics/php-gd/Makefile index 9b3aae50afd..b632e00ae87 100644 --- a/graphics/php-gd/Makefile +++ b/graphics/php-gd/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.19 2009/08/26 19:57:47 sno Exp $ +# $NetBSD: Makefile,v 1.19.2.1 2009/10/22 21:25:08 tron Exp $ MODNAME= gd -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES+= graphics COMMENT= PHP extension for GD graphics library diff --git a/lang/php5/distinfo b/lang/php5/distinfo index 595188d27a8..a76873e5c01 100644 --- a/lang/php5/distinfo +++ b/lang/php5/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.67 2009/09/26 07:35:31 taca Exp $ +$NetBSD: distinfo,v 1.67.2.1 2009/10/22 21:25:08 tron Exp $ SHA1 (php-5.2.11/php-5.2.11.tar.bz2) = 819c853ce657ef260d4a73b5a21f961115b97eef RMD160 (php-5.2.11/php-5.2.11.tar.bz2) = 6aad53dee864ab89f794a9d3c2aa32d435ed5654 @@ -16,3 +16,4 @@ SHA1 (patch-ap) = 5eb0e0e4244a993da93e36f8fcb5553454207fce SHA1 (patch-aq) = 0c9d48547da2fa80aa8357d23ad8505d1c0330df SHA1 (patch-ar) = 2d74ec926cc00bfbb67d16210af78c33ad9ac38d SHA1 (patch-as) = f7ce5caffe2acdd1f8e9fc8ae6c7ba1d8c6a25c1 +SHA1 (patch-ay) = c2667dd398c1c58e55f459f2df02613dc028e9cc diff --git a/lang/php5/patches/patch-ay b/lang/php5/patches/patch-ay new file mode 100644 index 00000000000..8b841ef5fdc --- /dev/null +++ b/lang/php5/patches/patch-ay @@ -0,0 +1,17 @@ +$NetBSD: patch-ay,v 1.1.2.2 2009/10/22 21:25:08 tron Exp $ + +* Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546 + from PHP's SVN repositry r289557. + +--- ext/gd/libgd/gd_gd.c.orig 2007-08-09 23:21:38.000000000 +0900 ++++ ext/gd/libgd/gd_gd.c +@@ -39,6 +39,9 @@ int _gdGetColors (gdIOCtx * in, gdImageP + if (!gdGetWord(&im->colorsTotal, in)) { + goto fail1; + } ++ if (im->colorsTotal > gdMaxColors) { ++ goto fail1; ++ } + } + /* Int to accommodate truecolor single-color transparency */ + if (!gdGetInt(&im->transparent, in)) { |