diff options
| author | bsiegert <bsiegert@pkgsrc.org> | 2016-10-06 18:25:40 +0000 |
|---|---|---|
| committer | bsiegert <bsiegert@pkgsrc.org> | 2016-10-06 18:25:40 +0000 |
| commit | 9e4bc5d546199e6c9b8f5b7a50d4ec5526434190 (patch) | |
| tree | 3075f5ecfa5bb499907c28a84e6e106cec8b39ea | |
| parent | 1e182589189f58e51b0a1cf86cc4b17046720916 (diff) | |
| download | pkgsrc-9e4bc5d546199e6c9b8f5b7a50d4ec5526434190.tar.gz | |
Pullup ticket #5124 - requested by taca
graphics/gc: security fix
Revisions pulled up:
- graphics/gd/Makefile 1.112
- graphics/gd/distinfo 1.42
- graphics/gd/patches/patch-src_gd__webp.c 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Oct 5 03:10:31 UTC 2016
Modified Files:
pkgsrc/graphics/gd: Makefile distinfo
Added Files:
pkgsrc/graphics/gd/patches: patch-src_gd__webp.c
Log Message:
Add fix for CVE-2016-7568.
Bump PKGREVISION.
| -rw-r--r-- | graphics/gd/Makefile | 3 | ||||
| -rw-r--r-- | graphics/gd/distinfo | 3 | ||||
| -rw-r--r-- | graphics/gd/patches/patch-src_gd__webp.c | 21 |
3 files changed, 25 insertions, 2 deletions
diff --git a/graphics/gd/Makefile b/graphics/gd/Makefile index aa6b8d5ded6..2d382660114 100644 --- a/graphics/gd/Makefile +++ b/graphics/gd/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.111 2016/08/02 18:29:21 adam Exp $ +# $NetBSD: Makefile,v 1.111.2.1 2016/10/06 18:25:40 bsiegert Exp $ DISTNAME= libgd-2.2.3 +PKGREVISION= 1 PKGNAME= ${DISTNAME:S/libgd/gd/} CATEGORIES= graphics MASTER_SITES= ${MASTER_SITE_GITHUB:=libgd/} diff --git a/graphics/gd/distinfo b/graphics/gd/distinfo index 43590cff930..26e5e61b75a 100644 --- a/graphics/gd/distinfo +++ b/graphics/gd/distinfo @@ -1,6 +1,7 @@ -$NetBSD: distinfo,v 1.41 2016/08/02 18:29:21 adam Exp $ +$NetBSD: distinfo,v 1.41.2.1 2016/10/06 18:25:40 bsiegert Exp $ SHA1 (libgd-2.2.3.tar.xz) = 2f8cebec5afd6c83a3d5cb92f40ea4926b4daa98 RMD160 (libgd-2.2.3.tar.xz) = e6c29133c2ea33c8ba16571892d2798ef0f5afea SHA512 (libgd-2.2.3.tar.xz) = bdc6d086bc054beda6574ec46baa4cd94048a5f2f357f875ba05983e92d247f1b731434b9e438c6aef09d46fa96f1a7e1f330a25a77ffd2dd78aa8a32d652557 Size (libgd-2.2.3.tar.xz) = 2164152 bytes +SHA1 (patch-src_gd__webp.c) = 55c5929007ffe0d9ab23b7fed9abf373bc188de8 diff --git a/graphics/gd/patches/patch-src_gd__webp.c b/graphics/gd/patches/patch-src_gd__webp.c new file mode 100644 index 00000000000..b9bdb0e79f4 --- /dev/null +++ b/graphics/gd/patches/patch-src_gd__webp.c @@ -0,0 +1,21 @@ +$NetBSD: patch-src_gd__webp.c,v 1.1.2.2 2016/10/06 18:25:40 bsiegert Exp $ + +Fix for CVE-2016-7568. + +--- src/gd_webp.c.orig 2016-07-21 08:06:42.000000000 +0000 ++++ src/gd_webp.c +@@ -126,6 +126,14 @@ void gdImageWebpCtx (gdImagePtr im, gdIO + quantization = 80; + } + ++ if (overflow2(gdImageSX(im), 4)) { ++ return; ++ } ++ ++ if (overflow2(gdImageSX(im) * 4, gdImageSY(im))) { ++ return; ++ } ++ + argb = (uint8_t *)gdMalloc(gdImageSX(im) * 4 * gdImageSY(im)); + if (!argb) { + return; |