diff options
| author | taca <taca@pkgsrc.org> | 2009-10-22 14:39:55 +0000 |
|---|---|---|
| committer | taca <taca@pkgsrc.org> | 2009-10-22 14:39:55 +0000 |
| commit | f4c169da90c023a8c2c2122d23b7374201243e79 (patch) | |
| tree | 62a055a1af31eb1aceae8d8b64a6695502bc6dc2 | |
| parent | 0a9f7587eb0e73d32b9bf257b5b011041b792386 (diff) | |
| download | pkgsrc-f4c169da90c023a8c2c2122d23b7374201243e79.tar.gz | |
Fix gd library security problem refering PHP's SVN repositry.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546
Bump PKGREVISION.
(This fix is for php5 only and I don't know about php4.)
| -rw-r--r-- | graphics/gd/Makefile | 4 | ||||
| -rw-r--r-- | graphics/gd/distinfo | 3 | ||||
| -rw-r--r-- | graphics/gd/patches/patch-ad | 18 |
3 files changed, 22 insertions, 3 deletions
diff --git a/graphics/gd/Makefile b/graphics/gd/Makefile index 46124a9b15a..f43d6928fee 100644 --- a/graphics/gd/Makefile +++ b/graphics/gd/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.80 2009/08/26 19:56:39 sno Exp $ +# $NetBSD: Makefile,v 1.81 2009/10/22 14:39:55 taca Exp $ DISTNAME= gd-2.0.35 -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES= graphics MASTER_SITES= http://www.libgd.org/releases/ EXTRACT_SUFX= .tar.bz2 diff --git a/graphics/gd/distinfo b/graphics/gd/distinfo index 5e897f0bc77..6ca6f3a947a 100644 --- a/graphics/gd/distinfo +++ b/graphics/gd/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.29 2009/04/12 00:29:26 sno Exp $ +$NetBSD: distinfo,v 1.30 2009/10/22 14:39:55 taca Exp $ SHA1 (gd-2.0.35.tar.bz2) = ccf34a610abff2dbf133a20c4d2a4aa94939018a RMD160 (gd-2.0.35.tar.bz2) = f452a2c333b2ba9b7b4c143983ec2af18a335516 @@ -6,3 +6,4 @@ Size (gd-2.0.35.tar.bz2) = 1212730 bytes SHA1 (patch-aa) = 726107579811ce1f33b00bd4dbf13040c48120bb SHA1 (patch-ab) = 082f5baa2c147fb62381c21ecb3ce11a1891a2aa SHA1 (patch-ac) = d166ed4d0a3510c610e8aa233d312e15d96f4667 +SHA1 (patch-ad) = 61daf7516615b30c749b3bdd7caeec728b4c61db diff --git a/graphics/gd/patches/patch-ad b/graphics/gd/patches/patch-ad new file mode 100644 index 00000000000..3c5e92a6b73 --- /dev/null +++ b/graphics/gd/patches/patch-ad @@ -0,0 +1,18 @@ +$NetBSD: patch-ad,v 1.1 2009/10/22 14:39:55 taca Exp $ + +* Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546, + similar chagne from PHP's SVN repositry r289557. + +--- gd_gd.c.orig 2006-04-06 00:52:22.000000000 +0900 ++++ gd_gd.c +@@ -44,6 +44,10 @@ _gdGetColors (gdIOCtx * in, gdImagePtr i + { + goto fail1; + } ++ if (im->colorsTotal > gdMaxColors) ++ { ++ goto fail1; ++ } + } + /* Int to accommodate truecolor single-color transparency */ + if (!gdGetInt (&im->transparent, in)) |