diff options
| author | taca <taca> | 2016-06-30 09:00:18 +0000 |
|---|---|---|
| committer | taca <taca> | 2016-06-30 09:00:18 +0000 |
| commit | d6772c47e0844be82244d69c9edec3fd900d6f2b (patch) | |
| tree | b5a76a5d882189c3de5c92b3b495256bc34db3e1 /graphics | |
| parent | 59892df95d8c583787b024e4592a25571aa916f6 (diff) | |
| download | pkgsrc-d6772c47e0844be82244d69c9edec3fd900d6f2b.tar.gz | |
Add fix for CVE-2016-6128 from upstream.
Bump PKGREVISION.
Diffstat (limited to 'graphics')
| -rw-r--r-- | graphics/gd/Makefile | 4 | ||||
| -rw-r--r-- | graphics/gd/distinfo | 3 | ||||
| -rw-r--r-- | graphics/gd/patches/patch-src_gd__crop.c | 18 |
3 files changed, 22 insertions, 3 deletions
diff --git a/graphics/gd/Makefile b/graphics/gd/Makefile index 49b71953753..59f0ca51e5e 100644 --- a/graphics/gd/Makefile +++ b/graphics/gd/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.108 2015/11/18 14:19:46 ryoon Exp $ +# $NetBSD: Makefile,v 1.109 2016/06/30 09:00:18 taca Exp $ DISTNAME= libgd-2.1.1 PKGNAME= ${DISTNAME:S/libgd/gd/} -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES= graphics MASTER_SITES= https://bitbucket.org/libgd/gd-libgd/downloads/ EXTRACT_SUFX= .tar.xz diff --git a/graphics/gd/distinfo b/graphics/gd/distinfo index 82311149ee0..2c107afa82d 100644 --- a/graphics/gd/distinfo +++ b/graphics/gd/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.39 2015/11/03 21:33:58 agc Exp $ +$NetBSD: distinfo,v 1.40 2016/06/30 09:00:18 taca Exp $ SHA1 (libgd-2.1.1.tar.xz) = 9038ed488b577d16aa8c32b6c10b4a70b10f7fa1 RMD160 (libgd-2.1.1.tar.xz) = 8d564caf9a953d344fb9a5e169d241510a2c71f1 @@ -9,4 +9,5 @@ SHA1 (patch-ab) = 300ffacf47d7421fc9efb7b3fd9e93f011de1b4b SHA1 (patch-configure) = 53769c3daffa38c88d82093f59cb97b4bd38008f SHA1 (patch-configure.ac) = 72092d5a0ee7944249286edc0d3505176f15303f SHA1 (patch-src_gd__bmp.c) = 4db300a26cebae6fb6f14564c5648608d7ed6cc5 +SHA1 (patch-src_gd__crop.c) = 34c9716fe40e8f80cc126893dbafa0151bbf3b5a SHA1 (patch-src_webpimg.c) = 2717cbcfdbbddfc8cd96de2d4f6a07a0485ba086 diff --git a/graphics/gd/patches/patch-src_gd__crop.c b/graphics/gd/patches/patch-src_gd__crop.c new file mode 100644 index 00000000000..254b9272558 --- /dev/null +++ b/graphics/gd/patches/patch-src_gd__crop.c @@ -0,0 +1,18 @@ +$NetBSD: patch-src_gd__crop.c,v 1.1 2016/06/30 09:00:18 taca Exp $ + +Fix for CVE-2016-6128 from +https://github.com/libgd/libgd/commit/1ccfe21e14c4d18336f9da8515cd17db88c3de61. + +--- src/gd_crop.c.orig 2015-01-06 09:16:03.000000000 +0000 ++++ src/gd_crop.c +@@ -136,6 +136,10 @@ BGD_DECLARE(gdImagePtr) gdImageCropThres + return NULL; + } + ++ if (color < 0 || (!gdImageTrueColor(im) && color >= gdImageColorsTotal(im))) { ++ return NULL; ++ } ++ + /* TODO: Add gdImageGetRowPtr and works with ptr at the row level + * for the true color and palette images + * new formats will simply work with ptr |