diff options
| author | he <he@pkgsrc.org> | 2014-05-11 11:20:47 +0000 |
|---|---|---|
| committer | he <he@pkgsrc.org> | 2014-05-11 11:20:47 +0000 |
| commit | 5ff5ac993a48ed991568b3a54a0cb359e3154661 (patch) | |
| tree | d71d54fce89c20ed846c9a12ba48ca23aaa003ce /lang/php53 | |
| parent | c888dea1e236fc8dd36f9c03f32bc409f6154a2a (diff) | |
| download | pkgsrc-5ff5ac993a48ed991568b3a54a0cb359e3154661.tar.gz | |
Apply a patch to fix CVE-2014-2497, taken from
https://bugs.php.net/patch-display.php?bug_id=66901
Bump PKGREVISION for php-gd correspondingly.
Diffstat (limited to 'lang/php53')
| -rw-r--r-- | lang/php53/distinfo | 3 | ||||
| -rw-r--r-- | lang/php53/patches/patch-ext_gd_libgd_gdxpm.c | 31 |
2 files changed, 33 insertions, 1 deletions
diff --git a/lang/php53/distinfo b/lang/php53/distinfo index bdd0025be14..6b9196ddce2 100644 --- a/lang/php53/distinfo +++ b/lang/php53/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.72 2014/03/23 09:55:59 spz Exp $ +$NetBSD: distinfo,v 1.73 2014/05/11 11:20:47 he Exp $ SHA1 (php-5.3.28.tar.bz2) = f985ca1f6a5f49ebfb25a08f1837a44c563b31f8 RMD160 (php-5.3.28.tar.bz2) = e4910c0c365f39a5009807801bd5ee6e25be020d @@ -21,6 +21,7 @@ SHA1 (patch-al) = fe534d7d50a529e3c7d0ffed76afdb70bb55a521 SHA1 (patch-build_libtool.m4) = 6835b90ebd34739440c8eb94ed19ebacdf2ba6a5 SHA1 (patch-ext_date_lib_parse__iso__intervals.c) = 1243e4cda1d6446ee4f8b6cab61556fa07837139 SHA1 (patch-ext_date_lib_parse__iso__intervals.re) = 75d4abd666c17d7d5f8a4ee9e489bf2565f83524 +SHA1 (patch-ext_gd_libgd_gdxpm.c) = 9a175417fad9ac23037a24122f8d1258b9eebbcb SHA1 (patch-ext_standard_basic__functions.c) = 017fd25e646af4d7eb2a0bd13b3c8da34eaee8c5 SHA1 (patch-main_streams_cast.c) = d68b69c9418a8780b1610b8755487771f7c46a5a SHA1 (patch-php__mssql.c) = 524c4e5d7ede0e503049bf1febec58e0c4a29aa4 diff --git a/lang/php53/patches/patch-ext_gd_libgd_gdxpm.c b/lang/php53/patches/patch-ext_gd_libgd_gdxpm.c new file mode 100644 index 00000000000..69500e3e012 --- /dev/null +++ b/lang/php53/patches/patch-ext_gd_libgd_gdxpm.c @@ -0,0 +1,31 @@ +$NetBSD: patch-ext_gd_libgd_gdxpm.c,v 1.1 2014/05/11 11:20:47 he Exp $ + +Patch to fix CVE-2014-2497, taken from +https://bugs.php.net/patch-display.php?bug_id=66901 + +--- ext/gd/libgd/gdxpm.c.orig 2014-04-29 08:04:30.000000000 +0000 ++++ ext/gd/libgd/gdxpm.c +@@ -39,6 +39,13 @@ gdImagePtr gdImageCreateFromXpm (char *f + number = image.ncolors; + colors = (int *) safe_emalloc(number, sizeof(int), 0); + for (i = 0; i < number; i++) { ++ if (!image.colorTable[i].c_color) ++ { ++ /* unsupported color key or color key not defined */ ++ gdImageDestroy(im); ++ im = 0; ++ goto done; ++ } + switch (strlen (image.colorTable[i].c_color)) { + case 4: + buf[1] = '\0'; +@@ -125,8 +132,8 @@ gdImagePtr gdImageCreateFromXpm (char *f + } + } + +- gdFree(colors); + done: ++ gdFree(colors); + XpmFreeXpmImage(&image); + XpmFreeXpmInfo(&info); + return im; |