summaryrefslogtreecommitdiff
path: root/lang/php54
diff options
context:
space:
mode:
authorhe <he>2014-05-11 11:20:47 +0000
committerhe <he>2014-05-11 11:20:47 +0000
commit9e07d09cc9089330957d1b9bc2839def7c8d91e7 (patch)
tree72c5b7c929c779ac9a0f7e4c412c4127ca813e73 /lang/php54
parented5578f2ace419b6a250084bf869ebf1c50357e9 (diff)
downloadpkgsrc-9e07d09cc9089330957d1b9bc2839def7c8d91e7.tar.gz
Apply a patch to fix CVE-2014-2497, taken from
https://bugs.php.net/patch-display.php?bug_id=66901 Bump PKGREVISION for php-gd correspondingly.
Diffstat (limited to 'lang/php54')
-rw-r--r--lang/php54/distinfo3
-rw-r--r--lang/php54/patches/patch-ext_gd_libgd_gdxpm.c31
2 files changed, 33 insertions, 1 deletions
diff --git a/lang/php54/distinfo b/lang/php54/distinfo
index 3831f5c190b..0d801f43d26 100644
--- a/lang/php54/distinfo
+++ b/lang/php54/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.38 2014/05/02 13:04:12 taca Exp $
+$NetBSD: distinfo,v 1.39 2014/05/11 11:20:47 he Exp $
SHA1 (php-5.4.28.tar.bz2) = 857d458b0daf89f36f8d652c5d8bd5fe509bc691
RMD160 (php-5.4.28.tar.bz2) = 22f3ac1c56b104a9fa615a26aa90b5591dea29ef
@@ -8,6 +8,7 @@ SHA1 (patch-aclocal.m4) = eae2ed8ea2985933c4fe88ba52577c14ac88eb92
SHA1 (patch-build_libtool.m4) = 6dfef7c07a42dc54611c104265ef43c50a4e88ca
SHA1 (patch-configure) = 7d14d78b6bb1b70d8467afb7baf54e51f313542c
SHA1 (patch-ext_gd_config.m4) = 2353efe6f25e1081b41d61033c3185cc643c7891
+SHA1 (patch-ext_gd_libgd_gdxpm.c) = 9a175417fad9ac23037a24122f8d1258b9eebbcb
SHA1 (patch-ext_imap_config.m4) = 01681e8b54ee586ec4db72a5da2d0aec3fa89fcc
SHA1 (patch-ext_mssql_php__mssql.c) = 732e48b05086180585a3087c2e9737db557dbc3b
SHA1 (patch-ext_pdo__mysql_config.m4) = 3526e737da25129710218e7141d5a05ae0a51390
diff --git a/lang/php54/patches/patch-ext_gd_libgd_gdxpm.c b/lang/php54/patches/patch-ext_gd_libgd_gdxpm.c
new file mode 100644
index 00000000000..69500e3e012
--- /dev/null
+++ b/lang/php54/patches/patch-ext_gd_libgd_gdxpm.c
@@ -0,0 +1,31 @@
+$NetBSD: patch-ext_gd_libgd_gdxpm.c,v 1.1 2014/05/11 11:20:47 he Exp $
+
+Patch to fix CVE-2014-2497, taken from
+https://bugs.php.net/patch-display.php?bug_id=66901
+
+--- ext/gd/libgd/gdxpm.c.orig 2014-04-29 08:04:30.000000000 +0000
++++ ext/gd/libgd/gdxpm.c
+@@ -39,6 +39,13 @@ gdImagePtr gdImageCreateFromXpm (char *f
+ number = image.ncolors;
+ colors = (int *) safe_emalloc(number, sizeof(int), 0);
+ for (i = 0; i < number; i++) {
++ if (!image.colorTable[i].c_color)
++ {
++ /* unsupported color key or color key not defined */
++ gdImageDestroy(im);
++ im = 0;
++ goto done;
++ }
+ switch (strlen (image.colorTable[i].c_color)) {
+ case 4:
+ buf[1] = '\0';
+@@ -125,8 +132,8 @@ gdImagePtr gdImageCreateFromXpm (char *f
+ }
+ }
+
+- gdFree(colors);
+ done:
++ gdFree(colors);
+ XpmFreeXpmImage(&image);
+ XpmFreeXpmInfo(&info);
+ return im;