Add a patch from PHP's SVN repositry to fix gd library security problem.

	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546

Bump PKGREVISION of php-gd package.
(This fix is for php5 only and I don't know about php4.)

2 files changed, 19 insertions, 1 deletions

diff --git a/lang/php5/distinfo b/lang/php5/distinfo
index 595188d27a8..145435b15eb 100644
--- a/lang/php5/distinfo
+++ b/lang/php5/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.67 2009/09/26 07:35:31 taca Exp $
+$NetBSD: distinfo,v 1.68 2009/10/22 14:37:47 taca Exp $
 
 SHA1 (php-5.2.11/php-5.2.11.tar.bz2) = 819c853ce657ef260d4a73b5a21f961115b97eef
 RMD160 (php-5.2.11/php-5.2.11.tar.bz2) = 6aad53dee864ab89f794a9d3c2aa32d435ed5654
@@ -16,3 +16,4 @@ SHA1 (patch-ap) = 5eb0e0e4244a993da93e36f8fcb5553454207fce
 SHA1 (patch-aq) = 0c9d48547da2fa80aa8357d23ad8505d1c0330df
 SHA1 (patch-ar) = 2d74ec926cc00bfbb67d16210af78c33ad9ac38d
 SHA1 (patch-as) = f7ce5caffe2acdd1f8e9fc8ae6c7ba1d8c6a25c1
+SHA1 (patch-ay) = c2667dd398c1c58e55f459f2df02613dc028e9cc
diff --git a/lang/php5/patches/patch-ay b/lang/php5/patches/patch-ay
new file mode 100644
index 00000000000..1388c10dc5c
--- /dev/null
+++ b/lang/php5/patches/patch-ay
@@ -0,0 +1,17 @@
+$NetBSD: patch-ay,v 1.1 2009/10/22 14:37:47 taca Exp $
+
+* Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546
+  from PHP's SVN repositry r289557.
+
+--- ext/gd/libgd/gd_gd.c.orig	2007-08-09 23:21:38.000000000 +0900
++++ ext/gd/libgd/gd_gd.c
+@@ -39,6 +39,9 @@ int _gdGetColors (gdIOCtx * in, gdImageP
+ 			if (!gdGetWord(&im->colorsTotal, in)) {
+ 				goto fail1;
+ 			}
++			if (im->colorsTotal > gdMaxColors) {
++				goto fail1;
++			}
+ 		}
+ 		/* Int to accommodate truecolor single-color transparency */
+ 		if (!gdGetInt(&im->transparent, in)) {