diff options
| author | tron <tron> | 2007-05-06 13:08:33 +0000 |
|---|---|---|
| committer | tron <tron> | 2007-05-06 13:08:33 +0000 |
| commit | 4a2ef4864ac6dfbc56b5fdb40616a55e95dee052 (patch) | |
| tree | 7cc650772901d7f5afe92f49a11c34624d7817ca /www/php4 | |
| parent | b1f68849feb100e6948e7d0fc50e49882094fe85 (diff) | |
| download | pkgsrc-4a2ef4864ac6dfbc56b5fdb40616a55e95dee052.tar.gz | |
Add security fix for CVE-2007-1001 to "php4-gd" and "php5-gd" packages.
Bump package revision.
Diffstat (limited to 'www/php4')
| -rw-r--r-- | www/php4/distinfo | 3 | ||||
| -rw-r--r-- | www/php4/patches/patch-ae | 38 |
2 files changed, 40 insertions, 1 deletions
diff --git a/www/php4/distinfo b/www/php4/distinfo index bc9dbeea525..785843b97a3 100644 --- a/www/php4/distinfo +++ b/www/php4/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.63 2007/05/05 21:35:05 adrianp Exp $ +$NetBSD: distinfo,v 1.64 2007/05/06 13:08:34 tron Exp $ SHA1 (php-4.4.6.tar.bz2) = e9c11ae084e2d505568d672afd06d4e6fc431621 RMD160 (php-4.4.6.tar.bz2) = 16a81ee94d1f8f56adf3e76dde32c62597130674 @@ -7,6 +7,7 @@ SHA1 (patch-aa) = feb064407950d0fc732b7240e65cac84420d2407 SHA1 (patch-ab) = 38a4bcd0d65b26c5d8e54e22b552f60831188469 SHA1 (patch-ac) = 28288b1e79c14fb2b40eaefed0d6d2bff4775607 SHA1 (patch-ad) = 9ca5d2f59bfeea77a98cd0e727546d11669114cd +SHA1 (patch-ae) = 2a5989d3eb144a1c238703d388055d0f47624e1a SHA1 (patch-ag) = 1ded1d7f4daac6806f41864c783f16d3403315e4 SHA1 (patch-ah) = 0ac37bd35c4594cb58f1ea85ef811154b644a931 SHA1 (patch-ai) = 0b9c1c9fb75a64026f2fb3cbd44cc19e0a1f186c diff --git a/www/php4/patches/patch-ae b/www/php4/patches/patch-ae new file mode 100644 index 00000000000..9553e2ed3e9 --- /dev/null +++ b/www/php4/patches/patch-ae @@ -0,0 +1,38 @@ +$NetBSD: patch-ae,v 1.7 2007/05/06 13:08:34 tron Exp $ + +Patch for CVE-2007-1001, taken from here: + +http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/wbmp.c?r1=1.2.4.1&r2=1.2.4.1.8.1&view=patch + +--- ext/gd/libgd/wbmp.c.orig 2003-04-25 01:59:03.000000000 +0100 ++++ ext/gd/libgd/wbmp.c 2007-05-06 13:47:23.000000000 +0100 +@@ -116,6 +116,15 @@ + if ((wbmp = (Wbmp *) gdMalloc (sizeof (Wbmp))) == NULL) + return (NULL); + ++ if (overflow2(sizeof (int), width)) { ++ gdFree(wbmp); ++ return NULL; ++ } ++ if (overflow2(sizeof (int) * width, height)) { ++ gdFree(wbmp); ++ return NULL; ++ } ++ + if ((wbmp->bitmap = (int *) safe_emalloc(sizeof(int), (width * height), 0)) == NULL) + { + gdFree (wbmp); +@@ -176,6 +185,13 @@ + printf ("W: %d, H: %d\n", wbmp->width, wbmp->height); + #endif + ++ if (overflow2(sizeof (int), wbmp->width) || ++ overflow2(sizeof (int) * wbmp->width, wbmp->height)) ++ { ++ gdFree(wbmp); ++ return (-1); ++ } ++ + if ((wbmp->bitmap = (int *) safe_emalloc(sizeof(int), (wbmp->width * wbmp->height), 0)) == NULL) + { + gdFree (wbmp); |