summaryrefslogtreecommitdiff
path: root/lang/php53
diff options
context:
space:
mode:
Diffstat (limited to 'lang/php53')
-rw-r--r--lang/php53/distinfo3
-rw-r--r--lang/php53/patches/patch-ext_gd_libgd_gdxpm.c31
2 files changed, 33 insertions, 1 deletions
diff --git a/lang/php53/distinfo b/lang/php53/distinfo
index bdd0025be14..6e025726feb 100644
--- a/lang/php53/distinfo
+++ b/lang/php53/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.72 2014/03/23 09:55:59 spz Exp $
+$NetBSD: distinfo,v 1.72.2.1 2014/06/01 13:20:22 spz Exp $
SHA1 (php-5.3.28.tar.bz2) = f985ca1f6a5f49ebfb25a08f1837a44c563b31f8
RMD160 (php-5.3.28.tar.bz2) = e4910c0c365f39a5009807801bd5ee6e25be020d
@@ -21,6 +21,7 @@ SHA1 (patch-al) = fe534d7d50a529e3c7d0ffed76afdb70bb55a521
SHA1 (patch-build_libtool.m4) = 6835b90ebd34739440c8eb94ed19ebacdf2ba6a5
SHA1 (patch-ext_date_lib_parse__iso__intervals.c) = 1243e4cda1d6446ee4f8b6cab61556fa07837139
SHA1 (patch-ext_date_lib_parse__iso__intervals.re) = 75d4abd666c17d7d5f8a4ee9e489bf2565f83524
+SHA1 (patch-ext_gd_libgd_gdxpm.c) = 9a175417fad9ac23037a24122f8d1258b9eebbcb
SHA1 (patch-ext_standard_basic__functions.c) = 017fd25e646af4d7eb2a0bd13b3c8da34eaee8c5
SHA1 (patch-main_streams_cast.c) = d68b69c9418a8780b1610b8755487771f7c46a5a
SHA1 (patch-php__mssql.c) = 524c4e5d7ede0e503049bf1febec58e0c4a29aa4
diff --git a/lang/php53/patches/patch-ext_gd_libgd_gdxpm.c b/lang/php53/patches/patch-ext_gd_libgd_gdxpm.c
new file mode 100644
index 00000000000..d414bc9a7df
--- /dev/null
+++ b/lang/php53/patches/patch-ext_gd_libgd_gdxpm.c
@@ -0,0 +1,31 @@
+$NetBSD: patch-ext_gd_libgd_gdxpm.c,v 1.1.2.2 2014/06/01 13:20:22 spz Exp $
+
+Patch to fix CVE-2014-2497, taken from
+https://bugs.php.net/patch-display.php?bug_id=66901
+
+--- ext/gd/libgd/gdxpm.c.orig 2014-04-29 08:04:30.000000000 +0000
++++ ext/gd/libgd/gdxpm.c
+@@ -39,6 +39,13 @@ gdImagePtr gdImageCreateFromXpm (char *f
+ number = image.ncolors;
+ colors = (int *) safe_emalloc(number, sizeof(int), 0);
+ for (i = 0; i < number; i++) {
++ if (!image.colorTable[i].c_color)
++ {
++ /* unsupported color key or color key not defined */
++ gdImageDestroy(im);
++ im = 0;
++ goto done;
++ }
+ switch (strlen (image.colorTable[i].c_color)) {
+ case 4:
+ buf[1] = '\0';
+@@ -125,8 +132,8 @@ gdImagePtr gdImageCreateFromXpm (char *f
+ }
+ }
+
+- gdFree(colors);
+ done:
++ gdFree(colors);
+ XpmFreeXpmImage(&image);
+ XpmFreeXpmInfo(&info);
+ return im;
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-06 22:31:44 +0000