From 90e497213853be897872657c411efee6a27f13cc Mon Sep 17 00:00:00 2001
From: taca <taca@pkgsrc.org>
Date: Thu, 30 Jun 2016 09:00:18 +0000
Subject: Add fix for CVE-2016-6128 from upstream.

Bump PKGREVISION.
---
 graphics/gd/Makefile                     |  4 ++--
 graphics/gd/distinfo                     |  3 ++-
 graphics/gd/patches/patch-src_gd__crop.c | 18 ++++++++++++++++++
 3 files changed, 22 insertions(+), 3 deletions(-)
 create mode 100644 graphics/gd/patches/patch-src_gd__crop.c

(limited to 'graphics/gd')

diff --git a/graphics/gd/Makefile b/graphics/gd/Makefile
index 49b71953753..59f0ca51e5e 100644
--- a/graphics/gd/Makefile
+++ b/graphics/gd/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.108 2015/11/18 14:19:46 ryoon Exp $
+# $NetBSD: Makefile,v 1.109 2016/06/30 09:00:18 taca Exp $
 
 DISTNAME=	libgd-2.1.1
 PKGNAME=	${DISTNAME:S/libgd/gd/}
-PKGREVISION=	2
+PKGREVISION=	3
 CATEGORIES=	graphics
 MASTER_SITES=	https://bitbucket.org/libgd/gd-libgd/downloads/
 EXTRACT_SUFX=	.tar.xz
diff --git a/graphics/gd/distinfo b/graphics/gd/distinfo
index 82311149ee0..2c107afa82d 100644
--- a/graphics/gd/distinfo
+++ b/graphics/gd/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.39 2015/11/03 21:33:58 agc Exp $
+$NetBSD: distinfo,v 1.40 2016/06/30 09:00:18 taca Exp $
 
 SHA1 (libgd-2.1.1.tar.xz) = 9038ed488b577d16aa8c32b6c10b4a70b10f7fa1
 RMD160 (libgd-2.1.1.tar.xz) = 8d564caf9a953d344fb9a5e169d241510a2c71f1
@@ -9,4 +9,5 @@ SHA1 (patch-ab) = 300ffacf47d7421fc9efb7b3fd9e93f011de1b4b
 SHA1 (patch-configure) = 53769c3daffa38c88d82093f59cb97b4bd38008f
 SHA1 (patch-configure.ac) = 72092d5a0ee7944249286edc0d3505176f15303f
 SHA1 (patch-src_gd__bmp.c) = 4db300a26cebae6fb6f14564c5648608d7ed6cc5
+SHA1 (patch-src_gd__crop.c) = 34c9716fe40e8f80cc126893dbafa0151bbf3b5a
 SHA1 (patch-src_webpimg.c) = 2717cbcfdbbddfc8cd96de2d4f6a07a0485ba086
diff --git a/graphics/gd/patches/patch-src_gd__crop.c b/graphics/gd/patches/patch-src_gd__crop.c
new file mode 100644
index 00000000000..254b9272558
--- /dev/null
+++ b/graphics/gd/patches/patch-src_gd__crop.c
@@ -0,0 +1,18 @@
+$NetBSD: patch-src_gd__crop.c,v 1.1 2016/06/30 09:00:18 taca Exp $
+
+Fix for CVE-2016-6128 from
+https://github.com/libgd/libgd/commit/1ccfe21e14c4d18336f9da8515cd17db88c3de61.
+
+--- src/gd_crop.c.orig	2015-01-06 09:16:03.000000000 +0000
++++ src/gd_crop.c
+@@ -136,6 +136,10 @@ BGD_DECLARE(gdImagePtr) gdImageCropThres
+ 		return NULL;
+ 	}
+ 
++	if (color < 0 || (!gdImageTrueColor(im) && color >= gdImageColorsTotal(im))) {
++		return NULL;
++	}
++
+ 	/* TODO: Add gdImageGetRowPtr and works with ptr at the row level
+ 	 * for the true color and palette images
+ 	 * new formats will simply work with ptr
-- 
cgit v1.2.3