pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc Apply a patch to fix CVE-2014-2497, taken from
details: https://anonhg.NetBSD.org/pkgsrc/rev/e86f01ba59ec
branches: trunk
changeset: 634213:e86f01ba59ec
user: he <he%pkgsrc.org@localhost>
date: Sun May 11 11:20:47 2014 +0000
description:
Apply a patch to fix CVE-2014-2497, taken from
https://bugs.php.net/patch-display.php?bug_id=66901
Bump PKGREVISION for php-gd correspondingly.
diffstat:
graphics/php-gd/Makefile | 3 +-
lang/php53/distinfo | 3 +-
lang/php53/patches/patch-ext_gd_libgd_gdxpm.c | 31 +++++++++++++++++++++++++++
lang/php54/distinfo | 3 +-
lang/php54/patches/patch-ext_gd_libgd_gdxpm.c | 31 +++++++++++++++++++++++++++
lang/php55/distinfo | 3 +-
lang/php55/patches/patch-ext_gd_libgd_gdxpm.c | 31 +++++++++++++++++++++++++++
7 files changed, 101 insertions(+), 4 deletions(-)
diffs (170 lines):
diff -r 0e310a6ee0fc -r e86f01ba59ec graphics/php-gd/Makefile
--- a/graphics/php-gd/Makefile Sun May 11 10:16:40 2014 +0000
+++ b/graphics/php-gd/Makefile Sun May 11 11:20:47 2014 +0000
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.35 2013/06/07 13:55:45 taca Exp $
+# $NetBSD: Makefile,v 1.36 2014/05/11 11:20:47 he Exp $
MODNAME= gd
CATEGORIES+= graphics
COMMENT= PHP extension for GD graphics library
+PKGREVISION= 1
CONFLICTS= php-gd-[0-9]*
diff -r 0e310a6ee0fc -r e86f01ba59ec lang/php53/distinfo
--- a/lang/php53/distinfo Sun May 11 10:16:40 2014 +0000
+++ b/lang/php53/distinfo Sun May 11 11:20:47 2014 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.72 2014/03/23 09:55:59 spz Exp $
+$NetBSD: distinfo,v 1.73 2014/05/11 11:20:47 he Exp $
SHA1 (php-5.3.28.tar.bz2) = f985ca1f6a5f49ebfb25a08f1837a44c563b31f8
RMD160 (php-5.3.28.tar.bz2) = e4910c0c365f39a5009807801bd5ee6e25be020d
@@ -21,6 +21,7 @@
SHA1 (patch-build_libtool.m4) = 6835b90ebd34739440c8eb94ed19ebacdf2ba6a5
SHA1 (patch-ext_date_lib_parse__iso__intervals.c) = 1243e4cda1d6446ee4f8b6cab61556fa07837139
SHA1 (patch-ext_date_lib_parse__iso__intervals.re) = 75d4abd666c17d7d5f8a4ee9e489bf2565f83524
+SHA1 (patch-ext_gd_libgd_gdxpm.c) = 9a175417fad9ac23037a24122f8d1258b9eebbcb
SHA1 (patch-ext_standard_basic__functions.c) = 017fd25e646af4d7eb2a0bd13b3c8da34eaee8c5
SHA1 (patch-main_streams_cast.c) = d68b69c9418a8780b1610b8755487771f7c46a5a
SHA1 (patch-php__mssql.c) = 524c4e5d7ede0e503049bf1febec58e0c4a29aa4
diff -r 0e310a6ee0fc -r e86f01ba59ec lang/php53/patches/patch-ext_gd_libgd_gdxpm.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/php53/patches/patch-ext_gd_libgd_gdxpm.c Sun May 11 11:20:47 2014 +0000
@@ -0,0 +1,31 @@
+$NetBSD: patch-ext_gd_libgd_gdxpm.c,v 1.1 2014/05/11 11:20:47 he Exp $
+
+Patch to fix CVE-2014-2497, taken from
+https://bugs.php.net/patch-display.php?bug_id=66901
+
+--- ext/gd/libgd/gdxpm.c.orig 2014-04-29 08:04:30.000000000 +0000
++++ ext/gd/libgd/gdxpm.c
+@@ -39,6 +39,13 @@ gdImagePtr gdImageCreateFromXpm (char *f
+ number = image.ncolors;
+ colors = (int *) safe_emalloc(number, sizeof(int), 0);
+ for (i = 0; i < number; i++) {
++ if (!image.colorTable[i].c_color)
++ {
++ /* unsupported color key or color key not defined */
++ gdImageDestroy(im);
++ im = 0;
++ goto done;
++ }
+ switch (strlen (image.colorTable[i].c_color)) {
+ case 4:
+ buf[1] = '\0';
+@@ -125,8 +132,8 @@ gdImagePtr gdImageCreateFromXpm (char *f
+ }
+ }
+
+- gdFree(colors);
+ done:
++ gdFree(colors);
+ XpmFreeXpmImage(&image);
+ XpmFreeXpmInfo(&info);
+ return im;
diff -r 0e310a6ee0fc -r e86f01ba59ec lang/php54/distinfo
--- a/lang/php54/distinfo Sun May 11 10:16:40 2014 +0000
+++ b/lang/php54/distinfo Sun May 11 11:20:47 2014 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.38 2014/05/02 13:04:12 taca Exp $
+$NetBSD: distinfo,v 1.39 2014/05/11 11:20:47 he Exp $
SHA1 (php-5.4.28.tar.bz2) = 857d458b0daf89f36f8d652c5d8bd5fe509bc691
RMD160 (php-5.4.28.tar.bz2) = 22f3ac1c56b104a9fa615a26aa90b5591dea29ef
@@ -8,6 +8,7 @@
SHA1 (patch-build_libtool.m4) = 6dfef7c07a42dc54611c104265ef43c50a4e88ca
SHA1 (patch-configure) = 7d14d78b6bb1b70d8467afb7baf54e51f313542c
SHA1 (patch-ext_gd_config.m4) = 2353efe6f25e1081b41d61033c3185cc643c7891
+SHA1 (patch-ext_gd_libgd_gdxpm.c) = 9a175417fad9ac23037a24122f8d1258b9eebbcb
SHA1 (patch-ext_imap_config.m4) = 01681e8b54ee586ec4db72a5da2d0aec3fa89fcc
SHA1 (patch-ext_mssql_php__mssql.c) = 732e48b05086180585a3087c2e9737db557dbc3b
SHA1 (patch-ext_pdo__mysql_config.m4) = 3526e737da25129710218e7141d5a05ae0a51390
diff -r 0e310a6ee0fc -r e86f01ba59ec lang/php54/patches/patch-ext_gd_libgd_gdxpm.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/php54/patches/patch-ext_gd_libgd_gdxpm.c Sun May 11 11:20:47 2014 +0000
@@ -0,0 +1,31 @@
+$NetBSD: patch-ext_gd_libgd_gdxpm.c,v 1.1 2014/05/11 11:20:47 he Exp $
+
+Patch to fix CVE-2014-2497, taken from
+https://bugs.php.net/patch-display.php?bug_id=66901
+
+--- ext/gd/libgd/gdxpm.c.orig 2014-04-29 08:04:30.000000000 +0000
++++ ext/gd/libgd/gdxpm.c
+@@ -39,6 +39,13 @@ gdImagePtr gdImageCreateFromXpm (char *f
+ number = image.ncolors;
+ colors = (int *) safe_emalloc(number, sizeof(int), 0);
+ for (i = 0; i < number; i++) {
++ if (!image.colorTable[i].c_color)
++ {
++ /* unsupported color key or color key not defined */
++ gdImageDestroy(im);
++ im = 0;
++ goto done;
++ }
+ switch (strlen (image.colorTable[i].c_color)) {
+ case 4:
+ buf[1] = '\0';
+@@ -125,8 +132,8 @@ gdImagePtr gdImageCreateFromXpm (char *f
+ }
+ }
+
+- gdFree(colors);
+ done:
++ gdFree(colors);
+ XpmFreeXpmImage(&image);
+ XpmFreeXpmInfo(&info);
+ return im;
diff -r 0e310a6ee0fc -r e86f01ba59ec lang/php55/distinfo
--- a/lang/php55/distinfo Sun May 11 10:16:40 2014 +0000
+++ b/lang/php55/distinfo Sun May 11 11:20:47 2014 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.20 2014/05/01 15:52:33 taca Exp $
+$NetBSD: distinfo,v 1.21 2014/05/11 11:20:47 he Exp $
SHA1 (php-5.5.12.tar.bz2) = eaa0b27368f98af2fa9aa6f08d7ea23bdb53c748
RMD160 (php-5.5.12.tar.bz2) = c09c98e85c503cf030b0f215fcab0986945ce7ba
@@ -8,6 +8,7 @@
SHA1 (patch-build_libtool.m4) = 6ee935c55cc01704c6e9edb4e383b2ddb7c746e7
SHA1 (patch-configure) = 7b4bef368e6709c26c0db31a4c7ebc04e4d55e9c
SHA1 (patch-ext_gd_config.m4) = 91c9798333d4776856a0a9e20196986856b758b2
+SHA1 (patch-ext_gd_libgd_gdxpm.c) = 9a175417fad9ac23037a24122f8d1258b9eebbcb
SHA1 (patch-ext_imap_config.m4) = 01681e8b54ee586ec4db72a5da2d0aec3fa89fcc
SHA1 (patch-ext_mssql_php__mssql.c) = 4ef1837850443e9db2e71620a3ddaed5ab5c435b
SHA1 (patch-ext_opcache_config.m4) = 7c0d98feaeec8a0ca61f6f77a1906aa2d601be3f
diff -r 0e310a6ee0fc -r e86f01ba59ec lang/php55/patches/patch-ext_gd_libgd_gdxpm.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/php55/patches/patch-ext_gd_libgd_gdxpm.c Sun May 11 11:20:47 2014 +0000
@@ -0,0 +1,31 @@
+$NetBSD: patch-ext_gd_libgd_gdxpm.c,v 1.1 2014/05/11 11:20:47 he Exp $
+
+Patch to fix CVE-2014-2497, taken from
+https://bugs.php.net/patch-display.php?bug_id=66901
+
+--- ext/gd/libgd/gdxpm.c.orig 2014-04-29 08:04:30.000000000 +0000
++++ ext/gd/libgd/gdxpm.c
+@@ -39,6 +39,13 @@ gdImagePtr gdImageCreateFromXpm (char *f
+ number = image.ncolors;
+ colors = (int *) safe_emalloc(number, sizeof(int), 0);
+ for (i = 0; i < number; i++) {
++ if (!image.colorTable[i].c_color)
++ {
++ /* unsupported color key or color key not defined */
++ gdImageDestroy(im);
++ im = 0;
++ goto done;
++ }
+ switch (strlen (image.colorTable[i].c_color)) {
+ case 4:
+ buf[1] = '\0';
+@@ -125,8 +132,8 @@ gdImagePtr gdImageCreateFromXpm (char *f
+ }
+ }
+
+- gdFree(colors);
+ done:
++ gdFree(colors);
+ XpmFreeXpmImage(&image);
+ XpmFreeXpmInfo(&info);
+ return im;
Home |
Main Index |
Thread Index |
Old Index