From 0697562e60bf3a45813403b8de08f0dfa6f80e33 Mon Sep 17 00:00:00 2001 From: Eygene Ryabinkin Date: Fri, 6 Nov 2009 18:18:15 +0300 Signed-off-by: Eygene Ryabinkin --- graphics/gd/Makefile | 2 +- graphics/gd/files/patch-cve-2009-3546 | 15 +++++++++++++++ graphics/php4-gd/Makefile | 2 ++ graphics/php4-gd/files/patch-cve-2009-3546 | 14 ++++++++++++++ graphics/php5-gd/Makefile | 2 ++ graphics/php5-gd/files/patch-cve-2009-3546 | 14 ++++++++++++++ security/vuxml/vuln.xml | 7 ++++--- 7 files changed, 52 insertions(+), 4 deletions(-) create mode 100644 graphics/gd/files/patch-cve-2009-3546 create mode 100644 graphics/php4-gd/files/patch-cve-2009-3546 create mode 100644 graphics/php5-gd/files/patch-cve-2009-3546 diff --git a/graphics/gd/Makefile b/graphics/gd/Makefile index e344354..1341296 100644 --- a/graphics/gd/Makefile +++ b/graphics/gd/Makefile @@ -7,7 +7,7 @@ PORTNAME= gd PORTVERSION= 2.0.35 -PORTREVISION?= 1 +PORTREVISION?= 2 PORTEPOCH= 1 CATEGORIES+= graphics MASTER_SITES= http://www.libgd.org/releases/ diff --git a/graphics/gd/files/patch-cve-2009-3546 b/graphics/gd/files/patch-cve-2009-3546 new file mode 100644 index 0000000..f483039 --- /dev/null +++ b/graphics/gd/files/patch-cve-2009-3546 @@ -0,0 +1,15 @@ +Adopted-From: http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/gd/libgd/gd_gd.c?r1=289557&r2=289556&pathrev=289557&view=patch + +--- gd_gd.c.orig 2006-04-05 19:52:22.000000000 +0400 ++++ gd_gd.c 2009-11-06 18:06:50.000000000 +0300 +@@ -44,6 +44,10 @@ + { + goto fail1; + } ++ if (im->colorsTotal > gdMaxColors) ++ { ++ goto fail1; ++ } + } + /* Int to accommodate truecolor single-color transparency */ + if (!gdGetInt (&im->transparent, in)) diff --git a/graphics/php4-gd/Makefile b/graphics/php4-gd/Makefile index 6702512..025f833 100644 --- a/graphics/php4-gd/Makefile +++ b/graphics/php4-gd/Makefile @@ -11,4 +11,6 @@ MASTERDIR= ${.CURDIR}/../../lang/php4 PKGNAMESUFFIX= -gd +PORTREVISION= 1 + .include "${MASTERDIR}/Makefile" diff --git a/graphics/php4-gd/files/patch-cve-2009-3546 b/graphics/php4-gd/files/patch-cve-2009-3546 new file mode 100644 index 0000000..6a2d2c7 --- /dev/null +++ b/graphics/php4-gd/files/patch-cve-2009-3546 @@ -0,0 +1,14 @@ +Obtained-From: http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/gd/libgd/gd_gd.c?r1=289557&r2=289556&pathrev=289557&view=patch + +--- libgd/gd_gd.c 2009/10/12 09:44:18 289556 ++++ libgd/gd_gd.c 2009/10/12 10:01:37 289557 +@@ -39,6 +39,9 @@ + if (!gdGetWord(&im->colorsTotal, in)) { + goto fail1; + } ++ if (im->colorsTotal > gdMaxColors) { ++ goto fail1; ++ } + } + /* Int to accommodate truecolor single-color transparency */ + if (!gdGetInt(&im->transparent, in)) { diff --git a/graphics/php5-gd/Makefile b/graphics/php5-gd/Makefile index 1a0d0b5..6333f40 100644 --- a/graphics/php5-gd/Makefile +++ b/graphics/php5-gd/Makefile @@ -11,4 +11,6 @@ MASTERDIR= ${.CURDIR}/../../lang/php5 PKGNAMESUFFIX= -gd +PORTREVISION= 2 + .include "${MASTERDIR}/Makefile" diff --git a/graphics/php5-gd/files/patch-cve-2009-3546 b/graphics/php5-gd/files/patch-cve-2009-3546 new file mode 100644 index 0000000..6a2d2c7 --- /dev/null +++ b/graphics/php5-gd/files/patch-cve-2009-3546 @@ -0,0 +1,14 @@ +Obtained-From: http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/gd/libgd/gd_gd.c?r1=289557&r2=289556&pathrev=289557&view=patch + +--- libgd/gd_gd.c 2009/10/12 09:44:18 289556 ++++ libgd/gd_gd.c 2009/10/12 10:01:37 289557 +@@ -39,6 +39,9 @@ + if (!gdGetWord(&im->colorsTotal, in)) { + goto fail1; + } ++ if (im->colorsTotal > gdMaxColors) { ++ goto fail1; ++ } + } + /* Int to accommodate truecolor single-color transparency */ + if (!gdGetInt(&im->transparent, in)) { diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 3b2eace..6440a90 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -40,15 +40,15 @@ Note: Please add new entries to the beginning of this file. gd - 0 + 2.0.35_2,1 php5-gd - 0 + 5.2.11_2 php4-gd - 0 + 4.4.9_1 @@ -73,6 +73,7 @@ Note: Please add new entries to the beginning of this file. 2009-10-15 2009-11-05 + 2009-11-06 -- 1.6.5.1