pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2006Q1]: pkgsrc/graphics/gd Pullup ticket 1702 - requested by ...
details: https://anonhg.NetBSD.org/pkgsrc/rev/faf1398c44b1
branches: pkgsrc-2006Q1
changeset: 510349:faf1398c44b1
user: ghen <ghen%pkgsrc.org@localhost>
date: Thu Jun 15 12:56:54 2006 +0000
description:
Pullup ticket 1702 - requested by salo
security fix for gd
Revisions pulled up:
- pkgsrc/graphics/gd/Makefile 1.68, 1.69, 1.70
- pkgsrc/graphics/gd/distinfo 1.23
- pkgsrc/graphics/gd/patches/patch-ac 1.3
Module Name: pkgsrc
Committed By: minskim
Date: Sun May 14 18:19:08 UTC 2006
Modified Files:
pkgsrc/graphics/gd: Makefile
Log Message:
Fix a pkglint warning.
---
Module Name: pkgsrc
Committed By: minskim
Date: Sun May 14 18:22:38 UTC 2006
Modified Files:
pkgsrc/graphics/gd: Makefile
Log Message:
This package installs a perl script. Add a dependency on perl using
USE_TOOLS.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: salo
Date: Wed Jun 14 21:42:33 UTC 2006
Modified Files:
pkgsrc/graphics/gd: Makefile distinfo
Added Files:
pkgsrc/graphics/gd/patches: patch-ac
Log Message:
Security fix for CVE-2006-2906:
"The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas
Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote
attackers to cause a denial of service (CPU consumption) via malformed
GIF data that causes an infinite loop."
Patch from Xavier Roche via Ubuntu.
diffstat:
graphics/gd/Makefile | 7 ++--
graphics/gd/distinfo | 3 +-
graphics/gd/patches/patch-ac | 65 ++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 71 insertions(+), 4 deletions(-)
diffs (106 lines):
diff -r f109e2e0ad91 -r faf1398c44b1 graphics/gd/Makefile
--- a/graphics/gd/Makefile Thu Jun 15 12:06:30 2006 +0000
+++ b/graphics/gd/Makefile Thu Jun 15 12:56:54 2006 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.66 2006/02/05 23:09:30 joerg Exp $
+# $NetBSD: Makefile,v 1.66.2.1 2006/06/15 12:56:54 ghen Exp $
DISTNAME= gd-2.0.33
-PKGREVISION= 2
+PKGREVISION= 5
CATEGORIES= graphics
MASTER_SITES= http://www.boutell.com/gd/http/
@@ -12,8 +12,9 @@
PKG_INSTALLATION_TYPES= overwrite pkgviews
USE_LIBTOOL= YES
+USE_TOOLS+= perl:run
GNU_CONFIGURE= YES
-REPLACE_PERL= bdftogd
+REPLACE_PERL+= bdftogd
PTHREAD_AUTO_VARS= yes
.include "../../devel/zlib/buildlink3.mk"
diff -r f109e2e0ad91 -r faf1398c44b1 graphics/gd/distinfo
--- a/graphics/gd/distinfo Thu Jun 15 12:06:30 2006 +0000
+++ b/graphics/gd/distinfo Thu Jun 15 12:56:54 2006 +0000
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.22 2005/06/06 18:38:08 minskim Exp $
+$NetBSD: distinfo,v 1.22.8.1 2006/06/15 12:56:54 ghen Exp $
SHA1 (gd-2.0.33.tar.gz) = 89548efb01116a740c796a8df80de16d19856811
RMD160 (gd-2.0.33.tar.gz) = 6c573638387bb36044f3d4d480b10229445b9a6b
Size (gd-2.0.33.tar.gz) = 587617 bytes
SHA1 (patch-aa) = 38f0aa7043dba517405312d4eef59347e3c0185a
SHA1 (patch-ab) = 082f5baa2c147fb62381c21ecb3ce11a1891a2aa
+SHA1 (patch-ac) = 154abdaff73099617a1b57f4d2f19358aaf2a043
diff -r f109e2e0ad91 -r faf1398c44b1 graphics/gd/patches/patch-ac
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/gd/patches/patch-ac Thu Jun 15 12:56:54 2006 +0000
@@ -0,0 +1,65 @@
+$NetBSD: patch-ac,v 1.2.20.1 2006/06/15 12:56:54 ghen Exp $
+
+Security fix for CVE-2006-2906, from Xavier Roche via Ubuntu.
+
+--- gd_gif_in.c.orig 2004-11-01 19:28:56.000000000 +0100
++++ gd_gif_in.c 2006-06-14 23:30:38.000000000 +0200
+@@ -118,6 +118,7 @@
+ char version[4];
+ /* 2.0.28: threadsafe storage */
+ int ZeroDataBlock = FALSE;
++ int maxcount = 1024;
+
+ gdImagePtr im = 0;
+ if (! ReadOK(fd,buf,6)) {
+@@ -164,6 +165,8 @@
+ }
+
+ if (c != ',') { /* Not a valid start character */
++ if (--maxcount < 0)
++ goto terminated; /* Looping */
+ continue;
+ }
+
+@@ -242,6 +245,7 @@
+ DoExtension(gdIOCtx *fd, int label, int *Transparent, int *ZeroDataBlockP)
+ {
+ static unsigned char buf[256];
++ int maxcount = 1024;
+
+ switch (label) {
+ case 0xf9: /* Graphic Control Extension */
+@@ -254,13 +258,13 @@
+ if ((buf[0] & 0x1) != 0)
+ *Transparent = buf[3];
+
+- while (GetDataBlock(fd, (unsigned char*) buf, ZeroDataBlockP) != 0)
++ while (GetDataBlock(fd, (unsigned char*) buf, ZeroDataBlockP) != 0 && --maxcount >= 0)
+ ;
+ return FALSE;
+ default:
+ break;
+ }
+- while (GetDataBlock(fd, (unsigned char*) buf, ZeroDataBlockP) != 0)
++ while (GetDataBlock(fd, (unsigned char*) buf, ZeroDataBlockP) != 0 && --maxcount >= 0)
+ ;
+
+ return FALSE;
+@@ -419,14 +423,15 @@
+ } else if (code == end_code) {
+ int count;
+ unsigned char buf[260];
++ int maxcount = 1024;
+
+ if (*ZeroDataBlockP)
+ return -2;
+
+- while ((count = GetDataBlock(fd, buf, ZeroDataBlockP)) > 0)
++ while ((count = GetDataBlock(fd, buf, ZeroDataBlockP)) > 0 && --maxcount >= 0)
+ ;
+
+- if (count != 0)
++ if (count != 0 || maxcount < 0)
+ return -2;
+ }
+
Home |
Main Index |
Thread Index |
Old Index