CVS commit: pkgsrc/graphics/gd

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/graphics/gd
From: "Takahiro Kambe" <taca%netbsd.org@localhost>
Date: Thu, 30 Jun 2016 09:00:19 +0000

Module Name:    pkgsrc
Committed By:   taca
Date:           Thu Jun 30 09:00:18 UTC 2016

Modified Files:
        pkgsrc/graphics/gd: Makefile distinfo
Added Files:
        pkgsrc/graphics/gd/patches: patch-src_gd__crop.c

Log Message:
Add fix for CVE-2016-6128 from upstream.

Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -u -r1.108 -r1.109 pkgsrc/graphics/gd/Makefile
cvs rdiff -u -r1.39 -r1.40 pkgsrc/graphics/gd/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/graphics/gd/patches/patch-src_gd__crop.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/graphics/gd/Makefile
diff -u pkgsrc/graphics/gd/Makefile:1.108 pkgsrc/graphics/gd/Makefile:1.109
--- pkgsrc/graphics/gd/Makefile:1.108   Wed Nov 18 14:19:46 2015
+++ pkgsrc/graphics/gd/Makefile Thu Jun 30 09:00:18 2016
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.108 2015/11/18 14:19:46 ryoon Exp $
+# $NetBSD: Makefile,v 1.109 2016/06/30 09:00:18 taca Exp $
 
 DISTNAME=      libgd-2.1.1
 PKGNAME=       ${DISTNAME:S/libgd/gd/}
-PKGREVISION=   2
+PKGREVISION=   3
 CATEGORIES=    graphics
 MASTER_SITES=  https://bitbucket.org/libgd/gd-libgd/downloads/
 EXTRACT_SUFX=  .tar.xz

Index: pkgsrc/graphics/gd/distinfo
diff -u pkgsrc/graphics/gd/distinfo:1.39 pkgsrc/graphics/gd/distinfo:1.40
--- pkgsrc/graphics/gd/distinfo:1.39    Tue Nov  3 21:33:58 2015
+++ pkgsrc/graphics/gd/distinfo Thu Jun 30 09:00:18 2016
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.39 2015/11/03 21:33:58 agc Exp $
+$NetBSD: distinfo,v 1.40 2016/06/30 09:00:18 taca Exp $
 
 SHA1 (libgd-2.1.1.tar.xz) = 9038ed488b577d16aa8c32b6c10b4a70b10f7fa1
 RMD160 (libgd-2.1.1.tar.xz) = 8d564caf9a953d344fb9a5e169d241510a2c71f1
@@ -9,4 +9,5 @@ SHA1 (patch-ab) = 300ffacf47d7421fc9efb7
 SHA1 (patch-configure) = 53769c3daffa38c88d82093f59cb97b4bd38008f
 SHA1 (patch-configure.ac) = 72092d5a0ee7944249286edc0d3505176f15303f
 SHA1 (patch-src_gd__bmp.c) = 4db300a26cebae6fb6f14564c5648608d7ed6cc5
+SHA1 (patch-src_gd__crop.c) = 34c9716fe40e8f80cc126893dbafa0151bbf3b5a
 SHA1 (patch-src_webpimg.c) = 2717cbcfdbbddfc8cd96de2d4f6a07a0485ba086

Added files:

Index: pkgsrc/graphics/gd/patches/patch-src_gd__crop.c
diff -u /dev/null pkgsrc/graphics/gd/patches/patch-src_gd__crop.c:1.1
--- /dev/null   Thu Jun 30 09:00:18 2016
+++ pkgsrc/graphics/gd/patches/patch-src_gd__crop.c     Thu Jun 30 09:00:18 2016
@@ -0,0 +1,18 @@
+$NetBSD: patch-src_gd__crop.c,v 1.1 2016/06/30 09:00:18 taca Exp $
+
+Fix for CVE-2016-6128 from
+https://github.com/libgd/libgd/commit/1ccfe21e14c4d18336f9da8515cd17db88c3de61.
+
+--- src/gd_crop.c.orig 2015-01-06 09:16:03.000000000 +0000
++++ src/gd_crop.c
+@@ -136,6 +136,10 @@ BGD_DECLARE(gdImagePtr) gdImageCropThres
+               return NULL;
+       }
+ 
++      if (color < 0 || (!gdImageTrueColor(im) && color >= gdImageColorsTotal(im))) {
++              return NULL;
++      }
++
+       /* TODO: Add gdImageGetRowPtr and works with ptr at the row level
+        * for the true color and palette images
+        * new formats will simply work with ptr

Prev by Date: CVS commit: pkgsrc/www/z-push
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/www/z-push
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index