From ce156732094ca1a03f3a50f8892777a017d807a6 Mon Sep 17 00:00:00 2001 From: Dirk Meyer Date: Fri, 6 Nov 2009 21:37:16 +0000 Subject: [PATCH] - Security patch Security: CVE-2009-3546 Security: http://portaudit.freebsd.org/4e8344a3-ca52-11de-8ee8-00215c6a37bb.html PR: 140335 Submitted by: Eygene Ryabinkin Obtained from: PHP project --- graphics/gd/Makefile | 2 +- graphics/gd/files/patch-cve-2009-3546 | 15 +++++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 graphics/gd/files/patch-cve-2009-3546 diff --git a/graphics/gd/Makefile b/graphics/gd/Makefile index aa32799705d3..87ba50d8e873 100644 --- a/graphics/gd/Makefile +++ b/graphics/gd/Makefile @@ -7,7 +7,7 @@ PORTNAME= gd PORTVERSION= 2.0.35 -PORTREVISION?= 1 +PORTREVISION?= 2 PORTEPOCH= 1 CATEGORIES+= graphics MASTER_SITES= http://www.libgd.org/releases/ diff --git a/graphics/gd/files/patch-cve-2009-3546 b/graphics/gd/files/patch-cve-2009-3546 new file mode 100644 index 000000000000..f483039105b8 --- /dev/null +++ b/graphics/gd/files/patch-cve-2009-3546 @@ -0,0 +1,15 @@ +Adopted-From: http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/gd/libgd/gd_gd.c?r1=289557&r2=289556&pathrev=289557&view=patch + +--- gd_gd.c.orig 2006-04-05 19:52:22.000000000 +0400 ++++ gd_gd.c 2009-11-06 18:06:50.000000000 +0300 +@@ -44,6 +44,10 @@ + { + goto fail1; + } ++ if (im->colorsTotal > gdMaxColors) ++ { ++ goto fail1; ++ } + } + /* Int to accommodate truecolor single-color transparency */ + if (!gdGetInt (&im->transparent, in))