Attachment #100976 for bug #140335

View | Details | Raw Unified | Return to bug 140335
Collapse All | Expand All

Lines 7-13 Link Here

(-)b/graphics/gd/Makefile (-1 / +1 lines)
7		7
8	PORTNAME= gd	8	PORTNAME= gd
9	PORTVERSION= 2.0.35	9	PORTVERSION= 2.0.35
10	PORTREVISION?= 1	10	PORTREVISION?= 2
11	PORTEPOCH= 1	11	PORTEPOCH= 1
12	CATEGORIES+= graphics	12	CATEGORIES+= graphics
13	MASTER_SITES= http://www.libgd.org/releases/	13	MASTER_SITES= http://www.libgd.org/releases/




Adopted-From: http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/gd/libgd/gd_gd.c?r1=289557&r2=289556&pathrev=289557&view=patch

--- gd_gd.c.orig	2006-04-05 19:52:22.000000000 +0400
+++ gd_gd.c	2009-11-06 18:06:50.000000000 +0300
@@ -44,6 +44,10 @@
 	    {
 	      goto fail1;
 	    }
+	  if (im->colorsTotal > gdMaxColors)
+	    {
+	      goto fail1;
+	    }
 	}
       /* Int to accommodate truecolor single-color transparency */
       if (!gdGetInt (&im->transparent, in))

Lines 11-14 MASTERDIR= ${.CURDIR}/../../lang/php4 Link Here

(-)b/graphics/php4-gd/Makefile (+2 lines)
11		11
12	PKGNAMESUFFIX= -gd	12	PKGNAMESUFFIX= -gd
13		13
		14	PORTREVISION= 1
		15
14	.include "${MASTERDIR}/Makefile"	16	.include "${MASTERDIR}/Makefile"




Obtained-From: http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/gd/libgd/gd_gd.c?r1=289557&r2=289556&pathrev=289557&view=patch

--- libgd/gd_gd.c	2009/10/12 09:44:18	289556
+++ libgd/gd_gd.c	2009/10/12 10:01:37	289557
@@ -39,6 +39,9 @@
 			if (!gdGetWord(&im->colorsTotal, in)) {
 				goto fail1;
 			}
+			if (im->colorsTotal > gdMaxColors) {
+				goto fail1;
+			}
 		}
 		/* Int to accommodate truecolor single-color transparency */
 		if (!gdGetInt(&im->transparent, in)) {

Lines 11-14 MASTERDIR= ${.CURDIR}/../../lang/php5 Link Here

(-)b/graphics/php5-gd/Makefile (+2 lines)
11		11
12	PKGNAMESUFFIX= -gd	12	PKGNAMESUFFIX= -gd
13		13
		14	PORTREVISION= 2
		15
14	.include "${MASTERDIR}/Makefile"	16	.include "${MASTERDIR}/Makefile"




Obtained-From: http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/gd/libgd/gd_gd.c?r1=289557&r2=289556&pathrev=289557&view=patch

--- libgd/gd_gd.c	2009/10/12 09:44:18	289556
+++ libgd/gd_gd.c	2009/10/12 10:01:37	289557
@@ -39,6 +39,9 @@
 			if (!gdGetWord(&im->colorsTotal, in)) {
 				goto fail1;
 			}
+			if (im->colorsTotal > gdMaxColors) {
+				goto fail1;
+			}
 		}
 		/* Int to accommodate truecolor single-color transparency */
 		if (!gdGetInt(&im->transparent, in)) {




    <affects>
      <package>
	<name>gd</name>
	<range><lt>2.0.35_2,1</lt></range>
      </package>
      <package>
	<name>php5-gd</name>
	<range><lt>5.2.11_2</lt></range>
      </package>
      <package>
	<name>php4-gd</name>
	<range><lt>4.4.9_1</lt></range>
      </package>
    </affects>
    <description>

    <dates>
      <discovery>2009-10-15</discovery>
      <entry>2009-11-05</entry>
      <modified>2009-11-06</modified>
    </dates>
  </vuln>

- 

Return to bug 140335

Added Link Here

(-)b/graphics/gd/files/patch-cve-2009-3546 (+15 lines)
1	Adopted-From: http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/gd/libgd/gd_gd.c?r1=289557&r2=289556&pathrev=289557&view=patch
2
3	--- gd_gd.c.orig 2006-04-05 19:52:22.000000000 +0400
4	+++ gd_gd.c 2009-11-06 18:06:50.000000000 +0300
5	@@ -44,6 +44,10 @@
6	{
7	goto fail1;
8	}
9	+ if (im->colorsTotal > gdMaxColors)
10	+ {
11	+ goto fail1;
12	+ }
13	}
14	/* Int to accommodate truecolor single-color transparency */
15	if (!gdGetInt (&im->transparent, in))

Added Link Here

(-)b/graphics/php4-gd/files/patch-cve-2009-3546 (+14 lines)
1	Obtained-From: http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/gd/libgd/gd_gd.c?r1=289557&r2=289556&pathrev=289557&view=patch
2
3	--- libgd/gd_gd.c 2009/10/12 09:44:18 289556
4	+++ libgd/gd_gd.c 2009/10/12 10:01:37 289557
5	@@ -39,6 +39,9 @@
6	if (!gdGetWord(&im->colorsTotal, in)) {
7	goto fail1;
8	}
9	+ if (im->colorsTotal > gdMaxColors) {
10	+ goto fail1;
11	+ }
12	}
13	/* Int to accommodate truecolor single-color transparency */
14	if (!gdGetInt(&im->transparent, in)) {

Added Link Here

(-)b/graphics/php5-gd/files/patch-cve-2009-3546 (+14 lines)
1	Obtained-From: http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/gd/libgd/gd_gd.c?r1=289557&r2=289556&pathrev=289557&view=patch
2
3	--- libgd/gd_gd.c 2009/10/12 09:44:18 289556
4	+++ libgd/gd_gd.c 2009/10/12 10:01:37 289557
5	@@ -39,6 +39,9 @@
6	if (!gdGetWord(&im->colorsTotal, in)) {
7	goto fail1;
8	}
9	+ if (im->colorsTotal > gdMaxColors) {
10	+ goto fail1;
11	+ }
12	}
13	/* Int to accommodate truecolor single-color transparency */
14	if (!gdGetInt(&im->transparent, in)) {

Lines 40-54 Note: Please add new entries to the beginning of this file. Link Here

(-)b/security/vuxml/vuln.xml (-4 / +4 lines)
40	<affects>	40	<affects>
41	<package>	41	<package>
42	<name>gd</name>	42	<name>gd</name>
43	<range><gt>0</gt></range>	43	<range><lt>2.0.35_2,1</lt></range>
44	</package>	44	</package>
45	<package>	45	<package>
46	<name>php5-gd</name>	46	<name>php5-gd</name>
47	<range><gt>0</gt></range>	47	<range><lt>5.2.11_2</lt></range>
48	</package>	48	</package>
49	<package>	49	<package>
50	<name>php4-gd</name>	50	<name>php4-gd</name>
51	<range><gt>0</gt></range>	51	<range><lt>4.4.9_1</lt></range>
52	</package>	52	</package>
53	</affects>	53	</affects>
54	<description>	54	<description>
Lines 73-78 Note: Please add new entries to the beginning of this file. Link Here
73	<dates>	73	<dates>
74	<discovery>2009-10-15</discovery>	74	<discovery>2009-10-15</discovery>
75	<entry>2009-11-05</entry>	75	<entry>2009-11-05</entry>
		76	<modified>2009-11-06</modified>
76	</dates>	77	</dates>
77	</vuln>	78	</vuln>
78		79
79	-