From 85caa8ebaf15ab1fb7fb1a3de6aabea15fb26f0edf8c08d21417b7fcf59dad68 Mon Sep 17 00:00:00 2001
From: Petr Gajdos <pgajdos@suse.com>
Date: Fri, 4 Apr 2014 12:22:22 +0000
Subject: [PATCH] - fixed CVE-2014-2497 [bnc#868624]

OBS-URL: https://build.opensuse.org/package/show/graphics/gd?expand=0&rev=5
---
 gd-2.1.0-CVE-2014-2497.patch | 23 +++++++++++++++++++++++
 gd.changes                   |  5 +++++
 gd.spec                      |  4 +++-
 3 files changed, 31 insertions(+), 1 deletion(-)
 create mode 100644 gd-2.1.0-CVE-2014-2497.patch

diff --git a/gd-2.1.0-CVE-2014-2497.patch b/gd-2.1.0-CVE-2014-2497.patch
new file mode 100644
index 0000000..9c1379a
--- /dev/null
+++ b/gd-2.1.0-CVE-2014-2497.patch
@@ -0,0 +1,23 @@
+Description: Patch to fix PHP bug 66901.
+Author: Andres Mejia <mejiaa@amazon.com>
+Forwarded: no
+
+Index: src/gdxpm.c
+===================================================================
+--- src/gdxpm.c.orig	2014-04-04 12:56:02.570160501 +0200
++++ src/gdxpm.c	2014-04-04 13:01:24.031976322 +0200
+@@ -62,6 +62,14 @@
+ 
+ 	for(i = 0; i < number; i++) {
+ 		char *c_color = image.colorTable[i].c_color;
++                if (!image.colorTable[i].c_color)
++                {
++                        /* unsupported color key or color key not defined */
++                        gdImageDestroy(im);
++                        gdFree(colors);
++                        im = 0;
++                        goto done;
++                }
+ 		if(strcmp(c_color, "None") == 0) {
+ 			colors[i] = gdImageGetTransparent(im);
+ 			if(colors[i] == -1) colors[i] = gdImageColorAllocate(im, 0, 0, 0);
diff --git a/gd.changes b/gd.changes
index f15879d..4843eef 100644
--- a/gd.changes
+++ b/gd.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Fri Apr  4 12:21:22 UTC 2014 - pgajdos@suse.com
+
+- fixed CVE-2014-2497 [bnc#868624]
+
 -------------------------------------------------------------------
 Fri Dec 27 07:42:11 UTC 2013 - tchvatal@suse.com
 
diff --git a/gd.spec b/gd.spec
index 42ab110..073aa37 100644
--- a/gd.spec
+++ b/gd.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package gd
 #
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -36,6 +36,7 @@ Patch2:         gd-format.patch
 Patch3:         gd-aliasing.patch
 # could be upstreamed?
 Patch4:         gd-autoconf.patch
+Patch5:         gd-2.1.0-CVE-2014-2497.patch
 BuildRequires:  fontconfig-devel
 BuildRequires:  freetype2-devel
 BuildRequires:  libjpeg-devel
@@ -78,6 +79,7 @@ the formats accepted for inline images by most browsers.
 %patch2
 %patch3
 %patch4
+%patch5
 
 %build
 autoreconf -fiv