pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/graphics/gimp1-base Security for CVE-2007-2949 heap ov...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/8e47f7ed0045
branches:  trunk
changeset: 530679:8e47f7ed0045
user:      lkundrak <lkundrak%pkgsrc.org@localhost>
date:      Wed Jul 04 13:44:10 2007 +0000

description:
Security for CVE-2007-2949 heap overflow. Bump PKGREVISION.

diffstat:

 graphics/gimp1-base/Makefile         |   4 ++--
 graphics/gimp1-base/distinfo         |   3 ++-
 graphics/gimp1-base/patches/patch-ae |  19 +++++++++++++++++++
 3 files changed, 23 insertions(+), 3 deletions(-)

diffs (52 lines):

diff -r eaa3da1abbe7 -r 8e47f7ed0045 graphics/gimp1-base/Makefile
--- a/graphics/gimp1-base/Makefile      Wed Jul 04 13:34:35 2007 +0000
+++ b/graphics/gimp1-base/Makefile      Wed Jul 04 13:44:10 2007 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.21 2007/06/12 17:27:25 wiz Exp $
+# $NetBSD: Makefile,v 1.22 2007/07/04 13:44:10 lkundrak Exp $
 #
 
 DISTNAME=              gimp-1.2.5
 PKGNAME=               gimp-base-1.2.5
-PKGREVISION=           5
+PKGREVISION=           6
 CATEGORIES=            graphics
 MASTER_SITES=          ftp://ftp.gimp.org/pub/gimp/v1.2/v1.2.5/ \
                        ftp://ftp.fu-berlin.de/unix/X11/graphics/gimp/v1.2/v1.2.5/ \
diff -r eaa3da1abbe7 -r 8e47f7ed0045 graphics/gimp1-base/distinfo
--- a/graphics/gimp1-base/distinfo      Wed Jul 04 13:34:35 2007 +0000
+++ b/graphics/gimp1-base/distinfo      Wed Jul 04 13:44:10 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.2 2005/02/24 08:45:06 agc Exp $
+$NetBSD: distinfo,v 1.3 2007/07/04 13:44:11 lkundrak Exp $
 
 SHA1 (gimp-1.2.5.tar.bz2) = 1cb7fdbd4e6b191a62011c906e1b0aaef6e623ef
 RMD160 (gimp-1.2.5.tar.bz2) = d1be734271b763a22c0e8f5981c5c330a7744d31
@@ -6,3 +6,4 @@
 SHA1 (patch-aa) = 2d2f7ce110822522314aebfd86c06ebcbdbabb9d
 SHA1 (patch-ac) = 9949ba730b031132a183cabf69025e36500c70f0
 SHA1 (patch-ad) = 29c68f53be2d527661dcbaa38b2bf92626cb139c
+SHA1 (patch-ae) = e1b22a857da4a86afcc8d3144379df114a3cf64b
diff -r eaa3da1abbe7 -r 8e47f7ed0045 graphics/gimp1-base/patches/patch-ae
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/gimp1-base/patches/patch-ae      Wed Jul 04 13:44:10 2007 +0000
@@ -0,0 +1,19 @@
+$NetBSD: patch-ae,v 1.1 2007/07/04 13:44:11 lkundrak Exp $
+
+Fix for CVE-2007-2949 heap overflow from upstream.
+
+--- plug-ins/common/psd.c.orig 2007-07-04 15:41:06.000000000 +0200
++++ plug-ins/common/psd.c
+@@ -1200,6 +1200,12 @@ seek_to_and_unpack_pixeldata(FILE* fd, g
+   width = psd_image.layer[layeri].channel[channeli].width;
+   height = psd_image.layer[layeri].channel[channeli].height;
+ 
++  if (width > G_MAXINT16 || height > G_MAXINT16)
++    {
++      g_message ("Error: Invalid channel dimensions");
++      gimp_quit ();
++    }
++
+   IFDBG
+     {
+       printf("\t\t\tLayer (%d) Channel (%d:%d) Compression: %d (%s)\n",



Home | Main Index | Thread Index | Old Index