pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2012Q1]: pkgsrc/graphics/gdk-pixbuf Pullup ticket #3803 - requ...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/001dfd4eefa4
branches:  pkgsrc-2012Q1
changeset: 602128:001dfd4eefa4
user:      tron <tron%pkgsrc.org@localhost>
date:      Fri May 25 15:31:58 2012 +0000

description:
Pullup ticket #3803 - requested by he
graphics/gdk-pixbuf: security patch

Revisions pulled up:
- graphics/gdk-pixbuf/Makefile                                  1.45
- graphics/gdk-pixbuf/distinfo                                  1.23
- graphics/gdk-pixbuf/patches/patch-ao                          1.1

---
   Module Name: pkgsrc
   Committed By:        he
   Date:                Fri May 25 08:29:36 UTC 2012

   Modified Files:
        pkgsrc/graphics/gdk-pixbuf: Makefile distinfo

   Log Message:
   Add fix for http://secunia.com/advisories/49125/, taken from
   http://bugzilla-attachments.gnome.org/attachment.cgi?id=212053.
   Bump pkgrevision.

---
   Module Name: pkgsrc
   Committed By:        he
   Date:                Fri May 25 08:31:35 UTC 2012

   Added Files:
        pkgsrc/graphics/gdk-pixbuf/patches: patch-ao

   Log Message:
   Add fix for http://secunia.com/advisories/49125/, taken from
   http://bugzilla-attachments.gnome.org/attachment.cgi?id=212053.

diffstat:

 graphics/gdk-pixbuf/Makefile         |   4 ++--
 graphics/gdk-pixbuf/distinfo         |   3 ++-
 graphics/gdk-pixbuf/patches/patch-ao |  35 +++++++++++++++++++++++++++++++++++
 3 files changed, 39 insertions(+), 3 deletions(-)

diffs (69 lines):

diff -r f3d4a54f87b1 -r 001dfd4eefa4 graphics/gdk-pixbuf/Makefile
--- a/graphics/gdk-pixbuf/Makefile      Wed May 23 17:58:15 2012 +0000
+++ b/graphics/gdk-pixbuf/Makefile      Fri May 25 15:31:58 2012 +0000
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.44 2012/02/06 12:40:22 wiz Exp $
+# $NetBSD: Makefile,v 1.44.2.1 2012/05/25 15:31:58 tron Exp $
 #
 PKG_DESTDIR_SUPPORT=   user-destdir
 
 .include "Makefile.common"
 
-PKGREVISION=   16
+PKGREVISION=   17
 COMMENT=       The GNOME image loading library
 
 # XXX hopefully there is no x.gnome-config.x in PATH
diff -r f3d4a54f87b1 -r 001dfd4eefa4 graphics/gdk-pixbuf/distinfo
--- a/graphics/gdk-pixbuf/distinfo      Wed May 23 17:58:15 2012 +0000
+++ b/graphics/gdk-pixbuf/distinfo      Fri May 25 15:31:58 2012 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.22 2011/08/03 10:01:25 drochner Exp $
+$NetBSD: distinfo,v 1.22.6.1 2012/05/25 15:31:58 tron Exp $
 
 SHA1 (gdk-pixbuf-0.22.0.tar.bz2) = 495324afb5abebc14567ffd5a6cd72333bcc7f5b
 RMD160 (gdk-pixbuf-0.22.0.tar.bz2) = 0e56a0f883fd8e3fb4d49b9a38f984b95cd96ece
@@ -17,3 +17,4 @@
 SHA1 (patch-al) = cf05f283c7676c9fa51b822f5ced66524dfa487e
 SHA1 (patch-am) = 44180cb58cba4b5cc5663acc0215978001f82fa0
 SHA1 (patch-an) = ec341ab166c5ce98d1d0ba13b676646af50f7038
+SHA1 (patch-ao) = c4d76635d1a79ede36dfa9f11e4dc0922b1f461a
diff -r f3d4a54f87b1 -r 001dfd4eefa4 graphics/gdk-pixbuf/patches/patch-ao
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/gdk-pixbuf/patches/patch-ao      Fri May 25 15:31:58 2012 +0000
@@ -0,0 +1,35 @@
+$NetBSD: patch-ao,v 1.1.2.2 2012/05/25 15:31:58 tron Exp $
+
+Add fix for http://secunia.com/advisories/49125/, taken from
+http://bugzilla-attachments.gnome.org/attachment.cgi?id=212053.
+
+--- gdk-pixbuf/io-xbm.c.orig   2001-01-21 04:13:40.000000000 +0000
++++ gdk-pixbuf/io-xbm.c
+@@ -177,10 +177,16 @@ read_bitmap_file_data (FILE *fstream,
+                               type++;
+                       }
+ 
+-                      if (!strcmp ("width", type))
++                      if (!strcmp ("width", type)) {
++                              if (value <= 0)
++                                      RETURN (FALSE);
+                               ww = (unsigned int) value;
+-                      if (!strcmp ("height", type))
++                      }
++                      if (!strcmp ("height", type)) {
++                              if (value <= 0)
++                                      RETURN (FALSE);
+                               hh = (unsigned int) value;
++                      }
+                       if (!strcmp ("hot", type)) {
+                               if (type-- == name_and_type
+                                   || type-- == name_and_type)
+@@ -221,6 +227,8 @@ read_bitmap_file_data (FILE *fstream,
+               bytes_per_line = (ww+7)/8 + padding;
+ 
+               size = bytes_per_line * hh;
++              if (size / bytes_per_line != hh) /* overflow */
++                      RETURN (FALSE);
+               bits = g_malloc (size);
+ 
+               if (version10p) {



Home | Main Index | Thread Index | Old Index