pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/graphics/gdk-pixbuf pull in boundary check from gdk2-p...
details: https://anonhg.NetBSD.org/pkgsrc/rev/b73ab766ca54
branches: trunk
changeset: 591078:b73ab766ca54
user: drochner <drochner%pkgsrc.org@localhost>
date: Wed Aug 03 10:01:25 2011 +0000
description:
pull in boundary check from gdk2-pixbuf to fix a possible buffer
overflow by invalid GIF images, see redhat bug#727081
bump PKGREV
diffstat:
graphics/gdk-pixbuf/Makefile | 4 ++--
graphics/gdk-pixbuf/distinfo | 4 ++--
graphics/gdk-pixbuf/patches/patch-af | 13 ++++++++++++-
3 files changed, 16 insertions(+), 5 deletions(-)
diffs (58 lines):
diff -r d220971e0acc -r b73ab766ca54 graphics/gdk-pixbuf/Makefile
--- a/graphics/gdk-pixbuf/Makefile Wed Aug 03 09:30:48 2011 +0000
+++ b/graphics/gdk-pixbuf/Makefile Wed Aug 03 10:01:25 2011 +0000
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.42 2011/04/22 13:42:11 obache Exp $
+# $NetBSD: Makefile,v 1.43 2011/08/03 10:01:25 drochner Exp $
#
PKG_DESTDIR_SUPPORT= user-destdir
.include "Makefile.common"
-PKGREVISION= 14
+PKGREVISION= 15
COMMENT= The GNOME image loading library
# XXX hopefully there is no x.gnome-config.x in PATH
diff -r d220971e0acc -r b73ab766ca54 graphics/gdk-pixbuf/distinfo
--- a/graphics/gdk-pixbuf/distinfo Wed Aug 03 09:30:48 2011 +0000
+++ b/graphics/gdk-pixbuf/distinfo Wed Aug 03 10:01:25 2011 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.21 2011/01/19 12:45:22 ryoon Exp $
+$NetBSD: distinfo,v 1.22 2011/08/03 10:01:25 drochner Exp $
SHA1 (gdk-pixbuf-0.22.0.tar.bz2) = 495324afb5abebc14567ffd5a6cd72333bcc7f5b
RMD160 (gdk-pixbuf-0.22.0.tar.bz2) = 0e56a0f883fd8e3fb4d49b9a38f984b95cd96ece
@@ -8,7 +8,7 @@
SHA1 (patch-ac) = 16fc33898fc1cb10b3e11ee26e7ea046d1f68032
SHA1 (patch-ad) = 5c834eceaea7cef2ae964bba586c1e90ea4d0684
SHA1 (patch-ae) = 8331a216051cd1bbfbeee7d2b54ab9e51be6f38d
-SHA1 (patch-af) = af8bf66d1cc445bdf7affaa119fd4c24e96e53c7
+SHA1 (patch-af) = f24e32ffa74ba14717c8e779a282803734e6fb17
SHA1 (patch-ag) = 387e1f3f96f53a1afe21ab3a419b729125f269fb
SHA1 (patch-ah) = 37df772bd4c818eb2dd567169598436467ea4f1c
SHA1 (patch-ai) = 33e6c261933028472ce722b086280518cd1ac915
diff -r d220971e0acc -r b73ab766ca54 graphics/gdk-pixbuf/patches/patch-af
--- a/graphics/gdk-pixbuf/patches/patch-af Wed Aug 03 09:30:48 2011 +0000
+++ b/graphics/gdk-pixbuf/patches/patch-af Wed Aug 03 10:01:25 2011 +0000
@@ -1,4 +1,4 @@
-$NetBSD: patch-af,v 1.1 2005/01/15 00:10:41 cube Exp $
+$NetBSD: patch-af,v 1.2 2011/08/03 10:01:25 drochner Exp $
--- gdk-pixbuf/io-gif.c.orig 2002-12-18 19:49:01.000000000 +0000
+++ gdk-pixbuf/io-gif.c
@@ -11,3 +11,14 @@
return;
/* The frame is completely off-bounds */
+@@ -944,6 +944,10 @@ gif_prepare_lzw (GifContext *context)
+ return -1;
+ }
+
++ if (context->lzw_set_code_size > MAX_LZW_BITS) {
++ return -1;
++ }
++
+ context->lzw_code_size = context->lzw_set_code_size + 1;
+ context->lzw_clear_code = 1 << context->lzw_set_code_size;
+ context->lzw_end_code = context->lzw_clear_code + 1;
Home |
Main Index |
Thread Index |
Old Index