[pkgsrc/trunk]: pkgsrc/graphics/gimp add patch from upstream CVS to fix possi...

[drochner <drochner%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/633fbfe0c98e
branches:  trunk
changeset: 567302:633fbfe0c98e
user:      drochner <drochner%pkgsrc.org@localhost>
date:      Fri Nov 13 17:29:50 2009 +0000

description:
add patch from upstream CVS to fix possible integer overflow in BMP plugin
(CVE-2009-1570)
bump PKGREVISION

diffstat:

 graphics/gimp/Makefile         |   4 ++--
 graphics/gimp/distinfo         |   3 ++-
 graphics/gimp/patches/patch-ad |  33 +++++++++++++++++++++++++++++++++
 3 files changed, 37 insertions(+), 3 deletions(-)

diffs (64 lines):

diff -r cf5690d37a7e -r 633fbfe0c98e graphics/gimp/Makefile
--- a/graphics/gimp/Makefile    Fri Nov 13 16:14:29 2009 +0000
+++ b/graphics/gimp/Makefile    Fri Nov 13 17:29:50 2009 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.186 2009/09/09 17:22:53 drochner Exp $
+# $NetBSD: Makefile,v 1.187 2009/11/13 17:29:50 drochner Exp $
 
 DISTNAME=      gimp-2.6.7
-PKGREVISION=   1
+PKGREVISION=   2
 CATEGORIES=    graphics
 MASTER_SITES=  ftp://ftp.gimp.org/pub/gimp/v2.6/ \
                ${MASTER_SITE_GNU:=gimp/v2.6/} \
diff -r cf5690d37a7e -r 633fbfe0c98e graphics/gimp/distinfo
--- a/graphics/gimp/distinfo    Fri Nov 13 16:14:29 2009 +0000
+++ b/graphics/gimp/distinfo    Fri Nov 13 17:29:50 2009 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.49 2009/08/21 19:41:56 adam Exp $
+$NetBSD: distinfo,v 1.50 2009/11/13 17:29:50 drochner Exp $
 
 SHA1 (gimp-2.6.7.tar.bz2) = 0661d162fecfd907e183ce42853dd5b9d3cb4c51
 RMD160 (gimp-2.6.7.tar.bz2) = c576674ba6547e4d31c34d6bb82c4d416addbaf1
@@ -6,3 +6,4 @@
 SHA1 (patch-aa) = 52d9b1995e47b3ae34510fef074c7000f2527adb
 SHA1 (patch-ab) = 4f5ba210bc69db55f79b67f0238aafc13992c050
 SHA1 (patch-ac) = b1f4b802eebbb2d2145e0e282e65d48a0409a6b8
+SHA1 (patch-ad) = 7b4111b98e3db75ed17acdb31bdfeded1fb78149
diff -r cf5690d37a7e -r 633fbfe0c98e graphics/gimp/patches/patch-ad
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/gimp/patches/patch-ad    Fri Nov 13 17:29:50 2009 +0000
@@ -0,0 +1,33 @@
+$NetBSD: patch-ad,v 1.6 2009/11/13 17:29:51 drochner Exp $
+
+--- plug-ins/file-bmp/bmp-read.c.orig  2009-08-03 22:17:25.000000000 +0200
++++ plug-ins/file-bmp/bmp-read.c
+@@ -424,7 +424,8 @@ ReadBMP (const gchar  *name,
+       return -1;
+     }
+ 
+-  if (Bitmap_Head.biWidth < 0)
++  if (Bitmap_Head.biWidth < 0 ||
++      ABS (Bitmap_Head.biHeight) < 0)
+     {
+       g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
+                    _("'%s' is not a valid BMP file"),
+@@ -448,6 +449,18 @@ ReadBMP (const gchar  *name,
+       return -1;
+     }
+ 
++  /* protect against integer overflows caused by malicious BMPs */
++
++  if (((guint64) Bitmap_Head.biWidth) * Bitmap_Head.biBitCnt > G_MAXINT32 ||
++      ((guint64) Bitmap_Head.biWidth) * ABS (Bitmap_Head.biHeight) > G_MAXINT32 ||
++      ((guint64) Bitmap_Head.biWidth) * ABS (Bitmap_Head.biHeight) * 4 > G_MAXINT32)
++    {
++      g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
++                   _("'%s' is not a valid BMP file"),
++                   gimp_filename_to_utf8 (filename));
++      return -1;
++    }
++
+   /* Windows and OS/2 declare filler so that rows are a multiple of
+    * word length (32 bits == 4 bytes)
+    */