pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/graphics/gimp24 Fix for CVE-2007-2949 heap overflow. B...
details: https://anonhg.NetBSD.org/pkgsrc/rev/7282d85b5ebb
branches: trunk
changeset: 530681:7282d85b5ebb
user: lkundrak <lkundrak%pkgsrc.org@localhost>
date: Wed Jul 04 15:19:51 2007 +0000
description:
Fix for CVE-2007-2949 heap overflow. Bump PKGREVISION.
diffstat:
graphics/gimp24/Makefile | 3 ++-
graphics/gimp24/distinfo | 3 ++-
graphics/gimp24/patches/patch-af | 28 ++++++++++++++++++++++++++++
3 files changed, 32 insertions(+), 2 deletions(-)
diffs (58 lines):
diff -r afe12c30cd96 -r 7282d85b5ebb graphics/gimp24/Makefile
--- a/graphics/gimp24/Makefile Wed Jul 04 13:55:01 2007 +0000
+++ b/graphics/gimp24/Makefile Wed Jul 04 15:19:51 2007 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.44 2007/06/14 08:56:11 adam Exp $
+# $NetBSD: Makefile,v 1.45 2007/07/04 15:19:51 lkundrak Exp $
DISTNAME= gimp-2.3.18
+PKGREVISION= 1
CATEGORIES= graphics
MASTER_SITES= ftp://ftp.gimp.org/pub/gimp/v2.3/ \
ftp://ftp.cs.umn.edu/pub/gimp/v2.3/ \
diff -r afe12c30cd96 -r 7282d85b5ebb graphics/gimp24/distinfo
--- a/graphics/gimp24/distinfo Wed Jul 04 13:55:01 2007 +0000
+++ b/graphics/gimp24/distinfo Wed Jul 04 15:19:51 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.17 2007/06/14 08:56:11 adam Exp $
+$NetBSD: distinfo,v 1.18 2007/07/04 15:19:51 lkundrak Exp $
SHA1 (gimp-2.3.18.tar.bz2) = 1a34a9d3cbf5fb757fc1ab54b8ed5737f1abe3fc
RMD160 (gimp-2.3.18.tar.bz2) = 17a0c3ebb3736c5d1dd5c620e5a03bc73151b31b
@@ -6,3 +6,4 @@
SHA1 (patch-aa) = f405e6cde52e8e85a7be327a47ddbb0cabb15ca5
SHA1 (patch-ab) = 10e173a95b97666cfb7a4775228fe8722dc22714
SHA1 (patch-ae) = ccdb74067fd88f6b838b4deee69dad68663c8cc5
+SHA1 (patch-af) = 05f23376a19497710cab08ffcd4dd29d6c82d729
diff -r afe12c30cd96 -r 7282d85b5ebb graphics/gimp24/patches/patch-af
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/gimp24/patches/patch-af Wed Jul 04 15:19:51 2007 +0000
@@ -0,0 +1,28 @@
+$NetBSD: patch-af,v 1.1 2007/07/04 15:19:51 lkundrak Exp $
+
+Fix for CVE-2007-2949 heap overflow from upstream.
+
+--- plug-ins/common/psd-load.c.orig 2007-07-04 17:08:32.000000000 +0200
++++ plug-ins/common/psd-load.c
+@@ -1291,7 +1291,7 @@ seek_to_and_unpack_pixeldata (FILE *fd,
+ gint layeri,
+ gint channeli)
+ {
+- int width, height;
++ gint width, height;
+ guchar *tmpline;
+ gint compression;
+ guint32 offset = 0;
+@@ -1305,6 +1305,12 @@ seek_to_and_unpack_pixeldata (FILE *fd,
+ width = channel->width;
+ height = channel->height;
+
++ if (width > G_MAXINT16 || height > G_MAXINT16)
++ {
++ g_message ("Error: Invalid channel dimensions");
++ gimp_quit ();
++ }
++
+ IFDBG
+ {
+ printf ("\t\t\tLayer (%d) Channel (%d:%d) Compression: %d (%s)\n",
Home |
Main Index |
Thread Index |
Old Index