pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2007Q2]: pkgsrc/graphics Pullup ticket 2136 - requested by lku...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/737a25623d25
branches:  pkgsrc-2007Q2
changeset: 530478:737a25623d25
user:      ghen <ghen%pkgsrc.org@localhost>
date:      Sat Jul 28 22:28:49 2007 +0000

description:
Pullup ticket 2136 - requested by lkundrak
security fix for gimp

- pkgsrc/graphics/gimp/Makefile                         1.157
- pkgsrc/graphics/gimp/distinfo                         1.35
- pkgsrc/graphics/gimp/patches/patch-ae                 1.7
- pkgsrc/graphics/gimp24/Makefile                       1.45
- pkgsrc/graphics/gimp24/distinfo                       1.18
- pkgsrc/graphics/gimp24/patches/patch-af               1.1

   Module Name: pkgsrc
   Committed By:        lkundrak
   Date:                Wed Jul  4 13:34:36 UTC 2007

   Modified Files:
           pkgsrc/graphics/gimp: Makefile distinfo
   Added Files:
           pkgsrc/graphics/gimp/patches: patch-ae

   Log Message:
   Fix for CVE-2007-2949 heap overflow. Bump PKGREVISION.
---
   Module Name: pkgsrc
   Committed By:        lkundrak
   Date:                Wed Jul  4 15:19:52 UTC 2007

   Modified Files:
           pkgsrc/graphics/gimp24: Makefile distinfo
   Added Files:
           pkgsrc/graphics/gimp24/patches: patch-af

   Log Message:
   Fix for CVE-2007-2949 heap overflow. Bump PKGREVISION.

diffstat:

 graphics/gimp/Makefile           |   4 ++--
 graphics/gimp/distinfo           |   3 ++-
 graphics/gimp/patches/patch-ae   |  19 +++++++++++++++++++
 graphics/gimp24/Makefile         |   3 ++-
 graphics/gimp24/distinfo         |   3 ++-
 graphics/gimp24/patches/patch-af |  28 ++++++++++++++++++++++++++++
 6 files changed, 55 insertions(+), 5 deletions(-)

diffs (108 lines):

diff -r 2be0bd7d6cec -r 737a25623d25 graphics/gimp/Makefile
--- a/graphics/gimp/Makefile    Sat Jul 28 16:47:28 2007 +0000
+++ b/graphics/gimp/Makefile    Sat Jul 28 22:28:49 2007 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.156 2007/06/05 05:37:07 wiz Exp $
+# $NetBSD: Makefile,v 1.156.2.1 2007/07/28 22:28:49 ghen Exp $
 
 DISTNAME=      gimp-2.2.15
-PKGREVISION=   1
+PKGREVISION=   2
 CATEGORIES=    graphics
 MASTER_SITES=  ftp://ftp.gimp.org/pub/gimp/v2.2/ \
                ftp://ftp.cs.umn.edu/pub/gimp/v2.2/ \
diff -r 2be0bd7d6cec -r 737a25623d25 graphics/gimp/distinfo
--- a/graphics/gimp/distinfo    Sat Jul 28 16:47:28 2007 +0000
+++ b/graphics/gimp/distinfo    Sat Jul 28 22:28:49 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.34 2007/05/28 12:20:42 adam Exp $
+$NetBSD: distinfo,v 1.34.2.1 2007/07/28 22:28:49 ghen Exp $
 
 SHA1 (gimp-2.2.15.tar.bz2) = ce2357139179e67f361e3ce1b1fb82d1dd5c08e4
 RMD160 (gimp-2.2.15.tar.bz2) = 322b5c07de9e6cc9b206d944278d58d8d6cd1e2f
@@ -6,3 +6,4 @@
 SHA1 (patch-aa) = 6a25d14a018e02d353e6f10364384e9df7a30ebd
 SHA1 (patch-ab) = 461467b76c45e53042da8e3aee4bb9f556730792
 SHA1 (patch-ad) = 632c34e0fbeda69139b2b674d9c5ef80db40dcca
+SHA1 (patch-ae) = 079b081e8eb0c19d18060d9c21ea9d12df9c5cc4
diff -r 2be0bd7d6cec -r 737a25623d25 graphics/gimp/patches/patch-ae
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/gimp/patches/patch-ae    Sat Jul 28 22:28:49 2007 +0000
@@ -0,0 +1,19 @@
+$NetBSD: patch-ae,v 1.6.8.1 2007/07/28 22:28:49 ghen Exp $
+
+Fix for CVE-2007-2949 heap overflow from upstream.
+
+--- plug-ins/common/psd.c.orig 2007-07-04 15:11:22.000000000 +0200
++++ plug-ins/common/psd.c
+@@ -1202,6 +1202,12 @@ seek_to_and_unpack_pixeldata(FILE* fd, g
+   width = channel->width;
+   height = channel->height;
+ 
++  if (width > G_MAXINT16 || height > G_MAXINT16)
++    {
++      g_message ("Error: Invalid channel dimensions");
++      gimp_quit ();
++    }
++
+   IFDBG
+     {
+       printf("\t\t\tLayer (%d) Channel (%d:%d) Compression: %d (%s)\n",
diff -r 2be0bd7d6cec -r 737a25623d25 graphics/gimp24/Makefile
--- a/graphics/gimp24/Makefile  Sat Jul 28 16:47:28 2007 +0000
+++ b/graphics/gimp24/Makefile  Sat Jul 28 22:28:49 2007 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.44 2007/06/14 08:56:11 adam Exp $
+# $NetBSD: Makefile,v 1.44.2.1 2007/07/28 22:28:49 ghen Exp $
 
 DISTNAME=      gimp-2.3.18
+PKGREVISION=   1
 CATEGORIES=    graphics
 MASTER_SITES=  ftp://ftp.gimp.org/pub/gimp/v2.3/ \
                ftp://ftp.cs.umn.edu/pub/gimp/v2.3/ \
diff -r 2be0bd7d6cec -r 737a25623d25 graphics/gimp24/distinfo
--- a/graphics/gimp24/distinfo  Sat Jul 28 16:47:28 2007 +0000
+++ b/graphics/gimp24/distinfo  Sat Jul 28 22:28:49 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.17 2007/06/14 08:56:11 adam Exp $
+$NetBSD: distinfo,v 1.17.2.1 2007/07/28 22:28:50 ghen Exp $
 
 SHA1 (gimp-2.3.18.tar.bz2) = 1a34a9d3cbf5fb757fc1ab54b8ed5737f1abe3fc
 RMD160 (gimp-2.3.18.tar.bz2) = 17a0c3ebb3736c5d1dd5c620e5a03bc73151b31b
@@ -6,3 +6,4 @@
 SHA1 (patch-aa) = f405e6cde52e8e85a7be327a47ddbb0cabb15ca5
 SHA1 (patch-ab) = 10e173a95b97666cfb7a4775228fe8722dc22714
 SHA1 (patch-ae) = ccdb74067fd88f6b838b4deee69dad68663c8cc5
+SHA1 (patch-af) = 05f23376a19497710cab08ffcd4dd29d6c82d729
diff -r 2be0bd7d6cec -r 737a25623d25 graphics/gimp24/patches/patch-af
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/gimp24/patches/patch-af  Sat Jul 28 22:28:49 2007 +0000
@@ -0,0 +1,28 @@
+$NetBSD: patch-af,v 1.1.2.2 2007/07/28 22:28:50 ghen Exp $
+
+Fix for CVE-2007-2949 heap overflow from upstream.
+
+--- plug-ins/common/psd-load.c.orig    2007-07-04 17:08:32.000000000 +0200
++++ plug-ins/common/psd-load.c
+@@ -1291,7 +1291,7 @@ seek_to_and_unpack_pixeldata (FILE *fd,
+                               gint  layeri,
+                               gint  channeli)
+ {
+-  int         width, height;
++  gint        width, height;
+   guchar     *tmpline;
+   gint        compression;
+   guint32     offset = 0;
+@@ -1305,6 +1305,12 @@ seek_to_and_unpack_pixeldata (FILE *fd,
+   width  = channel->width;
+   height = channel->height;
+ 
++  if (width > G_MAXINT16 || height > G_MAXINT16)
++    {
++      g_message ("Error: Invalid channel dimensions");
++      gimp_quit ();
++    }
++
+   IFDBG
+     {
+       printf ("\t\t\tLayer (%d) Channel (%d:%d) Compression: %d (%s)\n",



Home | Main Index | Thread Index | Old Index