diff options
author | ghen <ghen@pkgsrc.org> | 2007-07-28 22:28:49 +0000 |
---|---|---|
committer | ghen <ghen@pkgsrc.org> | 2007-07-28 22:28:49 +0000 |
commit | 7a5f9866629292181eb1ab002de8b549985cb07f (patch) | |
tree | 39e02f3e876907137a75f26dc64850192198b5fa | |
parent | 7b7baaf5e61f2bd566f9378d3c7694a35e086967 (diff) | |
download | pkgsrc-7a5f9866629292181eb1ab002de8b549985cb07f.tar.gz |
Pullup ticket 2136 - requested by lkundrak
security fix for gimp
- pkgsrc/graphics/gimp/Makefile 1.157
- pkgsrc/graphics/gimp/distinfo 1.35
- pkgsrc/graphics/gimp/patches/patch-ae 1.7
- pkgsrc/graphics/gimp24/Makefile 1.45
- pkgsrc/graphics/gimp24/distinfo 1.18
- pkgsrc/graphics/gimp24/patches/patch-af 1.1
Module Name: pkgsrc
Committed By: lkundrak
Date: Wed Jul 4 13:34:36 UTC 2007
Modified Files:
pkgsrc/graphics/gimp: Makefile distinfo
Added Files:
pkgsrc/graphics/gimp/patches: patch-ae
Log Message:
Fix for CVE-2007-2949 heap overflow. Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: lkundrak
Date: Wed Jul 4 15:19:52 UTC 2007
Modified Files:
pkgsrc/graphics/gimp24: Makefile distinfo
Added Files:
pkgsrc/graphics/gimp24/patches: patch-af
Log Message:
Fix for CVE-2007-2949 heap overflow. Bump PKGREVISION.
-rw-r--r-- | graphics/gimp/Makefile | 4 | ||||
-rw-r--r-- | graphics/gimp/distinfo | 3 | ||||
-rw-r--r-- | graphics/gimp/patches/patch-ae | 19 | ||||
-rw-r--r-- | graphics/gimp24/Makefile | 3 | ||||
-rw-r--r-- | graphics/gimp24/distinfo | 3 | ||||
-rw-r--r-- | graphics/gimp24/patches/patch-af | 28 |
6 files changed, 55 insertions, 5 deletions
diff --git a/graphics/gimp/Makefile b/graphics/gimp/Makefile index 72dc10c3ca8..013c5f0ca86 100644 --- a/graphics/gimp/Makefile +++ b/graphics/gimp/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.156 2007/06/05 05:37:07 wiz Exp $ +# $NetBSD: Makefile,v 1.156.2.1 2007/07/28 22:28:49 ghen Exp $ DISTNAME= gimp-2.2.15 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= graphics MASTER_SITES= ftp://ftp.gimp.org/pub/gimp/v2.2/ \ ftp://ftp.cs.umn.edu/pub/gimp/v2.2/ \ diff --git a/graphics/gimp/distinfo b/graphics/gimp/distinfo index de72821b755..44698b260e2 100644 --- a/graphics/gimp/distinfo +++ b/graphics/gimp/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.34 2007/05/28 12:20:42 adam Exp $ +$NetBSD: distinfo,v 1.34.2.1 2007/07/28 22:28:49 ghen Exp $ SHA1 (gimp-2.2.15.tar.bz2) = ce2357139179e67f361e3ce1b1fb82d1dd5c08e4 RMD160 (gimp-2.2.15.tar.bz2) = 322b5c07de9e6cc9b206d944278d58d8d6cd1e2f @@ -6,3 +6,4 @@ Size (gimp-2.2.15.tar.bz2) = 13097438 bytes SHA1 (patch-aa) = 6a25d14a018e02d353e6f10364384e9df7a30ebd SHA1 (patch-ab) = 461467b76c45e53042da8e3aee4bb9f556730792 SHA1 (patch-ad) = 632c34e0fbeda69139b2b674d9c5ef80db40dcca +SHA1 (patch-ae) = 079b081e8eb0c19d18060d9c21ea9d12df9c5cc4 diff --git a/graphics/gimp/patches/patch-ae b/graphics/gimp/patches/patch-ae new file mode 100644 index 00000000000..d6127c7b2eb --- /dev/null +++ b/graphics/gimp/patches/patch-ae @@ -0,0 +1,19 @@ +$NetBSD: patch-ae,v 1.6.8.1 2007/07/28 22:28:49 ghen Exp $ + +Fix for CVE-2007-2949 heap overflow from upstream. + +--- plug-ins/common/psd.c.orig 2007-07-04 15:11:22.000000000 +0200 ++++ plug-ins/common/psd.c +@@ -1202,6 +1202,12 @@ seek_to_and_unpack_pixeldata(FILE* fd, g + width = channel->width; + height = channel->height; + ++ if (width > G_MAXINT16 || height > G_MAXINT16) ++ { ++ g_message ("Error: Invalid channel dimensions"); ++ gimp_quit (); ++ } ++ + IFDBG + { + printf("\t\t\tLayer (%d) Channel (%d:%d) Compression: %d (%s)\n", diff --git a/graphics/gimp24/Makefile b/graphics/gimp24/Makefile index 216ce7b6b0a..c59f15ae84f 100644 --- a/graphics/gimp24/Makefile +++ b/graphics/gimp24/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.44 2007/06/14 08:56:11 adam Exp $ +# $NetBSD: Makefile,v 1.44.2.1 2007/07/28 22:28:49 ghen Exp $ DISTNAME= gimp-2.3.18 +PKGREVISION= 1 CATEGORIES= graphics MASTER_SITES= ftp://ftp.gimp.org/pub/gimp/v2.3/ \ ftp://ftp.cs.umn.edu/pub/gimp/v2.3/ \ diff --git a/graphics/gimp24/distinfo b/graphics/gimp24/distinfo index 461b8473e3f..468f71672e6 100644 --- a/graphics/gimp24/distinfo +++ b/graphics/gimp24/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.17 2007/06/14 08:56:11 adam Exp $ +$NetBSD: distinfo,v 1.17.2.1 2007/07/28 22:28:50 ghen Exp $ SHA1 (gimp-2.3.18.tar.bz2) = 1a34a9d3cbf5fb757fc1ab54b8ed5737f1abe3fc RMD160 (gimp-2.3.18.tar.bz2) = 17a0c3ebb3736c5d1dd5c620e5a03bc73151b31b @@ -6,3 +6,4 @@ Size (gimp-2.3.18.tar.bz2) = 16926421 bytes SHA1 (patch-aa) = f405e6cde52e8e85a7be327a47ddbb0cabb15ca5 SHA1 (patch-ab) = 10e173a95b97666cfb7a4775228fe8722dc22714 SHA1 (patch-ae) = ccdb74067fd88f6b838b4deee69dad68663c8cc5 +SHA1 (patch-af) = 05f23376a19497710cab08ffcd4dd29d6c82d729 diff --git a/graphics/gimp24/patches/patch-af b/graphics/gimp24/patches/patch-af new file mode 100644 index 00000000000..57626afcb62 --- /dev/null +++ b/graphics/gimp24/patches/patch-af @@ -0,0 +1,28 @@ +$NetBSD: patch-af,v 1.1.2.2 2007/07/28 22:28:50 ghen Exp $ + +Fix for CVE-2007-2949 heap overflow from upstream. + +--- plug-ins/common/psd-load.c.orig 2007-07-04 17:08:32.000000000 +0200 ++++ plug-ins/common/psd-load.c +@@ -1291,7 +1291,7 @@ seek_to_and_unpack_pixeldata (FILE *fd, + gint layeri, + gint channeli) + { +- int width, height; ++ gint width, height; + guchar *tmpline; + gint compression; + guint32 offset = 0; +@@ -1305,6 +1305,12 @@ seek_to_and_unpack_pixeldata (FILE *fd, + width = channel->width; + height = channel->height; + ++ if (width > G_MAXINT16 || height > G_MAXINT16) ++ { ++ g_message ("Error: Invalid channel dimensions"); ++ gimp_quit (); ++ } ++ + IFDBG + { + printf ("\t\t\tLayer (%d) Channel (%d:%d) Compression: %d (%s)\n", |