diff options
| author | drochner <drochner> | 2011-08-03 10:01:25 +0000 |
|---|---|---|
| committer | drochner <drochner> | 2011-08-03 10:01:25 +0000 |
| commit | 34e696537ff2c5ee73ea01e3fa5faf27190a06bc (patch) | |
| tree | 7e3d1077171cfe0083a4709c1c38150140c5f8e1 | |
| parent | d4d573f7847fc101d54853e1b909164760833666 (diff) | |
| download | pkgsrc-34e696537ff2c5ee73ea01e3fa5faf27190a06bc.tar.gz | |
pull in boundary check from gdk2-pixbuf to fix a possible buffer
overflow by invalid GIF images, see redhat bug#727081
bump PKGREV
| -rw-r--r-- | graphics/gdk-pixbuf/Makefile | 4 | ||||
| -rw-r--r-- | graphics/gdk-pixbuf/distinfo | 4 | ||||
| -rw-r--r-- | graphics/gdk-pixbuf/patches/patch-af | 13 |
3 files changed, 16 insertions, 5 deletions
diff --git a/graphics/gdk-pixbuf/Makefile b/graphics/gdk-pixbuf/Makefile index adc736a8f5c..be7642e7538 100644 --- a/graphics/gdk-pixbuf/Makefile +++ b/graphics/gdk-pixbuf/Makefile @@ -1,10 +1,10 @@ -# $NetBSD: Makefile,v 1.42 2011/04/22 13:42:11 obache Exp $ +# $NetBSD: Makefile,v 1.43 2011/08/03 10:01:25 drochner Exp $ # PKG_DESTDIR_SUPPORT= user-destdir .include "Makefile.common" -PKGREVISION= 14 +PKGREVISION= 15 COMMENT= The GNOME image loading library # XXX hopefully there is no x.gnome-config.x in PATH diff --git a/graphics/gdk-pixbuf/distinfo b/graphics/gdk-pixbuf/distinfo index 3bc6c57f96a..4be85736805 100644 --- a/graphics/gdk-pixbuf/distinfo +++ b/graphics/gdk-pixbuf/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.21 2011/01/19 12:45:22 ryoon Exp $ +$NetBSD: distinfo,v 1.22 2011/08/03 10:01:25 drochner Exp $ SHA1 (gdk-pixbuf-0.22.0.tar.bz2) = 495324afb5abebc14567ffd5a6cd72333bcc7f5b RMD160 (gdk-pixbuf-0.22.0.tar.bz2) = 0e56a0f883fd8e3fb4d49b9a38f984b95cd96ece @@ -8,7 +8,7 @@ SHA1 (patch-ab) = 2edd8fdd72d5dfaecc92974c6930e5d175e3b69f SHA1 (patch-ac) = 16fc33898fc1cb10b3e11ee26e7ea046d1f68032 SHA1 (patch-ad) = 5c834eceaea7cef2ae964bba586c1e90ea4d0684 SHA1 (patch-ae) = 8331a216051cd1bbfbeee7d2b54ab9e51be6f38d -SHA1 (patch-af) = af8bf66d1cc445bdf7affaa119fd4c24e96e53c7 +SHA1 (patch-af) = f24e32ffa74ba14717c8e779a282803734e6fb17 SHA1 (patch-ag) = 387e1f3f96f53a1afe21ab3a419b729125f269fb SHA1 (patch-ah) = 37df772bd4c818eb2dd567169598436467ea4f1c SHA1 (patch-ai) = 33e6c261933028472ce722b086280518cd1ac915 diff --git a/graphics/gdk-pixbuf/patches/patch-af b/graphics/gdk-pixbuf/patches/patch-af index a7b7ec64a99..7769945abb9 100644 --- a/graphics/gdk-pixbuf/patches/patch-af +++ b/graphics/gdk-pixbuf/patches/patch-af @@ -1,4 +1,4 @@ -$NetBSD: patch-af,v 1.1 2005/01/15 00:10:41 cube Exp $ +$NetBSD: patch-af,v 1.2 2011/08/03 10:01:25 drochner Exp $ --- gdk-pixbuf/io-gif.c.orig 2002-12-18 19:49:01.000000000 +0000 +++ gdk-pixbuf/io-gif.c @@ -11,3 +11,14 @@ $NetBSD: patch-af,v 1.1 2005/01/15 00:10:41 cube Exp $ return; /* The frame is completely off-bounds */ +@@ -944,6 +944,10 @@ gif_prepare_lzw (GifContext *context) + return -1; + } + ++ if (context->lzw_set_code_size > MAX_LZW_BITS) { ++ return -1; ++ } ++ + context->lzw_code_size = context->lzw_set_code_size + 1; + context->lzw_clear_code = 1 << context->lzw_set_code_size; + context->lzw_end_code = context->lzw_clear_code + 1; |