diff options
author | wiz <wiz@pkgsrc.org> | 2012-08-20 12:54:01 +0000 |
---|---|---|
committer | wiz <wiz@pkgsrc.org> | 2012-08-20 12:54:01 +0000 |
commit | 90e75453ec43d9f72e07f06dd9c349e577883ee1 (patch) | |
tree | 0123f99f4b09bb941f78073a02c15a10cbd07370 /graphics/gimp | |
parent | fbd3491051bfbbc3e6bddf2464f28e620f50e8d1 (diff) | |
download | pkgsrc-90e75453ec43d9f72e07f06dd9c349e577883ee1.tar.gz |
Fix CVE-2012-3481 using Nils Philippsen's patch.
Bump PKGREVISION.
Diffstat (limited to 'graphics/gimp')
-rw-r--r-- | graphics/gimp/Makefile | 4 | ||||
-rw-r--r-- | graphics/gimp/distinfo | 3 | ||||
-rw-r--r-- | graphics/gimp/patches/patch-plug-ins_common_file-gif-load.c | 39 |
3 files changed, 43 insertions, 3 deletions
diff --git a/graphics/gimp/Makefile b/graphics/gimp/Makefile index ee850c7f000..a1af62827dd 100644 --- a/graphics/gimp/Makefile +++ b/graphics/gimp/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.217 2012/08/14 08:46:57 wiz Exp $ +# $NetBSD: Makefile,v 1.218 2012/08/20 12:54:01 wiz Exp $ DISTNAME= gimp-2.8.0 -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES= graphics MASTER_SITES= ftp://ftp.gimp.org/pub/gimp/v${PKGVERSION_NOREV:R}/ \ ${MASTER_SITE_GNU:=gimp/v${PKGVERSION_NOREV:R}/} \ diff --git a/graphics/gimp/distinfo b/graphics/gimp/distinfo index 1b28d919fe8..a363ba9f649 100644 --- a/graphics/gimp/distinfo +++ b/graphics/gimp/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.67 2012/05/07 08:40:08 adam Exp $ +$NetBSD: distinfo,v 1.68 2012/08/20 12:54:01 wiz Exp $ SHA1 (gimp-2.8.0.tar.bz2) = 3b20d3dd10d971acbbc9345eb5cb93378c398ebc RMD160 (gimp-2.8.0.tar.bz2) = aeff9275461d0171e22b2281aae28ca4fb4bc63f @@ -10,4 +10,5 @@ SHA1 (patch-app_Makefile.in) = efbd9e592cdbc154e5a6402279c7d54f3946c65c SHA1 (patch-app_base_base-utils.c) = 18dfa09c1d63530ff79cd4c3515d9f1077182d64 SHA1 (patch-app_config_Makefile.in) = a2fcebd994831fbe0f911efb84c1fecdf2e59198 SHA1 (patch-devel-docs_app_Makefile.in) = 1eb97f779d5151b9e89b4ae47afb44d1bb3b6a48 +SHA1 (patch-plug-ins_common_file-gif-load.c) = 44a83ad0e2ddc7d4601ee96b0c524121a1b29bf8 SHA1 (patch-plug-ins_script-fu_script-fu-server.c) = 4932d82711c8010cf7b1ff5bfb12031946273c2b diff --git a/graphics/gimp/patches/patch-plug-ins_common_file-gif-load.c b/graphics/gimp/patches/patch-plug-ins_common_file-gif-load.c new file mode 100644 index 00000000000..1fd1c5f358b --- /dev/null +++ b/graphics/gimp/patches/patch-plug-ins_common_file-gif-load.c @@ -0,0 +1,39 @@ +$NetBSD: patch-plug-ins_common_file-gif-load.c,v 1.1 2012/08/20 12:54:01 wiz Exp $ + +From: Jan Lieskovsky <jlieskov@redhat.com> +Date: Tue, 14 Aug 2012 12:18:22 +0200 +Subject: [PATCH 1/2] file-gif-load: limit len and height (CVE-2012-3481) + +Ensure values of len and height can't overflow g_malloc() argument type. +(cherry picked from commit d95c2f0bcb6775bdee2bef35b7d84f6dfd490783) + +From: Nils Philippsen <nils@redhat.com> +Date: Tue, 14 Aug 2012 15:27:39 +0200 +Subject: [PATCH 2/2] file-gif-load: fix type overflow (CVE-2012-3481) + +Cast variables properly to avoid overflowing when computing how much +memory to allocate. +(cherry picked from commit 43fc9dbd8e2196944c8a71321e525b89b7df9f5c) + +--- plug-ins/common/file-gif-load.c.orig 2012-03-12 19:18:10.000000000 +0000 ++++ plug-ins/common/file-gif-load.c +@@ -1057,10 +1057,17 @@ ReadImage (FILE *fd, + cur_progress = 0; + max_progress = height; + ++ if (len > (G_MAXSIZE / height / (alpha_frame ? (promote_to_rgb ? 4 : 2) : 1))) ++ { ++ g_message ("'%s' has a larger image size than GIMP can handle.", ++ gimp_filename_to_utf8 (filename)); ++ return -1; ++ } ++ + if (alpha_frame) +- dest = (guchar *) g_malloc (len * height * (promote_to_rgb ? 4 : 2)); ++ dest = (guchar *) g_malloc ((gsize)len * (gsize)height * (promote_to_rgb ? 4 : 2)); + else +- dest = (guchar *) g_malloc (len * height); ++ dest = (guchar *) g_malloc ((gsize)len * (gsize)height); + + #ifdef GIFDEBUG + g_print ("GIF: reading %d by %d%s GIF image, ncols=%d\n", |