diff options
| author | lkundrak <lkundrak@pkgsrc.org> | 2007-07-04 13:34:35 +0000 |
|---|---|---|
| committer | lkundrak <lkundrak@pkgsrc.org> | 2007-07-04 13:34:35 +0000 |
| commit | 5c76abf752266e6ba1d0237e59f26694f210803e (patch) | |
| tree | 3fc8fb7e5d0d9a2fc8f8dd1fecf52e2720eef33a /graphics/gimp | |
| parent | d1c58ef763fe5c47a53f356b54a58031c3a12b42 (diff) | |
| download | pkgsrc-5c76abf752266e6ba1d0237e59f26694f210803e.tar.gz | |
Fix for CVE-2007-2949 heap overflow. Bump PKGREVISION.
Diffstat (limited to 'graphics/gimp')
| -rw-r--r-- | graphics/gimp/Makefile | 4 | ||||
| -rw-r--r-- | graphics/gimp/distinfo | 3 | ||||
| -rw-r--r-- | graphics/gimp/patches/patch-ae | 19 |
3 files changed, 23 insertions, 3 deletions
diff --git a/graphics/gimp/Makefile b/graphics/gimp/Makefile index 72dc10c3ca8..13299e599e7 100644 --- a/graphics/gimp/Makefile +++ b/graphics/gimp/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.156 2007/06/05 05:37:07 wiz Exp $ +# $NetBSD: Makefile,v 1.157 2007/07/04 13:34:35 lkundrak Exp $ DISTNAME= gimp-2.2.15 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= graphics MASTER_SITES= ftp://ftp.gimp.org/pub/gimp/v2.2/ \ ftp://ftp.cs.umn.edu/pub/gimp/v2.2/ \ diff --git a/graphics/gimp/distinfo b/graphics/gimp/distinfo index de72821b755..f5f4d9e626c 100644 --- a/graphics/gimp/distinfo +++ b/graphics/gimp/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.34 2007/05/28 12:20:42 adam Exp $ +$NetBSD: distinfo,v 1.35 2007/07/04 13:34:35 lkundrak Exp $ SHA1 (gimp-2.2.15.tar.bz2) = ce2357139179e67f361e3ce1b1fb82d1dd5c08e4 RMD160 (gimp-2.2.15.tar.bz2) = 322b5c07de9e6cc9b206d944278d58d8d6cd1e2f @@ -6,3 +6,4 @@ Size (gimp-2.2.15.tar.bz2) = 13097438 bytes SHA1 (patch-aa) = 6a25d14a018e02d353e6f10364384e9df7a30ebd SHA1 (patch-ab) = 461467b76c45e53042da8e3aee4bb9f556730792 SHA1 (patch-ad) = 632c34e0fbeda69139b2b674d9c5ef80db40dcca +SHA1 (patch-ae) = 079b081e8eb0c19d18060d9c21ea9d12df9c5cc4 diff --git a/graphics/gimp/patches/patch-ae b/graphics/gimp/patches/patch-ae new file mode 100644 index 00000000000..458b53e9e0c --- /dev/null +++ b/graphics/gimp/patches/patch-ae @@ -0,0 +1,19 @@ +$NetBSD: patch-ae,v 1.7 2007/07/04 13:34:35 lkundrak Exp $ + +Fix for CVE-2007-2949 heap overflow from upstream. + +--- plug-ins/common/psd.c.orig 2007-07-04 15:11:22.000000000 +0200 ++++ plug-ins/common/psd.c +@@ -1202,6 +1202,12 @@ seek_to_and_unpack_pixeldata(FILE* fd, g + width = channel->width; + height = channel->height; + ++ if (width > G_MAXINT16 || height > G_MAXINT16) ++ { ++ g_message ("Error: Invalid channel dimensions"); ++ gimp_quit (); ++ } ++ + IFDBG + { + printf("\t\t\tLayer (%d) Channel (%d:%d) Compression: %d (%s)\n", |