diff options
| author | salo <salo> | 2004-12-13 18:03:27 +0000 |
|---|---|---|
| committer | salo <salo> | 2004-12-13 18:03:27 +0000 |
| commit | 115199681a8fc6c9a0f481b8c6356ca2f16f9497 (patch) | |
| tree | 846a08b7ba5f2ad5abc5ca1bd8830c7b5f88e8df /graphics/imlib/patches/patch-an | |
| parent | 87059dd0b93db92c2083f3806bfefc73817a5ea0 (diff) | |
| download | pkgsrc-115199681a8fc6c9a0f481b8c6356ca2f16f9497.tar.gz | |
Pullup ticket 171 - requested by Havard Eidnes
security fix for imlib
Module Name: pkgsrc
Committed By: tron
Date: Sat Nov 27 08:09:38 UTC 2004
Modified Files:
pkgsrc/graphics/imlib: Makefile
Log Message:
Remove me as maintainer of this package.
---
Module Name: pkgsrc
Committed By: adam
Date: Fri Dec 3 13:42:47 UTC 2004
Modified Files:
pkgsrc/graphics/imlib: Makefile distinfo
pkgsrc/graphics/imlib/patches: patch-ag patch-ah
Log Message:
Changes 1.9.15:
* Minor bug fixes
---
Module Name: pkgsrc
Committed By: salo
Date: Fri Dec 10 09:30:42 UTC 2004
Modified Files:
pkgsrc/graphics/imlib: Makefile buildlink3.mk distinfo
pkgsrc/graphics/imlib/patches: patch-ab patch-ai
Added Files:
pkgsrc/graphics/imlib/patches: patch-aj patch-ak patch-al
patch-am patch-an patch-ao
Log Message:
Bump PKGREVISION, security fix:
"Multiple buffer overflows in imlib 1.9.14 and earlier, which is
used by gkrellm and several window managers, allow remote attackers
to execute arbitrary code via certain image files." (1.9.15 is also
affected)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1026
Patch from Pavel Kankovsky.
Diffstat (limited to 'graphics/imlib/patches/patch-an')
| -rw-r--r-- | graphics/imlib/patches/patch-an | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/graphics/imlib/patches/patch-an b/graphics/imlib/patches/patch-an new file mode 100644 index 00000000000..7c056e8a577 --- /dev/null +++ b/graphics/imlib/patches/patch-an @@ -0,0 +1,23 @@ +$NetBSD: patch-an,v 1.1.2.2 2004/12/13 18:03:27 salo Exp $ + +--- gdk_imlib/misc.c.orig 2002-03-04 18:06:32.000000000 +0100 ++++ gdk_imlib/misc.c 2004-12-10 10:15:22.000000000 +0100 +@@ -1355,11 +1355,16 @@ + + /* + * Make sure we don't wrap on our memory allocations ++ * we check G_MAX_INT/4 because rend.c malloc's w * h * bpp ++ * + 3 is safety margin + */ + + void *_gdk_malloc_image(unsigned int w, unsigned int h) + { +- if( w > 32767 || h > 32767) ++ if (w <= 0 || w > 32767 || ++ h <= 0 || h > 32767 || ++ h >= (G_MAXINT/4 - 1) / w) + return NULL; +- return malloc(w * h * 3); ++ return malloc(w * h * 3 + 3); + } ++ |