summaryrefslogtreecommitdiff
path: root/graphics/imlib2
diff options
context:
space:
mode:
authordrochner <drochner@pkgsrc.org>2006-11-24 12:46:12 +0000
committerdrochner <drochner@pkgsrc.org>2006-11-24 12:46:12 +0000
commitf7d5b705e2d4e50c0833e5caf6ffb88e007e0ea8 (patch)
tree9ad4be9e96aa8ed1c6e263145a18bac7fc99f509 /graphics/imlib2
parent757f3891fe886ae7604e6e97f37722cbccf6c0a7 (diff)
downloadpkgsrc-f7d5b705e2d4e50c0833e5caf6ffb88e007e0ea8.tar.gz
fix some insufficient validation of graphics files, patches from Ubuntu
(CVE-2006-4806, CVE-2006-4807, CVE-2006-4808, CVE-2006-4809) update to 1.3.0 (no changelog available)
Diffstat (limited to 'graphics/imlib2')
-rw-r--r--graphics/imlib2/Makefile5
-rw-r--r--graphics/imlib2/PLIST3
-rw-r--r--graphics/imlib2/distinfo20
-rw-r--r--graphics/imlib2/patches/patch-ba22
-rw-r--r--graphics/imlib2/patches/patch-bb39
-rw-r--r--graphics/imlib2/patches/patch-bc78
-rw-r--r--graphics/imlib2/patches/patch-bd81
-rw-r--r--graphics/imlib2/patches/patch-ca30
-rw-r--r--graphics/imlib2/patches/patch-cb18
-rw-r--r--graphics/imlib2/patches/patch-cc47
-rw-r--r--graphics/imlib2/patches/patch-cd18
-rw-r--r--graphics/imlib2/patches/patch-ce13
-rw-r--r--graphics/imlib2/patches/patch-cf80
-rw-r--r--graphics/imlib2/patches/patch-cg32
14 files changed, 253 insertions, 233 deletions
diff --git a/graphics/imlib2/Makefile b/graphics/imlib2/Makefile
index b638b4b7fa3..4511366f8e9 100644
--- a/graphics/imlib2/Makefile
+++ b/graphics/imlib2/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.40 2006/11/06 11:28:32 joerg Exp $
+# $NetBSD: Makefile,v 1.41 2006/11/24 12:46:12 drochner Exp $
-DISTNAME= imlib2-1.2.0
-PKGREVISION= 5
+DISTNAME= imlib2-1.3.0
CATEGORIES= graphics
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=enlightenment/}
diff --git a/graphics/imlib2/PLIST b/graphics/imlib2/PLIST
index 36258e57469..933e3bd02ff 100644
--- a/graphics/imlib2/PLIST
+++ b/graphics/imlib2/PLIST
@@ -1,8 +1,9 @@
-@comment $NetBSD: PLIST,v 1.7 2005/01/11 13:37:54 adam Exp $
+@comment $NetBSD: PLIST,v 1.8 2006/11/24 12:46:12 drochner Exp $
bin/imlib2-config
bin/imlib2_bumpmap
bin/imlib2_colorspace
bin/imlib2_conv
+bin/imlib2_grab
bin/imlib2_poly
bin/imlib2_show
bin/imlib2_test
diff --git a/graphics/imlib2/distinfo b/graphics/imlib2/distinfo
index 99be75a9d9d..cae45d8da5c 100644
--- a/graphics/imlib2/distinfo
+++ b/graphics/imlib2/distinfo
@@ -1,14 +1,16 @@
-$NetBSD: distinfo,v 1.16 2006/07/19 16:16:23 rillig Exp $
+$NetBSD: distinfo,v 1.17 2006/11/24 12:46:12 drochner Exp $
-SHA1 (imlib2-1.2.0.tar.gz) = 54f8ef83b0eac3f8e7f2218705e02a425fa73118
-RMD160 (imlib2-1.2.0.tar.gz) = 158ed1bd7c59b8d1db2c00db98027d9c5c0abec3
-Size (imlib2-1.2.0.tar.gz) = 890457 bytes
-SHA1 (patch-aa) = 73e23778f6aaee5de213865aa64f9c5a4af6ba24
+SHA1 (imlib2-1.3.0.tar.gz) = ad9c673a94d4e5e610704cefd06855f900151e25
+RMD160 (imlib2-1.3.0.tar.gz) = 272fc0a62699e0f0f690f4cc8418ac5c8e0ee615
+Size (imlib2-1.3.0.tar.gz) = 955862 bytes
SHA1 (patch-ab) = 47f0165c3a4abfc6de1078768104b8e2acd2e9b5
SHA1 (patch-ac) = da65ecd50753c37e267c2fd3de7f1dcef8dab1f1
SHA1 (patch-ad) = adf301fe0179aa1ab05fc54bb7ab706ee97ab7a7
SHA1 (patch-ae) = 6503e4cbc9bbb93f971ab2ae9fd7d50ddee9e0e8
-SHA1 (patch-ba) = 0a3937fc4d017356ba5d33f957426f9befc94730
-SHA1 (patch-bb) = 9df1e76c3023c6f9714906b226293bc3e026baca
-SHA1 (patch-bc) = 29365da268d210b4eb7bb431f815a78bcf22f1e3
-SHA1 (patch-bd) = 2fd3fa738dc36c360868c0b73f1a3fcb3a4a14e4
+SHA1 (patch-ca) = c2150a4c1ad3ccccaf37961e2f301cd7f2ba2044
+SHA1 (patch-cb) = da837b92a1a4cfd139fe2d9ed319d1cd6e0fb703
+SHA1 (patch-cc) = 6a9d1b59e0574d8bb9cc7493a314feb1c90cc57f
+SHA1 (patch-cd) = 398d5ea852ac5ece67dd34d83726422895058a6c
+SHA1 (patch-ce) = 2a6d3fd704885d56b3ed4c2a19d2800f29c7c9a0
+SHA1 (patch-cf) = c6a2bd12ce8d6bf2fafcd2ed7cd6ead734456808
+SHA1 (patch-cg) = 5767ddcffce7c0da93aa942c80f67d14e28788fe
diff --git a/graphics/imlib2/patches/patch-ba b/graphics/imlib2/patches/patch-ba
deleted file mode 100644
index cade992e893..00000000000
--- a/graphics/imlib2/patches/patch-ba
+++ /dev/null
@@ -1,22 +0,0 @@
-$NetBSD: patch-ba,v 1.1 2005/04/11 05:29:15 kim Exp $
-
---- src/modules/filters/Makefile.am.orig 2004-11-01 22:03:49.000000000 -0500
-+++ src/modules/filters/Makefile.am 2005-04-11 01:11:56.000000000 -0400
-@@ -11,11 +11,14 @@
- pkg_LTLIBRARIES = testfilter.la bumpmap.la colormod.la
-
- testfilter_la_SOURCES = filter_test.c
--testfilter_la_LDFLAGS = -module -avoid-version
-+testfilter_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/
-+testfilter_la_LIBADD = -lImlib2
-
- bumpmap_la_SOURCES = filter_bumpmap.c
--bumpmap_la_LDFLAGS = -module -avoid-version
-+bumpmap_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/
-+bumpmap_la_LIBADD = -lImlib2
-
- colormod_la_SOURCES = filter_colormod.c
--colormod_la_LDFLAGS = -module -avoid-version
-+colormod_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/
-+colormod_la_LIBADD = -lImlib2
-
diff --git a/graphics/imlib2/patches/patch-bb b/graphics/imlib2/patches/patch-bb
deleted file mode 100644
index 0f40eca77a0..00000000000
--- a/graphics/imlib2/patches/patch-bb
+++ /dev/null
@@ -1,39 +0,0 @@
-$NetBSD: patch-bb,v 1.1 2005/04/11 05:29:15 kim Exp $
-
---- src/modules/filters/Makefile.in.orig 2005-01-08 02:56:15.000000000 -0500
-+++ src/modules/filters/Makefile.in 2005-04-11 00:55:20.000000000 -0400
-@@ -104,13 +104,16 @@
- pkg_LTLIBRARIES = testfilter.la bumpmap.la colormod.la
-
- testfilter_la_SOURCES = filter_test.c
--testfilter_la_LDFLAGS = -module -avoid-version
-+testfilter_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/
-+testfilter_la_LIBADD = -lImlib2
-
- bumpmap_la_SOURCES = filter_bumpmap.c
--bumpmap_la_LDFLAGS = -module -avoid-version
-+bumpmap_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/
-+bumpmap_la_LIBADD = -lImlib2
-
- colormod_la_SOURCES = filter_colormod.c
--colormod_la_LDFLAGS = -module -avoid-version
-+colormod_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/
-+colormod_la_LIBADD = -lImlib2
- mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
- CONFIG_HEADER = ../../../config.h
- CONFIG_CLEAN_FILES =
-@@ -121,11 +124,11 @@
- CPPFLAGS = @CPPFLAGS@
- LDFLAGS = @LDFLAGS@
- LIBS = @LIBS@
--testfilter_la_LIBADD =
-+testfilter_la_DEPENDENCIES =
- testfilter_la_OBJECTS = filter_test.lo
--bumpmap_la_LIBADD =
-+bumpmap_la_DEPENDENCIES =
- bumpmap_la_OBJECTS = filter_bumpmap.lo
--colormod_la_LIBADD =
-+colormod_la_DEPENDENCIES =
- colormod_la_OBJECTS = filter_colormod.lo
- CFLAGS = @CFLAGS@
- COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
diff --git a/graphics/imlib2/patches/patch-bc b/graphics/imlib2/patches/patch-bc
deleted file mode 100644
index 1d976ad77c4..00000000000
--- a/graphics/imlib2/patches/patch-bc
+++ /dev/null
@@ -1,78 +0,0 @@
-$NetBSD: patch-bc,v 1.1 2005/04/11 05:29:15 kim Exp $
-
---- src/modules/loaders/Makefile.am.orig 2004-11-01 22:04:05.000000000 -0500
-+++ src/modules/loaders/Makefile.am 2005-04-11 01:11:56.000000000 -0400
-@@ -43,49 +43,49 @@
- lbm.la
-
- jpeg_la_SOURCES = loader_jpeg.c
--jpeg_la_LDFLAGS = -module -avoid-version
--jpeg_la_LIBADD = @JPEGLIBS@
-+jpeg_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/
-+jpeg_la_LIBADD = @JPEGLIBS@ -lImlib2
-
- png_la_SOURCES = loader_png.c
--png_la_LDFLAGS = -module -avoid-version
--png_la_LIBADD = @PNGLIBS@
-+png_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/
-+png_la_LIBADD = @PNGLIBS@ -lImlib2
-
- tiff_la_SOURCES = loader_tiff.c
--tiff_la_LDFLAGS = -module -avoid-version
--tiff_la_LIBADD = @TIFFLIBS@
-+tiff_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/
-+tiff_la_LIBADD = @TIFFLIBS@ -lImlib2
-
- gif_la_SOURCES = loader_gif.c
--gif_la_LDFLAGS = -module -avoid-version
--gif_la_LIBADD = @GIFLIBS@
-+gif_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/
-+gif_la_LIBADD = @GIFLIBS@ -lImlib2
-
- zlib_la_SOURCES = loader_zlib.c
--zlib_la_LDFLAGS = -module -avoid-version
--zlib_la_LIBADD = @ZLIBLIBS@
-+zlib_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/
-+zlib_la_LIBADD = @ZLIBLIBS@ -lImlib2
-
- bz2_la_SOURCES = loader_bz2.c
--bz2_la_LDFLAGS = -module -avoid-version
--bz2_la_LIBADD = @BZ2LIBS@
-+bz2_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/
-+bz2_la_LIBADD = @BZ2LIBS@ -lImlib2
-
- pnm_la_SOURCES = loader_pnm.c
--pnm_la_LDFLAGS = -module -avoid-version
--pnm_la_LIBADD =
-+pnm_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/
-+pnm_la_LIBADD = -lImlib2
-
- argb_la_SOURCES = loader_argb.c
--argb_la_LDFLAGS = -module -avoid-version
--argb_la_LIBADD =
-+argb_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/
-+argb_la_LIBADD = -lImlib2
-
- bmp_la_SOURCES = loader_bmp.c
--bmp_la_LDFLAGS = -module -avoid-version
--bmp_la_LIBADD =
-+bmp_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/
-+bmp_la_LIBADD = -lImlib2
-
- xpm_la_SOURCES = loader_xpm.c
--xpm_la_LDFLAGS = -module -avoid-version
--xpm_la_LIBADD =
-+xpm_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/
-+xpm_la_LIBADD = -lImlib2
-
- tga_la_SOURCES = loader_tga.c
--tga_la_LDFLAGS = -module -avoid-version
--tga_la_LIBADD =
-+tga_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/
-+tga_la_LIBADD = -lImlib2
-
- lbm_la_SOURCES = loader_lbm.c
--lbm_la_LDFLAGS = -module -avoid-version
--lbm_la_LIBADD =
-+lbm_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/
-+lbm_la_LIBADD = -lImlib2
diff --git a/graphics/imlib2/patches/patch-bd b/graphics/imlib2/patches/patch-bd
deleted file mode 100644
index fe4b9f43c93..00000000000
--- a/graphics/imlib2/patches/patch-bd
+++ /dev/null
@@ -1,81 +0,0 @@
-$NetBSD: patch-bd,v 1.1 2005/04/11 05:29:15 kim Exp $
-
---- src/modules/loaders/Makefile.in.orig 2005-01-08 02:56:15.000000000 -0500
-+++ src/modules/loaders/Makefile.in 2005-04-11 01:19:24.000000000 -0400
-@@ -113,52 +113,52 @@
-
-
- jpeg_la_SOURCES = loader_jpeg.c
--jpeg_la_LDFLAGS = -module -avoid-version
--jpeg_la_LIBADD = @JPEGLIBS@
-+jpeg_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/
-+jpeg_la_LIBADD = @JPEGLIBS@ -lImlib2
-
- png_la_SOURCES = loader_png.c
--png_la_LDFLAGS = -module -avoid-version
--png_la_LIBADD = @PNGLIBS@
-+png_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/
-+png_la_LIBADD = @PNGLIBS@ -lImlib2
-
- tiff_la_SOURCES = loader_tiff.c
--tiff_la_LDFLAGS = -module -avoid-version
--tiff_la_LIBADD = @TIFFLIBS@
-+tiff_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/
-+tiff_la_LIBADD = @TIFFLIBS@ -lImlib2
-
- gif_la_SOURCES = loader_gif.c
--gif_la_LDFLAGS = -module -avoid-version
--gif_la_LIBADD = @GIFLIBS@
-+gif_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/
-+gif_la_LIBADD = @GIFLIBS@ -lImlib2
-
- zlib_la_SOURCES = loader_zlib.c
--zlib_la_LDFLAGS = -module -avoid-version
--zlib_la_LIBADD = @ZLIBLIBS@
-+zlib_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/
-+zlib_la_LIBADD = @ZLIBLIBS@ -lImlib2
-
- bz2_la_SOURCES = loader_bz2.c
--bz2_la_LDFLAGS = -module -avoid-version
--bz2_la_LIBADD = @BZ2LIBS@
-+bz2_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/
-+bz2_la_LIBADD = @BZ2LIBS@ -lImlib2
-
- pnm_la_SOURCES = loader_pnm.c
--pnm_la_LDFLAGS = -module -avoid-version
--pnm_la_LIBADD =
-+pnm_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/
-+pnm_la_LIBADD = -lImlib2
-
- argb_la_SOURCES = loader_argb.c
--argb_la_LDFLAGS = -module -avoid-version
--argb_la_LIBADD =
-+argb_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/
-+argb_la_LIBADD = -lImlib2
-
- bmp_la_SOURCES = loader_bmp.c
--bmp_la_LDFLAGS = -module -avoid-version
--bmp_la_LIBADD =
-+bmp_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/
-+bmp_la_LIBADD = -lImlib2
-
- xpm_la_SOURCES = loader_xpm.c
--xpm_la_LDFLAGS = -module -avoid-version
--xpm_la_LIBADD =
-+xpm_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/
-+xpm_la_LIBADD = -lImlib2
-
- tga_la_SOURCES = loader_tga.c
--tga_la_LDFLAGS = -module -avoid-version
--tga_la_LIBADD =
-+tga_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/
-+tga_la_LIBADD = -lImlib2
-
- lbm_la_SOURCES = loader_lbm.c
--lbm_la_LDFLAGS = -module -avoid-version
--lbm_la_LIBADD =
-+lbm_la_LDFLAGS = -module -avoid-version -L$(top_builddir)/src/lib/
-+lbm_la_LIBADD = -lImlib2
- mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
- CONFIG_HEADER = ../../../config.h
- CONFIG_CLEAN_FILES =
diff --git a/graphics/imlib2/patches/patch-ca b/graphics/imlib2/patches/patch-ca
new file mode 100644
index 00000000000..b487d29517b
--- /dev/null
+++ b/graphics/imlib2/patches/patch-ca
@@ -0,0 +1,30 @@
+$NetBSD: patch-ca,v 1.1 2006/11/24 12:46:12 drochner Exp $
+
+--- src/modules/loaders/loader_argb.c.orig 2006-09-05 02:37:07.000000000 +0200
++++ src/modules/loaders/loader_argb.c
+@@ -23,7 +23,7 @@ char
+ load(ImlibImage * im, ImlibProgressFunction progress,
+ char progress_granularity, char immediate_load)
+ {
+- int w, h, alpha;
++ int w=0, h=0, alpha=0;
+ FILE *f;
+
+ if (im->data)
+@@ -36,13 +36,15 @@ load(ImlibImage * im, ImlibProgressFunct
+ {
+ char buf[256], buf2[256];
+
++ memset(buf, 0, sizeof(buf));
++ memset(buf2, 0, sizeof(buf));
+ if (!fgets(buf, 255, f))
+ {
+ fclose(f);
+ return 0;
+ }
+ sscanf(buf, "%s %i %i %i", buf2, &w, &h, &alpha);
+- if (strcmp(buf2, "ARGB"))
++ if (strcmp(buf2, "ARGB") || w < 1 || h < 1 || w > 16383 || h > 16383)
+ {
+ fclose(f);
+ return 0;
diff --git a/graphics/imlib2/patches/patch-cb b/graphics/imlib2/patches/patch-cb
new file mode 100644
index 00000000000..f550835fc03
--- /dev/null
+++ b/graphics/imlib2/patches/patch-cb
@@ -0,0 +1,18 @@
+$NetBSD: patch-cb,v 1.1 2006/11/24 12:46:12 drochner Exp $
+
+--- src/modules/loaders/loader_jpeg.c.orig 2006-09-05 02:37:07.000000000 +0200
++++ src/modules/loaders/loader_jpeg.c
+@@ -95,6 +95,13 @@ load(ImlibImage * im, ImlibProgressFunct
+ UNSET_FLAG(im->flags, F_HAS_ALPHA);
+ im->format = strdup("jpeg");
+ }
++ if (w < 1 || h < 1 || w > 16383 || h > 16383)
++ {
++ im->w = im->h = 0;
++ jpeg_destroy_decompress(&cinfo);
++ fclose(f);
++ return 0;
++ }
+ if (((!im->data) && (im->loader)) || (immediate_load) || (progress))
+ {
+ DATA8 *ptr, *line[16], *data;
diff --git a/graphics/imlib2/patches/patch-cc b/graphics/imlib2/patches/patch-cc
new file mode 100644
index 00000000000..922246d0e34
--- /dev/null
+++ b/graphics/imlib2/patches/patch-cc
@@ -0,0 +1,47 @@
+$NetBSD: patch-cc,v 1.1 2006/11/24 12:46:12 drochner Exp $
+
+--- src/modules/loaders/loader_lbm.c.orig 2006-09-06 13:34:49.000000000 +0200
++++ src/modules/loaders/loader_lbm.c
+@@ -421,7 +421,7 @@ ILBM ilbm;
+
+ im->w = L2RWORD(ilbm.bmhd.data);
+ im->h = L2RWORD(ilbm.bmhd.data + 2);
+- if (im->w <= 0 || im->h <= 0) ok = 0;
++ if (im->w <= 0 || im->h <= 0 || im->w > 16383 || im->h > 16383) ok = 0;
+
+ ilbm.depth = ilbm.bmhd.data[8];
+ if (ilbm.depth < 1 || (ilbm.depth > 8 && ilbm.depth != 24 && ilbm.depth != 32)) ok = 0; /* Only 1 to 8, 24, or 32 planes. */
+@@ -453,6 +453,7 @@ ILBM ilbm;
+ }
+ }
+ if (!full || !ok) {
++ im->w = im->h = 0;
+ freeilbm(&ilbm);
+ return ok;
+ }
+@@ -467,12 +468,13 @@ ILBM ilbm;
+ cancel = 0;
+ plane[0] = NULL;
+
++ n = ilbm.depth;
++ if (ilbm.mask == 1) n++;
++
+ im->data = malloc(im->w * im->h * sizeof(DATA32));
+- if (im->data) {
+- n = ilbm.depth;
+- if (ilbm.mask == 1) n++;
++ plane[0] = malloc(((im->w + 15) / 16) * 2 * n);
++ if (im->data && plane[0]) {
+
+- plane[0] = malloc(((im->w + 15) / 16) * 2 * n);
+ for (i = 1; i < n; i++) plane[i] = plane[i - 1] + ((im->w + 15) / 16) * 2;
+
+ z = ((im->w + 15) / 16) * 2 * n;
+@@ -511,6 +513,7 @@ ILBM ilbm;
+ * the memory for im->data.
+ *----------*/
+ if (!ok) {
++ im->w = im->h = 0;
+ if (im->data) free(im->data);
+ im->data = NULL;
+ }
diff --git a/graphics/imlib2/patches/patch-cd b/graphics/imlib2/patches/patch-cd
new file mode 100644
index 00000000000..5ce10df7dba
--- /dev/null
+++ b/graphics/imlib2/patches/patch-cd
@@ -0,0 +1,18 @@
+$NetBSD: patch-cd,v 1.1 2006/11/24 12:46:12 drochner Exp $
+
+--- src/modules/loaders/loader_png.c.orig 2006-09-05 02:37:07.000000000 +0200
++++ src/modules/loaders/loader_png.c
+@@ -83,6 +83,13 @@ load(ImlibImage * im, ImlibProgressFunct
+ png_get_IHDR(png_ptr, info_ptr, (png_uint_32 *) (&w32),
+ (png_uint_32 *) (&h32), &bit_depth, &color_type,
+ &interlace_type, NULL, NULL);
++ if (w32 < 1 || h32 < 1 || w32 > 16383 || h32 > 16383)
++ {
++ png_read_end(png_ptr, info_ptr);
++ png_destroy_read_struct(&png_ptr, &info_ptr, (png_infopp) NULL);
++ fclose(f);
++ return 0;
++ }
+ im->w = (int)w32;
+ im->h = (int)h32;
+ if (color_type == PNG_COLOR_TYPE_PALETTE)
diff --git a/graphics/imlib2/patches/patch-ce b/graphics/imlib2/patches/patch-ce
new file mode 100644
index 00000000000..f9e9e6ba251
--- /dev/null
+++ b/graphics/imlib2/patches/patch-ce
@@ -0,0 +1,13 @@
+$NetBSD: patch-ce,v 1.1 2006/11/24 12:46:12 drochner Exp $
+
+--- src/modules/loaders/loader_pnm.c.orig 2006-09-05 02:37:07.000000000 +0200
++++ src/modules/loaders/loader_pnm.c
+@@ -80,7 +80,7 @@ load(ImlibImage * im, ImlibProgressFunct
+ int i = 0;
+
+ /* read numbers */
+- while (c != EOF && !isspace(c))
++ while (c != EOF && i+1 < sizeof(buf) && !isspace(c))
+ {
+ buf[i++] = c;
+ c = fgetc(f);
diff --git a/graphics/imlib2/patches/patch-cf b/graphics/imlib2/patches/patch-cf
new file mode 100644
index 00000000000..bd6e1fe8219
--- /dev/null
+++ b/graphics/imlib2/patches/patch-cf
@@ -0,0 +1,80 @@
+$NetBSD: patch-cf,v 1.1 2006/11/24 12:46:12 drochner Exp $
+
+--- src/modules/loaders/loader_tga.c.orig 2006-09-06 13:34:49.000000000 +0200
++++ src/modules/loaders/loader_tga.c
+@@ -319,6 +319,7 @@ load(ImlibImage * im, ImlibProgressFunct
+ {
+ unsigned long datasize;
+ unsigned char *bufptr;
++ unsigned char *bufend;
+ DATA32 *dataptr;
+
+ int y;
+@@ -347,6 +348,9 @@ load(ImlibImage * im, ImlibProgressFunct
+ /* bufptr is the next byte to be read from the buffer */
+ bufptr = filedata;
+
++ /* bufend is one past the last byte to be read from the buffer */
++ bufend = filedata + datasize;
++
+ /* dataptr is the next 32-bit pixel to be filled in */
+ dataptr = im->data;
+
+@@ -364,7 +368,9 @@ load(ImlibImage * im, ImlibProgressFunct
+ else
+ dataptr = im->data + (y * im->w);
+
+- for (x = 0; x < im->w; x++) /* for each pixel in the row */
++ for (x = 0;
++ x < im->w && bufptr+bpp/8 < bufend;
++ x++) /* for each pixel in the row */
+ {
+ switch (bpp)
+ {
+@@ -418,8 +424,8 @@ load(ImlibImage * im, ImlibProgressFunct
+ unsigned char curbyte, red, green, blue, alpha;
+ DATA32 *final_pixel = dataptr + im->w * im->h;
+
+- /* loop until we've got all the pixels */
+- while (dataptr < final_pixel)
++ /* loop until we've got all the pixels or run out of input */
++ while (dataptr < final_pixel && bufptr+1+bpp/8 < bufend)
+ {
+ int count;
+
+@@ -437,7 +443,7 @@ load(ImlibImage * im, ImlibProgressFunct
+ green = *bufptr++;
+ red = *bufptr++;
+ alpha = *bufptr++;
+- for (i = 0; i < count; i++)
++ for (i = 0; i < count && dataptr < final_pixel; i++)
+ {
+ WRITE_RGBA(dataptr, red, green, blue, alpha);
+ dataptr++;
+@@ -448,7 +454,7 @@ load(ImlibImage * im, ImlibProgressFunct
+ blue = *bufptr++;
+ green = *bufptr++;
+ red = *bufptr++;
+- for (i = 0; i < count; i++)
++ for (i = 0; i < count && dataptr < final_pixel; i++)
+ {
+ WRITE_RGBA(dataptr, red, green, blue,
+ (char)0xff);
+@@ -458,7 +464,7 @@ load(ImlibImage * im, ImlibProgressFunct
+
+ case 8:
+ alpha = *bufptr++;
+- for (i = 0; i < count; i++)
++ for (i = 0; i < count && dataptr < final_pixel; i++)
+ {
+ WRITE_RGBA(dataptr, alpha, alpha, alpha,
+ (char)0xff);
+@@ -473,7 +479,7 @@ load(ImlibImage * im, ImlibProgressFunct
+ {
+ int i;
+
+- for (i = 0; i < count; i++)
++ for (i = 0; i < count && dataptr < final_pixel; i++)
+ {
+ switch (bpp)
+ {
diff --git a/graphics/imlib2/patches/patch-cg b/graphics/imlib2/patches/patch-cg
new file mode 100644
index 00000000000..549be9b13d9
--- /dev/null
+++ b/graphics/imlib2/patches/patch-cg
@@ -0,0 +1,32 @@
+$NetBSD: patch-cg,v 1.1 2006/11/24 12:46:12 drochner Exp $
+
+--- src/modules/loaders/loader_tiff.c.orig 2006-09-05 02:37:07.000000000 +0200
++++ src/modules/loaders/loader_tiff.c
+@@ -75,7 +75,7 @@ static void
+ raster(TIFFRGBAImage_Extra * img, uint32 * rast,
+ uint32 x, uint32 y, uint32 w, uint32 h)
+ {
+- uint32 image_width, image_height;
++ int image_width, image_height;
+ uint32 *pixel, pixel_value;
+ int i, j, dy, rast_offset;
+ DATA32 *buffer_pixel, *buffer = img->image->data;
+@@ -202,8 +202,16 @@ load(ImlibImage * im, ImlibProgressFunct
+ }
+
+ rgba_image.image = im;
+- im->w = width = rgba_image.rgba.width;
+- im->h = height = rgba_image.rgba.height;
++ width = rgba_image.rgba.width;
++ height = rgba_image.rgba.height;
++ if (width < 1 || height < 1 || width >= 16384 || height >= 16384)
++ {
++ TIFFRGBAImageEnd((TIFFRGBAImage *) & rgba_image);
++ TIFFClose(tif);
++ return 0;
++ }
++ im->w = width;
++ im->h = height;
+ rgba_image.num_pixels = num_pixels = width * height;
+ if (rgba_image.rgba.alpha != EXTRASAMPLE_UNSPECIFIED)
+ SET_FLAG(im->flags, F_HAS_ALPHA);