diff options
| author | drochner <drochner@pkgsrc.org> | 2009-11-13 17:29:50 +0000 |
|---|---|---|
| committer | drochner <drochner@pkgsrc.org> | 2009-11-13 17:29:50 +0000 |
| commit | b62e0c5f94b4d750730faf8bf228ba810cf02c0f (patch) | |
| tree | dece3cb9bc29d5add0a1902c9ea9a9f649ca262d /graphics | |
| parent | 1b3e03280750a202711bb80f3b91724be7456c0a (diff) | |
| download | pkgsrc-b62e0c5f94b4d750730faf8bf228ba810cf02c0f.tar.gz | |
add patch from upstream CVS to fix possible integer overflow in BMP plugin
(CVE-2009-1570)
bump PKGREVISION
Diffstat (limited to 'graphics')
| -rw-r--r-- | graphics/gimp/Makefile | 4 | ||||
| -rw-r--r-- | graphics/gimp/distinfo | 3 | ||||
| -rw-r--r-- | graphics/gimp/patches/patch-ad | 33 |
3 files changed, 37 insertions, 3 deletions
diff --git a/graphics/gimp/Makefile b/graphics/gimp/Makefile index 24a00bb4a71..1eb52a3a79e 100644 --- a/graphics/gimp/Makefile +++ b/graphics/gimp/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.186 2009/09/09 17:22:53 drochner Exp $ +# $NetBSD: Makefile,v 1.187 2009/11/13 17:29:50 drochner Exp $ DISTNAME= gimp-2.6.7 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= graphics MASTER_SITES= ftp://ftp.gimp.org/pub/gimp/v2.6/ \ ${MASTER_SITE_GNU:=gimp/v2.6/} \ diff --git a/graphics/gimp/distinfo b/graphics/gimp/distinfo index 215a198e83c..7b8ae922e14 100644 --- a/graphics/gimp/distinfo +++ b/graphics/gimp/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.49 2009/08/21 19:41:56 adam Exp $ +$NetBSD: distinfo,v 1.50 2009/11/13 17:29:50 drochner Exp $ SHA1 (gimp-2.6.7.tar.bz2) = 0661d162fecfd907e183ce42853dd5b9d3cb4c51 RMD160 (gimp-2.6.7.tar.bz2) = c576674ba6547e4d31c34d6bb82c4d416addbaf1 @@ -6,3 +6,4 @@ Size (gimp-2.6.7.tar.bz2) = 16341756 bytes SHA1 (patch-aa) = 52d9b1995e47b3ae34510fef074c7000f2527adb SHA1 (patch-ab) = 4f5ba210bc69db55f79b67f0238aafc13992c050 SHA1 (patch-ac) = b1f4b802eebbb2d2145e0e282e65d48a0409a6b8 +SHA1 (patch-ad) = 7b4111b98e3db75ed17acdb31bdfeded1fb78149 diff --git a/graphics/gimp/patches/patch-ad b/graphics/gimp/patches/patch-ad new file mode 100644 index 00000000000..e3783a601ec --- /dev/null +++ b/graphics/gimp/patches/patch-ad @@ -0,0 +1,33 @@ +$NetBSD: patch-ad,v 1.6 2009/11/13 17:29:51 drochner Exp $ + +--- plug-ins/file-bmp/bmp-read.c.orig 2009-08-03 22:17:25.000000000 +0200 ++++ plug-ins/file-bmp/bmp-read.c +@@ -424,7 +424,8 @@ ReadBMP (const gchar *name, + return -1; + } + +- if (Bitmap_Head.biWidth < 0) ++ if (Bitmap_Head.biWidth < 0 || ++ ABS (Bitmap_Head.biHeight) < 0) + { + g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, + _("'%s' is not a valid BMP file"), +@@ -448,6 +449,18 @@ ReadBMP (const gchar *name, + return -1; + } + ++ /* protect against integer overflows caused by malicious BMPs */ ++ ++ if (((guint64) Bitmap_Head.biWidth) * Bitmap_Head.biBitCnt > G_MAXINT32 || ++ ((guint64) Bitmap_Head.biWidth) * ABS (Bitmap_Head.biHeight) > G_MAXINT32 || ++ ((guint64) Bitmap_Head.biWidth) * ABS (Bitmap_Head.biHeight) * 4 > G_MAXINT32) ++ { ++ g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, ++ _("'%s' is not a valid BMP file"), ++ gimp_filename_to_utf8 (filename)); ++ return -1; ++ } ++ + /* Windows and OS/2 declare filler so that rows are a multiple of + * word length (32 bits == 4 bytes) + */ |