diff options
| author | drochner <drochner@pkgsrc.org> | 2011-11-07 17:59:47 +0000 |
|---|---|---|
| committer | drochner <drochner@pkgsrc.org> | 2011-11-07 17:59:47 +0000 |
| commit | 671b70cc9a887c2a2fe8725137c10fa295a3341f (patch) | |
| tree | cce8a76eb0bc5e1f0064e211a8e43a1a5b99623a /graphics | |
| parent | 436622fc49602652c29ef2eea33bfa01590e1f1e (diff) | |
| download | pkgsrc-671b70cc9a887c2a2fe8725137c10fa295a3341f.tar.gz | |
add patch from upstream to fix possible buffer overflow in LZW decoder
by invalid GIF file (CVE-2011-2896)
bump PKGREV
Diffstat (limited to 'graphics')
| -rw-r--r-- | graphics/gimp/Makefile | 4 | ||||
| -rw-r--r-- | graphics/gimp/distinfo | 3 | ||||
| -rw-r--r-- | graphics/gimp/patches/patch-ag | 53 |
3 files changed, 57 insertions, 3 deletions
diff --git a/graphics/gimp/Makefile b/graphics/gimp/Makefile index 74992ec7a80..e6d8b4e16eb 100644 --- a/graphics/gimp/Makefile +++ b/graphics/gimp/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.207 2011/11/01 06:01:34 sbd Exp $ +# $NetBSD: Makefile,v 1.208 2011/11/07 17:59:47 drochner Exp $ DISTNAME= gimp-2.6.11 -PKGREVISION= 8 +PKGREVISION= 9 CATEGORIES= graphics MASTER_SITES= ftp://ftp.gimp.org/pub/gimp/v2.6/ \ ${MASTER_SITE_GNU:=gimp/v2.6/} \ diff --git a/graphics/gimp/distinfo b/graphics/gimp/distinfo index ab40e78ff4b..600e79a6190 100644 --- a/graphics/gimp/distinfo +++ b/graphics/gimp/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.63 2011/04/19 10:28:31 wiz Exp $ +$NetBSD: distinfo,v 1.64 2011/11/07 17:59:47 drochner Exp $ SHA1 (gimp-2.6.11.tar.bz2) = 2f9d596e727bdbf304fa78257c1731d9faf3934c RMD160 (gimp-2.6.11.tar.bz2) = a116377499e58dc2bfe231ab3c057d0be94091ff @@ -9,6 +9,7 @@ SHA1 (patch-ac) = 42f44b45640bdde305c1e52b95ee633360ebccb8 SHA1 (patch-ad) = 4e2ce2f7d8729fb760eac1bad89cfe09fef499b0 SHA1 (patch-ae) = 5c39e6ff972c09f0c9005f2b7130e098e1368767 SHA1 (patch-af) = 2926b5be1012295e9338940b5ff1d3b2c5d7619a +SHA1 (patch-ag) = 2dee8374516d57f353f5dd3fd6b4228ad0df4978 SHA1 (patch-ba) = 5efdceebadab408f2d4465eb1f7ef014c1cc064e SHA1 (patch-bb) = c1ac683a55764c63f131a1d8c88f773638c7c66e SHA1 (patch-bc) = afc862d6c79770f85a3c37353f6b77aae6726a43 diff --git a/graphics/gimp/patches/patch-ag b/graphics/gimp/patches/patch-ag new file mode 100644 index 00000000000..e4dd9d04962 --- /dev/null +++ b/graphics/gimp/patches/patch-ag @@ -0,0 +1,53 @@ +$NetBSD: patch-ag,v 1.5 2011/11/07 17:59:47 drochner Exp $ + +CVE-2011-2896 + +--- plug-ins/common/file-gif-load.c.orig 2010-07-02 22:51:56.000000000 +0000 ++++ plug-ins/common/file-gif-load.c +@@ -697,7 +697,8 @@ LZWReadByte (FILE *fd, + static gint firstcode, oldcode; + static gint clear_code, end_code; + static gint table[2][(1 << MAX_LZW_BITS)]; +- static gint stack[(1 << (MAX_LZW_BITS)) * 2], *sp; ++#define STACK_SIZE ((1 << (MAX_LZW_BITS)) * 2) ++ static gint stack[STACK_SIZE], *sp; + gint i; + + if (just_reset_LZW) +@@ -772,7 +773,7 @@ LZWReadByte (FILE *fd, + + return firstcode; + } +- else if (code == end_code) ++ else if (code == end_code || code > max_code) + { + gint count; + guchar buf[260]; +@@ -791,13 +792,14 @@ LZWReadByte (FILE *fd, + + incode = code; + +- if (code >= max_code) ++ if (code == max_code) + { +- *sp++ = firstcode; ++ if (sp < &(stack[STACK_SIZE])) ++ *sp++ = firstcode; + code = oldcode; + } + +- while (code >= clear_code) ++ while (code >= clear_code && sp < &(stack[STACK_SIZE])) + { + *sp++ = table[1][code]; + if (code == table[0][code]) +@@ -808,7 +810,8 @@ LZWReadByte (FILE *fd, + code = table[0][code]; + } + +- *sp++ = firstcode = table[1][code]; ++ if (sp < &(stack[STACK_SIZE])) ++ *sp++ = firstcode = table[1][code]; + + if ((code = max_code) < (1 << MAX_LZW_BITS)) + { |