head 1.3; access; symbols pkgsrc-2019Q2:1.2.0.66 pkgsrc-2019Q2-base:1.2 pkgsrc-2019Q1:1.2.0.64 pkgsrc-2019Q1-base:1.2 pkgsrc-2018Q4:1.2.0.62 pkgsrc-2018Q4-base:1.2 pkgsrc-2018Q3:1.2.0.60 pkgsrc-2018Q3-base:1.2 pkgsrc-2018Q2:1.2.0.58 pkgsrc-2018Q2-base:1.2 pkgsrc-2018Q1:1.2.0.56 pkgsrc-2018Q1-base:1.2 pkgsrc-2017Q4:1.2.0.54 pkgsrc-2017Q4-base:1.2 pkgsrc-2017Q3:1.2.0.52 pkgsrc-2017Q3-base:1.2 pkgsrc-2017Q2:1.2.0.48 pkgsrc-2017Q2-base:1.2 pkgsrc-2017Q1:1.2.0.46 pkgsrc-2017Q1-base:1.2 pkgsrc-2016Q4:1.2.0.44 pkgsrc-2016Q4-base:1.2 pkgsrc-2016Q3:1.2.0.42 pkgsrc-2016Q3-base:1.2 pkgsrc-2016Q2:1.2.0.40 pkgsrc-2016Q2-base:1.2 pkgsrc-2016Q1:1.2.0.38 pkgsrc-2016Q1-base:1.2 pkgsrc-2015Q4:1.2.0.36 pkgsrc-2015Q4-base:1.2 pkgsrc-2015Q3:1.2.0.34 pkgsrc-2015Q3-base:1.2 pkgsrc-2015Q2:1.2.0.32 pkgsrc-2015Q2-base:1.2 pkgsrc-2015Q1:1.2.0.30 pkgsrc-2015Q1-base:1.2 pkgsrc-2014Q4:1.2.0.28 pkgsrc-2014Q4-base:1.2 pkgsrc-2014Q3:1.2.0.26 pkgsrc-2014Q3-base:1.2 pkgsrc-2014Q2:1.2.0.24 pkgsrc-2014Q2-base:1.2 pkgsrc-2014Q1:1.2.0.22 pkgsrc-2014Q1-base:1.2 pkgsrc-2013Q4:1.2.0.20 pkgsrc-2013Q4-base:1.2 pkgsrc-2013Q3:1.2.0.18 pkgsrc-2013Q3-base:1.2 pkgsrc-2013Q2:1.2.0.16 pkgsrc-2013Q2-base:1.2 pkgsrc-2013Q1:1.2.0.14 pkgsrc-2013Q1-base:1.2 pkgsrc-2012Q4:1.2.0.12 pkgsrc-2012Q4-base:1.2 pkgsrc-2012Q3:1.2.0.10 pkgsrc-2012Q3-base:1.2 pkgsrc-2012Q2:1.2.0.8 pkgsrc-2012Q2-base:1.2 pkgsrc-2012Q1:1.2.0.6 pkgsrc-2012Q1-base:1.2 pkgsrc-2011Q4:1.2.0.4 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q3:1.2.0.2 pkgsrc-2011Q3-base:1.2 pkgsrc-2011Q2:1.1.0.56 pkgsrc-2011Q2-base:1.1 pkgsrc-2011Q1:1.1.0.54 pkgsrc-2011Q1-base:1.1 pkgsrc-2010Q4:1.1.0.52 pkgsrc-2010Q4-base:1.1 pkgsrc-2010Q3:1.1.0.50 pkgsrc-2010Q3-base:1.1 pkgsrc-2010Q2:1.1.0.48 pkgsrc-2010Q2-base:1.1 pkgsrc-2010Q1:1.1.0.46 pkgsrc-2010Q1-base:1.1 pkgsrc-2009Q4:1.1.0.44 pkgsrc-2009Q4-base:1.1 pkgsrc-2009Q3:1.1.0.42 pkgsrc-2009Q3-base:1.1 pkgsrc-2009Q2:1.1.0.40 pkgsrc-2009Q2-base:1.1 pkgsrc-2009Q1:1.1.0.38 pkgsrc-2009Q1-base:1.1 pkgsrc-2008Q4:1.1.0.36 pkgsrc-2008Q4-base:1.1 pkgsrc-2008Q3:1.1.0.34 pkgsrc-2008Q3-base:1.1 cube-native-xorg:1.1.0.32 cube-native-xorg-base:1.1 pkgsrc-2008Q2:1.1.0.30 pkgsrc-2008Q2-base:1.1 cwrapper:1.1.0.28 pkgsrc-2008Q1:1.1.0.26 pkgsrc-2008Q1-base:1.1 pkgsrc-2007Q4:1.1.0.24 pkgsrc-2007Q4-base:1.1 pkgsrc-2007Q3:1.1.0.22 pkgsrc-2007Q3-base:1.1 pkgsrc-2007Q2:1.1.0.20 pkgsrc-2007Q2-base:1.1 pkgsrc-2007Q1:1.1.0.18 pkgsrc-2007Q1-base:1.1 pkgsrc-2006Q4:1.1.0.16 pkgsrc-2006Q4-base:1.1 pkgsrc-2006Q3:1.1.0.14 pkgsrc-2006Q3-base:1.1 pkgsrc-2006Q2:1.1.0.12 pkgsrc-2006Q2-base:1.1 pkgsrc-2006Q1:1.1.0.10 pkgsrc-2006Q1-base:1.1 pkgsrc-2005Q4:1.1.0.8 pkgsrc-2005Q4-base:1.1 pkgsrc-2005Q3:1.1.0.6 pkgsrc-2005Q3-base:1.1 pkgsrc-2005Q2:1.1.0.4 pkgsrc-2005Q2-base:1.1 pkgsrc-2005Q1:1.1.0.2 pkgsrc-2005Q1-base:1.1; locks; strict; comment @# @; 1.3 date 2019.07.21.10.34.52; author wiz; state dead; branches; next 1.2; commitid 714SadchRqVILTvB; 1.2 date 2011.08.03.10.01.25; author drochner; state Exp; branches; next 1.1; 1.1 date 2005.01.15.00.10.41; author cube; state Exp; branches 1.1.56.1; next ; 1.1.56.1 date 2011.08.07.09.35.39; author tron; state Exp; branches; next ; desc @@ 1.3 log @gdk-pixbuf: remove The software hasn't been updated since 2002 and is probably full of security problems. Two packages were using it. (gpsdrive has a newer version in wip.) @ text @$NetBSD: patch-af,v 1.2 2011/08/03 10:01:25 drochner Exp $ --- gdk-pixbuf/io-gif.c.orig 2002-12-18 19:49:01.000000000 +0000 +++ gdk-pixbuf/io-gif.c @@@@ -617,7 +617,7 @@@@ clip_frame (GifContext *context, int *x, *w = MIN (context->width, context->x_offset + context->frame_len) - *x; *h = MIN (context->height, context->y_offset + context->frame_height) - *y; - if (w > 0 && h > 0) + if (*w > 0 && *h > 0) return; /* The frame is completely off-bounds */ @@@@ -944,6 +944,10 @@@@ gif_prepare_lzw (GifContext *context) return -1; } + if (context->lzw_set_code_size > MAX_LZW_BITS) { + return -1; + } + context->lzw_code_size = context->lzw_set_code_size + 1; context->lzw_clear_code = 1 << context->lzw_set_code_size; context->lzw_end_code = context->lzw_clear_code + 1; @ 1.2 log @pull in boundary check from gdk2-pixbuf to fix a possible buffer overflow by invalid GIF images, see redhat bug#727081 bump PKGREV @ text @d1 1 a1 1 $NetBSD$ @ 1.1 log @Fix a long-standing bug in io-gif.c. It remained unnoticed until Georg Schwarz tried to compile it with a compiler that errors out when the code does something as pointless as checking if a pointer is positive. PR#28889 and http://bugzilla.gnome.org/show_bug.cgi?id=156186 @ text @d14 11 @ 1.1.56.1 log @Pullup ticket #3492 - requested by drocher graphics/gdk-pixbuf: security update Revisions pulled up: - graphics/gdk-pixbuf/Makefile 1.43 - graphics/gdk-pixbuf/distinfo 1.22 - graphics/gdk-pixbuf/patches/patch-af 1.2 --- Module Name: pkgsrc Committed By: drochner Date: Wed Aug 3 10:01:25 UTC 2011 Modified Files: pkgsrc/graphics/gdk-pixbuf: Makefile distinfo pkgsrc/graphics/gdk-pixbuf/patches: patch-af Log Message: pull in boundary check from gdk2-pixbuf to fix a possible buffer overflow by invalid GIF images, see redhat bug#727081 bump PKGREV @ text @a13 11 @@@@ -944,6 +944,10 @@@@ gif_prepare_lzw (GifContext *context) return -1; } + if (context->lzw_set_code_size > MAX_LZW_BITS) { + return -1; + } + context->lzw_code_size = context->lzw_set_code_size + 1; context->lzw_clear_code = 1 << context->lzw_set_code_size; context->lzw_end_code = context->lzw_clear_code + 1; @