head 1.2; access; symbols pkgsrc-2019Q2:1.1.0.122 pkgsrc-2019Q2-base:1.1 pkgsrc-2019Q1:1.1.0.120 pkgsrc-2019Q1-base:1.1 pkgsrc-2018Q4:1.1.0.118 pkgsrc-2018Q4-base:1.1 pkgsrc-2018Q3:1.1.0.116 pkgsrc-2018Q3-base:1.1 pkgsrc-2018Q2:1.1.0.114 pkgsrc-2018Q2-base:1.1 pkgsrc-2018Q1:1.1.0.112 pkgsrc-2018Q1-base:1.1 pkgsrc-2017Q4:1.1.0.110 pkgsrc-2017Q4-base:1.1 pkgsrc-2017Q3:1.1.0.108 pkgsrc-2017Q3-base:1.1 pkgsrc-2017Q2:1.1.0.104 pkgsrc-2017Q2-base:1.1 pkgsrc-2017Q1:1.1.0.102 pkgsrc-2017Q1-base:1.1 pkgsrc-2016Q4:1.1.0.100 pkgsrc-2016Q4-base:1.1 pkgsrc-2016Q3:1.1.0.98 pkgsrc-2016Q3-base:1.1 pkgsrc-2016Q2:1.1.0.96 pkgsrc-2016Q2-base:1.1 pkgsrc-2016Q1:1.1.0.94 pkgsrc-2016Q1-base:1.1 pkgsrc-2015Q4:1.1.0.92 pkgsrc-2015Q4-base:1.1 pkgsrc-2015Q3:1.1.0.90 pkgsrc-2015Q3-base:1.1 pkgsrc-2015Q2:1.1.0.88 pkgsrc-2015Q2-base:1.1 pkgsrc-2015Q1:1.1.0.86 pkgsrc-2015Q1-base:1.1 pkgsrc-2014Q4:1.1.0.84 pkgsrc-2014Q4-base:1.1 pkgsrc-2014Q3:1.1.0.82 pkgsrc-2014Q3-base:1.1 pkgsrc-2014Q2:1.1.0.80 pkgsrc-2014Q2-base:1.1 pkgsrc-2014Q1:1.1.0.78 pkgsrc-2014Q1-base:1.1 pkgsrc-2013Q4:1.1.0.76 pkgsrc-2013Q4-base:1.1 pkgsrc-2013Q3:1.1.0.74 pkgsrc-2013Q3-base:1.1 pkgsrc-2013Q2:1.1.0.72 pkgsrc-2013Q2-base:1.1 pkgsrc-2013Q1:1.1.0.70 pkgsrc-2013Q1-base:1.1 pkgsrc-2012Q4:1.1.0.68 pkgsrc-2012Q4-base:1.1 pkgsrc-2012Q3:1.1.0.66 pkgsrc-2012Q3-base:1.1 pkgsrc-2012Q2:1.1.0.64 pkgsrc-2012Q2-base:1.1 pkgsrc-2012Q1:1.1.0.62 pkgsrc-2012Q1-base:1.1 pkgsrc-2011Q4:1.1.0.60 pkgsrc-2011Q4-base:1.1 pkgsrc-2011Q3:1.1.0.58 pkgsrc-2011Q3-base:1.1 pkgsrc-2011Q2:1.1.0.56 pkgsrc-2011Q2-base:1.1 pkgsrc-2011Q1:1.1.0.54 pkgsrc-2011Q1-base:1.1 pkgsrc-2010Q4:1.1.0.52 pkgsrc-2010Q4-base:1.1 pkgsrc-2010Q3:1.1.0.50 pkgsrc-2010Q3-base:1.1 pkgsrc-2010Q2:1.1.0.48 pkgsrc-2010Q2-base:1.1 pkgsrc-2010Q1:1.1.0.46 pkgsrc-2010Q1-base:1.1 pkgsrc-2009Q4:1.1.0.44 pkgsrc-2009Q4-base:1.1 pkgsrc-2009Q3:1.1.0.42 pkgsrc-2009Q3-base:1.1 pkgsrc-2009Q2:1.1.0.40 pkgsrc-2009Q2-base:1.1 pkgsrc-2009Q1:1.1.0.38 pkgsrc-2009Q1-base:1.1 pkgsrc-2008Q4:1.1.0.36 pkgsrc-2008Q4-base:1.1 pkgsrc-2008Q3:1.1.0.34 pkgsrc-2008Q3-base:1.1 cube-native-xorg:1.1.0.32 cube-native-xorg-base:1.1 pkgsrc-2008Q2:1.1.0.30 pkgsrc-2008Q2-base:1.1 cwrapper:1.1.0.28 pkgsrc-2008Q1:1.1.0.26 pkgsrc-2008Q1-base:1.1 pkgsrc-2007Q4:1.1.0.24 pkgsrc-2007Q4-base:1.1 pkgsrc-2007Q3:1.1.0.22 pkgsrc-2007Q3-base:1.1 pkgsrc-2007Q2:1.1.0.20 pkgsrc-2007Q2-base:1.1 pkgsrc-2007Q1:1.1.0.18 pkgsrc-2007Q1-base:1.1 pkgsrc-2006Q4:1.1.0.16 pkgsrc-2006Q4-base:1.1 pkgsrc-2006Q3:1.1.0.14 pkgsrc-2006Q3-base:1.1 pkgsrc-2006Q2:1.1.0.12 pkgsrc-2006Q2-base:1.1 pkgsrc-2006Q1:1.1.0.10 pkgsrc-2006Q1-base:1.1 pkgsrc-2005Q4:1.1.0.8 pkgsrc-2005Q4-base:1.1 pkgsrc-2005Q3:1.1.0.6 pkgsrc-2005Q3-base:1.1 pkgsrc-2005Q2:1.1.0.4 pkgsrc-2005Q2-base:1.1 pkgsrc-2005Q1:1.1.0.2; locks; strict; comment @# @; 1.2 date 2019.07.21.10.34.52; author wiz; state dead; branches; next 1.1; commitid 714SadchRqVILTvB; 1.1 date 2005.04.01.11.37.23; author salo; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2005.04.01.11.37.23; author snj; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2005.04.03.03.32.58; author snj; state Exp; branches; next ; desc @@ 1.2 log @gdk-pixbuf: remove The software hasn't been updated since 2002 and is probably full of security problems. Two packages were using it. (gpsdrive has a newer version in wip.) @ text @$NetBSD: patch-ak,v 1.1 2005/04/01 11:37:23 salo Exp $ --- gdk-pixbuf/io-bmp.c.orig 2002-09-27 23:12:40.000000000 +0200 +++ gdk-pixbuf/io-bmp.c 2005-04-01 13:05:14.000000000 +0200 @@@@ -245,7 +245,14 @@@@ static gboolean grow_buffer (struct bmp_progressive_state *State) { - guchar *tmp = realloc (State->buff, State->BufferSize); + guchar *tmp; + + if (State->BufferSize == 0) { + State->read_state = READ_STATE_ERROR; + return FALSE; + } + + tmp = realloc (State->buff, State->BufferSize); if (!tmp) { State->read_state = READ_STATE_ERROR; return FALSE; @ 1.1 log @Security fix for CAN-2005-0891: "David Costanzo has reported a vulnerability in GdkPixbuf, which can be exploited by malicious people to crash certain applications on a user's system. The vulnerability is caused due to a double free error in the BMP loader. This can be exploited to crash an application linked against GdkPixbuf when a specially crafted BMP image is processed." Bump PKGREVISION. Patch from Fedora. @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-ak was added on branch pkgsrc-2005Q1 on 2005-04-01 11:37:23 +0000 @ text @d1 20 @ 1.1.2.2 log @Pullup ticket 415 - requested by Lubomir Sedlacik security fix for gdk-pixbuf Revisions pulled up: - pkgsrc/graphics/gdk-pixbuf/Makefile 1.31 - pkgsrc/graphics/gdk-pixbuf/buildlink3.mk 1.7 - pkgsrc/graphics/gdk-pixbuf/distinfo 1.16 - pkgsrc/graphics/gdk-pixbuf/patches/patch-ak 1.1 Module Name: pkgsrc Committed By: salo Date: Fri Apr 1 11:37:23 UTC 2005 Modified Files: pkgsrc/graphics/gdk-pixbuf: Makefile buildlink3.mk distinfo Added Files: pkgsrc/graphics/gdk-pixbuf/patches: patch-ak Log Message: Security fix for CAN-2005-0891: "David Costanzo has reported a vulnerability in GdkPixbuf, which can be exploited by malicious people to crash certain applications on a user's system. The vulnerability is caused due to a double free error in the BMP loader. This can be exploited to crash an application linked against GdkPixbuf when a specially crafted BMP image is processed." Bump PKGREVISION. Patch from Fedora. @ text @a0 20 $NetBSD: patch-ak,v 1.1.2.1 2005/04/03 03:32:58 snj Exp $ --- gdk-pixbuf/io-bmp.c.orig 2002-09-27 23:12:40.000000000 +0200 +++ gdk-pixbuf/io-bmp.c 2005-04-01 13:05:14.000000000 +0200 @@@@ -245,7 +245,14 @@@@ static gboolean grow_buffer (struct bmp_progressive_state *State) { - guchar *tmp = realloc (State->buff, State->BufferSize); + guchar *tmp; + + if (State->BufferSize == 0) { + State->read_state = READ_STATE_ERROR; + return FALSE; + } + + tmp = realloc (State->buff, State->BufferSize); if (!tmp) { State->read_state = READ_STATE_ERROR; return FALSE; @