head	1.2;
access;
symbols
	pkgsrc-2019Q2:1.1.0.62
	pkgsrc-2019Q2-base:1.1
	pkgsrc-2019Q1:1.1.0.60
	pkgsrc-2019Q1-base:1.1
	pkgsrc-2018Q4:1.1.0.58
	pkgsrc-2018Q4-base:1.1
	pkgsrc-2018Q3:1.1.0.56
	pkgsrc-2018Q3-base:1.1
	pkgsrc-2018Q2:1.1.0.54
	pkgsrc-2018Q2-base:1.1
	pkgsrc-2018Q1:1.1.0.52
	pkgsrc-2018Q1-base:1.1
	pkgsrc-2017Q4:1.1.0.50
	pkgsrc-2017Q4-base:1.1
	pkgsrc-2017Q3:1.1.0.48
	pkgsrc-2017Q3-base:1.1
	pkgsrc-2017Q2:1.1.0.44
	pkgsrc-2017Q2-base:1.1
	pkgsrc-2017Q1:1.1.0.42
	pkgsrc-2017Q1-base:1.1
	pkgsrc-2016Q4:1.1.0.40
	pkgsrc-2016Q4-base:1.1
	pkgsrc-2016Q3:1.1.0.38
	pkgsrc-2016Q3-base:1.1
	pkgsrc-2016Q2:1.1.0.36
	pkgsrc-2016Q2-base:1.1
	pkgsrc-2016Q1:1.1.0.34
	pkgsrc-2016Q1-base:1.1
	pkgsrc-2015Q4:1.1.0.32
	pkgsrc-2015Q4-base:1.1
	pkgsrc-2015Q3:1.1.0.30
	pkgsrc-2015Q3-base:1.1
	pkgsrc-2015Q2:1.1.0.28
	pkgsrc-2015Q2-base:1.1
	pkgsrc-2015Q1:1.1.0.26
	pkgsrc-2015Q1-base:1.1
	pkgsrc-2014Q4:1.1.0.24
	pkgsrc-2014Q4-base:1.1
	pkgsrc-2014Q3:1.1.0.22
	pkgsrc-2014Q3-base:1.1
	pkgsrc-2014Q2:1.1.0.20
	pkgsrc-2014Q2-base:1.1
	pkgsrc-2014Q1:1.1.0.18
	pkgsrc-2014Q1-base:1.1
	pkgsrc-2013Q4:1.1.0.16
	pkgsrc-2013Q4-base:1.1
	pkgsrc-2013Q3:1.1.0.14
	pkgsrc-2013Q3-base:1.1
	pkgsrc-2013Q2:1.1.0.12
	pkgsrc-2013Q2-base:1.1
	pkgsrc-2013Q1:1.1.0.10
	pkgsrc-2013Q1-base:1.1
	pkgsrc-2012Q4:1.1.0.8
	pkgsrc-2012Q4-base:1.1
	pkgsrc-2012Q3:1.1.0.6
	pkgsrc-2012Q3-base:1.1
	pkgsrc-2012Q2:1.1.0.4
	pkgsrc-2012Q2-base:1.1
	pkgsrc-2012Q1:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2019.07.21.10.34.52;	author wiz;	state dead;
branches;
next	1.1;
commitid	714SadchRqVILTvB;

1.1
date	2012.05.25.08.31.35;	author he;	state Exp;
branches
	1.1.2.1;
next	;

1.1.2.1
date	2012.05.25.08.31.35;	author tron;	state dead;
branches;
next	1.1.2.2;

1.1.2.2
date	2012.05.25.15.31.58;	author tron;	state Exp;
branches;
next	;


desc
@@


1.2
log
@gdk-pixbuf: remove

The software hasn't been updated since 2002 and is probably full
of security problems. Two packages were using it. (gpsdrive has a
newer version in wip.)
@
text
@$NetBSD: patch-ao,v 1.1 2012/05/25 08:31:35 he Exp $

Add fix for http://secunia.com/advisories/49125/, taken from
http://bugzilla-attachments.gnome.org/attachment.cgi?id=212053.

--- gdk-pixbuf/io-xbm.c.orig	2001-01-21 04:13:40.000000000 +0000
+++ gdk-pixbuf/io-xbm.c
@@@@ -177,10 +177,16 @@@@ read_bitmap_file_data (FILE *fstream,
 				type++;
 			}
 
-			if (!strcmp ("width", type))
+			if (!strcmp ("width", type)) {
+				if (value <= 0)
+					RETURN (FALSE);
 				ww = (unsigned int) value;
-			if (!strcmp ("height", type))
+			}
+			if (!strcmp ("height", type)) {
+				if (value <= 0)
+					RETURN (FALSE);
 				hh = (unsigned int) value;
+			}
 			if (!strcmp ("hot", type)) {
 				if (type-- == name_and_type
 				    || type-- == name_and_type)
@@@@ -221,6 +227,8 @@@@ read_bitmap_file_data (FILE *fstream,
 		bytes_per_line = (ww+7)/8 + padding;
 
 		size = bytes_per_line * hh;
+		if (size / bytes_per_line != hh) /* overflow */
+			RETURN (FALSE);
 		bits = g_malloc (size);
 
 		if (version10p) {
@


1.1
log
@Add fix for http://secunia.com/advisories/49125/, taken from
http://bugzilla-attachments.gnome.org/attachment.cgi?id=212053.
@
text
@d1 1
a1 1
$NetBSD$
@


1.1.2.1
log
@file patch-ao was added on branch pkgsrc-2012Q1 on 2012-05-25 15:31:58 +0000
@
text
@d1 35
@


1.1.2.2
log
@Pullup ticket #3803 - requested by he
graphics/gdk-pixbuf: security patch

Revisions pulled up:
- graphics/gdk-pixbuf/Makefile                                  1.45
- graphics/gdk-pixbuf/distinfo                                  1.23
- graphics/gdk-pixbuf/patches/patch-ao                          1.1

---
   Module Name:	pkgsrc
   Committed By:	he
   Date:		Fri May 25 08:29:36 UTC 2012

   Modified Files:
   	pkgsrc/graphics/gdk-pixbuf: Makefile distinfo

   Log Message:
   Add fix for http://secunia.com/advisories/49125/, taken from
   http://bugzilla-attachments.gnome.org/attachment.cgi?id=212053.
   Bump pkgrevision.

---
   Module Name:	pkgsrc
   Committed By:	he
   Date:		Fri May 25 08:31:35 UTC 2012

   Added Files:
   	pkgsrc/graphics/gdk-pixbuf/patches: patch-ao

   Log Message:
   Add fix for http://secunia.com/advisories/49125/, taken from
   http://bugzilla-attachments.gnome.org/attachment.cgi?id=212053.
@
text
@a0 35
$NetBSD$

Add fix for http://secunia.com/advisories/49125/, taken from
http://bugzilla-attachments.gnome.org/attachment.cgi?id=212053.

--- gdk-pixbuf/io-xbm.c.orig	2001-01-21 04:13:40.000000000 +0000
+++ gdk-pixbuf/io-xbm.c
@@@@ -177,10 +177,16 @@@@ read_bitmap_file_data (FILE *fstream,
 				type++;
 			}
 
-			if (!strcmp ("width", type))
+			if (!strcmp ("width", type)) {
+				if (value <= 0)
+					RETURN (FALSE);
 				ww = (unsigned int) value;
-			if (!strcmp ("height", type))
+			}
+			if (!strcmp ("height", type)) {
+				if (value <= 0)
+					RETURN (FALSE);
 				hh = (unsigned int) value;
+			}
 			if (!strcmp ("hot", type)) {
 				if (type-- == name_and_type
 				    || type-- == name_and_type)
@@@@ -221,6 +227,8 @@@@ read_bitmap_file_data (FILE *fstream,
 		bytes_per_line = (ww+7)/8 + padding;
 
 		size = bytes_per_line * hh;
+		if (size / bytes_per_line != hh) /* overflow */
+			RETURN (FALSE);
 		bits = g_malloc (size);
 
 		if (version10p) {
@