head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.4
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.2
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.1.0.8
	pkgsrc-2011Q4-base:1.1
	pkgsrc-2011Q3:1.1.0.6
	pkgsrc-2011Q3-base:1.1
	pkgsrc-2011Q2:1.1.0.4
	pkgsrc-2011Q2-base:1.1
	pkgsrc-2011Q1:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2012.02.04.21.10.45;	author adam;	state dead;
branches;
next	1.1;

1.1
date	2011.04.15.16.39.10;	author drochner;	state Exp;
branches
	1.1.2.1;
next	;

1.1.2.1
date	2011.04.15.16.39.10;	author tron;	state dead;
branches;
next	1.1.2.2;

1.1.2.2
date	2011.04.20.18.39.44;	author tron;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Changes 2.6.12:
Bug fixes:
* GIMP 2.6.10 segfaults when CTRL-left click on a layer mask
* GIMP fails to import a path from SVG
* Crash or Gtk-CRITICAL on File->Open
* [abrt] gimp-2:2.6.11-1.fc14: py-slice.py:172:slice:TypeError: integer argument
  expected, got float
* gimp(1) manpage fixes
* Sample Colorize does not function non-interactively
* file-pdf-load: Don't use deprecated API
* file-psp: fix for bogus input data
* Fixes for some buffer overflow problems
* Guard against crash due to quitting while DND is processed
* fails to build with -Werror=format-security
* script-fu: make server IPv6 aware
@
text
@$NetBSD: patch-bc,v 1.1 2011/04/15 16:39:10 drochner Exp $

CVE-2010-4542

--- plug-ins/gfig/gfig-style.c.orig	2010-07-02 22:51:59.000000000 +0000
+++ plug-ins/gfig/gfig-style.c
@@@@ -165,6 +165,7 @@@@ gfig_read_parameter_gimp_rgb (gchar     
   gchar *ptr;
   gchar *tmpstr;
   gchar *endptr;
+  gchar  fmt_str[32];
   gchar  colorstr_r[G_ASCII_DTOSTR_BUF_SIZE];
   gchar  colorstr_g[G_ASCII_DTOSTR_BUF_SIZE];
   gchar  colorstr_b[G_ASCII_DTOSTR_BUF_SIZE];
@@@@ -172,6 +173,10 @@@@ gfig_read_parameter_gimp_rgb (gchar     
 
   style_entry->r = style_entry->g = style_entry->b = style_entry->a = 0.;
 
+  snprintf (fmt_str, sizeof (fmt_str), "%%%lds %%%lds %%%lds %%%lds",
+            sizeof (colorstr_r) - 1, sizeof (colorstr_g) - 1,
+            sizeof (colorstr_b) - 1, sizeof (colorstr_a) - 1);
+
   while (n < nitems)
     {
       ptr = strchr (text[n], ':');
@@@@ -181,7 +186,8 @@@@ gfig_read_parameter_gimp_rgb (gchar     
           ptr++;
           if (!strcmp (tmpstr, name))
             {
-              sscanf (ptr, "%s %s %s %s", colorstr_r, colorstr_g, colorstr_b, colorstr_a);
+              sscanf (ptr, fmt_str,
+                      colorstr_r, colorstr_g, colorstr_b, colorstr_a);
               style_entry->r = g_ascii_strtod (colorstr_r, &endptr);
               style_entry->g = g_ascii_strtod (colorstr_g, &endptr);
               style_entry->b = g_ascii_strtod (colorstr_b, &endptr);
@


1.1
log
@add patches from upstream, via Debian/Ubuntu:
-possible buffer overflows when parsing config files of plugins
 (CVE-2010-4540, CVE-2010-4541, CVE-2010-4542)
-possible buffer overflow in PSP image parser plugin (CVE-2010-4543)
bump PKGREV
@
text
@d1 1
a1 1
$NetBSD$
@


1.1.2.1
log
@file patch-bc was added on branch pkgsrc-2011Q1 on 2011-04-20 18:39:44 +0000
@
text
@d1 35
@


1.1.2.2
log
@Pullup ticket #3417 - requested by drochner
graphics/gimp: security patch

Revisions pulled up:
- graphics/gimp/Makefile                                        1.204
- graphics/gimp/distinfo                                        1.62
- graphics/gimp/patches/patch-ba                                1.1
- graphics/gimp/patches/patch-bb                                1.1
- graphics/gimp/patches/patch-bc                                1.1
- graphics/gimp/patches/patch-bd                                1.1

---
   Module Name:    pkgsrc
   Committed By:   drochner
   Date:           Fri Apr 15 16:39:10 UTC 2011

   Modified Files:
           pkgsrc/graphics/gimp: Makefile distinfo
   Added Files:
           pkgsrc/graphics/gimp/patches: patch-ba patch-bb patch-bc patch-bd

   Log Message:
   add patches from upstream, via Debian/Ubuntu:
   -possible buffer overflows when parsing config files of plugins
    (CVE-2010-4540, CVE-2010-4541, CVE-2010-4542)
   -possible buffer overflow in PSP image parser plugin (CVE-2010-4543)
   bump PKGREV
@
text
@a0 35
$NetBSD$

CVE-2010-4542

--- plug-ins/gfig/gfig-style.c.orig	2010-07-02 22:51:59.000000000 +0000
+++ plug-ins/gfig/gfig-style.c
@@@@ -165,6 +165,7 @@@@ gfig_read_parameter_gimp_rgb (gchar     
   gchar *ptr;
   gchar *tmpstr;
   gchar *endptr;
+  gchar  fmt_str[32];
   gchar  colorstr_r[G_ASCII_DTOSTR_BUF_SIZE];
   gchar  colorstr_g[G_ASCII_DTOSTR_BUF_SIZE];
   gchar  colorstr_b[G_ASCII_DTOSTR_BUF_SIZE];
@@@@ -172,6 +173,10 @@@@ gfig_read_parameter_gimp_rgb (gchar     
 
   style_entry->r = style_entry->g = style_entry->b = style_entry->a = 0.;
 
+  snprintf (fmt_str, sizeof (fmt_str), "%%%lds %%%lds %%%lds %%%lds",
+            sizeof (colorstr_r) - 1, sizeof (colorstr_g) - 1,
+            sizeof (colorstr_b) - 1, sizeof (colorstr_a) - 1);
+
   while (n < nitems)
     {
       ptr = strchr (text[n], ':');
@@@@ -181,7 +186,8 @@@@ gfig_read_parameter_gimp_rgb (gchar     
           ptr++;
           if (!strcmp (tmpstr, name))
             {
-              sscanf (ptr, "%s %s %s %s", colorstr_r, colorstr_g, colorstr_b, colorstr_a);
+              sscanf (ptr, fmt_str,
+                      colorstr_r, colorstr_g, colorstr_b, colorstr_a);
               style_entry->r = g_ascii_strtod (colorstr_r, &endptr);
               style_entry->g = g_ascii_strtod (colorstr_g, &endptr);
               style_entry->b = g_ascii_strtod (colorstr_b, &endptr);
@