head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.24 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.22 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.2.0.20 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q2:1.2.0.18 pkgsrc-2011Q2-base:1.2 pkgsrc-2009Q4:1.2.0.16 pkgsrc-2009Q4-base:1.2 pkgsrc-2008Q4:1.2.0.14 pkgsrc-2008Q4-base:1.2 pkgsrc-2008Q3:1.2.0.12 pkgsrc-2008Q3-base:1.2 cube-native-xorg:1.2.0.10 cube-native-xorg-base:1.2 pkgsrc-2008Q2:1.2.0.8 pkgsrc-2008Q2-base:1.2 pkgsrc-2008Q1:1.2.0.6 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.2.0.4 pkgsrc-2007Q4-base:1.2 pkgsrc-2007Q3:1.2.0.2 pkgsrc-2007Q3-base:1.2 pkgsrc-2007Q2:1.1.0.2; locks; strict; comment @# @; 1.2 date 2007.07.31.21.01.17; author adam; state dead; branches; next 1.1; 1.1 date 2007.07.04.15.19.51; author lkundrak; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2007.07.04.15.19.51; author ghen; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2007.07.28.22.28.50; author ghen; state Exp; branches; next ; desc @@ 1.2 log @Changes 2.3.19: - support long layer names in PSD files - improved EXIF handling in the JPEG file plug-in - added control for the playback speed in the Animation Playback plug-in - avoid needless image preview invalidation - allow to edit the image comment in the Image Properties dialog - further improved rectangle tools - made JPEG save parameters user-configurable - avoid color conversions between identical ICC color profiles - improved Print plug-in - improved loading and saving of indexed TGA images - bug fixes and code cleanup @ text @$NetBSD: patch-af,v 1.1 2007/07/04 15:19:51 lkundrak Exp $ Fix for CVE-2007-2949 heap overflow from upstream. --- plug-ins/common/psd-load.c.orig 2007-07-04 17:08:32.000000000 +0200 +++ plug-ins/common/psd-load.c @@@@ -1291,7 +1291,7 @@@@ seek_to_and_unpack_pixeldata (FILE *fd, gint layeri, gint channeli) { - int width, height; + gint width, height; guchar *tmpline; gint compression; guint32 offset = 0; @@@@ -1305,6 +1305,12 @@@@ seek_to_and_unpack_pixeldata (FILE *fd, width = channel->width; height = channel->height; + if (width > G_MAXINT16 || height > G_MAXINT16) + { + g_message ("Error: Invalid channel dimensions"); + gimp_quit (); + } + IFDBG { printf ("\t\t\tLayer (%d) Channel (%d:%d) Compression: %d (%s)\n", @ 1.1 log @Fix for CVE-2007-2949 heap overflow. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-af was added on branch pkgsrc-2007Q2 on 2007-07-28 22:28:50 +0000 @ text @d1 28 @ 1.1.2.2 log @Pullup ticket 2136 - requested by lkundrak security fix for gimp - pkgsrc/graphics/gimp/Makefile 1.157 - pkgsrc/graphics/gimp/distinfo 1.35 - pkgsrc/graphics/gimp/patches/patch-ae 1.7 - pkgsrc/graphics/gimp24/Makefile 1.45 - pkgsrc/graphics/gimp24/distinfo 1.18 - pkgsrc/graphics/gimp24/patches/patch-af 1.1 Module Name: pkgsrc Committed By: lkundrak Date: Wed Jul 4 13:34:36 UTC 2007 Modified Files: pkgsrc/graphics/gimp: Makefile distinfo Added Files: pkgsrc/graphics/gimp/patches: patch-ae Log Message: Fix for CVE-2007-2949 heap overflow. Bump PKGREVISION. --- Module Name: pkgsrc Committed By: lkundrak Date: Wed Jul 4 15:19:52 UTC 2007 Modified Files: pkgsrc/graphics/gimp24: Makefile distinfo Added Files: pkgsrc/graphics/gimp24/patches: patch-af Log Message: Fix for CVE-2007-2949 heap overflow. Bump PKGREVISION. @ text @a0 28 $NetBSD$ Fix for CVE-2007-2949 heap overflow from upstream. --- plug-ins/common/psd-load.c.orig 2007-07-04 17:08:32.000000000 +0200 +++ plug-ins/common/psd-load.c @@@@ -1291,7 +1291,7 @@@@ seek_to_and_unpack_pixeldata (FILE *fd, gint layeri, gint channeli) { - int width, height; + gint width, height; guchar *tmpline; gint compression; guint32 offset = 0; @@@@ -1305,6 +1305,12 @@@@ seek_to_and_unpack_pixeldata (FILE *fd, width = channel->width; height = channel->height; + if (width > G_MAXINT16 || height > G_MAXINT16) + { + g_message ("Error: Invalid channel dimensions"); + gimp_quit (); + } + IFDBG { printf ("\t\t\tLayer (%d) Channel (%d:%d) Compression: %d (%s)\n", @