head 1.10; access; symbols pkgsrc-2015Q1:1.9.0.34 pkgsrc-2015Q1-base:1.9 pkgsrc-2014Q4:1.9.0.32 pkgsrc-2014Q4-base:1.9 pkgsrc-2014Q3:1.9.0.30 pkgsrc-2014Q3-base:1.9 pkgsrc-2014Q2:1.9.0.28 pkgsrc-2014Q2-base:1.9 pkgsrc-2014Q1:1.9.0.26 pkgsrc-2014Q1-base:1.9 pkgsrc-2013Q4:1.9.0.24 pkgsrc-2013Q4-base:1.9 pkgsrc-2013Q3:1.9.0.22 pkgsrc-2013Q3-base:1.9 pkgsrc-2013Q2:1.9.0.20 pkgsrc-2013Q2-base:1.9 pkgsrc-2013Q1:1.9.0.18 pkgsrc-2013Q1-base:1.9 pkgsrc-2012Q4:1.9.0.16 pkgsrc-2012Q4-base:1.9 pkgsrc-2012Q3:1.9.0.14 pkgsrc-2012Q3-base:1.9 pkgsrc-2012Q2:1.9.0.12 pkgsrc-2012Q2-base:1.9 pkgsrc-2012Q1:1.9.0.10 pkgsrc-2012Q1-base:1.9 pkgsrc-2011Q4:1.9.0.8 pkgsrc-2011Q4-base:1.9 pkgsrc-2011Q3:1.9.0.6 pkgsrc-2011Q3-base:1.9 pkgsrc-2011Q2:1.9.0.4 pkgsrc-2011Q2-base:1.9 pkgsrc-2011Q1:1.9.0.2 pkgsrc-2011Q1-base:1.9 pkgsrc-2010Q3:1.7.0.6 pkgsrc-2009Q4:1.7.0.4 pkgsrc-2009Q4-base:1.7 pkgsrc-2008Q4:1.7.0.2 pkgsrc-2008Q4-base:1.7 pkgsrc-2008Q3:1.6.0.10 pkgsrc-2008Q3-base:1.6 cube-native-xorg:1.6.0.8 cube-native-xorg-base:1.6 pkgsrc-2008Q2:1.6.0.6 pkgsrc-2008Q2-base:1.6 cwrapper:1.6.0.4 pkgsrc-2008Q1:1.6.0.2 pkgsrc-2008Q1-base:1.6 pkgsrc-2007Q4:1.5.0.20 pkgsrc-2007Q4-base:1.5 pkgsrc-2007Q3:1.5.0.18 pkgsrc-2007Q3-base:1.5 pkgsrc-2007Q2:1.5.0.16 pkgsrc-2007Q2-base:1.5 pkgsrc-2007Q1:1.5.0.14 pkgsrc-2007Q1-base:1.5 pkgsrc-2006Q4:1.5.0.12 pkgsrc-2006Q4-base:1.5 pkgsrc-2006Q3:1.5.0.10 pkgsrc-2006Q3-base:1.5 pkgsrc-2006Q2:1.5.0.8 pkgsrc-2006Q2-base:1.5 pkgsrc-2006Q1:1.5.0.6 pkgsrc-2006Q1-base:1.5 pkgsrc-2005Q4:1.5.0.4 pkgsrc-2005Q4-base:1.5 pkgsrc-2005Q3:1.5.0.2 pkgsrc-2005Q3-base:1.5 pkgsrc-2005Q2:1.4.0.2 pkgsrc-2005Q2-base:1.4 pkgsrc-2005Q1:1.3.0.6 pkgsrc-2005Q1-base:1.3 pkgsrc-2004Q4:1.3.0.4 pkgsrc-2004Q4-base:1.3 pkgsrc-2004Q3:1.3.0.2 pkgsrc-2004Q3-base:1.3 pkgsrc-2004Q2:1.2.0.2 pkgsrc-2004Q2-base:1.2; locks; strict; comment @# @; 1.10 date 2015.05.23.06.36.18; author kefren; state dead; branches; next 1.9; commitid 22Mu4KC3By5ljxmy; 1.9 date 2011.01.24.13.52.15; author wiz; state Exp; branches; next 1.8; 1.8 date 2011.01.21.10.21.51; author wiz; state Exp; branches; next 1.7; 1.7 date 2008.10.10.20.40.35; author kefren; state dead; branches 1.7.6.1; next 1.6; 1.6 date 2008.02.13.14.26.24; author kefren; state Exp; branches; next 1.5; 1.5 date 2005.07.31.19.23.00; author recht; state Exp; branches; next 1.4; 1.4 date 2005.06.19.02.59.41; author kristerw; state Exp; branches; next 1.3; 1.3 date 2004.06.26.20.19.42; author recht; state dead; branches; next 1.2; 1.2 date 2004.05.11.17.37.48; author recht; state Exp; branches; next 1.1; 1.1 date 2004.04.27.14.29.00; author adam; state Exp; branches; next ; 1.7.6.1 date 2008.10.10.20.40.35; author tron; state dead; branches; next 1.7.6.2; 1.7.6.2 date 2010.10.17.17.40.29; author tron; state Exp; branches; next ; desc @@ 1.10 log @Update gdiplus to 3.12 - latest on mono-project site, probably released as part of mono-3.12. No other information available from master site. @ text @$NetBSD: patch-aa,v 1.9 2011/01/24 13:52:15 wiz Exp $ Fix build with png-1.5. https://bugzilla.novell.com/show_bug.cgi?id=666583 --- src/pngcodec.c.orig 2010-11-03 16:52:54.000000000 +0000 +++ src/pngcodec.c @@@@ -116,10 +116,15 @@@@ gdip_load_png_properties (png_structp pn bitmap_data->dpi_horz = png_get_x_pixels_per_inch(png_ptr, info_ptr); bitmap_data->dpi_vert = png_get_y_pixels_per_inch(png_ptr, info_ptr); #elif defined(PNG_pHYs_SUPPORTED) - if ((info_ptr->valid & PNG_INFO_pHYs) && (info_ptr->phys_unit_type == PNG_RESOLUTION_METER)) { - bitmap_data->image_flags |= ImageFlagsHasRealDPI; - bitmap_data->dpi_horz = info_ptr->x_pixels_per_unit * 0.0254; - bitmap_data->dpi_vert = info_ptr->y_pixels_per_unit * 0.0254; + if (png_get_valid (png_ptr, info_ptr, PNG_INFO_pHYs)) { + png_uint_32 res_x, res_y; + int unit_type; + png_get_pHYs (png_ptr, info_ptr, &res_x, &res_y, &unit_type); + if (unit_type == PNG_RESOLUTION_METER) { + bitmap_data->image_flags |= ImageFlagsHasRealDPI; + bitmap_data->dpi_horz = res_x * 0.0254; + bitmap_data->dpi_vert = res_y * 0.0254; + } } #endif /* default to screen resolution (if nothing was provided or available) */ @@@@ -130,7 +135,7 @@@@ gdip_load_png_properties (png_structp pn #if defined(PNG_iCCP_SUPPORTED) { png_charp name; - png_charp profile; + png_bytep profile; png_uint_32 proflen; int compression_type; @@@@ -292,6 +297,11 @@@@ gdip_load_png_image_from_file_or_stream ImageFlags colourspace_flag; int i; int j; + png_colorp png_palette; + int png_num_palette; + png_bytep trans_alpha; + int num_trans; + png_color_16p trans_color; width = png_get_image_width (png_ptr, info_ptr); height = png_get_image_height (png_ptr, info_ptr); @@@@ -309,6 +319,8 @@@@ gdip_load_png_image_from_file_or_stream } /* Copy palette. */ + png_get_PLTE (png_ptr, info_ptr, &png_palette, &png_num_palette); + num_colours = 1 << bit_depth; if (png_get_color_type (png_ptr, info_ptr) == PNG_COLOR_TYPE_GRAY) { @@@@ -321,8 +333,8 @@@@ gdip_load_png_image_from_file_or_stream colourspace_flag = ImageFlagsColorSpaceRGB; palette_entries = num_colours; - if (palette_entries > info_ptr->num_palette) { - palette_entries = info_ptr->num_palette; + if (palette_entries > png_num_palette) { + palette_entries = png_num_palette; } palette = GdipAlloc (sizeof(ColorPalette) + (num_colours - 1) * sizeof(ARGB)); @@@@ -331,29 +343,30 @@@@ gdip_load_png_image_from_file_or_stream for (i=0; i < palette_entries; i++) { set_pixel_bgra (&palette->Entries[i], 0, - info_ptr->palette[i].blue, - info_ptr->palette[i].green, - info_ptr->palette[i].red, + png_palette[i].blue, + png_palette[i].green, + png_palette[i].red, 0xFF); /* alpha */ } } + png_get_tRNS (png_ptr, info_ptr, &trans_alpha, &num_trans, &trans_color); /* Make sure transparency is respected. */ - if (info_ptr->num_trans > 0) { + if (num_trans > 0) { palette->Flags |= PaletteFlagsHasAlpha; colourspace_flag |= ImageFlagsHasAlpha; - if (info_ptr->num_trans > info_ptr->num_palette) { - info_ptr->num_trans = info_ptr->num_palette; + if (num_trans > png_num_palette) { + num_trans = png_num_palette; } - for (i=0; i < info_ptr->num_trans; i++) { + for (i=0; i < num_trans; i++) { set_pixel_bgra(&palette->Entries[i], 0, - info_ptr->palette[i].blue, - info_ptr->palette[i].green, - info_ptr->palette[i].red, + png_palette[i].blue, + png_palette[i].green, + png_palette[i].red, #if PNG_LIBPNG_VER > 10399 - info_ptr->trans_alpha [i]); /* alpha */ + trans_alpha [i]); /* alpha */ #else info_ptr->trans[i]); /* alpha */ #endif @@@@ -398,6 +411,8 @@@@ gdip_load_png_image_from_file_or_stream BYTE bit_depth; int stride; int interlace; + png_colorp png_palette; + int png_num_palette; png_bytep *row_pointers; BYTE *rawptr; int i, j; @@@@ -490,32 +505,33 @@@@ gdip_load_png_image_from_file_or_stream png_byte palette = 0; png_byte pix = *rowp++; + png_get_PLTE (png_ptr, info_ptr, &png_palette, &png_num_palette); palette = (pix >> 6) & 0x03; set_pixel_bgra (rawptr, 0, - info_ptr->palette[palette].blue, - info_ptr->palette[palette].green, - info_ptr->palette[palette].red, + png_palette[palette].blue, + png_palette[palette].green, + png_palette[palette].red, 0xFF); /* alpha */ palette = (pix >> 4) & 0x03; set_pixel_bgra (rawptr, 4, - info_ptr->palette[palette].blue, - info_ptr->palette[palette].green, - info_ptr->palette[palette].red, + png_palette[palette].blue, + png_palette[palette].green, + png_palette[palette].red, 0xFF); /* alpha */ palette = (pix >> 2) & 0x03; set_pixel_bgra (rawptr, 8, - info_ptr->palette[palette].blue, - info_ptr->palette[palette].green, - info_ptr->palette[palette].red, + png_palette[palette].blue, + png_palette[palette].green, + png_palette[palette].red, 0xFF); /* alpha */ palette = pix & 0x03; set_pixel_bgra (rawptr, 12, - info_ptr->palette[palette].blue, - info_ptr->palette[palette].green, - info_ptr->palette[palette].red, + png_palette[palette].blue, + png_palette[palette].green, + png_palette[palette].red, 0xFF); /* alpha */ rawptr += 16; } @ 1.9 log @Add upstream bug report URL. @ text @d1 1 a1 1 $NetBSD: patch-aa,v 1.8 2011/01/21 10:21:51 wiz Exp $ @ 1.8 log @Fix build with png-1.5. @ text @d1 1 a1 1 $NetBSD$ d4 1 @ 1.7 log @Remove stale patch that I forgot to cvs delete during 2.0 update @ text @d1 164 a164 12 $NetBSD: patch-aa,v 1.6 2008/02/13 14:26:24 kefren Exp $ --- cairo/test/Makefile.in.orig 2007-12-06 20:53:56.000000000 +0200 +++ cairo/test/Makefile.in 2008-02-05 16:55:32.000000000 +0200 @@@@ -111,7 +111,7 @@@@ $(am__EXEEXT_11) $(am__EXEEXT_12) EXTRA_PROGRAMS = $(am__append_11) $(am__append_13) $(am__EXEEXT_9) \ $(am__EXEEXT_10) -@@HAVE_PTHREAD_TRUE@@am__append_9 = -lpthread +@@HAVE_PTHREAD_TRUE@@am__append_9 = ${PTHREAD_LDFLAGS} ${PTHREAD_LIBS} @@CAIRO_CAN_TEST_PDF_SURFACE_TRUE@@am__append_10 = pdf2png @@CAIRO_CAN_TEST_PDF_SURFACE_TRUE@@@@CAIRO_HAS_SVG_SURFACE_TRUE@@am__append_11 = pdf2svg$(EXEEXT) @@CAIRO_CAN_TEST_SVG_SURFACE_TRUE@@am__append_12 = svg2png @ 1.7.6.1 log @file patch-aa was added on branch pkgsrc-2010Q3 on 2010-10-17 17:40:29 +0000 @ text @d1 12 @ 1.7.6.2 log @Pullup ticket #3247 - requested by kefren graphics/libgdiplus: security patch Revisions pulled up: - graphics/libgdiplus/Makefile patch - graphics/libgdiplus/distinfo patch - graphics/libgdiplus/patches/patch-aa new file - graphics/libgdiplus/patches/patch-ab new file - graphics/libgdiplus/patches/patch-ac new file --- Apply patch to fix the security vulnerability reported in CVE-2010-1526 (execution of code via crafted TIFF, JPEG or BMP files.) @ text @a0 76 $NetBSD$ Fix for CVE-2010-1526 --- src/bmpcodec.c.orig 2009-09-25 18:06:51.000000000 +0300 +++ src/bmpcodec.c 2010-10-17 08:34:53.000000000 +0300 @@@@ -781,7 +781,6 @@@@ int colours; BOOL os2format = FALSE; BOOL upsidedown = TRUE; - int size; int size_read; BYTE *data_read = NULL; int line; @@@@ -793,6 +792,7 @@@@ ARGB green_mask = 0; ARGB blue_mask = 0; int red_shift = 0; + unsigned long long int size; status = gdip_read_BITMAPINFOHEADER (pointer, &bmi, source, &os2format, &upsidedown); if (status != Ok) @@@@ -860,23 +860,30 @@@@ result->active_bitmap->width = bmi.biWidth; result->active_bitmap->height = bmi.biHeight; + /* biWidth and biHeight are LONG (32 bits signed integer) */ + size = bmi.biWidth; + switch (result->active_bitmap->pixel_format) { case PixelFormat1bppIndexed: - result->active_bitmap->stride = (result->active_bitmap->width + 7) / 8; + result->active_bitmap->stride = (size + 7) / 8; break; case PixelFormat4bppIndexed: - result->active_bitmap->stride = (result->active_bitmap->width + 1) / 2; + result->active_bitmap->stride = (size + 1) / 2; break; case PixelFormat8bppIndexed: - result->active_bitmap->stride = result->active_bitmap->width; - break; - case PixelFormat24bppRGB: - result->active_bitmap->stride = result->active_bitmap->width * 4; + result->active_bitmap->stride = size; break; default: /* For other types, we assume 32 bit and translate into 32 bit from source format */ result->active_bitmap->pixel_format = PixelFormat32bppRGB; - result->active_bitmap->stride = result->active_bitmap->width * 4; + /* fall-thru */ + case PixelFormat24bppRGB: + /* stride is a (signed) _int_ and once multiplied by 4 it should hold a value that can be allocated by GdipAlloc + * this effectively limits 'width' to 536870911 pixels */ + size *= 4; + if (size > G_MAXINT32) + goto error; + result->active_bitmap->stride = size; break; } @@@@ -922,7 +929,14 @@@@ data_read = NULL; } - pixels = GdipAlloc (result->active_bitmap->stride * result->active_bitmap->height); + size = result->active_bitmap->stride; + /* ensure total 'size' does not overflow an integer and fits inside our 2GB limit */ + size *= result->active_bitmap->height; + if (size > G_MAXINT32) { + status = OutOfMemory; + goto error; + } + pixels = GdipAlloc (size); if (pixels == NULL) { status = OutOfMemory; goto error; @ 1.6 log @Update to libgdiplus 1.2.6 @ text @d1 1 a1 1 $NetBSD$ @ 1.5 log @update to 1.1.8 to match latest lang/mono release. changes: bugfixes and API enhancements @ text @d1 12 a12 16 $NetBSD: patch-aa,v 1.4 2005/06/19 02:59:41 kristerw Exp $ --- src/tiffcodec.c.orig 2005-06-13 21:17:10.000000000 +0200 +++ src/tiffcodec.c @@@@ -102,9 +102,10 @@@@ gdip_tiff_fileclose (thandle_t clientDat toff_t gdip_tiff_filesize (thandle_t clientData) { + long ret; long cur_pos = ftell ((FILE*)clientData); fseek ((FILE*)clientData, 0, SEEK_END); - long ret = ftell ((FILE*)clientData); + ret = ftell ((FILE*)clientData); fseek ((FILE*)clientData, cur_pos, SEEK_SET); return (toff_t)ret; } @ 1.4 log @Make this package build on NetBSD 1.6: * Fix C99-isms * Remove -Werror @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 --- src/tiffcodec.c.orig Sun Jun 19 04:45:51 2005 +++ src/tiffcodec.c Sun Jun 19 04:46:11 2005 @@@@ -102,9 +102,10 @@@@ @ 1.3 log @update to libgdiplus-0.10 (release candidate 1) No real NEWS file available, so guessing from the ChangeLog: - bug-fixes - tiff load/save from stream @ text @d1 1 a1 1 $NetBSD: patch-aa,v 1.2 2004/05/11 17:37:48 recht Exp $ d3 14 a16 12 --- src/jpegcodec.c.orig 2004-05-11 18:20:03.000000000 +0200 +++ src/jpegcodec.c @@@@ -20,6 +20,9 @@@@ #ifdef HAVE_LIBJPEG #include + +/* pkgsrc */ +#undef HAVE_STDLIB_H #include /* Codecinfo related data*/ @ 1.2 log @update to libgdiplus-0.5 (part of mono beta1) Sadly, there's no real news file avaiable. So, I guess it's the usual bug-fixes and optimizations. @ text @d1 1 a1 1 $NetBSD$ @ 1.1 log @patch-aa fixes errors due to changes in graphics/cairo API (thanks to Marc) @ text @d3 4 a6 3 --- src/Makefile.in.orig 2004-04-27 16:24:05.000000000 +0000 +++ src/Makefile.in @@@@ -120,7 +120,7 @@@@ libgdiplus_la_SOURCES = \ d8 5 a12 1 libgdiplus_la_LIBADD = $(GDIPLUS_LIBS) d14 1 a14 5 -INCLUDES = $(GDIPLUS_CFLAGS) -ansi -Werror +INCLUDES = $(GDIPLUS_CFLAGS) -ansi subdir = src mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs CONFIG_HEADER = $(top_builddir)/config.h @