head	1.3;
access;
symbols
	pkgsrc-2013Q2:1.3.0.8
	pkgsrc-2013Q2-base:1.3
	pkgsrc-2012Q4:1.3.0.6
	pkgsrc-2012Q4-base:1.3
	pkgsrc-2011Q4:1.3.0.4
	pkgsrc-2011Q4-base:1.3
	pkgsrc-2011Q2:1.3.0.2
	pkgsrc-2011Q2-base:1.3
	pkgsrc-2010Q4:1.1.0.40
	pkgsrc-2010Q4-base:1.1
	pkgsrc-2010Q3:1.1.0.38
	pkgsrc-2010Q3-base:1.1
	pkgsrc-2010Q2:1.1.0.36
	pkgsrc-2010Q2-base:1.1
	pkgsrc-2010Q1:1.1.0.34
	pkgsrc-2010Q1-base:1.1
	pkgsrc-2009Q4:1.1.0.32
	pkgsrc-2009Q4-base:1.1
	pkgsrc-2009Q3:1.1.0.30
	pkgsrc-2009Q3-base:1.1
	pkgsrc-2009Q2:1.1.0.28
	pkgsrc-2009Q2-base:1.1
	pkgsrc-2009Q1:1.1.0.26
	pkgsrc-2009Q1-base:1.1
	pkgsrc-2008Q4:1.1.0.24
	pkgsrc-2008Q4-base:1.1
	pkgsrc-2008Q3:1.1.0.22
	pkgsrc-2008Q3-base:1.1
	cube-native-xorg:1.1.0.20
	cube-native-xorg-base:1.1
	pkgsrc-2008Q2:1.1.0.18
	pkgsrc-2008Q2-base:1.1
	cwrapper:1.1.0.16
	pkgsrc-2008Q1:1.1.0.14
	pkgsrc-2008Q1-base:1.1
	pkgsrc-2007Q4:1.1.0.12
	pkgsrc-2007Q4-base:1.1
	pkgsrc-2007Q3:1.1.0.10
	pkgsrc-2007Q3-base:1.1
	pkgsrc-2007Q2:1.1.0.8
	pkgsrc-2007Q2-base:1.1
	pkgsrc-2007Q1:1.1.0.6
	pkgsrc-2007Q1-base:1.1
	pkgsrc-2006Q4:1.1.0.4
	pkgsrc-2006Q4-base:1.1
	pkgsrc-2006Q3:1.1.0.2;
locks; strict;
comment	@# @;


1.3
date	2011.01.31.10.23.45;	author wiz;	state dead;
branches;
next	1.2;

1.2
date	2011.01.31.10.22.26;	author wiz;	state Exp;
branches;
next	1.1;

1.1
date	2006.11.24.12.46.12;	author drochner;	state Exp;
branches
	1.1.2.1;
next	;

1.1.2.1
date	2006.11.24.12.46.12;	author ghen;	state dead;
branches;
next	1.1.2.2;

1.1.2.2
date	2006.11.29.17.16.35;	author ghen;	state Exp;
branches;
next	;


desc
@@


1.3
log
@Remove obsolete patch (a very similar chunk is nowadays a few lines
higher, where the variables are defined).
@
text
@$NetBSD: patch-cb,v 1.2 2011/01/31 10:22:26 wiz Exp $

fix some insufficient validation of graphics files, patches from Ubuntu
(CVE-2006-4806, CVE-2006-4807, CVE-2006-4808, CVE-2006-4809)

--- src/modules/loaders/loader_jpeg.c.orig	2006-09-05 02:37:07.000000000 +0200
+++ src/modules/loaders/loader_jpeg.c
@@@@ -95,6 +95,13 @@@@ load(ImlibImage * im, ImlibProgressFunct
         UNSET_FLAG(im->flags, F_HAS_ALPHA);
         im->format = strdup("jpeg");
      }
+   if (w < 1 || h < 1 || w > 16383 || h > 16383)
+     {
+       im->w = im->h = 0;
+       jpeg_destroy_decompress(&cinfo);
+       fclose(f);
+       return 0;
+     }
    if (((!im->data) && (im->loader)) || (immediate_load) || (progress))
      {
         DATA8              *ptr, *line[16], *data;
@


1.2
log
@Add comments to patches.
@
text
@d1 1
a1 1
$NetBSD: patch-cb,v 1.1 2006/11/24 12:46:12 drochner Exp $
@


1.1
log
@fix some insufficient validation of graphics files, patches from Ubuntu
(CVE-2006-4806, CVE-2006-4807, CVE-2006-4808, CVE-2006-4809)
update to 1.3.0 (no changelog available)
@
text
@d1 4
a4 1
$NetBSD$
@


1.1.2.1
log
@file patch-cb was added on branch pkgsrc-2006Q3 on 2006-11-24 12:46:12 +0000
@
text
@d1 18
@


1.1.2.2
log
@Pullup ticket 1926 - requested by drochner
security update for imlib2

- pkgsrc/graphics/imlib2/Makefile		1.41
- pkgsrc/graphics/imlib2/PLIST			1.8
- pkgsrc/graphics/imlib2/distinfo		1.17
- pkgsrc/graphics/imlib2/patches/patch-aa	removed
- pkgsrc/graphics/imlib2/patches/patch-ba	removed
- pkgsrc/graphics/imlib2/patches/patch-bb	removed
- pkgsrc/graphics/imlib2/patches/patch-bc	removed
- pkgsrc/graphics/imlib2/patches/patch-bd	removed
- pkgsrc/graphics/imlib2/patches/patch-ca	1.1
- pkgsrc/graphics/imlib2/patches/patch-cb	1.1
- pkgsrc/graphics/imlib2/patches/patch-cc	1.1
- pkgsrc/graphics/imlib2/patches/patch-cd	1.1
- pkgsrc/graphics/imlib2/patches/patch-ce	1.1
- pkgsrc/graphics/imlib2/patches/patch-cf	1.1
- pkgsrc/graphics/imlib2/patches/patch-cg	1.1

   Module Name:    pkgsrc
   Committed By:   drochner
   Date:           Fri Nov 24 12:46:12 UTC 2006

   Modified Files:
        pkgsrc/graphics/imlib2: Makefile PLIST distinfo
   Added Files:
        pkgsrc/graphics/imlib2/patches: patch-ca patch-cb patch-cc patch-cd
            patch-ce patch-cf patch-cg
   Removed Files:
        pkgsrc/graphics/imlib2/patches: patch-ba patch-bb patch-bc patch-bd

   Log Message:
   fix some insufficient validation of graphics files, patches from Ubuntu
   (CVE-2006-4806, CVE-2006-4807, CVE-2006-4808, CVE-2006-4809)
   update to 1.3.0 (no changelog available)
---
   Module Name:	pkgsrc
   Committed By:	drochner
   Date:		Wed Nov 29 15:37:09 UTC 2006

   Removed Files:
	pkgsrc/graphics/imlib2/patches: patch-aa

   Log Message:
   remove stale patchfile, pointed out by Kouichirou Hiratsuka
@
text
@a0 18
$NetBSD: patch-cb,v 1.1.2.1 2006/11/29 17:16:35 ghen Exp $

--- src/modules/loaders/loader_jpeg.c.orig	2006-09-05 02:37:07.000000000 +0200
+++ src/modules/loaders/loader_jpeg.c
@@@@ -95,6 +95,13 @@@@ load(ImlibImage * im, ImlibProgressFunct
         UNSET_FLAG(im->flags, F_HAS_ALPHA);
         im->format = strdup("jpeg");
      }
+   if (w < 1 || h < 1 || w > 16383 || h > 16383)
+     {
+       im->w = im->h = 0;
+       jpeg_destroy_decompress(&cinfo);
+       fclose(f);
+       return 0;
+     }
    if (((!im->data) && (im->loader)) || (immediate_load) || (progress))
      {
         DATA8              *ptr, *line[16], *data;
@