head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.24 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.22 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.2.0.20 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q2:1.2.0.18 pkgsrc-2011Q2-base:1.2 pkgsrc-2009Q4:1.2.0.16 pkgsrc-2009Q4-base:1.2 pkgsrc-2008Q4:1.2.0.14 pkgsrc-2008Q4-base:1.2 pkgsrc-2008Q3:1.2.0.12 pkgsrc-2008Q3-base:1.2 cube-native-xorg:1.2.0.10 cube-native-xorg-base:1.2 pkgsrc-2008Q2:1.2.0.8 pkgsrc-2008Q2-base:1.2 pkgsrc-2008Q1:1.2.0.6 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.2.0.4 pkgsrc-2007Q4-base:1.2 pkgsrc-2007Q3:1.2.0.2 pkgsrc-2007Q3-base:1.2 pkgsrc-2007Q2:1.1.0.8 pkgsrc-2007Q2-base:1.1 pkgsrc-2007Q1:1.1.0.6 pkgsrc-2007Q1-base:1.1 pkgsrc-2006Q4:1.1.0.4 pkgsrc-2006Q4-base:1.1 pkgsrc-2006Q3:1.1.0.2; locks; strict; comment @# @; 1.2 date 2007.09.18.19.18.11; author drochner; state dead; branches; next 1.1; 1.1 date 2006.11.24.12.46.12; author drochner; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2006.11.24.12.46.12; author ghen; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2006.11.29.17.16.35; author ghen; state Exp; branches; next ; desc @@ 1.2 log @update to 1.4.0 changes: security fixes, and a few crashes fixed @ text @$NetBSD: patch-cc,v 1.1 2006/11/24 12:46:12 drochner Exp $ --- src/modules/loaders/loader_lbm.c.orig 2006-09-06 13:34:49.000000000 +0200 +++ src/modules/loaders/loader_lbm.c @@@@ -421,7 +421,7 @@@@ ILBM ilbm; im->w = L2RWORD(ilbm.bmhd.data); im->h = L2RWORD(ilbm.bmhd.data + 2); - if (im->w <= 0 || im->h <= 0) ok = 0; + if (im->w <= 0 || im->h <= 0 || im->w > 16383 || im->h > 16383) ok = 0; ilbm.depth = ilbm.bmhd.data[8]; if (ilbm.depth < 1 || (ilbm.depth > 8 && ilbm.depth != 24 && ilbm.depth != 32)) ok = 0; /* Only 1 to 8, 24, or 32 planes. */ @@@@ -453,6 +453,7 @@@@ ILBM ilbm; } } if (!full || !ok) { + im->w = im->h = 0; freeilbm(&ilbm); return ok; } @@@@ -467,12 +468,13 @@@@ ILBM ilbm; cancel = 0; plane[0] = NULL; + n = ilbm.depth; + if (ilbm.mask == 1) n++; + im->data = malloc(im->w * im->h * sizeof(DATA32)); - if (im->data) { - n = ilbm.depth; - if (ilbm.mask == 1) n++; + plane[0] = malloc(((im->w + 15) / 16) * 2 * n); + if (im->data && plane[0]) { - plane[0] = malloc(((im->w + 15) / 16) * 2 * n); for (i = 1; i < n; i++) plane[i] = plane[i - 1] + ((im->w + 15) / 16) * 2; z = ((im->w + 15) / 16) * 2 * n; @@@@ -511,6 +513,7 @@@@ ILBM ilbm; * the memory for im->data. *----------*/ if (!ok) { + im->w = im->h = 0; if (im->data) free(im->data); im->data = NULL; } @ 1.1 log @fix some insufficient validation of graphics files, patches from Ubuntu (CVE-2006-4806, CVE-2006-4807, CVE-2006-4808, CVE-2006-4809) update to 1.3.0 (no changelog available) @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-cc was added on branch pkgsrc-2006Q3 on 2006-11-24 12:46:12 +0000 @ text @d1 47 @ 1.1.2.2 log @Pullup ticket 1926 - requested by drochner security update for imlib2 - pkgsrc/graphics/imlib2/Makefile 1.41 - pkgsrc/graphics/imlib2/PLIST 1.8 - pkgsrc/graphics/imlib2/distinfo 1.17 - pkgsrc/graphics/imlib2/patches/patch-aa removed - pkgsrc/graphics/imlib2/patches/patch-ba removed - pkgsrc/graphics/imlib2/patches/patch-bb removed - pkgsrc/graphics/imlib2/patches/patch-bc removed - pkgsrc/graphics/imlib2/patches/patch-bd removed - pkgsrc/graphics/imlib2/patches/patch-ca 1.1 - pkgsrc/graphics/imlib2/patches/patch-cb 1.1 - pkgsrc/graphics/imlib2/patches/patch-cc 1.1 - pkgsrc/graphics/imlib2/patches/patch-cd 1.1 - pkgsrc/graphics/imlib2/patches/patch-ce 1.1 - pkgsrc/graphics/imlib2/patches/patch-cf 1.1 - pkgsrc/graphics/imlib2/patches/patch-cg 1.1 Module Name: pkgsrc Committed By: drochner Date: Fri Nov 24 12:46:12 UTC 2006 Modified Files: pkgsrc/graphics/imlib2: Makefile PLIST distinfo Added Files: pkgsrc/graphics/imlib2/patches: patch-ca patch-cb patch-cc patch-cd patch-ce patch-cf patch-cg Removed Files: pkgsrc/graphics/imlib2/patches: patch-ba patch-bb patch-bc patch-bd Log Message: fix some insufficient validation of graphics files, patches from Ubuntu (CVE-2006-4806, CVE-2006-4807, CVE-2006-4808, CVE-2006-4809) update to 1.3.0 (no changelog available) --- Module Name: pkgsrc Committed By: drochner Date: Wed Nov 29 15:37:09 UTC 2006 Removed Files: pkgsrc/graphics/imlib2/patches: patch-aa Log Message: remove stale patchfile, pointed out by Kouichirou Hiratsuka @ text @a0 47 $NetBSD: patch-cc,v 1.1.2.1 2006/11/29 17:16:35 ghen Exp $ --- src/modules/loaders/loader_lbm.c.orig 2006-09-06 13:34:49.000000000 +0200 +++ src/modules/loaders/loader_lbm.c @@@@ -421,7 +421,7 @@@@ ILBM ilbm; im->w = L2RWORD(ilbm.bmhd.data); im->h = L2RWORD(ilbm.bmhd.data + 2); - if (im->w <= 0 || im->h <= 0) ok = 0; + if (im->w <= 0 || im->h <= 0 || im->w > 16383 || im->h > 16383) ok = 0; ilbm.depth = ilbm.bmhd.data[8]; if (ilbm.depth < 1 || (ilbm.depth > 8 && ilbm.depth != 24 && ilbm.depth != 32)) ok = 0; /* Only 1 to 8, 24, or 32 planes. */ @@@@ -453,6 +453,7 @@@@ ILBM ilbm; } } if (!full || !ok) { + im->w = im->h = 0; freeilbm(&ilbm); return ok; } @@@@ -467,12 +468,13 @@@@ ILBM ilbm; cancel = 0; plane[0] = NULL; + n = ilbm.depth; + if (ilbm.mask == 1) n++; + im->data = malloc(im->w * im->h * sizeof(DATA32)); - if (im->data) { - n = ilbm.depth; - if (ilbm.mask == 1) n++; + plane[0] = malloc(((im->w + 15) / 16) * 2 * n); + if (im->data && plane[0]) { - plane[0] = malloc(((im->w + 15) / 16) * 2 * n); for (i = 1; i < n; i++) plane[i] = plane[i - 1] + ((im->w + 15) / 16) * 2; z = ((im->w + 15) / 16) * 2 * n; @@@@ -511,6 +513,7 @@@@ ILBM ilbm; * the memory for im->data. *----------*/ if (!ok) { + im->w = im->h = 0; if (im->data) free(im->data); im->data = NULL; } @