Fix for CVE-2007-2949 heap overflow. Bump PKGREVISION.

2007-07-04 13:34:35 +00:00 · 2007-07-04 13:34:35 +00:00 · 5c76abf752
commit 5c76abf752
parent d1c58ef763
3 changed files with 23 additions and 3 deletions
--- a/graphics/gimp/Makefile
+++ b/graphics/gimp/Makefile
@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.156 2007/06/05 05:37:07 wiz Exp $
+# $NetBSD: Makefile,v 1.157 2007/07/04 13:34:35 lkundrak Exp $

 DISTNAME=	gimp-2.2.15
-PKGREVISION=	1
+PKGREVISION=	2
 CATEGORIES=	graphics
 MASTER_SITES=	ftp://ftp.gimp.org/pub/gimp/v2.2/ \
 		ftp://ftp.cs.umn.edu/pub/gimp/v2.2/ \
--- a/graphics/gimp/distinfo
+++ b/graphics/gimp/distinfo
@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.34 2007/05/28 12:20:42 adam Exp $
+$NetBSD: distinfo,v 1.35 2007/07/04 13:34:35 lkundrak Exp $

 SHA1 (gimp-2.2.15.tar.bz2) = ce2357139179e67f361e3ce1b1fb82d1dd5c08e4
 RMD160 (gimp-2.2.15.tar.bz2) = 322b5c07de9e6cc9b206d944278d58d8d6cd1e2f
@ -6,3 +6,4 @@ Size (gimp-2.2.15.tar.bz2) = 13097438 bytes
 SHA1 (patch-aa) = 6a25d14a018e02d353e6f10364384e9df7a30ebd
 SHA1 (patch-ab) = 461467b76c45e53042da8e3aee4bb9f556730792
 SHA1 (patch-ad) = 632c34e0fbeda69139b2b674d9c5ef80db40dcca
+SHA1 (patch-ae) = 079b081e8eb0c19d18060d9c21ea9d12df9c5cc4
--- a/graphics/gimp/patches/patch-ae
+++ b/graphics/gimp/patches/patch-ae
@ -0,0 +1,19 @@
+$NetBSD: patch-ae,v 1.7 2007/07/04 13:34:35 lkundrak Exp $
+
+Fix for CVE-2007-2949 heap overflow from upstream.
+
+--- plug-ins/common/psd.c.orig	2007-07-04 15:11:22.000000000 +0200
+++ plug-ins/common/psd.c
+@@ -1202,6 +1202,12 @@ seek_to_and_unpack_pixeldata(FILE* fd, g
+   width = channel->width;
+   height = channel->height;
+ 
+  if (width > G_MAXINT16 || height > G_MAXINT16)
+    {
+      g_message ("Error: Invalid channel dimensions");
+      gimp_quit ();
+    }
+
+   IFDBG
+     {
+       printf("\t\t\tLayer (%d) Channel (%d:%d) Compression: %d (%s)\n",