add patch from upstream to fix excessive memory use due improper checking of certain return values in GIF image loader (CVE-2011-2485) bump PKGREVdiff -r1.5 -r1.6 pkgsrc/graphics/gdk-pixbuf2/Makefile
(drochner)
| @@ -1,19 +1,19 @@ | @@ -1,19 +1,19 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.5 2011/04/22 13:42:26 obache Exp $ | 1 | # $NetBSD: Makefile,v 1.6 2011/07/08 11:31:24 drochner Exp $ | |
| 2 | # | 2 | # | |
| 3 | 3 | |||
| 4 | DISTNAME= gdk-pixbuf-2.22.1 | 4 | DISTNAME= gdk-pixbuf-2.22.1 | |
| 5 | PKGNAME= gdk-pixbuf2-2.22.1 | 5 | PKGNAME= gdk-pixbuf2-2.22.1 | |
| 6 | PKGREVISION= 2 | 6 | PKGREVISION= 3 | |
| 7 | CATEGORIES= graphics | 7 | CATEGORIES= graphics | |
| 8 | MASTER_SITES= ${MASTER_SITE_GNOME:=sources/gdk-pixbuf/2.22/} | 8 | MASTER_SITES= ${MASTER_SITE_GNOME:=sources/gdk-pixbuf/2.22/} | |
| 9 | EXTRACT_SUFX= .tar.bz2 | 9 | EXTRACT_SUFX= .tar.bz2 | |
| 10 | 10 | |||
| 11 | MAINTAINER= pkgsrc-users@NetBSD.org | 11 | MAINTAINER= pkgsrc-users@NetBSD.org | |
| 12 | HOMEPAGE= ftp://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/2.22/ | 12 | HOMEPAGE= ftp://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/2.22/ | |
| 13 | COMMENT= Image loaders for gtk2 | 13 | COMMENT= Image loaders for gtk2 | |
| 14 | LICENSE= gnu-gpl-v2 | 14 | LICENSE= gnu-gpl-v2 | |
| 15 | 15 | |||
| 16 | CONFLICTS+= gtk2+<2.22 | 16 | CONFLICTS+= gtk2+<2.22 | |
| 17 | PKG_DESTDIR_SUPPORT= user-destdir | 17 | PKG_DESTDIR_SUPPORT= user-destdir | |
| 18 | 18 | |||
| 19 | GNU_CONFIGURE= yes | 19 | GNU_CONFIGURE= yes |
| @@ -1,11 +1,12 @@ | @@ -1,11 +1,12 @@ | |||
| 1 | $NetBSD: distinfo,v 1.6 2011/01/24 12:29:42 wiz Exp $ | 1 | $NetBSD: distinfo,v 1.7 2011/07/08 11:31:24 drochner Exp $ | |
| 2 | 2 | |||
| 3 | SHA1 (gdk-pixbuf-2.22.1.tar.bz2) = b452208963ddd84f7280865695b50255fcafaa2e | 3 | SHA1 (gdk-pixbuf-2.22.1.tar.bz2) = b452208963ddd84f7280865695b50255fcafaa2e | |
| 4 | RMD160 (gdk-pixbuf-2.22.1.tar.bz2) = d05d6642e147281b7dc1dd21657595333f13f6f1 | 4 | RMD160 (gdk-pixbuf-2.22.1.tar.bz2) = d05d6642e147281b7dc1dd21657595333f13f6f1 | |
| 5 | Size (gdk-pixbuf-2.22.1.tar.bz2) = 1543273 bytes | 5 | Size (gdk-pixbuf-2.22.1.tar.bz2) = 1543273 bytes | |
| 6 | SHA1 (patch-aa) = 4ba8d71c089ba1e18ffa42fdb2c9b81b07168411 | 6 | SHA1 (patch-aa) = 4ba8d71c089ba1e18ffa42fdb2c9b81b07168411 | |
| 7 | SHA1 (patch-ab) = d18a235ce973ef132e9dc777b1cf029b064c02ef | 7 | SHA1 (patch-ab) = d18a235ce973ef132e9dc777b1cf029b064c02ef | |
| 8 | SHA1 (patch-ac) = f8c8ff3175cee6a88938a0aaa081d3bd832a050d | 8 | SHA1 (patch-ac) = f8c8ff3175cee6a88938a0aaa081d3bd832a050d | |
| 9 | SHA1 (patch-ad) = 224ce909009d1d0ac42ba938987877c39b9aa380 | 9 | SHA1 (patch-ad) = 224ce909009d1d0ac42ba938987877c39b9aa380 | |
| 10 | SHA1 (patch-ae) = e13fe0ad5a3e313bc4d6daa3c30f00fb66788534 | 10 | SHA1 (patch-ae) = e13fe0ad5a3e313bc4d6daa3c30f00fb66788534 | |
| 11 | SHA1 (patch-af) = 4f7de87f3e840ceb282885ab806648e8dba28cff | 11 | SHA1 (patch-af) = 4f7de87f3e840ceb282885ab806648e8dba28cff | |
| 12 | SHA1 (patch-ag) = ac7a5823167eb476c88eb0fe3fde88ccd1b70cf0 |
$NetBSD: patch-ag,v 1.1 2011/07/08 11:31:24 drochner Exp $
CVE-2011-2485
--- gdk-pixbuf/io-gif.c.orig 2010-07-10 00:54:13.000000000 +0000
+++ gdk-pixbuf/io-gif.c
@@ -1455,6 +1455,7 @@ gdk_pixbuf__gif_image_load (FILE *file,
{
GifContext *context;
GdkPixbuf *pixbuf;
+ gint retval;
g_return_val_if_fail (file != NULL, NULL);
@@ -1472,19 +1473,25 @@ gdk_pixbuf__gif_image_load (FILE *file,
context->error = error;
context->stop_after_first_frame = TRUE;
- if (gif_main_loop (context) == -1 || context->animation->frames == NULL) {
+ retval = gif_main_loop (context);
+ if (retval == -1 || context->animation->frames == NULL) {
if (context->error && *(context->error) == NULL)
g_set_error_literal (context->error,
GDK_PIXBUF_ERROR,
GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
_("GIF file was missing some data (perhaps it was truncated somehow?)"));
}
+ else if (retval == -2) {
+ pixbuf = NULL;
+ goto out;
+ }
pixbuf = gdk_pixbuf_animation_get_static_image (GDK_PIXBUF_ANIMATION (context->animation));
if (pixbuf)
g_object_ref (pixbuf);
+out:
g_object_unref (context->animation);
g_free (context->buf);