head 1.10; access; symbols pkgsrc-2026Q1:1.10.0.96 pkgsrc-2026Q1-base:1.10 pkgsrc-2025Q4:1.10.0.94 pkgsrc-2025Q4-base:1.10 pkgsrc-2025Q3:1.10.0.92 pkgsrc-2025Q3-base:1.10 pkgsrc-2025Q2:1.10.0.90 pkgsrc-2025Q2-base:1.10 pkgsrc-2025Q1:1.10.0.88 pkgsrc-2025Q1-base:1.10 pkgsrc-2024Q4:1.10.0.86 pkgsrc-2024Q4-base:1.10 pkgsrc-2024Q3:1.10.0.84 pkgsrc-2024Q3-base:1.10 pkgsrc-2024Q2:1.10.0.82 pkgsrc-2024Q2-base:1.10 pkgsrc-2024Q1:1.10.0.80 pkgsrc-2024Q1-base:1.10 pkgsrc-2023Q4:1.10.0.78 pkgsrc-2023Q4-base:1.10 pkgsrc-2023Q3:1.10.0.76 pkgsrc-2023Q3-base:1.10 pkgsrc-2023Q2:1.10.0.74 pkgsrc-2023Q2-base:1.10 pkgsrc-2023Q1:1.10.0.72 pkgsrc-2023Q1-base:1.10 pkgsrc-2022Q4:1.10.0.70 pkgsrc-2022Q4-base:1.10 pkgsrc-2022Q3:1.10.0.68 pkgsrc-2022Q3-base:1.10 pkgsrc-2022Q2:1.10.0.66 pkgsrc-2022Q2-base:1.10 pkgsrc-2022Q1:1.10.0.64 pkgsrc-2022Q1-base:1.10 pkgsrc-2021Q4:1.10.0.62 pkgsrc-2021Q4-base:1.10 pkgsrc-2021Q3:1.10.0.60 pkgsrc-2021Q3-base:1.10 pkgsrc-2021Q2:1.10.0.58 pkgsrc-2021Q2-base:1.10 pkgsrc-2021Q1:1.10.0.56 pkgsrc-2021Q1-base:1.10 pkgsrc-2020Q4:1.10.0.54 pkgsrc-2020Q4-base:1.10 pkgsrc-2020Q3:1.10.0.52 pkgsrc-2020Q3-base:1.10 pkgsrc-2020Q2:1.10.0.48 pkgsrc-2020Q2-base:1.10 pkgsrc-2020Q1:1.10.0.28 pkgsrc-2020Q1-base:1.10 pkgsrc-2019Q4:1.10.0.50 pkgsrc-2019Q4-base:1.10 pkgsrc-2019Q3:1.10.0.46 pkgsrc-2019Q3-base:1.10 pkgsrc-2019Q2:1.10.0.44 pkgsrc-2019Q2-base:1.10 pkgsrc-2019Q1:1.10.0.42 pkgsrc-2019Q1-base:1.10 pkgsrc-2018Q4:1.10.0.40 pkgsrc-2018Q4-base:1.10 pkgsrc-2018Q3:1.10.0.38 pkgsrc-2018Q3-base:1.10 pkgsrc-2018Q2:1.10.0.36 pkgsrc-2018Q2-base:1.10 pkgsrc-2018Q1:1.10.0.34 pkgsrc-2018Q1-base:1.10 pkgsrc-2017Q4:1.10.0.32 pkgsrc-2017Q4-base:1.10 pkgsrc-2017Q3:1.10.0.30 pkgsrc-2017Q3-base:1.10 pkgsrc-2017Q2:1.10.0.26 pkgsrc-2017Q2-base:1.10 pkgsrc-2017Q1:1.10.0.24 pkgsrc-2017Q1-base:1.10 pkgsrc-2016Q4:1.10.0.22 pkgsrc-2016Q4-base:1.10 pkgsrc-2016Q3:1.10.0.20 pkgsrc-2016Q3-base:1.10 pkgsrc-2016Q2:1.10.0.18 pkgsrc-2016Q2-base:1.10 pkgsrc-2016Q1:1.10.0.16 pkgsrc-2016Q1-base:1.10 pkgsrc-2015Q4:1.10.0.14 pkgsrc-2015Q4-base:1.10 pkgsrc-2015Q3:1.10.0.12 pkgsrc-2015Q3-base:1.10 pkgsrc-2015Q2:1.10.0.10 pkgsrc-2015Q2-base:1.10 pkgsrc-2015Q1:1.10.0.8 pkgsrc-2015Q1-base:1.10 pkgsrc-2014Q4:1.10.0.6 pkgsrc-2014Q4-base:1.10 pkgsrc-2014Q3:1.10.0.4 pkgsrc-2014Q3-base:1.10 pkgsrc-2014Q2:1.10.0.2 pkgsrc-2014Q2-base:1.10 pkgsrc-2014Q1:1.9.0.6 pkgsrc-2014Q1-base:1.9 pkgsrc-2013Q4:1.9.0.4 pkgsrc-2013Q4-base:1.9 pkgsrc-2013Q3:1.9.0.2 pkgsrc-2013Q3-base:1.9 pkgsrc-2013Q2:1.7.0.20 pkgsrc-2013Q2-base:1.7 pkgsrc-2013Q1:1.7.0.18 pkgsrc-2013Q1-base:1.7 pkgsrc-2012Q4:1.7.0.16 pkgsrc-2012Q4-base:1.7 pkgsrc-2012Q3:1.7.0.14 pkgsrc-2012Q3-base:1.7 pkgsrc-2012Q2:1.7.0.12 pkgsrc-2012Q2-base:1.7 pkgsrc-2012Q1:1.7.0.10 pkgsrc-2012Q1-base:1.7 pkgsrc-2011Q4:1.7.0.8 pkgsrc-2011Q4-base:1.7 pkgsrc-2011Q3:1.7.0.6 pkgsrc-2011Q3-base:1.7 pkgsrc-2011Q2:1.7.0.4 pkgsrc-2011Q2-base:1.7 pkgsrc-2011Q1:1.7.0.2 pkgsrc-2011Q1-base:1.7 pkgsrc-2010Q4:1.6.0.54 pkgsrc-2010Q4-base:1.6 pkgsrc-2010Q3:1.6.0.52 pkgsrc-2010Q3-base:1.6 pkgsrc-2010Q2:1.6.0.50 pkgsrc-2010Q2-base:1.6 pkgsrc-2010Q1:1.6.0.48 pkgsrc-2010Q1-base:1.6 pkgsrc-2009Q4:1.6.0.46 pkgsrc-2009Q4-base:1.6 pkgsrc-2009Q3:1.6.0.44 pkgsrc-2009Q3-base:1.6 pkgsrc-2009Q2:1.6.0.42 pkgsrc-2009Q2-base:1.6 pkgsrc-2009Q1:1.6.0.40 pkgsrc-2009Q1-base:1.6 pkgsrc-2008Q4:1.6.0.38 pkgsrc-2008Q4-base:1.6 pkgsrc-2008Q3:1.6.0.36 pkgsrc-2008Q3-base:1.6 cube-native-xorg:1.6.0.34 cube-native-xorg-base:1.6 pkgsrc-2008Q2:1.6.0.32 pkgsrc-2008Q2-base:1.6 cwrapper:1.6.0.30 pkgsrc-2008Q1:1.6.0.28 pkgsrc-2008Q1-base:1.6 pkgsrc-2007Q4:1.6.0.26 pkgsrc-2007Q4-base:1.6 pkgsrc-2007Q3:1.6.0.24 pkgsrc-2007Q3-base:1.6 pkgsrc-2007Q2:1.6.0.22 pkgsrc-2007Q2-base:1.6 pkgsrc-2007Q1:1.6.0.20 pkgsrc-2007Q1-base:1.6 pkgsrc-2006Q4:1.6.0.18 pkgsrc-2006Q4-base:1.6 pkgsrc-2006Q3:1.6.0.16 pkgsrc-2006Q3-base:1.6 pkgsrc-2006Q2:1.6.0.14 pkgsrc-2006Q2-base:1.6 pkgsrc-2006Q1:1.6.0.12 pkgsrc-2006Q1-base:1.6 pkgsrc-2005Q4:1.6.0.10 pkgsrc-2005Q4-base:1.6 pkgsrc-2005Q3:1.6.0.8 pkgsrc-2005Q3-base:1.6 pkgsrc-2005Q2:1.6.0.6 pkgsrc-2005Q2-base:1.6 pkgsrc-2005Q1:1.6.0.4 pkgsrc-2005Q1-base:1.6 pkgsrc-2004Q4:1.6.0.2 pkgsrc-2004Q4-base:1.6 pkgsrc-2004Q3:1.5.0.16 pkgsrc-2004Q3-base:1.5 pkgsrc-2004Q2:1.5.0.14 pkgsrc-2004Q2-base:1.5 pkgsrc-2004Q1:1.5.0.12 pkgsrc-2004Q1-base:1.5 pkgsrc-2003Q4:1.5.0.10 pkgsrc-2003Q4-base:1.5 netbsd-1-6-1:1.5.0.6 netbsd-1-6-1-base:1.5 netbsd-1-6:1.5.0.8 netbsd-1-6-RELEASE-base:1.5 pkgviews:1.5.0.4 pkgviews-base:1.5 buildlink2:1.5.0.2 buildlink2-base:1.5 netbsd-1-5-PATCH003:1.5 netbsd-1-5-PATCH001:1.3 netbsd-1-5-RELEASE:1.3 netbsd-1-4-PATCH003:1.3 netbsd-1-4-PATCH001:1.1 netbsd-1-4-RELEASE:1.1 netbsd-1-3-PATCH003:1.1; locks; strict; comment @# @; 1.10 date 2014.05.22.11.50.41; author obache; state Exp; branches; next 1.9; commitid Cw6y49SaUxaBOwBx; 1.9 date 2013.08.17.15.42.28; author joerg; state Exp; branches; next 1.8; commitid pcgv5jpF3JCm2P1x; 1.8 date 2013.08.15.16.26.36; author joerg; state Exp; branches; next 1.7; commitid 2UuZrSjtMs0ylz1x; 1.7 date 2011.01.23.16.16.39; author wiz; state Exp; branches; next 1.6; 1.6 date 2004.12.10.09.30.42; author salo; state Exp; branches; next 1.5; 1.5 date 2002.03.19.16.16.08; author wiz; state Exp; branches 1.5.16.1; next 1.4; 1.4 date 2001.08.13.11.14.31; author rh; state Exp; branches; next 1.3; 1.3 date 2000.06.17.01.09.36; author wiz; state Exp; branches; next 1.2; 1.2 date 99.10.09.20.12.11; author jlam; state dead; branches; next 1.1; 1.1 date 98.09.04.13.13.17; author agc; state Exp; branches; next ; 1.5.16.1 date 2004.12.13.18.03.27; author salo; state Exp; branches; next ; desc @@ 1.10 log @Fixes build with giflib>=5.1, and fixes buges introduced as giflib-5.0 support. @ text @$NetBSD: patch-ab,v 1.9 2013/08/17 15:42:28 joerg Exp $ Middle chunks: Fix build with png-1.5 and giflib>=5 Others: ??? --- Imlib/load.c.orig 2004-09-21 00:23:20.000000000 +0000 +++ Imlib/load.c @@@@ -4,8 +4,20 @@@@ #include "Imlib_private.h" #include +#define G_MAXINT ((int) 0x7fffffff) + /* Split the ID - damages input */ +static void +PrintGifError(int ErrorCode) { + char *Err = GifErrorString(ErrorCode); + + if (Err != NULL) + fprintf(stderr, "GIF-LIB error: %s.\n", Err); + else + fprintf(stderr, "GIF-LIB undefined error %d.\n", ErrorCode); +} + static char * _SplitID(char *file) { @@@@ -41,13 +53,17 @@@@ _GetExtension(char *file) /* * Make sure we don't wrap on our memory allocations + * we check G_MAXINT/4 because rend.c malloc's w * h * bpp + * + 3 is safety margin */ void * _imlib_malloc_image(unsigned int w, unsigned int h) { - if( w > 32767 || h > 32767) + if (w <= 0 || w > 32767 || + h <= 0 || h > 32767 || + h >= (G_MAXINT/4 - 1) / w) return NULL; - return malloc(w * h * 3); + return malloc(w * h * 3 + 3); } #ifdef HAVE_LIBJPEG @@@@ -191,12 +207,12 @@@@ _LoadPNG(ImlibData * id, FILE * f, int * png_destroy_read_struct(&png_ptr, NULL, NULL); return NULL; } - if (setjmp(png_ptr->jmpbuf)) + if (setjmp(png_jmpbuf(png_ptr))) { png_destroy_read_struct(&png_ptr, &info_ptr, NULL); return NULL; } - if (info_ptr->color_type == PNG_COLOR_TYPE_RGB_ALPHA) + if (png_get_color_type(png_ptr, info_ptr) == PNG_COLOR_TYPE_RGB_ALPHA) { png_destroy_read_struct(&png_ptr, &info_ptr, NULL); return NULL; @@@@ -254,7 +270,8 @@@@ _LoadPNG(ImlibData * id, FILE * f, int * png_read_image(png_ptr, lines); png_destroy_read_struct(&png_ptr, &info_ptr, NULL); ptr = data; - if (color_type == PNG_COLOR_TYPE_GRAY_ALPHA) + if (color_type == PNG_COLOR_TYPE_GRAY + || color_type == PNG_COLOR_TYPE_GRAY_ALPHA) { for (y = 0; y < *h; y++) { @@@@ -279,6 +296,7 @@@@ _LoadPNG(ImlibData * id, FILE * f, int * } } } +#if 0 else if (color_type == PNG_COLOR_TYPE_GRAY) { for (y = 0; y < *h; y++) @@@@ -294,6 +312,7 @@@@ _LoadPNG(ImlibData * id, FILE * f, int * } } } +#endif else { for (y = 0; y < *h; y++) @@@@ -360,7 +379,9 @@@@ _LoadTIFF(ImlibData * id, FILE *f, char npix = ww * hh; *w = (int)ww; *h = (int)hh; - if(ww > 32767 || hh > 32767) + if (ww <= 0 || ww > 32767 || + hh <= 0 || hh > 32767 || + hh >= (G_MAXINT/sizeof(uint32)) / ww) { TIFFClose(tif); return NULL; @@@@ -443,7 +464,7 @@@@ _LoadGIF(ImlibData * id, FILE *f, int *w fd = fileno(f); /* Apparently rewind(f) isn't sufficient */ lseek(fd, (long) 0, 0); - gif = DGifOpenFileHandle(fd); + gif = DGifOpenFileHandle(fd, NULL); if (!gif) return NULL; @@@@ -451,32 +472,32 @@@@ _LoadGIF(ImlibData * id, FILE *f, int *w { if (DGifGetRecordType(gif, &rec) == GIF_ERROR) { - PrintGifError(); + PrintGifError(gif->Error); rec = TERMINATE_RECORD_TYPE; } if ((rec == IMAGE_DESC_RECORD_TYPE) && (!done)) { if (DGifGetImageDesc(gif) == GIF_ERROR) { - PrintGifError(); + PrintGifError(gif->Error); rec = TERMINATE_RECORD_TYPE; } *w = gif->Image.Width; *h = gif->Image.Height; - if (*h > 32767 || *w > 32767) + if (*h <= 0 || *h > 32767 || *w <= 0 || *w > 32767) { return NULL; } rows = malloc(*h * sizeof(GifRowType *)); if (!rows) { - DGifCloseFile(gif); + DGifCloseFile(gif, NULL); return NULL; } data = _imlib_malloc_image(*w, *h); if (!data) { - DGifCloseFile(gif); + DGifCloseFile(gif, NULL); free(rows); return NULL; } @@@@ -487,7 +508,7 @@@@ _LoadGIF(ImlibData * id, FILE *f, int *w rows[i] = malloc(*w * sizeof(GifPixelType)); if (!rows[i]) { - DGifCloseFile(gif); + DGifCloseFile(gif, NULL); for (i = 0; i < *h; i++) if (rows[i]) free(rows[i]); @@@@ -576,7 +597,7 @@@@ _LoadGIF(ImlibData * id, FILE *f, int *w } } } - DGifCloseFile(gif); + DGifCloseFile(gif, NULL); for (i = 0; i < *h; i++) free(rows[i]); free(rows); @@@@ -1000,7 +1021,12 @@@@ _LoadXPM(ImlibData * id, FILE *file, int comment = 0; quote = 0; context = 0; + memset(lookup, 0, sizeof(lookup)); + line = malloc(lsz); + if (!line) + return NULL; + while (!done) { pc = c; @@@@ -1029,25 +1055,25 @@@@ _LoadXPM(ImlibData * id, FILE *file, int { /* Header */ sscanf(line, "%i %i %i %i", w, h, &ncolors, &cpp); - if (ncolors > 32766) + if (ncolors <= 0 || ncolors > 32766) { fprintf(stderr, "IMLIB ERROR: XPM files wth colors > 32766 not supported\n"); free(line); return NULL; } - if (cpp > 5) + if (cpp <= 0 || cpp > 5) { fprintf(stderr, "IMLIB ERROR: XPM files with characters per pixel > 5 not supported\n"); free(line); return NULL; } - if (*w > 32767) + if (*w <= 0 || *w > 32767) { fprintf(stderr, "IMLIB ERROR: Image width > 32767 pixels for file\n"); free(line); return NULL; } - if (*h > 32767) + if (*h <= 0 || *h > 32767) { fprintf(stderr, "IMLIB ERROR: Image height > 32767 pixels for file\n"); free(line); @@@@ -1080,11 +1106,13 @@@@ _LoadXPM(ImlibData * id, FILE *file, int { int slen; int hascolor, iscolor; + int space; iscolor = 0; hascolor = 0; tok[0] = 0; col[0] = 0; + space = sizeof(col) - 1; s[0] = 0; len = strlen(line); strncpy(cmap[j].str, line, cpp); @@@@ -1107,10 +1135,10 @@@@ _LoadXPM(ImlibData * id, FILE *file, int { if (k >= len) { - if (col[0]) - strcat(col, " "); - if (strlen(col) + strlen(s) < sizeof(col)) - strcat(col, s); + if (col[0] && space > 0) + strcat(col, " "), space -= 1; + if (slen <= space) + strcat(col, s), space -= slen; } if (col[0]) { @@@@ -1140,14 +1168,17 @@@@ _LoadXPM(ImlibData * id, FILE *file, int } } } + if (slen < sizeof(tok)); strcpy(tok, s); col[0] = 0; + space = sizeof(col) - 1; } else { - if (col[0]) - strcat(col, " "); - strcat(col, s); + if (col[0] && space > 0) + strcat(col, " "), space -=1; + if (slen <= space) + strcat(col, s), space -= slen; } } } @@@@ -1376,12 +1407,12 @@@@ _LoadPPM(ImlibData * id, FILE * f, int * sscanf(s, "%i %i", w, h); a = *w; b = *h; - if (a > 32767) + if (a <= 0 || a > 32767) { fprintf(stderr, "IMLIB ERROR: Image width > 32767 pixels for file\n"); return NULL; } - if (b > 32767) + if (b <= 0 || b > 32767) { fprintf(stderr, "IMLIB ERROR: Image height > 32767 pixels for file\n"); return NULL; @ 1.9 log @Make sure to include PrintGifError here too. Bump revision. @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.8 2013/08/15 16:26:36 joerg Exp $ d3 1 a3 1 Middle chunks: Fix build with png-1.5. a100 9 @@@@ -432,7 +453,7 @@@@ _LoadGIF(ImlibData * id, FILE *f, int *w int intoffset[] = {0, 4, 2, 1}; int intjump[] = {8, 8, 4, 2}; int istransp, transp; - int fd; + int fd, giferror; done = 0; istransp = 0; d106 1 a106 1 + gif = DGifOpenFileHandle(fd, &giferror); d110 1 a110 1 @@@@ -451,19 +472,19 @@@@ _LoadGIF(ImlibData * id, FILE *f, int *w d115 1 a115 1 + PrintGifError(giferror); d123 1 a123 1 + PrintGifError(giferror); d133 33 @ 1.8 log @Fix build with newer giflib. @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.7 2011/01/23 16:16:39 wiz Exp $ d8 1 a8 1 @@@@ -4,6 +4,8 @@@@ d16 10 d27 3 a29 1 @@@@ -41,13 +43,17 @@@@ _GetExtension(char *file) d49 1 a49 1 @@@@ -191,12 +197,12 @@@@ _LoadPNG(ImlibData * id, FILE * f, int * d64 1 a64 1 @@@@ -254,7 +260,8 @@@@ _LoadPNG(ImlibData * id, FILE * f, int * d74 1 a74 1 @@@@ -279,6 +286,7 @@@@ _LoadPNG(ImlibData * id, FILE * f, int * d82 1 a82 1 @@@@ -294,6 +302,7 @@@@ _LoadPNG(ImlibData * id, FILE * f, int * d90 1 a90 1 @@@@ -360,7 +369,9 @@@@ _LoadTIFF(ImlibData * id, FILE *f, char d101 10 a110 1 @@@@ -443,7 +454,7 @@@@ _LoadGIF(ImlibData * id, FILE *f, int *w d115 1 a115 1 + gif = DGifOpenFileHandle(fd, NULL); d119 15 a133 1 @@@@ -463,7 +474,7 @@@@ _LoadGIF(ImlibData * id, FILE *f, int *w d142 1 a142 1 @@@@ -1000,7 +1011,12 @@@@ _LoadXPM(ImlibData * id, FILE *file, int d155 1 a155 1 @@@@ -1029,25 +1045,25 @@@@ _LoadXPM(ImlibData * id, FILE *file, int d185 1 a185 1 @@@@ -1080,11 +1096,13 @@@@ _LoadXPM(ImlibData * id, FILE *file, int d199 1 a199 1 @@@@ -1107,10 +1125,10 @@@@ _LoadXPM(ImlibData * id, FILE *file, int d214 1 a214 1 @@@@ -1140,14 +1158,17 @@@@ _LoadXPM(ImlibData * id, FILE *file, int d235 1 a235 1 @@@@ -1376,12 +1397,12 @@@@ _LoadPPM(ImlibData * id, FILE * f, int * @ 1.7 log @Fix build with png-1.5. From Marko Schuetz Schmuck in PR 44419. @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.6 2004/12/10 09:30:42 salo Exp $ d89 9 @ 1.6 log @Bump PKGREVISION, security fix: "Multiple buffer overflows in imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to execute arbitrary code via certain image files." (1.9.15 is also affected) http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1026 Patch from Pavel Kankovsky. @ text @d1 1 a1 1 $NetBSD$ d3 5 a7 2 --- Imlib/load.c.orig 2004-09-21 02:23:20.000000000 +0200 +++ Imlib/load.c 2004-12-10 09:58:18.000000000 +0100 d17 1 a17 1 @@@@ -41,13 +43,17 @@@@ d37 16 a52 1 @@@@ -254,7 +260,8 @@@@ d62 1 a62 1 @@@@ -279,6 +286,7 @@@@ d70 1 a70 1 @@@@ -294,6 +302,7 @@@@ d78 1 a78 1 @@@@ -360,7 +369,9 @@@@ d89 1 a89 1 @@@@ -463,7 +474,7 @@@@ d98 1 a98 1 @@@@ -1000,7 +1011,12 @@@@ d111 1 a111 1 @@@@ -1029,25 +1045,25 @@@@ d141 1 a141 1 @@@@ -1080,11 +1096,13 @@@@ d155 1 a155 1 @@@@ -1107,10 +1125,10 @@@@ d170 1 a170 1 @@@@ -1140,14 +1158,17 @@@@ d191 1 a191 1 @@@@ -1376,12 +1397,12 @@@@ @ 1.5 log @Update to 1.9.13. Bugfix release. @ text @d3 32 a34 3 --- Imlib/load.c.orig Wed Mar 13 19:06:29 2002 +++ Imlib/load.c @@@@ -254,7 +254,8 @@@@ d44 1 a44 1 @@@@ -279,6 +280,7 @@@@ d52 1 a52 1 @@@@ -294,6 +296,7 @@@@ d60 128 @ 1.5.16.1 log @Pullup ticket 171 - requested by Havard Eidnes security fix for imlib Module Name: pkgsrc Committed By: tron Date: Sat Nov 27 08:09:38 UTC 2004 Modified Files: pkgsrc/graphics/imlib: Makefile Log Message: Remove me as maintainer of this package. --- Module Name: pkgsrc Committed By: adam Date: Fri Dec 3 13:42:47 UTC 2004 Modified Files: pkgsrc/graphics/imlib: Makefile distinfo pkgsrc/graphics/imlib/patches: patch-ag patch-ah Log Message: Changes 1.9.15: * Minor bug fixes --- Module Name: pkgsrc Committed By: salo Date: Fri Dec 10 09:30:42 UTC 2004 Modified Files: pkgsrc/graphics/imlib: Makefile buildlink3.mk distinfo pkgsrc/graphics/imlib/patches: patch-ab patch-ai Added Files: pkgsrc/graphics/imlib/patches: patch-aj patch-ak patch-al patch-am patch-an patch-ao Log Message: Bump PKGREVISION, security fix: "Multiple buffer overflows in imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to execute arbitrary code via certain image files." (1.9.15 is also affected) http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1026 Patch from Pavel Kankovsky. @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.6 2004/12/10 09:30:42 salo Exp $ d3 3 a5 32 --- Imlib/load.c.orig 2004-09-21 02:23:20.000000000 +0200 +++ Imlib/load.c 2004-12-10 09:58:18.000000000 +0100 @@@@ -4,6 +4,8 @@@@ #include "Imlib_private.h" #include +#define G_MAXINT ((int) 0x7fffffff) + /* Split the ID - damages input */ static char * @@@@ -41,13 +43,17 @@@@ /* * Make sure we don't wrap on our memory allocations + * we check G_MAXINT/4 because rend.c malloc's w * h * bpp + * + 3 is safety margin */ void * _imlib_malloc_image(unsigned int w, unsigned int h) { - if( w > 32767 || h > 32767) + if (w <= 0 || w > 32767 || + h <= 0 || h > 32767 || + h >= (G_MAXINT/4 - 1) / w) return NULL; - return malloc(w * h * 3); + return malloc(w * h * 3 + 3); } #ifdef HAVE_LIBJPEG @@@@ -254,7 +260,8 @@@@ d15 1 a15 1 @@@@ -279,6 +286,7 @@@@ d23 1 a23 1 @@@@ -294,6 +302,7 @@@@ a30 128 @@@@ -360,7 +369,9 @@@@ npix = ww * hh; *w = (int)ww; *h = (int)hh; - if(ww > 32767 || hh > 32767) + if (ww <= 0 || ww > 32767 || + hh <= 0 || hh > 32767 || + hh >= (G_MAXINT/sizeof(uint32)) / ww) { TIFFClose(tif); return NULL; @@@@ -463,7 +474,7 @@@@ } *w = gif->Image.Width; *h = gif->Image.Height; - if (*h > 32767 || *w > 32767) + if (*h <= 0 || *h > 32767 || *w <= 0 || *w > 32767) { return NULL; } @@@@ -1000,7 +1011,12 @@@@ comment = 0; quote = 0; context = 0; + memset(lookup, 0, sizeof(lookup)); + line = malloc(lsz); + if (!line) + return NULL; + while (!done) { pc = c; @@@@ -1029,25 +1045,25 @@@@ { /* Header */ sscanf(line, "%i %i %i %i", w, h, &ncolors, &cpp); - if (ncolors > 32766) + if (ncolors <= 0 || ncolors > 32766) { fprintf(stderr, "IMLIB ERROR: XPM files wth colors > 32766 not supported\n"); free(line); return NULL; } - if (cpp > 5) + if (cpp <= 0 || cpp > 5) { fprintf(stderr, "IMLIB ERROR: XPM files with characters per pixel > 5 not supported\n"); free(line); return NULL; } - if (*w > 32767) + if (*w <= 0 || *w > 32767) { fprintf(stderr, "IMLIB ERROR: Image width > 32767 pixels for file\n"); free(line); return NULL; } - if (*h > 32767) + if (*h <= 0 || *h > 32767) { fprintf(stderr, "IMLIB ERROR: Image height > 32767 pixels for file\n"); free(line); @@@@ -1080,11 +1096,13 @@@@ { int slen; int hascolor, iscolor; + int space; iscolor = 0; hascolor = 0; tok[0] = 0; col[0] = 0; + space = sizeof(col) - 1; s[0] = 0; len = strlen(line); strncpy(cmap[j].str, line, cpp); @@@@ -1107,10 +1125,10 @@@@ { if (k >= len) { - if (col[0]) - strcat(col, " "); - if (strlen(col) + strlen(s) < sizeof(col)) - strcat(col, s); + if (col[0] && space > 0) + strcat(col, " "), space -= 1; + if (slen <= space) + strcat(col, s), space -= slen; } if (col[0]) { @@@@ -1140,14 +1158,17 @@@@ } } } + if (slen < sizeof(tok)); strcpy(tok, s); col[0] = 0; + space = sizeof(col) - 1; } else { - if (col[0]) - strcat(col, " "); - strcat(col, s); + if (col[0] && space > 0) + strcat(col, " "), space -=1; + if (slen <= space) + strcat(col, s), space -= slen; } } } @@@@ -1376,12 +1397,12 @@@@ sscanf(s, "%i %i", w, h); a = *w; b = *h; - if (a > 32767) + if (a <= 0 || a > 32767) { fprintf(stderr, "IMLIB ERROR: Image width > 32767 pixels for file\n"); return NULL; } - if (b > 32767) + if (b <= 0 || b > 32767) { fprintf(stderr, "IMLIB ERROR: Image height > 32767 pixels for file\n"); return NULL; @ 1.4 log @Update imlib to 1.9.11. Changes are bugfixes and the addition of man pages @ text @d3 1 a3 1 --- Imlib/load.c.orig Wed Aug 1 00:15:16 2001 d5 1 a5 1 @@@@ -241,7 +241,8 @@@@ d15 1 a15 1 @@@@ -266,6 +267,7 @@@@ d23 1 a23 1 @@@@ -281,6 +283,7 @@@@ @ 1.3 log @Fix grayscale PNG display. Patch supplied by Dieter Baron in private mail. @ text @d3 3 a5 13 --- Imlib/load.c.orig Sun Oct 3 21:17:35 1999 +++ Imlib/load.c Sat Jun 17 02:58:25 2000 @@@@ -209,6 +209,9 @@@@ /* Setup Translators */ if (color_type == PNG_COLOR_TYPE_PALETTE) png_set_expand(png_ptr); + if (color_type == PNG_COLOR_TYPE_GRAY && bit_depth < 8) + png_set_expand(png_ptr); + png_set_strip_16(png_ptr); png_set_packing(png_ptr); if (png_get_valid(png_ptr, info_ptr, PNG_INFO_tRNS)) @@@@ -247,7 +250,8 @@@@ d15 1 a15 1 @@@@ -272,6 +276,7 @@@@ d23 1 a23 1 @@@@ -286,6 +291,7 @@@@ @ 1.2 log @* change to use libungif instead of giflib * install library documentation @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.1 1998/09/04 13:13:17 agc Exp $ d3 38 a40 14 Try as I might, passing things through the environment, this always ends up like this... --- Makefile.in 1998/09/01 17:14:00 1.1 +++ Makefile.in 1998/09/01 17:14:54 @@@@ -48,7 +48,7 @@@@ INSTALL = @@INSTALL@@ INSTALL_PROGRAM = @@INSTALL_PROGRAM@@ INSTALL_DATA = @@INSTALL_DATA@@ -INSTALL_SCRIPT = @@INSTALL_SCRIPT@@ +INSTALL_SCRIPT = ${BSD_INSTALL_SCRIPT} transform = @@program_transform_name@@ NORMAL_INSTALL = : @ 1.1 log @Add imlib-1.7, an image manipulation library for X11, to the NetBSD packages collection. @ text @d1 1 a1 1 $NetBSD$ @