[pkgsrc/trunk]: pkgsrc/graphics/gimp1-base Fix Sun RAS buffer overflow (CVE-2...

[tonnerre <tonnerre%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/0203c11f9edb
branches:  trunk
changeset: 540045:0203c11f9edb
user:      tonnerre <tonnerre%pkgsrc.org@localhost>
date:      Sun Mar 23 14:27:51 2008 +0000

description:
Fix Sun RAS buffer overflow (CVE-2007-2356). This was fixed in gimp2 but
gimp1 was forgotten.
Approved-by: gdt, joerg

diffstat:

 graphics/gimp1-base/Makefile         |   4 ++--
 graphics/gimp1-base/distinfo         |   3 ++-
 graphics/gimp1-base/patches/patch-ab |  33 +++++++++++++++++++++++++++++++++
 3 files changed, 37 insertions(+), 3 deletions(-)

diffs (67 lines):

diff -r 7354896a91a7 -r 0203c11f9edb graphics/gimp1-base/Makefile
--- a/graphics/gimp1-base/Makefile      Sun Mar 23 13:20:43 2008 +0000
+++ b/graphics/gimp1-base/Makefile      Sun Mar 23 14:27:51 2008 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.23 2007/12/02 12:05:33 wiz Exp $
+# $NetBSD: Makefile,v 1.24 2008/03/23 14:27:51 tonnerre Exp $
 #
 
 DISTNAME=              gimp-1.2.5
 PKGNAME=               gimp-base-1.2.5
-PKGREVISION=           6
+PKGREVISION=           7
 CATEGORIES=            graphics
 MASTER_SITES=          ftp://ftp.gimp.org/pub/gimp/v1.2/v1.2.5/ \
                        ftp://ftp.fu-berlin.de/unix/X11/graphics/gimp/v1.2/v1.2.5/
diff -r 7354896a91a7 -r 0203c11f9edb graphics/gimp1-base/distinfo
--- a/graphics/gimp1-base/distinfo      Sun Mar 23 13:20:43 2008 +0000
+++ b/graphics/gimp1-base/distinfo      Sun Mar 23 14:27:51 2008 +0000
@@ -1,9 +1,10 @@
-$NetBSD: distinfo,v 1.4 2007/07/30 07:56:27 joerg Exp $
+$NetBSD: distinfo,v 1.5 2008/03/23 14:27:51 tonnerre Exp $
 
 SHA1 (gimp-1.2.5.tar.bz2) = 1cb7fdbd4e6b191a62011c906e1b0aaef6e623ef
 RMD160 (gimp-1.2.5.tar.bz2) = d1be734271b763a22c0e8f5981c5c330a7744d31
 Size (gimp-1.2.5.tar.bz2) = 10885324 bytes
 SHA1 (patch-aa) = 2d2f7ce110822522314aebfd86c06ebcbdbabb9d
+SHA1 (patch-ab) = 80a207cc4b0df4b3616c0cdda6a63b4a72d5a125
 SHA1 (patch-ac) = 9949ba730b031132a183cabf69025e36500c70f0
 SHA1 (patch-ad) = 29c68f53be2d527661dcbaa38b2bf92626cb139c
 SHA1 (patch-ae) = cf58dd1f447ac147d6e263d8f309d7e86e1a2fb0
diff -r 7354896a91a7 -r 0203c11f9edb graphics/gimp1-base/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/gimp1-base/patches/patch-ab      Sun Mar 23 14:27:51 2008 +0000
@@ -0,0 +1,33 @@
+$NetBSD: patch-ab,v 1.1 2008/03/23 14:27:51 tonnerre Exp $
+
+Fix Sun RAS buffer overflow (CVE-2007-2356).
+
+--- plug-ins/common/sunras.c.orig      2003-01-15 03:04:01.000000000 +0100
++++ plug-ins/common/sunras.c
+@@ -101,7 +101,7 @@ static gint   save_image (gchar   *filen
+                           gint32   image_ID,
+                           gint32   drawable_ID);
+ 
+-static void set_color_table (gint32, L_SUNFILEHEADER *, unsigned char *);
++static void set_color_table (gint32, L_SUNFILEHEADER *, const guchar *);
+ 
+ static gint32 create_new_image (char *filename, guint width, guint height,
+                               GimpImageBaseType type, gint32 *layer_ID, GimpDrawable **drawable,
+@@ -872,7 +872,7 @@ write_sun_cols (FILE            *ofp,
+ static void
+ set_color_table (gint32           image_ID,
+                L_SUNFILEHEADER *sunhdr,
+-               guchar          *suncolmap)
++               const guchar    *suncolmap)
+ {
+   int ncols, j;
+   guchar ColorMap[256*3];
+@@ -880,7 +880,7 @@ set_color_table (gint32           image_
+   ncols = sunhdr->l_ras_maplength / 3;
+   if (ncols <= 0) return;
+ 
+-  for (j = 0; j < ncols; j++)
++  for (j = 0; j < MIN(ncols, 256); j++)
+     {
+       ColorMap[j*3]   = suncolmap[j];
+       ColorMap[j*3+1] = suncolmap[j+ncols];