Bugfix update to 2.6.8, security patches has been committed upstream, so
use patch -E.
Comments ? Ok ?
Cheers
Giovanni
Index: Makefile
===================================================================
RCS file: /cvs/ports/graphics/gimp/stable/Makefile,v
retrieving revision 1.55
diff -u -p -r1.55 Makefile
--- Makefile 22 Dec 2009 16:06:40 -0000 1.55
+++ Makefile 28 Dec 2009 12:11:04 -0000
@@ -2,17 +2,16 @@
COMMENT= GNU Image Manipulation Program
-DISTNAME= gimp-2.6.7
-SHARED_LIBS= gimp-2.0 267.0 \
- gimpbase-2.0 267.0 \
- gimpcolor-2.0 267.0 \
- gimpconfig-2.0 267.0 \
- gimpmath-2.0 267.0 \
- gimpmodule-2.0 267.0 \
- gimpthumb-2.0 267.0 \
- gimpui-2.0 267.0 \
- gimpwidgets-2.0 267.0
-PKGNAME= ${DISTNAME}p3
+DISTNAME= gimp-2.6.8
+SHARED_LIBS= gimp-2.0 268.0 \
+ gimpbase-2.0 268.0 \
+ gimpcolor-2.0 268.0 \
+ gimpconfig-2.0 268.0 \
+ gimpmath-2.0 268.0 \
+ gimpmodule-2.0 268.0 \
+ gimpthumb-2.0 268.0 \
+ gimpui-2.0 268.0 \
+ gimpwidgets-2.0 268.0
CATEGORIES= graphics
MAINTAINER= Giovanni Bechis <giova...@openbsd.org>
@@ -64,10 +63,10 @@ MODULES= devel/gettext \
USE_X11= Yes
USE_GMAKE= Yes
USE_LIBTOOL= Yes
-AUTOCONF_VERSION= 2.61
+AUTOCONF_VERSION= 2.62
CONFIGURE_STYLE= autoconf
CONFIGURE_ARGS= ${CONFIGURE_SHARED}
-CONFIGURE_ARGS+=--without-gtkhtml2 --without-gvfs \
+CONFIGURE_ARGS+=--without-gvfs \
--without-gnomevfs --with-libcurl \
--without-webkit --enable-gimp-remote
CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include/libpng -I${LOCALBASE}/include
-I${X11BASE}/include" \
Index: distinfo
===================================================================
RCS file: /cvs/ports/graphics/gimp/stable/distinfo,v
retrieving revision 1.24
diff -u -p -r1.24 distinfo
--- distinfo 25 Sep 2009 12:43:16 -0000 1.24
+++ distinfo 28 Dec 2009 12:11:04 -0000
@@ -1,5 +1,5 @@
-MD5 (gimp-2.6.7.tar.bz2) = d+2GqN6bSFh++yTysRWtOA==
-RMD160 (gimp-2.6.7.tar.bz2) = xXZnS6ZUfk0xw01ruCxNQWrduvE=
-SHA1 (gimp-2.6.7.tar.bz2) = BmHRYv7P2Qfhg85ChT3VudPLTFE=
-SHA256 (gimp-2.6.7.tar.bz2) = pAHF++WegSQTy00LN2B2gAib8lQFbYtYU6p54Dpv4RU=
-SIZE (gimp-2.6.7.tar.bz2) = 16341756
+MD5 (gimp-2.6.8.tar.bz2) = pNlGLJQglUgkqAybGWP52Q==
+RMD160 (gimp-2.6.8.tar.bz2) = 2gL+3MAOuqwEv9IcFTpxMNP/Xgg=
+SHA1 (gimp-2.6.8.tar.bz2) = pVCUPwhqvJv2uW1XZ0Eze3GGpPQ=
+SHA256 (gimp-2.6.8.tar.bz2) = 1dQhi3QjkBV/yiOp0szkNpBFRqLqQZ/+tEpfQ8maMzI=
+SIZE (gimp-2.6.8.tar.bz2) = 16342377
Index: patches/patch-plug-ins_file-bmp_bmp-read_c
===================================================================
RCS file: patches/patch-plug-ins_file-bmp_bmp-read_c
diff -N patches/patch-plug-ins_file-bmp_bmp-read_c
--- patches/patch-plug-ins_file-bmp_bmp-read_c 12 Nov 2009 16:35:56 -0000
1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,36 +0,0 @@
-$OpenBSD: patch-plug-ins_file-bmp_bmp-read_c,v 1.1 2009/11/12 16:35:56 jasper
Exp $
-
-Security fix to prevent integer overflows.
-Secunia Research, advisory SA37232 and CVE CVE-2009-1570.
-
---- plug-ins/file-bmp/bmp-read.c.orig Thu Nov 12 16:19:13 2009
-+++ plug-ins/file-bmp/bmp-read.c Thu Nov 12 16:20:37 2009
-@@ -424,7 +424,8 @@ ReadBMP (const gchar *name,
- return -1;
- }
-
-- if (Bitmap_Head.biWidth < 0)
-+ if (Bitmap_Head.biWidth < 0 ||
-+ ABS (Bitmap_Head.biHeight) < 0)
- {
- g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
- _("'%s' is not a valid BMP file"),
-@@ -447,6 +448,18 @@ ReadBMP (const gchar *name,
- gimp_filename_to_utf8 (filename));
- return -1;
- }
-+
-+ /* protect against integer overflows caused by malicious BMPs */
-+
-+ if (((guint64) Bitmap_Head.biWidth) * Bitmap_Head.biBitCnt > G_MAXINT32 ||
-+ ((guint64) Bitmap_Head.biWidth) * ABS (Bitmap_Head.biHeight) >
G_MAXINT32 ||
-+ ((guint64) Bitmap_Head.biWidth) * ABS (Bitmap_Head.biHeight) * 4 >
G_MAXINT32)
-+ {
-+ g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
-+ _("'%s' is not a valid BMP file"),
-+ gimp_filename_to_utf8 (filename));
-+ return -1;
-+ }
-
- /* Windows and OS/2 declare filler so that rows are a multiple of
- * word length (32 bits == 4 bytes)
Index: patches/patch-plug-ins_file-psd_psd-load_c
===================================================================
RCS file: patches/patch-plug-ins_file-psd_psd-load_c
diff -N patches/patch-plug-ins_file-psd_psd-load_c
--- patches/patch-plug-ins_file-psd_psd-load_c 17 Nov 2009 19:15:05 -0000
1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,74 +0,0 @@
-$OpenBSD: patch-plug-ins_file-psd_psd-load_c,v 1.1 2009/11/17 19:15:05 jasper
Exp $
-
-Security fix for CVE-2009-3909
-Gimp PSD Image Parsing Integer Overflow Vulnerability
-
-From upstream git:
-- 9cc8d78ff33b7a36852b74e64b427489cad44d0e
-- 0e440cb6d4d6ee029667363d244aff61b154c33c
-
---- plug-ins/file-psd/psd-load.c.orig Tue Nov 17 19:15:20 2009
-+++ plug-ins/file-psd/psd-load.c Tue Nov 17 19:15:48 2009
-@@ -542,10 +542,10 @@ read_layer_block (PSDimage *img_a,
- psd_set_error (feof (f), errno, error);
- return NULL;
- }
-- lyr_a[lidx]->top = GUINT32_FROM_BE (lyr_a[lidx]->top);
-- lyr_a[lidx]->left = GUINT32_FROM_BE (lyr_a[lidx]->left);
-- lyr_a[lidx]->bottom = GUINT32_FROM_BE (lyr_a[lidx]->bottom);
-- lyr_a[lidx]->right = GUINT32_FROM_BE (lyr_a[lidx]->right);
-+ lyr_a[lidx]->top = GINT32_FROM_BE (lyr_a[lidx]->top);
-+ lyr_a[lidx]->left = GINT32_FROM_BE (lyr_a[lidx]->left);
-+ lyr_a[lidx]->bottom = GINT32_FROM_BE (lyr_a[lidx]->bottom);
-+ lyr_a[lidx]->right = GINT32_FROM_BE (lyr_a[lidx]->right);
- lyr_a[lidx]->num_channels = GUINT16_FROM_BE
(lyr_a[lidx]->num_channels);
-
- if (lyr_a[lidx]->num_channels > MAX_CHANNELS)
-@@ -691,13 +691,13 @@ read_layer_block (PSDimage *img_a,
- return NULL;
- }
- lyr_a[lidx]->layer_mask.top =
-- GUINT32_FROM_BE (lyr_a[lidx]->layer_mask.top);
-+ GINT32_FROM_BE (lyr_a[lidx]->layer_mask.top);
- lyr_a[lidx]->layer_mask.left =
-- GUINT32_FROM_BE (lyr_a[lidx]->layer_mask.left);
-+ GINT32_FROM_BE (lyr_a[lidx]->layer_mask.left);
- lyr_a[lidx]->layer_mask.bottom =
-- GUINT32_FROM_BE (lyr_a[lidx]->layer_mask.bottom);
-+ GINT32_FROM_BE (lyr_a[lidx]->layer_mask.bottom);
- lyr_a[lidx]->layer_mask.right =
-- GUINT32_FROM_BE (lyr_a[lidx]->layer_mask.right);
-+ GINT32_FROM_BE (lyr_a[lidx]->layer_mask.right);
- lyr_a[lidx]->layer_mask.mask_flags.relative_pos =
- lyr_a[lidx]->layer_mask.flags & 1 ? TRUE : FALSE;
- lyr_a[lidx]->layer_mask.mask_flags.disabled =
-@@ -723,21 +723,21 @@ read_layer_block (PSDimage *img_a,
- return NULL;
- }
- lyr_a[lidx]->layer_mask_extra.top =
-- GUINT32_FROM_BE (lyr_a[lidx]->layer_mask_extra.top);
-+ GINT32_FROM_BE (lyr_a[lidx]->layer_mask_extra.top);
- lyr_a[lidx]->layer_mask_extra.left =
-- GUINT32_FROM_BE (lyr_a[lidx]->layer_mask_extra.left);
-+ GINT32_FROM_BE (lyr_a[lidx]->layer_mask_extra.left);
- lyr_a[lidx]->layer_mask_extra.bottom =
-- GUINT32_FROM_BE (lyr_a[lidx]->layer_mask_extra.bottom);
-+ GINT32_FROM_BE (lyr_a[lidx]->layer_mask_extra.bottom);
- lyr_a[lidx]->layer_mask_extra.right =
-- GUINT32_FROM_BE (lyr_a[lidx]->layer_mask_extra.right);
-+ GINT32_FROM_BE (lyr_a[lidx]->layer_mask_extra.right);
- lyr_a[lidx]->layer_mask.top =
-- GUINT32_FROM_BE (lyr_a[lidx]->layer_mask.top);
-+ GINT32_FROM_BE (lyr_a[lidx]->layer_mask.top);
- lyr_a[lidx]->layer_mask.left =
-- GUINT32_FROM_BE (lyr_a[lidx]->layer_mask.left);
-+ GINT32_FROM_BE (lyr_a[lidx]->layer_mask.left);
- lyr_a[lidx]->layer_mask.bottom =
-- GUINT32_FROM_BE (lyr_a[lidx]->layer_mask.bottom);
-+ GINT32_FROM_BE (lyr_a[lidx]->layer_mask.bottom);
- lyr_a[lidx]->layer_mask.right =
-- GUINT32_FROM_BE (lyr_a[lidx]->layer_mask.right);
-+ GINT32_FROM_BE (lyr_a[lidx]->layer_mask.right);
- lyr_a[lidx]->layer_mask.mask_flags.relative_pos =
- lyr_a[lidx]->layer_mask.flags & 1 ? TRUE : FALSE;
- lyr_a[lidx]->layer_mask.mask_flags.disabled =
Index: patches/patch-plug-ins_file-psd_psd_h
===================================================================
RCS file: patches/patch-plug-ins_file-psd_psd_h
diff -N patches/patch-plug-ins_file-psd_psd_h
--- patches/patch-plug-ins_file-psd_psd_h 17 Nov 2009 19:15:05 -0000
1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,55 +0,0 @@
-$OpenBSD: patch-plug-ins_file-psd_psd_h,v 1.1 2009/11/17 19:15:05 jasper Exp $
-
-Security fix for CVE-2009-3909
-Gimp PSD Image Parsing Integer Overflow Vulnerability
-
-From upstream git:
-- 9cc8d78ff33b7a36852b74e64b427489cad44d0e
-- 0e440cb6d4d6ee029667363d244aff61b154c33c
-
---- plug-ins/file-psd/psd.h.orig Mon Jul 20 22:20:51 2009
-+++ plug-ins/file-psd/psd.h Tue Nov 17 19:15:48 2009
-@@ -447,10 +447,10 @@ typedef struct
- /* PSD Layer mask data (length 20) */
- typedef struct
- {
-- guint32 top; /* Layer top */
-- guint32 left; /* Layer left */
-- guint32 bottom; /* Layer bottom */
-- guint32 right; /* Layer right */
-+ gint32 top; /* Layer top */
-+ gint32 left; /* Layer left */
-+ gint32 bottom; /* Layer bottom */
-+ gint32 right; /* Layer right */
- guchar def_color; /* Default background colour
*/
- guchar flags; /* Layer flags */
- guchar extra_def_color; /* Real default background
colour */
-@@ -461,20 +461,20 @@ typedef struct
- /* PSD Layer mask data (length 36) */
- typedef struct
- {
-- guint32 top; /* Layer top */
-- guint32 left; /* Layer left */
-- guint32 bottom; /* Layer bottom */
-- guint32 right; /* Layer right */
-+ gint32 top; /* Layer top */
-+ gint32 left; /* Layer left */
-+ gint32 bottom; /* Layer bottom */
-+ gint32 right; /* Layer right */
- } LayerMaskExtra;
-
- /* PSD Layer data structure */
- typedef struct
- {
- gboolean drop; /* Do not add layer to GIMP
image */
-- guint32 top; /* Layer top */
-- guint32 left; /* Layer left */
-- guint32 bottom; /* Layer bottom */
-- guint32 right; /* Layer right */
-+ gint32 top; /* Layer top */
-+ gint32 left; /* Layer left */
-+ gint32 bottom; /* Layer bottom */
-+ gint32 right; /* Layer right */
- guint16 num_channels; /* Number of channels */
- ChannelLengthInfo *chn_info; /* Channel length info */
- gchar mode_key[4]; /* Blend mode key */
