Date: Tue, 8 Apr 2014 15:35:18 +0000 (UTC) From: Christian Weisgerber <naddy@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r350627 - in head/multimedia/xmms: . files Message-ID: <201404081535.s38FZIwG078361@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: naddy Date: Tue Apr 8 15:35:18 2014 New Revision: 350627 URL: http://svnweb.freebsd.org/changeset/ports/350627 QAT: https://qat.redports.org/buildarchive/r350627/ Log: Fix for integer overflow and underflow vulnerabilities in the processing of skin bitmap images. Obtained from: Ubuntu (originally) Security: http://www.vuxml.org/freebsd/20e23b65-a52e-11e3-ae3a-00224d7c32a2.html Added: head/multimedia/xmms/files/patch-xmms_bmp.c (contents, props changed) Modified: head/multimedia/xmms/Makefile Modified: head/multimedia/xmms/Makefile ============================================================================== --- head/multimedia/xmms/Makefile Tue Apr 8 15:33:31 2014 (r350626) +++ head/multimedia/xmms/Makefile Tue Apr 8 15:35:18 2014 (r350627) @@ -3,7 +3,7 @@ PORTNAME= xmms PORTVERSION= 1.2.11 -PORTREVISION?= 20 # Also chinese/xmms and russian/xmms +PORTREVISION?= 21 # Also chinese/xmms and russian/xmms CATEGORIES+= multimedia audio ipv6 MASTER_SITES= http://www.xmms.org/files/1.2.x/ \ http://legacy.xmms2.org/ \ @@ -16,13 +16,10 @@ COMMENT?= X Multimedia System -- An audi LICENSE= GPLv2 DEPRECATED= Abandonware, please consider using multimedia/audacious instead -FORBIDDEN= Vulnerable: CVE-2007-0653 CVE-2007-0654 -EXPIRATION_DATE= 2014-05-01 CONFLICTS?= ru-xmms-[0-9]* zh-xmms-[0-9]* GNU_CONFIGURE= yes -USES= desktop-file-utils pathfix gmake iconv -USE_BZIP2= yes +USES= desktop-file-utils pathfix gmake iconv tar:bzip2 USE_GNOME= gtk12 USE_LDCONFIG= yes USE_XORG= sm x11 xxf86vm Added: head/multimedia/xmms/files/patch-xmms_bmp.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/multimedia/xmms/files/patch-xmms_bmp.c Tue Apr 8 15:35:18 2014 (r350627) @@ -0,0 +1,43 @@ +--- xmms/bmp.c.orig 2006-07-16 15:40:04.000000000 +0200 ++++ xmms/bmp.c 2014-04-08 17:04:26.000000000 +0200 +@@ -19,6 +19,12 @@ + */ + #include "xmms.h" + ++#if HAVE_STDINT_H ++#include <stdint.h> ++#elif !defined(UINT32_MAX) ++#define UINT32_MAX 0xffffffffU ++#endif ++ + struct rgb_quad + { + guchar rgbBlue; +@@ -183,7 +189,7 @@ GdkPixmap *read_bmp(gchar * filename) + } + else if (bitcount != 24 && bitcount != 16 && bitcount != 32) + { +- gint ncols, i; ++ guint32 ncols, i; + + ncols = offset - headSize - 14; + if (headSize == 12) +@@ -201,9 +207,17 @@ GdkPixmap *read_bmp(gchar * filename) + } + } + fseek(file, offset, SEEK_SET); ++ /* verify buffer size */ ++ if (!h || !w || ++ w > (((UINT32_MAX - 3) / 3) / h) || ++ h > (((UINT32_MAX - 3) / 3) / w)) { ++ g_warning("read_bmp(): width(%u)*height(%u) too large", w, h); ++ fclose(file); ++ return NULL; ++ } ++ data = g_malloc0((w * 3 * h) + 3); /* +3 is just for safety */ + buffer = g_malloc(imgsize); + fread(buffer, imgsize, 1, file); +- data = g_malloc0((w * 3 * h) + 3); /* +3 is just for safety */ + + if (bitcount == 1) + read_1b_rgb(buffer, imgsize, data, w, h, rgb_quads);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201404081535.s38FZIwG078361>