head	1.2;
access;
symbols
	RELEASE_5_3_0:1.1;
locks; strict;
comment	@# @;


1.2
date	2004.11.07.22.24.21;	author marcus;	state dead;
branches;
next	1.1;

1.1
date	2004.09.28.03.18.41;	author marcus;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Presenting GNOME 2.8 for FreeBSD (2.8.1 to be exact).

This release notes detailing all of the new goodies in GNOME 2.8 can
be found at http://www.gnome.org/start/2.8/notes/, and the list of what
was fixed in GNOME 2.8.1 can be found at
http://lists.gnome.org/archives/gnome-announce-list/2004-October/msg00056.html.

This release, as well as all of our others, would not have been possible
without the great efforts of our FreeBSD GNOME Team.  The list of
current members can be found at http://www.freebsd.org/gnome/contact.html
(including our newest member, Michael Johnson <ahze@@FreeBSD.org>).

Special thanks also goes out to all of the loyal FreeBSD GNOME users that
put up with crashes and hangs to test and debug GNOME on FreeBSD.  We would
especially like to thank those users that provided patches for GNOME 2.7 and
2.8:

Franz Klammer <klammer@@webonaut.com>
Piotr Smyrak <piotr.smyrak@@heron.pl>
Radek Kozlowski <radek@@raadradd.com>
Khairil Yusof <kaeru@@pd.jaring.my>
Yasuda Keisuke <kysd@@po.harenet.ne.jp>
Tom McLaughlin <tmclaugh@@sdf.lonestar.org>
Vladimir Grebenschikov <vova@@fbsd.ru>

GNOME 2.8 also features a new, FreeBSD-specific splashscreen that
was designed by jimmac for GNOME 2.8, then daemonized by
Franz Klammer <klammer@@webonaut.com> and Radek Kozlowski
<radek@@raadradd.com>.

As with GNOME 2.6, you cannot just "portupgrade" to GNOME 2.8.  There is
a script provided at http://www.marcuscom.com/downloads/gnome_upgrade28.sh
that will aid in the upgrade process.  Full documentation on the GNOME 2.8
upgrade is coming following this commit.

From all of us at FreeBSD GNOME, ENJOY!
@
text
@Index: mozilla/gfx/src/shared/gfxImageFrame.cpp
===================================================================
RCS file: /cvsroot/mozilla/gfx/src/shared/gfxImageFrame.cpp,v
retrieving revision 1.26
retrieving revision 1.26.12.1
diff -u -r1.26 -r1.26.12.1
--- gfx/src/shared/gfxImageFrame.cpp	16 Jan 2004 23:28:48 -0000	1.26
+++ gfx/src/shared/gfxImageFrame.cpp	27 Aug 2004 11:02:58 -0000	1.26.12.1
@@@@ -72,6 +72,13 @@@@
     return NS_ERROR_FAILURE;
   }
 
+  /* reject over-wide or over-tall images */
+  const PRInt32 k64KLimit = 0x0000FFFF;
+  if ( aWidth > k64KLimit || aHeight > k64KLimit ){
+    NS_ERROR("image too big");
+    return NS_ERROR_FAILURE;
+  }
+
   nsresult rv;
 
   mOffset.MoveTo(aX, aY);
Index: mozilla/gfx/src/windows/nsImageWin.cpp
===================================================================
RCS file: /cvsroot/mozilla/gfx/src/windows/nsImageWin.cpp,v
retrieving revision 3.130.2.1
retrieving revision 3.130.2.1.6.1
diff -u -r3.130.2.1 -r3.130.2.1.6.1
--- gfx/src/windows/nsImageWin.cpp	11 May 2004 21:53:49 -0000	3.130.2.1
+++ gfx/src/windows/nsImageWin.cpp	27 Aug 2004 11:02:58 -0000	3.130.2.1.6.1
@@@@ -131,6 +131,10 @@@@
     return NS_ERROR_UNEXPECTED;
   }
 
+  // limit images to 64k pixels on a side (~55 feet on a 100dpi monitor)
+  const PRInt32 k64KLimit = 0x0000FFFF;
+  if (aWidth > k64KLimit || aHeight > k64KLimit)
+      return NS_ERROR_FAILURE;
 
   if (mNumPaletteColors >= 0){
     // If we have a palette
Index: mozilla/modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp
===================================================================
RCS file: /cvsroot/mozilla/modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp,v
retrieving revision 1.24.2.1
retrieving revision 1.24.2.1.6.1
diff -u -r1.24.2.1 -r1.24.2.1.6.1
--- modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp	13 May 2004 22:27:35 -0000	1.24.2.1
+++ modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp	27 Aug 2004 11:02:58 -0000	1.24.2.1.6.1
@@@@ -274,7 +274,9 @@@@
             CalcBitShift();
         }
         // BMPs with negative width are invalid
-        if (mBIH.width < 0)
+        // Reject extremely wide images to keep the math sane
+        const PRInt32 k64KWidth = 0x0000FFFF;
+        if (mBIH.width < 0 || mBIH.width > k64KWidth)
             return NS_ERROR_FAILURE;
 
         PRUint32 real_height = (mBIH.height > 0) ? mBIH.height : -mBIH.height;
@


1.1
log
@Patch the various recently reported security vulnerabilities in Mozilla.
This is being done instead of the update to 1.7.3 since the update breaks
all dependent ports, and that many changes is not a good thing to do during
a freeze.

This update covers the following Mozilla bugs:

245066
226669
250862
255067
256316
257317
258005

Thanks to nectar for scraping all of these patches together.

Obtained from:	Mozilla CVS
Approved by:	portmgr (implicit)
@
text
@@

