diff options
author | spz <spz@pkgsrc.org> | 2010-02-28 13:15:01 +0000 |
---|---|---|
committer | spz <spz@pkgsrc.org> | 2010-02-28 13:15:01 +0000 |
commit | 85e7d99ac707cbc575b66e5caa3c494f52cad3cd (patch) | |
tree | 4bd6d24f64ae2b8625ac36f90d0d5b6a8c8279f8 | |
parent | 4578b9e5b9a42c29af19a7162999abe7e22bd9d2 (diff) | |
download | pkgsrc-85e7d99ac707cbc575b66e5caa3c494f52cad3cd.tar.gz |
Pullup ticket 3027 - requested by taca
security patch
Revisions pulled up:
- pkgsrc/x11/wxGTK24/Makefile 1.11
- pkgsrc/x11/wxGTK24/distinfo 1.10
Files added:
pkgsrc/x11/wxGTK24/patches/patch-am
pkgsrc/x11/wxGTK24/patches/patch-an
pkgsrc/x11/wxGTK24/patches/patch-ao
pkgsrc/x11/wxGTK24/patches/patch-ap
--------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Tue Feb 16 17:33:39 UTC 2010
Modified Files:
pkgsrc/x11/wxGTK24: Makefile distinfo
Added Files:
pkgsrc/x11/wxGTK24/patches: patch-am patch-an patch-ao patch-ap
Log Message:
Add patches for CVE-2009-2625 and CVE-2009-2369.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 pkgsrc/x11/wxGTK24/Makefile
cvs rdiff -u -r1.9 -r1.10 pkgsrc/x11/wxGTK24/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/x11/wxGTK24/patches/patch-am \
pkgsrc/x11/wxGTK24/patches/patch-an pkgsrc/x11/wxGTK24/patches/patch-ao \
pkgsrc/x11/wxGTK24/patches/patch-ap
-rw-r--r-- | x11/wxGTK24/Makefile | 4 | ||||
-rw-r--r-- | x11/wxGTK24/distinfo | 6 | ||||
-rw-r--r-- | x11/wxGTK24/patches/patch-am | 15 | ||||
-rw-r--r-- | x11/wxGTK24/patches/patch-an | 17 | ||||
-rw-r--r-- | x11/wxGTK24/patches/patch-ao | 28 | ||||
-rw-r--r-- | x11/wxGTK24/patches/patch-ap | 35 |
6 files changed, 102 insertions, 3 deletions
diff --git a/x11/wxGTK24/Makefile b/x11/wxGTK24/Makefile index 4e1d921080e..82e8a5015fa 100644 --- a/x11/wxGTK24/Makefile +++ b/x11/wxGTK24/Makefile @@ -1,11 +1,11 @@ -# $NetBSD: Makefile,v 1.9 2009/11/29 20:16:20 joerg Exp $ +# $NetBSD: Makefile,v 1.9.2.1 2010/02/28 13:15:01 spz Exp $ # PKG_DESTDIR_SUPPORT= user-destdir .include "Makefile.common" -PKGREVISION= 14 +PKGREVISION= 16 COMMENT= GTK-based implementation of the wxWidgets GUI library CONFLICTS+= wxGTK<=2.4.2nb5 diff --git a/x11/wxGTK24/distinfo b/x11/wxGTK24/distinfo index bc7972ef9ba..b1b560a72c2 100644 --- a/x11/wxGTK24/distinfo +++ b/x11/wxGTK24/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.9 2009/11/29 20:16:20 joerg Exp $ +$NetBSD: distinfo,v 1.9.2.1 2010/02/28 13:15:02 spz Exp $ SHA1 (wxGTK-2.4.2.tar.bz2) = 3f1ebacaaf8eb5510c14ee10bafbc5f225be842c RMD160 (wxGTK-2.4.2.tar.bz2) = 8076d1ba31c9b23becb241cbad5a83763fee776e @@ -15,3 +15,7 @@ SHA1 (patch-ai) = c5d301c2cb45397329d9a817d9278707a2d3b97f SHA1 (patch-aj) = 9f74442617e6a869c5ff253591bba3f9da3a9e0c SHA1 (patch-ak) = 3f26086c8f16ac972db89c21f665c187570937cc SHA1 (patch-al) = bceed88db708c83afca0fe3adb5c923f9bc661b0 +SHA1 (patch-am) = 445ae223a6fd88b86efafa7c13dbcf3f359f364f +SHA1 (patch-an) = a9d276244cac87fa00a3c3338179e68084b72b1d +SHA1 (patch-ao) = 7fb559c8662b20a61d39b308d3b6723b0dde6673 +SHA1 (patch-ap) = b1217506bfffe9ed7a282c960a99921c61d76dbd diff --git a/x11/wxGTK24/patches/patch-am b/x11/wxGTK24/patches/patch-am new file mode 100644 index 00000000000..5d320829dbf --- /dev/null +++ b/x11/wxGTK24/patches/patch-am @@ -0,0 +1,15 @@ +$NetBSD: patch-am,v 1.1.2.2 2010/02/28 13:15:02 spz Exp $ + +deal with CVE-2009-2625. + +--- contrib/src/xrc/expat/xmltok/xmltok_impl.c.orig 2003-09-21 11:32:55.000000000 +0000 ++++ contrib/src/xrc/expat/xmltok/xmltok_impl.c +@@ -1753,7 +1753,7 @@ void PREFIX(updatePosition)(const ENCODI + const char *end, + POSITION *pos) + { +- while (ptr != end) { ++ while (ptr < end) { + switch (BYTE_TYPE(enc, ptr)) { + #define LEAD_CASE(n) \ + case BT_LEAD ## n: \ diff --git a/x11/wxGTK24/patches/patch-an b/x11/wxGTK24/patches/patch-an new file mode 100644 index 00000000000..cea462b1c4a --- /dev/null +++ b/x11/wxGTK24/patches/patch-an @@ -0,0 +1,17 @@ +$NetBSD: patch-an,v 1.1.2.2 2010/02/28 13:15:02 spz Exp $ + +deal with CVE-2009-2369. + +--- src/common/image.cpp.orig 2003-09-21 11:31:39.000000000 +0000 ++++ src/common/image.cpp +@@ -147,6 +147,10 @@ void wxImage::Create( int width, int hei + + m_refData = new wxImageRefData(); + ++ if (width <= 0 || height <= 0 || width > INT_MAX / 3 / height) { ++ UnRef(); ++ return; ++ } + M_IMGDATA->m_data = (unsigned char *) malloc( width*height*3 ); + if (M_IMGDATA->m_data) + { diff --git a/x11/wxGTK24/patches/patch-ao b/x11/wxGTK24/patches/patch-ao new file mode 100644 index 00000000000..686b15c5840 --- /dev/null +++ b/x11/wxGTK24/patches/patch-ao @@ -0,0 +1,28 @@ +$NetBSD: patch-ao,v 1.1.2.2 2010/02/28 13:15:02 spz Exp $ + +deal with CVE-2009-2369. + +--- src/common/imagpng.cpp.orig 2003-09-21 11:31:39.000000000 +0000 ++++ src/common/imagpng.cpp +@@ -213,18 +213,16 @@ bool wxPNGHandler::LoadFile( wxImage *im + if (!image->Ok()) + goto error_nolines; + +- lines = (unsigned char **)malloc( (size_t)(height * sizeof(unsigned char *)) ); ++ // initialize all line pointers to NULL to ensure that they can be safely ++ // free()d if an error occurs before all of them could be allocated ++ lines = (unsigned char **)calloc(height, sizeof(unsigned char *)); + if (lines == NULL) + goto error_nolines; + + for (i = 0; i < height; i++) + { + if ((lines[i] = (unsigned char *)malloc( (size_t)(width * (sizeof(unsigned char) * 4)))) == NULL) +- { +- for ( unsigned int n = 0; n < i; n++ ) +- free( lines[n] ); + goto error; +- } + } + + // loaded successfully! diff --git a/x11/wxGTK24/patches/patch-ap b/x11/wxGTK24/patches/patch-ap new file mode 100644 index 00000000000..d167fb379a2 --- /dev/null +++ b/x11/wxGTK24/patches/patch-ap @@ -0,0 +1,35 @@ +$NetBSD: patch-ap,v 1.1.2.2 2010/02/28 13:15:02 spz Exp $ + +deal with CVE-2009-2369. + +--- src/common/imagtiff.cpp.orig 2003-09-21 11:31:39.000000000 +0000 ++++ src/common/imagtiff.cpp +@@ -188,15 +188,25 @@ bool wxTIFFHandler::LoadFile( wxImage *i + } + + uint32 w, h; +- uint32 npixels; + uint32 *raster; + + TIFFGetField( tif, TIFFTAG_IMAGEWIDTH, &w ); + TIFFGetField( tif, TIFFTAG_IMAGELENGTH, &h ); + +- npixels = w * h; ++ // guard against integer overflow during multiplication which could result ++ // in allocating a too small buffer and then overflowing it ++ const double bytesNeeded = (double)w * (double)h * sizeof(uint32); ++ if ( bytesNeeded >= 4294967295U /* UINT32_MAX */ ) ++ { ++ if ( verbose ) ++ wxLogError( _("TIFF: Image size is abnormally big.") ); ++ ++ TIFFClose(tif); ++ ++ return false; ++ } + +- raster = (uint32*) _TIFFmalloc( npixels * sizeof(uint32) ); ++ raster = (uint32*) _TIFFmalloc( bytesNeeded ); + + if (!raster) + { |