diff options
author | hasso <hasso@pkgsrc.org> | 2009-08-28 21:33:07 +0000 |
---|---|---|
committer | hasso <hasso@pkgsrc.org> | 2009-08-28 21:33:07 +0000 |
commit | 77500da7125365fa846f149678661cbbed094c4a (patch) | |
tree | 1399ad526ed1fc0a2fee8598b0560f7839ce76fe | |
parent | 9507049e05ffe695733fcc532bb994705ab20b2b (diff) | |
download | pkgsrc-77500da7125365fa846f149678661cbbed094c4a.tar.gz |
Add patches for CVE-2009-1720 (multiple integer overflows in OpenEXR) and
CVE-2009-1721 (denial of service (application crash) or possibly execute
arbitrary code in the Imf::hufUncompress function). Bump PKGREVISION.
-rw-r--r-- | graphics/openexr/Makefile | 3 | ||||
-rw-r--r-- | graphics/openexr/distinfo | 7 | ||||
-rw-r--r-- | graphics/openexr/patches/patch-ae | 23 | ||||
-rw-r--r-- | graphics/openexr/patches/patch-af | 14 | ||||
-rw-r--r-- | graphics/openexr/patches/patch-ag | 14 | ||||
-rw-r--r-- | graphics/openexr/patches/patch-ah | 14 | ||||
-rw-r--r-- | graphics/openexr/patches/patch-ai | 13 |
7 files changed, 86 insertions, 2 deletions
diff --git a/graphics/openexr/Makefile b/graphics/openexr/Makefile index bc0e6af660d..b9d6c10dde9 100644 --- a/graphics/openexr/Makefile +++ b/graphics/openexr/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.21 2009/01/28 13:14:55 tron Exp $ +# $NetBSD: Makefile,v 1.22 2009/08/28 21:33:07 hasso Exp $ DISTNAME= openexr-1.6.1 +PKGREVISION= 1 CATEGORIES= graphics MASTER_SITES= http://savannah.nongnu.org/download/openexr/ diff --git a/graphics/openexr/distinfo b/graphics/openexr/distinfo index 65f4c2775b4..3527ccc458a 100644 --- a/graphics/openexr/distinfo +++ b/graphics/openexr/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.12 2009/07/21 11:50:35 tnn Exp $ +$NetBSD: distinfo,v 1.13 2009/08/28 21:33:08 hasso Exp $ SHA1 (openexr-1.6.1.tar.gz) = b3650e6542f0e09daadb2d467425530bc8eec333 RMD160 (openexr-1.6.1.tar.gz) = 3670633be841628e9d4c11981661e9d94a9b2711 @@ -7,3 +7,8 @@ SHA1 (patch-aa) = d1b9c2d817d875c30fa15cbbea5d1226b03b62d8 SHA1 (patch-ab) = 7d4fdf8d36f58ea5126b8c72dae901d1d68e6a60 SHA1 (patch-ac) = fa5735431b7168dfc8b4643a976fd7f95cbcb5e7 SHA1 (patch-ad) = b44ccc8a9ff32ebe7cc42f5c53778ebf050b4de6 +SHA1 (patch-ae) = aa70c907718f975c32698906edc9f6ca66b42e23 +SHA1 (patch-af) = ed02cf7091bfe490f33f4c8101ce84fab453b556 +SHA1 (patch-ag) = 6eebed2f16f02ba0f5b019f0f45c0f26ced0ba92 +SHA1 (patch-ah) = c7070ac42bc1c0cfb940f0aa53e04f93e887c590 +SHA1 (patch-ai) = 9bf08eb6e092848e6b194989e03320a334eff640 diff --git a/graphics/openexr/patches/patch-ae b/graphics/openexr/patches/patch-ae new file mode 100644 index 00000000000..13f9e376399 --- /dev/null +++ b/graphics/openexr/patches/patch-ae @@ -0,0 +1,23 @@ +$NetBSD: patch-ae,v 1.1 2009/08/28 21:33:08 hasso Exp $ + +--- IlmImf/ImfPreviewImage.cpp.orig 2006-06-06 00:58:16.000000000 -0500 ++++ IlmImf/ImfPreviewImage.cpp 2009-07-29 13:27:39.087038617 -0500 +@@ -41,6 +41,7 @@ + + #include <ImfPreviewImage.h> + #include "Iex.h" ++#include <limits.h> + + namespace Imf { + +@@ -51,6 +52,9 @@ PreviewImage::PreviewImage (unsigned int + { + _width = width; + _height = height; ++ if (_height && _width > UINT_MAX / _height || _width * _height > UINT_MAX / sizeof(PreviewRgba)) { ++ throw Iex::ArgExc ("Invalid height and width."); ++ } + _pixels = new PreviewRgba [_width * _height]; + + if (pixels) +diff -up openexr-1.6.1/IlmImf/ImfPreviewImage.h.CVE-2009-1720-1 openexr-1.6.1/IlmImf/ImfPreviewImage.h diff --git a/graphics/openexr/patches/patch-af b/graphics/openexr/patches/patch-af new file mode 100644 index 00000000000..0bf316f3b12 --- /dev/null +++ b/graphics/openexr/patches/patch-af @@ -0,0 +1,14 @@ +$NetBSD: patch-af,v 1.1 2009/08/28 21:33:08 hasso Exp $ + +--- IlmImf/ImfPizCompressor.cpp.orig 2007-09-20 23:17:46.000000000 -0500 ++++ IlmImf/ImfPizCompressor.cpp 2009-07-29 13:15:41.883288491 -0500 +@@ -181,6 +181,9 @@ PizCompressor::PizCompressor + _channels (hdr.channels()), + _channelData (0) + { ++ if ((unsigned) maxScanLineSize > (INT_MAX - 65536 - 8192) / (unsigned) numScanLines) { ++ throw InputExc ("Error: maxScanLineSize * numScanLines would overflow."); ++ } + _tmpBuffer = new unsigned short [maxScanLineSize * numScanLines / 2]; + _outBuffer = new char [maxScanLineSize * numScanLines + 65536 + 8192]; + diff --git a/graphics/openexr/patches/patch-ag b/graphics/openexr/patches/patch-ag new file mode 100644 index 00000000000..4732b1c7b75 --- /dev/null +++ b/graphics/openexr/patches/patch-ag @@ -0,0 +1,14 @@ +$NetBSD: patch-ag,v 1.1 2009/08/28 21:33:08 hasso Exp $ + +--- IlmImf/ImfRleCompressor.cpp.orig 2006-10-13 22:06:39.000000000 -0500 ++++ IlmImf/ImfRleCompressor.cpp 2009-07-29 13:17:39.505037955 -0500 +@@ -164,6 +164,9 @@ RleCompressor::RleCompressor (const Head + _tmpBuffer (0), + _outBuffer (0) + { ++ if ((unsigned) maxScanLineSize > INT_MAX / 3) { ++ throw Iex::InputExc ("Error: maxScanLineSize * 3 would overflow."); ++ } + _tmpBuffer = new char [maxScanLineSize]; + _outBuffer = new char [maxScanLineSize * 3 / 2]; + } diff --git a/graphics/openexr/patches/patch-ah b/graphics/openexr/patches/patch-ah new file mode 100644 index 00000000000..12cbe24e8b3 --- /dev/null +++ b/graphics/openexr/patches/patch-ah @@ -0,0 +1,14 @@ +$NetBSD: patch-ah,v 1.1 2009/08/28 21:33:08 hasso Exp $ + +--- IlmImf/ImfZipCompressor.cpp.orig 2006-10-13 22:07:17.000000000 -0500 ++++ IlmImf/ImfZipCompressor.cpp 2009-07-29 13:18:25.223038291 -0500 +@@ -58,6 +58,9 @@ ZipCompressor::ZipCompressor + _tmpBuffer (0), + _outBuffer (0) + { ++ if ((unsigned) maxScanLineSize > INT_MAX / (unsigned) numScanLines) { ++ throw Iex::InputExc ("Error: maxScanLineSize * numScanLines would overflow."); ++ } + _tmpBuffer = + new char [maxScanLineSize * numScanLines]; + diff --git a/graphics/openexr/patches/patch-ai b/graphics/openexr/patches/patch-ai new file mode 100644 index 00000000000..b31232a3175 --- /dev/null +++ b/graphics/openexr/patches/patch-ai @@ -0,0 +1,13 @@ +$NetBSD: patch-ai,v 1.1 2009/08/28 21:33:08 hasso Exp $ + +--- IlmImf/ImfAutoArray.h.orig 2007-04-23 20:26:56.000000000 -0500 ++++ IlmImf/ImfAutoArray.h 2009-07-29 13:22:08.309288375 -0500 +@@ -57,7 +57,7 @@ namespace Imf { + { + public: + +- AutoArray (): _data (new T [size]) {} ++ AutoArray (): _data (new T [size]) {memset(_data, 0, size * sizeof(T));} + ~AutoArray () {delete [] _data;} + + operator T * () {return _data;} |