diff options
author | tron <tron> | 2009-03-03 19:57:53 +0000 |
---|---|---|
committer | tron <tron> | 2009-03-03 19:57:53 +0000 |
commit | 3974c27f51cc0c15eef2868b7168d04dffd97d9d (patch) | |
tree | 8e6547378ce263a6ce5dbd2cfe988145b6b97764 | |
parent | dae2d9950aba0fd8ebab09a52cb013de1a8a8562 (diff) | |
download | pkgsrc-3974c27f51cc0c15eef2868b7168d04dffd97d9d.tar.gz |
Pullup ticket #2714 - requested by kefren
optipng: security patch
Revisions pulled up:
- graphics/optipng/Makefile 1.17
- graphics/optipng/distinfo 1.13
- graphics/optipng/patches/patch-ab 1.5
- graphics/optipng/patches/patch-ad 1.3
- graphics/optipng/patches/patch-ae 1.1
---
Module Name: pkgsrc
Committed By: kefren
Date: Mon Mar 2 06:20:34 UTC 2009
Modified Files:
pkgsrc/graphics/optipng: Makefile distinfo
Added Files:
pkgsrc/graphics/optipng/patches: patch-ab patch-ad patch-ae
Log Message:
Add patches from upstream in order to update to 0.6.2.1
Changes:
* Fix SA34035: Use after free error that can be used to execute arbitrary
code via a specially crafted GIF image
-rw-r--r-- | graphics/optipng/Makefile | 3 | ||||
-rw-r--r-- | graphics/optipng/distinfo | 5 | ||||
-rw-r--r-- | graphics/optipng/patches/patch-ab | 36 | ||||
-rw-r--r-- | graphics/optipng/patches/patch-ad | 12 | ||||
-rw-r--r-- | graphics/optipng/patches/patch-ae | 12 |
5 files changed, 66 insertions, 2 deletions
diff --git a/graphics/optipng/Makefile b/graphics/optipng/Makefile index e2eaea3e994..835eca1ce2d 100644 --- a/graphics/optipng/Makefile +++ b/graphics/optipng/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.16 2008/11/12 18:45:04 adam Exp $ +# $NetBSD: Makefile,v 1.16.2.1 2009/03/03 19:57:53 tron Exp $ DISTNAME= optipng-0.6.2 +PKGNAME= ${DISTNAME}.1 CATEGORIES= graphics MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=optipng/} diff --git a/graphics/optipng/distinfo b/graphics/optipng/distinfo index 3e97c3b3483..3e621102abd 100644 --- a/graphics/optipng/distinfo +++ b/graphics/optipng/distinfo @@ -1,7 +1,10 @@ -$NetBSD: distinfo,v 1.12 2008/11/12 18:45:04 adam Exp $ +$NetBSD: distinfo,v 1.12.2.1 2009/03/03 19:57:53 tron Exp $ SHA1 (optipng-0.6.2.tar.gz) = 374b3537a262590ba2822f2b10d9241247b4da95 RMD160 (optipng-0.6.2.tar.gz) = cd9ecfbd1c8901d14cb93fbc9f07403071cea37e Size (optipng-0.6.2.tar.gz) = 1052509 bytes SHA1 (patch-aa) = 0a0c92b9786193862465646373b82c6bc47cee2c +SHA1 (patch-ab) = 7816dcfe5505695a3032bdb399b904e5db33a182 SHA1 (patch-ac) = fb4eb567b5a24b2d26bf357061be80c57b4d4a3c +SHA1 (patch-ad) = f44f5862de983da3a78529db1ba1b53d40d16dde +SHA1 (patch-ae) = cf8a80e056bc25d59e2ffda73127e71056cc8ce2 diff --git a/graphics/optipng/patches/patch-ab b/graphics/optipng/patches/patch-ab new file mode 100644 index 00000000000..073e60bab6f --- /dev/null +++ b/graphics/optipng/patches/patch-ab @@ -0,0 +1,36 @@ +$NetBSD: patch-ab,v 1.4.22.1 2009/03/03 19:57:53 tron Exp $ +diff -ru optipng-0.6.2/lib/pngxtern/gif/gifread.c optipng-0.6.2.1/lib/pngxtern/gif/gifread.c +--- lib/pngxtern/gif/gifread.c 2006-08-10 20:17:00.000000000 -0400 ++++ lib/pngxtern/gif/gifread.c 2009-02-20 03:11:00.000000000 -0500 +@@ -219,8 +219,7 @@ + **/ + static void GIFReadNextExtension(struct GIFExtension *ext, FILE *stream) + { +- unsigned char *ptr; +- unsigned int len; ++ unsigned int offset, len; + int count, label; + + GIF_FGETC(label, stream); +@@ -233,7 +232,7 @@ + return; + } + +- ptr = ext->Buffer; ++ offset = 0; + len = ext->BufferSize; + for ( ;; ) + { +@@ -243,10 +242,10 @@ + ext->BufferSize += 1024; + ext->Buffer = realloc(ext->Buffer, ext->BufferSize); + } +- count = ReadDataBlock(ptr, stream); ++ count = ReadDataBlock(ext->Buffer + offset, stream); + if (count == 0) + break; +- ptr += count; ++ offset += count; + len -= count; + } + } diff --git a/graphics/optipng/patches/patch-ad b/graphics/optipng/patches/patch-ad new file mode 100644 index 00000000000..283d9c733c0 --- /dev/null +++ b/graphics/optipng/patches/patch-ad @@ -0,0 +1,12 @@ +$NetBSD: patch-ad,v 1.2.24.1 2009/03/03 19:57:53 tron Exp $ +diff -ru optipng-0.6.2/src/optipng.c optipng-0.6.2.1/src/optipng.c +--- src/optipng.c 2008-11-09 23:56:00.000000000 -0500 ++++ src/optipng.c 2008-11-11 13:57:00.000000000 -0500 +@@ -542,6 +542,7 @@ + static void + app_init(void) + { ++ setvbuf(stdout, NULL, _IONBF, 0); + if (options.log_name != NULL) + { + /* Open the log file, line-buffered. */ diff --git a/graphics/optipng/patches/patch-ae b/graphics/optipng/patches/patch-ae new file mode 100644 index 00000000000..3c0edc6d833 --- /dev/null +++ b/graphics/optipng/patches/patch-ae @@ -0,0 +1,12 @@ +$NetBSD: patch-ae,v 1.1.2.2 2009/03/03 19:57:53 tron Exp $ +diff -ru optipng-0.6.2/src/proginfo.h optipng-0.6.2.1/src/proginfo.h +--- src/proginfo.h 2008-11-09 23:56:00.000000000 -0500 ++++ src/proginfo.h 2009-02-22 23:38:00.000000000 -0500 +@@ -1,5 +1,5 @@ + #define PROGRAM_NAME "OptiPNG" + #define PROGRAM_DESCRIPTION "Advanced PNG optimizer" +-#define PROGRAM_VERSION "0.6.2" +-#define PROGRAM_COPYRIGHT "Copyright (C) 2001-2008 Cosmin Truta" ++#define PROGRAM_VERSION "0.6.2.1" ++#define PROGRAM_COPYRIGHT "Copyright (C) 2001-2009 Cosmin Truta" + #define PROGRAM_URI "http://optipng.sourceforge.net/" |