diff options
author | gutteridge <gutteridge@pkgsrc.org> | 2021-01-16 00:25:33 +0000 |
---|---|---|
committer | gutteridge <gutteridge@pkgsrc.org> | 2021-01-16 00:25:33 +0000 |
commit | b4457b5c567f681d9e844f688d2672dcc1b3ce7b (patch) | |
tree | c71590c06f03291d589280da15c3b57ba9301238 /graphics/dia | |
parent | 175cbfb94e11fbad985a28269ac10d2c87141466 (diff) | |
download | pkgsrc-b4457b5c567f681d9e844f688d2672dcc1b3ce7b.tar.gz |
dia: apply an upstream security fix
Fix endless loop on filenames with invalid encoding (CVE-2019-19451).
Diffstat (limited to 'graphics/dia')
-rw-r--r-- | graphics/dia/Makefile | 4 | ||||
-rw-r--r-- | graphics/dia/distinfo | 3 | ||||
-rw-r--r-- | graphics/dia/patches/patch-app_app__procs.c | 15 |
3 files changed, 19 insertions, 3 deletions
diff --git a/graphics/dia/Makefile b/graphics/dia/Makefile index ee012014a06..c7aea996837 100644 --- a/graphics/dia/Makefile +++ b/graphics/dia/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.111 2020/11/05 09:08:19 ryoon Exp $ +# $NetBSD: Makefile,v 1.112 2021/01/16 00:25:33 gutteridge Exp $ -PKGREVISION= 20 +PKGREVISION= 21 .include "Makefile.common" .include "options.mk" diff --git a/graphics/dia/distinfo b/graphics/dia/distinfo index 062efa67236..44955761369 100644 --- a/graphics/dia/distinfo +++ b/graphics/dia/distinfo @@ -1,10 +1,11 @@ -$NetBSD: distinfo,v 1.35 2020/05/01 20:19:23 rillig Exp $ +$NetBSD: distinfo,v 1.36 2021/01/16 00:25:33 gutteridge Exp $ SHA1 (dia-0.97.3.tar.xz) = 316393951daebd186ba387e1cd6e34160a458c39 RMD160 (dia-0.97.3.tar.xz) = a984efa1663cc154f4394060af37fab146f99175 SHA512 (dia-0.97.3.tar.xz) = 34298980be930b87cb4a636344e4cb2a7e43eedc00b0969a5e446cee9b74b616fdc8c798efcb9a5832b98741f2e20632a44037b2bcb436f59591d531ef441efa Size (dia-0.97.3.tar.xz) = 5548500 bytes SHA1 (patch-aa) = bad171ff4f379030f05c613b362e669a53d7f6da +SHA1 (patch-app_app__procs.c) = 867ec641d96b30123e15af9faca09a9f66a60993 SHA1 (patch-app_load_save.c) = 2956f9ad67b8270cd84a8421abbb676af29338f2 SHA1 (patch-be) = fc6ba43fabefca18188ab0541f4be7f19d9726d6 SHA1 (patch-ca) = 8737f3ff19244e2f87ffb571da21159bc2248648 diff --git a/graphics/dia/patches/patch-app_app__procs.c b/graphics/dia/patches/patch-app_app__procs.c new file mode 100644 index 00000000000..17d51ba5b44 --- /dev/null +++ b/graphics/dia/patches/patch-app_app__procs.c @@ -0,0 +1,15 @@ +$NetBSD: patch-app_app__procs.c,v 1.1 2021/01/16 00:25:33 gutteridge Exp $ + +Fix endless loop on filenames with invalid encoding (CVE-2019-19451) +https://gitlab.gnome.org/GNOME/dia/issues/428 + +--- app/app_procs.c.orig 2014-08-24 15:46:01.000000000 +0000 ++++ app/app_procs.c +@@ -801,6 +801,7 @@ app_init (int argc, char **argv) + + if (!filename) { + g_print (_("Filename conversion failed: %s\n"), filenames[i]); ++ ++i; + continue; + } + |