summaryrefslogtreecommitdiff
path: root/graphics
diff options
context:
space:
mode:
authorfredb <fredb@pkgsrc.org>2004-05-10 01:15:14 +0000
committerfredb <fredb@pkgsrc.org>2004-05-10 01:15:14 +0000
commita6b9f4a80fb96a9f5136d86f3c3f0ab71e02acb5 (patch)
tree42e75f50f077c5112d02c38648a833ab8f4f163a /graphics
parentc28674490098f301fa9f57002fb45abae5666bf1 (diff)
downloadpkgsrc-a6b9f4a80fb96a9f5136d86f3c3f0ab71e02acb5.tar.gz
Don't read past the end of the error message string. This patch was
posted to png-implement by Glenn Randers-Pherson, libpng's maintainer. This error was widely reported as "security issue", http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0421 even though there is no security issue. The most the error could do is SIGSEGV, and that only with some fairly uncommon circumstances. The patch posted with the advisory is in fact flawed, in that it calls strlen() on presumably arbitrary data. Bump PKGREVISION.
Diffstat (limited to 'graphics')
-rw-r--r--graphics/png/Makefile4
-rw-r--r--graphics/png/distinfo5
-rw-r--r--graphics/png/patches/patch-ae20
-rw-r--r--graphics/png/patches/patch-af13
4 files changed, 36 insertions, 6 deletions
diff --git a/graphics/png/Makefile b/graphics/png/Makefile
index addfeb74ca3..67f2574d288 100644
--- a/graphics/png/Makefile
+++ b/graphics/png/Makefile
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.60 2004/04/27 19:36:27 tv Exp $
+# $NetBSD: Makefile,v 1.61 2004/05/10 01:15:14 fredb Exp $
# On update, don't forget to increase shared library major/minor's in
# accordance with changes (patch-aa).
DISTNAME= libpng-1.2.5
PKGNAME= ${DISTNAME:S/lib//}
-PKGREVISION= 4
+PKGREVISION= 5
CATEGORIES= graphics
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=libpng/} \
http://www.libpng.org/pub/png/src/ \
diff --git a/graphics/png/distinfo b/graphics/png/distinfo
index 219d7d08d13..d2485d0d4b4 100644
--- a/graphics/png/distinfo
+++ b/graphics/png/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.17 2004/04/27 22:40:35 tv Exp $
+$NetBSD: distinfo,v 1.18 2004/05/10 01:15:14 fredb Exp $
SHA1 (libpng-1.2.5.tar.bz2) = 6752eaf1a604edbbb0149b781155ef9cb47d80c3
Size (libpng-1.2.5.tar.bz2) = 378030 bytes
@@ -6,4 +6,5 @@ SHA1 (patch-aa) = 0b3d28e526f8d1530e82c30be46aea19e5a32d6a
SHA1 (patch-ab) = be7dc4a3e21c0056a913c5f1488528558024e6ea
SHA1 (patch-ac) = 96e42c626b9aec1f2d68f920f147463ca77da27c
SHA1 (patch-ad) = edfe5d2c827939eba9d62f426f5dca51979be245
-SHA1 (patch-ae) = a0f17e4a95d80ca51fb99d0abffffb31e20cc7f2
+SHA1 (patch-ae) = 8556ab8a0f3d2dab1f83a8aa7dcc6b5e6728f2a2
+SHA1 (patch-af) = 47ee1f744dc629d9160cbce239d1ec80a970d9be
diff --git a/graphics/png/patches/patch-ae b/graphics/png/patches/patch-ae
index 7d38db86b7f..50b107fb3b6 100644
--- a/graphics/png/patches/patch-ae
+++ b/graphics/png/patches/patch-ae
@@ -1,6 +1,6 @@
-$NetBSD: patch-ae,v 1.1 2004/03/30 11:09:15 wiz Exp $
+$NetBSD: patch-ae,v 1.2 2004/05/10 01:15:14 fredb Exp $
---- pngconf.h.orig Thu Oct 3 13:32:27 2002
+--- pngconf.h.orig 2002-10-03 06:32:27.000000000 -0500
+++ pngconf.h
@@ -252,8 +252,8 @@
# undef _BSD_SOURCE
@@ -13,3 +13,19 @@ $NetBSD: patch-ae,v 1.1 2004/03/30 11:09:15 wiz Exp $
# endif
# endif /* __linux__ */
+@@ -1280,6 +1280,7 @@
+ # define CVT_PTR(ptr) (png_far_to_near(png_ptr,ptr,CHECK))
+ # define CVT_PTR_NOCHECK(ptr) (png_far_to_near(png_ptr,ptr,NOCHECK))
+ # define png_strcpy _fstrcpy
++# define png_strncpy _fstrncpy /* Added to v 1.2.6 */
+ # define png_strlen _fstrlen
+ # define png_memcmp _fmemcmp /* SJT: added */
+ # define png_memcpy _fmemcpy
+@@ -1288,6 +1289,7 @@
+ # define CVT_PTR(ptr) (ptr)
+ # define CVT_PTR_NOCHECK(ptr) (ptr)
+ # define png_strcpy strcpy
++# define png_strncpy strncpy /* Added to v 1.2.6 */
+ # define png_strlen strlen
+ # define png_memcmp memcmp /* SJT: added */
+ # define png_memcpy memcpy
diff --git a/graphics/png/patches/patch-af b/graphics/png/patches/patch-af
new file mode 100644
index 00000000000..9c35717cacc
--- /dev/null
+++ b/graphics/png/patches/patch-af
@@ -0,0 +1,13 @@
+$NetBSD: patch-af,v 1.1 2004/05/10 01:15:14 fredb Exp $
+
+--- pngerror.c.orig 2002-10-03 06:32:27.000000000 -0500
++++ pngerror.c
+@@ -137,7 +137,7 @@ png_format_buffer(png_structp png_ptr, p
+ {
+ buffer[iout++] = ':';
+ buffer[iout++] = ' ';
+- png_memcpy(buffer+iout, error_message, 64);
++ png_strncpy(buffer+iout, error_message, 63);
+ buffer[iout+63] = 0;
+ }
+ }