diff options
| author | ghen <ghen> | 2006-08-21 07:03:36 +0000 |
|---|---|---|
| committer | ghen <ghen> | 2006-08-21 07:03:36 +0000 |
| commit | 9e461fe4a1b693ac4790a97660b5cd8526530e8b (patch) | |
| tree | 7725f9dab7cc98dcecde313c223dd357bcccb14b /graphics | |
| parent | 7fe2783d4f1f11339df81b2791cb8d088e3d718f (diff) | |
| download | pkgsrc-9e461fe4a1b693ac4790a97660b5cd8526530e8b.tar.gz | |
Pullup ticket 1799 - requested by salo
security fix for libwmf
Revisions pulled up:
- pkgsrc/graphics/libwmf/Makefile 1.60
- pkgsrc/graphics/libwmf/distinfo 1.14
- pkgsrc/graphics/libwmf/patches/patch-ae 1.1
Module Name: pkgsrc
Committed By: salo
Date: Sun Aug 20 21:38:45 UTC 2006
Modified Files:
pkgsrc/graphics/libwmf: Makefile distinfo
Added Files:
pkgsrc/graphics/libwmf/patches: patch-ae
Log Message:
Security fix for CVE-2006-3376:
"A vulnerability in libwmf can be potentially exploited by malicious
people to compromise an application using the vulnerable library.
The vulnerability is caused due to an integer overflow error when
allocating memory based on a value taken directly from a WMF file
without performing any checks. This can be exploited to cause a
heap-based buffer overflow when a specially crafted WMF file is
processed.
Successful exploitation may allow execution of arbitrary code."
http://secunia.com/advisories/20921/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3376
Patch from Red Hat. Bump PKGREVISION.
Diffstat (limited to 'graphics')
| -rw-r--r-- | graphics/libwmf/Makefile | 4 | ||||
| -rw-r--r-- | graphics/libwmf/distinfo | 3 | ||||
| -rw-r--r-- | graphics/libwmf/patches/patch-ae | 31 |
3 files changed, 35 insertions, 3 deletions
diff --git a/graphics/libwmf/Makefile b/graphics/libwmf/Makefile index 5ec053bff61..946b37b68ab 100644 --- a/graphics/libwmf/Makefile +++ b/graphics/libwmf/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.59 2006/04/17 13:46:00 wiz Exp $ +# $NetBSD: Makefile,v 1.59.2.1 2006/08/21 07:03:36 ghen Exp $ DISTNAME= libwmf-0.2.8.4 -PKGREVISION= 3 +PKGREVISION= 4 CATEGORIES= graphics devel MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=wvware/} diff --git a/graphics/libwmf/distinfo b/graphics/libwmf/distinfo index 4cec03d233f..23393a8e2ea 100644 --- a/graphics/libwmf/distinfo +++ b/graphics/libwmf/distinfo @@ -1,6 +1,7 @@ -$NetBSD: distinfo,v 1.13 2006/01/18 22:04:58 adam Exp $ +$NetBSD: distinfo,v 1.13.4.1 2006/08/21 07:03:36 ghen Exp $ SHA1 (libwmf-0.2.8.4.tar.gz) = 822ab3bd0f5e8f39ad732f2774a8e9f18fc91e89 RMD160 (libwmf-0.2.8.4.tar.gz) = 98cd631adb5bb332d9224d04bc8a265c105435f2 Size (libwmf-0.2.8.4.tar.gz) = 2169375 bytes SHA1 (patch-ad) = b74be16c5da490394b86403009f5f35d80ba4bfa +SHA1 (patch-ae) = 644684733090c26250a1ce0e2c5a6c978bd54b74 diff --git a/graphics/libwmf/patches/patch-ae b/graphics/libwmf/patches/patch-ae new file mode 100644 index 00000000000..9186561f4f6 --- /dev/null +++ b/graphics/libwmf/patches/patch-ae @@ -0,0 +1,31 @@ +$NetBSD: patch-ae,v 1.1.2.2 2006/08/21 07:03:36 ghen Exp $ + +Security fix for CVE-2006-3376, from Red Hat. + +--- src/player.c.orig 2002-12-10 20:30:26.000000000 +0100 ++++ src/player.c 2006-08-20 23:29:44.000000000 +0200 +@@ -42,6 +42,7 @@ + #include "player/defaults.h" /* Provides: default settings */ + #include "player/record.h" /* Provides: parameter mechanism */ + #include "player/meta.h" /* Provides: record interpreters */ ++#include <stdint.h> + + /** + * @internal +@@ -132,8 +133,14 @@ + } + } + +-/* P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)-3) * 2 * sizeof (unsigned char)); +- */ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char)); ++ if (MAX_REC_SIZE(API) > UINT32_MAX/ 2) ++ { ++ API->err = wmf_E_InsMem; ++ WMF_DEBUG (API,"bailing..."); ++ return (API->err); ++ } ++ ++ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char)); + + if (ERR (API)) + { WMF_DEBUG (API,"bailing..."); |