diff options
| author | drochner <drochner@pkgsrc.org> | 2009-08-05 20:58:56 +0000 |
|---|---|---|
| committer | drochner <drochner@pkgsrc.org> | 2009-08-05 20:58:56 +0000 |
| commit | 1cddb051ccef3e55672391b20405baf5c7fdaf70 (patch) | |
| tree | bc0bb7545c9223657acc481d57798ad26d937557 /x11 | |
| parent | 2f1739bfb566ee8954f1c35fd4987a3155aae759 (diff) | |
| download | pkgsrc-1cddb051ccef3e55672391b20405baf5c7fdaf70.tar.gz | |
deal with CVE-2009-2369 -- neither the advisory nor anything it links
to give useful information, just spotted an obvious case where data
passed from subclasses are used for malloc() unchecked, so added a check.
I can't claim that the CVE report is fixed because it is not clear what
it is about, but it seems that this fixes an issue.
bump PKGREVISION
Diffstat (limited to 'x11')
| -rw-r--r-- | x11/wxGTK28/Makefile | 4 | ||||
| -rw-r--r-- | x11/wxGTK28/distinfo | 3 | ||||
| -rw-r--r-- | x11/wxGTK28/patches/patch-ca | 15 |
3 files changed, 19 insertions, 3 deletions
diff --git a/x11/wxGTK28/Makefile b/x11/wxGTK28/Makefile index 52f5aa73390..b725aea3295 100644 --- a/x11/wxGTK28/Makefile +++ b/x11/wxGTK28/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.4 2009/08/01 14:03:19 drochner Exp $ +# $NetBSD: Makefile,v 1.5 2009/08/05 20:58:56 drochner Exp $ # .include "../../x11/wxGTK28/Makefile.common" -PKGREVISION= 1 +PKGREVISION= 2 PKGNAME= ${DISTNAME:S/wxGTK/wxGTK28/} COMMENT= GTK-based implementation of the wxWidgets GUI library diff --git a/x11/wxGTK28/distinfo b/x11/wxGTK28/distinfo index 04a75d25648..eb4ff4291a2 100644 --- a/x11/wxGTK28/distinfo +++ b/x11/wxGTK28/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.5 2009/08/01 14:03:19 drochner Exp $ +$NetBSD: distinfo,v 1.6 2009/08/05 20:58:56 drochner Exp $ SHA1 (wxGTK-2.8.10-libtool.diff.bz2) = 62ff30c26efdd73252bed2d07b82a9b9d3ef890f RMD160 (wxGTK-2.8.10-libtool.diff.bz2) = 64e1c32caa4bd6a0503bce4764e3ddc1cba68f8a @@ -11,3 +11,4 @@ SHA1 (patch-ab) = 82960daef0616824718f3c04929871aeb0e258a2 SHA1 (patch-ac) = 50cf253797f2dee8b9dab08d138d0070e25e7a8c SHA1 (patch-ba) = e47f8613835ce309daff09ae3265d44f37493579 SHA1 (patch-bb) = 52df734a1df364dc5599a2b9252a15b87cae13b1 +SHA1 (patch-ca) = 4df0c2629c61fbf83a121eb16e490e9c2abb5ad8 diff --git a/x11/wxGTK28/patches/patch-ca b/x11/wxGTK28/patches/patch-ca new file mode 100644 index 00000000000..4e807c87b51 --- /dev/null +++ b/x11/wxGTK28/patches/patch-ca @@ -0,0 +1,15 @@ +$NetBSD: patch-ca,v 1.1 2009/08/05 20:58:56 drochner Exp $ + +--- src/common/image.cpp.orig 2009-03-06 13:17:40.000000000 +0100 ++++ src/common/image.cpp +@@ -186,6 +186,10 @@ bool wxImage::Create( int width, int hei + + m_refData = new wxImageRefData(); + ++ if (width <= 0 || height <= 0 || width > INT_MAX / 3 / height) { ++ UnRef(); ++ return false; ++ } + M_IMGDATA->m_data = (unsigned char *) malloc( width*height*3 ); + if (!M_IMGDATA->m_data) + { |