diff options
| author | salo <salo> | 2005-04-01 10:51:50 +0000 |
|---|---|---|
| committer | salo <salo> | 2005-04-01 10:51:50 +0000 |
| commit | 1059570e3aafffd712f64f3fce367238bc1682f0 (patch) | |
| tree | a9fd7645e0fcbf683679f20038b32cea813f6e49 /x11 | |
| parent | 99e8fbc2b988939f1e6a245ca42100859290048d (diff) | |
| download | pkgsrc-1059570e3aafffd712f64f3fce367238bc1682f0.tar.gz | |
Security fix for CAN-2005-0891:
"David Costanzo has reported a vulnerability in GTK+, which can be
exploited by malicious people to crash certain applications on
a user's system.
The vulnerability is caused due to a double free error in the BMP
loader. This can be exploited to crash an application linked against
GTK+ when a specially crafted BMP image is processed."
Bump PKGREVISION. Patch from Fedora.
Diffstat (limited to 'x11')
| -rw-r--r-- | x11/gtk2/Makefile | 3 | ||||
| -rw-r--r-- | x11/gtk2/buildlink3.mk | 4 | ||||
| -rw-r--r-- | x11/gtk2/distinfo | 3 | ||||
| -rw-r--r-- | x11/gtk2/patches/patch-ai | 25 |
4 files changed, 31 insertions, 4 deletions
diff --git a/x11/gtk2/Makefile b/x11/gtk2/Makefile index f47b4ce4317..b0ee831f26b 100644 --- a/x11/gtk2/Makefile +++ b/x11/gtk2/Makefile @@ -1,8 +1,9 @@ -# $NetBSD: Makefile,v 1.78 2005/03/13 15:24:39 jmmv Exp $ +# $NetBSD: Makefile,v 1.79 2005/04/01 10:51:50 salo Exp $ # DISTNAME= gtk+-2.6.4 PKGNAME= ${DISTNAME:S/gtk/gtk2/} +PKGREVISION= 1 CATEGORIES= x11 MASTER_SITES= ftp://ftp.gtk.org/pub/gtk/v2.6/ \ ftp://ftp.cs.umn.edu/pub/gimp/gtk/v2.6/ \ diff --git a/x11/gtk2/buildlink3.mk b/x11/gtk2/buildlink3.mk index a19bb510cae..dc012fad48a 100644 --- a/x11/gtk2/buildlink3.mk +++ b/x11/gtk2/buildlink3.mk @@ -1,4 +1,4 @@ -# $NetBSD: buildlink3.mk,v 1.16 2004/12/28 23:18:21 reed Exp $ +# $NetBSD: buildlink3.mk,v 1.17 2005/04/01 10:51:50 salo Exp $ BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+ GTK2_BUILDLINK3_MK:= ${GTK2_BUILDLINK3_MK}+ @@ -12,7 +12,7 @@ BUILDLINK_PACKAGES+= gtk2 .if !empty(GTK2_BUILDLINK3_MK:M+) BUILDLINK_DEPENDS.gtk2+= gtk2+>=2.4.0 -BUILDLINK_RECOMMENDED.gtk2+= gtk2+>=2.6.0nb1 +BUILDLINK_RECOMMENDED.gtk2+= gtk2+>=2.6.4nb1 BUILDLINK_PKGSRCDIR.gtk2?= ../../x11/gtk2 PRINT_PLIST_AWK+= /^@dirrm lib\/gtk-2.0$$/ { next; } diff --git a/x11/gtk2/distinfo b/x11/gtk2/distinfo index 198ad0052f6..44e97856b35 100644 --- a/x11/gtk2/distinfo +++ b/x11/gtk2/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.42 2005/03/02 15:39:06 wiz Exp $ +$NetBSD: distinfo,v 1.43 2005/04/01 10:51:50 salo Exp $ SHA1 (gtk+-2.6.4.tar.bz2) = d4f91ae7e1b2b2be24821789d68057d21f4a9911 RMD160 (gtk+-2.6.4.tar.bz2) = 351e9752f46e68e3839f79d3b8c155d320d27bb9 @@ -10,3 +10,4 @@ SHA1 (patch-ae) = 1fdeeef405b2045f26335f0bb607e3c3d24b3ae6 SHA1 (patch-af) = 6797fd34be0a34368f6edede2321562678b112ff SHA1 (patch-ag) = dc4d72a39e426b880ca69ba8bc499fdaf42e0da8 SHA1 (patch-ah) = 486d6601d6dba04830a8645c6a5791755e6538d9 +SHA1 (patch-ai) = 190289e323da72e3c36555f3cb2e72bfc0be2ab1 diff --git a/x11/gtk2/patches/patch-ai b/x11/gtk2/patches/patch-ai new file mode 100644 index 00000000000..7c26b1d0afa --- /dev/null +++ b/x11/gtk2/patches/patch-ai @@ -0,0 +1,25 @@ +$NetBSD: patch-ai,v 1.7 2005/04/01 10:51:51 salo Exp $ + +--- gdk-pixbuf/io-bmp.c.orig 2005-01-04 16:47:02.000000000 +0100 ++++ gdk-pixbuf/io-bmp.c 2005-04-01 11:21:52.000000000 +0200 +@@ -219,7 +219,19 @@ + static gboolean grow_buffer (struct bmp_progressive_state *State, + GError **error) + { +- guchar *tmp = g_try_realloc (State->buff, State->BufferSize); ++ guchar *tmp; ++ ++ if (State->BufferSize == 0) { ++ g_set_error (error, ++ GDK_PIXBUF_ERROR, ++ GDK_PIXBUF_ERROR_CORRUPT_IMAGE, ++ _("BMP image has bogus header data")); ++ State->read_state = READ_STATE_ERROR; ++ return FALSE; ++ } ++ ++ tmp = g_try_realloc (State->buff, State->BufferSize); ++ + if (!tmp) { + g_set_error (error, + GDK_PIXBUF_ERROR, |