summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--graphics/libwmf/Makefile4
-rw-r--r--graphics/libwmf/distinfo3
-rw-r--r--graphics/libwmf/patches/patch-ae31
3 files changed, 35 insertions, 3 deletions
diff --git a/graphics/libwmf/Makefile b/graphics/libwmf/Makefile
index 5ec053bff61..32c50512027 100644
--- a/graphics/libwmf/Makefile
+++ b/graphics/libwmf/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.59 2006/04/17 13:46:00 wiz Exp $
+# $NetBSD: Makefile,v 1.60 2006/08/20 21:38:45 salo Exp $
DISTNAME= libwmf-0.2.8.4
-PKGREVISION= 3
+PKGREVISION= 4
CATEGORIES= graphics devel
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=wvware/}
diff --git a/graphics/libwmf/distinfo b/graphics/libwmf/distinfo
index 4cec03d233f..6256186c176 100644
--- a/graphics/libwmf/distinfo
+++ b/graphics/libwmf/distinfo
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.13 2006/01/18 22:04:58 adam Exp $
+$NetBSD: distinfo,v 1.14 2006/08/20 21:38:45 salo Exp $
SHA1 (libwmf-0.2.8.4.tar.gz) = 822ab3bd0f5e8f39ad732f2774a8e9f18fc91e89
RMD160 (libwmf-0.2.8.4.tar.gz) = 98cd631adb5bb332d9224d04bc8a265c105435f2
Size (libwmf-0.2.8.4.tar.gz) = 2169375 bytes
SHA1 (patch-ad) = b74be16c5da490394b86403009f5f35d80ba4bfa
+SHA1 (patch-ae) = 644684733090c26250a1ce0e2c5a6c978bd54b74
diff --git a/graphics/libwmf/patches/patch-ae b/graphics/libwmf/patches/patch-ae
new file mode 100644
index 00000000000..11c39521681
--- /dev/null
+++ b/graphics/libwmf/patches/patch-ae
@@ -0,0 +1,31 @@
+$NetBSD: patch-ae,v 1.1 2006/08/20 21:38:45 salo Exp $
+
+Security fix for CVE-2006-3376, from Red Hat.
+
+--- src/player.c.orig 2002-12-10 20:30:26.000000000 +0100
++++ src/player.c 2006-08-20 23:29:44.000000000 +0200
+@@ -42,6 +42,7 @@
+ #include "player/defaults.h" /* Provides: default settings */
+ #include "player/record.h" /* Provides: parameter mechanism */
+ #include "player/meta.h" /* Provides: record interpreters */
++#include <stdint.h>
+
+ /**
+ * @internal
+@@ -132,8 +133,14 @@
+ }
+ }
+
+-/* P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)-3) * 2 * sizeof (unsigned char));
+- */ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char));
++ if (MAX_REC_SIZE(API) > UINT32_MAX/ 2)
++ {
++ API->err = wmf_E_InsMem;
++ WMF_DEBUG (API,"bailing...");
++ return (API->err);
++ }
++
++ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char));
+
+ if (ERR (API))
+ { WMF_DEBUG (API,"bailing...");
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-04 10:39:43 +0000