pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/graphics/dia dia: apply an upstream security fix
details: https://anonhg.NetBSD.org/pkgsrc/rev/7f61f4b9894e
branches: trunk
changeset: 445026:7f61f4b9894e
user: gutteridge <gutteridge%pkgsrc.org@localhost>
date: Sat Jan 16 00:25:33 2021 +0000
description:
dia: apply an upstream security fix
Fix endless loop on filenames with invalid encoding (CVE-2019-19451).
diffstat:
graphics/dia/Makefile | 4 ++--
graphics/dia/distinfo | 3 ++-
graphics/dia/patches/patch-app_app__procs.c | 15 +++++++++++++++
3 files changed, 19 insertions(+), 3 deletions(-)
diffs (47 lines):
diff -r 3d280370b2f1 -r 7f61f4b9894e graphics/dia/Makefile
--- a/graphics/dia/Makefile Sat Jan 16 00:10:50 2021 +0000
+++ b/graphics/dia/Makefile Sat Jan 16 00:25:33 2021 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.111 2020/11/05 09:08:19 ryoon Exp $
+# $NetBSD: Makefile,v 1.112 2021/01/16 00:25:33 gutteridge Exp $
-PKGREVISION= 20
+PKGREVISION= 21
.include "Makefile.common"
.include "options.mk"
diff -r 3d280370b2f1 -r 7f61f4b9894e graphics/dia/distinfo
--- a/graphics/dia/distinfo Sat Jan 16 00:10:50 2021 +0000
+++ b/graphics/dia/distinfo Sat Jan 16 00:25:33 2021 +0000
@@ -1,10 +1,11 @@
-$NetBSD: distinfo,v 1.35 2020/05/01 20:19:23 rillig Exp $
+$NetBSD: distinfo,v 1.36 2021/01/16 00:25:33 gutteridge Exp $
SHA1 (dia-0.97.3.tar.xz) = 316393951daebd186ba387e1cd6e34160a458c39
RMD160 (dia-0.97.3.tar.xz) = a984efa1663cc154f4394060af37fab146f99175
SHA512 (dia-0.97.3.tar.xz) = 34298980be930b87cb4a636344e4cb2a7e43eedc00b0969a5e446cee9b74b616fdc8c798efcb9a5832b98741f2e20632a44037b2bcb436f59591d531ef441efa
Size (dia-0.97.3.tar.xz) = 5548500 bytes
SHA1 (patch-aa) = bad171ff4f379030f05c613b362e669a53d7f6da
+SHA1 (patch-app_app__procs.c) = 867ec641d96b30123e15af9faca09a9f66a60993
SHA1 (patch-app_load_save.c) = 2956f9ad67b8270cd84a8421abbb676af29338f2
SHA1 (patch-be) = fc6ba43fabefca18188ab0541f4be7f19d9726d6
SHA1 (patch-ca) = 8737f3ff19244e2f87ffb571da21159bc2248648
diff -r 3d280370b2f1 -r 7f61f4b9894e graphics/dia/patches/patch-app_app__procs.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/dia/patches/patch-app_app__procs.c Sat Jan 16 00:25:33 2021 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-app_app__procs.c,v 1.1 2021/01/16 00:25:33 gutteridge Exp $
+
+Fix endless loop on filenames with invalid encoding (CVE-2019-19451)
+https://gitlab.gnome.org/GNOME/dia/issues/428
+
+--- app/app_procs.c.orig 2014-08-24 15:46:01.000000000 +0000
++++ app/app_procs.c
+@@ -801,6 +801,7 @@ app_init (int argc, char **argv)
+
+ if (!filename) {
+ g_print (_("Filename conversion failed: %s\n"), filenames[i]);
++ ++i;
+ continue;
+ }
+
Home |
Main Index |
Thread Index |
Old Index