pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2004Q3]: pkgsrc/graphics/imlib Pullup ticket 171 - requested b...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/e5ddfea7de93
branches:  pkgsrc-2004Q3
changeset: 480780:e5ddfea7de93
user:      salo <salo%pkgsrc.org@localhost>
date:      Mon Dec 13 18:03:27 2004 +0000

description:
Pullup ticket 171 - requested by Havard Eidnes
security fix for imlib

        Module Name:    pkgsrc
        Committed By:   tron
        Date:           Sat Nov 27 08:09:38 UTC 2004

        Modified Files:
                pkgsrc/graphics/imlib: Makefile

        Log Message:
        Remove me as maintainer of this package.
---
        Module Name:    pkgsrc
        Committed By:   adam
        Date:           Fri Dec  3 13:42:47 UTC 2004

        Modified Files:
                pkgsrc/graphics/imlib: Makefile distinfo
                pkgsrc/graphics/imlib/patches: patch-ag patch-ah

        Log Message:
        Changes 1.9.15:
        * Minor bug fixes
---
        Module Name:    pkgsrc
        Committed By:   salo
        Date:           Fri Dec 10 09:30:42 UTC 2004

        Modified Files:
                pkgsrc/graphics/imlib: Makefile buildlink3.mk distinfo
                pkgsrc/graphics/imlib/patches: patch-ab patch-ai
        Added Files:
                pkgsrc/graphics/imlib/patches: patch-aj patch-ak patch-al
                    patch-am patch-an patch-ao

        Log Message:
        Bump PKGREVISION, security fix:

        "Multiple buffer overflows in imlib 1.9.14 and earlier, which is
        used by gkrellm and several window managers, allow remote attackers
        to execute arbitrary code via certain image files."  (1.9.15 is also
        affected)

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1026

        Patch from Pavel Kankovsky.

diffstat:

 graphics/imlib/Makefile         |   24 ++--
 graphics/imlib/PLIST            |    6 +-
 graphics/imlib/buildlink3.mk    |    3 +-
 graphics/imlib/distinfo         |   20 +++-
 graphics/imlib/patches/patch-ab |  169 ++++++++++++++++++++++++++++++++++++++-
 graphics/imlib/patches/patch-ag |   18 ++--
 graphics/imlib/patches/patch-ah |   18 ++--
 graphics/imlib/patches/patch-ai |   20 +++-
 graphics/imlib/patches/patch-aj |   89 +++++++++++++++++++++
 graphics/imlib/patches/patch-ak |   13 +++
 graphics/imlib/patches/patch-al |   15 +++
 graphics/imlib/patches/patch-am |   97 ++++++++++++++++++++++
 graphics/imlib/patches/patch-an |   23 +++++
 graphics/imlib/patches/patch-ao |   98 +++++++++++++++++++++++
 14 files changed, 561 insertions(+), 52 deletions(-)

diffs (truncated from 756 to 300 lines):

diff -r 5656da969224 -r e5ddfea7de93 graphics/imlib/Makefile
--- a/graphics/imlib/Makefile   Mon Dec 13 10:23:04 2004 +0000
+++ b/graphics/imlib/Makefile   Mon Dec 13 18:03:27 2004 +0000
@@ -1,23 +1,23 @@
-# $NetBSD: Makefile,v 1.86 2004/04/23 16:24:14 minskim Exp $
-#
+# $NetBSD: Makefile,v 1.86.4.1 2004/12/13 18:03:27 salo Exp $
 
-DISTNAME=              imlib-1.9.14
-PKGREVISION=           6
-CATEGORIES=            graphics
-MASTER_SITES=          ${MASTER_SITE_GNOME:=sources/imlib/1.9/}
+DISTNAME=      imlib-1.9.15
+PKGREVISION=   1
+CATEGORIES=    graphics
+MASTER_SITES=  ${MASTER_SITE_GNOME:=sources/imlib/1.9/}
+EXTRACT_SUFX=  .tar.bz2
 
-MAINTAINER=            tron%NetBSD.org@localhost
-HOMEPAGE=              http://www.nl.rasterman.com/imlib.html
-COMMENT=               Image manipulation library for X11
+MAINTAINER=    tech-pkg%NetBSD.org@localhost
+HOMEPAGE=      http://www.nl.rasterman.com/imlib.html
+COMMENT=       Image manipulation library for X11
 
 PKG_INSTALLATION_TYPES=        overwrite pkgviews
 
 USE_BUILDLINK3=                yes
+USE_GNU_TOOLS+=                make
+USE_LIBTOOL=           yes
 USE_X11=               yes
-USE_LIBTOOL=           yes
+GNU_CONFIGURE=         yes
 PKGCONFIG_OVERRIDE=    imlib.pc.in
-GNU_CONFIGURE=         yes
-USE_GNU_TOOLS+=                make
 UNLIMIT_RESOURCES=     datasize
 
 CPPFLAGS+=             -DENABLE_NLS
diff -r 5656da969224 -r e5ddfea7de93 graphics/imlib/PLIST
--- a/graphics/imlib/PLIST      Mon Dec 13 10:23:04 2004 +0000
+++ b/graphics/imlib/PLIST      Mon Dec 13 18:03:27 2004 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.7 2004/04/23 16:24:14 minskim Exp $
+@comment $NetBSD: PLIST,v 1.7.4.1 2004/12/13 18:03:27 salo Exp $
 bin/imlib_config
 bin/imlib-config
 include/gdk_imlib.h
@@ -11,12 +11,12 @@
 lib/libImlib.la
 lib/libImlib.so
 lib/libImlib.so.10
-lib/libImlib.so.10.14
+lib/libImlib.so.10.15
 lib/libgdk_imlib.a
 lib/libgdk_imlib.la
 lib/libgdk_imlib.so
 lib/libgdk_imlib.so.10
-lib/libgdk_imlib.so.10.14
+lib/libgdk_imlib.so.10.15
 lib/libimlib-bmp.a
 lib/libimlib-bmp.la
 lib/libimlib-bmp.so
diff -r 5656da969224 -r e5ddfea7de93 graphics/imlib/buildlink3.mk
--- a/graphics/imlib/buildlink3.mk      Mon Dec 13 10:23:04 2004 +0000
+++ b/graphics/imlib/buildlink3.mk      Mon Dec 13 18:03:27 2004 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.4 2004/03/18 09:12:11 jlam Exp $
+# $NetBSD: buildlink3.mk,v 1.4.6.1 2004/12/13 18:03:27 salo Exp $
 
 BUILDLINK_DEPTH:=      ${BUILDLINK_DEPTH}+
 IMLIB_BUILDLINK3_MK:=  ${IMLIB_BUILDLINK3_MK}+
@@ -12,6 +12,7 @@
 
 .if !empty(IMLIB_BUILDLINK3_MK:M+)
 BUILDLINK_DEPENDS.imlib+=      imlib>=1.9.14nb5
+BUILDLINK_RECOMMENDED.imlib+=  imlib>=1.9.15nb1
 BUILDLINK_PKGSRCDIR.imlib?=    ../../graphics/imlib
 .endif # IMLIB_BUILDLINK3_MK
 
diff -r 5656da969224 -r e5ddfea7de93 graphics/imlib/distinfo
--- a/graphics/imlib/distinfo   Mon Dec 13 10:23:04 2004 +0000
+++ b/graphics/imlib/distinfo   Mon Dec 13 18:03:27 2004 +0000
@@ -1,10 +1,16 @@
-$NetBSD: distinfo,v 1.14 2004/03/13 17:35:54 cube Exp $
+$NetBSD: distinfo,v 1.14.6.1 2004/12/13 18:03:27 salo Exp $
 
-SHA1 (imlib-1.9.14.tar.gz) = 3c8c8c3aaec3cc5a9fc924060a71223862a313f6
-Size (imlib-1.9.14.tar.gz) = 748591 bytes
+SHA1 (imlib-1.9.15.tar.bz2) = c9a732a354fbb3c7e1a426e5d19fc92d73f8f720
+Size (imlib-1.9.15.tar.bz2) = 683242 bytes
 SHA1 (patch-aa) = 185a5229af781d3dbc57978a3f4acd8308ca4c14
-SHA1 (patch-ab) = df9f9f7c85f0794748a4ca6f58836f8dd230c805
+SHA1 (patch-ab) = d1daff101bec77680f3e17cb776285976a7b5c7a
 SHA1 (patch-ae) = 3ed6fff2e73f04ec83c27dc6e3f2db2fa446abbb
-SHA1 (patch-ag) = 0ed464cb26492f3eebb8812efdb49ee83ef4ae6b
-SHA1 (patch-ah) = 703f83ad25e0a8af8427ccd4d8492f7fa83f26a3
-SHA1 (patch-ai) = 4c1ab5bd72cd3a5070a84b08e7870591d5a3b309
+SHA1 (patch-ag) = 961a92dfedc79570aacdd75102e63a32171ece55
+SHA1 (patch-ah) = edee5311a47d552f9d1b9dcb96f256518040c538
+SHA1 (patch-ai) = df13b72272f754375348437b99d962cb17732619
+SHA1 (patch-aj) = 2769e304deb93dd413fa3c44d53d1d67e92d5d00
+SHA1 (patch-ak) = 4d7ae79f23bf0c64fd85ffebc086b7bb43207718
+SHA1 (patch-al) = 4ad51c7128f7d6a5ecc67f51c745caf53a4def06
+SHA1 (patch-am) = 73c62e11f5b6ac6774e51f8183987b2b4db01465
+SHA1 (patch-an) = 260aeece3eb74d3ec11deed4e38fd46d3f1cde79
+SHA1 (patch-ao) = d4e3df56d2f743e53e73d72551ccd03491bf1c44
diff -r 5656da969224 -r e5ddfea7de93 graphics/imlib/patches/patch-ab
--- a/graphics/imlib/patches/patch-ab   Mon Dec 13 10:23:04 2004 +0000
+++ b/graphics/imlib/patches/patch-ab   Mon Dec 13 18:03:27 2004 +0000
@@ -1,8 +1,37 @@
-$NetBSD: patch-ab,v 1.5 2002/03/19 16:16:08 wiz Exp $
+$NetBSD: patch-ab,v 1.5.16.1 2004/12/13 18:03:27 salo Exp $
 
---- Imlib/load.c.orig  Wed Mar 13 19:06:29 2002
-+++ Imlib/load.c
-@@ -254,7 +254,8 @@
+--- Imlib/load.c.orig  2004-09-21 02:23:20.000000000 +0200
++++ Imlib/load.c       2004-12-10 09:58:18.000000000 +0100
+@@ -4,6 +4,8 @@
+ #include "Imlib_private.h"
+ #include <setjmp.h>
+ 
++#define G_MAXINT ((int) 0x7fffffff)
++
+ /*      Split the ID - damages input    */
+ 
+ static char        *
+@@ -41,13 +43,17 @@
+ 
+ /*
+  *     Make sure we don't wrap on our memory allocations
++ *     we check G_MAXINT/4 because rend.c malloc's w * h * bpp
++ *     + 3 is safety margin
+  */
+ 
+ void * _imlib_malloc_image(unsigned int w, unsigned int h)
+ {
+-       if( w > 32767 || h > 32767)
++       if (w <= 0 || w > 32767 ||
++           h <= 0 || h > 32767 ||
++           h >= (G_MAXINT/4 - 1) / w)
+                return NULL;
+-       return malloc(w * h * 3);
++       return malloc(w * h * 3 + 3);
+ }
+ 
+ #ifdef HAVE_LIBJPEG
+@@ -254,7 +260,8 @@
    png_read_image(png_ptr, lines);
    png_destroy_read_struct(&png_ptr, &info_ptr, NULL);
    ptr = data;
@@ -12,7 +41,7 @@
      {
        for (y = 0; y < *h; y++)
        {
-@@ -279,6 +280,7 @@
+@@ -279,6 +286,7 @@
            }
        }
      }
@@ -20,7 +49,7 @@
    else if (color_type == PNG_COLOR_TYPE_GRAY)
      {
        for (y = 0; y < *h; y++)
-@@ -294,6 +296,7 @@
+@@ -294,6 +302,7 @@
            }
        }
      }
@@ -28,3 +57,131 @@
    else
      {
        for (y = 0; y < *h; y++)
+@@ -360,7 +369,9 @@
+   npix = ww * hh;
+   *w = (int)ww;
+   *h = (int)hh;
+-  if(ww > 32767 || hh > 32767)
++  if (ww <= 0 || ww > 32767 ||
++      hh <= 0 || hh > 32767 ||
++      hh >= (G_MAXINT/sizeof(uint32)) / ww)
+     {
+        TIFFClose(tif);
+        return NULL;
+@@ -463,7 +474,7 @@
+           }
+         *w = gif->Image.Width;
+         *h = gif->Image.Height;
+-        if (*h > 32767 || *w > 32767)
++        if (*h <= 0 || *h > 32767 || *w <= 0 || *w > 32767)
+           {
+              return NULL;
+           }
+@@ -1000,7 +1011,12 @@
+   comment = 0;
+   quote = 0;
+   context = 0;
++  memset(lookup, 0, sizeof(lookup));
++
+   line = malloc(lsz);
++  if (!line)
++    return NULL;
++
+   while (!done)
+     {
+       pc = c;
+@@ -1029,25 +1045,25 @@
+               {
+                 /* Header */
+                 sscanf(line, "%i %i %i %i", w, h, &ncolors, &cpp);
+-                  if (ncolors > 32766)
++                  if (ncolors <= 0 || ncolors > 32766)
+                   {
+                     fprintf(stderr, "IMLIB ERROR: XPM files wth colors > 32766 not supported\n");
+                     free(line);
+                     return NULL;
+                   }
+-                if (cpp > 5)
++                if (cpp <= 0 || cpp > 5)
+                   {
+                     fprintf(stderr, "IMLIB ERROR: XPM files with characters per pixel > 5 not supported\n");
+                     free(line);
+                     return NULL;
+                   }
+-                if (*w > 32767)
++                if (*w <= 0 || *w > 32767)
+                   {
+                     fprintf(stderr, "IMLIB ERROR: Image width > 32767 pixels for file\n");
+                     free(line);
+                     return NULL;
+                   }
+-                if (*h > 32767)
++                if (*h <= 0 || *h > 32767)
+                   {
+                     fprintf(stderr, "IMLIB ERROR: Image height > 32767 pixels for file\n");
+                     free(line);
+@@ -1080,11 +1096,13 @@
+                   {
+                     int                 slen;
+                     int                 hascolor, iscolor;
++                    int                 space;
+ 
+                     iscolor = 0;
+                     hascolor = 0;
+                     tok[0] = 0;
+                     col[0] = 0;
++                    space = sizeof(col) - 1;
+                     s[0] = 0;
+                     len = strlen(line);
+                     strncpy(cmap[j].str, line, cpp);
+@@ -1107,10 +1125,10 @@
+                               {
+                                 if (k >= len)
+                                   {
+-                                    if (col[0])
+-                                      strcat(col, " ");
+-                                      if (strlen(col) + strlen(s) < sizeof(col))
+-                                      strcat(col, s);
++                                    if (col[0] && space > 0)
++                                      strcat(col, " "), space -= 1;
++                                      if (slen <= space)
++                                      strcat(col, s), space -= slen;
+                                   }
+                                 if (col[0])
+                                   {
+@@ -1140,14 +1158,17 @@
+                                           }
+                                       }
+                                   }
++                                if (slen < sizeof(tok));
+                                 strcpy(tok, s);
+                                 col[0] = 0;
++                                space = sizeof(col) - 1;
+                               }
+                             else
+                               {
+-                                if (col[0])
+-                                  strcat(col, " ");
+-                                strcat(col, s);
++                                if (col[0] && space > 0)
++                                  strcat(col, " "), space -=1;
++                                if (slen <= space)
++                                  strcat(col, s), space -= slen;
+                               }
+                           }
+                       }
+@@ -1376,12 +1397,12 @@
+         sscanf(s, "%i %i", w, h);
+         a = *w;
+         b = *h;
+-        if (a > 32767)
++        if (a <= 0 || a > 32767)
+           {
+             fprintf(stderr, "IMLIB ERROR: Image width > 32767 pixels for file\n");
+             return NULL;
+           }
+-        if (b > 32767)
++        if (b <= 0 || b > 32767)
+           {



Home | Main Index | Thread Index | Old Index