pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2004Q3]: pkgsrc/graphics/imlib Pullup ticket 171 - requested b...
details: https://anonhg.NetBSD.org/pkgsrc/rev/e5ddfea7de93
branches: pkgsrc-2004Q3
changeset: 480780:e5ddfea7de93
user: salo <salo%pkgsrc.org@localhost>
date: Mon Dec 13 18:03:27 2004 +0000
description:
Pullup ticket 171 - requested by Havard Eidnes
security fix for imlib
Module Name: pkgsrc
Committed By: tron
Date: Sat Nov 27 08:09:38 UTC 2004
Modified Files:
pkgsrc/graphics/imlib: Makefile
Log Message:
Remove me as maintainer of this package.
---
Module Name: pkgsrc
Committed By: adam
Date: Fri Dec 3 13:42:47 UTC 2004
Modified Files:
pkgsrc/graphics/imlib: Makefile distinfo
pkgsrc/graphics/imlib/patches: patch-ag patch-ah
Log Message:
Changes 1.9.15:
* Minor bug fixes
---
Module Name: pkgsrc
Committed By: salo
Date: Fri Dec 10 09:30:42 UTC 2004
Modified Files:
pkgsrc/graphics/imlib: Makefile buildlink3.mk distinfo
pkgsrc/graphics/imlib/patches: patch-ab patch-ai
Added Files:
pkgsrc/graphics/imlib/patches: patch-aj patch-ak patch-al
patch-am patch-an patch-ao
Log Message:
Bump PKGREVISION, security fix:
"Multiple buffer overflows in imlib 1.9.14 and earlier, which is
used by gkrellm and several window managers, allow remote attackers
to execute arbitrary code via certain image files." (1.9.15 is also
affected)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1026
Patch from Pavel Kankovsky.
diffstat:
graphics/imlib/Makefile | 24 ++--
graphics/imlib/PLIST | 6 +-
graphics/imlib/buildlink3.mk | 3 +-
graphics/imlib/distinfo | 20 +++-
graphics/imlib/patches/patch-ab | 169 ++++++++++++++++++++++++++++++++++++++-
graphics/imlib/patches/patch-ag | 18 ++--
graphics/imlib/patches/patch-ah | 18 ++--
graphics/imlib/patches/patch-ai | 20 +++-
graphics/imlib/patches/patch-aj | 89 +++++++++++++++++++++
graphics/imlib/patches/patch-ak | 13 +++
graphics/imlib/patches/patch-al | 15 +++
graphics/imlib/patches/patch-am | 97 ++++++++++++++++++++++
graphics/imlib/patches/patch-an | 23 +++++
graphics/imlib/patches/patch-ao | 98 +++++++++++++++++++++++
14 files changed, 561 insertions(+), 52 deletions(-)
diffs (truncated from 756 to 300 lines):
diff -r 5656da969224 -r e5ddfea7de93 graphics/imlib/Makefile
--- a/graphics/imlib/Makefile Mon Dec 13 10:23:04 2004 +0000
+++ b/graphics/imlib/Makefile Mon Dec 13 18:03:27 2004 +0000
@@ -1,23 +1,23 @@
-# $NetBSD: Makefile,v 1.86 2004/04/23 16:24:14 minskim Exp $
-#
+# $NetBSD: Makefile,v 1.86.4.1 2004/12/13 18:03:27 salo Exp $
-DISTNAME= imlib-1.9.14
-PKGREVISION= 6
-CATEGORIES= graphics
-MASTER_SITES= ${MASTER_SITE_GNOME:=sources/imlib/1.9/}
+DISTNAME= imlib-1.9.15
+PKGREVISION= 1
+CATEGORIES= graphics
+MASTER_SITES= ${MASTER_SITE_GNOME:=sources/imlib/1.9/}
+EXTRACT_SUFX= .tar.bz2
-MAINTAINER= tron%NetBSD.org@localhost
-HOMEPAGE= http://www.nl.rasterman.com/imlib.html
-COMMENT= Image manipulation library for X11
+MAINTAINER= tech-pkg%NetBSD.org@localhost
+HOMEPAGE= http://www.nl.rasterman.com/imlib.html
+COMMENT= Image manipulation library for X11
PKG_INSTALLATION_TYPES= overwrite pkgviews
USE_BUILDLINK3= yes
+USE_GNU_TOOLS+= make
+USE_LIBTOOL= yes
USE_X11= yes
-USE_LIBTOOL= yes
+GNU_CONFIGURE= yes
PKGCONFIG_OVERRIDE= imlib.pc.in
-GNU_CONFIGURE= yes
-USE_GNU_TOOLS+= make
UNLIMIT_RESOURCES= datasize
CPPFLAGS+= -DENABLE_NLS
diff -r 5656da969224 -r e5ddfea7de93 graphics/imlib/PLIST
--- a/graphics/imlib/PLIST Mon Dec 13 10:23:04 2004 +0000
+++ b/graphics/imlib/PLIST Mon Dec 13 18:03:27 2004 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.7 2004/04/23 16:24:14 minskim Exp $
+@comment $NetBSD: PLIST,v 1.7.4.1 2004/12/13 18:03:27 salo Exp $
bin/imlib_config
bin/imlib-config
include/gdk_imlib.h
@@ -11,12 +11,12 @@
lib/libImlib.la
lib/libImlib.so
lib/libImlib.so.10
-lib/libImlib.so.10.14
+lib/libImlib.so.10.15
lib/libgdk_imlib.a
lib/libgdk_imlib.la
lib/libgdk_imlib.so
lib/libgdk_imlib.so.10
-lib/libgdk_imlib.so.10.14
+lib/libgdk_imlib.so.10.15
lib/libimlib-bmp.a
lib/libimlib-bmp.la
lib/libimlib-bmp.so
diff -r 5656da969224 -r e5ddfea7de93 graphics/imlib/buildlink3.mk
--- a/graphics/imlib/buildlink3.mk Mon Dec 13 10:23:04 2004 +0000
+++ b/graphics/imlib/buildlink3.mk Mon Dec 13 18:03:27 2004 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.4 2004/03/18 09:12:11 jlam Exp $
+# $NetBSD: buildlink3.mk,v 1.4.6.1 2004/12/13 18:03:27 salo Exp $
BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+
IMLIB_BUILDLINK3_MK:= ${IMLIB_BUILDLINK3_MK}+
@@ -12,6 +12,7 @@
.if !empty(IMLIB_BUILDLINK3_MK:M+)
BUILDLINK_DEPENDS.imlib+= imlib>=1.9.14nb5
+BUILDLINK_RECOMMENDED.imlib+= imlib>=1.9.15nb1
BUILDLINK_PKGSRCDIR.imlib?= ../../graphics/imlib
.endif # IMLIB_BUILDLINK3_MK
diff -r 5656da969224 -r e5ddfea7de93 graphics/imlib/distinfo
--- a/graphics/imlib/distinfo Mon Dec 13 10:23:04 2004 +0000
+++ b/graphics/imlib/distinfo Mon Dec 13 18:03:27 2004 +0000
@@ -1,10 +1,16 @@
-$NetBSD: distinfo,v 1.14 2004/03/13 17:35:54 cube Exp $
+$NetBSD: distinfo,v 1.14.6.1 2004/12/13 18:03:27 salo Exp $
-SHA1 (imlib-1.9.14.tar.gz) = 3c8c8c3aaec3cc5a9fc924060a71223862a313f6
-Size (imlib-1.9.14.tar.gz) = 748591 bytes
+SHA1 (imlib-1.9.15.tar.bz2) = c9a732a354fbb3c7e1a426e5d19fc92d73f8f720
+Size (imlib-1.9.15.tar.bz2) = 683242 bytes
SHA1 (patch-aa) = 185a5229af781d3dbc57978a3f4acd8308ca4c14
-SHA1 (patch-ab) = df9f9f7c85f0794748a4ca6f58836f8dd230c805
+SHA1 (patch-ab) = d1daff101bec77680f3e17cb776285976a7b5c7a
SHA1 (patch-ae) = 3ed6fff2e73f04ec83c27dc6e3f2db2fa446abbb
-SHA1 (patch-ag) = 0ed464cb26492f3eebb8812efdb49ee83ef4ae6b
-SHA1 (patch-ah) = 703f83ad25e0a8af8427ccd4d8492f7fa83f26a3
-SHA1 (patch-ai) = 4c1ab5bd72cd3a5070a84b08e7870591d5a3b309
+SHA1 (patch-ag) = 961a92dfedc79570aacdd75102e63a32171ece55
+SHA1 (patch-ah) = edee5311a47d552f9d1b9dcb96f256518040c538
+SHA1 (patch-ai) = df13b72272f754375348437b99d962cb17732619
+SHA1 (patch-aj) = 2769e304deb93dd413fa3c44d53d1d67e92d5d00
+SHA1 (patch-ak) = 4d7ae79f23bf0c64fd85ffebc086b7bb43207718
+SHA1 (patch-al) = 4ad51c7128f7d6a5ecc67f51c745caf53a4def06
+SHA1 (patch-am) = 73c62e11f5b6ac6774e51f8183987b2b4db01465
+SHA1 (patch-an) = 260aeece3eb74d3ec11deed4e38fd46d3f1cde79
+SHA1 (patch-ao) = d4e3df56d2f743e53e73d72551ccd03491bf1c44
diff -r 5656da969224 -r e5ddfea7de93 graphics/imlib/patches/patch-ab
--- a/graphics/imlib/patches/patch-ab Mon Dec 13 10:23:04 2004 +0000
+++ b/graphics/imlib/patches/patch-ab Mon Dec 13 18:03:27 2004 +0000
@@ -1,8 +1,37 @@
-$NetBSD: patch-ab,v 1.5 2002/03/19 16:16:08 wiz Exp $
+$NetBSD: patch-ab,v 1.5.16.1 2004/12/13 18:03:27 salo Exp $
---- Imlib/load.c.orig Wed Mar 13 19:06:29 2002
-+++ Imlib/load.c
-@@ -254,7 +254,8 @@
+--- Imlib/load.c.orig 2004-09-21 02:23:20.000000000 +0200
++++ Imlib/load.c 2004-12-10 09:58:18.000000000 +0100
+@@ -4,6 +4,8 @@
+ #include "Imlib_private.h"
+ #include <setjmp.h>
+
++#define G_MAXINT ((int) 0x7fffffff)
++
+ /* Split the ID - damages input */
+
+ static char *
+@@ -41,13 +43,17 @@
+
+ /*
+ * Make sure we don't wrap on our memory allocations
++ * we check G_MAXINT/4 because rend.c malloc's w * h * bpp
++ * + 3 is safety margin
+ */
+
+ void * _imlib_malloc_image(unsigned int w, unsigned int h)
+ {
+- if( w > 32767 || h > 32767)
++ if (w <= 0 || w > 32767 ||
++ h <= 0 || h > 32767 ||
++ h >= (G_MAXINT/4 - 1) / w)
+ return NULL;
+- return malloc(w * h * 3);
++ return malloc(w * h * 3 + 3);
+ }
+
+ #ifdef HAVE_LIBJPEG
+@@ -254,7 +260,8 @@
png_read_image(png_ptr, lines);
png_destroy_read_struct(&png_ptr, &info_ptr, NULL);
ptr = data;
@@ -12,7 +41,7 @@
{
for (y = 0; y < *h; y++)
{
-@@ -279,6 +280,7 @@
+@@ -279,6 +286,7 @@
}
}
}
@@ -20,7 +49,7 @@
else if (color_type == PNG_COLOR_TYPE_GRAY)
{
for (y = 0; y < *h; y++)
-@@ -294,6 +296,7 @@
+@@ -294,6 +302,7 @@
}
}
}
@@ -28,3 +57,131 @@
else
{
for (y = 0; y < *h; y++)
+@@ -360,7 +369,9 @@
+ npix = ww * hh;
+ *w = (int)ww;
+ *h = (int)hh;
+- if(ww > 32767 || hh > 32767)
++ if (ww <= 0 || ww > 32767 ||
++ hh <= 0 || hh > 32767 ||
++ hh >= (G_MAXINT/sizeof(uint32)) / ww)
+ {
+ TIFFClose(tif);
+ return NULL;
+@@ -463,7 +474,7 @@
+ }
+ *w = gif->Image.Width;
+ *h = gif->Image.Height;
+- if (*h > 32767 || *w > 32767)
++ if (*h <= 0 || *h > 32767 || *w <= 0 || *w > 32767)
+ {
+ return NULL;
+ }
+@@ -1000,7 +1011,12 @@
+ comment = 0;
+ quote = 0;
+ context = 0;
++ memset(lookup, 0, sizeof(lookup));
++
+ line = malloc(lsz);
++ if (!line)
++ return NULL;
++
+ while (!done)
+ {
+ pc = c;
+@@ -1029,25 +1045,25 @@
+ {
+ /* Header */
+ sscanf(line, "%i %i %i %i", w, h, &ncolors, &cpp);
+- if (ncolors > 32766)
++ if (ncolors <= 0 || ncolors > 32766)
+ {
+ fprintf(stderr, "IMLIB ERROR: XPM files wth colors > 32766 not supported\n");
+ free(line);
+ return NULL;
+ }
+- if (cpp > 5)
++ if (cpp <= 0 || cpp > 5)
+ {
+ fprintf(stderr, "IMLIB ERROR: XPM files with characters per pixel > 5 not supported\n");
+ free(line);
+ return NULL;
+ }
+- if (*w > 32767)
++ if (*w <= 0 || *w > 32767)
+ {
+ fprintf(stderr, "IMLIB ERROR: Image width > 32767 pixels for file\n");
+ free(line);
+ return NULL;
+ }
+- if (*h > 32767)
++ if (*h <= 0 || *h > 32767)
+ {
+ fprintf(stderr, "IMLIB ERROR: Image height > 32767 pixels for file\n");
+ free(line);
+@@ -1080,11 +1096,13 @@
+ {
+ int slen;
+ int hascolor, iscolor;
++ int space;
+
+ iscolor = 0;
+ hascolor = 0;
+ tok[0] = 0;
+ col[0] = 0;
++ space = sizeof(col) - 1;
+ s[0] = 0;
+ len = strlen(line);
+ strncpy(cmap[j].str, line, cpp);
+@@ -1107,10 +1125,10 @@
+ {
+ if (k >= len)
+ {
+- if (col[0])
+- strcat(col, " ");
+- if (strlen(col) + strlen(s) < sizeof(col))
+- strcat(col, s);
++ if (col[0] && space > 0)
++ strcat(col, " "), space -= 1;
++ if (slen <= space)
++ strcat(col, s), space -= slen;
+ }
+ if (col[0])
+ {
+@@ -1140,14 +1158,17 @@
+ }
+ }
+ }
++ if (slen < sizeof(tok));
+ strcpy(tok, s);
+ col[0] = 0;
++ space = sizeof(col) - 1;
+ }
+ else
+ {
+- if (col[0])
+- strcat(col, " ");
+- strcat(col, s);
++ if (col[0] && space > 0)
++ strcat(col, " "), space -=1;
++ if (slen <= space)
++ strcat(col, s), space -= slen;
+ }
+ }
+ }
+@@ -1376,12 +1397,12 @@
+ sscanf(s, "%i %i", w, h);
+ a = *w;
+ b = *h;
+- if (a > 32767)
++ if (a <= 0 || a > 32767)
+ {
+ fprintf(stderr, "IMLIB ERROR: Image width > 32767 pixels for file\n");
+ return NULL;
+ }
+- if (b > 32767)
++ if (b <= 0 || b > 32767)
+ {
Home |
Main Index |
Thread Index |
Old Index