[pkgsrc/pkgsrc-2009Q4]: pkgsrc/x11/wxGTK26 Pullup ticket 3028 - requested by ...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/pkgsrc-2009Q4]: pkgsrc/x11/wxGTK26 Pullup ticket 3028 - requested by ...
From: spz <spz%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 08:48:25 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/2cf7e13d034c
branches:  pkgsrc-2009Q4
changeset: 569279:2cf7e13d034c
user:      spz <spz%pkgsrc.org@localhost>
date:      Sun Feb 28 13:34:22 2010 +0000

description:
Pullup ticket 3028 - requested by taca
security patch

Revisions pulled up:
- pkgsrc/x11/wxGTK26/Makefile           1.5
- pkgsrc/x11/wxGTK26/distinfo           1.4

Files added:
pkgsrc/x11/wxGTK26/patches/patch-ae
pkgsrc/x11/wxGTK26/patches/patch-af
pkgsrc/x11/wxGTK26/patches/patch-ag
pkgsrc/x11/wxGTK26/patches/patch-ah

   --------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Tue Feb 16 17:35:34 UTC 2010

   Modified Files:
           pkgsrc/x11/wxGTK26: Makefile distinfo
   Added Files:
           pkgsrc/x11/wxGTK26/patches: patch-ae patch-af patch-ag patch-ah

   Log Message:
   Add patches for CVE-2009-2369 and CVE-2009-2625.

   Bump PKGREVISION.


   To generate a diff of this commit:
   cvs rdiff -u -r1.4 -r1.5 pkgsrc/x11/wxGTK26/Makefile
   cvs rdiff -u -r1.3 -r1.4 pkgsrc/x11/wxGTK26/distinfo
   cvs rdiff -u -r0 -r1.1 pkgsrc/x11/wxGTK26/patches/patch-ae \
       pkgsrc/x11/wxGTK26/patches/patch-af pkgsrc/x11/wxGTK26/patches/patch-ag \
       pkgsrc/x11/wxGTK26/patches/patch-ah

diffstat:

 x11/wxGTK26/Makefile         |   4 ++--
 x11/wxGTK26/distinfo         |   6 +++++-
 x11/wxGTK26/patches/patch-ae |  17 +++++++++++++++++
 x11/wxGTK26/patches/patch-af |  28 ++++++++++++++++++++++++++++
 x11/wxGTK26/patches/patch-ag |  35 +++++++++++++++++++++++++++++++++++
 x11/wxGTK26/patches/patch-ah |  15 +++++++++++++++
 6 files changed, 102 insertions(+), 3 deletions(-)

diffs (143 lines):

diff -r 2ec66dfa3e9f -r 2cf7e13d034c x11/wxGTK26/Makefile
--- a/x11/wxGTK26/Makefile      Sun Feb 28 13:15:01 2010 +0000
+++ b/x11/wxGTK26/Makefile      Sun Feb 28 13:34:22 2010 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.3 2009/08/26 20:24:12 sno Exp $
+# $NetBSD: Makefile,v 1.3.4.1 2010/02/28 13:34:22 spz Exp $
 #
 
 .include "Makefile.common"
 
-PKGREVISION=           4
+PKGREVISION=           6
 COMMENT=               GTK-based implementation of the wxWidgets GUI library
 
 post-build:
diff -r 2ec66dfa3e9f -r 2cf7e13d034c x11/wxGTK26/distinfo
--- a/x11/wxGTK26/distinfo      Sun Feb 28 13:15:01 2010 +0000
+++ b/x11/wxGTK26/distinfo      Sun Feb 28 13:34:22 2010 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.3 2009/10/23 11:16:55 plunky Exp $
+$NetBSD: distinfo,v 1.3.2.1 2010/02/28 13:34:22 spz Exp $
 
 SHA1 (wxGTK-2.6.3-libtool.diff3.bz2) = 657566a9384a4bc160dffd26678b5e0c6a1cb5b2
 RMD160 (wxGTK-2.6.3-libtool.diff3.bz2) = 233af8dd61317ed1771c1862c6cec65f131b6de0
@@ -10,3 +10,7 @@
 SHA1 (patch-ab) = 3e9c6bc0df33e466390a4f6483b1c84e2eb9257b
 SHA1 (patch-ac) = 50bd7d4291e44dac1d2bbbae1b12167177f5ef01
 SHA1 (patch-ad) = fb51bb80451d39ba2bba53d42722327888b4a0be
+SHA1 (patch-ae) = d6fcc9b21fd457e79c32f2dc47166dc7afbd65b1
+SHA1 (patch-af) = 96e29001bcf1fbc33f4cb185f25f53a6901ce9d2
+SHA1 (patch-ag) = ccaac341ecd589dbde465f49064dd2ab480fc639
+SHA1 (patch-ah) = e7da6aacd004048d0d07965df09e97cef5a76551
diff -r 2ec66dfa3e9f -r 2cf7e13d034c x11/wxGTK26/patches/patch-ae
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/wxGTK26/patches/patch-ae      Sun Feb 28 13:34:22 2010 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-ae,v 1.1.2.2 2010/02/28 13:34:22 spz Exp $
+
+deal with CVE-2009-2369.
+
+--- src/common/image.cpp.orig  2006-03-21 23:42:10.000000000 +0000
++++ src/common/image.cpp
+@@ -192,6 +192,10 @@ bool wxImage::Create( int width, int hei
+ 
+     m_refData = new wxImageRefData();
+ 
++    if (width <= 0 || height <= 0 || width > INT_MAX / 3 / height) {
++      UnRef();
++      return false;
++    }
+     M_IMGDATA->m_data = (unsigned char *) malloc( width*height*3 );
+     if (!M_IMGDATA->m_data)
+     {
diff -r 2ec66dfa3e9f -r 2cf7e13d034c x11/wxGTK26/patches/patch-af
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/wxGTK26/patches/patch-af      Sun Feb 28 13:34:22 2010 +0000
@@ -0,0 +1,28 @@
+$NetBSD: patch-af,v 1.1.2.2 2010/02/28 13:34:22 spz Exp $
+
+deal with CVE-2009-2369.
+
+--- src/common/imagpng.cpp.orig        2006-03-21 23:42:10.000000000 +0000
++++ src/common/imagpng.cpp
+@@ -570,18 +570,16 @@ wxPNGHandler::LoadFile(wxImage *image,
+     if (!image->Ok())
+         goto error;
+ 
+-    lines = (unsigned char **)malloc( (size_t)(height * sizeof(unsigned char *)) );
++    // initialize all line pointers to NULL to ensure that they can be safely
++    // free()d if an error occurs before all of them could be allocated
++    lines = (unsigned char **)calloc(height, sizeof(unsigned char *));
+     if ( !lines )
+         goto error;
+ 
+     for (i = 0; i < height; i++)
+     {
+         if ((lines[i] = (unsigned char *)malloc( (size_t)(width * (sizeof(unsigned char) * 4)))) == NULL)
+-        {
+-            for ( unsigned int n = 0; n < i; n++ )
+-                free( lines[n] );
+             goto error;
+-        }
+     }
+ 
+     png_read_image( png_ptr, lines );
diff -r 2ec66dfa3e9f -r 2cf7e13d034c x11/wxGTK26/patches/patch-ag
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/wxGTK26/patches/patch-ag      Sun Feb 28 13:34:22 2010 +0000
@@ -0,0 +1,35 @@
+$NetBSD: patch-ag,v 1.1.2.2 2010/02/28 13:34:22 spz Exp $
+
+deal with CVE-2009-2369.
+
+--- src/common/imagtiff.cpp.orig       2006-03-21 23:42:10.000000000 +0000
++++ src/common/imagtiff.cpp
+@@ -232,15 +232,25 @@ bool wxTIFFHandler::LoadFile( wxImage *i
+     }
+ 
+     uint32 w, h;
+-    uint32 npixels;
+     uint32 *raster;
+ 
+     TIFFGetField( tif, TIFFTAG_IMAGEWIDTH, &w );
+     TIFFGetField( tif, TIFFTAG_IMAGELENGTH, &h );
+ 
+-    npixels = w * h;
++    // guard against integer overflow during multiplication which could result
++    // in allocating a too small buffer and then overflowing it
++    const double bytesNeeded = (double)w * (double)h * sizeof(uint32);
++    if ( bytesNeeded >= 4294967295U /* UINT32_MAX */ )
++    {
++      if ( verbose )
++          wxLogError( _("TIFF: Image size is abnormally big.") );
++
++      TIFFClose(tif);
++
++      return false;
++    }
+ 
+-    raster = (uint32*) _TIFFmalloc( npixels * sizeof(uint32) );
++    raster = (uint32*) _TIFFmalloc( bytesNeeded );
+ 
+     if (!raster)
+     {
diff -r 2ec66dfa3e9f -r 2cf7e13d034c x11/wxGTK26/patches/patch-ah
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/wxGTK26/patches/patch-ah      Sun Feb 28 13:34:22 2010 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-ah,v 1.1.2.2 2010/02/28 13:34:22 spz Exp $
+
+deal with CVE-2009-2625.
+
+--- src/expat/lib/xmltok_impl.c.orig   2006-03-21 23:42:06.000000000 +0000
++++ src/expat/lib/xmltok_impl.c
+@@ -1741,7 +1741,7 @@ PREFIX(updatePosition)(const ENCODING *e
+                        const char *end,
+                        POSITION *pos)
+ {
+-  while (ptr != end) {
++  while (ptr <= end) {
+     switch (BYTE_TYPE(enc, ptr)) {
+ #define LEAD_CASE(n) \
+     case BT_LEAD ## n: \

Prev by Date: [pkgsrc/trunk]: pkgsrc/doc Updated devel/libdatrie to 0.2.2
Next by Date: [pkgsrc/pkgsrc-2009Q4]: pkgsrc/doc Pullup tickets #3019 and #3020.
Previous by Thread: [pkgsrc/trunk]: pkgsrc/doc Updated devel/libdatrie to 0.2.2
Next by Thread: [pkgsrc/pkgsrc-2009Q4]: pkgsrc/doc Pullup tickets #3019 and #3020.
Indexes:

Home | Main Index | Thread Index | Old Index