pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/x11/gtk2 Security fix for CAN-2005-0891:
details: https://anonhg.NetBSD.org/pkgsrc/rev/75fd84d4258a
branches: trunk
changeset: 491931:75fd84d4258a
user: salo <salo%pkgsrc.org@localhost>
date: Fri Apr 01 10:51:50 2005 +0000
description:
Security fix for CAN-2005-0891:
"David Costanzo has reported a vulnerability in GTK+, which can be
exploited by malicious people to crash certain applications on
a user's system.
The vulnerability is caused due to a double free error in the BMP
loader. This can be exploited to crash an application linked against
GTK+ when a specially crafted BMP image is processed."
Bump PKGREVISION. Patch from Fedora.
diffstat:
x11/gtk2/Makefile | 3 ++-
x11/gtk2/buildlink3.mk | 4 ++--
x11/gtk2/distinfo | 3 ++-
x11/gtk2/patches/patch-ai | 25 +++++++++++++++++++++++++
4 files changed, 31 insertions(+), 4 deletions(-)
diffs (75 lines):
diff -r 358e33830289 -r 75fd84d4258a x11/gtk2/Makefile
--- a/x11/gtk2/Makefile Fri Apr 01 10:25:16 2005 +0000
+++ b/x11/gtk2/Makefile Fri Apr 01 10:51:50 2005 +0000
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.78 2005/03/13 15:24:39 jmmv Exp $
+# $NetBSD: Makefile,v 1.79 2005/04/01 10:51:50 salo Exp $
#
DISTNAME= gtk+-2.6.4
PKGNAME= ${DISTNAME:S/gtk/gtk2/}
+PKGREVISION= 1
CATEGORIES= x11
MASTER_SITES= ftp://ftp.gtk.org/pub/gtk/v2.6/ \
ftp://ftp.cs.umn.edu/pub/gimp/gtk/v2.6/ \
diff -r 358e33830289 -r 75fd84d4258a x11/gtk2/buildlink3.mk
--- a/x11/gtk2/buildlink3.mk Fri Apr 01 10:25:16 2005 +0000
+++ b/x11/gtk2/buildlink3.mk Fri Apr 01 10:51:50 2005 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.16 2004/12/28 23:18:21 reed Exp $
+# $NetBSD: buildlink3.mk,v 1.17 2005/04/01 10:51:50 salo Exp $
BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+
GTK2_BUILDLINK3_MK:= ${GTK2_BUILDLINK3_MK}+
@@ -12,7 +12,7 @@
.if !empty(GTK2_BUILDLINK3_MK:M+)
BUILDLINK_DEPENDS.gtk2+= gtk2+>=2.4.0
-BUILDLINK_RECOMMENDED.gtk2+= gtk2+>=2.6.0nb1
+BUILDLINK_RECOMMENDED.gtk2+= gtk2+>=2.6.4nb1
BUILDLINK_PKGSRCDIR.gtk2?= ../../x11/gtk2
PRINT_PLIST_AWK+= /^@dirrm lib\/gtk-2.0$$/ { next; }
diff -r 358e33830289 -r 75fd84d4258a x11/gtk2/distinfo
--- a/x11/gtk2/distinfo Fri Apr 01 10:25:16 2005 +0000
+++ b/x11/gtk2/distinfo Fri Apr 01 10:51:50 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.42 2005/03/02 15:39:06 wiz Exp $
+$NetBSD: distinfo,v 1.43 2005/04/01 10:51:50 salo Exp $
SHA1 (gtk+-2.6.4.tar.bz2) = d4f91ae7e1b2b2be24821789d68057d21f4a9911
RMD160 (gtk+-2.6.4.tar.bz2) = 351e9752f46e68e3839f79d3b8c155d320d27bb9
@@ -10,3 +10,4 @@
SHA1 (patch-af) = 6797fd34be0a34368f6edede2321562678b112ff
SHA1 (patch-ag) = dc4d72a39e426b880ca69ba8bc499fdaf42e0da8
SHA1 (patch-ah) = 486d6601d6dba04830a8645c6a5791755e6538d9
+SHA1 (patch-ai) = 190289e323da72e3c36555f3cb2e72bfc0be2ab1
diff -r 358e33830289 -r 75fd84d4258a x11/gtk2/patches/patch-ai
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/gtk2/patches/patch-ai Fri Apr 01 10:51:50 2005 +0000
@@ -0,0 +1,25 @@
+$NetBSD: patch-ai,v 1.7 2005/04/01 10:51:51 salo Exp $
+
+--- gdk-pixbuf/io-bmp.c.orig 2005-01-04 16:47:02.000000000 +0100
++++ gdk-pixbuf/io-bmp.c 2005-04-01 11:21:52.000000000 +0200
+@@ -219,7 +219,19 @@
+ static gboolean grow_buffer (struct bmp_progressive_state *State,
+ GError **error)
+ {
+- guchar *tmp = g_try_realloc (State->buff, State->BufferSize);
++ guchar *tmp;
++
++ if (State->BufferSize == 0) {
++ g_set_error (error,
++ GDK_PIXBUF_ERROR,
++ GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
++ _("BMP image has bogus header data"));
++ State->read_state = READ_STATE_ERROR;
++ return FALSE;
++ }
++
++ tmp = g_try_realloc (State->buff, State->BufferSize);
++
+ if (!tmp) {
+ g_set_error (error,
+ GDK_PIXBUF_ERROR,
Home |
Main Index |
Thread Index |
Old Index