pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/graphics/optipng Add patches from upstream in order to...
details: https://anonhg.NetBSD.org/pkgsrc/rev/71428bcb464d
branches: trunk
changeset: 555431:71428bcb464d
user: kefren <kefren%pkgsrc.org@localhost>
date: Mon Mar 02 06:20:33 2009 +0000
description:
Add patches from upstream in order to update to 0.6.2.1
Changes:
* Fix SA34035: Use after free error that can be used to execute arbitrary
code via a specially crafted GIF image
diffstat:
graphics/optipng/Makefile | 3 ++-
graphics/optipng/distinfo | 5 ++++-
graphics/optipng/patches/patch-ab | 36 ++++++++++++++++++++++++++++++++++++
graphics/optipng/patches/patch-ad | 12 ++++++++++++
graphics/optipng/patches/patch-ae | 12 ++++++++++++
5 files changed, 66 insertions(+), 2 deletions(-)
diffs (99 lines):
diff -r 3c4eed21cb27 -r 71428bcb464d graphics/optipng/Makefile
--- a/graphics/optipng/Makefile Mon Mar 02 02:01:30 2009 +0000
+++ b/graphics/optipng/Makefile Mon Mar 02 06:20:33 2009 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.16 2008/11/12 18:45:04 adam Exp $
+# $NetBSD: Makefile,v 1.17 2009/03/02 06:20:33 kefren Exp $
DISTNAME= optipng-0.6.2
+PKGNAME= ${DISTNAME}.1
CATEGORIES= graphics
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=optipng/}
diff -r 3c4eed21cb27 -r 71428bcb464d graphics/optipng/distinfo
--- a/graphics/optipng/distinfo Mon Mar 02 02:01:30 2009 +0000
+++ b/graphics/optipng/distinfo Mon Mar 02 06:20:33 2009 +0000
@@ -1,7 +1,10 @@
-$NetBSD: distinfo,v 1.12 2008/11/12 18:45:04 adam Exp $
+$NetBSD: distinfo,v 1.13 2009/03/02 06:20:33 kefren Exp $
SHA1 (optipng-0.6.2.tar.gz) = 374b3537a262590ba2822f2b10d9241247b4da95
RMD160 (optipng-0.6.2.tar.gz) = cd9ecfbd1c8901d14cb93fbc9f07403071cea37e
Size (optipng-0.6.2.tar.gz) = 1052509 bytes
SHA1 (patch-aa) = 0a0c92b9786193862465646373b82c6bc47cee2c
+SHA1 (patch-ab) = 7816dcfe5505695a3032bdb399b904e5db33a182
SHA1 (patch-ac) = fb4eb567b5a24b2d26bf357061be80c57b4d4a3c
+SHA1 (patch-ad) = f44f5862de983da3a78529db1ba1b53d40d16dde
+SHA1 (patch-ae) = cf8a80e056bc25d59e2ffda73127e71056cc8ce2
diff -r 3c4eed21cb27 -r 71428bcb464d graphics/optipng/patches/patch-ab
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/optipng/patches/patch-ab Mon Mar 02 06:20:33 2009 +0000
@@ -0,0 +1,36 @@
+$NetBSD: patch-ab,v 1.5 2009/03/02 06:20:34 kefren Exp $
+diff -ru optipng-0.6.2/lib/pngxtern/gif/gifread.c optipng-0.6.2.1/lib/pngxtern/gif/gifread.c
+--- lib/pngxtern/gif/gifread.c 2006-08-10 20:17:00.000000000 -0400
++++ lib/pngxtern/gif/gifread.c 2009-02-20 03:11:00.000000000 -0500
+@@ -219,8 +219,7 @@
+ **/
+ static void GIFReadNextExtension(struct GIFExtension *ext, FILE *stream)
+ {
+- unsigned char *ptr;
+- unsigned int len;
++ unsigned int offset, len;
+ int count, label;
+
+ GIF_FGETC(label, stream);
+@@ -233,7 +232,7 @@
+ return;
+ }
+
+- ptr = ext->Buffer;
++ offset = 0;
+ len = ext->BufferSize;
+ for ( ;; )
+ {
+@@ -243,10 +242,10 @@
+ ext->BufferSize += 1024;
+ ext->Buffer = realloc(ext->Buffer, ext->BufferSize);
+ }
+- count = ReadDataBlock(ptr, stream);
++ count = ReadDataBlock(ext->Buffer + offset, stream);
+ if (count == 0)
+ break;
+- ptr += count;
++ offset += count;
+ len -= count;
+ }
+ }
diff -r 3c4eed21cb27 -r 71428bcb464d graphics/optipng/patches/patch-ad
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/optipng/patches/patch-ad Mon Mar 02 06:20:33 2009 +0000
@@ -0,0 +1,12 @@
+$NetBSD: patch-ad,v 1.3 2009/03/02 06:20:34 kefren Exp $
+diff -ru optipng-0.6.2/src/optipng.c optipng-0.6.2.1/src/optipng.c
+--- src/optipng.c 2008-11-09 23:56:00.000000000 -0500
++++ src/optipng.c 2008-11-11 13:57:00.000000000 -0500
+@@ -542,6 +542,7 @@
+ static void
+ app_init(void)
+ {
++ setvbuf(stdout, NULL, _IONBF, 0);
+ if (options.log_name != NULL)
+ {
+ /* Open the log file, line-buffered. */
diff -r 3c4eed21cb27 -r 71428bcb464d graphics/optipng/patches/patch-ae
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/optipng/patches/patch-ae Mon Mar 02 06:20:33 2009 +0000
@@ -0,0 +1,12 @@
+$NetBSD: patch-ae,v 1.1 2009/03/02 06:20:34 kefren Exp $
+diff -ru optipng-0.6.2/src/proginfo.h optipng-0.6.2.1/src/proginfo.h
+--- src/proginfo.h 2008-11-09 23:56:00.000000000 -0500
++++ src/proginfo.h 2009-02-22 23:38:00.000000000 -0500
+@@ -1,5 +1,5 @@
+ #define PROGRAM_NAME "OptiPNG"
+ #define PROGRAM_DESCRIPTION "Advanced PNG optimizer"
+-#define PROGRAM_VERSION "0.6.2"
+-#define PROGRAM_COPYRIGHT "Copyright (C) 2001-2008 Cosmin Truta"
++#define PROGRAM_VERSION "0.6.2.1"
++#define PROGRAM_COPYRIGHT "Copyright (C) 2001-2009 Cosmin Truta"
+ #define PROGRAM_URI "http://optipng.sourceforge.net/"
Home |
Main Index |
Thread Index |
Old Index