pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/x11/wxGTK28 deal with CVE-2009-2369 -- neither the adv...
details: https://anonhg.NetBSD.org/pkgsrc/rev/1963addafc8f
branches: trunk
changeset: 396918:1963addafc8f
user: drochner <drochner%pkgsrc.org@localhost>
date: Wed Aug 05 20:58:56 2009 +0000
description:
deal with CVE-2009-2369 -- neither the advisory nor anything it links
to give useful information, just spotted an obvious case where data
passed from subclasses are used for malloc() unchecked, so added a check.
I can't claim that the CVE report is fixed because it is not clear what
it is about, but it seems that this fixes an issue.
bump PKGREVISION
diffstat:
x11/wxGTK28/Makefile | 4 ++--
x11/wxGTK28/distinfo | 3 ++-
x11/wxGTK28/patches/patch-ca | 15 +++++++++++++++
3 files changed, 19 insertions(+), 3 deletions(-)
diffs (48 lines):
diff -r a6b5f19e53a0 -r 1963addafc8f x11/wxGTK28/Makefile
--- a/x11/wxGTK28/Makefile Wed Aug 05 20:58:42 2009 +0000
+++ b/x11/wxGTK28/Makefile Wed Aug 05 20:58:56 2009 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.4 2009/08/01 14:03:19 drochner Exp $
+# $NetBSD: Makefile,v 1.5 2009/08/05 20:58:56 drochner Exp $
#
.include "../../x11/wxGTK28/Makefile.common"
-PKGREVISION= 1
+PKGREVISION= 2
PKGNAME= ${DISTNAME:S/wxGTK/wxGTK28/}
COMMENT= GTK-based implementation of the wxWidgets GUI library
diff -r a6b5f19e53a0 -r 1963addafc8f x11/wxGTK28/distinfo
--- a/x11/wxGTK28/distinfo Wed Aug 05 20:58:42 2009 +0000
+++ b/x11/wxGTK28/distinfo Wed Aug 05 20:58:56 2009 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.5 2009/08/01 14:03:19 drochner Exp $
+$NetBSD: distinfo,v 1.6 2009/08/05 20:58:56 drochner Exp $
SHA1 (wxGTK-2.8.10-libtool.diff.bz2) = 62ff30c26efdd73252bed2d07b82a9b9d3ef890f
RMD160 (wxGTK-2.8.10-libtool.diff.bz2) = 64e1c32caa4bd6a0503bce4764e3ddc1cba68f8a
@@ -11,3 +11,4 @@
SHA1 (patch-ac) = 50cf253797f2dee8b9dab08d138d0070e25e7a8c
SHA1 (patch-ba) = e47f8613835ce309daff09ae3265d44f37493579
SHA1 (patch-bb) = 52df734a1df364dc5599a2b9252a15b87cae13b1
+SHA1 (patch-ca) = 4df0c2629c61fbf83a121eb16e490e9c2abb5ad8
diff -r a6b5f19e53a0 -r 1963addafc8f x11/wxGTK28/patches/patch-ca
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/wxGTK28/patches/patch-ca Wed Aug 05 20:58:56 2009 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-ca,v 1.1 2009/08/05 20:58:56 drochner Exp $
+
+--- src/common/image.cpp.orig 2009-03-06 13:17:40.000000000 +0100
++++ src/common/image.cpp
+@@ -186,6 +186,10 @@ bool wxImage::Create( int width, int hei
+
+ m_refData = new wxImageRefData();
+
++ if (width <= 0 || height <= 0 || width > INT_MAX / 3 / height) {
++ UnRef();
++ return false;
++ }
+ M_IMGDATA->m_data = (unsigned char *) malloc( width*height*3 );
+ if (!M_IMGDATA->m_data)
+ {
Home |
Main Index |
Thread Index |
Old Index