pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [pkgsrc-2017Q3] pkgsrc/graphics/libfpx
Module Name: pkgsrc
Committed By: spz
Date: Thu Oct 5 02:08:51 UTC 2017
Modified Files:
pkgsrc/graphics/libfpx [pkgsrc-2017Q3]: Makefile distinfo
Added Files:
pkgsrc/graphics/libfpx/patches [pkgsrc-2017Q3]: patch-fpx_f__fpxvw.cpp
patch-oless_dir.cxx patch-oless_docfile.cxx
Log Message:
Pullup ticket #5563 - requested by sevan
graphics/libfpx: security patch
Revisions pulled up:
- graphics/libfpx/Makefile 1.3
- graphics/libfpx/distinfo 1.2
- graphics/libfpx/patches/patch-fpx_f__fpxvw.cpp 1.1
- graphics/libfpx/patches/patch-oless_dir.cxx 1.1
- graphics/libfpx/patches/patch-oless_docfile.cxx 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: nros
Date: Wed Oct 4 17:19:33 UTC 2017
Modified Files:
pkgsrc/graphics/libfpx: Makefile distinfo
Added Files:
pkgsrc/graphics/libfpx/patches: patch-fpx_f__fpxvw.cpp
patch-oless_dir.cxx patch-oless_docfile.cxx
Log Message:
Add patches to fix CVE-2017-12925 , CVE-2017-12921 and a possible fix
for CVE-2017-12920.
Use += in master sites insted of \.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 pkgsrc/graphics/libfpx/Makefile
cvs rdiff -u -r1.1 -r1.2 pkgsrc/graphics/libfpx/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/graphics/libfpx/patches/patch-fpx_f__fpxvw.cpp \
pkgsrc/graphics/libfpx/patches/patch-oless_dir.cxx \
pkgsrc/graphics/libfpx/patches/patch-oless_docfile.cxx
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.2.4.1 pkgsrc/graphics/libfpx/Makefile
cvs rdiff -u -r1.1 -r1.1.4.1 pkgsrc/graphics/libfpx/distinfo
cvs rdiff -u -r0 -r1.1.2.2 \
pkgsrc/graphics/libfpx/patches/patch-fpx_f__fpxvw.cpp \
pkgsrc/graphics/libfpx/patches/patch-oless_dir.cxx \
pkgsrc/graphics/libfpx/patches/patch-oless_docfile.cxx
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/graphics/libfpx/Makefile
diff -u pkgsrc/graphics/libfpx/Makefile:1.2 pkgsrc/graphics/libfpx/Makefile:1.2.4.1
--- pkgsrc/graphics/libfpx/Makefile:1.2 Fri Aug 4 20:03:17 2017
+++ pkgsrc/graphics/libfpx/Makefile Thu Oct 5 02:08:51 2017
@@ -1,12 +1,13 @@
-# $NetBSD: Makefile,v 1.2 2017/08/04 20:03:17 wiz Exp $
+# $NetBSD: Makefile,v 1.2.4.1 2017/10/05 02:08:51 spz Exp $
libfpx_ver= 1.3.1
DISTNAME= libfpx-${libfpx_ver}-9
PKGNAME= libfpx-${libfpx_ver}
+PKGREVISION= 1
CATEGORIES= graphics
-MASTER_SITES= ftp://ftp.imagemagick.org/pub/ImageMagick/delegates/ \
- ftp://ftp.kddlabs.co.jp/graphics/ImageMagick/delegates/ \
- http://www.imagemagick.org/download/delegates/
+MASTER_SITES= ftp://ftp.imagemagick.org/pub/ImageMagick/delegates/
+MASTER_SITES+= ftp://ftp.kddlabs.co.jp/graphics/ImageMagick/delegates/
+MASTER_SITES+= http://www.imagemagick.org/download/delegates/
EXTRACT_SUFX= .tar.xz
MAINTAINER= nros%NetBSD.org@localhost
Index: pkgsrc/graphics/libfpx/distinfo
diff -u pkgsrc/graphics/libfpx/distinfo:1.1 pkgsrc/graphics/libfpx/distinfo:1.1.4.1
--- pkgsrc/graphics/libfpx/distinfo:1.1 Fri Aug 4 08:24:24 2017
+++ pkgsrc/graphics/libfpx/distinfo Thu Oct 5 02:08:51 2017
@@ -1,6 +1,9 @@
-$NetBSD: distinfo,v 1.1 2017/08/04 08:24:24 nros Exp $
+$NetBSD: distinfo,v 1.1.4.1 2017/10/05 02:08:51 spz Exp $
SHA1 (libfpx-1.3.1-9.tar.xz) = d3aba5f74134feb4c3be40c9a864ce28edf1a7f9
RMD160 (libfpx-1.3.1-9.tar.xz) = 7ea9bff48fa15dc243e17c4f1a4a59c1b45c09dc
SHA512 (libfpx-1.3.1-9.tar.xz) = 218e7e0cd0512a1620f219802bc694591c90d494940fc7492076dee56c3707e50f5af50eb3dff9d562a5c0431e05ec9e696e6bdd8735b5b26db0cd3f929ad5f8
Size (libfpx-1.3.1-9.tar.xz) = 1906072 bytes
+SHA1 (patch-fpx_f__fpxvw.cpp) = b2c91920029b66e74154a9f6ccd9dc494df927be
+SHA1 (patch-oless_dir.cxx) = 23218d4dfcf3c57db6234f4ac0c972bf13267290
+SHA1 (patch-oless_docfile.cxx) = 58f45c75a71d3cfcd7946a366d3d4e191fc2f769
Added files:
Index: pkgsrc/graphics/libfpx/patches/patch-fpx_f__fpxvw.cpp
diff -u /dev/null pkgsrc/graphics/libfpx/patches/patch-fpx_f__fpxvw.cpp:1.1.2.2
--- /dev/null Thu Oct 5 02:08:51 2017
+++ pkgsrc/graphics/libfpx/patches/patch-fpx_f__fpxvw.cpp Thu Oct 5 02:08:51 2017
@@ -0,0 +1,76 @@
+$NetBSD: patch-fpx_f__fpxvw.cpp,v 1.1.2.2 2017/10/05 02:08:51 spz Exp $
+Fix CVE-2017-12921
+--- fpx/f_fpxvw.cpp.orig 2017-10-04 10:25:20.000000000 +0000
++++ fpx/f_fpxvw.cpp
+@@ -775,27 +775,67 @@ Boolean PFileFlashPixView::WriteCompObj(
+ // Get property in summary info property set
+ Boolean PFileFlashPixView::GetSummaryInfoProperty (DWORD pID, OLEProperty ** res)
+ {
+- return summaryInfoPropertySet->GetProperty(pID, res);
++ Boolean ok = TRUE;
++
++ // If absent, there is an error
++ if (summaryInfoPropertySet == NULL)
++ ok = FALSE;
++
++ // Get the property
++ if (ok)
++ ok = summaryInfoPropertySet->GetProperty(pID, res);
++
++ return ok;
+ }
+
+ // Set property in summary info property set
+ Boolean PFileFlashPixView::SetSummaryInfoProperty (DWORD pID, DWORD propType, OLEProperty ** res)
+ {
+- return summaryInfoPropertySet->NewProperty(pID, propType, res);
++ Boolean ok = TRUE;
++
++ // If absent, there is an error
++ if (summaryInfoPropertySet == NULL)
++ ok = FALSE;
++
++ // Get the property
++ if (ok)
++ ok = summaryInfoPropertySet->NewProperty(pID, propType, res);
++
++ return ok;
+ }
+
+
+ // Get property in global info property set
+ Boolean PFileFlashPixView::GetGlobalInfoProperty (DWORD pID, OLEProperty ** res)
+ {
+- return globalInfoPropertySet->GetProperty(pID, res);
++ Boolean ok = TRUE;
++
++ // If absent, there is an error
++ if (globalInfoPropertySet == NULL)
++ ok = FALSE;
++
++ // Get the property
++ if (ok)
++ ok = globalInfoPropertySet->GetProperty(pID, res);
++
++ return ok;
+ }
+
+
+ // Set property in global info property set
+ Boolean PFileFlashPixView::SetGlobalInfoProperty (DWORD pID, DWORD propType, OLEProperty ** res)
+ {
+- return globalInfoPropertySet->NewProperty(pID, propType, res);
++ Boolean ok = TRUE;
++
++ // If absent, there is an error
++ if (globalInfoPropertySet == NULL)
++ ok = FALSE;
++
++ // Get the property
++ if (ok)
++ ok = globalInfoPropertySet->NewProperty(pID, propType, res);
++
++ return ok;
+ }
+
+
Index: pkgsrc/graphics/libfpx/patches/patch-oless_dir.cxx
diff -u /dev/null pkgsrc/graphics/libfpx/patches/patch-oless_dir.cxx:1.1.2.2
--- /dev/null Thu Oct 5 02:08:51 2017
+++ pkgsrc/graphics/libfpx/patches/patch-oless_dir.cxx Thu Oct 5 02:08:51 2017
@@ -0,0 +1,13 @@
+$NetBSD: patch-oless_dir.cxx,v 1.1.2.2 2017/10/05 02:08:51 spz Exp $
+possible fix for CVE-2017-12920
+--- oless/dir.cxx.orig 2017-10-03 18:36:32.000000000 +0000
++++ oless/dir.cxx
+@@ -1100,6 +1100,8 @@ SCODE CDirectory::GetDirEntry(
+ DIRINDEX id = sid / _cdeEntries;
+
+ msfChk(_dv.GetTable(id, dwFlags, &pds));
++ if (ppde == NULL)
++ msfErr(Err, ERROR_INVALID_ADDRESS);
+
+ *ppde = pds->GetEntry((DIROFFSET)(sid % _cdeEntries));
+
Index: pkgsrc/graphics/libfpx/patches/patch-oless_docfile.cxx
diff -u /dev/null pkgsrc/graphics/libfpx/patches/patch-oless_docfile.cxx:1.1.2.2
--- /dev/null Thu Oct 5 02:08:51 2017
+++ pkgsrc/graphics/libfpx/patches/patch-oless_docfile.cxx Thu Oct 5 02:08:51 2017
@@ -0,0 +1,27 @@
+$NetBSD: patch-oless_docfile.cxx,v 1.1.2.2 2017/10/05 02:08:51 spz Exp $
+fix CVE-2017-12925
+--- oless/docfile.cxx.orig 2017-10-03 18:06:20.000000000 +0000
++++ oless/docfile.cxx
+@@ -49,6 +49,7 @@ SCODE DfFromLB(ILockBytes *plst,
+ SCODE sc, scConv;
+ CRootExposedDocFile *prpdf;
+ CDFBasis *pdfb=NULL;
++ bool prpdf_Release_run = false;
+
+ UNREFERENCED_PARM(pcid);
+ olDebugOut((DEB_ITRACE, "In DfFromLB(%p, %X, %lX, %p, %p, %p)\n",
+@@ -71,9 +72,12 @@ SCODE DfFromLB(ILockBytes *plst,
+ return scConv;
+
+ EH_ppcInit:
+- prpdf->Release();
++ prpdf->Release(); //this also deletes pdfb
++ prpdf_Release_run = true;
+ EH_pdfb:
+- delete pdfb;
++ if (!prpdf_Release_run) {
++ delete pdfb;
++ }
+ EH_Err:
+ return sc;
+ }
Home |
Main Index |
Thread Index |
Old Index