pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2019Q2]: pkgsrc/devel/pango Pullup ticket #6018 - requested by...
details: https://anonhg.NetBSD.org/pkgsrc/rev/b329d163c0b6
branches: pkgsrc-2019Q2
changeset: 338424:b329d163c0b6
user: bsiegert <bsiegert%pkgsrc.org@localhost>
date: Fri Aug 09 19:13:16 2019 +0000
description:
Pullup ticket #6018 - requested by maya
devel/pango: security fix
Revisions pulled up:
- devel/pango/Makefile 1.221
- devel/pango/distinfo 1.119
- devel/pango/patches/patch-pango_pango-bidi-type.c 1.1
---
Module Name: pkgsrc
Committed By: maya
Date: Thu Aug 1 10:09:38 UTC 2019
Modified Files:
pkgsrc/devel/pango: Makefile distinfo
Added Files:
pkgsrc/devel/pango/patches: patch-pango_pango-bidi-type.c
Log Message:
pango: patch buffer overflow (CVE-2019-1010238)
bump pkgrevision.
diffstat:
devel/pango/Makefile | 4 +-
devel/pango/distinfo | 3 +-
devel/pango/patches/patch-pango_pango-bidi-type.c | 25 +++++++++++++++++++++++
3 files changed, 29 insertions(+), 3 deletions(-)
diffs (57 lines):
diff -r d6a365ce0183 -r b329d163c0b6 devel/pango/Makefile
--- a/devel/pango/Makefile Fri Aug 09 13:37:33 2019 +0000
+++ b/devel/pango/Makefile Fri Aug 09 19:13:16 2019 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.219 2019/06/08 19:53:26 leot Exp $
+# $NetBSD: Makefile,v 1.219.2.1 2019/08/09 19:13:16 bsiegert Exp $
DISTNAME= pango-1.42.4
-PKGREVISION= 4
+PKGREVISION= 5
CATEGORIES= devel fonts
MASTER_SITES= ${MASTER_SITE_GNOME:=sources/pango/${PKGVERSION_NOREV:R}/}
EXTRACT_SUFX= .tar.xz
diff -r d6a365ce0183 -r b329d163c0b6 devel/pango/distinfo
--- a/devel/pango/distinfo Fri Aug 09 13:37:33 2019 +0000
+++ b/devel/pango/distinfo Fri Aug 09 19:13:16 2019 +0000
@@ -1,9 +1,10 @@
-$NetBSD: distinfo,v 1.118 2018/11/20 08:34:43 maya Exp $
+$NetBSD: distinfo,v 1.118.6.1 2019/08/09 19:13:16 bsiegert Exp $
SHA1 (pango-1.42.4.tar.xz) = 240942b1307eaa3819e6e534596271c57cd75457
RMD160 (pango-1.42.4.tar.xz) = e91880e0e9a459bbc2c280ac747ab31f80352000
SHA512 (pango-1.42.4.tar.xz) = 993e97f647eba0c5ed90bcfcb8228bf67fa3f20b1f4331e4e40a30788d7c3ac55eee1209471bf21df125cb8fc6121acc8062a9da2f8a7d6cbe8e9ad13a9320dc
Size (pango-1.42.4.tar.xz) = 833876 bytes
+SHA1 (patch-pango_pango-bidi-type.c) = 3e2c657b89d7d7399d731669cf822e3140877ebd
SHA1 (patch-pango_pangocairo-coretextfont.c) = cfef0e1372d5770d5988af411d435ee87fdfd0bd
SHA1 (patch-pango_pangocairo-coretextfontmap.c) = 395cb1f8472a319c4b1c58ea137e36452bc44cc6
SHA1 (patch-pango_pangocoretext-fontmap.c) = 643dfdb0e9672382d4d5259c90e451a829b9875e
diff -r d6a365ce0183 -r b329d163c0b6 devel/pango/patches/patch-pango_pango-bidi-type.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/pango/patches/patch-pango_pango-bidi-type.c Fri Aug 09 19:13:16 2019 +0000
@@ -0,0 +1,25 @@
+$NetBSD: patch-pango_pango-bidi-type.c,v 1.1.2.2 2019/08/09 19:13:16 bsiegert Exp $
+
+bidi: Be safer against bad input
+
+Don't run off the end of an array that we
+allocated to certain length.
+
+CVE-2019-1010238
+
+--- pango/pango-bidi-type.c.orig 2018-07-28 15:15:28.000000000 +0000
++++ pango/pango-bidi-type.c
+@@ -179,8 +179,11 @@ pango_log2vis_get_embedding_levels (cons
+ for (i = 0, p = text; p < text + length; p = g_utf8_next_char(p), i++)
+ {
+ gunichar ch = g_utf8_get_char (p);
+- FriBidiCharType char_type;
+- char_type = fribidi_get_bidi_type (ch);
++ FriBidiCharType char_type = fribidi_get_bidi_type (ch);
++
++ if (i == n_chars)
++ break;
++
+ bidi_types[i] = char_type;
+ ored_types |= char_type;
+ if (FRIBIDI_IS_STRONG (char_type))
Home |
Main Index |
Thread Index |
Old Index