[pkgsrc/pkgsrc-2005Q1]: pkgsrc/x11/gtk2 Pullup ticket 414 - requested by Lubo...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/pkgsrc-2005Q1]: pkgsrc/x11/gtk2 Pullup ticket 414 - requested by Lubo...
From: snj <snj%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 01:31:15 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/0f6aace71929
branches:  pkgsrc-2005Q1
changeset: 490906:0f6aace71929
user:      snj <snj%pkgsrc.org@localhost>
date:      Sun Apr 03 03:26:55 2005 +0000

description:
Pullup ticket 414 - requested by Lubomir Sedlacik
security fix for gtk2

Revisions pulled up:
- pkgsrc/x11/gtk2/Makefile              1.79
- pkgsrc/x11/gtk2/buildlink3.mk         1.17
- pkgsrc/x11/gtk2/distinfo              1.43
- pkgsrc/x11/gtk2/patches/patch-ai      1.7


    Module Name:    pkgsrc
    Committed By:   salo
    Date:           Fri Apr  1 10:51:51 UTC 2005

    Modified Files:
            pkgsrc/x11/gtk2: Makefile buildlink3.mk distinfo
    Added Files:
            pkgsrc/x11/gtk2/patches: patch-ai

    Log Message:
    Security fix for CAN-2005-0891:

    "David Costanzo has reported a vulnerability in GTK+, which can be
     exploited by malicious people to crash certain applications on
     a user's system.

     The vulnerability is caused due to a double free error in the BMP
     loader.  This can be exploited to crash an application linked against
     GTK+ when a specially crafted BMP image is processed."

    Bump PKGREVISION.  Patch from Fedora.

diffstat:

 x11/gtk2/Makefile         |   3 ++-
 x11/gtk2/buildlink3.mk    |   4 ++--
 x11/gtk2/distinfo         |   3 ++-
 x11/gtk2/patches/patch-ai |  25 +++++++++++++++++++++++++
 4 files changed, 31 insertions(+), 4 deletions(-)

diffs (75 lines):

diff -r 2d8115e6c595 -r 0f6aace71929 x11/gtk2/Makefile
--- a/x11/gtk2/Makefile Sat Apr 02 11:33:30 2005 +0000
+++ b/x11/gtk2/Makefile Sun Apr 03 03:26:55 2005 +0000
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.78 2005/03/13 15:24:39 jmmv Exp $
+# $NetBSD: Makefile,v 1.78.2.1 2005/04/03 03:26:55 snj Exp $
 #
 
 DISTNAME=              gtk+-2.6.4
 PKGNAME=               ${DISTNAME:S/gtk/gtk2/}
+PKGREVISION=           1
 CATEGORIES=            x11
 MASTER_SITES=          ftp://ftp.gtk.org/pub/gtk/v2.6/ \
                        ftp://ftp.cs.umn.edu/pub/gimp/gtk/v2.6/ \
diff -r 2d8115e6c595 -r 0f6aace71929 x11/gtk2/buildlink3.mk
--- a/x11/gtk2/buildlink3.mk    Sat Apr 02 11:33:30 2005 +0000
+++ b/x11/gtk2/buildlink3.mk    Sun Apr 03 03:26:55 2005 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.16 2004/12/28 23:18:21 reed Exp $
+# $NetBSD: buildlink3.mk,v 1.16.2.1 2005/04/03 03:26:55 snj Exp $
 
 BUILDLINK_DEPTH:=      ${BUILDLINK_DEPTH}+
 GTK2_BUILDLINK3_MK:=   ${GTK2_BUILDLINK3_MK}+
@@ -12,7 +12,7 @@
 
 .if !empty(GTK2_BUILDLINK3_MK:M+)
 BUILDLINK_DEPENDS.gtk2+=       gtk2+>=2.4.0
-BUILDLINK_RECOMMENDED.gtk2+=   gtk2+>=2.6.0nb1
+BUILDLINK_RECOMMENDED.gtk2+=   gtk2+>=2.6.4nb1
 BUILDLINK_PKGSRCDIR.gtk2?=     ../../x11/gtk2
 
 PRINT_PLIST_AWK+=      /^@dirrm lib\/gtk-2.0$$/ { next; }
diff -r 2d8115e6c595 -r 0f6aace71929 x11/gtk2/distinfo
--- a/x11/gtk2/distinfo Sat Apr 02 11:33:30 2005 +0000
+++ b/x11/gtk2/distinfo Sun Apr 03 03:26:55 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.42 2005/03/02 15:39:06 wiz Exp $
+$NetBSD: distinfo,v 1.42.2.1 2005/04/03 03:26:55 snj Exp $
 
 SHA1 (gtk+-2.6.4.tar.bz2) = d4f91ae7e1b2b2be24821789d68057d21f4a9911
 RMD160 (gtk+-2.6.4.tar.bz2) = 351e9752f46e68e3839f79d3b8c155d320d27bb9
@@ -10,3 +10,4 @@
 SHA1 (patch-af) = 6797fd34be0a34368f6edede2321562678b112ff
 SHA1 (patch-ag) = dc4d72a39e426b880ca69ba8bc499fdaf42e0da8
 SHA1 (patch-ah) = 486d6601d6dba04830a8645c6a5791755e6538d9
+SHA1 (patch-ai) = 190289e323da72e3c36555f3cb2e72bfc0be2ab1
diff -r 2d8115e6c595 -r 0f6aace71929 x11/gtk2/patches/patch-ai
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/gtk2/patches/patch-ai Sun Apr 03 03:26:55 2005 +0000
@@ -0,0 +1,25 @@
+$NetBSD: patch-ai,v 1.6.8.1 2005/04/03 03:26:55 snj Exp $
+
+--- gdk-pixbuf/io-bmp.c.orig   2005-01-04 16:47:02.000000000 +0100
++++ gdk-pixbuf/io-bmp.c        2005-04-01 11:21:52.000000000 +0200
+@@ -219,7 +219,19 @@
+ static gboolean grow_buffer (struct bmp_progressive_state *State,
+                              GError **error)
+ {
+-  guchar *tmp = g_try_realloc (State->buff, State->BufferSize);
++  guchar *tmp;
++
++  if (State->BufferSize == 0) {
++    g_set_error (error,
++               GDK_PIXBUF_ERROR,
++               GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
++               _("BMP image has bogus header data"));
++    State->read_state = READ_STATE_ERROR;
++    return FALSE;
++  }
++
++  tmp = g_try_realloc (State->buff, State->BufferSize);
++
+   if (!tmp) {
+     g_set_error (error,
+                GDK_PIXBUF_ERROR,

Prev by Date: [pkgsrc/pkgsrc-2005Q1]: pkgsrc/lang/perl5 Pullup ticket 416 - requested by Kl...
Next by Date: [pkgsrc/pkgsrc-2005Q1]: pkgsrc/doc 415
Previous by Thread: [pkgsrc/pkgsrc-2005Q1]: pkgsrc/lang/perl5 Pullup ticket 416 - requested by Kl...
Next by Thread: [pkgsrc/pkgsrc-2005Q1]: pkgsrc/doc 415
Indexes:

Home | Main Index | Thread Index | Old Index