pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/graphics/gdk-pixbuf Security fix for CAN-2005-0891:
details: https://anonhg.NetBSD.org/pkgsrc/rev/45e6336298d9
branches: trunk
changeset: 491935:45e6336298d9
user: salo <salo%pkgsrc.org@localhost>
date: Fri Apr 01 11:37:23 2005 +0000
description:
Security fix for CAN-2005-0891:
"David Costanzo has reported a vulnerability in GdkPixbuf, which can be
exploited by malicious people to crash certain applications on a user's
system.
The vulnerability is caused due to a double free error in the BMP loader.
This can be exploited to crash an application linked against GdkPixbuf
when a specially crafted BMP image is processed."
Bump PKGREVISION. Patch from Fedora.
diffstat:
graphics/gdk-pixbuf/Makefile | 4 ++--
graphics/gdk-pixbuf/buildlink3.mk | 4 ++--
graphics/gdk-pixbuf/distinfo | 3 ++-
graphics/gdk-pixbuf/patches/patch-ak | 20 ++++++++++++++++++++
4 files changed, 26 insertions(+), 5 deletions(-)
diffs (72 lines):
diff -r de842f8b8597 -r 45e6336298d9 graphics/gdk-pixbuf/Makefile
--- a/graphics/gdk-pixbuf/Makefile Fri Apr 01 11:36:32 2005 +0000
+++ b/graphics/gdk-pixbuf/Makefile Fri Apr 01 11:37:23 2005 +0000
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.30 2004/12/28 23:18:21 reed Exp $
+# $NetBSD: Makefile,v 1.31 2005/04/01 11:37:23 salo Exp $
#
.include "Makefile.common"
PKGNAME= ${DISTNAME}
-PKGREVISION= 4
+PKGREVISION= 5
COMMENT= The GNOME image loading library
# XXX hopefully there is no x.gnome-config.x in PATH
diff -r de842f8b8597 -r 45e6336298d9 graphics/gdk-pixbuf/buildlink3.mk
--- a/graphics/gdk-pixbuf/buildlink3.mk Fri Apr 01 11:36:32 2005 +0000
+++ b/graphics/gdk-pixbuf/buildlink3.mk Fri Apr 01 11:37:23 2005 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.6 2004/12/28 23:18:21 reed Exp $
+# $NetBSD: buildlink3.mk,v 1.7 2005/04/01 11:37:23 salo Exp $
BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+
GDK_PIXBUF_BUILDLINK3_MK:= ${GDK_PIXBUF_BUILDLINK3_MK}+
@@ -12,7 +12,7 @@
.if !empty(GDK_PIXBUF_BUILDLINK3_MK:M+)
BUILDLINK_DEPENDS.gdk-pixbuf+= gdk-pixbuf>=0.22.0nb2
-BUILDLINK_RECOMMENDED.gdk-pixbuf+= gdk-pixbuf>=0.22.0nb4
+BUILDLINK_RECOMMENDED.gdk-pixbuf+= gdk-pixbuf>=0.22.0nb5
BUILDLINK_PKGSRCDIR.gdk-pixbuf?= ../../graphics/gdk-pixbuf
BUILDLINK_CPPFLAGS.gdk-pixbuf+= \
-I${BUILDLINK_PREFIX.gdk-pixbuf}/include/gdk-pixbuf-1.0
diff -r de842f8b8597 -r 45e6336298d9 graphics/gdk-pixbuf/distinfo
--- a/graphics/gdk-pixbuf/distinfo Fri Apr 01 11:36:32 2005 +0000
+++ b/graphics/gdk-pixbuf/distinfo Fri Apr 01 11:37:23 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.15 2005/02/24 08:45:05 agc Exp $
+$NetBSD: distinfo,v 1.16 2005/04/01 11:37:23 salo Exp $
SHA1 (gdk-pixbuf-0.22.0.tar.bz2) = 495324afb5abebc14567ffd5a6cd72333bcc7f5b
RMD160 (gdk-pixbuf-0.22.0.tar.bz2) = 0e56a0f883fd8e3fb4d49b9a38f984b95cd96ece
@@ -13,3 +13,4 @@
SHA1 (patch-ah) = 37df772bd4c818eb2dd567169598436467ea4f1c
SHA1 (patch-ai) = df681c98b2e265548504eeecbd5a2962b4d3359d
SHA1 (patch-aj) = 107cbe0e9756818ae2529cc4791d7cd06d476a7c
+SHA1 (patch-ak) = 123b32f70b0feb91bb3e0c2ca8e705ff2ae381bf
diff -r de842f8b8597 -r 45e6336298d9 graphics/gdk-pixbuf/patches/patch-ak
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/gdk-pixbuf/patches/patch-ak Fri Apr 01 11:37:23 2005 +0000
@@ -0,0 +1,20 @@
+$NetBSD: patch-ak,v 1.1 2005/04/01 11:37:23 salo Exp $
+
+--- gdk-pixbuf/io-bmp.c.orig 2002-09-27 23:12:40.000000000 +0200
++++ gdk-pixbuf/io-bmp.c 2005-04-01 13:05:14.000000000 +0200
+@@ -245,7 +245,14 @@
+ static gboolean
+ grow_buffer (struct bmp_progressive_state *State)
+ {
+- guchar *tmp = realloc (State->buff, State->BufferSize);
++ guchar *tmp;
++
++ if (State->BufferSize == 0) {
++ State->read_state = READ_STATE_ERROR;
++ return FALSE;
++ }
++
++ tmp = realloc (State->buff, State->BufferSize);
+ if (!tmp) {
+ State->read_state = READ_STATE_ERROR;
+ return FALSE;
Home |
Main Index |
Thread Index |
Old Index