pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2005Q3]: pkgsrc/x11/gtk2 Pullup ticket 926 - requested by Lubo...

details:   https://anonhg.NetBSD.org/pkgsrc/rev/e94f2d8877a6
branches:  pkgsrc-2005Q3
changeset: 499711:e94f2d8877a6
user:      snj <snj%pkgsrc.org@localhost>
date:      Sun Nov 27 21:18:50 2005 +0000

description:
Pullup ticket 926 - requested by Lubomir Sedlacik
security fix for gtk2

Apply patch to fix two security issues in the bundled gdk-pixbuf library.

diffstat:

 x11/gtk2/Makefile         |   3 ++-
 x11/gtk2/distinfo         |   3 ++-
 x11/gtk2/patches/patch-ai |  27 +++++++++++++++++++++++++++
 3 files changed, 31 insertions(+), 2 deletions(-)

diffs (59 lines):

diff -r ae43f30059f2 -r e94f2d8877a6 x11/gtk2/Makefile
--- a/x11/gtk2/Makefile Sun Nov 27 21:14:26 2005 +0000
+++ b/x11/gtk2/Makefile Sun Nov 27 21:18:50 2005 +0000
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.93 2005/09/26 11:47:24 jmmv Exp $
+# $NetBSD: Makefile,v 1.93.2.1 2005/11/27 21:18:50 snj Exp $
 #
 
 DISTNAME=              gtk+-2.6.10
 PKGNAME=               ${DISTNAME:S/gtk/gtk2/}
+PKGREVISION=           1
 CATEGORIES=            x11
 MASTER_SITES=          ftp://ftp.gtk.org/pub/gtk/v2.6/ \
                        ftp://ftp.cs.umn.edu/pub/gimp/gtk/v2.6/ \
diff -r ae43f30059f2 -r e94f2d8877a6 x11/gtk2/distinfo
--- a/x11/gtk2/distinfo Sun Nov 27 21:14:26 2005 +0000
+++ b/x11/gtk2/distinfo Sun Nov 27 21:18:50 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.50 2005/08/25 21:04:11 jmmv Exp $
+$NetBSD: distinfo,v 1.50.2.1 2005/11/27 21:18:50 snj Exp $
 
 SHA1 (gtk+-2.6.10.tar.bz2) = 9ba627683e0dc4bceb5fb900c1ee687638d95fcd
 RMD160 (gtk+-2.6.10.tar.bz2) = 5bb2e4de406e0e6ccf5c66ec48f6ba3e5b0911ff
@@ -11,3 +11,4 @@
 SHA1 (patch-af) = 6797fd34be0a34368f6edede2321562678b112ff
 SHA1 (patch-ag) = dc4d72a39e426b880ca69ba8bc499fdaf42e0da8
 SHA1 (patch-ah) = 486d6601d6dba04830a8645c6a5791755e6538d9
+SHA1 (patch-ai) = d38e23521afb800898e8db930ffdb5ce1f2da198
diff -r ae43f30059f2 -r e94f2d8877a6 x11/gtk2/patches/patch-ai
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/gtk2/patches/patch-ai Sun Nov 27 21:18:50 2005 +0000
@@ -0,0 +1,27 @@
+$NetBSD: patch-ai,v 1.10.2.1 2005/11/27 21:18:50 snj Exp $
+
+Security fixes for CVE-2005-2975 and CVE-2005-3186.
+
+--- gdk-pixbuf/io-xpm.c.orig   2005-08-18 16:10:56.000000000 +0200
++++ gdk-pixbuf/io-xpm.c        2005-11-26 09:46:35.000000000 +0100
+@@ -1167,7 +1167,8 @@ file_buffer (enum buf_op op, gpointer ha
+               /* Fall through to the xpm_read_string. */
+ 
+       case op_body:
+-              xpm_read_string (h->infile, &h->buffer, &h->buffer_size);
++              if(!xpm_read_string (h->infile, &h->buffer, &h->buffer_size))
++                      return NULL;
+               return h->buffer;
+ 
+       default:
+@@ -1262,7 +1263,9 @@ pixbuf_create_from_xpm (const gchar * (*
+                              _("XPM has invalid number of chars per pixel"));
+               return NULL;
+       }
+-      if (n_col <= 0 || n_col >= G_MAXINT / (cpp + 1)) {
++      if (n_col <= 0 || 
++          n_col >= G_MAXINT / (cpp + 1) || 
++          n_col >= G_MAXINT / sizeof (XPMColor)) {
+                 g_set_error (error,
+                              GDK_PIXBUF_ERROR,
+                              GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
Home | Main Index | Thread Index | Old Index