pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/graphics/openexr Add patches for CVE-2009-1720 (multip...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/6758897b0f20
branches:  trunk
changeset: 564155:6758897b0f20
user:      hasso <hasso%pkgsrc.org@localhost>
date:      Fri Aug 28 21:33:07 2009 +0000

description:
Add patches for CVE-2009-1720 (multiple integer overflows in OpenEXR) and
CVE-2009-1721 (denial of service (application crash) or possibly execute
arbitrary code in the Imf::hufUncompress function). Bump PKGREVISION.

diffstat:

 graphics/openexr/Makefile         |   3 ++-
 graphics/openexr/distinfo         |   7 ++++++-
 graphics/openexr/patches/patch-ae |  23 +++++++++++++++++++++++
 graphics/openexr/patches/patch-af |  14 ++++++++++++++
 graphics/openexr/patches/patch-ag |  14 ++++++++++++++
 graphics/openexr/patches/patch-ah |  14 ++++++++++++++
 graphics/openexr/patches/patch-ai |  13 +++++++++++++
 7 files changed, 86 insertions(+), 2 deletions(-)

diffs (128 lines):

diff -r faac126462d8 -r 6758897b0f20 graphics/openexr/Makefile
--- a/graphics/openexr/Makefile Fri Aug 28 20:48:19 2009 +0000
+++ b/graphics/openexr/Makefile Fri Aug 28 21:33:07 2009 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.21 2009/01/28 13:14:55 tron Exp $
+# $NetBSD: Makefile,v 1.22 2009/08/28 21:33:07 hasso Exp $
 
 DISTNAME=      openexr-1.6.1
+PKGREVISION=   1
 CATEGORIES=    graphics
 MASTER_SITES=  http://savannah.nongnu.org/download/openexr/
 
diff -r faac126462d8 -r 6758897b0f20 graphics/openexr/distinfo
--- a/graphics/openexr/distinfo Fri Aug 28 20:48:19 2009 +0000
+++ b/graphics/openexr/distinfo Fri Aug 28 21:33:07 2009 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.12 2009/07/21 11:50:35 tnn Exp $
+$NetBSD: distinfo,v 1.13 2009/08/28 21:33:08 hasso Exp $
 
 SHA1 (openexr-1.6.1.tar.gz) = b3650e6542f0e09daadb2d467425530bc8eec333
 RMD160 (openexr-1.6.1.tar.gz) = 3670633be841628e9d4c11981661e9d94a9b2711
@@ -7,3 +7,8 @@
 SHA1 (patch-ab) = 7d4fdf8d36f58ea5126b8c72dae901d1d68e6a60
 SHA1 (patch-ac) = fa5735431b7168dfc8b4643a976fd7f95cbcb5e7
 SHA1 (patch-ad) = b44ccc8a9ff32ebe7cc42f5c53778ebf050b4de6
+SHA1 (patch-ae) = aa70c907718f975c32698906edc9f6ca66b42e23
+SHA1 (patch-af) = ed02cf7091bfe490f33f4c8101ce84fab453b556
+SHA1 (patch-ag) = 6eebed2f16f02ba0f5b019f0f45c0f26ced0ba92
+SHA1 (patch-ah) = c7070ac42bc1c0cfb940f0aa53e04f93e887c590
+SHA1 (patch-ai) = 9bf08eb6e092848e6b194989e03320a334eff640
diff -r faac126462d8 -r 6758897b0f20 graphics/openexr/patches/patch-ae
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/openexr/patches/patch-ae Fri Aug 28 21:33:07 2009 +0000
@@ -0,0 +1,23 @@
+$NetBSD: patch-ae,v 1.1 2009/08/28 21:33:08 hasso Exp $
+
+--- IlmImf/ImfPreviewImage.cpp.orig    2006-06-06 00:58:16.000000000 -0500
++++ IlmImf/ImfPreviewImage.cpp 2009-07-29 13:27:39.087038617 -0500
+@@ -41,6 +41,7 @@
+ 
+ #include <ImfPreviewImage.h>
+ #include "Iex.h"
++#include <limits.h>
+ 
+ namespace Imf {
+ 
+@@ -51,6 +52,9 @@ PreviewImage::PreviewImage (unsigned int
+ {
+     _width = width;
+     _height = height;
++    if (_height && _width > UINT_MAX / _height || _width * _height > UINT_MAX / sizeof(PreviewRgba)) {
++        throw Iex::ArgExc ("Invalid height and width.");
++    }
+     _pixels = new PreviewRgba [_width * _height];
+ 
+     if (pixels)
+diff -up openexr-1.6.1/IlmImf/ImfPreviewImage.h.CVE-2009-1720-1 openexr-1.6.1/IlmImf/ImfPreviewImage.h
diff -r faac126462d8 -r 6758897b0f20 graphics/openexr/patches/patch-af
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/openexr/patches/patch-af Fri Aug 28 21:33:07 2009 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-af,v 1.1 2009/08/28 21:33:08 hasso Exp $
+
+--- IlmImf/ImfPizCompressor.cpp.orig   2007-09-20 23:17:46.000000000 -0500
++++ IlmImf/ImfPizCompressor.cpp        2009-07-29 13:15:41.883288491 -0500
+@@ -181,6 +181,9 @@ PizCompressor::PizCompressor
+     _channels (hdr.channels()),
+     _channelData (0)
+ {
++    if ((unsigned) maxScanLineSize > (INT_MAX - 65536 - 8192)  / (unsigned) numScanLines) {
++        throw InputExc ("Error: maxScanLineSize * numScanLines would overflow.");
++    }
+     _tmpBuffer = new unsigned short [maxScanLineSize * numScanLines / 2];
+     _outBuffer = new char [maxScanLineSize * numScanLines + 65536 + 8192];
+ 
diff -r faac126462d8 -r 6758897b0f20 graphics/openexr/patches/patch-ag
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/openexr/patches/patch-ag Fri Aug 28 21:33:07 2009 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-ag,v 1.1 2009/08/28 21:33:08 hasso Exp $
+
+--- IlmImf/ImfRleCompressor.cpp.orig   2006-10-13 22:06:39.000000000 -0500
++++ IlmImf/ImfRleCompressor.cpp        2009-07-29 13:17:39.505037955 -0500
+@@ -164,6 +164,9 @@ RleCompressor::RleCompressor (const Head
+     _tmpBuffer (0),
+     _outBuffer (0)
+ {
++    if ((unsigned) maxScanLineSize > INT_MAX / 3) {
++        throw Iex::InputExc ("Error: maxScanLineSize * 3 would overflow.");
++    }
+     _tmpBuffer = new char [maxScanLineSize];
+     _outBuffer = new char [maxScanLineSize * 3 / 2];
+ }
diff -r faac126462d8 -r 6758897b0f20 graphics/openexr/patches/patch-ah
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/openexr/patches/patch-ah Fri Aug 28 21:33:07 2009 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-ah,v 1.1 2009/08/28 21:33:08 hasso Exp $
+
+--- IlmImf/ImfZipCompressor.cpp.orig   2006-10-13 22:07:17.000000000 -0500
++++ IlmImf/ImfZipCompressor.cpp        2009-07-29 13:18:25.223038291 -0500
+@@ -58,6 +58,9 @@ ZipCompressor::ZipCompressor
+     _tmpBuffer (0),
+     _outBuffer (0)
+ {
++    if ((unsigned) maxScanLineSize > INT_MAX / (unsigned) numScanLines) {
++        throw Iex::InputExc ("Error: maxScanLineSize * numScanLines would overflow.");
++    }
+     _tmpBuffer =
+       new char [maxScanLineSize * numScanLines];
+ 
diff -r faac126462d8 -r 6758897b0f20 graphics/openexr/patches/patch-ai
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/openexr/patches/patch-ai Fri Aug 28 21:33:07 2009 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-ai,v 1.1 2009/08/28 21:33:08 hasso Exp $
+
+--- IlmImf/ImfAutoArray.h.orig 2007-04-23 20:26:56.000000000 -0500
++++ IlmImf/ImfAutoArray.h      2009-07-29 13:22:08.309288375 -0500
+@@ -57,7 +57,7 @@ namespace Imf {
+     {
+       public:
+ 
+-       AutoArray (): _data (new T [size]) {}
++       AutoArray (): _data (new T [size]) {memset(_data, 0, size * sizeof(T));}
+       ~AutoArray () {delete [] _data;}
+ 
+       operator T * ()                 {return _data;}



Home | Main Index | Thread Index | Old Index