pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/print/transfig add a patch from
details: https://anonhg.NetBSD.org/pkgsrc/rev/0a304217f481
branches: trunk
changeset: 568886:0a304217f481
user: drochner <drochner%pkgsrc.org@localhost>
date: Wed Dec 23 14:19:58 2009 +0000
description:
add a patch from
https://bugzilla.redhat.com/show_bug.cgi?id=543905
(slightly modified) to fix CVE-2009-4228
(Stack-based buffer overflow by loading malformed .FIG files)
diffstat:
print/transfig/Makefile | 4 +-
print/transfig/distinfo | 3 +-
print/transfig/patches/patch-af | 52 +++++++++++++++++++++++++++++++++++++++++
3 files changed, 56 insertions(+), 3 deletions(-)
diffs (84 lines):
diff -r ece9dd81ea4e -r 0a304217f481 print/transfig/Makefile
--- a/print/transfig/Makefile Wed Dec 23 13:27:58 2009 +0000
+++ b/print/transfig/Makefile Wed Dec 23 14:19:58 2009 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.36 2008/08/20 10:25:12 is Exp $
+# $NetBSD: Makefile,v 1.37 2009/12/23 14:19:58 drochner Exp $
DISTNAME= transfig.3.2.5
PKGNAME= transfig-3.2.5
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= graphics print
MASTER_SITES= ftp://epb.lbl.gov/xfig/alpha/
diff -r ece9dd81ea4e -r 0a304217f481 print/transfig/distinfo
--- a/print/transfig/distinfo Wed Dec 23 13:27:58 2009 +0000
+++ b/print/transfig/distinfo Wed Dec 23 14:19:58 2009 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.15 2008/08/20 10:25:12 is Exp $
+$NetBSD: distinfo,v 1.16 2009/12/23 14:19:58 drochner Exp $
SHA1 (transfig.3.2.5.tar.gz) = 2657c104d0099dcb4565a8762a9543310e55e767
RMD160 (transfig.3.2.5.tar.gz) = 435615bded662225127ea564fc746e9cb0058f18
@@ -7,3 +7,4 @@
SHA1 (patch-ab) = b056ff88914bccfc172f15adb663eda0f254e125
SHA1 (patch-ac) = 0258794cf6f6d22d3355ed01c2cc89c7ee0088d4
SHA1 (patch-ae) = d3d0eeb08083092f717525914c64e72c7ceaa1fd
+SHA1 (patch-af) = 544bae557e193f9bbee4dbe1aefa454c38100c69
diff -r ece9dd81ea4e -r 0a304217f481 print/transfig/patches/patch-af
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/print/transfig/patches/patch-af Wed Dec 23 14:19:58 2009 +0000
@@ -0,0 +1,52 @@
+$NetBSD: patch-af,v 1.1 2009/12/23 14:19:58 drochner Exp $
+
+--- fig2dev/read1_3.c.orig 2003-04-08 22:18:51.000000000 +0000
++++ fig2dev/read1_3.c
+@@ -441,7 +441,7 @@ FILE *fp;
+ {
+ F_text *t;
+ int n;
+- char buf[128];
++ char buf[512];
+
+ Text_malloc(t);
+ t->type = T_LEFT_JUSTIFIED;
+@@ -451,21 +451,33 @@ FILE *fp;
+ t->pen = 0;
+ t->angle = 0.0;
+ t->next = NULL;
+- n = fscanf(fp," %d %lf %d %lf %lf %d %d %[^\n]", &t->font,
++ if (!fgets(buf, sizeof(buf), fp)) {
++ put_msg("Incomplete text data");
++ free((char *) t);
++ return (NULL);
++ }
++
++ /* Note using strlen(buf) here will waste a few bytes, as the
++ various text attributes are counted into this length too. */
++ t->cstring = (char *) calloc((unsigned)(strlen(buf)+1), sizeof(char));
++ if (t->cstring == NULL)
++ return (NULL);
++ n = sscanf(buf," %d %lf %d %lf %lf %d %d %[^\n]", &t->font,
+ &t->size, &t->flags, &t->height, &t->length,
+- &t->base_x, &t->base_y, buf);
++ &t->base_x, &t->base_y, t->cstring);
+ if (n != 8) {
+ put_msg("incomplete text data");
++ free(t->cstring);
+ free((char*)t);
+ return(NULL);
+ }
+- t->cstring = (char *) calloc((unsigned)(strlen(buf)+1), sizeof(char));
+- if (t->cstring == NULL) {
++
++ if (!strlen(t->cstring)) {
++ free(t->cstring);
+ put_msg(Err_mem);
+ free((char*) t);
+ return(NULL);
+ }
+- (void)strcpy(t->cstring, buf);
+ if (t->size == 0) t->size = 18;
+ return(t);
+ }
Home |
Main Index |
Thread Index |
Old Index