pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/x11/wxGTK24 Add patches for CVE-2009-2625 and CVE-2009...
details: https://anonhg.NetBSD.org/pkgsrc/rev/aeb9310cbd76
branches: trunk
changeset: 571882:aeb9310cbd76
user: taca <taca%pkgsrc.org@localhost>
date: Tue Feb 16 17:33:39 2010 +0000
description:
Add patches for CVE-2009-2625 and CVE-2009-2369.
Bump PKGREVISION.
diffstat:
x11/wxGTK24/Makefile | 4 ++--
x11/wxGTK24/distinfo | 6 +++++-
x11/wxGTK24/patches/patch-am | 15 +++++++++++++++
x11/wxGTK24/patches/patch-an | 17 +++++++++++++++++
x11/wxGTK24/patches/patch-ao | 28 ++++++++++++++++++++++++++++
x11/wxGTK24/patches/patch-ap | 35 +++++++++++++++++++++++++++++++++++
6 files changed, 102 insertions(+), 3 deletions(-)
diffs (145 lines):
diff -r 3d089d7dbf2f -r aeb9310cbd76 x11/wxGTK24/Makefile
--- a/x11/wxGTK24/Makefile Tue Feb 16 17:24:57 2010 +0000
+++ b/x11/wxGTK24/Makefile Tue Feb 16 17:33:39 2010 +0000
@@ -1,11 +1,11 @@
-# $NetBSD: Makefile,v 1.10 2010/01/18 09:59:45 wiz Exp $
+# $NetBSD: Makefile,v 1.11 2010/02/16 17:33:39 taca Exp $
#
PKG_DESTDIR_SUPPORT= user-destdir
.include "Makefile.common"
-PKGREVISION= 15
+PKGREVISION= 16
COMMENT= GTK-based implementation of the wxWidgets GUI library
CONFLICTS+= wxGTK<=2.4.2nb5
diff -r 3d089d7dbf2f -r aeb9310cbd76 x11/wxGTK24/distinfo
--- a/x11/wxGTK24/distinfo Tue Feb 16 17:24:57 2010 +0000
+++ b/x11/wxGTK24/distinfo Tue Feb 16 17:33:39 2010 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.9 2009/11/29 20:16:20 joerg Exp $
+$NetBSD: distinfo,v 1.10 2010/02/16 17:33:39 taca Exp $
SHA1 (wxGTK-2.4.2.tar.bz2) = 3f1ebacaaf8eb5510c14ee10bafbc5f225be842c
RMD160 (wxGTK-2.4.2.tar.bz2) = 8076d1ba31c9b23becb241cbad5a83763fee776e
@@ -15,3 +15,7 @@
SHA1 (patch-aj) = 9f74442617e6a869c5ff253591bba3f9da3a9e0c
SHA1 (patch-ak) = 3f26086c8f16ac972db89c21f665c187570937cc
SHA1 (patch-al) = bceed88db708c83afca0fe3adb5c923f9bc661b0
+SHA1 (patch-am) = 445ae223a6fd88b86efafa7c13dbcf3f359f364f
+SHA1 (patch-an) = a9d276244cac87fa00a3c3338179e68084b72b1d
+SHA1 (patch-ao) = 7fb559c8662b20a61d39b308d3b6723b0dde6673
+SHA1 (patch-ap) = b1217506bfffe9ed7a282c960a99921c61d76dbd
diff -r 3d089d7dbf2f -r aeb9310cbd76 x11/wxGTK24/patches/patch-am
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/wxGTK24/patches/patch-am Tue Feb 16 17:33:39 2010 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-am,v 1.1 2010/02/16 17:33:39 taca Exp $
+
+deal with CVE-2009-2625.
+
+--- contrib/src/xrc/expat/xmltok/xmltok_impl.c.orig 2003-09-21 11:32:55.000000000 +0000
++++ contrib/src/xrc/expat/xmltok/xmltok_impl.c
+@@ -1753,7 +1753,7 @@ void PREFIX(updatePosition)(const ENCODI
+ const char *end,
+ POSITION *pos)
+ {
+- while (ptr != end) {
++ while (ptr < end) {
+ switch (BYTE_TYPE(enc, ptr)) {
+ #define LEAD_CASE(n) \
+ case BT_LEAD ## n: \
diff -r 3d089d7dbf2f -r aeb9310cbd76 x11/wxGTK24/patches/patch-an
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/wxGTK24/patches/patch-an Tue Feb 16 17:33:39 2010 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-an,v 1.1 2010/02/16 17:33:39 taca Exp $
+
+deal with CVE-2009-2369.
+
+--- src/common/image.cpp.orig 2003-09-21 11:31:39.000000000 +0000
++++ src/common/image.cpp
+@@ -147,6 +147,10 @@ void wxImage::Create( int width, int hei
+
+ m_refData = new wxImageRefData();
+
++ if (width <= 0 || height <= 0 || width > INT_MAX / 3 / height) {
++ UnRef();
++ return;
++ }
+ M_IMGDATA->m_data = (unsigned char *) malloc( width*height*3 );
+ if (M_IMGDATA->m_data)
+ {
diff -r 3d089d7dbf2f -r aeb9310cbd76 x11/wxGTK24/patches/patch-ao
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/wxGTK24/patches/patch-ao Tue Feb 16 17:33:39 2010 +0000
@@ -0,0 +1,28 @@
+$NetBSD: patch-ao,v 1.1 2010/02/16 17:33:39 taca Exp $
+
+deal with CVE-2009-2369.
+
+--- src/common/imagpng.cpp.orig 2003-09-21 11:31:39.000000000 +0000
++++ src/common/imagpng.cpp
+@@ -213,18 +213,16 @@ bool wxPNGHandler::LoadFile( wxImage *im
+ if (!image->Ok())
+ goto error_nolines;
+
+- lines = (unsigned char **)malloc( (size_t)(height * sizeof(unsigned char *)) );
++ // initialize all line pointers to NULL to ensure that they can be safely
++ // free()d if an error occurs before all of them could be allocated
++ lines = (unsigned char **)calloc(height, sizeof(unsigned char *));
+ if (lines == NULL)
+ goto error_nolines;
+
+ for (i = 0; i < height; i++)
+ {
+ if ((lines[i] = (unsigned char *)malloc( (size_t)(width * (sizeof(unsigned char) * 4)))) == NULL)
+- {
+- for ( unsigned int n = 0; n < i; n++ )
+- free( lines[n] );
+ goto error;
+- }
+ }
+
+ // loaded successfully!
diff -r 3d089d7dbf2f -r aeb9310cbd76 x11/wxGTK24/patches/patch-ap
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/wxGTK24/patches/patch-ap Tue Feb 16 17:33:39 2010 +0000
@@ -0,0 +1,35 @@
+$NetBSD: patch-ap,v 1.1 2010/02/16 17:33:39 taca Exp $
+
+deal with CVE-2009-2369.
+
+--- src/common/imagtiff.cpp.orig 2003-09-21 11:31:39.000000000 +0000
++++ src/common/imagtiff.cpp
+@@ -188,15 +188,25 @@ bool wxTIFFHandler::LoadFile( wxImage *i
+ }
+
+ uint32 w, h;
+- uint32 npixels;
+ uint32 *raster;
+
+ TIFFGetField( tif, TIFFTAG_IMAGEWIDTH, &w );
+ TIFFGetField( tif, TIFFTAG_IMAGELENGTH, &h );
+
+- npixels = w * h;
++ // guard against integer overflow during multiplication which could result
++ // in allocating a too small buffer and then overflowing it
++ const double bytesNeeded = (double)w * (double)h * sizeof(uint32);
++ if ( bytesNeeded >= 4294967295U /* UINT32_MAX */ )
++ {
++ if ( verbose )
++ wxLogError( _("TIFF: Image size is abnormally big.") );
++
++ TIFFClose(tif);
++
++ return false;
++ }
+
+- raster = (uint32*) _TIFFmalloc( npixels * sizeof(uint32) );
++ raster = (uint32*) _TIFFmalloc( bytesNeeded );
+
+ if (!raster)
+ {
Home |
Main Index |
Thread Index |
Old Index