pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/graphics/xpm Apply fixes derived from the HEAD branch ...
details: https://anonhg.NetBSD.org/pkgsrc/rev/bec9a4f3c276
branches: trunk
changeset: 495592:bec9a4f3c276
user: jlam <jlam%pkgsrc.org@localhost>
date: Tue Jun 14 18:10:37 2005 +0000
description:
Apply fixes derived from the HEAD branch of X.Org (6.8.99) to address
problems noted in CAN-2004-0914:
Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as
used in XFree86 and other packages, include (1) multiple integer
overflows, (2) out-of-bounds memory accesses, (3) directory
traversal, (4) shell metacharacter, (5) endless loops, and (6)
memory leaks, which could allow remote attackers to obtain
sensitive information, cause a denial of service (application
crash), or execute arbitary code via a certain XPM image file.
Bump PKGREVISION to 4. Since this is a security-related fix, also
bump the BUILDLINK_RECOMMENDED version for this package.
diffstat:
graphics/xpm/Makefile | 4 +-
graphics/xpm/buildlink3.mk | 4 +-
graphics/xpm/distinfo | 28 +-
graphics/xpm/patches/patch-ac | 28 ++-
graphics/xpm/patches/patch-ad | 22 +-
graphics/xpm/patches/patch-ae | 45 ++++-
graphics/xpm/patches/patch-af | 232 ++++++++++++++++++++++++-
graphics/xpm/patches/patch-ag | 388 +++++++++++++++++++++++++++++++++++++++--
graphics/xpm/patches/patch-ah | 40 +++-
graphics/xpm/patches/patch-ai | 16 +-
graphics/xpm/patches/patch-aj | 176 ++++++++++++++----
graphics/xpm/patches/patch-ak | 168 ++++++++++++++++--
graphics/xpm/patches/patch-al | 308 +++++++++++++++++++++++++++++++++
graphics/xpm/patches/patch-am | 32 +++
graphics/xpm/patches/patch-an | 88 +++++++++
graphics/xpm/patches/patch-ao | 22 ++
graphics/xpm/patches/patch-ap | 103 +++++++++++
graphics/xpm/patches/patch-aq | 13 +
graphics/xpm/patches/patch-ar | 186 ++++++++++++++++++++
graphics/xpm/patches/patch-as | 12 +
20 files changed, 1776 insertions(+), 139 deletions(-)
diffs (truncated from 2305 to 300 lines):
diff -r 10fdc145a722 -r bec9a4f3c276 graphics/xpm/Makefile
--- a/graphics/xpm/Makefile Tue Jun 14 18:08:45 2005 +0000
+++ b/graphics/xpm/Makefile Tue Jun 14 18:10:37 2005 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.42 2005/06/01 19:31:17 jlam Exp $
+# $NetBSD: Makefile,v 1.43 2005/06/14 18:10:37 jlam Exp $
DISTNAME= xpm-3.4k
-PKGREVISION= 3
+PKGREVISION= 4
CATEGORIES= graphics x11
MASTER_SITES= http://koala.ilog.fr/ftp/pub/xpm/ \
${MASTER_SITE_XCONTRIB:=libraries/}
diff -r 10fdc145a722 -r bec9a4f3c276 graphics/xpm/buildlink3.mk
--- a/graphics/xpm/buildlink3.mk Tue Jun 14 18:08:45 2005 +0000
+++ b/graphics/xpm/buildlink3.mk Tue Jun 14 18:10:37 2005 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.17 2005/06/01 18:02:58 jlam Exp $
+# $NetBSD: buildlink3.mk,v 1.18 2005/06/14 18:10:37 jlam Exp $
BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+
XPM_BUILDLINK3_MK:= ${XPM_BUILDLINK3_MK}+
@@ -12,7 +12,7 @@
.if !empty(XPM_BUILDLINK3_MK:M+)
BUILDLINK_DEPENDS.xpm+= xpm>=3.4k
-BUILDLINK_RECOMMENDED.xpm?= xpm>=3.4knb2
+BUILDLINK_RECOMMENDED.xpm?= xpm>=3.4knb4
BUILDLINK_PKGSRCDIR.xpm?= ../../graphics/xpm
.endif # XPM_BUILDLINK3_MK
diff -r 10fdc145a722 -r bec9a4f3c276 graphics/xpm/distinfo
--- a/graphics/xpm/distinfo Tue Jun 14 18:08:45 2005 +0000
+++ b/graphics/xpm/distinfo Tue Jun 14 18:10:37 2005 +0000
@@ -1,16 +1,24 @@
-$NetBSD: distinfo,v 1.12 2005/03/10 15:23:10 wiz Exp $
+$NetBSD: distinfo,v 1.13 2005/06/14 18:10:37 jlam Exp $
SHA1 (xpm-3.4k.tar.gz) = a8eac19e5772bf7b3b177353686c1401fbf334bd
RMD160 (xpm-3.4k.tar.gz) = 65a2e58f97724a48a6834aab991341771c5a1faf
Size (xpm-3.4k.tar.gz) = 148887 bytes
SHA1 (patch-aa) = 33725beb53dc01b022e5110dbffab4c6a3ae65dc
SHA1 (patch-ab) = 0c8f317cdbde27929790e46d1711ada5e454b79d
-SHA1 (patch-ac) = a0f1692ecfbf0160f5e5a5e3f31ac9398ff667b7
-SHA1 (patch-ad) = 0b6a2640a175d354449cab0198e3cbe1220f46b4
-SHA1 (patch-ae) = 31cf9b37d8d138ffdcee66b16adb4ed22c129763
-SHA1 (patch-af) = 17fed3b0e060f7cee19d21bc3ec5bf1b87dd89a7
-SHA1 (patch-ag) = 68435561f8fe7753c4bb8ce71ee6e53faf1e83d6
-SHA1 (patch-ah) = 075229583814bbdd0a3d7ac8dcb6ad0507d182ff
-SHA1 (patch-ai) = 79472013037a1866739b96e97d740378086cc46f
-SHA1 (patch-aj) = 98048e40c338f69915e233aa11df0f95deff75a4
-SHA1 (patch-ak) = a949e05f82d5ed9ce48348bcedf4811cff119a03
+SHA1 (patch-ac) = 80c8c58a526ccc8651862d87cc5cd92d8aa9fb2d
+SHA1 (patch-ad) = d352c47831955845e5805ac737031f2ff179b0df
+SHA1 (patch-ae) = 9b11253041212c8e43c426be4729363e4f8e122a
+SHA1 (patch-af) = be7953d5baf84d2b08e89576755428d3bc57e8c2
+SHA1 (patch-ag) = 74f8e7ed98e6d6c85168464e71274dc1ecb56297
+SHA1 (patch-ah) = ffa827d23283c9e937071a202f7f7d5b7846d9d0
+SHA1 (patch-ai) = 619392a9bde70210c5f6e0fa1b7f1e278cd68bfb
+SHA1 (patch-aj) = db0de3aff27606aceb67027691cb6f55c549478a
+SHA1 (patch-ak) = 011da5204f825aaaf4aed4536cfb29a7f63efc5d
+SHA1 (patch-al) = 09ceea05f856edd3fad3aedabbdf535c9d919cd9
+SHA1 (patch-am) = 3f69a82cb9ebaa4e0fc7ce5c63a938cec31bbbd3
+SHA1 (patch-an) = f8f0602116e9000f2506230f0d65eac1171c2904
+SHA1 (patch-ao) = 7681e03f1f317ef5e694a464f1efad82d9de78c2
+SHA1 (patch-ap) = 6ccb211e9051374cf7cdb6138a6520943e1cd645
+SHA1 (patch-aq) = 6d3f3554c7d66d3d9879dc2b352310e32799926c
+SHA1 (patch-ar) = c6a5ef0af6568f519467b753aae5050a0513f99e
+SHA1 (patch-as) = f11694bc7fb300450fd07d496975bfb0fbb6b68f
diff -r 10fdc145a722 -r bec9a4f3c276 graphics/xpm/patches/patch-ac
--- a/graphics/xpm/patches/patch-ac Tue Jun 14 18:08:45 2005 +0000
+++ b/graphics/xpm/patches/patch-ac Tue Jun 14 18:10:37 2005 +0000
@@ -1,8 +1,8 @@
-$NetBSD: patch-ac,v 1.2 2001/07/06 21:11:34 tron Exp $
+$NetBSD: patch-ac,v 1.3 2005/06/14 18:10:37 jlam Exp $
---- lib/Imakefile.orig Thu Mar 19 20:50:59 1998
-+++ lib/Imakefile Fri Jul 6 23:02:49 2001
-@@ -34,7 +34,7 @@
+--- lib/Imakefile.orig 1998-03-19 14:50:59.000000000 -0500
++++ lib/Imakefile
+@@ -34,7 +34,7 @@ XCOMM default locations
#define XpmLibDir $(USRLIBDIR)
#endif
#ifndef XpmIncDir
@@ -11,7 +11,7 @@
#endif
XCOMM If not already set in top dir,
-@@ -55,7 +55,7 @@
+@@ -55,7 +55,7 @@ REQUIREDLIBS = $(XLIB)
#endif
XCOMM on Dec Alpha we need to define the following to build the shared library
@@ -20,3 +20,21 @@
REQUIREDLIBS = $(LDPRELIB) $(XLIB)
SO_REQLIBS = -lX11 -lc
#endif
+@@ -104,13 +104,15 @@ HEADERS = xpm.h
+ CrBufFrI.c CrDatFrP.c CrPFrBuf.c RdFToI.c WrFFrI.c \
+ CrBufFrP.c CrIFrBuf.c CrPFrDat.c RdFToP.c WrFFrP.c \
+ CrDatFrI.c CrIFrDat.c RdFToDat.c WrFFrDat.c \
+- Attrib.c CrIFrP.c CrPFrI.c Image.c Info.c RdFToBuf.c WrFFrBuf.c
++ Attrib.c CrIFrP.c CrPFrI.c Image.c Info.c RdFToBuf.c WrFFrBuf.c \
++ s_popen.c
+
+ OBJS = data.o create.o misc.o rgb.o scan.o parse.o hashtab.o \
+ CrBufFrI.o CrDatFrP.o CrPFrBuf.o RdFToI.o WrFFrI.o \
+ CrBufFrP.o CrIFrBuf.o CrPFrDat.o RdFToP.o WrFFrP.o \
+ CrDatFrI.o CrIFrDat.o RdFToDat.o WrFFrDat.o \
+- Attrib.o CrIFrP.o CrPFrI.o Image.o Info.o RdFToBuf.o WrFFrBuf.o
++ Attrib.o CrIFrP.o CrPFrI.o Image.o Info.o RdFToBuf.o WrFFrBuf.o \
++ s_popen.o
+
+ INCLUDES = -I.
+ LINTLIBS = $(LINTXTOLL) $(LINTXLIB)
diff -r 10fdc145a722 -r bec9a4f3c276 graphics/xpm/patches/patch-ad
--- a/graphics/xpm/patches/patch-ad Tue Jun 14 18:08:45 2005 +0000
+++ b/graphics/xpm/patches/patch-ad Tue Jun 14 18:10:37 2005 +0000
@@ -1,8 +1,8 @@
-$NetBSD: patch-ad,v 1.5 2004/09/16 15:09:01 minskim Exp $
+$NetBSD: patch-ad,v 1.6 2005/06/14 18:10:37 jlam Exp $
---- lib/XpmI.h.orig Thu Mar 19 13:51:00 1998
+--- lib/XpmI.h.orig 1998-03-19 14:51:00.000000000 -0500
+++ lib/XpmI.h
-@@ -42,6 +42,7 @@
+@@ -42,14 +42,17 @@
#ifndef XPMI_h
#define XPMI_h
@@ -10,12 +10,22 @@
#include "xpm.h"
/*
-@@ -114,6 +115,18 @@ extern FILE *popen();
+ * lets try to solve include files
+ */
+
++#include <sys/types.h>
+ #include <stdio.h>
+ #include <stdlib.h>
++#include <limits.h>
+ /* stdio.h doesn't declare popen on a Sequent DYNIX OS */
+ #ifdef sequent
+ extern FILE *popen();
+@@ -114,6 +117,18 @@ extern FILE *popen();
boundCheckingCalloc((long)(nelem),(long) (elsize))
#endif
+#if defined(SCO) || defined(__USLC__)
-+#include <stdint.h> /* For SIZE_MAX */
++#include <stdint.h> /* For SIZE_MAX */
+#endif
+#include <limits.h>
+#ifndef SIZE_MAX
@@ -29,7 +39,7 @@
#define XPMMAXCMTLEN BUFSIZ
typedef struct {
unsigned int type;
-@@ -215,9 +228,9 @@ typedef struct _xpmHashAtom {
+@@ -215,9 +230,9 @@ typedef struct _xpmHashAtom {
} *xpmHashAtom;
typedef struct {
diff -r 10fdc145a722 -r bec9a4f3c276 graphics/xpm/patches/patch-ae
--- a/graphics/xpm/patches/patch-ae Tue Jun 14 18:08:45 2005 +0000
+++ b/graphics/xpm/patches/patch-ae Tue Jun 14 18:10:37 2005 +0000
@@ -1,8 +1,13 @@
-$NetBSD: patch-ae,v 1.1 2004/09/16 15:09:01 minskim Exp $
+$NetBSD: patch-ae,v 1.2 2005/06/14 18:10:37 jlam Exp $
---- lib/Attrib.c.orig Thu Mar 19 13:50:59 1998
+--- lib/Attrib.c.orig 1998-03-19 14:50:59.000000000 -0500
+++ lib/Attrib.c
-@@ -35,7 +35,7 @@
+@@ -32,13 +32,15 @@
+ * Developed by Arnaud Le Hors *
+ \*****************************************************************************/
+
++/* October 2004, source code review by Thomas Biege <thomas%suse.de@localhost> */
++
#include "XpmI.h"
/* 3.2 backward compatibility code */
@@ -10,8 +15,12 @@
+LFUNC(CreateOldColorTable, int, (XpmColor *ct, unsigned int ncolors,
XpmColor ***oldct));
- LFUNC(FreeOldColorTable, void, (XpmColor **colorTable, int ncolors));
-@@ -46,11 +46,14 @@ LFUNC(FreeOldColorTable, void, (XpmColor
+-LFUNC(FreeOldColorTable, void, (XpmColor **colorTable, int ncolors));
++LFUNC(FreeOldColorTable, void, (XpmColor **colorTable, unsigned int ncolors));
+
+ /*
+ * Create a colortable compatible with the old style colortable
+@@ -46,11 +48,14 @@ LFUNC(FreeOldColorTable, void, (XpmColor
static int
CreateOldColorTable(ct, ncolors, oldct)
XpmColor *ct;
@@ -20,10 +29,32 @@
XpmColor ***oldct;
{
XpmColor **colorTable, **color;
- int a;
+- int a;
++ unsigned int a;
+
-+ if (ncolors >= SIZE_MAX / sizeof(XpmColor *))
++ if (ncolors >= UINT_MAX / sizeof(XpmColor *))
+ return XpmNoMemory;
colorTable = (XpmColor **) XpmMalloc(ncolors * sizeof(XpmColor *));
if (!colorTable) {
+@@ -66,9 +71,9 @@ CreateOldColorTable(ct, ncolors, oldct)
+ static void
+ FreeOldColorTable(colorTable, ncolors)
+ XpmColor **colorTable;
+- int ncolors;
++ unsigned int ncolors;
+ {
+- int a, b;
++ unsigned int a, b;
+ XpmColor **color;
+ char **sptr;
+
+@@ -119,7 +124,7 @@ XpmFreeExtensions(extensions, nextension
+ XpmExtension *ext;
+ char **sptr;
+
+- if (extensions) {
++ if (extensions && nextensions > 0) {
+ for (i = 0, ext = extensions; i < nextensions; i++, ext++) {
+ if (ext->name)
+ XpmFree(ext->name);
diff -r 10fdc145a722 -r bec9a4f3c276 graphics/xpm/patches/patch-af
--- a/graphics/xpm/patches/patch-af Tue Jun 14 18:08:45 2005 +0000
+++ b/graphics/xpm/patches/patch-af Tue Jun 14 18:10:37 2005 +0000
@@ -1,13 +1,233 @@
-$NetBSD: patch-af,v 1.1 2004/09/16 15:09:01 minskim Exp $
+$NetBSD: patch-af,v 1.2 2005/06/14 18:10:37 jlam Exp $
---- lib/CrDatFrI.c.orig Thu Mar 19 13:50:59 1998
+--- lib/CrDatFrI.c.orig 1998-03-19 14:50:59.000000000 -0500
+++ lib/CrDatFrI.c
-@@ -123,6 +123,8 @@ XpmCreateDataFromXpmImage(data_return, i
+@@ -32,13 +32,16 @@
+ * Developed by Arnaud Le Hors *
+ \*****************************************************************************/
+
++/* October 2004, source code review by Thomas Biege <thomas%suse.de@localhost> */
++
+ #include "XpmI.h"
+
+ LFUNC(CreateColors, int, (char **dataptr, unsigned int *data_size,
+ XpmColor *colors, unsigned int ncolors,
+ unsigned int cpp));
+
+-LFUNC(CreatePixels, void, (char **dataptr, unsigned int width,
++LFUNC(CreatePixels, void, (char **dataptr, unsigned int data_size,
++ unsigned int width,
+ unsigned int height, unsigned int cpp,
+ unsigned int *pixels, XpmColor *colors));
+
+@@ -46,7 +49,8 @@ LFUNC(CountExtensions, void, (XpmExtensi
+ unsigned int *ext_size,
+ unsigned int *ext_nlines));
+
+-LFUNC(CreateExtensions, void, (char **dataptr, unsigned int offset,
++LFUNC(CreateExtensions, void, (char **dataptr, unsigned int data_size,
++ unsigned int offset,
+ XpmExtension *ext, unsigned int num,
+ unsigned int ext_nlines));
+
+@@ -87,10 +91,11 @@ XpmCreateDataFromImage(display, data_ret
+
+ #undef RETURN
+ #define RETURN(status) \
++do \
+ { \
+ ErrorStatus = status; \
+ goto exit; \
+-}
++} while(0)
+
+ int
+ XpmCreateDataFromXpmImage(data_return, image, info)
+@@ -121,9 +126,17 @@ XpmCreateDataFromXpmImage(data_return, i
+ * alloc a temporary array of char pointer for the header section which
+ * is the hints line + the color table lines
*/
- header_nlines = 1 + image->ncolors;
+- header_nlines = 1 + image->ncolors;
++ header_nlines = 1 + image->ncolors; /* this may wrap and/or become 0 */
++
++ /* 2nd check superfluous if we do not need header_nlines any further */
++ if(header_nlines <= image->ncolors ||
++ header_nlines >= UINT_MAX / sizeof(char *))
++ return(XpmNoMemory);
++
Home |
Main Index |
Thread Index |
Old Index