[pkgsrc/trunk]: pkgsrc/graphics/SDL_image also patch CVE-2007-6697 (buffer ov...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/graphics/SDL_image also patch CVE-2007-6697 (buffer ov...
From: drochner <drochner%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 05:46:54 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/47ba69d2ea5e
branches:  trunk
changeset: 538507:47ba69d2ea5e
user:      drochner <drochner%pkgsrc.org@localhost>
date:      Mon Feb 11 10:12:24 2008 +0000

description:
also patch CVE-2007-6697 (buffer overflow in gif parser), from upstream
CVS, bump PKGREVISION

diffstat:

 graphics/SDL_image/Makefile         |   4 ++--
 graphics/SDL_image/distinfo         |   3 ++-
 graphics/SDL_image/patches/patch-ab |  15 +++++++++++++++
 3 files changed, 19 insertions(+), 3 deletions(-)

diffs (44 lines):

diff -r 4ff17a38923d -r 47ba69d2ea5e graphics/SDL_image/Makefile
--- a/graphics/SDL_image/Makefile       Mon Feb 11 02:22:32 2008 +0000
+++ b/graphics/SDL_image/Makefile       Mon Feb 11 10:12:24 2008 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.29 2008/02/08 12:33:31 drochner Exp $
+# $NetBSD: Makefile,v 1.30 2008/02/11 10:12:24 drochner Exp $
 
 DISTNAME=      SDL_image-1.2.6
-PKGREVISION=   1
+PKGREVISION=   2
 CATEGORIES=    graphics devel
 MASTER_SITES=  http://www.libsdl.org/projects/SDL_image/release/
 
diff -r 4ff17a38923d -r 47ba69d2ea5e graphics/SDL_image/distinfo
--- a/graphics/SDL_image/distinfo       Mon Feb 11 02:22:32 2008 +0000
+++ b/graphics/SDL_image/distinfo       Mon Feb 11 10:12:24 2008 +0000
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.7 2008/02/08 12:33:31 drochner Exp $
+$NetBSD: distinfo,v 1.8 2008/02/11 10:12:24 drochner Exp $
 
 SHA1 (SDL_image-1.2.6.tar.gz) = 5045df31e4db29d8890110fd18024c9d08efca30
 RMD160 (SDL_image-1.2.6.tar.gz) = 8aea5f07216eb887f599c0908f8ea2c2f9eeac93
 Size (SDL_image-1.2.6.tar.gz) = 1308812 bytes
 SHA1 (patch-aa) = eb852fd3c7218fe257ca40a6e90c81ec13dcaeb1
+SHA1 (patch-ab) = 5ddd8f064834a47b7ebda5b1bc1e473351b3e005
diff -r 4ff17a38923d -r 47ba69d2ea5e graphics/SDL_image/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/SDL_image/patches/patch-ab       Mon Feb 11 10:12:24 2008 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-ab,v 1.1 2008/02/11 10:12:24 drochner Exp $
+
+--- IMG_gif.c.orig     2007-07-02 04:03:48.000000000 +0200
++++ IMG_gif.c
+@@ -418,6 +418,10 @@ LWZReadByte(SDL_RWops *src, int flag, in
+     static int stack[(1 << (MAX_LWZ_BITS)) * 2], *sp;
+     register int i;
+ 
++    /* Fixed buffer overflow found by Michael Skladnikiewicz */
++    if (input_code_size > MAX_LWZ_BITS)
++        return -1;
++
+     if (flag) {
+       set_code_size = input_code_size;
+       code_size = set_code_size + 1;

Prev by Date: [pkgsrc/trunk]: pkgsrc/devel Patch up some rather ... odd use of $HOME:
Next by Date: [pkgsrc/trunk]: pkgsrc/sysutils/cdrtools The code to support real-time schedu...
Previous by Thread: [pkgsrc/trunk]: pkgsrc/devel Patch up some rather ... odd use of $HOME:
Next by Thread: [pkgsrc/trunk]: pkgsrc/sysutils/cdrtools The code to support real-time schedu...
Indexes:

Home | Main Index | Thread Index | Old Index