pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/devel/pango



Module Name:    pkgsrc
Committed By:   maya
Date:           Thu Aug  1 10:09:38 UTC 2019

Modified Files:
        pkgsrc/devel/pango: Makefile distinfo
Added Files:
        pkgsrc/devel/pango/patches: patch-pango_pango-bidi-type.c

Log Message:
pango: patch buffer overflow (CVE-2019-1010238)

bump pkgrevision.


To generate a diff of this commit:
cvs rdiff -u -r1.220 -r1.221 pkgsrc/devel/pango/Makefile
cvs rdiff -u -r1.118 -r1.119 pkgsrc/devel/pango/distinfo
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/devel/pango/patches/patch-pango_pango-bidi-type.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/devel/pango/Makefile
diff -u pkgsrc/devel/pango/Makefile:1.220 pkgsrc/devel/pango/Makefile:1.221
--- pkgsrc/devel/pango/Makefile:1.220   Thu Jul 11 09:28:44 2019
+++ pkgsrc/devel/pango/Makefile Thu Aug  1 10:09:38 2019
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.220 2019/07/11 09:28:44 nia Exp $
+# $NetBSD: Makefile,v 1.221 2019/08/01 10:09:38 maya Exp $
 
 DISTNAME=      pango-1.42.4
-PKGREVISION=   4
+PKGREVISION=   5
 CATEGORIES=    devel fonts
 MASTER_SITES=  ${MASTER_SITE_GNOME:=sources/pango/${PKGVERSION_NOREV:R}/}
 EXTRACT_SUFX=  .tar.xz

Index: pkgsrc/devel/pango/distinfo
diff -u pkgsrc/devel/pango/distinfo:1.118 pkgsrc/devel/pango/distinfo:1.119
--- pkgsrc/devel/pango/distinfo:1.118   Tue Nov 20 08:34:43 2018
+++ pkgsrc/devel/pango/distinfo Thu Aug  1 10:09:38 2019
@@ -1,9 +1,10 @@
-$NetBSD: distinfo,v 1.118 2018/11/20 08:34:43 maya Exp $
+$NetBSD: distinfo,v 1.119 2019/08/01 10:09:38 maya Exp $
 
 SHA1 (pango-1.42.4.tar.xz) = 240942b1307eaa3819e6e534596271c57cd75457
 RMD160 (pango-1.42.4.tar.xz) = e91880e0e9a459bbc2c280ac747ab31f80352000
 SHA512 (pango-1.42.4.tar.xz) = 993e97f647eba0c5ed90bcfcb8228bf67fa3f20b1f4331e4e40a30788d7c3ac55eee1209471bf21df125cb8fc6121acc8062a9da2f8a7d6cbe8e9ad13a9320dc
 Size (pango-1.42.4.tar.xz) = 833876 bytes
+SHA1 (patch-pango_pango-bidi-type.c) = 3e2c657b89d7d7399d731669cf822e3140877ebd
 SHA1 (patch-pango_pangocairo-coretextfont.c) = cfef0e1372d5770d5988af411d435ee87fdfd0bd
 SHA1 (patch-pango_pangocairo-coretextfontmap.c) = 395cb1f8472a319c4b1c58ea137e36452bc44cc6
 SHA1 (patch-pango_pangocoretext-fontmap.c) = 643dfdb0e9672382d4d5259c90e451a829b9875e

Added files:

Index: pkgsrc/devel/pango/patches/patch-pango_pango-bidi-type.c
diff -u /dev/null pkgsrc/devel/pango/patches/patch-pango_pango-bidi-type.c:1.1
--- /dev/null   Thu Aug  1 10:09:38 2019
+++ pkgsrc/devel/pango/patches/patch-pango_pango-bidi-type.c    Thu Aug  1 10:09:38 2019
@@ -0,0 +1,25 @@
+$NetBSD: patch-pango_pango-bidi-type.c,v 1.1 2019/08/01 10:09:38 maya Exp $
+
+bidi: Be safer against bad input
+
+Don't run off the end of an array that we
+allocated to certain length.
+
+CVE-2019-1010238
+
+--- pango/pango-bidi-type.c.orig       2018-07-28 15:15:28.000000000 +0000
++++ pango/pango-bidi-type.c
+@@ -179,8 +179,11 @@ pango_log2vis_get_embedding_levels (cons
+   for (i = 0, p = text; p < text + length; p = g_utf8_next_char(p), i++)
+     {
+       gunichar ch = g_utf8_get_char (p);
+-      FriBidiCharType char_type;
+-      char_type = fribidi_get_bidi_type (ch);
++      FriBidiCharType char_type = fribidi_get_bidi_type (ch);
++
++      if (i == n_chars)
++        break;
++
+       bidi_types[i] = char_type;
+       ored_types |= char_type;
+       if (FRIBIDI_IS_STRONG (char_type))



Home | Main Index | Thread Index | Old Index