pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: [pkgsrc-2020Q4] pkgsrc/graphics/dia



Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Fri Jan 22 18:11:31 UTC 2021

Modified Files:
        pkgsrc/graphics/dia [pkgsrc-2020Q4]: Makefile distinfo
Added Files:
        pkgsrc/graphics/dia/patches [pkgsrc-2020Q4]: patch-app_app__procs.c

Log Message:
Pullup ticket #6404 - requested by gutteridge
graphics/dia: security fix

Revisions pulled up:
- graphics/dia/Makefile                                         1.112
- graphics/dia/distinfo                                         1.36
- graphics/dia/patches/patch-app_app__procs.c                   1.1

---
   Module Name:    pkgsrc
   Committed By:   gutteridge
   Date:           Sat Jan 16 00:25:33 UTC 2021

   Modified Files:
           pkgsrc/graphics/dia: Makefile distinfo
   Added Files:
           pkgsrc/graphics/dia/patches: patch-app_app__procs.c

   Log Message:
   dia: apply an upstream security fix

   Fix endless loop on filenames with invalid encoding (CVE-2019-19451).


To generate a diff of this commit:
cvs rdiff -u -r1.111 -r1.111.2.1 pkgsrc/graphics/dia/Makefile
cvs rdiff -u -r1.35 -r1.35.6.1 pkgsrc/graphics/dia/distinfo
cvs rdiff -u -r0 -r1.1.2.2 pkgsrc/graphics/dia/patches/patch-app_app__procs.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/graphics/dia/Makefile
diff -u pkgsrc/graphics/dia/Makefile:1.111 pkgsrc/graphics/dia/Makefile:1.111.2.1
--- pkgsrc/graphics/dia/Makefile:1.111  Thu Nov  5 09:08:19 2020
+++ pkgsrc/graphics/dia/Makefile        Fri Jan 22 18:11:31 2021
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.111 2020/11/05 09:08:19 ryoon Exp $
+# $NetBSD: Makefile,v 1.111.2.1 2021/01/22 18:11:31 bsiegert Exp $
 
-PKGREVISION=   20
+PKGREVISION=   21
 .include "Makefile.common"
 
 .include "options.mk"

Index: pkgsrc/graphics/dia/distinfo
diff -u pkgsrc/graphics/dia/distinfo:1.35 pkgsrc/graphics/dia/distinfo:1.35.6.1
--- pkgsrc/graphics/dia/distinfo:1.35   Fri May  1 20:19:23 2020
+++ pkgsrc/graphics/dia/distinfo        Fri Jan 22 18:11:31 2021
@@ -1,10 +1,11 @@
-$NetBSD: distinfo,v 1.35 2020/05/01 20:19:23 rillig Exp $
+$NetBSD: distinfo,v 1.35.6.1 2021/01/22 18:11:31 bsiegert Exp $
 
 SHA1 (dia-0.97.3.tar.xz) = 316393951daebd186ba387e1cd6e34160a458c39
 RMD160 (dia-0.97.3.tar.xz) = a984efa1663cc154f4394060af37fab146f99175
 SHA512 (dia-0.97.3.tar.xz) = 34298980be930b87cb4a636344e4cb2a7e43eedc00b0969a5e446cee9b74b616fdc8c798efcb9a5832b98741f2e20632a44037b2bcb436f59591d531ef441efa
 Size (dia-0.97.3.tar.xz) = 5548500 bytes
 SHA1 (patch-aa) = bad171ff4f379030f05c613b362e669a53d7f6da
+SHA1 (patch-app_app__procs.c) = 867ec641d96b30123e15af9faca09a9f66a60993
 SHA1 (patch-app_load_save.c) = 2956f9ad67b8270cd84a8421abbb676af29338f2
 SHA1 (patch-be) = fc6ba43fabefca18188ab0541f4be7f19d9726d6
 SHA1 (patch-ca) = 8737f3ff19244e2f87ffb571da21159bc2248648

Added files:

Index: pkgsrc/graphics/dia/patches/patch-app_app__procs.c
diff -u /dev/null pkgsrc/graphics/dia/patches/patch-app_app__procs.c:1.1.2.2
--- /dev/null   Fri Jan 22 18:11:31 2021
+++ pkgsrc/graphics/dia/patches/patch-app_app__procs.c  Fri Jan 22 18:11:31 2021
@@ -0,0 +1,15 @@
+$NetBSD: patch-app_app__procs.c,v 1.1.2.2 2021/01/22 18:11:31 bsiegert Exp $
+
+Fix endless loop on filenames with invalid encoding (CVE-2019-19451)
+https://gitlab.gnome.org/GNOME/dia/issues/428
+
+--- app/app_procs.c.orig       2014-08-24 15:46:01.000000000 +0000
++++ app/app_procs.c
+@@ -801,6 +801,7 @@ app_init (int argc, char **argv)
+ 
+       if (!filename) {
+         g_print (_("Filename conversion failed: %s\n"), filenames[i]);
++        ++i;
+         continue;
+       }
+ 



Home | Main Index | Thread Index | Old Index