[pkgsrc/trunk]: pkgsrc/graphics/xv xv: fix for CVE-2017-18215

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/graphics/xv xv: fix for CVE-2017-18215
From: tez <tez%pkgsrc.org@localhost>
Date: Wed, 15 Jan 2020 09:32:07 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/f731b3a1ce3e
branches:  trunk
changeset: 382073:f731b3a1ce3e
user:      tez <tez%pkgsrc.org@localhost>
date:      Thu Jun 21 22:36:36 2018 +0000

description:
xv: fix for CVE-2017-18215

from https://bugzilla.suse.com/show_bug.cgi?id=1043479

diffstat:

 graphics/xv/Makefile         |  4 ++--
 graphics/xv/distinfo         |  4 ++--
 graphics/xv/patches/patch-ae |  5 +++--
 3 files changed, 7 insertions(+), 6 deletions(-)

diffs (51 lines):

diff -r f729c3c9fdb1 -r f731b3a1ce3e graphics/xv/Makefile
--- a/graphics/xv/Makefile      Thu Jun 21 20:55:44 2018 +0000
+++ b/graphics/xv/Makefile      Thu Jun 21 22:36:36 2018 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.91 2018/01/14 14:58:40 rillig Exp $
+# $NetBSD: Makefile,v 1.92 2018/06/21 22:36:36 tez Exp $
 
 DISTNAME=      xv-3.10a
-PKGREVISION=   23
+PKGREVISION=   24
 CATEGORIES=    graphics x11
 MASTER_SITES=  ftp://ftp.cis.upenn.edu/pub/xv/
 DISTFILES=     ${DEFAULT_DISTFILES} ${JUMBO_PATCHES}
diff -r f729c3c9fdb1 -r f731b3a1ce3e graphics/xv/distinfo
--- a/graphics/xv/distinfo      Thu Jun 21 20:55:44 2018 +0000
+++ b/graphics/xv/distinfo      Thu Jun 21 22:36:36 2018 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.20 2015/11/22 19:17:01 tsutsui Exp $
+$NetBSD: distinfo,v 1.21 2018/06/21 22:36:36 tez Exp $
 
 SHA1 (xv-3.10a-enhancements.20070520-20081216.diff) = 40bfb0889b820e0f9d3bd7d771144ec3458acc66
 RMD160 (xv-3.10a-enhancements.20070520-20081216.diff) = dbd4ab25b5b62fb543befcf655d928db3a77e005
@@ -16,6 +16,6 @@
 SHA1 (patch-ab) = 5bfc8ae09b029e4661b27d94bba46540c7f320fb
 SHA1 (patch-ac) = a17b0095e6586b595190a07126ac58752d8a2562
 SHA1 (patch-ad) = d1fa6ae4c432528148ebe37b7a8bef8bd2059997
-SHA1 (patch-ae) = f17f17ac49dafb233cc9f0629f2425120a6b5495
+SHA1 (patch-ae) = 2bda08bae67fcf127c49b9ed780b7a247579c088
 SHA1 (patch-af) = 7f6e771788e04577d8db17bfe8fbcce8dca4a600
 SHA1 (patch-ag) = 120d589f728fd32ea267fd46bcc16f27d9f08116
diff -r f729c3c9fdb1 -r f731b3a1ce3e graphics/xv/patches/patch-ae
--- a/graphics/xv/patches/patch-ae      Thu Jun 21 20:55:44 2018 +0000
+++ b/graphics/xv/patches/patch-ae      Thu Jun 21 22:36:36 2018 +0000
@@ -1,6 +1,7 @@
-$NetBSD: patch-ae,v 1.4 2011/01/23 23:58:01 dholland Exp $
+$NetBSD: patch-ae,v 1.5 2018/06/21 22:36:36 tez Exp $
 
 Fix build with libpng 1.5.
+Fix CVE-2017-18215 from https://bugzilla.suse.com/show_bug.cgi?id=1043479
 
 --- xvpng.c.orig       2007-05-14 00:53:28.000000000 +0000
 +++ xvpng.c
@@ -514,7 +515,7 @@
 -                     info_ptr->text[i].text_length + 2;
 +    for (i = 0; i < num_text; i++)
 +      commentsize += strlen(text[i].key) + 1 +
-+                     text[i].text_length + 2;
++                     strlen(text[i].text) + 2;
  
      if ((pinfo->comment = malloc(commentsize)) == NULL) {
        png_warning(png_ptr,"can't allocate comment string");

Prev by Date: [pkgsrc/trunk]: pkgsrc/devel/jsonnet update devel/jsonnet to version 0.10.0
Next by Date: [pkgsrc/trunk]: pkgsrc/doc doc: fix xv for CVE-2017-18215
Previous by Thread: [pkgsrc/trunk]: pkgsrc/devel/jsonnet update devel/jsonnet to version 0.10.0
Next by Thread: [pkgsrc/trunk]: pkgsrc/doc doc: fix xv for CVE-2017-18215
Indexes:

Home | Main Index | Thread Index | Old Index