Tue Mar 3 19:57:53 2009 UTC ()
Pullup ticket #2714 - requested by kefren
optipng: security patch
Revisions pulled up:
- graphics/optipng/Makefile 1.17
- graphics/optipng/distinfo 1.13
- graphics/optipng/patches/patch-ab 1.5
- graphics/optipng/patches/patch-ad 1.3
- graphics/optipng/patches/patch-ae 1.1
---
Module Name: pkgsrc
Committed By: kefren
Date: Mon Mar 2 06:20:34 UTC 2009
Modified Files:
pkgsrc/graphics/optipng: Makefile distinfo
Added Files:
pkgsrc/graphics/optipng/patches: patch-ab patch-ad patch-ae
Log Message:
Add patches from upstream in order to update to 0.6.2.1
Changes:
* Fix SA34035: Use after free error that can be used to execute arbitrary
code via a specially crafted GIF image
(tron)
diff -r1.16 -r1.16.2.1 pkgsrc/graphics/optipng/Makefile
diff -r1.12 -r1.12.2.1 pkgsrc/graphics/optipng/distinfo
diff -r0 -r1.4.22.1 pkgsrc/graphics/optipng/patches/patch-ab
diff -r0 -r1.2.24.1 pkgsrc/graphics/optipng/patches/patch-ad
diff -r0 -r1.1.2.2 pkgsrc/graphics/optipng/patches/patch-ae
--- pkgsrc/graphics/optipng/Makefile 2008/11/12 18:45:04 1.16
+++ pkgsrc/graphics/optipng/Makefile 2009/03/03 19:57:53 1.16.2.1
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.16 2008/11/12 18:45:04 adam Exp $
+# $NetBSD: Makefile,v 1.16.2.1 2009/03/03 19:57:53 tron Exp $
DISTNAME= optipng-0.6.2
+PKGNAME= ${DISTNAME}.1
CATEGORIES= graphics
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=optipng/}
--- pkgsrc/graphics/optipng/distinfo 2008/11/12 18:45:04 1.12
+++ pkgsrc/graphics/optipng/distinfo 2009/03/03 19:57:53 1.12.2.1
@@ -1,7 +1,10 @@
-$NetBSD: distinfo,v 1.12 2008/11/12 18:45:04 adam Exp $
+$NetBSD: distinfo,v 1.12.2.1 2009/03/03 19:57:53 tron Exp $
SHA1 (optipng-0.6.2.tar.gz) = 374b3537a262590ba2822f2b10d9241247b4da95
RMD160 (optipng-0.6.2.tar.gz) = cd9ecfbd1c8901d14cb93fbc9f07403071cea37e
Size (optipng-0.6.2.tar.gz) = 1052509 bytes
SHA1 (patch-aa) = 0a0c92b9786193862465646373b82c6bc47cee2c
+SHA1 (patch-ab) = 7816dcfe5505695a3032bdb399b904e5db33a182
SHA1 (patch-ac) = fb4eb567b5a24b2d26bf357061be80c57b4d4a3c
+SHA1 (patch-ad) = f44f5862de983da3a78529db1ba1b53d40d16dde
+SHA1 (patch-ae) = cf8a80e056bc25d59e2ffda73127e71056cc8ce2
$NetBSD: patch-ab,v 1.4.22.1 2009/03/03 19:57:53 tron Exp $
diff -ru optipng-0.6.2/lib/pngxtern/gif/gifread.c optipng-0.6.2.1/lib/pngxtern/gif/gifread.c
--- lib/pngxtern/gif/gifread.c 2006-08-10 20:17:00.000000000 -0400
+++ lib/pngxtern/gif/gifread.c 2009-02-20 03:11:00.000000000 -0500
@@ -219,8 +219,7 @@
**/
static void GIFReadNextExtension(struct GIFExtension *ext, FILE *stream)
{
- unsigned char *ptr;
- unsigned int len;
+ unsigned int offset, len;
int count, label;
GIF_FGETC(label, stream);
@@ -233,7 +232,7 @@
return;
}
- ptr = ext->Buffer;
+ offset = 0;
len = ext->BufferSize;
for ( ;; )
{
@@ -243,10 +242,10 @@
ext->BufferSize += 1024;
ext->Buffer = realloc(ext->Buffer, ext->BufferSize);
}
- count = ReadDataBlock(ptr, stream);
+ count = ReadDataBlock(ext->Buffer + offset, stream);
if (count == 0)
break;
- ptr += count;
+ offset += count;
len -= count;
}
}
$NetBSD: patch-ad,v 1.2.24.1 2009/03/03 19:57:53 tron Exp $
diff -ru optipng-0.6.2/src/optipng.c optipng-0.6.2.1/src/optipng.c
--- src/optipng.c 2008-11-09 23:56:00.000000000 -0500
+++ src/optipng.c 2008-11-11 13:57:00.000000000 -0500
@@ -542,6 +542,7 @@
static void
app_init(void)
{
+ setvbuf(stdout, NULL, _IONBF, 0);
if (options.log_name != NULL)
{
/* Open the log file, line-buffered. */
$NetBSD: patch-ae,v 1.1.2.2 2009/03/03 19:57:53 tron Exp $
diff -ru optipng-0.6.2/src/proginfo.h optipng-0.6.2.1/src/proginfo.h
--- src/proginfo.h 2008-11-09 23:56:00.000000000 -0500
+++ src/proginfo.h 2009-02-22 23:38:00.000000000 -0500
@@ -1,5 +1,5 @@
#define PROGRAM_NAME "OptiPNG"
#define PROGRAM_DESCRIPTION "Advanced PNG optimizer"
-#define PROGRAM_VERSION "0.6.2"
-#define PROGRAM_COPYRIGHT "Copyright (C) 2001-2008 Cosmin Truta"
+#define PROGRAM_VERSION "0.6.2.1"
+#define PROGRAM_COPYRIGHT "Copyright (C) 2001-2009 Cosmin Truta"
#define PROGRAM_URI "http://optipng.sourceforge.net/"