Tue Feb 16 17:35:34 2010 UTC ()
Add patches for CVE-2009-2369 and CVE-2009-2625.
Bump PKGREVISION.
(taca)
diff -r1.4 -r1.5 pkgsrc/x11/wxGTK26/Makefile
diff -r1.3 -r1.4 pkgsrc/x11/wxGTK26/distinfo
diff -r0 -r1.1 pkgsrc/x11/wxGTK26/patches/patch-ae
diff -r0 -r1.1 pkgsrc/x11/wxGTK26/patches/patch-af
diff -r0 -r1.1 pkgsrc/x11/wxGTK26/patches/patch-ag
diff -r0 -r1.1 pkgsrc/x11/wxGTK26/patches/patch-ah
--- pkgsrc/x11/wxGTK26/Attic/Makefile 2010/01/18 09:59:45 1.4
+++ pkgsrc/x11/wxGTK26/Attic/Makefile 2010/02/16 17:35:34 1.5
| @@ -1,19 +1,19 @@ | | | @@ -1,19 +1,19 @@ |
1 | # $NetBSD: Makefile,v 1.4 2010/01/18 09:59:45 wiz Exp $ | | 1 | # $NetBSD: Makefile,v 1.5 2010/02/16 17:35:34 taca Exp $ |
2 | # | | 2 | # |
3 | | | 3 | |
4 | .include "Makefile.common" | | 4 | .include "Makefile.common" |
5 | | | 5 | |
6 | PKGREVISION= 5 | | 6 | PKGREVISION= 6 |
7 | COMMENT= GTK-based implementation of the wxWidgets GUI library | | 7 | COMMENT= GTK-based implementation of the wxWidgets GUI library |
8 | | | 8 | |
9 | post-build: | | 9 | post-build: |
10 | set -e; cd ${WRKSRC}/locale; \ | | 10 | set -e; cd ${WRKSRC}/locale; \ |
11 | for lang in ca cs da de el es fi fr hu id it ja nl pl ru sl sv tr uk \ | | 11 | for lang in ca cs da de el es fi fr hu id it ja nl pl ru sl sv tr uk \ |
12 | zh_CN zh_TW; do \ | | 12 | zh_CN zh_TW; do \ |
13 | ${TOOLS_PATH.msgfmt} -c -o $${lang}.mo $${lang}.po; \ | | 13 | ${TOOLS_PATH.msgfmt} -c -o $${lang}.mo $${lang}.po; \ |
14 | done | | 14 | done |
15 | set -e; cd ${WRKSRC}/locale/msw; \ | | 15 | set -e; cd ${WRKSRC}/locale/msw; \ |
16 | for lang in it; do \ | | 16 | for lang in it; do \ |
17 | ${TOOLS_PATH.msgfmt} -c -o $${lang}.mo $${lang}.po; \ | | 17 | ${TOOLS_PATH.msgfmt} -c -o $${lang}.mo $${lang}.po; \ |
18 | done | | 18 | done |
19 | | | 19 | |
--- pkgsrc/x11/wxGTK26/Attic/distinfo 2009/10/23 11:16:55 1.3
+++ pkgsrc/x11/wxGTK26/Attic/distinfo 2010/02/16 17:35:34 1.4
| @@ -1,12 +1,16 @@ | | | @@ -1,12 +1,16 @@ |
1 | $NetBSD: distinfo,v 1.3 2009/10/23 11:16:55 plunky Exp $ | | 1 | $NetBSD: distinfo,v 1.4 2010/02/16 17:35:34 taca Exp $ |
2 | | | 2 | |
3 | SHA1 (wxGTK-2.6.3-libtool.diff3.bz2) = 657566a9384a4bc160dffd26678b5e0c6a1cb5b2 | | 3 | SHA1 (wxGTK-2.6.3-libtool.diff3.bz2) = 657566a9384a4bc160dffd26678b5e0c6a1cb5b2 |
4 | RMD160 (wxGTK-2.6.3-libtool.diff3.bz2) = 233af8dd61317ed1771c1862c6cec65f131b6de0 | | 4 | RMD160 (wxGTK-2.6.3-libtool.diff3.bz2) = 233af8dd61317ed1771c1862c6cec65f131b6de0 |
5 | Size (wxGTK-2.6.3-libtool.diff3.bz2) = 136446 bytes | | 5 | Size (wxGTK-2.6.3-libtool.diff3.bz2) = 136446 bytes |
6 | SHA1 (wxGTK-2.6.3.tar.bz2) = 7c2dfe27a56aa99b4ea557a436bf84a13a579a9d | | 6 | SHA1 (wxGTK-2.6.3.tar.bz2) = 7c2dfe27a56aa99b4ea557a436bf84a13a579a9d |
7 | RMD160 (wxGTK-2.6.3.tar.bz2) = d7465860d7c07b42d299d4b4c5d015b25f96a9dd | | 7 | RMD160 (wxGTK-2.6.3.tar.bz2) = d7465860d7c07b42d299d4b4c5d015b25f96a9dd |
8 | Size (wxGTK-2.6.3.tar.bz2) = 7213119 bytes | | 8 | Size (wxGTK-2.6.3.tar.bz2) = 7213119 bytes |
9 | SHA1 (patch-aa) = 0ef5ae28b70a3290e37363193248365f4cf03cec | | 9 | SHA1 (patch-aa) = 0ef5ae28b70a3290e37363193248365f4cf03cec |
10 | SHA1 (patch-ab) = 3e9c6bc0df33e466390a4f6483b1c84e2eb9257b | | 10 | SHA1 (patch-ab) = 3e9c6bc0df33e466390a4f6483b1c84e2eb9257b |
11 | SHA1 (patch-ac) = 50bd7d4291e44dac1d2bbbae1b12167177f5ef01 | | 11 | SHA1 (patch-ac) = 50bd7d4291e44dac1d2bbbae1b12167177f5ef01 |
12 | SHA1 (patch-ad) = fb51bb80451d39ba2bba53d42722327888b4a0be | | 12 | SHA1 (patch-ad) = fb51bb80451d39ba2bba53d42722327888b4a0be |
| | | 13 | SHA1 (patch-ae) = d6fcc9b21fd457e79c32f2dc47166dc7afbd65b1 |
| | | 14 | SHA1 (patch-af) = 96e29001bcf1fbc33f4cb185f25f53a6901ce9d2 |
| | | 15 | SHA1 (patch-ag) = ccaac341ecd589dbde465f49064dd2ab480fc639 |
| | | 16 | SHA1 (patch-ah) = e7da6aacd004048d0d07965df09e97cef5a76551 |
$NetBSD: patch-ae,v 1.1 2010/02/16 17:35:34 taca Exp $
deal with CVE-2009-2369.
--- src/common/image.cpp.orig 2006-03-21 23:42:10.000000000 +0000
+++ src/common/image.cpp
@@ -192,6 +192,10 @@ bool wxImage::Create( int width, int hei
m_refData = new wxImageRefData();
+ if (width <= 0 || height <= 0 || width > INT_MAX / 3 / height) {
+ UnRef();
+ return false;
+ }
M_IMGDATA->m_data = (unsigned char *) malloc( width*height*3 );
if (!M_IMGDATA->m_data)
{
$NetBSD: patch-af,v 1.1 2010/02/16 17:35:34 taca Exp $
deal with CVE-2009-2369.
--- src/common/imagpng.cpp.orig 2006-03-21 23:42:10.000000000 +0000
+++ src/common/imagpng.cpp
@@ -570,18 +570,16 @@ wxPNGHandler::LoadFile(wxImage *image,
if (!image->Ok())
goto error;
- lines = (unsigned char **)malloc( (size_t)(height * sizeof(unsigned char *)) );
+ // initialize all line pointers to NULL to ensure that they can be safely
+ // free()d if an error occurs before all of them could be allocated
+ lines = (unsigned char **)calloc(height, sizeof(unsigned char *));
if ( !lines )
goto error;
for (i = 0; i < height; i++)
{
if ((lines[i] = (unsigned char *)malloc( (size_t)(width * (sizeof(unsigned char) * 4)))) == NULL)
- {
- for ( unsigned int n = 0; n < i; n++ )
- free( lines[n] );
goto error;
- }
}
png_read_image( png_ptr, lines );
$NetBSD: patch-ag,v 1.1 2010/02/16 17:35:34 taca Exp $
deal with CVE-2009-2369.
--- src/common/imagtiff.cpp.orig 2006-03-21 23:42:10.000000000 +0000
+++ src/common/imagtiff.cpp
@@ -232,15 +232,25 @@ bool wxTIFFHandler::LoadFile( wxImage *i
}
uint32 w, h;
- uint32 npixels;
uint32 *raster;
TIFFGetField( tif, TIFFTAG_IMAGEWIDTH, &w );
TIFFGetField( tif, TIFFTAG_IMAGELENGTH, &h );
- npixels = w * h;
+ // guard against integer overflow during multiplication which could result
+ // in allocating a too small buffer and then overflowing it
+ const double bytesNeeded = (double)w * (double)h * sizeof(uint32);
+ if ( bytesNeeded >= 4294967295U /* UINT32_MAX */ )
+ {
+ if ( verbose )
+ wxLogError( _("TIFF: Image size is abnormally big.") );
+
+ TIFFClose(tif);
+
+ return false;
+ }
- raster = (uint32*) _TIFFmalloc( npixels * sizeof(uint32) );
+ raster = (uint32*) _TIFFmalloc( bytesNeeded );
if (!raster)
{
$NetBSD: patch-ah,v 1.1 2010/02/16 17:35:34 taca Exp $
deal with CVE-2009-2625.
--- src/expat/lib/xmltok_impl.c.orig 2006-03-21 23:42:06.000000000 +0000
+++ src/expat/lib/xmltok_impl.c
@@ -1741,7 +1741,7 @@ PREFIX(updatePosition)(const ENCODING *e
const char *end,
POSITION *pos)
{
- while (ptr != end) {
+ while (ptr <= end) {
switch (BYTE_TYPE(enc, ptr)) {
#define LEAD_CASE(n) \
case BT_LEAD ## n: \