Sat Jan 16 00:25:33 2021 UTC ()
dia: apply an upstream security fix

Fix endless loop on filenames with invalid encoding (CVE-2019-19451).


(gutteridge)
diff -r1.111 -r1.112 pkgsrc/graphics/dia/Makefile
diff -r1.35 -r1.36 pkgsrc/graphics/dia/distinfo
diff -r0 -r1.1 pkgsrc/graphics/dia/patches/patch-app_app__procs.c
cvs diff -r1.111 -r1.112 pkgsrc/graphics/dia/Makefile (expand / switch to unified diff)

--- pkgsrc/graphics/dia/Makefile 2020/11/05 09:08:19 1.111
+++ pkgsrc/graphics/dia/Makefile 2021/01/16 00:25:33 1.112
@@ -1,13 +1,13 @@ @@ -1,13 +1,13 @@
1# $NetBSD: Makefile,v 1.111 2020/11/05 09:08:19 ryoon Exp $ 1# $NetBSD: Makefile,v 1.112 2021/01/16 00:25:33 gutteridge Exp $
2 2
3PKGREVISION= 20 3PKGREVISION= 21
4.include "Makefile.common" 4.include "Makefile.common"
5 5
6.include "options.mk" 6.include "options.mk"
7 7
8# just to convert the manpage 8# just to convert the manpage
9BUILD_DEPENDS+= docbook-xsl-[0-9]*:../../textproc/docbook-xsl 9BUILD_DEPENDS+= docbook-xsl-[0-9]*:../../textproc/docbook-xsl
10 10
11.include "../../sysutils/desktop-file-utils/desktopdb.mk" 11.include "../../sysutils/desktop-file-utils/desktopdb.mk"
12.include "../../graphics/hicolor-icon-theme/buildlink3.mk" 12.include "../../graphics/hicolor-icon-theme/buildlink3.mk"
13.include "../../mk/bsd.pkg.mk" 13.include "../../mk/bsd.pkg.mk"
cvs diff -r1.35 -r1.36 pkgsrc/graphics/dia/distinfo (expand / switch to unified diff)

--- pkgsrc/graphics/dia/distinfo 2020/05/01 20:19:23 1.35
+++ pkgsrc/graphics/dia/distinfo 2021/01/16 00:25:33 1.36
@@ -1,15 +1,16 @@ @@ -1,15 +1,16 @@
1$NetBSD: distinfo,v 1.35 2020/05/01 20:19:23 rillig Exp $ 1$NetBSD: distinfo,v 1.36 2021/01/16 00:25:33 gutteridge Exp $
2 2
3SHA1 (dia-0.97.3.tar.xz) = 316393951daebd186ba387e1cd6e34160a458c39 3SHA1 (dia-0.97.3.tar.xz) = 316393951daebd186ba387e1cd6e34160a458c39
4RMD160 (dia-0.97.3.tar.xz) = a984efa1663cc154f4394060af37fab146f99175 4RMD160 (dia-0.97.3.tar.xz) = a984efa1663cc154f4394060af37fab146f99175
5SHA512 (dia-0.97.3.tar.xz) = 34298980be930b87cb4a636344e4cb2a7e43eedc00b0969a5e446cee9b74b616fdc8c798efcb9a5832b98741f2e20632a44037b2bcb436f59591d531ef441efa 5SHA512 (dia-0.97.3.tar.xz) = 34298980be930b87cb4a636344e4cb2a7e43eedc00b0969a5e446cee9b74b616fdc8c798efcb9a5832b98741f2e20632a44037b2bcb436f59591d531ef441efa
6Size (dia-0.97.3.tar.xz) = 5548500 bytes 6Size (dia-0.97.3.tar.xz) = 5548500 bytes
7SHA1 (patch-aa) = bad171ff4f379030f05c613b362e669a53d7f6da 7SHA1 (patch-aa) = bad171ff4f379030f05c613b362e669a53d7f6da
 8SHA1 (patch-app_app__procs.c) = 867ec641d96b30123e15af9faca09a9f66a60993
8SHA1 (patch-app_load_save.c) = 2956f9ad67b8270cd84a8421abbb676af29338f2 9SHA1 (patch-app_load_save.c) = 2956f9ad67b8270cd84a8421abbb676af29338f2
9SHA1 (patch-be) = fc6ba43fabefca18188ab0541f4be7f19d9726d6 10SHA1 (patch-be) = fc6ba43fabefca18188ab0541f4be7f19d9726d6
10SHA1 (patch-ca) = 8737f3ff19244e2f87ffb571da21159bc2248648 11SHA1 (patch-ca) = 8737f3ff19244e2f87ffb571da21159bc2248648
11SHA1 (patch-cb) = 02210139cbf38e91a61ad1e090f63f5635bb26ef 12SHA1 (patch-cb) = 02210139cbf38e91a61ad1e090f63f5635bb26ef
12SHA1 (patch-cc) = 2dd4c822d8771e48ff1ac67946d765e5d8b85d50 13SHA1 (patch-cc) = 2dd4c822d8771e48ff1ac67946d765e5d8b85d50
13SHA1 (patch-cd) = d5fdf63320e59278b5c99a07b450161ffbc1789b 14SHA1 (patch-cd) = d5fdf63320e59278b5c99a07b450161ffbc1789b
14SHA1 (patch-da) = 4ed80c2a7eaa2dbbebd8265c8b74faac20c4f6c2 15SHA1 (patch-da) = 4ed80c2a7eaa2dbbebd8265c8b74faac20c4f6c2
15SHA1 (patch-plug-ins_postscript_paginate__psprint.c) = 59784ea73d32158f457e52132bc5c4cef375dcae 16SHA1 (patch-plug-ins_postscript_paginate__psprint.c) = 59784ea73d32158f457e52132bc5c4cef375dcae
File Added: pkgsrc/graphics/dia/patches/patch-app_app__procs.c
$NetBSD: patch-app_app__procs.c,v 1.1 2021/01/16 00:25:33 gutteridge Exp $

Fix endless loop on filenames with invalid encoding (CVE-2019-19451)
https://gitlab.gnome.org/GNOME/dia/issues/428

--- app/app_procs.c.orig	2014-08-24 15:46:01.000000000 +0000
+++ app/app_procs.c
@@ -801,6 +801,7 @@ app_init (int argc, char **argv)
 
 	if (!filename) {
 	  g_print (_("Filename conversion failed: %s\n"), filenames[i]);
+	  ++i;
 	  continue;
 	}