Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-current.git;a=commitdiff;h=af62f7ee7252f12af64c0f739c954cca57ee7ef8
commit af62f7ee7252f12af64c0f739c954cca57ee7ef8 Author: Miklos Vajna <vmik...@frugalware.org> Date: Mon Oct 12 22:21:33 2009 +0200 wxgtk-2.8.10-1-i686 - version bump diff --git a/source/xlib-extra/wxgtk/FrugalBuild b/source/xlib-extra/wxgtk/FrugalBuild index bb0c789..de7573e 100644 --- a/source/xlib-extra/wxgtk/FrugalBuild +++ b/source/xlib-extra/wxgtk/FrugalBuild @@ -3,8 +3,8 @@ # Contributor: Miklos Nemeth <de...@frugalware.org> pkgname=wxgtk -pkgver=2.8.9 -pkgrel=2 +pkgver=2.8.10 +pkgrel=1 pkgdesc="GTK+ implementation of wxWidgets API for GUI'" _F_sourceforge_dirname="wxwindows" _F_sourceforge_name="wxGTK" @@ -19,7 +19,10 @@ options=('scriptlet') replaces=('wxgtk-devel') conflicts=('wxgtk-devel') VER="2.8" -sha1sums=('e13e40280cc83dda55aa50682cde3ca206a012dc') +source=($source wxGTK-2.8.10-CVE-2009-2369.patch wxGTK-2.8.10-gsocket.patch) +sha1sums=('1e4bee16a423efeef665ed70e82b6e7dc5468cf4' \ + '36e74d5384e912f6bf1890c582d872b805e5bbfb' \ + '885442567f2f80f78f9ed4f0ac2483c6fc932efe') subpkgs=("$pkgname-locale" "$pkgname-u8") subdescs=('Locale files for wxWidgets' "GTK+ implementation of wxWidgets API for GUI (unicode).") diff --git a/source/xlib-extra/wxgtk/wxGTK-2.8.10-CVE-2009-2369.patch b/source/xlib-extra/wxgtk/wxGTK-2.8.10-CVE-2009-2369.patch new file mode 100644 index 0000000..42392c8 --- /dev/null +++ b/source/xlib-extra/wxgtk/wxGTK-2.8.10-CVE-2009-2369.patch @@ -0,0 +1,59 @@ +diff -Naurp wxPython-src-2.8.10.1-orig/src/common/imagpng.cpp wxPython-src-2.8.10.1/src/common/imagpng.cpp +--- wxPython-src-2.8.10.1-orig/src/common/imagpng.cpp 2008-05-11 22:26:45.000000000 -0600 ++++ wxPython-src-2.8.10.1/src/common/imagpng.cpp 2009-07-18 19:54:13.128547627 -0600 +@@ -568,18 +568,16 @@ wxPNGHandler::LoadFile(wxImage *image, + if (!image->Ok()) + goto error; + +- lines = (unsigned char **)malloc( (size_t)(height * sizeof(unsigned char *)) ); ++ // initialize all line pointers to NULL to ensure that they can be safely ++ // free()d if an error occurs before all of them could be allocated ++ lines = (unsigned char **)calloc(height, sizeof(unsigned char *)); + if ( !lines ) + goto error; + + for (i = 0; i < height; i++) + { + if ((lines[i] = (unsigned char *)malloc( (size_t)(width * (sizeof(unsigned char) * 4)))) == NULL) +- { +- for ( unsigned int n = 0; n < i; n++ ) +- free( lines[n] ); + goto error; +- } + } + + png_read_image( png_ptr, lines ); +diff -Naurp wxPython-src-2.8.10.1-orig/src/common/imagtiff.cpp wxPython-src-2.8.10.1/src/common/imagtiff.cpp +--- wxPython-src-2.8.10.1-orig/src/common/imagtiff.cpp 2007-09-21 14:27:05.000000000 -0600 ++++ wxPython-src-2.8.10.1/src/common/imagtiff.cpp 2009-07-18 19:54:35.801832862 -0600 +@@ -261,7 +261,6 @@ bool wxTIFFHandler::LoadFile( wxImage *i + } + + uint32 w, h; +- uint32 npixels; + uint32 *raster; + + TIFFGetField( tif, TIFFTAG_IMAGEWIDTH, &w ); +@@ -275,9 +274,20 @@ bool wxTIFFHandler::LoadFile( wxImage *i + (samplesInfo[0] == EXTRASAMPLE_ASSOCALPHA || + samplesInfo[0] == EXTRASAMPLE_UNASSALPHA)); + +- npixels = w * h; ++ // guard against integer overflow during multiplication which could result ++ // in allocating a too small buffer and then overflowing it ++ const double bytesNeeded = (double)w * (double)h * sizeof(uint32); ++ if ( bytesNeeded >= 4294967295U /* UINT32_MAX */ ) ++ { ++ if ( verbose ) ++ wxLogError( _("TIFF: Image size is abnormally big.") ); ++ ++ TIFFClose(tif); ++ ++ return false; ++ } + +- raster = (uint32*) _TIFFmalloc( npixels * sizeof(uint32) ); ++ raster = (uint32*) _TIFFmalloc( bytesNeeded ); + + if (!raster) + { diff --git a/source/xlib-extra/wxgtk/wxGTK-2.8.10-gsocket.patch b/source/xlib-extra/wxgtk/wxGTK-2.8.10-gsocket.patch new file mode 100644 index 0000000..b875cb8 --- /dev/null +++ b/source/xlib-extra/wxgtk/wxGTK-2.8.10-gsocket.patch @@ -0,0 +1,16 @@ +--- wxPython-src-2.8.10.1-orig/src/gtk/gsockgtk.cpp ++++ wxPython-src-2.8.10.1/src/gtk/gsockgtk.cpp +@@ -15,8 +15,13 @@ + #include <stdlib.h> + #include <stdio.h> + ++// newer versions of glib define its own GSocket but we unfortunately use this ++// name in our own (semi-)public header and so can't change it -- rename glib ++// one instead ++#define GSocket GlibGSocket + #include <gdk/gdk.h> + #include <glib.h> ++#undef GSocket + + #include "wx/gsocket.h" + #include "wx/unix/gsockunx.h" _______________________________________________ Frugalware-git mailing list Frugalware-git@frugalware.org http://frugalware.org/mailman/listinfo/frugalware-git