OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Torsten Homeyer
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 01-Jul-2004 12:30:10
Branch: HEAD Handle: -NONE-
Modified files:
openpkg-src/pdflib pdflib.patch pdflib.spec
Log:
added Security Fix (CAN-2002-1363) for png
Summary:
Revision Changes Path
1.3 +47 -25 openpkg-src/pdflib/pdflib.patch
1.29 +1 -1 openpkg-src/pdflib/pdflib.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/pdflib/pdflib.patch
============================================================================
$ cvs diff -u -r1.2 -r1.3 pdflib.patch
--- openpkg-src/pdflib/pdflib.patch 29 Apr 2004 15:06:56 -0000 1.2
+++ openpkg-src/pdflib/pdflib.patch 1 Jul 2004 10:30:05 -0000 1.3
@@ -11,31 +11,6 @@
$(LIBTOOL) -n --finish $(libdir);\
else\
---- libs/png/pngrtran.c.orig Wed Oct 2 20:20:24 2002
-+++ libs/png/pngrtran.c Wed Jan 15 11:30:23 2003
-@@ -1965,8 +1965,8 @@
- /* This changes the data from RRGGBB to RRGGBBXX */
- if (flags & PNG_FLAG_FILLER_AFTER)
- {
-- png_bytep sp = row + (png_size_t)row_width * 3;
-- png_bytep dp = sp + (png_size_t)row_width;
-+ png_bytep sp = row + (png_size_t)row_width * 6;
-+ png_bytep dp = sp + (png_size_t)row_width * 2;
- for (i = 1; i < row_width; i++)
- {
- *(--dp) = hi_filler;
-@@ -1987,8 +1987,8 @@
- /* This changes the data from RRGGBB to XXRRGGBB */
- else
- {
-- png_bytep sp = row + (png_size_t)row_width * 3;
-- png_bytep dp = sp + (png_size_t)row_width;
-+ png_bytep sp = row + (png_size_t)row_width * 6;
-+ png_bytep dp = sp + (png_size_t)row_width * 2;
- for (i = 0; i < row_width; i++)
- {
- *(--dp) = *(--sp);
-
Steve G <[EMAIL PROTECTED]>
Libpng accesses memory that is out of bounds when creating an error message
@@ -58,3 +33,50 @@
}
}
+Index: libs/png/pngrtran.c
+--- libs/png/pngrtran.c.orig 2004-01-26 14:30:33 +0100
++++ libs/png/pngrtran.c 2004-07-01 12:10:25 +0200
+@@ -1890,8 +1890,8 @@
+ /* This changes the data from GG to GGXX */
+ if (flags & PNG_FLAG_FILLER_AFTER)
+ {
+- png_bytep sp = row + (png_size_t)row_width;
+- png_bytep dp = sp + (png_size_t)row_width;
++ png_bytep sp = row + (png_size_t)row_width * 2;
++ png_bytep dp = sp + (png_size_t)row_width * 2;
+ for (i = 1; i < row_width; i++)
+ {
+ *(--dp) = hi_filler;
+@@ -1908,8 +1908,8 @@
+ /* This changes the data from GG to XXGG */
+ else
+ {
+- png_bytep sp = row + (png_size_t)row_width;
+- png_bytep dp = sp + (png_size_t)row_width;
++ png_bytep sp = row + (png_size_t)row_width * 2;
++ png_bytep dp = sp + (png_size_t)row_width * 2;
+ for (i = 0; i < row_width; i++)
+ {
+ *(--dp) = *(--sp);
+@@ -1966,8 +1966,8 @@
+ /* This changes the data from RRGGBB to RRGGBBXX */
+ if (flags & PNG_FLAG_FILLER_AFTER)
+ {
+- png_bytep sp = row + (png_size_t)row_width * 3;
+- png_bytep dp = sp + (png_size_t)row_width;
++ png_bytep sp = row + (png_size_t)row_width * 6;
++ png_bytep dp = sp + (png_size_t)row_width * 2;
+ for (i = 1; i < row_width; i++)
+ {
+ *(--dp) = hi_filler;
+@@ -1988,8 +1988,8 @@
+ /* This changes the data from RRGGBB to XXRRGGBB */
+ else
+ {
+- png_bytep sp = row + (png_size_t)row_width * 3;
+- png_bytep dp = sp + (png_size_t)row_width;
++ png_bytep sp = row + (png_size_t)row_width * 6;
++ png_bytep dp = sp + (png_size_t)row_width * 2;
+ for (i = 0; i < row_width; i++)
+ {
+ *(--dp) = *(--sp);
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/pdflib/pdflib.spec
============================================================================
$ cvs diff -u -r1.28 -r1.29 pdflib.spec
--- openpkg-src/pdflib/pdflib.spec 25 Jun 2004 20:12:00 -0000 1.28
+++ openpkg-src/pdflib/pdflib.spec 1 Jul 2004 10:30:05 -0000 1.29
@@ -38,7 +38,7 @@
Group: Graphics
License: PDFlib
Version: %{V_long}
-Release: 20040625
+Release: 20040701
# list of sources
Source0:
http://www.pdflib.com/products/pdflib/download/%{V_comp}src/PDFlib-Lite-%{V_long}.tar.gz
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
