OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Torsten Homeyer
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 02-Jul-2004 09:20:25
Branch: HEAD Handle: -NONE-
Modified files:
openpkg-src/kde-qt kde-qt.patch kde-qt.spec
Log:
revoke last changes and added Security Fix (CAN-2002-1363) for png
Summary:
Revision Changes Path
1.2 +58 -25 openpkg-src/kde-qt/kde-qt.patch
1.13 +4 -5 openpkg-src/kde-qt/kde-qt.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/kde-qt/kde-qt.patch
============================================================================
$ cvs diff -u -r1.1 -r1.2 kde-qt.patch
--- openpkg-src/kde-qt/kde-qt.patch 29 Apr 2004 15:06:55 -0000 1.1
+++ openpkg-src/kde-qt/kde-qt.patch 2 Jul 2004 07:20:25 -0000 1.2
@@ -1,5 +1,61 @@
---- src/3rdparty/libpng/pngrtran.c.orig Wed Oct 2 20:20:24 2002
-+++ src/3rdparty/libpng/pngrtran.c Wed Jan 15 11:30:23 2003
+Index: src/3rdparty/libpng/pngconf.h
+--- src/3rdparty/libpng/pngconf.h.orig 2003-05-13 09:08:31 +0200
++++ src/3rdparty/libpng/pngconf.h 2004-07-02 09:03:26 +0200
+@@ -251,10 +251,6 @@
+ # define PNG_SAVE_BSD_SOURCE
+ # undef _BSD_SOURCE
+ # endif
+-# ifdef _SETJMP_H
+- __png.h__ already includes setjmp.h;
+- __dont__ include it again.;
+-# endif
+ # endif /* __linux__ */
+
+ /* include setjmp.h for error handling */
+Index: src/3rdparty/libpng/pngerror.c
+--- src/3rdparty/libpng/pngerror.c.orig 2003-05-13 09:08:31 +0200
++++ src/3rdparty/libpng/pngerror.c 2004-07-02 09:03:26 +0200
+@@ -135,10 +135,13 @@
+ buffer[iout] = 0;
+ else
+ {
++ png_size_t len;
++ if ((len = png_strlen(error_message)) > 63)
++ len = 63;
+ buffer[iout++] = ':';
+ buffer[iout++] = ' ';
+- png_memcpy(buffer+iout, error_message, 64);
+- buffer[iout+63] = 0;
++ png_memcpy(buffer+iout, error_message, len);
++ buffer[iout+len] = 0;
+ }
+ }
+
+Index: src/3rdparty/libpng/pngrtran.c
+--- src/3rdparty/libpng/pngrtran.c.orig 2003-05-13 09:08:31 +0200
++++ src/3rdparty/libpng/pngrtran.c 2004-07-02 09:03:26 +0200
+@@ -1889,8 +1889,8 @@
+ /* This changes the data from GG to GGXX */
+ if (flags & PNG_FLAG_FILLER_AFTER)
+ {
+- png_bytep sp = row + (png_size_t)row_width;
+- png_bytep dp = sp + (png_size_t)row_width;
++ png_bytep sp = row + (png_size_t)row_width * 2;
++ png_bytep dp = sp + (png_size_t)row_width * 2;
+ for (i = 1; i < row_width; i++)
+ {
+ *(--dp) = hi_filler;
+@@ -1907,8 +1907,8 @@
+ /* This changes the data from GG to XXGG */
+ else
+ {
+- png_bytep sp = row + (png_size_t)row_width;
+- png_bytep dp = sp + (png_size_t)row_width;
++ png_bytep sp = row + (png_size_t)row_width * 2;
++ png_bytep dp = sp + (png_size_t)row_width * 2;
+ for (i = 0; i < row_width; i++)
+ {
+ *(--dp) = *(--sp);
@@ -1965,8 +1965,8 @@
/* This changes the data from RRGGBB to RRGGBBXX */
if (flags & PNG_FLAG_FILLER_AFTER)
@@ -22,26 +78,3 @@
for (i = 0; i < row_width; i++)
{
*(--dp) = *(--sp);
-
-Steve G <[EMAIL PROTECTED]>
-Libpng accesses memory that is out of bounds when creating an error message
-
-Index: pngerror.c
---- src/3rdparty/libpng/pngerror.c.orig 2002-10-03 13:32:27.000000000 +0200
-+++ src/3rdparty/libpng/pngerror.c 2004-04-28 13:24:22.000000000 +0200
-@@ -135,10 +135,13 @@
- buffer[iout] = 0;
- else
- {
-+ png_size_t len;
-+ if ((len = png_strlen(error_message)) > 63)
-+ len = 63;
- buffer[iout++] = ':';
- buffer[iout++] = ' ';
-- png_memcpy(buffer+iout, error_message, 64);
-- buffer[iout+63] = 0;
-+ png_memcpy(buffer+iout, error_message, len);
-+ buffer[iout+len] = 0;
- }
- }
-
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/kde-qt/kde-qt.spec
============================================================================
$ cvs diff -u -r1.12 -r1.13 kde-qt.spec
--- openpkg-src/kde-qt/kde-qt.spec 1 Jul 2004 14:05:22 -0000 1.12
+++ openpkg-src/kde-qt/kde-qt.spec 2 Jul 2004 07:20:25 -0000 1.13
@@ -34,7 +34,7 @@
Group: KDE
License: GPL
Version: 3.2.3
-Release: 20040701
+Release: 20040702
# list of sources
Source0: ftp://ftp.trolltech.com/pub/qt/source/qt-x11-free-%{version}.tar.bz2
@@ -44,8 +44,8 @@
# build information
Prefix: %{l_prefix}
BuildRoot: %{l_buildroot}
-BuildPreReq: OpenPKG, openpkg >= 20040130, X11, gcc, png, mng, jpeg, zlib
-PreReq: OpenPKG, openpkg >= 20040130, X11, png, mng, jpeg, zlib
+BuildPreReq: OpenPKG, openpkg >= 20040130, X11, gcc
+PreReq: OpenPKG, openpkg >= 20040130, X11
AutoReq: no
AutoReqProv: no
@@ -144,8 +144,7 @@
-docdir %{l_prefix}/share/kde/qt/doc \
-datadir %{l_prefix}/share/kde/qt/data \
-release -shared -stl -sm \
- -system-zlib -system-libpng \
- -system-libjpeg -system-libmng -qt-gif \
+ -qt-zlib -qt-libpng -qt-libjpeg -qt-libmng -qt-gif \
-no-nis -no-cups -no-nas-sound -no-xinerama \
-xrender -no-xft -no-tablet -no-xkb \
-disable-opengl -enable-sql \
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
