OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 27-Oct-2007 14:35:06
Branch: HEAD Handle: 2007102713350500
Modified files:
openpkg-src/doxygen doxygen.patch doxygen.spec
Log:
upgrading package: doxygen 1.5.3 -> 1.5.4
Summary:
Revision Changes Path
1.7 +0 -441 openpkg-src/doxygen/doxygen.patch
1.61 +2 -2 openpkg-src/doxygen/doxygen.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/doxygen/doxygen.patch
============================================================================
$ cvs diff -u -r1.6 -r1.7 doxygen.patch
--- openpkg-src/doxygen/doxygen.patch 27 Jul 2007 17:59:27 -0000 1.6
+++ openpkg-src/doxygen/doxygen.patch 27 Oct 2007 12:35:05 -0000 1.7
@@ -1,444 +1,3 @@
-Index: libpng/pngconf.h
---- libpng/pngconf.h.orig 2002-02-20 22:03:02 +0100
-+++ libpng/pngconf.h 2004-06-30 14:52:23 +0200
-@@ -243,10 +243,6 @@
- # define PNG_SAVE_BSD_SOURCE
- # undef _BSD_SOURCE
- # endif
--# ifdef _SETJMP_H
-- __png.h__ already includes setjmp.h;
-- __dont__ include it again.;
--# endif
- # endif /* __linux__ */
-
- /* include setjmp.h for error handling */
-----------------------------------------------------------------------
-Security Fix (CAN-2002-1363):
-Possible buffer overflows.
-
-Index: libpng/pngrtran.c
---- libpng/pngrtran.c.orig 2002-02-18 22:25:09 +0100
-+++ libpng/pngrtran.c 2004-06-30 14:52:23 +0200
-@@ -1851,8 +1851,8 @@
- /* This changes the data from GG to GGXX */
- if (flags & PNG_FLAG_FILLER_AFTER)
- {
-- png_bytep sp = row + (png_size_t)row_width;
-- png_bytep dp = sp + (png_size_t)row_width;
-+ png_bytep sp = row + (png_size_t)row_width * 2;
-+ png_bytep dp = sp + (png_size_t)row_width * 2;
- for (i = 1; i < row_width; i++)
- {
- *(--dp) = hi_filler;
-@@ -1869,8 +1869,8 @@
- /* This changes the data from GG to XXGG */
- else
- {
-- png_bytep sp = row + (png_size_t)row_width;
-- png_bytep dp = sp + (png_size_t)row_width;
-+ png_bytep sp = row + (png_size_t)row_width * 2;
-+ png_bytep dp = sp + (png_size_t)row_width * 2;
- for (i = 0; i < row_width; i++)
- {
- *(--dp) = *(--sp);
-@@ -1927,8 +1927,8 @@
- /* This changes the data from RRGGBB to RRGGBBXX */
- if (flags & PNG_FLAG_FILLER_AFTER)
- {
-- png_bytep sp = row + (png_size_t)row_width * 3;
-- png_bytep dp = sp + (png_size_t)row_width;
-+ png_bytep sp = row + (png_size_t)row_width * 6;
-+ png_bytep dp = sp + (png_size_t)row_width * 2;
- for (i = 1; i < row_width; i++)
- {
- *(--dp) = hi_filler;
-@@ -1949,8 +1949,8 @@
- /* This changes the data from RRGGBB to XXRRGGBB */
- else
- {
-- png_bytep sp = row + (png_size_t)row_width * 3;
-- png_bytep dp = sp + (png_size_t)row_width;
-+ png_bytep sp = row + (png_size_t)row_width * 6;
-+ png_bytep dp = sp + (png_size_t)row_width * 2;
- for (i = 0; i < row_width; i++)
- {
- *(--dp) = *(--sp);
---------------------------------------------------------------------------
-Steve G <[EMAIL PROTECTED]>
-Libpng accesses memory that is out of bounds when creating an error message
-
-Index: pngerror.c
---- libpng/pngerror.c.orig 2002-10-03 13:32:27.000000000 +0200
-+++ libpng/pngerror.c 2004-04-28 13:24:22.000000000 +0200
-@@ -135,10 +135,13 @@
- buffer[iout] = 0;
- else
- {
-+ png_size_t len;
-+ if ((len = png_strlen(message)) > 63)
-+ len = 63;
- buffer[iout++] = ':';
- buffer[iout++] = ' ';
-- png_memcpy(buffer+iout, message, 64);
-- buffer[iout+63] = 0;
-+ png_memcpy(buffer+iout, message, len);
-+ buffer[iout+len] = 0;
- }
- }
-
-
-http://www.graphicsmagick.org/libpng/beta/patches/INFO.txt
-
-> [Problems discovered and fixed by] Chris Evans
->
-> 1) Remotely exploitable stack-based buffer overrun in png_handle_tRNS
(pngrutil.c)
-> 2) Dangerous code in png_handle_sBIT (pngrutil.c)
-CAN-2004-0597
-
-> 3) Possible NULL-pointer crash in png_handle_iCCP (pngrutil.c)
-> this flaw is duplicated in multiple other locations.
-CAN-2004-0598
-
-> 4) Theoretical integer overflow in allocation in png_handle_sPLT
(pngrutil.c)
-> 5) Integer overflow in png_read_png (pngread.c)
-> 6) Integer overflows during progressive reading.
-> 7) Other flaws. [integer overflows]
-CAN-2004-0599
-
-http://www.graphicsmagick.org/libpng/beta/patches/libpng-patch03-trns-chunk-overflow.txt
- Use to patch libpng-1.0.9 through 1.2.5
- This fixes the most dangerous of the newly reported vulnerabilities
-
-diff -r -U 3 libpng-1.2.5/pngrutil.c libpng-1.2.5patch03/pngrutil.c
---- libpng/pngrutil.c.orig Thu Oct 3 06:32:30 2002
-+++ libpng/pngrutil.c Fri Jul 23 18:54:36 2004
-@@ -1241,7 +1241,8 @@
- /* Should be an error, but we can cope with it */
- png_warning(png_ptr, "Missing PLTE before tRNS");
- }
-- else if (length > (png_uint_32)png_ptr->num_palette)
-+ if (length > (png_uint_32)png_ptr->num_palette ||
-+ length > PNG_MAX_PALETTE_LENGTH)
- {
- png_warning(png_ptr, "Incorrect tRNS chunk length");
- png_crc_finish(png_ptr, length);
-
-http://www.graphicsmagick.org/libpng/beta/patches/libpng-patch04-get-uint-31.txt
- Use to patch libpng-1.0.6 through 1.2.5
- This patch defines PNG_UINT_31_MAX, PNG_UINT_32_MAX, PNG_SIZE_MAX,
- and png_get_uint_31(), which are needed by patches 05-08.
-
-diff -r -U 3 libpng-1.2.5/png.h libpng-1.2.5patch04/png.h
---- libpng/png.h.orig Thu Oct 3 06:32:26 2002
-+++ libpng/png.h Fri Jul 23 18:56:27 2004
-@@ -833,7 +833,11 @@
- typedef png_info FAR * FAR * png_infopp;
-
- /* Maximum positive integer used in PNG is (2^31)-1 */
--#define PNG_MAX_UINT ((png_uint_32)0x7fffffffL)
-+#define PNG_UINT_31_MAX ((png_uint_32)0x7fffffffL)
-+#define PNG_UINT_32_MAX (~((png_uint_32)0))
-+#define PNG_SIZE_MAX (~((png_size_t)0))
-+/* PNG_MAX_UINT is deprecated; use PNG_UINT_31_MAX instead. */
-+#define PNG_MAX_UINT PNG_UINT_31_MAX
-
- /* These describe the color_type field in png_info. */
- /* color type masks */
-@@ -2655,6 +2659,8 @@
- PNG_EXTERN png_uint_32 png_get_uint_32 PNGARG((png_bytep buf));
- PNG_EXTERN png_uint_16 png_get_uint_16 PNGARG((png_bytep buf));
- #endif /* !PNG_READ_BIG_ENDIAN_SUPPORTED */
-+PNG_EXTERN png_uint_32 png_get_uint_31 PNGARG((png_structp png_ptr,
-+ png_bytep buf));
-
- /* Initialize png_ptr struct for reading, and allocate any other memory.
- * (old interface - DEPRECATED - use png_create_read_struct instead).
-diff -r -U 3 libpng-1.2.5/pngrutil.c libpng-1.2.5patch04/pngrutil.c
---- libpng/pngrutil.c.orig Thu Oct 3 06:32:30 2002
-+++ libpng/pngrutil.c Fri Jul 23 18:56:27 2004
-@@ -38,6 +38,14 @@
- # endif
- #endif
-
-+png_uint_32 /* PRIVATE */
-+png_get_uint_31(png_structp png_ptr, png_bytep buf)
-+{
-+ png_uint_32 i = png_get_uint_32(buf);
-+ if (i > PNG_UINT_31_MAX)
-+ png_error(png_ptr, "PNG unsigned integer out of range.\n");
-+ return (i);
-+}
- #ifndef PNG_READ_BIG_ENDIAN_SUPPORTED
- /* Grab an unsigned 32-bit integer from a buffer in big-endian format. */
- png_uint_32 /* PRIVATE */
-
-http://www.graphicsmagick.org/libpng/beta/patches/libpng-patch05-pngpread-chunklength.txt
- Use to patch libpng-1.0.0 through 1.2.5
- Requires one of libpng-patch04*
-
-diff -r -U 3 libpng-1.2.5/pngpread.c libpng-1.2.5patch05/pngpread.c
---- libpng/pngpread.c.orig Thu Oct 3 06:32:28 2002
-+++ libpng/pngpread.c Fri Jul 23 18:57:39 2004
-@@ -208,7 +208,7 @@
- }
-
- png_push_fill_buffer(png_ptr, chunk_length, 4);
-- png_ptr->push_length = png_get_uint_32(chunk_length);
-+ png_ptr->push_length = png_get_uint_31(png_ptr,chunk_length);
- png_reset_crc(png_ptr);
- png_crc_read(png_ptr, png_ptr->chunk_name, 4);
- png_ptr->mode |= PNG_HAVE_CHUNK_HEADER;
-@@ -591,6 +591,11 @@
- png_size_t new_max;
- png_bytep old_buffer;
-
-+ if (png_ptr->save_buffer_size > PNG_SIZE_MAX -
-+ (png_ptr->current_buffer_size + 256))
-+ {
-+ png_error(png_ptr, "Potential overflow of save_buffer");
-+ }
- new_max = png_ptr->save_buffer_size + png_ptr->current_buffer_size +
256;
- old_buffer = png_ptr->save_buffer;
- png_ptr->save_buffer = (png_bytep)png_malloc(png_ptr,
-@@ -637,8 +642,7 @@
- }
-
- png_push_fill_buffer(png_ptr, chunk_length, 4);
-- png_ptr->push_length = png_get_uint_32(chunk_length);
--
-+ png_ptr->push_length = png_get_uint_31(png_ptr,chunk_length);
- png_reset_crc(png_ptr);
- png_crc_read(png_ptr, png_ptr->chunk_name, 4);
- png_ptr->mode |= PNG_HAVE_CHUNK_HEADER;
-
-http://www.graphicsmagick.org/libpng/beta/patches/libpng-patch06a-pngread-chunklength.txt
- Use to patch libpng-1.0.0 through 1.0.12, 1.2.0, and 1.2.1.
- Requires libpng-patch04-*
-
-diff -r -U 3 libpng-1.2.1/pngread.c libpng-1.2.1patch06a/pngread.c
---- libpng/pngread.c.orig Wed Dec 12 17:37:21 2001
-+++ libpng/pngread.c Fri Jul 23 20:15:23 2004
-@@ -365,7 +365,7 @@
- png_uint_32 length;
-
- png_read_data(png_ptr, chunk_length, 4);
-- length = png_get_uint_32(chunk_length);
-+ length = png_get_uint_31(png_ptr,chunk_length);
-
- png_reset_crc(png_ptr);
- png_crc_read(png_ptr, png_ptr->chunk_name, 4);
-@@ -654,7 +654,7 @@
- png_crc_finish(png_ptr, 0);
-
- png_read_data(png_ptr, chunk_length, 4);
-- png_ptr->idat_size = png_get_uint_32(chunk_length);
-+ png_ptr->idat_size = png_get_uint_31(png_ptr,chunk_length);
-
- png_reset_crc(png_ptr);
- png_crc_read(png_ptr, png_ptr->chunk_name, 4);
-@@ -927,7 +927,7 @@
- #endif /* PNG_GLOBAL_ARRAYS */
-
- png_read_data(png_ptr, chunk_length, 4);
-- length = png_get_uint_32(chunk_length);
-+ length = png_get_uint_31(png_ptr,chunk_length);
-
- png_reset_crc(png_ptr);
- png_crc_read(png_ptr, png_ptr->chunk_name, 4);
-http://www.graphicsmagick.org/libpng/beta/patches/libpng-patch07-png-read-png-overflow.txt
- Use to patch libpng-1.0.6 through 1.2.5. Libpng-1.0.5 and earlier didn't
implement png_read_png().
- Requires libpng-patch04-*
-
-diff -r -U 3 libpng-1.2.5/pngread.c libpng-1.2.5patch07/pngread.c
---- libpng/pngread.c.orig Thu Oct 3 06:32:29 2002
-+++ libpng/pngread.c Fri Jul 23 19:01:39 2004
-@@ -1299,6 +1299,9 @@
- */
- png_read_info(png_ptr, info_ptr);
-
-+ if (info_ptr->height > PNG_UINT_32_MAX/sizeof(png_bytep))
-+ png_error(png_ptr,"Image is too high to process with png_read_png()");
-+
- /* -------------- image transformations start here ------------------- */
-
- #if defined(PNG_READ_16_TO_8_SUPPORTED)
-
-http://www.graphicsmagick.org/libpng/beta/patches/libpng-patch08-splt-buffer-overflow.txt
- Use to patch libpng-1.0.6 through 1.2.5. Libpng-1.0.5 and earlier didn't
implement png_read_png().
- Requires libpng-patch04-*
-
-The "sPLT chunk too long" check from Matthias Clasen (RedHat libpng package
maintainer)
-
-diff -r -U 3 libpng-1.2.5/pngrutil.c libpng-1.2.5patch08/pngrutil.c
---- libpng/pngrutil.c.orig Thu Oct 3 06:32:30 2002
-+++ libpng/pngrutil.c Fri Jul 23 19:02:48 2004
-@@ -1154,8 +1154,18 @@
- }
-
- new_palette.nentries = data_length / entry_size;
-- new_palette.entries = (png_sPLT_entryp)png_malloc(
-+ if (new_palette.nentries > PNG_SIZE_MAX / sizeof(png_sPLT_entry))
-+ {
-+ png_warning(png_ptr, "sPLT chunk too long");
-+ return;
-+ }
-+ new_palette.entries = (png_sPLT_entryp)png_malloc_warn(
- png_ptr, new_palette.nentries * sizeof(png_sPLT_entry));
-+ if (new_palette.entries == NULL)
-+ {
-+ png_warning(png_ptr, "sPLT chunk requires too much memory");
-+ return;
-+ }
-
- #ifndef PNG_NO_POINTER_INDEXING
- for (i = 0; i < new_palette.nentries; i++)
-
-http://www.graphicsmagick.org/libpng/beta/patches/libpng-patch09-null-iccp-profile.txt
- Use to patch libpng-1.0.9 through 1.2.5. Does not work with
libpng-1.0.6-1.0.8.
- Libpng-1.0.5 and earlier didn't implement iCCP chunk reading.
-
-diff -r -U 3 libpng-1.2.5/pngrutil.c libpng-1.2.5patch09/pngrutil.c
---- libpng/pngrutil.c.orig Thu Oct 3 06:32:30 2002
-+++ libpng/pngrutil.c Fri Jul 23 19:04:28 2004
-@@ -977,8 +977,7 @@
- png_bytep pC;
- png_charp profile;
- png_uint_32 skip = 0;
-- png_uint_32 profile_size = 0;
-- png_uint_32 profile_length = 0;
-+ png_uint_32 profile_size, profile_length;
- png_size_t slength, prefix_length, data_length;
-
- png_debug(1, "in png_handle_iCCP\n");
-
-http://www.graphicsmagick.org/libpng/beta/patches/libpng-patch10-find-duplicate-chunk.txt
- Use to patch libpng-1.0.6 through 1.2.5 Does not work with libpng-1.0.5
and earlier.
- No security problem. The bugs are similar to the one fixed in patch
- 03, but the only effect is that libpng will fail to detect misplaced
- harmless duplicate chunks.
-
-diff -r -U 3 libpng-1.2.5/pngrutil.c libpng-1.2.5patch10/pngrutil.c
---- libpng/pngrutil.c.orig Thu Oct 3 06:32:30 2002
-+++ libpng/pngrutil.c Fri Jul 23 19:05:40 2004
-@@ -579,7 +579,7 @@
- /* Should be an error, but we can cope with it */
- png_warning(png_ptr, "Out of place gAMA chunk");
-
-- else if (info_ptr != NULL && (info_ptr->valid & PNG_INFO_gAMA)
-+ if (info_ptr != NULL && (info_ptr->valid & PNG_INFO_gAMA)
- #if defined(PNG_READ_sRGB_SUPPORTED)
- && !(info_ptr->valid & PNG_INFO_sRGB)
- #endif
-@@ -660,7 +660,7 @@
- /* Should be an error, but we can cope with it */
- png_warning(png_ptr, "Out of place sBIT chunk");
- }
-- else if (info_ptr != NULL && (info_ptr->valid & PNG_INFO_sBIT))
-+ if (info_ptr != NULL && (info_ptr->valid & PNG_INFO_sBIT))
- {
- png_warning(png_ptr, "Duplicate sBIT chunk");
- png_crc_finish(png_ptr, length);
-@@ -729,7 +729,7 @@
- /* Should be an error, but we can cope with it */
- png_warning(png_ptr, "Missing PLTE before cHRM");
-
-- else if (info_ptr != NULL && (info_ptr->valid & PNG_INFO_cHRM)
-+ if (info_ptr != NULL && (info_ptr->valid & PNG_INFO_cHRM)
- #if defined(PNG_READ_sRGB_SUPPORTED)
- && !(info_ptr->valid & PNG_INFO_sRGB)
- #endif
-@@ -891,7 +891,7 @@
- /* Should be an error, but we can cope with it */
- png_warning(png_ptr, "Out of place sRGB chunk");
-
-- else if (info_ptr != NULL && (info_ptr->valid & PNG_INFO_sRGB))
-+ if (info_ptr != NULL && (info_ptr->valid & PNG_INFO_sRGB))
- {
- png_warning(png_ptr, "Duplicate sRGB chunk");
- png_crc_finish(png_ptr, length);
-@@ -995,7 +995,7 @@
- /* Should be an error, but we can cope with it */
- png_warning(png_ptr, "Out of place iCCP chunk");
-
-- else if (info_ptr != NULL && (info_ptr->valid & PNG_INFO_iCCP))
-+ if (info_ptr != NULL && (info_ptr->valid & PNG_INFO_iCCP))
- {
- png_warning(png_ptr, "Duplicate iCCP chunk");
- png_crc_finish(png_ptr, length);
-
-This patch from Chris Evans avoids a host of security problems related
-to buffer overflows that might occur when processing very large images.
-It causes the reader to reject any images claiming to have more rows or
-columns the png format supports.
-
-diff -ru libpng-1.2.5/png.h libpng-1.2.5.fix/png.h
---- libpng/png.h.orig 2002-10-03 12:32:26.000000000 +0100
-+++ libpng/png.h 2004-07-13 23:18:10.000000000 +0100
-@@ -835,6 +835,9 @@
- /* Maximum positive integer used in PNG is (2^31)-1 */
- #define PNG_MAX_UINT ((png_uint_32)0x7fffffffL)
-
-+/* Constraints on width, height, (2 ^ 24) - 1*/
-+#define PNG_MAX_DIMENSION 16777215
-+
- /* These describe the color_type field in png_info. */
- /* color type masks */
- #define PNG_COLOR_MASK_PALETTE 1
-diff -ru libpng-1.2.5/pngrutil.c libpng-1.2.5.fix/pngrutil.c
---- libpng/pngrutil.c.orig 2004-07-13 13:36:37.000000000 +0100
-+++ libpng/pngrutil.c 2004-07-13 23:43:02.000000000 +0100
-@@ -350,7 +350,11 @@
- png_crc_finish(png_ptr, 0);
-
- width = png_get_uint_32(buf);
-+ if (width > PNG_MAX_DIMENSION)
-+ png_error(png_ptr, "Width is too large");
- height = png_get_uint_32(buf + 4);
-+ if (height > PNG_MAX_DIMENSION)
-+ png_error(png_ptr, "Height is too large");
- bit_depth = buf[8];
- color_type = buf[9];
- compression_type = buf[10];
-@@ -675,7 +679,7 @@
- else
- truelen = (png_size_t)png_ptr->channels;
-
-- if (length != truelen)
-+ if (length != truelen || length > 4)
- {
- png_warning(png_ptr, "Incorrect sBIT chunk length");
- png_crc_finish(png_ptr, length);
-@@ -1400,7 +1405,7 @@
- void /* PRIVATE */
- png_handle_hIST(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
- {
-- int num, i;
-+ unsigned int num, i;
- png_uint_16 readbuf[PNG_MAX_PALETTE_LENGTH];
-
- png_debug(1, "in png_handle_hIST\n");
-@@ -1426,8 +1431,8 @@
- return;
- }
-
-- num = (int)length / 2 ;
-- if (num != png_ptr->num_palette)
-+ num = length / 2 ;
-+ if (num != png_ptr->num_palette || num > PNG_MAX_PALETTE_LENGTH)
- {
- png_warning(png_ptr, "Incorrect hIST chunk length");
- png_crc_finish(png_ptr, length);
-@@ -2868,6 +2873,9 @@
- png_read_data(png_ptr, chunk_length, 4);
- png_ptr->idat_size = png_get_uint_32(chunk_length);
-
-+ if (png_ptr->idat_size > PNG_MAX_UINT)
-+ png_error(png_ptr, "Invalid chunk length.");
-+
- png_reset_crc(png_ptr);
- png_crc_read(png_ptr, png_ptr->chunk_name, 4);
- if (png_memcmp(png_ptr->chunk_name, (png_bytep)png_IDAT, 4))
-
Index: qtools/qxml.cpp
--- qtools/qxml.cpp.orig 2003-12-14 23:00:57.000000000 +0100
+++ qtools/qxml.cpp 2005-02-18 12:31:22.005743375 +0100
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/doxygen/doxygen.spec
============================================================================
$ cvs diff -u -r1.60 -r1.61 doxygen.spec
--- openpkg-src/doxygen/doxygen.spec 27 Jul 2007 17:59:27 -0000 1.60
+++ openpkg-src/doxygen/doxygen.spec 27 Oct 2007 12:35:05 -0000 1.61
@@ -32,8 +32,8 @@
Class: PLUS
Group: Development
License: GPL
-Version: 1.5.3
-Release: 20070727
+Version: 1.5.4
+Release: 20071027
# list of sources
Source0:
ftp://ftp.stack.nl/pub/users/dimitri/doxygen-%{version}.src.tar.gz
@@ .
______________________________________________________________________
OpenPKG http://openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
