Author: ranger
Date: Mon Nov 27 21:35:15 2006
New Revision: 511
URL:
<http://svn.finkproject.org/websvn/listing.php?sc=1&rev=511&repname=user%3a+ranger>
Log:
security update
Modified:
trunk/experimental/10.3/main/finkinfo/kde/kdegraphics3.info
trunk/experimental/10.3/main/finkinfo/kde/kdegraphics3.patch
trunk/experimental/10.4/main/finkinfo/kde/kdegraphics3.info
trunk/experimental/10.4/main/finkinfo/kde/kdegraphics3.patch
trunk/experimental/common/main/finkinfo/kde/kdegraphics3.info
trunk/experimental/common/main/finkinfo/kde/kdegraphics3.patch
Modified: trunk/experimental/10.3/main/finkinfo/kde/kdegraphics3.info
URL:
<http://svn.finkproject.org/websvn/diff.php?path=/trunk/experimental/10.3/main/finkinfo/kde/kdegraphics3.info&rev=511&repname=user%3a+ranger>
==============================================================================
--- trunk/experimental/10.3/main/finkinfo/kde/kdegraphics3.info (original)
+++ trunk/experimental/10.3/main/finkinfo/kde/kdegraphics3.info Mon Nov 27
21:35:15 2006
@@ -1,6 +1,6 @@
Package: kdegraphics3
Version: 3.5.5
-Revision: 11
+Revision: 12
Description: KDE - graphics
License: GPL/LGPL
Maintainer: Benjamin Reed <[EMAIL PROTECTED]>
Modified: trunk/experimental/10.3/main/finkinfo/kde/kdegraphics3.patch
URL:
<http://svn.finkproject.org/websvn/diff.php?path=/trunk/experimental/10.3/main/finkinfo/kde/kdegraphics3.patch&rev=511&repname=user%3a+ranger>
==============================================================================
--- trunk/experimental/10.3/main/finkinfo/kde/kdegraphics3.patch (original)
+++ trunk/experimental/10.3/main/finkinfo/kde/kdegraphics3.patch Mon Nov 27
21:35:15 2006
@@ -620,3 +620,137 @@
break;
default:
break;
+--- kdeg/kfile-plugins/jpeg/exif.h
++++ kdeg/kfile-plugins/jpeg/exif.h
+@@ -72,7 +72,8 @@
+ int Get32s(void * Long);
+ unsigned Get32u(void * Long);
+ double ConvertAnyFormat(void * ValuePtr, int Format);
+- void ProcessExifDir(unsigned char * DirStart, unsigned char * OffsetBase,
unsigned ExifLength);
++ void ProcessExifDir(unsigned char * DirStart, unsigned char * OffsetBase,
unsigned ExifLength,
++ unsigned NestingLevel);
+ void process_COM (const uchar * Data, int length);
+ void process_SOFn (const uchar * Data, int marker);
+ int Get16m(const void * Short);
+--- kdeg/kfile-plugins/jpeg/exif.cpp
++++ kdeg/kfile-plugins/jpeg/exif.cpp
+@@ -446,7 +446,7 @@
+ //--------------------------------------------------------------------------
+ // Process one of the nested EXIF directories.
+ //--------------------------------------------------------------------------
+-void ExifData::ProcessExifDir(unsigned char * DirStart, unsigned char *
OffsetBase, unsigned ExifLength)
++void ExifData::ProcessExifDir(unsigned char * DirStart, unsigned char *
OffsetBase, unsigned ExifLength, unsigned NestingLevel)
+ {
+ int de;
+ int a;
+@@ -454,6 +454,9 @@
+ unsigned ThumbnailOffset = 0;
+ unsigned ThumbnailSize = 0;
+
++ if ( NestingLevel > 4)
++ throw FatalError("Maximum directory nesting exceeded (corrupt exif
header)");
++
+ NumDirEntries = Get16u(DirStart);
+ #define DIR_ENTRY_ADDR(Start, Entry) (Start+2+12*(Entry))
+
+@@ -476,7 +479,7 @@
+ for (de=0;de<NumDirEntries;de++){
+ int Tag, Format, Components;
+ unsigned char * ValuePtr;
+- int ByteCount;
++ unsigned ByteCount;
+ char * DirEntry;
+ DirEntry = (char *)DIR_ENTRY_ADDR(DirStart, de);
+
+@@ -489,6 +492,11 @@
+ throw FatalError("Illegal format code in EXIF dir");
+ }
+
++ if ((unsigned)Components > 0x10000) {
++ throw FatalError("Illegal number of components for tag");
++ continue;
++ }
++
+ ByteCount = Components * BytesPerFormat[Format];
+
+ if (ByteCount > 4){
+@@ -517,11 +525,11 @@
+ switch(Tag){
+
+ case TAG_MAKE:
+- ExifData::CameraMake = QString((char*)ValuePtr);
++ ExifData::CameraMake = QString::fromLatin1((const
char*)ValuePtr, 31);
+ break;
+
+ case TAG_MODEL:
+- ExifData::CameraModel = QString((char*)ValuePtr);
++ ExifData::CameraModel = QString::fromLatin1((const
char*)ValuePtr, 39);
+ break;
+
+ case TAG_ORIENTATION:
+@@ -529,7 +537,7 @@
+ break;
+
+ case TAG_DATETIME_ORIGINAL:
+- DateTime = QString((char*)ValuePtr);
++ DateTime = QString::fromLatin1((const char*)ValuePtr, 19);
+ break;
+
+ case TAG_USERCOMMENT:
+@@ -550,14 +558,12 @@
+ int c;
+ c = (ValuePtr)[a];
+ if (c != '\0' && c != ' '){
+- //strncpy(ImageInfo.Comments, (const
char*)(a+ValuePtr), 199);
+- UserComment.sprintf("%s", (const
char*)(a+ValuePtr));
++ UserComment = QString::fromLatin1((const
char*)(a+ValuePtr), 199);
+ break;
+ }
+ }
+ }else{
+- //strncpy(ImageInfo.Comments, (const char*)ValuePtr, 199);
+- UserComment.sprintf("%s", (const char*)ValuePtr);
++ UserComment = QString::fromLatin1((const char*)ValuePtr,
199);
+ }
+ break;
+
+@@ -676,10 +682,10 @@
+ if (Tag == TAG_EXIF_OFFSET || Tag == TAG_INTEROP_OFFSET){
+ unsigned char * SubdirStart;
+ SubdirStart = OffsetBase + Get32u(ValuePtr);
+- if (SubdirStart < OffsetBase || SubdirStart >
OffsetBase+ExifLength){
++ if (SubdirStart <= OffsetBase || SubdirStart >=
OffsetBase+ExifLength){
+ throw FatalError("Illegal subdirectory link");
+ }
+- ProcessExifDir(SubdirStart, OffsetBase, ExifLength);
++ ProcessExifDir(SubdirStart, OffsetBase, ExifLength,
NestingLevel+1);
+ continue;
+ }
+ }
+@@ -709,7 +715,7 @@
+ }
+ }else{
+ if (SubdirStart <= OffsetBase+ExifLength){
+- ProcessExifDir(SubdirStart, OffsetBase, ExifLength);
++ ProcessExifDir(SubdirStart, OffsetBase, ExifLength,
NestingLevel+1);
+ }
+ }
+ }
+@@ -719,7 +725,7 @@
+ }
+
+ if (ThumbnailSize && ThumbnailOffset){
+- if (ThumbnailSize + ThumbnailOffset <= ExifLength){
++ if (ThumbnailSize + ThumbnailOffset < ExifLength){
+ // The thumbnail pointer appears to be valid. Store it.
+ Thumbnail.loadFromData(OffsetBase + ThumbnailOffset, ThumbnailSize,
"JPEG");
+ }
+@@ -810,7 +816,7 @@
+ LastExifRefd = CharBuf;
+
+ // First directory starts 16 bytes in. Offsets start at 8 bytes in.
+- ProcessExifDir(CharBuf+16, CharBuf+8, length-6);
++ ProcessExifDir(CharBuf+16, CharBuf+8, length-6, 0);
+
+ // This is how far the interesting (non thumbnail) part of the exif went.
+ ExifSettingsLength = LastExifRefd - CharBuf;
Modified: trunk/experimental/10.4/main/finkinfo/kde/kdegraphics3.info
URL:
<http://svn.finkproject.org/websvn/diff.php?path=/trunk/experimental/10.4/main/finkinfo/kde/kdegraphics3.info&rev=511&repname=user%3a+ranger>
==============================================================================
--- trunk/experimental/10.4/main/finkinfo/kde/kdegraphics3.info (original)
+++ trunk/experimental/10.4/main/finkinfo/kde/kdegraphics3.info Mon Nov 27
21:35:15 2006
@@ -1,6 +1,6 @@
Package: kdegraphics3
Version: 3.5.5
-Revision: 1021
+Revision: 1022
Description: KDE - graphics
License: GPL/LGPL
Maintainer: Benjamin Reed <[EMAIL PROTECTED]>
Modified: trunk/experimental/10.4/main/finkinfo/kde/kdegraphics3.patch
URL:
<http://svn.finkproject.org/websvn/diff.php?path=/trunk/experimental/10.4/main/finkinfo/kde/kdegraphics3.patch&rev=511&repname=user%3a+ranger>
==============================================================================
--- trunk/experimental/10.4/main/finkinfo/kde/kdegraphics3.patch (original)
+++ trunk/experimental/10.4/main/finkinfo/kde/kdegraphics3.patch Mon Nov 27
21:35:15 2006
@@ -620,3 +620,137 @@
break;
default:
break;
+--- kdeg/kfile-plugins/jpeg/exif.h
++++ kdeg/kfile-plugins/jpeg/exif.h
+@@ -72,7 +72,8 @@
+ int Get32s(void * Long);
+ unsigned Get32u(void * Long);
+ double ConvertAnyFormat(void * ValuePtr, int Format);
+- void ProcessExifDir(unsigned char * DirStart, unsigned char * OffsetBase,
unsigned ExifLength);
++ void ProcessExifDir(unsigned char * DirStart, unsigned char * OffsetBase,
unsigned ExifLength,
++ unsigned NestingLevel);
+ void process_COM (const uchar * Data, int length);
+ void process_SOFn (const uchar * Data, int marker);
+ int Get16m(const void * Short);
+--- kdeg/kfile-plugins/jpeg/exif.cpp
++++ kdeg/kfile-plugins/jpeg/exif.cpp
+@@ -446,7 +446,7 @@
+ //--------------------------------------------------------------------------
+ // Process one of the nested EXIF directories.
+ //--------------------------------------------------------------------------
+-void ExifData::ProcessExifDir(unsigned char * DirStart, unsigned char *
OffsetBase, unsigned ExifLength)
++void ExifData::ProcessExifDir(unsigned char * DirStart, unsigned char *
OffsetBase, unsigned ExifLength, unsigned NestingLevel)
+ {
+ int de;
+ int a;
+@@ -454,6 +454,9 @@
+ unsigned ThumbnailOffset = 0;
+ unsigned ThumbnailSize = 0;
+
++ if ( NestingLevel > 4)
++ throw FatalError("Maximum directory nesting exceeded (corrupt exif
header)");
++
+ NumDirEntries = Get16u(DirStart);
+ #define DIR_ENTRY_ADDR(Start, Entry) (Start+2+12*(Entry))
+
+@@ -476,7 +479,7 @@
+ for (de=0;de<NumDirEntries;de++){
+ int Tag, Format, Components;
+ unsigned char * ValuePtr;
+- int ByteCount;
++ unsigned ByteCount;
+ char * DirEntry;
+ DirEntry = (char *)DIR_ENTRY_ADDR(DirStart, de);
+
+@@ -489,6 +492,11 @@
+ throw FatalError("Illegal format code in EXIF dir");
+ }
+
++ if ((unsigned)Components > 0x10000) {
++ throw FatalError("Illegal number of components for tag");
++ continue;
++ }
++
+ ByteCount = Components * BytesPerFormat[Format];
+
+ if (ByteCount > 4){
+@@ -517,11 +525,11 @@
+ switch(Tag){
+
+ case TAG_MAKE:
+- ExifData::CameraMake = QString((char*)ValuePtr);
++ ExifData::CameraMake = QString::fromLatin1((const
char*)ValuePtr, 31);
+ break;
+
+ case TAG_MODEL:
+- ExifData::CameraModel = QString((char*)ValuePtr);
++ ExifData::CameraModel = QString::fromLatin1((const
char*)ValuePtr, 39);
+ break;
+
+ case TAG_ORIENTATION:
+@@ -529,7 +537,7 @@
+ break;
+
+ case TAG_DATETIME_ORIGINAL:
+- DateTime = QString((char*)ValuePtr);
++ DateTime = QString::fromLatin1((const char*)ValuePtr, 19);
+ break;
+
+ case TAG_USERCOMMENT:
+@@ -550,14 +558,12 @@
+ int c;
+ c = (ValuePtr)[a];
+ if (c != '\0' && c != ' '){
+- //strncpy(ImageInfo.Comments, (const
char*)(a+ValuePtr), 199);
+- UserComment.sprintf("%s", (const
char*)(a+ValuePtr));
++ UserComment = QString::fromLatin1((const
char*)(a+ValuePtr), 199);
+ break;
+ }
+ }
+ }else{
+- //strncpy(ImageInfo.Comments, (const char*)ValuePtr, 199);
+- UserComment.sprintf("%s", (const char*)ValuePtr);
++ UserComment = QString::fromLatin1((const char*)ValuePtr,
199);
+ }
+ break;
+
+@@ -676,10 +682,10 @@
+ if (Tag == TAG_EXIF_OFFSET || Tag == TAG_INTEROP_OFFSET){
+ unsigned char * SubdirStart;
+ SubdirStart = OffsetBase + Get32u(ValuePtr);
+- if (SubdirStart < OffsetBase || SubdirStart >
OffsetBase+ExifLength){
++ if (SubdirStart <= OffsetBase || SubdirStart >=
OffsetBase+ExifLength){
+ throw FatalError("Illegal subdirectory link");
+ }
+- ProcessExifDir(SubdirStart, OffsetBase, ExifLength);
++ ProcessExifDir(SubdirStart, OffsetBase, ExifLength,
NestingLevel+1);
+ continue;
+ }
+ }
+@@ -709,7 +715,7 @@
+ }
+ }else{
+ if (SubdirStart <= OffsetBase+ExifLength){
+- ProcessExifDir(SubdirStart, OffsetBase, ExifLength);
++ ProcessExifDir(SubdirStart, OffsetBase, ExifLength,
NestingLevel+1);
+ }
+ }
+ }
+@@ -719,7 +725,7 @@
+ }
+
+ if (ThumbnailSize && ThumbnailOffset){
+- if (ThumbnailSize + ThumbnailOffset <= ExifLength){
++ if (ThumbnailSize + ThumbnailOffset < ExifLength){
+ // The thumbnail pointer appears to be valid. Store it.
+ Thumbnail.loadFromData(OffsetBase + ThumbnailOffset, ThumbnailSize,
"JPEG");
+ }
+@@ -810,7 +816,7 @@
+ LastExifRefd = CharBuf;
+
+ // First directory starts 16 bytes in. Offsets start at 8 bytes in.
+- ProcessExifDir(CharBuf+16, CharBuf+8, length-6);
++ ProcessExifDir(CharBuf+16, CharBuf+8, length-6, 0);
+
+ // This is how far the interesting (non thumbnail) part of the exif went.
+ ExifSettingsLength = LastExifRefd - CharBuf;
Modified: trunk/experimental/common/main/finkinfo/kde/kdegraphics3.info
URL:
<http://svn.finkproject.org/websvn/diff.php?path=/trunk/experimental/common/main/finkinfo/kde/kdegraphics3.info&rev=511&repname=user%3a+ranger>
==============================================================================
--- trunk/experimental/common/main/finkinfo/kde/kdegraphics3.info (original)
+++ trunk/experimental/common/main/finkinfo/kde/kdegraphics3.info Mon Nov 27
21:35:15 2006
@@ -1,6 +1,6 @@
Package: kdegraphics3
Version: 3.5.5
-Revision: 1
+Revision: 2
Description: KDE - graphics
License: GPL/LGPL
Maintainer: Benjamin Reed <[EMAIL PROTECTED]>
Modified: trunk/experimental/common/main/finkinfo/kde/kdegraphics3.patch
URL:
<http://svn.finkproject.org/websvn/diff.php?path=/trunk/experimental/common/main/finkinfo/kde/kdegraphics3.patch&rev=511&repname=user%3a+ranger>
==============================================================================
--- trunk/experimental/common/main/finkinfo/kde/kdegraphics3.patch (original)
+++ trunk/experimental/common/main/finkinfo/kde/kdegraphics3.patch Mon Nov 27
21:35:15 2006
@@ -656,3 +656,137 @@
break;
default:
break;
+--- kdeg/kfile-plugins/jpeg/exif.h
++++ kdeg/kfile-plugins/jpeg/exif.h
+@@ -72,7 +72,8 @@
+ int Get32s(void * Long);
+ unsigned Get32u(void * Long);
+ double ConvertAnyFormat(void * ValuePtr, int Format);
+- void ProcessExifDir(unsigned char * DirStart, unsigned char * OffsetBase,
unsigned ExifLength);
++ void ProcessExifDir(unsigned char * DirStart, unsigned char * OffsetBase,
unsigned ExifLength,
++ unsigned NestingLevel);
+ void process_COM (const uchar * Data, int length);
+ void process_SOFn (const uchar * Data, int marker);
+ int Get16m(const void * Short);
+--- kdeg/kfile-plugins/jpeg/exif.cpp
++++ kdeg/kfile-plugins/jpeg/exif.cpp
+@@ -446,7 +446,7 @@
+ //--------------------------------------------------------------------------
+ // Process one of the nested EXIF directories.
+ //--------------------------------------------------------------------------
+-void ExifData::ProcessExifDir(unsigned char * DirStart, unsigned char *
OffsetBase, unsigned ExifLength)
++void ExifData::ProcessExifDir(unsigned char * DirStart, unsigned char *
OffsetBase, unsigned ExifLength, unsigned NestingLevel)
+ {
+ int de;
+ int a;
+@@ -454,6 +454,9 @@
+ unsigned ThumbnailOffset = 0;
+ unsigned ThumbnailSize = 0;
+
++ if ( NestingLevel > 4)
++ throw FatalError("Maximum directory nesting exceeded (corrupt exif
header)");
++
+ NumDirEntries = Get16u(DirStart);
+ #define DIR_ENTRY_ADDR(Start, Entry) (Start+2+12*(Entry))
+
+@@ -476,7 +479,7 @@
+ for (de=0;de<NumDirEntries;de++){
+ int Tag, Format, Components;
+ unsigned char * ValuePtr;
+- int ByteCount;
++ unsigned ByteCount;
+ char * DirEntry;
+ DirEntry = (char *)DIR_ENTRY_ADDR(DirStart, de);
+
+@@ -489,6 +492,11 @@
+ throw FatalError("Illegal format code in EXIF dir");
+ }
+
++ if ((unsigned)Components > 0x10000) {
++ throw FatalError("Illegal number of components for tag");
++ continue;
++ }
++
+ ByteCount = Components * BytesPerFormat[Format];
+
+ if (ByteCount > 4){
+@@ -517,11 +525,11 @@
+ switch(Tag){
+
+ case TAG_MAKE:
+- ExifData::CameraMake = QString((char*)ValuePtr);
++ ExifData::CameraMake = QString::fromLatin1((const
char*)ValuePtr, 31);
+ break;
+
+ case TAG_MODEL:
+- ExifData::CameraModel = QString((char*)ValuePtr);
++ ExifData::CameraModel = QString::fromLatin1((const
char*)ValuePtr, 39);
+ break;
+
+ case TAG_ORIENTATION:
+@@ -529,7 +537,7 @@
+ break;
+
+ case TAG_DATETIME_ORIGINAL:
+- DateTime = QString((char*)ValuePtr);
++ DateTime = QString::fromLatin1((const char*)ValuePtr, 19);
+ break;
+
+ case TAG_USERCOMMENT:
+@@ -550,14 +558,12 @@
+ int c;
+ c = (ValuePtr)[a];
+ if (c != '\0' && c != ' '){
+- //strncpy(ImageInfo.Comments, (const
char*)(a+ValuePtr), 199);
+- UserComment.sprintf("%s", (const
char*)(a+ValuePtr));
++ UserComment = QString::fromLatin1((const
char*)(a+ValuePtr), 199);
+ break;
+ }
+ }
+ }else{
+- //strncpy(ImageInfo.Comments, (const char*)ValuePtr, 199);
+- UserComment.sprintf("%s", (const char*)ValuePtr);
++ UserComment = QString::fromLatin1((const char*)ValuePtr,
199);
+ }
+ break;
+
+@@ -676,10 +682,10 @@
+ if (Tag == TAG_EXIF_OFFSET || Tag == TAG_INTEROP_OFFSET){
+ unsigned char * SubdirStart;
+ SubdirStart = OffsetBase + Get32u(ValuePtr);
+- if (SubdirStart < OffsetBase || SubdirStart >
OffsetBase+ExifLength){
++ if (SubdirStart <= OffsetBase || SubdirStart >=
OffsetBase+ExifLength){
+ throw FatalError("Illegal subdirectory link");
+ }
+- ProcessExifDir(SubdirStart, OffsetBase, ExifLength);
++ ProcessExifDir(SubdirStart, OffsetBase, ExifLength,
NestingLevel+1);
+ continue;
+ }
+ }
+@@ -709,7 +715,7 @@
+ }
+ }else{
+ if (SubdirStart <= OffsetBase+ExifLength){
+- ProcessExifDir(SubdirStart, OffsetBase, ExifLength);
++ ProcessExifDir(SubdirStart, OffsetBase, ExifLength,
NestingLevel+1);
+ }
+ }
+ }
+@@ -719,7 +725,7 @@
+ }
+
+ if (ThumbnailSize && ThumbnailOffset){
+- if (ThumbnailSize + ThumbnailOffset <= ExifLength){
++ if (ThumbnailSize + ThumbnailOffset < ExifLength){
+ // The thumbnail pointer appears to be valid. Store it.
+ Thumbnail.loadFromData(OffsetBase + ThumbnailOffset, ThumbnailSize,
"JPEG");
+ }
+@@ -810,7 +816,7 @@
+ LastExifRefd = CharBuf;
+
+ // First directory starts 16 bytes in. Offsets start at 8 bytes in.
+- ProcessExifDir(CharBuf+16, CharBuf+8, length-6);
++ ProcessExifDir(CharBuf+16, CharBuf+8, length-6, 0);
+
+ // This is how far the interesting (non thumbnail) part of the exif went.
+ ExifSettingsLength = LastExifRefd - CharBuf;
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Fink-commits mailing list
Fink-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fink-commits
