OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Torsten Homeyer
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 01-Jul-2004 16:10:13
Branch: HEAD Handle: -NONE-
Modified files:
openpkg-src/perl-tk perl-tk.patch perl-tk.spec
Log:
added Security Fix (CAN-2002-1363) for png
Summary:
Revision Changes Path
1.4 +102 -39 openpkg-src/perl-tk/perl-tk.patch
1.63 +1 -1 openpkg-src/perl-tk/perl-tk.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/perl-tk/perl-tk.patch
============================================================================
$ cvs diff -u -r1.3 -r1.4 perl-tk.patch
--- openpkg-src/perl-tk/perl-tk.patch 29 Apr 2004 15:06:57 -0000 1.3
+++ openpkg-src/perl-tk/perl-tk.patch 1 Jul 2004 14:10:12 -0000 1.4
@@ -1,6 +1,62 @@
---- Tk-804.027/PNG/libpng/pngrtran.c.orig Wed Oct 2 20:20:24 2002
-+++ Tk-804.027/PNG/libpng/pngrtran.c Wed Jan 15 11:30:23 2003
-@@ -1965,8 +1965,8 @@
+Index: Tk-PNG-2.005/libpng/pngconf.h
+--- Tk-PNG-2.005/libpng/pngconf.h.orig 2004-07-01 13:18:23 +0200
++++ Tk-PNG-2.005/libpng/pngconf.h 2004-07-01 13:30:50 +0200
+@@ -119,10 +119,6 @@
+ #define _PNG_SAVE_BSD_SOURCE
+ #undef _BSD_SOURCE
+ #endif
+-#ifdef _SETJMP_H
+-__png.h__ already includes setjmp.h
+-__dont__ include it again
+-#endif
+ #endif /* __linux__ */
+
+ /* include setjmp.h for error handling */
+Index: Tk-PNG-2.005/libpng/pngerror.c
+--- Tk-PNG-2.005/libpng/pngerror.c.orig 2004-07-01 13:18:23 +0200
++++ Tk-PNG-2.005/libpng/pngerror.c 2004-07-01 13:34:07 +0200
+@@ -82,10 +82,13 @@
+ if (message == NULL)
+ buffer[iout] = 0;
+ else {
++ png_size_t len;
++ if ((len = png_strlen(error_message)) > 63)
++ len = 63;
+ buffer[iout++] = ':';
+ buffer[iout++] = ' ';
+- png_memcpy(buffer+iout, message, 64);
+- buffer[iout+63] = 0;
++ png_memcpy(buffer+iout, error_message, len);
++ buffer[iout+len] = 0;
+ }
+ }
+
+Index: Tk-PNG-2.005/libpng/pngrtran.c
+--- Tk-PNG-2.005/libpng/pngrtran.c.orig 2000-04-21 20:57:35 +0200
++++ Tk-PNG-2.005/libpng/pngrtran.c 2004-07-01 13:18:23 +0200
+@@ -1783,8 +1783,8 @@
+ /* This changes the data from GG to GGXX */
+ if (flags & PNG_FLAG_FILLER_AFTER)
+ {
+- png_bytep sp = row + (png_size_t)row_width;
+- png_bytep dp = sp + (png_size_t)row_width;
++ png_bytep sp = row + (png_size_t)row_width * 2;
++ png_bytep dp = sp + (png_size_t)row_width * 2;
+ for (i = 1; i < row_width; i++)
+ {
+ *(--dp) = hi_filler;
+@@ -1801,8 +1801,8 @@
+ /* This changes the data from GG to XXGG */
+ else
+ {
+- png_bytep sp = row + (png_size_t)row_width;
+- png_bytep dp = sp + (png_size_t)row_width;
++ png_bytep sp = row + (png_size_t)row_width * 2;
++ png_bytep dp = sp + (png_size_t)row_width * 2;
+ for (i = 0; i < row_width; i++)
+ {
+ *(--dp) = *(--sp);
+@@ -1859,8 +1859,8 @@
/* This changes the data from RRGGBB to RRGGBBXX */
if (flags & PNG_FLAG_FILLER_AFTER)
{
@@ -11,7 +67,7 @@
for (i = 1; i < row_width; i++)
{
*(--dp) = hi_filler;
-@@ -1987,8 +1987,8 @@
+@@ -1881,8 +1881,8 @@
/* This changes the data from RRGGBB to XXRRGGBB */
else
{
@@ -22,13 +78,23 @@
for (i = 0; i < row_width; i++)
{
*(--dp) = *(--sp);
-
-Steve G <[EMAIL PROTECTED]>
-Libpng accesses memory that is out of bounds when creating an error message
-
-Index: pngerror.c
---- Tk-804.027/PNG/libpng/pngerror.c.orig 2002-10-03 13:32:27.000000000 +0200
-+++ Tk-804.027/PNG/libpng/pngerror.c 2004-04-28 13:24:22.000000000 +0200
+Index: Tk-804.027/PNG/libpng/pngconf.h
+--- Tk-804.027/PNG/libpng/pngconf.h.orig 2003-11-29 12:39:30 +0100
++++ Tk-804.027/PNG/libpng/pngconf.h 2004-07-01 13:36:23 +0200
+@@ -251,10 +251,6 @@
+ # define PNG_SAVE_BSD_SOURCE
+ # undef _BSD_SOURCE
+ # endif
+-# ifdef _SETJMP_H
+- __png.h__ already includes setjmp.h;
+- __dont__ include it again.;
+-# endif
+ # endif /* __linux__ */
+
+ /* include setjmp.h for error handling */
+Index: Tk-804.027/PNG/libpng/pngerror.c
+--- Tk-804.027/PNG/libpng/pngerror.c.orig 2003-11-29 12:39:30 +0100
++++ Tk-804.027/PNG/libpng/pngerror.c 2004-07-01 13:36:23 +0200
@@ -135,10 +135,13 @@
buffer[iout] = 0;
else
@@ -45,8 +111,31 @@
}
}
---- Tk-PNG-2.005/libpng/pngrtran.c.orig Wed Oct 2 20:20:24 2002
-+++ Tk-PNG-2.005/libpng/pngrtran.c Wed Jan 15 11:30:23 2003
+Index: Tk-804.027/PNG/libpng/pngrtran.c
+--- Tk-804.027/PNG/libpng/pngrtran.c.orig 2003-11-29 12:39:31 +0100
++++ Tk-804.027/PNG/libpng/pngrtran.c 2004-07-01 13:36:23 +0200
+@@ -1889,8 +1889,8 @@
+ /* This changes the data from GG to GGXX */
+ if (flags & PNG_FLAG_FILLER_AFTER)
+ {
+- png_bytep sp = row + (png_size_t)row_width;
+- png_bytep dp = sp + (png_size_t)row_width;
++ png_bytep sp = row + (png_size_t)row_width * 2;
++ png_bytep dp = sp + (png_size_t)row_width * 2;
+ for (i = 1; i < row_width; i++)
+ {
+ *(--dp) = hi_filler;
+@@ -1907,8 +1907,8 @@
+ /* This changes the data from GG to XXGG */
+ else
+ {
+- png_bytep sp = row + (png_size_t)row_width;
+- png_bytep dp = sp + (png_size_t)row_width;
++ png_bytep sp = row + (png_size_t)row_width * 2;
++ png_bytep dp = sp + (png_size_t)row_width * 2;
+ for (i = 0; i < row_width; i++)
+ {
+ *(--dp) = *(--sp);
@@ -1965,8 +1965,8 @@
/* This changes the data from RRGGBB to RRGGBBXX */
if (flags & PNG_FLAG_FILLER_AFTER)
@@ -69,29 +158,3 @@
for (i = 0; i < row_width; i++)
{
*(--dp) = *(--sp);
-
-Steve G <[EMAIL PROTECTED]>
-Libpng accesses memory that is out of bounds when creating an error message
-
-Index: pngerror.c
---- Tk-PNG-2.005/libpng/pngerror.c.orig 2004-04-29 15:33:33.000000000 +0200
-+++ Tk-PNG-2.005/libpng/pngerror.c 2004-04-29 15:35:46.000000000 +0200
-@@ -81,11 +81,15 @@
-
- if (message == NULL)
- buffer[iout] = 0;
-- else {
-+ else
-+ {
-+ png_size_t len;
-+ if ((len = png_strlen(message)) > 63)
-+ len = 63;
- buffer[iout++] = ':';
- buffer[iout++] = ' ';
-- png_memcpy(buffer+iout, message, 64);
-- buffer[iout+63] = 0;
-+ png_memcpy(buffer+iout, message, len);
-+ buffer[iout+len] = 0;
- }
- }
-
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/perl-tk/perl-tk.spec
============================================================================
$ cvs diff -u -r1.62 -r1.63 perl-tk.spec
--- openpkg-src/perl-tk/perl-tk.spec 22 Jun 2004 21:28:57 -0000 1.62
+++ openpkg-src/perl-tk/perl-tk.spec 1 Jul 2004 14:10:12 -0000 1.63
@@ -67,7 +67,7 @@
Group: Language
License: GPL/Artistic
Version: %{V_perl}
-Release: 20040622
+Release: 20040701
# list of sources
Source0: http://www.cpan.org/modules/by-module/Tk/Tk-%{V_tk}.tar.gz
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
