OpenPKG CVS Repository http://cvs.openpkg.org/ ____________________________________________________________________________
Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 29-Apr-2004 21:56:28 Branch: OPENPKG_1_3_SOLID Handle: 2004042920562404 Added files: (Branch: OPENPKG_1_3_SOLID) openpkg-src/analog analog.patch openpkg-src/doxygen doxygen.patch openpkg-src/ghostscript ghostscript.patch openpkg-src/pdflib pdflib.patch openpkg-src/perl-tk perl-tk.patch openpkg-src/rrdtool rrdtool.patch openpkg-src/tetex tetex.patch Modified files: (Branch: OPENPKG_1_3_SOLID) openpkg-src/analog analog.spec openpkg-src/doxygen doxygen.spec openpkg-src/ghostscript ghostscript.spec openpkg-src/pdflib pdflib.spec openpkg-src/perl-tk perl-tk.spec openpkg-src/png png.patch png.spec openpkg-src/rrdtool rrdtool.spec openpkg-src/tetex tetex.spec Log: SA-2004.017-png Summary: Revision Changes Path 1.1.4.1 +22 -0 openpkg-src/analog/analog.patch 1.31.2.2.2.2+3 -1 openpkg-src/analog/analog.spec 1.1.4.1 +47 -0 openpkg-src/doxygen/doxygen.patch 1.21.2.3.2.2+3 -1 openpkg-src/doxygen/doxygen.spec 1.6.2.1 +47 -0 openpkg-src/ghostscript/ghostscript.patch 1.33.2.2.2.2+3 -1 openpkg-src/ghostscript/ghostscript.spec 1.2.2.1 +47 -0 openpkg-src/pdflib/pdflib.patch 1.16.2.2.2.2+3 -1 openpkg-src/pdflib/pdflib.spec 1.3.2.1 +50 -0 openpkg-src/perl-tk/perl-tk.patch 1.16.2.3.2.2+3 -1 openpkg-src/perl-tk/perl-tk.spec 1.1.10.1 +23 -0 openpkg-src/png/png.patch 1.29.2.2.2.2+1 -1 openpkg-src/png/png.spec 1.4.2.1 +47 -0 openpkg-src/rrdtool/rrdtool.patch 1.31.2.2.2.2+3 -1 openpkg-src/rrdtool/rrdtool.spec 1.1.4.1.2.1 +47 -0 openpkg-src/tetex/tetex.patch 1.36.2.2.2.3+3 -1 openpkg-src/tetex/tetex.spec ____________________________________________________________________________ patch -p0 <<'@@ .' Index: openpkg-src/analog/analog.patch ============================================================================ $ cvs diff -u -r0 -r1.1.4.1 analog.patch --- /dev/null 2004-04-29 21:56:24.000000000 +0200 +++ analog.patch 2004-04-29 21:56:24.000000000 +0200 @@ -0,0 +1,22 @@ +Steve G <[EMAIL PROTECTED]> +Libpng accesses memory that is out of bounds when creating an error message + +Index: pngerror.c +--- src/libpng/pngerror.c.orig 2002-10-03 13:32:27.000000000 +0200 ++++ src/libpng/pngerror.c 2004-04-28 13:24:22.000000000 +0200 +@@ -135,10 +135,13 @@ + buffer[iout] = 0; + else + { ++ png_size_t len; ++ if ((len = png_strlen(message)) > 63) ++ len = 63; + buffer[iout++] = ':'; + buffer[iout++] = ' '; +- png_memcpy(buffer+iout, message, 64); +- buffer[iout+63] = 0; ++ png_memcpy(buffer+iout, message, len); ++ buffer[iout+len] = 0; + } + } + @@ . patch -p0 <<'@@ .' Index: openpkg-src/analog/analog.spec ============================================================================ $ cvs diff -u -r1.31.2.2.2.1 -r1.31.2.2.2.2 analog.spec --- openpkg-src/analog/analog.spec 29 Jul 2003 14:58:12 -0000 1.31.2.2.2.1 +++ openpkg-src/analog/analog.spec 29 Apr 2004 19:56:24 -0000 1.31.2.2.2.2 @@ -33,10 +33,11 @@ Group: Web License: GPL Version: 5.32 -Release: 1.3.0 +Release: 1.3.1 # list of sources Source0: http://www.analog.cx/analog-%{version}.tar.gz +Patch0: analog.patch # build information Prefix: %{l_prefix} @@ -54,6 +55,7 @@ %prep %setup -q + %patch %build cd src @@ . patch -p0 <<'@@ .' Index: openpkg-src/doxygen/doxygen.patch ============================================================================ $ cvs diff -u -r0 -r1.1.4.1 doxygen.patch --- /dev/null 2004-04-29 21:56:25.000000000 +0200 +++ doxygen.patch 2004-04-29 21:56:25.000000000 +0200 @@ -0,0 +1,47 @@ +--- libpng/pngrtran.c.orig Wed Oct 2 20:20:24 2002 ++++ libpng/pngrtran.c Wed Jan 15 11:30:23 2003 +@@ -1965,8 +1965,8 @@ + /* This changes the data from RRGGBB to RRGGBBXX */ + if (flags & PNG_FLAG_FILLER_AFTER) + { +- png_bytep sp = row + (png_size_t)row_width * 3; +- png_bytep dp = sp + (png_size_t)row_width; ++ png_bytep sp = row + (png_size_t)row_width * 6; ++ png_bytep dp = sp + (png_size_t)row_width * 2; + for (i = 1; i < row_width; i++) + { + *(--dp) = hi_filler; +@@ -1987,8 +1987,8 @@ + /* This changes the data from RRGGBB to XXRRGGBB */ + else + { +- png_bytep sp = row + (png_size_t)row_width * 3; +- png_bytep dp = sp + (png_size_t)row_width; ++ png_bytep sp = row + (png_size_t)row_width * 6; ++ png_bytep dp = sp + (png_size_t)row_width * 2; + for (i = 0; i < row_width; i++) + { + *(--dp) = *(--sp); + +Steve G <[EMAIL PROTECTED]> +Libpng accesses memory that is out of bounds when creating an error message + +Index: pngerror.c +--- libpng/pngerror.c.orig 2002-10-03 13:32:27.000000000 +0200 ++++ libpng/pngerror.c 2004-04-28 13:24:22.000000000 +0200 +@@ -135,10 +135,13 @@ + buffer[iout] = 0; + else + { ++ png_size_t len; ++ if ((len = png_strlen(message)) > 63) ++ len = 63; + buffer[iout++] = ':'; + buffer[iout++] = ' '; +- png_memcpy(buffer+iout, message, 64); +- buffer[iout+63] = 0; ++ png_memcpy(buffer+iout, message, len); ++ buffer[iout+len] = 0; + } + } + @@ . patch -p0 <<'@@ .' Index: openpkg-src/doxygen/doxygen.spec ============================================================================ $ cvs diff -u -r1.21.2.3.2.1 -r1.21.2.3.2.2 doxygen.spec --- openpkg-src/doxygen/doxygen.spec 29 Jul 2003 14:58:46 -0000 1.21.2.3.2.1 +++ openpkg-src/doxygen/doxygen.spec 29 Apr 2004 19:56:24 -0000 1.21.2.3.2.2 @@ -33,10 +33,11 @@ Group: Text License: GPL Version: 1.3.3 -Release: 1.3.0 +Release: 1.3.1 # list of sources Source0: ftp://ftp.stack.nl/pub/users/dimitri/doxygen-%{version}.src.tar.gz +Patch0: doxygen.patch # build information Prefix: %{l_prefix} @@ -51,6 +52,7 @@ %prep %setup -q + %patch %build opt="" @@ . patch -p0 <<'@@ .' Index: openpkg-src/ghostscript/ghostscript.patch ============================================================================ $ cvs diff -u -r0 -r1.6.2.1 ghostscript.patch --- /dev/null 2004-04-29 21:56:25.000000000 +0200 +++ ghostscript.patch 2004-04-29 21:56:25.000000000 +0200 @@ -0,0 +1,47 @@ +--- libpng-1.2.5/pngrtran.c.orig Wed Oct 2 20:20:24 2002 ++++ libpng-1.2.5/pngrtran.c Wed Jan 15 11:30:23 2003 +@@ -1965,8 +1965,8 @@ + /* This changes the data from RRGGBB to RRGGBBXX */ + if (flags & PNG_FLAG_FILLER_AFTER) + { +- png_bytep sp = row + (png_size_t)row_width * 3; +- png_bytep dp = sp + (png_size_t)row_width; ++ png_bytep sp = row + (png_size_t)row_width * 6; ++ png_bytep dp = sp + (png_size_t)row_width * 2; + for (i = 1; i < row_width; i++) + { + *(--dp) = hi_filler; +@@ -1987,8 +1987,8 @@ + /* This changes the data from RRGGBB to XXRRGGBB */ + else + { +- png_bytep sp = row + (png_size_t)row_width * 3; +- png_bytep dp = sp + (png_size_t)row_width; ++ png_bytep sp = row + (png_size_t)row_width * 6; ++ png_bytep dp = sp + (png_size_t)row_width * 2; + for (i = 0; i < row_width; i++) + { + *(--dp) = *(--sp); + +Steve G <[EMAIL PROTECTED]> +Libpng accesses memory that is out of bounds when creating an error message + +Index: pngerror.c +--- libpng-1.2.5/pngerror.c.orig 2002-10-03 13:32:27.000000000 +0200 ++++ libpng-1.2.5/pngerror.c 2004-04-28 13:24:22.000000000 +0200 +@@ -135,10 +135,13 @@ + buffer[iout] = 0; + else + { ++ png_size_t len; ++ if ((len = png_strlen(error_message)) > 63) ++ len = 63; + buffer[iout++] = ':'; + buffer[iout++] = ' '; +- png_memcpy(buffer+iout, error_message, 64); +- buffer[iout+63] = 0; ++ png_memcpy(buffer+iout, error_message, len); ++ buffer[iout+len] = 0; + } + } + @@ . patch -p0 <<'@@ .' Index: openpkg-src/ghostscript/ghostscript.spec ============================================================================ $ cvs diff -u -r1.33.2.2.2.1 -r1.33.2.2.2.2 ghostscript.spec --- openpkg-src/ghostscript/ghostscript.spec 29 Jul 2003 14:59:02 -0000 1.33.2.2.2.1 +++ openpkg-src/ghostscript/ghostscript.spec 29 Apr 2004 19:56:25 -0000 1.33.2.2.2.2 @@ -42,7 +42,7 @@ Group: Graphics License: Aladdin Version: %{V_real} -Release: 1.3.0 +Release: 1.3.1 # package options %option with_x11 yes @@ -54,6 +54,7 @@ Source3: http://www.gzip.org/zlib/zlib-%{V_zlib}.tar.gz Source4: ftp://mirror.cs.wisc.edu/pub/mirrors/ghost/AFPL/fonts/ghostscript-fonts-std-%{V_font}.tar.gz Source5: ftp://mirror.cs.wisc.edu/pub/mirrors/ghost/AFPL/fonts/ghostscript-fonts-other-%{V_font}.tar.gz +Patch0: ghostscript.patch # build information Prefix: %{l_prefix} @@ -82,6 +83,7 @@ %setup3 -q -T -D -a 3 %setup4 -q -T -D -a 4 %setup5 -q -T -D -a 5 + %patch mv jpeg-%{V_jpeg} ghostscript-%{version}/jpeg mv libpng-%{V_png} ghostscript-%{version}/libpng mv zlib-%{V_zlib} ghostscript-%{version}/zlib @@ . patch -p0 <<'@@ .' Index: openpkg-src/pdflib/pdflib.patch ============================================================================ $ cvs diff -u -r0 -r1.2.2.1 pdflib.patch --- /dev/null 2004-04-29 21:56:26.000000000 +0200 +++ pdflib.patch 2004-04-29 21:56:26.000000000 +0200 @@ -0,0 +1,47 @@ +--- libs/png/pngrtran.c.orig Wed Oct 2 20:20:24 2002 ++++ libs/png/pngrtran.c Wed Jan 15 11:30:23 2003 +@@ -1965,8 +1965,8 @@ + /* This changes the data from RRGGBB to RRGGBBXX */ + if (flags & PNG_FLAG_FILLER_AFTER) + { +- png_bytep sp = row + (png_size_t)row_width * 3; +- png_bytep dp = sp + (png_size_t)row_width; ++ png_bytep sp = row + (png_size_t)row_width * 6; ++ png_bytep dp = sp + (png_size_t)row_width * 2; + for (i = 1; i < row_width; i++) + { + *(--dp) = hi_filler; +@@ -1987,8 +1987,8 @@ + /* This changes the data from RRGGBB to XXRRGGBB */ + else + { +- png_bytep sp = row + (png_size_t)row_width * 3; +- png_bytep dp = sp + (png_size_t)row_width; ++ png_bytep sp = row + (png_size_t)row_width * 6; ++ png_bytep dp = sp + (png_size_t)row_width * 2; + for (i = 0; i < row_width; i++) + { + *(--dp) = *(--sp); + +Steve G <[EMAIL PROTECTED]> +Libpng accesses memory that is out of bounds when creating an error message + +Index: pngerror.c +--- libs/png/pngerror.c.orig 2002-10-03 13:32:27.000000000 +0200 ++++ libs/png/pngerror.c 2004-04-28 13:24:22.000000000 +0200 +@@ -135,10 +135,13 @@ + buffer[iout] = 0; + else + { ++ png_size_t len; ++ if ((len = png_strlen(error_message)) > 63) ++ len = 63; + buffer[iout++] = ':'; + buffer[iout++] = ' '; +- png_memcpy(buffer+iout, error_message, 64); +- buffer[iout+63] = 0; ++ png_memcpy(buffer+iout, error_message, len); ++ buffer[iout+len] = 0; + } + } + @@ . patch -p0 <<'@@ .' Index: openpkg-src/pdflib/pdflib.spec ============================================================================ $ cvs diff -u -r1.16.2.2.2.1 -r1.16.2.2.2.2 pdflib.spec --- openpkg-src/pdflib/pdflib.spec 29 Jul 2003 15:00:30 -0000 1.16.2.2.2.1 +++ openpkg-src/pdflib/pdflib.spec 29 Apr 2004 19:56:25 -0000 1.16.2.2.2.2 @@ -33,10 +33,11 @@ Group: Graphics License: PDFlib Version: 5.0.1 -Release: 1.3.0 +Release: 1.3.1 # list of sources Source0: http://www.pdflib.com/products/pdflib/download/PDFlib-Lite-%{version}-Unix-src.tar.gz +Patch0: pdflib.patch # build information Prefix: %{l_prefix} @@ -53,6 +54,7 @@ %prep %setup -q -n PDFlib-Lite-%{version}-Unix-src + %patch -p0 %build CC="%{l_cc}" \ @@ . patch -p0 <<'@@ .' Index: openpkg-src/perl-tk/perl-tk.patch ============================================================================ $ cvs diff -u -r0 -r1.3.2.1 perl-tk.patch --- /dev/null 2004-04-29 21:56:26.000000000 +0200 +++ perl-tk.patch 2004-04-29 21:56:26.000000000 +0200 @@ -0,0 +1,50 @@ +--- Tk-PNG-2.005/libpng/pngrtran.c.orig Wed Oct 2 20:20:24 2002 ++++ Tk-PNG-2.005/libpng/pngrtran.c Wed Jan 15 11:30:23 2003 +@@ -1965,8 +1965,8 @@ + /* This changes the data from RRGGBB to RRGGBBXX */ + if (flags & PNG_FLAG_FILLER_AFTER) + { +- png_bytep sp = row + (png_size_t)row_width * 3; +- png_bytep dp = sp + (png_size_t)row_width; ++ png_bytep sp = row + (png_size_t)row_width * 6; ++ png_bytep dp = sp + (png_size_t)row_width * 2; + for (i = 1; i < row_width; i++) + { + *(--dp) = hi_filler; +@@ -1987,8 +1987,8 @@ + /* This changes the data from RRGGBB to XXRRGGBB */ + else + { +- png_bytep sp = row + (png_size_t)row_width * 3; +- png_bytep dp = sp + (png_size_t)row_width; ++ png_bytep sp = row + (png_size_t)row_width * 6; ++ png_bytep dp = sp + (png_size_t)row_width * 2; + for (i = 0; i < row_width; i++) + { + *(--dp) = *(--sp); + +Steve G <[EMAIL PROTECTED]> +Libpng accesses memory that is out of bounds when creating an error message + +Index: pngerror.c +--- Tk-PNG-2.005/libpng/pngerror.c.orig 2004-04-29 15:33:33.000000000 +0200 ++++ Tk-PNG-2.005/libpng/pngerror.c 2004-04-29 15:35:46.000000000 +0200 +@@ -81,11 +81,15 @@ + + if (message == NULL) + buffer[iout] = 0; +- else { ++ else ++ { ++ png_size_t len; ++ if ((len = png_strlen(message)) > 63) ++ len = 63; + buffer[iout++] = ':'; + buffer[iout++] = ' '; +- png_memcpy(buffer+iout, message, 64); +- buffer[iout+63] = 0; ++ png_memcpy(buffer+iout, message, len); ++ buffer[iout+len] = 0; + } + } + @@ . patch -p0 <<'@@ .' Index: openpkg-src/perl-tk/perl-tk.spec ============================================================================ $ cvs diff -u -r1.16.2.3.2.1 -r1.16.2.3.2.2 perl-tk.spec --- openpkg-src/perl-tk/perl-tk.spec 29 Jul 2003 15:00:49 -0000 1.16.2.3.2.1 +++ openpkg-src/perl-tk/perl-tk.spec 29 Apr 2004 19:56:26 -0000 1.16.2.3.2.2 @@ -65,7 +65,7 @@ Group: Language License: GPL/Artistic Version: 1.3.0 -Release: 1.3.0 +Release: 1.3.1 # list of sources Source0: http://www.cpan.org/modules/by-module/Tk/Tk-%{V_tk}.tar.gz @@ -98,6 +98,7 @@ Source27: http://www.cpan.org/modules/by-module/Tk/Tk-TreeGraph-%{V_tk_treegraph}.tar.gz Source28: http://www.cpan.org/modules/by-module/Tk/Tk-Workspace-%{V_tk_workspace}.tar.gz Source29: http://www.cpan.org/modules/by-module/Tk/Tk-WorldCanvas-%{V_tk_worldcanvas}.tar.gz +Patch0: perl-tk.patch # build information Prefix: %{l_prefix} @@ -171,6 +172,7 @@ %setup27 -q -T -D -a 27 %setup28 -q -T -D -a 28 %setup29 -q -T -D -a 29 + %patch %build @@ . patch -p0 <<'@@ .' Index: openpkg-src/png/png.patch ============================================================================ $ cvs diff -u -r1.1 -r1.1.10.1 png.patch --- openpkg-src/png/png.patch 15 Jan 2003 13:50:46 -0000 1.1 +++ openpkg-src/png/png.patch 29 Apr 2004 19:56:26 -0000 1.1.10.1 @@ -22,3 +22,26 @@ for (i = 0; i < row_width; i++) { *(--dp) = *(--sp); + +Steve G <[EMAIL PROTECTED]> +Libpng accesses memory that is out of bounds when creating an error message + +Index: pngerror.c +--- pngerror.c.orig 2002-10-03 13:32:27.000000000 +0200 ++++ pngerror.c 2004-04-28 13:24:22.000000000 +0200 +@@ -135,10 +135,13 @@ + buffer[iout] = 0; + else + { ++ png_size_t len; ++ if ((len = png_strlen(error_message)) > 63) ++ len = 63; + buffer[iout++] = ':'; + buffer[iout++] = ' '; +- png_memcpy(buffer+iout, error_message, 64); +- buffer[iout+63] = 0; ++ png_memcpy(buffer+iout, error_message, len); ++ buffer[iout+len] = 0; + } + } + @@ . patch -p0 <<'@@ .' Index: openpkg-src/png/png.spec ============================================================================ $ cvs diff -u -r1.29.2.2.2.1 -r1.29.2.2.2.2 png.spec --- openpkg-src/png/png.spec 29 Jul 2003 15:00:59 -0000 1.29.2.2.2.1 +++ openpkg-src/png/png.spec 29 Apr 2004 19:56:26 -0000 1.29.2.2.2.2 @@ -33,7 +33,7 @@ Group: Graphics License: BSD Version: 1.2.5 -Release: 1.3.0 +Release: 1.3.1 # list of sources Source0: http://osdn.dl.sourceforge.net/sourceforge/libpng/libpng-%{version}.tar.gz @@ . patch -p0 <<'@@ .' Index: openpkg-src/rrdtool/rrdtool.patch ============================================================================ $ cvs diff -u -r0 -r1.4.2.1 rrdtool.patch --- /dev/null 2004-04-29 21:56:27.000000000 +0200 +++ rrdtool.patch 2004-04-29 21:56:27.000000000 +0200 @@ -0,0 +1,47 @@ +--- libpng-1.0.9/pngrtran.c.orig Wed Oct 2 20:20:24 2002 ++++ libpng-1.0.9/pngrtran.c Wed Jan 15 11:30:23 2003 +@@ -1965,8 +1965,8 @@ + /* This changes the data from RRGGBB to RRGGBBXX */ + if (flags & PNG_FLAG_FILLER_AFTER) + { +- png_bytep sp = row + (png_size_t)row_width * 3; +- png_bytep dp = sp + (png_size_t)row_width; ++ png_bytep sp = row + (png_size_t)row_width * 6; ++ png_bytep dp = sp + (png_size_t)row_width * 2; + for (i = 1; i < row_width; i++) + { + *(--dp) = hi_filler; +@@ -1987,8 +1987,8 @@ + /* This changes the data from RRGGBB to XXRRGGBB */ + else + { +- png_bytep sp = row + (png_size_t)row_width * 3; +- png_bytep dp = sp + (png_size_t)row_width; ++ png_bytep sp = row + (png_size_t)row_width * 6; ++ png_bytep dp = sp + (png_size_t)row_width * 2; + for (i = 0; i < row_width; i++) + { + *(--dp) = *(--sp); + +Steve G <[EMAIL PROTECTED]> +Libpng accesses memory that is out of bounds when creating an error message + +Index: pngerror.c +--- libpng-1.0.9/pngerror.c.orig 2002-10-03 13:32:27.000000000 +0200 ++++ libpng-1.0.9/pngerror.c 2004-04-28 13:24:22.000000000 +0200 +@@ -135,10 +135,13 @@ + buffer[iout] = 0; + else + { ++ png_size_t len; ++ if ((len = png_strlen(message)) > 63) ++ len = 63; + buffer[iout++] = ':'; + buffer[iout++] = ' '; +- png_memcpy(buffer+iout, message, 64); +- buffer[iout+63] = 0; ++ png_memcpy(buffer+iout, message, len); ++ buffer[iout+len] = 0; + } + } + @@ . patch -p0 <<'@@ .' Index: openpkg-src/rrdtool/rrdtool.spec ============================================================================ $ cvs diff -u -r1.31.2.2.2.1 -r1.31.2.2.2.2 rrdtool.spec --- openpkg-src/rrdtool/rrdtool.spec 29 Jul 2003 15:01:20 -0000 1.31.2.2.2.1 +++ openpkg-src/rrdtool/rrdtool.spec 29 Apr 2004 19:56:27 -0000 1.31.2.2.2.2 @@ -33,10 +33,11 @@ Group: Database License: LGPL Version: 1.0.45 -Release: 1.3.0 +Release: 1.3.1 # list of sources Source0: http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/pub/rrdtool-%{version}.tar.gz +Patch0: rrdtool.patch # build information Prefix: %{l_prefix} @@ -58,6 +59,7 @@ %prep %setup -q + %patch %build # configure package @@ . patch -p0 <<'@@ .' Index: openpkg-src/tetex/tetex.patch ============================================================================ $ cvs diff -u -r0 -r1.1.4.1.2.1 tetex.patch --- /dev/null 2004-04-29 21:56:28.000000000 +0200 +++ tetex.patch 2004-04-29 21:56:28.000000000 +0200 @@ -0,0 +1,47 @@ +--- libs/libpng/pngrtran.c.orig Wed Oct 2 20:20:24 2002 ++++ libs/libpng/pngrtran.c Wed Jan 15 11:30:23 2003 +@@ -1965,8 +1965,8 @@ + /* This changes the data from RRGGBB to RRGGBBXX */ + if (flags & PNG_FLAG_FILLER_AFTER) + { +- png_bytep sp = row + (png_size_t)row_width * 3; +- png_bytep dp = sp + (png_size_t)row_width; ++ png_bytep sp = row + (png_size_t)row_width * 6; ++ png_bytep dp = sp + (png_size_t)row_width * 2; + for (i = 1; i < row_width; i++) + { + *(--dp) = hi_filler; +@@ -1987,8 +1987,8 @@ + /* This changes the data from RRGGBB to XXRRGGBB */ + else + { +- png_bytep sp = row + (png_size_t)row_width * 3; +- png_bytep dp = sp + (png_size_t)row_width; ++ png_bytep sp = row + (png_size_t)row_width * 6; ++ png_bytep dp = sp + (png_size_t)row_width * 2; + for (i = 0; i < row_width; i++) + { + *(--dp) = *(--sp); + +Steve G <[EMAIL PROTECTED]> +Libpng accesses memory that is out of bounds when creating an error message + +Index: pngerror.c +--- libs/libpng/pngerror.c.orig 2002-10-03 13:32:27.000000000 +0200 ++++ libs/libpng/pngerror.c 2004-04-28 13:24:22.000000000 +0200 +@@ -135,10 +135,13 @@ + buffer[iout] = 0; + else + { ++ png_size_t len; ++ if ((len = png_strlen(error_message)) > 63) ++ len = 63; + buffer[iout++] = ':'; + buffer[iout++] = ' '; +- png_memcpy(buffer+iout, error_message, 64); +- buffer[iout+63] = 0; ++ png_memcpy(buffer+iout, error_message, len); ++ buffer[iout+len] = 0; + } + } + @@ . patch -p0 <<'@@ .' Index: openpkg-src/tetex/tetex.spec ============================================================================ $ cvs diff -u -r1.36.2.2.2.2 -r1.36.2.2.2.3 tetex.spec --- openpkg-src/tetex/tetex.spec 1 Aug 2003 11:11:41 -0000 1.36.2.2.2.2 +++ openpkg-src/tetex/tetex.spec 29 Apr 2004 19:56:28 -0000 1.36.2.2.2.3 @@ -38,7 +38,7 @@ Group: Text License: GPL Version: %{V_src} -Release: 1.3.0 +Release: 1.3.1 # package options %option with_x11 no @@ -48,6 +48,7 @@ Source1: ftp://cam.ctan.org/tex-archive/systems/unix/teTeX/%{V_base}/distrib/tetex-texmf-%{V_texmf}.tar.gz Source2: http://www.tei-c.org.uk/Software/passivetex/passivetex.zip Source3: ftp://ftp.tex.ac.uk/tex-archive/macros/xmltex/base.zip +Patch0: tetex.patch # build information Prefix: %{l_prefix} @@ -72,6 +73,7 @@ %prep %setup -q -n tetex-src-%{V_src} + %patch # teTeX requires the texmf stuff to be already in place # for building and installing the source parts. @@ . ______________________________________________________________________ The OpenPKG Project www.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]