FreeBSD Bugzilla – Attachment 246008 Details for
Bug 274822
graphics/optipng: Update to 0.7.7_1 and fix CVE-2023-43907
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Updated patch for graphics/optipng
0001-graphics-optipng-Add-fix-for-CVE-2023-43907.patch (text/plain), 2.98 KB, created by
Thomas Hurst
on 2023-10-30 23:28:43 UTC
(
hide
)
Description:
Updated patch for graphics/optipng
Filename:
MIME Type:
Creator:
Thomas Hurst
Created:
2023-10-30 23:28:43 UTC
Size:
2.98 KB
patch
obsolete
>From 6e266793f0e3611254f3d25900caac810cd318e8 Mon Sep 17 00:00:00 2001 >From: Thomas Hurst <tom@hur.st> >Date: Mon, 30 Oct 2023 22:45:22 +0000 >Subject: [PATCH] graphics/optipng: Add fix for CVE-2023-43907 > >- Add a bounds check to prevent out-of-bounds read of buffer on > specially-formed GIF files. >- Remove BUNDLED_LIBPNG and BUNDLED_ZLIB, as the supplied versions are > well out of date and offer no noted advantages. >--- > graphics/optipng/Makefile | 26 ++++++++----------- > .../optipng/files/patch-src_gifread_gifread.c | 14 ++++++++++ > 2 files changed, 25 insertions(+), 15 deletions(-) > create mode 100644 graphics/optipng/files/patch-src_gifread_gifread.c > >diff --git a/graphics/optipng/Makefile b/graphics/optipng/Makefile >index adf3fcdb59be..9cca9ea4051f 100644 >--- a/graphics/optipng/Makefile >+++ b/graphics/optipng/Makefile >@@ -1,36 +1,32 @@ > PORTNAME= optipng > PORTVERSION= 0.7.7 >+PORTREVISION= 1 > CATEGORIES= graphics > MASTER_SITES= SF/${PORTNAME}/OptiPNG/${PORTNAME}-${PORTVERSION} > > MAINTAINER= tom@hur.st > COMMENT= Optimizer for PNG files >-WWW= http://optipng.sourceforge.net/ >+WWW= https://optipng.sourceforge.net/ > > LICENSE= ZLIB > LICENSE_FILE= ${WRKSRC}/LICENSE.txt > >-OPTIONS_DEFINE= BUNDLED_LIBPNG BUNDLED_ZLIB DOCS >+LIB_DEPENDS= libpng.so:graphics/png > >-BUNDLED_LIBPNG_DESC= Use bundled libpng >-BUNDLED_LIBPNG_CONFIGURE_OFF= --with-system-libpng >-BUNDLED_LIBPNG_CONFIGURE_ON= --without-system-libpng >-BUNDLED_LIBPNG_LIB_DEPENDS_OFF= libpng.so:graphics/png >-BUNDLED_LIBPNG_USES_OFF= localbase:ldflags >- >-BUNDLED_ZLIB_DESC= Use bundled zlib >-BUNDLED_ZLIB_CONFIGURE_OFF= --with-system-zlib >-BUNDLED_ZLIB_CONFIGURE_ON= --without-system-zlib >+USES= cpe gmake localbase:ldflags >+CPE_VENDOR= optipng_project > >-USES= cpe gmake > HAS_CONFIGURE= yes >+CONFIGURE_ARGS= --with-system-libpng \ >+ --with-system-zlib > >-CPE_VENDOR= optipng_project >- >-PLIST_FILES= bin/optipng man/man1/optipng.1.gz >+PLIST_FILES= bin/optipng \ >+ man/man1/optipng.1.gz > PORTDOCS= history.txt optipng.man.html optipng.man.pdf optipng.man.txt \ > png_optimization.html todo.txt > >+OPTIONS_DEFINE= DOCS >+ > do-install: > ${INSTALL_PROGRAM} ${WRKSRC}/src/optipng/optipng ${STAGEDIR}${PREFIX}/bin/ > ${INSTALL_MAN} ${WRKSRC}/src/optipng/man/optipng.1 ${STAGEDIR}${MAN1PREFIX}/man/man1/ >diff --git a/graphics/optipng/files/patch-src_gifread_gifread.c b/graphics/optipng/files/patch-src_gifread_gifread.c >new file mode 100644 >index 000000000000..a32ff38c60bc >--- /dev/null >+++ b/graphics/optipng/files/patch-src_gifread_gifread.c >@@ -0,0 +1,14 @@ >+--- src/gifread/gifread.c.orig 2017-12-10 23:49:00 UTC >++++ src/gifread/gifread.c >+@@ -363,6 +363,11 @@ static int LZWGetCode(int code_size, int init_flag, FI >+ lastbit = (2 + count) * 8; >+ } >+ >++ if ((curbit + code_size - 1) / 8 >= sizeof(buffer)) { >++ GIFError("Malformed GIF (CVE-2023-43907)"); >++ return -1; >++ } >++ >+ ret = 0; >+ for (i = curbit, j = 0; j < code_size; ++i, ++j) >+ ret |= ((buffer[i / 8] & (1 << (i % 8))) != 0) << j; >-- >2.42.0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=246008">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
tom
:
maintainer-approval+
Actions:
View
|
Diff
Attachments on
bug 274822
:
246007
|
246008
|
246009