Attachment 95781 Details for Bug 134246 – libwmf.diff

[patch] libwmf.diff

libwmf.diff (text/plain), 2.60 KB, created by Eygene Ryabinkin on 2009-05-05 22:10:03 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Eygene Ryabinkin

Created: 2009-05-05 22:10:03 UTC

Size: 2.60 KB

patch

obsolete

>From 1ac505a89ecb6276374b1c39dc52579368fb97b0 Mon Sep 17 00:00:00 2001
>From: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
>Date: Wed, 6 May 2009 00:37:31 +0400
>
>Patches were taken from Ubuntu's builds of libwmf,
>  http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.3-3.1ubuntu0.2.diff.gz
>
>Signed-off-by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
>---
> graphics/libwmf/Makefile                  |    2 +-
> graphics/libwmf/files/patch-cve-2006-3376 |   30 +++++++++++++++++++++++++++++
> graphics/libwmf/files/patch-cve-2009-1364 |   14 +++++++++++++
> 3 files changed, 45 insertions(+), 1 deletions(-)
> create mode 100644 graphics/libwmf/files/patch-cve-2006-3376
> create mode 100644 graphics/libwmf/files/patch-cve-2009-1364
>
>diff --git a/graphics/libwmf/Makefile b/graphics/libwmf/Makefile
>index 16f6774..3be48d0 100644
>--- a/graphics/libwmf/Makefile
>+++ b/graphics/libwmf/Makefile
>@@ -7,7 +7,7 @@
> 
> PORTNAME=	libwmf
> PORTVERSION=	0.2.8.4
>-PORTREVISION=	2
>+PORTREVISION=	3
> CATEGORIES=	graphics
> MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
> MASTER_SITE_SUBDIR=	wvware
>diff --git a/graphics/libwmf/files/patch-cve-2006-3376 b/graphics/libwmf/files/patch-cve-2006-3376
>new file mode 100644
>index 0000000..75c0b90
>--- /dev/null
>+++ b/graphics/libwmf/files/patch-cve-2006-3376
>@@ -0,0 +1,30 @@
>+Fix for CVE-2006-3376.
>+
>+Obtained from: Ubuntu
>+--- src/player.c
>++++ src/player.c
>+@@ -23,6 +23,7 @@
>+ 
>+ #include <stdio.h>
>+ #include <stdlib.h>
>++#include <stdint.h>
>+ #include <string.h>
>+ #include <math.h>
>+ 
>+@@ -132,8 +133,14 @@
>+ 		}
>+ 	}
>+ 
>+-/*	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)-3) * 2 * sizeof (unsigned char));
>+- */	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)  ) * 2 * sizeof (unsigned char));
>++	if (MAX_REC_SIZE(API) > UINT32_MAX / 2)
>++	{
>++		API->err = wmf_E_InsMem;
>++		WMF_DEBUG (API,"bailing...");
>++		return (API->err);
>++	}
>++
>++ 	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)  ) * 2 * sizeof (unsigned char));
>+ 
>+ 	if (ERR (API))
>+ 	{	WMF_DEBUG (API,"bailing...");
>diff --git a/graphics/libwmf/files/patch-cve-2009-1364 b/graphics/libwmf/files/patch-cve-2009-1364
>new file mode 100644
>index 0000000..dfce754
>--- /dev/null
>+++ b/graphics/libwmf/files/patch-cve-2009-1364
>@@ -0,0 +1,14 @@
>+Patch for CVE-2009-1364
>+
>+Obtained from: Ubuntu
>+
>+--- src/extra/gd/gd_clip.c
>++++ src/extra/gd/gd_clip.c
>+@@ -70,6 +70,7 @@
>+ 	{	more = gdRealloc (im->clip->list,(im->clip->max + 8) * sizeof (gdClipRectangle));
>+ 		if (more == 0) return;
>+ 		im->clip->max += 8;
>++		im->clip->list = more;
>+ 	}
>+ 	im->clip->list[im->clip->count] = (*rect);
>+ 	im->clip->count++;
>-- 
>1.6.2.5

Actions: View | Diff

Attachments on bug 134246: 95781 | 95782