rpms/compat-wxGTK26/F-11 wxGTK-2.6.4-CVE-2009-2369.patch, NONE, 1.1 wxGTK-2.6.4-gsocket-conflict.patch, NONE, 1.1 compat-wxGTK26.spec, 1.25, 1.26
Michael Schwendt
mschwendt at fedoraproject.org
Wed Jul 15 19:14:38 UTC 2009
- Previous message (by thread): rpms/xorg-x11-xdm/devel xorg-x11-xdm.spec, 1.46, 1.47 xserver.pamd, 1.2, NONE
- Next message (by thread): rpms/compat-wxGTK26/F-10 compat-wxGTK26-setup.h, NONE, 1.1 wxGTK-2.6.4-CVE-2009-2369.patch, NONE, 1.1 wxGTK-2.6.4-gsocket-conflict.patch, NONE, 1.1 compat-wxGTK26.spec, 1.15, 1.16
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: mschwendt
Update of /cvs/extras/rpms/compat-wxGTK26/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv31361
Modified Files:
compat-wxGTK26.spec
Added Files:
wxGTK-2.6.4-CVE-2009-2369.patch
wxGTK-2.6.4-gsocket-conflict.patch
Log Message:
* Wed Jul 15 2009 Michael Schwendt <mschwendt at fedoraproject.org> - 2.6.4-10
- apply rediffed fix for CVE-2009-2369 (#511279)
wxGTK-2.6.4-CVE-2009-2369.patch:
--- NEW FILE wxGTK-2.6.4-CVE-2009-2369.patch ---
diff -Nur wxGTK-2.6.4-orig/src/common/imagpng.cpp wxGTK-2.6.4/src/common/imagpng.cpp
--- wxGTK-2.6.4-orig/src/common/imagpng.cpp 2007-03-20 16:50:01.000000000 +0100
+++ wxGTK-2.6.4/src/common/imagpng.cpp 2009-07-15 21:07:50.000000000 +0200
@@ -570,18 +570,16 @@
if (!image->Ok())
goto error;
- lines = (unsigned char **)malloc( (size_t)(height * sizeof(unsigned char *)) );
+ // initialize all line pointers to NULL to ensure that they can be safely
+ // free()d if an error occurs before all of them could be allocated
+ lines = (unsigned char **)calloc(height, sizeof(unsigned char *));
if ( !lines )
goto error;
for (i = 0; i < height; i++)
{
if ((lines[i] = (unsigned char *)malloc( (size_t)(width * (sizeof(unsigned char) * 4)))) == NULL)
- {
- for ( unsigned int n = 0; n < i; n++ )
- free( lines[n] );
goto error;
- }
}
png_read_image( png_ptr, lines );
diff -Nur wxGTK-2.6.4-orig/src/common/imagtiff.cpp wxGTK-2.6.4/src/common/imagtiff.cpp
--- wxGTK-2.6.4-orig/src/common/imagtiff.cpp 2007-03-20 16:50:01.000000000 +0100
+++ wxGTK-2.6.4/src/common/imagtiff.cpp 2009-07-15 21:08:08.000000000 +0200
@@ -232,15 +232,25 @@
}
uint32 w, h;
- uint32 npixels;
uint32 *raster;
TIFFGetField( tif, TIFFTAG_IMAGEWIDTH, &w );
TIFFGetField( tif, TIFFTAG_IMAGELENGTH, &h );
- npixels = w * h;
+ // guard against integer overflow during multiplication which could result
+ // in allocating a too small buffer and then overflowing it
+ const double bytesNeeded = (double)w * (double)h * sizeof(uint32);
+ if ( bytesNeeded >= 4294967295U /* UINT32_MAX */ )
+ {
+ if ( verbose )
+ wxLogError( _("TIFF: Image size is abnormally big.") );
+
+ TIFFClose(tif);
+
+ return false;
+ }
- raster = (uint32*) _TIFFmalloc( npixels * sizeof(uint32) );
+ raster = (uint32*) _TIFFmalloc( bytesNeeded );
if (!raster)
{
wxGTK-2.6.4-gsocket-conflict.patch:
--- NEW FILE wxGTK-2.6.4-gsocket-conflict.patch ---
diff -Nur wxGTK-2.6.4-orig/src/gtk/gsockgtk.cpp wxGTK-2.6.4/src/gtk/gsockgtk.cpp
--- wxGTK-2.6.4-orig/src/gtk/gsockgtk.cpp 2007-03-20 16:50:07.000000000 +0100
+++ wxGTK-2.6.4/src/gtk/gsockgtk.cpp 2009-06-11 13:28:59.000000000 +0200
@@ -14,8 +14,16 @@
#include <stdlib.h>
#include <stdio.h>
-#include <gdk/gdk.h>
-#include <glib.h>
+// Cannot include full gdk.h as it pulls in giotypes.h with
+// new GSocket conflicts since 2.21/2.22
+#include <gdk/gdkinput.h>
+// deprecated, copy from gdk.h
+gint gdk_input_add (gint source,
+ GdkInputCondition condition,
+ GdkInputFunction function,
+ gpointer data);
+void gdk_input_remove (gint tag);
+#include <glib/gtypes.h>
#include "wx/gsocket.h"
#include "wx/unix/gsockunx.h"
Index: compat-wxGTK26.spec
===================================================================
RCS file: /cvs/extras/rpms/compat-wxGTK26/F-11/compat-wxGTK26.spec,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -p -r1.25 -r1.26
--- compat-wxGTK26.spec 7 Jun 2009 16:03:16 -0000 1.25
+++ compat-wxGTK26.spec 15 Jul 2009 19:14:37 -0000 1.26
@@ -1,6 +1,6 @@
Name: compat-wxGTK26
Version: 2.6.4
-Release: 8%{?dist}
+Release: 10%{?dist}
Summary: GTK2 port of the wxWidgets GUI library
# The wxWindows licence is the LGPL with a specific exemption allowing
# distribution of derived binaries under any terms. (This will eventually
@@ -17,6 +17,8 @@ Patch3: wxGTK-2.6.3-g_thread_ini
Patch5: wxGTK-2.6.3-expat2.patch
Patch6: wxGTK-2.6.3-strconv.patch
Patch7: wxGTK-2.6.4-config-script.patch
+Patch8: wxGTK-2.6.4-gsocket-conflict.patch
+Patch9: wxGTK-2.6.4-CVE-2009-2369.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: gtk2-devel, zlib-devel >= 1.1.4
@@ -55,6 +57,9 @@ This package include files needed to lin
%patch5 -p1 -b .expat2
%patch6 -p1 -b .strconv
%patch7 -p1 -b .config-script
+%patch8 -p1 -b .gsocket-conflict
+# http://trac.wxwidgets.org/ticket/10993
+%patch9 -p1 -b .CVE-2009-2369
sed -i -e 's|/usr/lib\b|%{_libdir}|' configure
@@ -203,6 +208,14 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Wed Jul 15 2009 Michael Schwendt <mschwendt at fedoraproject.org> - 2.6.4-10
+- apply rediffed fix for CVE-2009-2369 (#511279)
+
+* Thu Jun 11 2009 Michael Schwendt <mschwendt at fedoraproject.org> - 2.6.4-9
+- glib2 2.21.1's gio in Rawhide F-12 introduces a GSocket that
+ conflicts with wxGTK's GSocket class (gsocket.h): reduce the glib/gdk
+ headers that are included during build to avoid conflicting redefinitions
+
* Sun Jun 7 2009 Michael Schwendt <mschwendt at fedoraproject.org> - 2.6.4-8
- target sparcv9 => setup-sparc.h
- Previous message (by thread): rpms/xorg-x11-xdm/devel xorg-x11-xdm.spec, 1.46, 1.47 xserver.pamd, 1.2, NONE
- Next message (by thread): rpms/compat-wxGTK26/F-10 compat-wxGTK26-setup.h, NONE, 1.1 wxGTK-2.6.4-CVE-2009-2369.patch, NONE, 1.1 wxGTK-2.6.4-gsocket-conflict.patch, NONE, 1.1 compat-wxGTK26.spec, 1.15, 1.16
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list