rpms/compat-wxGTK26/F-10 compat-wxGTK26-setup.h, NONE, 1.1 wxGTK-2.6.4-CVE-2009-2369.patch, NONE, 1.1 wxGTK-2.6.4-gsocket-conflict.patch, NONE, 1.1 compat-wxGTK26.spec, 1.15, 1.16
Michael Schwendt
mschwendt at fedoraproject.org
Wed Jul 15 19:17:02 UTC 2009
Author: mschwendt
Update of /cvs/extras/rpms/compat-wxGTK26/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv32131
Modified Files:
compat-wxGTK26.spec
Added Files:
compat-wxGTK26-setup.h wxGTK-2.6.4-CVE-2009-2369.patch
wxGTK-2.6.4-gsocket-conflict.patch
Log Message:
* Wed Jul 15 2009 Michael Schwendt <mschwendt at fedoraproject.org> - 2.6.4-10
- apply rediffed fix for CVE-2009-2369 (#511279)
--- NEW FILE compat-wxGTK26-setup.h ---
/* Avoid setup.h header conflicts on multi-arch platforms.
* Any special arch handled here must also be handled in the
* RPM package .spec file. */
#if defined(__i386__)
#include <wx/setup-i386.h>
#elif defined(__x86_64__)
#include <wx/setup-x86_64.h>
#elif defined(__powerpc64__)
#include <wx/setup-ppc64.h>
#elif defined(__powerpc__)
#include <wx/setup-ppc.h>
#elif defined(__sparc__) && defined (__arch64__)
#include <wx/setup-sparc64.h>
#elif defined(__sparc__)
#include <wx/setup-sparc.h>
#else
#include <wx/setup-basearch.h>
#endif
wxGTK-2.6.4-CVE-2009-2369.patch:
--- NEW FILE wxGTK-2.6.4-CVE-2009-2369.patch ---
diff -Nur wxGTK-2.6.4-orig/src/common/imagpng.cpp wxGTK-2.6.4/src/common/imagpng.cpp
--- wxGTK-2.6.4-orig/src/common/imagpng.cpp 2007-03-20 16:50:01.000000000 +0100
+++ wxGTK-2.6.4/src/common/imagpng.cpp 2009-07-15 21:07:50.000000000 +0200
@@ -570,18 +570,16 @@
if (!image->Ok())
goto error;
- lines = (unsigned char **)malloc( (size_t)(height * sizeof(unsigned char *)) );
+ // initialize all line pointers to NULL to ensure that they can be safely
+ // free()d if an error occurs before all of them could be allocated
+ lines = (unsigned char **)calloc(height, sizeof(unsigned char *));
if ( !lines )
goto error;
for (i = 0; i < height; i++)
{
if ((lines[i] = (unsigned char *)malloc( (size_t)(width * (sizeof(unsigned char) * 4)))) == NULL)
- {
- for ( unsigned int n = 0; n < i; n++ )
- free( lines[n] );
goto error;
- }
}
png_read_image( png_ptr, lines );
diff -Nur wxGTK-2.6.4-orig/src/common/imagtiff.cpp wxGTK-2.6.4/src/common/imagtiff.cpp
--- wxGTK-2.6.4-orig/src/common/imagtiff.cpp 2007-03-20 16:50:01.000000000 +0100
+++ wxGTK-2.6.4/src/common/imagtiff.cpp 2009-07-15 21:08:08.000000000 +0200
@@ -232,15 +232,25 @@
}
uint32 w, h;
- uint32 npixels;
uint32 *raster;
TIFFGetField( tif, TIFFTAG_IMAGEWIDTH, &w );
TIFFGetField( tif, TIFFTAG_IMAGELENGTH, &h );
- npixels = w * h;
+ // guard against integer overflow during multiplication which could result
+ // in allocating a too small buffer and then overflowing it
+ const double bytesNeeded = (double)w * (double)h * sizeof(uint32);
+ if ( bytesNeeded >= 4294967295U /* UINT32_MAX */ )
+ {
+ if ( verbose )
+ wxLogError( _("TIFF: Image size is abnormally big.") );
+
+ TIFFClose(tif);
+
+ return false;
+ }
- raster = (uint32*) _TIFFmalloc( npixels * sizeof(uint32) );
+ raster = (uint32*) _TIFFmalloc( bytesNeeded );
if (!raster)
{
wxGTK-2.6.4-gsocket-conflict.patch:
--- NEW FILE wxGTK-2.6.4-gsocket-conflict.patch ---
diff -Nur wxGTK-2.6.4-orig/src/gtk/gsockgtk.cpp wxGTK-2.6.4/src/gtk/gsockgtk.cpp
--- wxGTK-2.6.4-orig/src/gtk/gsockgtk.cpp 2007-03-20 16:50:07.000000000 +0100
+++ wxGTK-2.6.4/src/gtk/gsockgtk.cpp 2009-06-11 13:28:59.000000000 +0200
@@ -14,8 +14,16 @@
#include <stdlib.h>
#include <stdio.h>
-#include <gdk/gdk.h>
-#include <glib.h>
+// Cannot include full gdk.h as it pulls in giotypes.h with
+// new GSocket conflicts since 2.21/2.22
+#include <gdk/gdkinput.h>
+// deprecated, copy from gdk.h
+gint gdk_input_add (gint source,
+ GdkInputCondition condition,
+ GdkInputFunction function,
+ gpointer data);
+void gdk_input_remove (gint tag);
+#include <glib/gtypes.h>
#include "wx/gsocket.h"
#include "wx/unix/gsockunx.h"
Index: compat-wxGTK26.spec
===================================================================
RCS file: /cvs/extras/rpms/compat-wxGTK26/F-10/compat-wxGTK26.spec,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -p -r1.15 -r1.16
--- compat-wxGTK26.spec 15 Jul 2008 17:45:11 -0000 1.15
+++ compat-wxGTK26.spec 15 Jul 2009 19:17:01 -0000 1.16
@@ -1,6 +1,6 @@
Name: compat-wxGTK26
Version: 2.6.4
-Release: 3
+Release: 10%{?dist}
Summary: GTK2 port of the wxWidgets GUI library
# The wxWindows licence is the LGPL with a specific exemption allowing
# distribution of derived binaries under any terms. (This will eventually
@@ -9,6 +9,7 @@ License: wxWidgets
Group: System Environment/Libraries
URL: http://www.wxwidgets.org/
Source0: http://dl.sf.net/wxwindows/wxGTK-%{version}.tar.bz2
+Source1: compat-wxGTK26-setup.h
Patch1: wxGTK-2.6.3-locale-compat.patch
Patch2: wxGTK-2.6.3-gtk-crash.patch
Patch3: wxGTK-2.6.3-g_thread_init.patch
@@ -16,6 +17,8 @@ Patch3: wxGTK-2.6.3-g_thread_ini
Patch5: wxGTK-2.6.3-expat2.patch
Patch6: wxGTK-2.6.3-strconv.patch
Patch7: wxGTK-2.6.4-config-script.patch
+Patch8: wxGTK-2.6.4-gsocket-conflict.patch
+Patch9: wxGTK-2.6.4-CVE-2009-2369.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: gtk2-devel, zlib-devel >= 1.1.4
@@ -23,8 +26,6 @@ BuildRequires: libpng-devel, libjpeg-de
BuildRequires: expat-devel, SDL-devel, libgnomeprintui22-devel
BuildRequires: libGL-devel, libGLU-devel
-Obsoletes: wxGTK < 2.8
-Obsoletes: wxGTK-gl < 2.8
%description
@@ -40,7 +41,7 @@ Summary: Development files for th
Requires: %{name} = %{version}-%{release}
Requires: gtk2-devel
Requires: libGL-devel, libGLU-devel
-Obsoletes: wxGTK-devel < 2.8
+
%description devel
This package include files needed to link with the wxGTK2 library.
@@ -56,6 +57,9 @@ This package include files needed to lin
%patch5 -p1 -b .expat2
%patch6 -p1 -b .strconv
%patch7 -p1 -b .config-script
+%patch8 -p1 -b .gsocket-conflict
+# http://trac.wxwidgets.org/ticket/10993
+%patch9 -p1 -b .CVE-2009-2369
sed -i -e 's|/usr/lib\b|%{_libdir}|' configure
@@ -91,14 +95,15 @@ make %{?_smp_mflags} -C contrib/src/ogl
make %{?_smp_mflags} -C contrib/src/gizmos
make %{?_smp_mflags} -C contrib/src/animate
+
%install
rm -rf $RPM_BUILD_ROOT
-make DESTDIR=$RPM_BUILD_ROOT install
-make DESTDIR=$RPM_BUILD_ROOT install -C contrib/src/stc
-make DESTDIR=$RPM_BUILD_ROOT install -C contrib/src/ogl
-make DESTDIR=$RPM_BUILD_ROOT install -C contrib/src/gizmos
-make DESTDIR=$RPM_BUILD_ROOT install -C contrib/src/animate
+make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install
+make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install -C contrib/src/stc
+make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install -C contrib/src/ogl
+make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install -C contrib/src/gizmos
+make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install -C contrib/src/animate
# Don't want these.
rm -rf ${RPM_BUILD_ROOT}%{_datadir}/bakefile
@@ -116,6 +121,35 @@ if [ "%{_libdir}" != "%{_prefix}/lib" ]
mkdir -p ${RPM_BUILD_ROOT}%{_prefix}/lib
mv ${RPM_BUILD_ROOT}%{_libdir}/wx ${RPM_BUILD_ROOT}%{_prefix}/lib
fi
+# Rename setup.h to setup-${arch}.h and
+# install a setup.h that picks the right header based on ifdef.
+# See Source1 file.
+setuph=$(find ${RPM_BUILD_ROOT}%{_prefix}/lib/wx -name setup.h)
+arch=basearch
+%ifarch %ix86
+arch=i386
+%endif
+%ifarch x86_64
+arch=x86_64
+%endif
+%ifarch ppc
+arch=ppc
+%endif
+%ifarch ppc64
+arch=ppc64
+%endif
+%ifarch sparc
+arch=sparc
+%endif
+%ifarch sparcv9
+arch=sparc
+%endif
+%ifarch sparc64
+arch=sparc64
+%endif
+newsetuph=${setuph%%.h}-${arch}.h
+mv $setuph $newsetuph
+install -p -m0644 %{SOURCE1} $setuph
# Deal with conflicting files.
cd ${RPM_BUILD_ROOT}%{_bindir}
@@ -126,6 +160,13 @@ mv ${RPM_BUILD_ROOT}%{_datadir}/aclocal/
${RPM_BUILD_ROOT}%{_datadir}/aclocal/wxwin-2.6.m4
+%check
+# Roughly test that the wx/setup.h wrapper can be compiled.
+inc=$(dirname $(find ${RPM_BUILD_ROOT}%{_prefix}/lib/wx -name setup.h))
+printf '#include <wx/setup.h>\nint main() { return 0; }\n' > __t.cc
+g++ -I${inc}/.. -I${RPM_BUILD_ROOT}%{_includedir}/wx-2.6 __t.cc -c
+
+
%clean
rm -rf $RPM_BUILD_ROOT
@@ -167,6 +208,30 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Wed Jul 15 2009 Michael Schwendt <mschwendt at fedoraproject.org> - 2.6.4-10
+- apply rediffed fix for CVE-2009-2369 (#511279)
+
+* Thu Jun 11 2009 Michael Schwendt <mschwendt at fedoraproject.org> - 2.6.4-9
+- glib2 2.21.1's gio in Rawhide F-12 introduces a GSocket that
+ conflicts with wxGTK's GSocket class (gsocket.h): reduce the glib/gdk
+ headers that are included during build to avoid conflicting redefinitions
+
+* Sun Jun 7 2009 Michael Schwendt <mschwendt at fedoraproject.org> - 2.6.4-8
+- target sparcv9 => setup-sparc.h
+
+* Wed Mar 25 2009 Michael Schwendt <mschwendt at fedoraproject.org> - 2.6.4-7
+- add check section with tiny compilation check for wx/setup.h wrapper
+
+* Tue Mar 24 2009 Michael Schwendt <mschwendt at fedoraproject.org> - 2.6.4-6
+- resolve multi-arch conflict in wx/setup.h
+
+* Tue Feb 24 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.6.4-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Mon Dec 22 2008 Michael Schwendt <mschwendt at fedoraproject.org> - 2.6.4-4
+- remove wxGTK{,-devel,-gl} Obsoletes since the wxGTK2 (2.8.x)
+ pkg set in Fedora has been renamed to wxGTK
+
* Tue Jul 15 2008 Tom "spot" Callaway <tcallawa at redhat.com> - 2.6.4-3
- fix license tag
More information about the fedora-extras-commits
mailing list