head 1.2; access; symbols pkgsrc-2019Q4:1.1.0.22 pkgsrc-2019Q4-base:1.1 pkgsrc-2019Q3:1.1.0.18 pkgsrc-2019Q3-base:1.1 pkgsrc-2019Q2:1.1.0.16 pkgsrc-2019Q2-base:1.1 pkgsrc-2019Q1:1.1.0.14 pkgsrc-2019Q1-base:1.1 pkgsrc-2018Q4:1.1.0.12 pkgsrc-2018Q4-base:1.1 pkgsrc-2018Q3:1.1.0.10 pkgsrc-2018Q3-base:1.1 pkgsrc-2018Q2:1.1.0.8 pkgsrc-2018Q2-base:1.1 pkgsrc-2018Q1:1.1.0.6 pkgsrc-2018Q1-base:1.1 pkgsrc-2017Q4:1.1.0.4 pkgsrc-2017Q4-base:1.1 pkgsrc-2017Q3:1.1.0.2; locks; strict; comment @// @; 1.2 date 2020.01.19.11.07.56; author nros; state dead; branches; next 1.1; commitid QIETPuNnbpMV6iTB; 1.1 date 2017.10.04.17.19.33; author nros; state Exp; branches 1.1.2.1; next ; commitid lvjb3a7p3Npt4L9A; 1.1.2.1 date 2017.10.04.17.19.33; author spz; state dead; branches; next 1.1.2.2; commitid Lpah6o1wYpD30O9A; 1.1.2.2 date 2017.10.05.02.08.51; author spz; state Exp; branches; next ; commitid Lpah6o1wYpD30O9A; desc @@ 1.2 log @Update distfile and fix build on illumos Update distfile for libfpx, difference from the old one: our patches are applied in it and it is available at the mastersite. Fix build on illumos and perhaps other platforms by using autoconf to look for the endian headers instead of using __sun (solaris.h is not available on illumos). bump pkgrevision. @ text @$NetBSD: patch-oless_dir.cxx,v 1.1 2017/10/04 17:19:33 nros Exp $ possible fix for CVE-2017-12920 --- oless/dir.cxx.orig 2017-10-03 18:36:32.000000000 +0000 +++ oless/dir.cxx @@@@ -1100,6 +1100,8 @@@@ SCODE CDirectory::GetDirEntry( DIRINDEX id = sid / _cdeEntries; msfChk(_dv.GetTable(id, dwFlags, &pds)); + if (ppde == NULL) + msfErr(Err, ERROR_INVALID_ADDRESS); *ppde = pds->GetEntry((DIROFFSET)(sid % _cdeEntries)); @ 1.1 log @Add patches to fix CVE-2017-12925 , CVE-2017-12921 and a possible fix for CVE-2017-12920. Use += in master sites insted of \. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-oless_dir.cxx was added on branch pkgsrc-2017Q3 on 2017-10-05 02:08:51 +0000 @ text @d1 13 @ 1.1.2.2 log @Pullup ticket #5563 - requested by sevan graphics/libfpx: security patch Revisions pulled up: - graphics/libfpx/Makefile 1.3 - graphics/libfpx/distinfo 1.2 - graphics/libfpx/patches/patch-fpx_f__fpxvw.cpp 1.1 - graphics/libfpx/patches/patch-oless_dir.cxx 1.1 - graphics/libfpx/patches/patch-oless_docfile.cxx 1.1 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: nros Date: Wed Oct 4 17:19:33 UTC 2017 Modified Files: pkgsrc/graphics/libfpx: Makefile distinfo Added Files: pkgsrc/graphics/libfpx/patches: patch-fpx_f__fpxvw.cpp patch-oless_dir.cxx patch-oless_docfile.cxx Log Message: Add patches to fix CVE-2017-12925 , CVE-2017-12921 and a possible fix for CVE-2017-12920. Use += in master sites insted of \. Bump PKGREVISION. To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 pkgsrc/graphics/libfpx/Makefile cvs rdiff -u -r1.1 -r1.2 pkgsrc/graphics/libfpx/distinfo cvs rdiff -u -r0 -r1.1 pkgsrc/graphics/libfpx/patches/patch-fpx_f__fpxvw.cpp \ pkgsrc/graphics/libfpx/patches/patch-oless_dir.cxx \ pkgsrc/graphics/libfpx/patches/patch-oless_docfile.cxx @ text @a0 13 $NetBSD$ possible fix for CVE-2017-12920 --- oless/dir.cxx.orig 2017-10-03 18:36:32.000000000 +0000 +++ oless/dir.cxx @@@@ -1100,6 +1100,8 @@@@ SCODE CDirectory::GetDirEntry( DIRINDEX id = sid / _cdeEntries; msfChk(_dv.GetTable(id, dwFlags, &pds)); + if (ppde == NULL) + msfErr(Err, ERROR_INVALID_ADDRESS); *ppde = pds->GetEntry((DIROFFSET)(sid % _cdeEntries)); @