head 1.3; access; symbols pkgsrc-2026Q1:1.3.0.154 pkgsrc-2026Q1-base:1.3 pkgsrc-2025Q4:1.3.0.152 pkgsrc-2025Q4-base:1.3 pkgsrc-2025Q3:1.3.0.150 pkgsrc-2025Q3-base:1.3 pkgsrc-2025Q2:1.3.0.148 pkgsrc-2025Q2-base:1.3 pkgsrc-2025Q1:1.3.0.146 pkgsrc-2025Q1-base:1.3 pkgsrc-2024Q4:1.3.0.144 pkgsrc-2024Q4-base:1.3 pkgsrc-2024Q3:1.3.0.142 pkgsrc-2024Q3-base:1.3 pkgsrc-2024Q2:1.3.0.140 pkgsrc-2024Q2-base:1.3 pkgsrc-2024Q1:1.3.0.138 pkgsrc-2024Q1-base:1.3 pkgsrc-2023Q4:1.3.0.136 pkgsrc-2023Q4-base:1.3 pkgsrc-2023Q3:1.3.0.134 pkgsrc-2023Q3-base:1.3 pkgsrc-2023Q2:1.3.0.132 pkgsrc-2023Q2-base:1.3 pkgsrc-2023Q1:1.3.0.130 pkgsrc-2023Q1-base:1.3 pkgsrc-2022Q4:1.3.0.128 pkgsrc-2022Q4-base:1.3 pkgsrc-2022Q3:1.3.0.126 pkgsrc-2022Q3-base:1.3 pkgsrc-2022Q2:1.3.0.124 pkgsrc-2022Q2-base:1.3 pkgsrc-2022Q1:1.3.0.122 pkgsrc-2022Q1-base:1.3 pkgsrc-2021Q4:1.3.0.120 pkgsrc-2021Q4-base:1.3 pkgsrc-2021Q3:1.3.0.118 pkgsrc-2021Q3-base:1.3 pkgsrc-2021Q2:1.3.0.116 pkgsrc-2021Q2-base:1.3 pkgsrc-2021Q1:1.3.0.114 pkgsrc-2021Q1-base:1.3 pkgsrc-2020Q4:1.3.0.112 pkgsrc-2020Q4-base:1.3 pkgsrc-2020Q3:1.3.0.110 pkgsrc-2020Q3-base:1.3 pkgsrc-2020Q2:1.3.0.106 pkgsrc-2020Q2-base:1.3 pkgsrc-2020Q1:1.3.0.86 pkgsrc-2020Q1-base:1.3 pkgsrc-2019Q4:1.3.0.108 pkgsrc-2019Q4-base:1.3 pkgsrc-2019Q3:1.3.0.104 pkgsrc-2019Q3-base:1.3 pkgsrc-2019Q2:1.3.0.102 pkgsrc-2019Q2-base:1.3 pkgsrc-2019Q1:1.3.0.100 pkgsrc-2019Q1-base:1.3 pkgsrc-2018Q4:1.3.0.98 pkgsrc-2018Q4-base:1.3 pkgsrc-2018Q3:1.3.0.96 pkgsrc-2018Q3-base:1.3 pkgsrc-2018Q2:1.3.0.94 pkgsrc-2018Q2-base:1.3 pkgsrc-2018Q1:1.3.0.92 pkgsrc-2018Q1-base:1.3 pkgsrc-2017Q4:1.3.0.90 pkgsrc-2017Q4-base:1.3 pkgsrc-2017Q3:1.3.0.88 pkgsrc-2017Q3-base:1.3 pkgsrc-2017Q2:1.3.0.84 pkgsrc-2017Q2-base:1.3 pkgsrc-2017Q1:1.3.0.82 pkgsrc-2017Q1-base:1.3 pkgsrc-2016Q4:1.3.0.80 pkgsrc-2016Q4-base:1.3 pkgsrc-2016Q3:1.3.0.78 pkgsrc-2016Q3-base:1.3 pkgsrc-2016Q2:1.3.0.76 pkgsrc-2016Q2-base:1.3 pkgsrc-2016Q1:1.3.0.74 pkgsrc-2016Q1-base:1.3 pkgsrc-2015Q4:1.3.0.72 pkgsrc-2015Q4-base:1.3 pkgsrc-2015Q3:1.3.0.70 pkgsrc-2015Q3-base:1.3 pkgsrc-2015Q2:1.3.0.68 pkgsrc-2015Q2-base:1.3 pkgsrc-2015Q1:1.3.0.66 pkgsrc-2015Q1-base:1.3 pkgsrc-2014Q4:1.3.0.64 pkgsrc-2014Q4-base:1.3 pkgsrc-2014Q3:1.3.0.62 pkgsrc-2014Q3-base:1.3 pkgsrc-2014Q2:1.3.0.60 pkgsrc-2014Q2-base:1.3 pkgsrc-2014Q1:1.3.0.58 pkgsrc-2014Q1-base:1.3 pkgsrc-2013Q4:1.3.0.56 pkgsrc-2013Q4-base:1.3 pkgsrc-2013Q3:1.3.0.54 pkgsrc-2013Q3-base:1.3 pkgsrc-2013Q2:1.3.0.52 pkgsrc-2013Q2-base:1.3 pkgsrc-2013Q1:1.3.0.50 pkgsrc-2013Q1-base:1.3 pkgsrc-2012Q4:1.3.0.48 pkgsrc-2012Q4-base:1.3 pkgsrc-2012Q3:1.3.0.46 pkgsrc-2012Q3-base:1.3 pkgsrc-2012Q2:1.3.0.44 pkgsrc-2012Q2-base:1.3 pkgsrc-2012Q1:1.3.0.42 pkgsrc-2012Q1-base:1.3 pkgsrc-2011Q4:1.3.0.40 pkgsrc-2011Q4-base:1.3 pkgsrc-2011Q3:1.3.0.38 pkgsrc-2011Q3-base:1.3 pkgsrc-2011Q2:1.3.0.36 pkgsrc-2011Q2-base:1.3 pkgsrc-2011Q1:1.3.0.34 pkgsrc-2011Q1-base:1.3 pkgsrc-2010Q4:1.3.0.32 pkgsrc-2010Q4-base:1.3 pkgsrc-2010Q3:1.3.0.30 pkgsrc-2010Q3-base:1.3 pkgsrc-2010Q2:1.3.0.28 pkgsrc-2010Q2-base:1.3 pkgsrc-2010Q1:1.3.0.26 pkgsrc-2010Q1-base:1.3 pkgsrc-2009Q4:1.3.0.24 pkgsrc-2009Q4-base:1.3 pkgsrc-2009Q3:1.3.0.22 pkgsrc-2009Q3-base:1.3 pkgsrc-2009Q2:1.3.0.20 pkgsrc-2009Q2-base:1.3 pkgsrc-2009Q1:1.3.0.18 pkgsrc-2009Q1-base:1.3 pkgsrc-2008Q4:1.3.0.16 pkgsrc-2008Q4-base:1.3 pkgsrc-2008Q3:1.3.0.14 pkgsrc-2008Q3-base:1.3 cube-native-xorg:1.3.0.12 cube-native-xorg-base:1.3 pkgsrc-2008Q2:1.3.0.10 pkgsrc-2008Q2-base:1.3 cwrapper:1.3.0.8 pkgsrc-2008Q1:1.3.0.6 pkgsrc-2008Q1-base:1.3 pkgsrc-2007Q4:1.3.0.4 pkgsrc-2007Q4-base:1.3 pkgsrc-2007Q3:1.3.0.2 pkgsrc-2007Q3-base:1.3 pkgsrc-2007Q2:1.2.0.6 pkgsrc-2007Q2-base:1.2 pkgsrc-2007Q1:1.2.0.4 pkgsrc-2007Q1-base:1.2 pkgsrc-2006Q4:1.2.0.2 pkgsrc-2006Q4-base:1.2 pkgsrc-2006Q3:1.1.0.4 pkgsrc-2006Q3-base:1.1 pkgsrc-2006Q2:1.1.0.2; locks; strict; comment @# @; 1.3 date 2007.09.21.12.00.11; author abs; state Exp; branches; next 1.2; 1.2 date 2006.10.10.00.22.28; author dmcmahill; state Exp; branches; next 1.1; 1.1 date 2006.08.20.21.38.45; author salo; state Exp; branches 1.1.2.1 1.1.4.1; next ; 1.1.2.1 date 2006.08.20.21.38.45; author ghen; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2006.08.21.07.03.36; author ghen; state Exp; branches; next ; 1.1.4.1 date 2006.10.17.15.50.37; author salo; state Exp; branches; next ; desc @@ 1.3 log @patch-af was an extended version of patch-ae, merge - now builds again @ text @$NetBSD: patch-af,v 1.1 2007/09/19 15:39:13 jlam Exp $ --- src/player.c.orig Tue Dec 10 19:30:26 2002 +++ src/player.c @@@@ -43,6 +43,16 @@@@ #include "player/record.h" /* Provides: parameter mechanism */ #include "player/meta.h" /* Provides: record interpreters */ +#ifdef HAVE_STDINT_H +#include +#endif +#ifndef UINT32_MAX +#include +#endif +#ifndef UINT32_MAX +#define UINT32_MAX UINT_MAX +#endif + /** * @@internal */ @@@@ -132,8 +142,14 @@@@ wmf_error_t wmf_scan (wmfAPI* API,unsign } } -/* P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)-3) * 2 * sizeof (unsigned char)); - */ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char)); + if (MAX_REC_SIZE(API) > UINT32_MAX/ 2) + { + API->err = wmf_E_InsMem; + WMF_DEBUG (API,"bailing..."); + return (API->err); + } + + P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char)); if (ERR (API)) { WMF_DEBUG (API,"bailing..."); @ 1.2 log @repair compilation on solaris (don't include stdint.h if it doesn't exist) @ text @d1 1 a1 1 $NetBSD$ d3 4 a6 3 --- src/player.c.orig 2002-12-10 14:30:26.000000000 -0500 +++ src/player.c 2006-10-09 13:31:30.464278000 -0400 @@@@ -44,4 +44,11 @@@@ d15 3 d21 3 a23 1 @@@@ -133,6 +140,12 @@@@ d38 1 @ 1.1 log @Security fix for CVE-2006-3376: "A vulnerability in libwmf can be potentially exploited by malicious people to compromise an application using the vulnerable library. The vulnerability is caused due to an integer overflow error when allocating memory based on a value taken directly from a WMF file without performing any checks. This can be exploited to cause a heap-based buffer overflow when a specially crafted WMF file is processed. Successful exploitation may allow execution of arbitrary code." http://secunia.com/advisories/20921/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3376 Patch from Red Hat. Bump PKGREVISION. @ text @d3 3 a5 7 Security fix for CVE-2006-3376, from Red Hat. --- src/player.c.orig 2002-12-10 20:30:26.000000000 +0100 +++ src/player.c 2006-08-20 23:29:44.000000000 +0200 @@@@ -42,6 +42,7 @@@@ #include "player/defaults.h" /* Provides: default settings */ #include "player/record.h" /* Provides: parameter mechanism */ d7 2 d10 5 a14 1 d17 1 a17 2 @@@@ -132,8 +133,14 @@@@ } a31 1 { WMF_DEBUG (API,"bailing..."); @ 1.1.2.1 log @file patch-ae was added on branch pkgsrc-2006Q2 on 2006-08-20 21:38:45 +0000 @ text @d1 31 @ 1.1.2.2 log @Pullup ticket 1799 - requested by salo security fix for libwmf Revisions pulled up: - pkgsrc/graphics/libwmf/Makefile 1.60 - pkgsrc/graphics/libwmf/distinfo 1.14 - pkgsrc/graphics/libwmf/patches/patch-ae 1.1 Module Name: pkgsrc Committed By: salo Date: Sun Aug 20 21:38:45 UTC 2006 Modified Files: pkgsrc/graphics/libwmf: Makefile distinfo Added Files: pkgsrc/graphics/libwmf/patches: patch-ae Log Message: Security fix for CVE-2006-3376: "A vulnerability in libwmf can be potentially exploited by malicious people to compromise an application using the vulnerable library. The vulnerability is caused due to an integer overflow error when allocating memory based on a value taken directly from a WMF file without performing any checks. This can be exploited to cause a heap-based buffer overflow when a specially crafted WMF file is processed. Successful exploitation may allow execution of arbitrary code." http://secunia.com/advisories/20921/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3376 Patch from Red Hat. Bump PKGREVISION. @ text @a0 31 $NetBSD: patch-ae,v 1.1.2.1 2006/08/21 07:03:36 ghen Exp $ Security fix for CVE-2006-3376, from Red Hat. --- src/player.c.orig 2002-12-10 20:30:26.000000000 +0100 +++ src/player.c 2006-08-20 23:29:44.000000000 +0200 @@@@ -42,6 +42,7 @@@@ #include "player/defaults.h" /* Provides: default settings */ #include "player/record.h" /* Provides: parameter mechanism */ #include "player/meta.h" /* Provides: record interpreters */ +#include /** * @@internal @@@@ -132,8 +133,14 @@@@ } } -/* P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)-3) * 2 * sizeof (unsigned char)); - */ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char)); + if (MAX_REC_SIZE(API) > UINT32_MAX/ 2) + { + API->err = wmf_E_InsMem; + WMF_DEBUG (API,"bailing..."); + return (API->err); + } + + P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char)); if (ERR (API)) { WMF_DEBUG (API,"bailing..."); @ 1.1.4.1 log @Pullup ticket 1858 - requested by dmcmahill portability fix for libwmf Revisions pulled up: - pkgsrc/graphics/libwmf/distinfo 1.15 - pkgsrc/graphics/libwmf/patches/patch-ae 1.2 Module Name: pkgsrc Committed By: dmcmahill Date: Tue Oct 10 00:22:28 UTC 2006 Modified Files: pkgsrc/graphics/libwmf: distinfo pkgsrc/graphics/libwmf/patches: patch-ae Log Message: repair compilation on solaris (don't include stdint.h if it doesn't exist) @ text @d1 1 a1 1 $NetBSD: patch-ae,v 1.2 2006/10/10 00:22:28 dmcmahill Exp $ d3 7 a9 3 --- src/player.c.orig 2002-12-10 14:30:26.000000000 -0500 +++ src/player.c 2006-10-09 13:31:30.464278000 -0400 @@@@ -44,4 +44,11 @@@@ d11 1 a12 7 +#ifdef HAVE_STDINT_H +#include +#endif +#ifndef UINT32_MAX +#include +#endif + d15 2 a16 1 @@@@ -133,6 +140,12 @@@@ d31 1 @