head 1.3; access; symbols pkgsrc-2013Q2:1.3.0.2 pkgsrc-2013Q2-base:1.3 pkgsrc-2013Q1:1.2.0.26 pkgsrc-2013Q1-base:1.2 pkgsrc-2012Q4:1.2.0.24 pkgsrc-2012Q4-base:1.2 pkgsrc-2012Q3:1.2.0.22 pkgsrc-2012Q3-base:1.2 pkgsrc-2012Q2:1.2.0.20 pkgsrc-2012Q2-base:1.2 pkgsrc-2012Q1:1.2.0.18 pkgsrc-2012Q1-base:1.2 pkgsrc-2011Q4:1.2.0.16 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q3:1.2.0.14 pkgsrc-2011Q3-base:1.2 pkgsrc-2011Q2:1.2.0.12 pkgsrc-2011Q2-base:1.2 pkgsrc-2011Q1:1.2.0.10 pkgsrc-2011Q1-base:1.2 pkgsrc-2010Q4:1.2.0.8 pkgsrc-2010Q4-base:1.2 pkgsrc-2010Q3:1.2.0.6 pkgsrc-2010Q3-base:1.2 pkgsrc-2010Q2:1.2.0.4 pkgsrc-2010Q2-base:1.2 pkgsrc-2010Q1:1.2.0.2 pkgsrc-2010Q1-base:1.2 pkgsrc-2009Q4:1.1.0.4 pkgsrc-2009Q4-base:1.1 pkgsrc-2009Q3:1.1.0.2 pkgsrc-2009Q3-base:1.1; locks; strict; comment @# @; 1.3 date 2013.06.15.06.57.55; author ryoon; state dead; branches; next 1.2; commitid qKHlHPIr78SQ9GTw; 1.2 date 2010.02.16.17.38.14; author taca; state Exp; branches; next 1.1; 1.1 date 2009.08.05.20.58.56; author drochner; state Exp; branches 1.1.4.1; next ; 1.1.4.1 date 2010.02.28.14.14.23; author spz; state Exp; branches; next ; desc @@ 1.3 log @Bump PKGREVISION. * Remove absolete patches for security bug. Noticed by wiz@@. Thank you. @ text @$NetBSD: patch-ca,v 1.2 2010/02/16 17:38:14 taca Exp $ deal with CVE-2009-2369. --- src/common/image.cpp.orig 2009-03-06 13:17:40.000000000 +0100 +++ src/common/image.cpp @@@@ -186,6 +186,10 @@@@ bool wxImage::Create( int width, int hei m_refData = new wxImageRefData(); + if (width <= 0 || height <= 0 || width > INT_MAX / 3 / height) { + UnRef(); + return false; + } M_IMGDATA->m_data = (unsigned char *) malloc( width*height*3 ); if (!M_IMGDATA->m_data) { @ 1.2 log @* Add patches for CVE-2009-2369 and CVE-2009-2625. * Use textproc/expat to fix CVE-2009-3720. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD: patch-ca,v 1.1 2009/08/05 20:58:56 drochner Exp $ @ 1.1 log @deal with CVE-2009-2369 -- neither the advisory nor anything it links to give useful information, just spotted an obvious case where data passed from subclasses are used for malloc() unchecked, so added a check. I can't claim that the CVE report is fixed because it is not clear what it is about, but it seems that this fixes an issue. bump PKGREVISION @ text @d1 3 a3 1 $NetBSD$ @ 1.1.4.1 log @Pullup ticket 3029 - requested by taca security patch Revisions pulled up: - pkgsrc/x11/wxGTK28/Makefile 1.8 - pkgsrc/x11/wxGTK28/Makefile.common 1.5 - pkgsrc/x11/wxGTK28/distinfo 1.8 - pkgsrc/x11/wxGTK28/patches/patch-ba 1.2 - pkgsrc/x11/wxGTK28/patches/patch-bb 1.2 - pkgsrc/x11/wxGTK28/patches/patch-ca 1.2 Files added: pkgsrc/x11/wxGTK28/patches/patch-cb -------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Tue Feb 16 17:38:14 UTC 2010 Modified Files: pkgsrc/x11/wxGTK28: Makefile Makefile.common distinfo pkgsrc/x11/wxGTK28/patches: patch-ba patch-bb patch-ca Added Files: pkgsrc/x11/wxGTK28/patches: patch-cb Log Message: * Add patches for CVE-2009-2369 and CVE-2009-2625. * Use textproc/expat to fix CVE-2009-3720. Bump PKGREVISION. To generate a diff of this commit: cvs rdiff -u -r1.7 -r1.8 pkgsrc/x11/wxGTK28/Makefile \ pkgsrc/x11/wxGTK28/distinfo cvs rdiff -u -r1.4 -r1.5 pkgsrc/x11/wxGTK28/Makefile.common cvs rdiff -u -r1.1 -r1.2 pkgsrc/x11/wxGTK28/patches/patch-ba \ pkgsrc/x11/wxGTK28/patches/patch-bb pkgsrc/x11/wxGTK28/patches/patch-ca cvs rdiff -u -r0 -r1.1 pkgsrc/x11/wxGTK28/patches/patch-cb @ text @d1 1 a1 3 $NetBSD: patch-ca,v 1.2 2010/02/16 17:38:14 taca Exp $ deal with CVE-2009-2369. @