| 1 |
ssuominen 10/05/10 20:50:06 |
| 2 |
|
| 3 |
Added: devil-1.7.8-CVE-2009-3994.patch |
| 4 |
devil-1.7.8-libpng14.patch |
| 5 |
Log: |
| 6 |
Version bump wrt #297760 (Karl-Robert Ernst) with CVE-2009-3994 patch (Christopher Harvey) and libpng14 compability (Marcin BaczyĆski) |
| 7 |
(Portage version: 2.2_rc67/cvs/Linux x86_64) |
| 8 |
|
| 9 |
Revision Changes Path |
| 10 |
1.1 media-libs/devil/files/devil-1.7.8-CVE-2009-3994.patch |
| 11 |
|
| 12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-libs/devil/files/devil-1.7.8-CVE-2009-3994.patch?rev=1.1&view=markup |
| 13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-libs/devil/files/devil-1.7.8-CVE-2009-3994.patch?rev=1.1&content-type=text/plain |
| 14 |
|
| 15 |
Index: devil-1.7.8-CVE-2009-3994.patch |
| 16 |
=================================================================== |
| 17 |
http://bugs.gentoo.org/297760 |
| 18 |
|
| 19 |
--- src-IL/src/il_dicom.c |
| 20 |
+++ src-IL/src/il_dicom.c |
| 21 |
@@ -427,9 +427,11 @@ ILboolean GetUID(ILubyte *UID) |
| 22 |
return IL_FALSE; |
| 23 |
|
| 24 |
ValLen = GetLittleUShort(); |
| 25 |
+ if (ValLen > 64) |
| 26 |
+ return IL_FALSE; |
| 27 |
if (iread(UID, ValLen, 1) != 1) |
| 28 |
return IL_FALSE; |
| 29 |
- UID[64] = 0; // Just to make sure that our string is terminated. |
| 30 |
+ UID[ValLen] = 0; // Just to make sure that our string is terminated. |
| 31 |
|
| 32 |
return IL_TRUE; |
| 33 |
} |
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
1.1 media-libs/devil/files/devil-1.7.8-libpng14.patch |
| 38 |
|
| 39 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-libs/devil/files/devil-1.7.8-libpng14.patch?rev=1.1&view=markup |
| 40 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-libs/devil/files/devil-1.7.8-libpng14.patch?rev=1.1&content-type=text/plain |
| 41 |
|
| 42 |
Index: devil-1.7.8-libpng14.patch |
| 43 |
=================================================================== |
| 44 |
diff -Nur devil-1.7.8.orig/src-IL/src/il_icon.c devil-1.7.8/src-IL/src/il_icon.c |
| 45 |
--- devil-1.7.8.orig/src-IL/src/il_icon.c 2009-03-08 09:10:09.000000000 +0200 |
| 46 |
+++ devil-1.7.8/src-IL/src/il_icon.c 2010-01-17 00:54:09.000000000 +0200 |
| 47 |
@@ -525,7 +525,7 @@ |
| 48 |
|
| 49 |
// Expand low-bit-depth grayscale images to 8 bits |
| 50 |
if (ico_color_type == PNG_COLOR_TYPE_GRAY && bit_depth < 8) { |
| 51 |
- png_set_gray_1_2_4_to_8(ico_png_ptr); |
| 52 |
+ png_set_expand_gray_1_2_4_to_8(ico_png_ptr); |
| 53 |
} |
| 54 |
|
| 55 |
// Expand RGB images with transparency to full alpha channels |
| 56 |
diff -Nur devil-1.7.8.orig/src-IL/src/il_png.c devil-1.7.8/src-IL/src/il_png.c |
| 57 |
--- devil-1.7.8.orig/src-IL/src/il_png.c 2009-03-08 09:10:09.000000000 +0200 |
| 58 |
+++ devil-1.7.8/src-IL/src/il_png.c 2010-01-17 00:55:26.000000000 +0200 |
| 59 |
@@ -105,7 +105,7 @@ |
| 60 |
Read = iread(Signature, 1, 8); |
| 61 |
iseek(-Read, IL_SEEK_CUR); |
| 62 |
|
| 63 |
- return png_check_sig(Signature, 8); |
| 64 |
+ return png_sig_cmp(Signature, 0, 8) == 0; |
| 65 |
} |
| 66 |
|
| 67 |
|
| 68 |
@@ -278,7 +278,7 @@ |
| 69 |
|
| 70 |
// Expand low-bit-depth grayscale images to 8 bits |
| 71 |
if (png_color_type == PNG_COLOR_TYPE_GRAY && bit_depth < 8) { |
| 72 |
- png_set_gray_1_2_4_to_8(png_ptr); |
| 73 |
+ png_set_expand_gray_1_2_4_to_8(png_ptr); |
| 74 |
} |
| 75 |
|
| 76 |
// Expand RGB images with transparency to full alpha channels |
Archives