- update to 2.8.11
This commit is contained in:
parent
4cedd5952f
commit
fe603bd02a
|
@ -1 +1 @@
|
|||
wxGTK-2.8.9.tar.bz2
|
||||
wxGTK-2.8.11.tar.bz2
|
||||
|
|
2
sources
2
sources
|
@ -1 +1 @@
|
|||
495c0287e102c8864eb5237a279ce9c2 wxGTK-2.8.9.tar.bz2
|
||||
6040933d200037f90f6aa1c5169e7ec6 wxGTK-2.8.11.tar.bz2
|
||||
|
|
|
@ -1,75 +0,0 @@
|
|||
Index: src/common/imagpng.cpp
|
||||
===================================================================
|
||||
--- src/common/imagpng.cpp (revision 60874)
|
||||
+++ src/common/imagpng.cpp (revision 60875)
|
||||
@@ -568,18 +568,16 @@
|
||||
if (!image->Ok())
|
||||
goto error;
|
||||
|
||||
- lines = (unsigned char **)malloc( (size_t)(height * sizeof(unsigned char *)) );
|
||||
+ // initialize all line pointers to NULL to ensure that they can be safely
|
||||
+ // free()d if an error occurs before all of them could be allocated
|
||||
+ lines = (unsigned char **)calloc(height, sizeof(unsigned char *));
|
||||
if ( !lines )
|
||||
goto error;
|
||||
|
||||
for (i = 0; i < height; i++)
|
||||
{
|
||||
if ((lines[i] = (unsigned char *)malloc( (size_t)(width * (sizeof(unsigned char) * 4)))) == NULL)
|
||||
- {
|
||||
- for ( unsigned int n = 0; n < i; n++ )
|
||||
- free( lines[n] );
|
||||
goto error;
|
||||
- }
|
||||
}
|
||||
|
||||
png_read_image( png_ptr, lines );
|
||||
Index: src/common/imagtiff.cpp
|
||||
===================================================================
|
||||
--- src/common/imagtiff.cpp (revision 60875)
|
||||
+++ src/common/imagtiff.cpp (revision 60876)
|
||||
@@ -261,7 +261,6 @@
|
||||
}
|
||||
|
||||
uint32 w, h;
|
||||
- uint32 npixels;
|
||||
uint32 *raster;
|
||||
|
||||
TIFFGetField( tif, TIFFTAG_IMAGEWIDTH, &w );
|
||||
@@ -275,10 +274,21 @@
|
||||
(samplesInfo[0] == EXTRASAMPLE_ASSOCALPHA ||
|
||||
samplesInfo[0] == EXTRASAMPLE_UNASSALPHA));
|
||||
|
||||
- npixels = w * h;
|
||||
+ // guard against integer overflow during multiplication which could result
|
||||
+ // in allocating a too small buffer and then overflowing it
|
||||
+ const double bytesNeeded = w * h * sizeof(uint32);
|
||||
+ if ( bytesNeeded >= 4294967295U /* UINT32_MAX */ )
|
||||
+ {
|
||||
+ if ( verbose )
|
||||
+ wxLogError( _("TIFF: Image size is abnormally big.") );
|
||||
|
||||
- raster = (uint32*) _TIFFmalloc( npixels * sizeof(uint32) );
|
||||
+ TIFFClose(tif);
|
||||
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
+ raster = (uint32*) _TIFFmalloc( bytesNeeded );
|
||||
+
|
||||
if (!raster)
|
||||
{
|
||||
if (verbose)
|
||||
Index: src/common/imagtiff.cpp
|
||||
===================================================================
|
||||
--- src/common/imagtiff.cpp (revision 60896)
|
||||
+++ src/common/imagtiff.cpp (revision 60897)
|
||||
@@ -276,7 +276,7 @@
|
||||
|
||||
// guard against integer overflow during multiplication which could result
|
||||
// in allocating a too small buffer and then overflowing it
|
||||
- const double bytesNeeded = w * h * sizeof(uint32);
|
||||
+ const double bytesNeeded = (double)w * (double)h * sizeof(uint32);
|
||||
if ( bytesNeeded >= 4294967295U /* UINT32_MAX */ )
|
||||
{
|
||||
if ( verbose )
|
11
wxGTK.spec
11
wxGTK.spec
|
@ -5,8 +5,8 @@
|
|||
%define withodbc 0
|
||||
|
||||
Name: wxGTK
|
||||
Version: 2.8.9
|
||||
Release: 2%{?dist}
|
||||
Version: 2.8.11
|
||||
Release: 1%{?dist}
|
||||
Summary: GTK2 port of the wxWidgets GUI library
|
||||
# The wxWindows licence is the LGPL with a specific exemption allowing
|
||||
# distribution of derived binaries under any terms. (This will eventually
|
||||
|
@ -16,9 +16,6 @@ Group: System Environment/Libraries
|
|||
URL: http://www.wxwidgets.org/
|
||||
Source0: http://dl.sf.net/wxwindows/%{name}-%{version}.tar.bz2
|
||||
|
||||
# http://trac.wxwidgets.org/ticket/10993
|
||||
Patch0: %{name}-2.8.10-CVE-2009-2369.patch
|
||||
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
|
||||
BuildRequires: gtk2-devel, zlib-devel >= 1.1.4
|
||||
|
@ -122,7 +119,6 @@ libraries or the X Window System.
|
|||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p0 -b .CVE-2009-2369
|
||||
|
||||
sed -i -e 's|/usr/lib\b|%{_libdir}|' wx-config.in configure
|
||||
|
||||
|
@ -264,6 +260,9 @@ rm -rf $RPM_BUILD_ROOT
|
|||
|
||||
|
||||
%changelog
|
||||
* Mon Apr 26 2010 Dan Horák <dan[at]danny.cz> - 2.8.11-1
|
||||
- update to 2.8.11
|
||||
|
||||
* Wed Jul 15 2009 Dan Horák <dan[at]danny.cz> - 2.8.9-2
|
||||
- add fix for CVE-2009-2369 (#511279)
|
||||
|
||||
|
|
Loading…
Reference in New Issue