Import a patch from Gentoo bug #127008 to fix CVE-2006-1060.
Security: VuXML ID: a813a219-d2d4-11da-a672-000e0c2e438a
This commit is contained in:
Thierry Thomas
parent
c8a0c2c044
commit
f9f2dde96d
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=175006
2 changed files with 70 additions and 4 deletions
|
|
@ -7,6 +7,7 @@
|
|||
|
||||
PORTNAME= zgv
|
||||
PORTVERSION= 5.9
|
||||
PORTREVISION= 1
|
||||
CATEGORIES= graphics
|
||||
MASTER_SITES= ${MASTER_SITE_SUNSITE}
|
||||
MASTER_SITE_SUBDIR= apps/graphics/viewers/svga
|
||||
|
|
@ -14,10 +15,6 @@ MASTER_SITE_SUBDIR= apps/graphics/viewers/svga
|
|||
MAINTAINER= ports@FreeBSD.org
|
||||
COMMENT= Graphics viewer for SVGAlib
|
||||
|
||||
FORBIDDEN= http://vuxml.freebsd.org/a813a219-d2d4-11da-a672-000e0c2e438a.html
|
||||
DEPRECATED= ${FORBIDDEN}
|
||||
EXPIRATION_DATE=2006-12-01
|
||||
|
||||
LIB_DEPENDS= tiff.4:${PORTSDIR}/graphics/tiff \
|
||||
vga.1:${PORTSDIR}/graphics/svgalib \
|
||||
jpeg.9:${PORTSDIR}/graphics/jpeg \
|
||||
|
|
|
|||
69
graphics/zgv/files/patch-zgv-5.9-cmyk-ycck-fix.diff
Normal file
69
graphics/zgv/files/patch-zgv-5.9-cmyk-ycck-fix.diff
Normal file
|
|
@ -0,0 +1,69 @@
|
|||
--- src/readjpeg.c.orig Sun Oct 31 15:54:26 2004
|
||||
+++ src/readjpeg.c Sun Oct 8 22:43:59 2006
|
||||
@@ -92,11 +92,18 @@
|
||||
int *real_width,int *real_height)
|
||||
{
|
||||
static FILE *in;
|
||||
+/*
|
||||
+Patch imported from Gentoo Bug #127008 to fix CVE-2006-1060
|
||||
+VuXML ID a813a219-d2d4-11da-a672-000e0c2e438a
|
||||
+<http://bugs.gentoo.org/show_bug.cgi?id=127008>
|
||||
+*/
|
||||
+static int cmyk;
|
||||
struct my_error_mgr jerr;
|
||||
int row_stride; /* physical row width in output buffer */
|
||||
int tmp,f;
|
||||
-unsigned char *ptr;
|
||||
+unsigned char *ptr,*ptr2;
|
||||
|
||||
+cmyk=0;
|
||||
use_errmsg=0;
|
||||
theimage=NULL;
|
||||
howfar=howfarfunc;
|
||||
@@ -161,6 +168,15 @@
|
||||
pal[f]=pal[256+f]=pal[512+f]=f;
|
||||
}
|
||||
|
||||
+if(cinfo.jpeg_color_space==JCS_CMYK)
|
||||
+ cmyk=1;
|
||||
+
|
||||
+if(cinfo.jpeg_color_space==JCS_YCCK)
|
||||
+ {
|
||||
+ cmyk=1;
|
||||
+ cinfo.out_color_space=JCS_CMYK;
|
||||
+ }
|
||||
+
|
||||
width=cinfo.image_width;
|
||||
height=cinfo.image_height;
|
||||
|
||||
@@ -191,7 +207,7 @@
|
||||
}
|
||||
|
||||
if(WH_BAD(width,height) ||
|
||||
- (theimage=(byte *)malloc(pixelsize*width*height))==NULL)
|
||||
+ (theimage=(byte *)malloc(pixelsize*width*(height+cmyk)))==NULL)
|
||||
{
|
||||
jpegerr("Out of memory"); /* XXX misleading if width/height are bad */
|
||||
longjmp(jerr.setjmp_buffer,1);
|
||||
@@ -222,7 +238,20 @@
|
||||
while(cinfo.output_scanline<height)
|
||||
{
|
||||
jpeg_read_scanlines(&cinfo,&ptr,1);
|
||||
- for(f=0;f<width;f++) { tmp=*ptr; *ptr=ptr[2]; ptr[2]=tmp; ptr+=3; }
|
||||
+ if(!cmyk)
|
||||
+ for(f=0;f<width;f++) { tmp=*ptr; *ptr=ptr[2]; ptr[2]=tmp; ptr+=3; }
|
||||
+ else
|
||||
+ {
|
||||
+ ptr2=ptr;
|
||||
+ for(f=0;f<width;f++,ptr+=3,ptr2+=4)
|
||||
+ {
|
||||
+ tmp=ptr2[3];
|
||||
+ ptr[0]=(tmp*ptr2[2])/255;
|
||||
+ ptr[1]=(tmp*ptr2[1])/255;
|
||||
+ ptr[2]=(tmp*ptr2[0])/255;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
if(howfar!=NULL) howfar(cinfo.output_scanline,height);
|
||||
}
|
||||
|
||||
Loading…
Reference in a new issue