kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Import a patch from Gentoo bug #127008 to fix CVE-2006-1060.

Browse source 
Security:	VuXML ID: a813a219-d2d4-11da-a672-000e0c2e438a
This commit is contained in:
Thierry Thomas 2006-10-08 21:26:27 +00:00
parent c8a0c2c044
commit f9f2dde96d
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=175006
2 changed files with 70 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
graphics/zgv/Makefile
View file

@ -7,6 +7,7 @@
PORTNAME= zgv PORTNAME= zgv
PORTVERSION= 5.9 PORTVERSION= 5.9
PORTREVISION= 1
CATEGORIES= graphics CATEGORIES= graphics
MASTER_SITES= ${MASTER_SITE_SUNSITE} MASTER_SITES= ${MASTER_SITE_SUNSITE}
MASTER_SITE_SUBDIR= apps/graphics/viewers/svga MASTER_SITE_SUBDIR= apps/graphics/viewers/svga
@ -14,10 +15,6 @@ MASTER_SITE_SUBDIR= apps/graphics/viewers/svga
MAINTAINER= ports@FreeBSD.org MAINTAINER= ports@FreeBSD.org
COMMENT= Graphics viewer for SVGAlib COMMENT= Graphics viewer for SVGAlib
FORBIDDEN= http://vuxml.freebsd.org/a813a219-d2d4-11da-a672-000e0c2e438a.html
DEPRECATED= ${FORBIDDEN}
EXPIRATION_DATE=2006-12-01
LIB_DEPENDS= tiff.4:${PORTSDIR}/graphics/tiff \ LIB_DEPENDS= tiff.4:${PORTSDIR}/graphics/tiff \
vga.1:${PORTSDIR}/graphics/svgalib \ vga.1:${PORTSDIR}/graphics/svgalib \
jpeg.9:${PORTSDIR}/graphics/jpeg \ jpeg.9:${PORTSDIR}/graphics/jpeg \

69
graphics/zgv/files/patch-zgv-5.9-cmyk-ycck-fix.diff Normal file
View file

@ -0,0 +1,69 @@
--- src/readjpeg.c.orig Sun Oct 31 15:54:26 2004
+++ src/readjpeg.c Sun Oct 8 22:43:59 2006
@@ -92,11 +92,18 @@
int *real_width,int *real_height)
{
static FILE *in;
+/*
+Patch imported from Gentoo Bug #127008 to fix CVE-2006-1060
+VuXML ID a813a219-d2d4-11da-a672-000e0c2e438a
+<http://bugs.gentoo.org/show_bug.cgi?id=127008>
+*/
+static int cmyk;
struct my_error_mgr jerr;
int row_stride; /* physical row width in output buffer */
int tmp,f;
-unsigned char *ptr;
+unsigned char *ptr,*ptr2;
+cmyk=0;
use_errmsg=0;
theimage=NULL;
howfar=howfarfunc;
@@ -161,6 +168,15 @@
pal[f]=pal[256+f]=pal[512+f]=f;
}
+if(cinfo.jpeg_color_space==JCS_CMYK)
+ cmyk=1;
+
+if(cinfo.jpeg_color_space==JCS_YCCK)
+ {
+ cmyk=1;
+ cinfo.out_color_space=JCS_CMYK;
+ }
+
width=cinfo.image_width;
height=cinfo.image_height;
@@ -191,7 +207,7 @@
}
if(WH_BAD(width,height) ||
- (theimage=(byte *)malloc(pixelsize*width*height))==NULL)
+ (theimage=(byte *)malloc(pixelsize*width*(height+cmyk)))==NULL)
{
jpegerr("Out of memory"); /* XXX misleading if width/height are bad */
longjmp(jerr.setjmp_buffer,1);
@@ -222,7 +238,20 @@
while(cinfo.output_scanline<height)
{
jpeg_read_scanlines(&cinfo,&ptr,1);
- for(f=0;f<width;f++) { tmp=*ptr; *ptr=ptr[2]; ptr[2]=tmp; ptr+=3; }
+ if(!cmyk)
+ for(f=0;f<width;f++) { tmp=*ptr; *ptr=ptr[2]; ptr[2]=tmp; ptr+=3; }
+ else
+ {
+ ptr2=ptr;
+ for(f=0;f<width;f++,ptr+=3,ptr2+=4)
+ {
+ tmp=ptr2[3];
+ ptr[0]=(tmp*ptr2[2])/255;
+ ptr[1]=(tmp*ptr2[1])/255;
+ ptr[2]=(tmp*ptr2[0])/255;
+ }
+ }
+
if(howfar!=NULL) howfar(cinfo.output_scanline,height);
}