# HG changeset patch # User Christophe Lincoln # Date 1242247900 -7200 # Node ID 62a12dcd3a803fec7684edea30b06b4d0cd59d1f # Parent 948f0b6a41c4a262433bfda8551ea0d5fa230511 Up: glibmm, pangomm and gtkmm diff -r 948f0b6a41c4 -r 62a12dcd3a80 glib/stuff/glib-CVE-2008-4316.diff --- a/glib/stuff/glib-CVE-2008-4316.diff Wed May 13 22:48:36 2009 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,62 +0,0 @@ ---- glib/gbase64.c 2009/02/23 04:30:06 7897 -+++ glib/gbase64.c 2009/03/12 13:30:55 7973 -@@ -54,8 +54,9 @@ - * - * The output buffer must be large enough to fit all the data that will - * be written to it. Due to the way base64 encodes you will need -- * at least: @len * 4 / 3 + 6 bytes. If you enable line-breaking you will -- * need at least: @len * 4 / 3 + @len * 4 / (3 * 72) + 7 bytes. -+ * at least: (@len / 3 + 1) * 4 + 4 bytes (+ 4 may be needed in case of -+ * non-zero state). If you enable line-breaking you will need at least: -+ * ((@len / 3 + 1) * 4 + 4) / 72 + 1 bytes of extra space. - * - * @break_lines is typically used when putting base64-encoded data in emails. - * It breaks the lines at 72 columns instead of putting all of the text on -@@ -233,8 +234,14 @@ - g_return_val_if_fail (data != NULL, NULL); - g_return_val_if_fail (len > 0, NULL); - -- /* We can use a smaller limit here, since we know the saved state is 0 */ -- out = g_malloc (len * 4 / 3 + 4); -+ /* We can use a smaller limit here, since we know the saved state is 0, -+ +1 is needed for trailing \0, also check for unlikely integer overflow */ -+ if (len >= ((G_MAXSIZE - 1) / 4 - 1) * 3) -+ g_error("%s: input too large for Base64 encoding (%"G_GSIZE_FORMAT" chars)", -+ G_STRLOC, len); -+ -+ out = g_malloc ((len / 3 + 1) * 4 + 1); -+ - outlen = g_base64_encode_step (data, len, FALSE, out, &state, &save); - outlen += g_base64_encode_close (FALSE, out + outlen, &state, &save); - out[outlen] = '\0'; -@@ -275,7 +282,8 @@ - * - * The output buffer must be large enough to fit all the data that will - * be written to it. Since base64 encodes 3 bytes in 4 chars you need -- * at least: @len * 3 / 4 bytes. -+ * at least: (@len / 4) * 3 + 3 bytes (+ 3 may be needed in case of non-zero -+ * state). - * - * Return value: The number of bytes of output that was written - * -@@ -358,7 +366,8 @@ - gsize *out_len) - { - guchar *ret; -- gint input_length, state = 0; -+ gsize input_length; -+ gint state = 0; - guint save = 0; - - g_return_val_if_fail (text != NULL, NULL); -@@ -368,7 +377,9 @@ - - g_return_val_if_fail (input_length > 1, NULL); - -- ret = g_malloc0 (input_length * 3 / 4); -+ /* We can use a smaller limit here, since we know the saved state is 0, -+ +1 used to avoid calling g_malloc0(0), and hence retruning NULL */ -+ ret = g_malloc0 ((input_length / 4) * 3 + 1); - - *out_len = g_base64_decode_step (text, input_length, ret, &state, &save); - diff -r 948f0b6a41c4 -r 62a12dcd3a80 glibmm-dev/receipt --- a/glibmm-dev/receipt Wed May 13 22:48:36 2009 +0200 +++ b/glibmm-dev/receipt Wed May 13 22:51:40 2009 +0200 @@ -1,7 +1,7 @@ # SliTaz package receipt. PACKAGE="glibmm-dev" -VERSION="2.18.1" +VERSION="2.20.0" CATEGORY="development" SHORT_DESC="Callback Framework for C++ devel files." MAINTAINER="pankso@slitaz.org" diff -r 948f0b6a41c4 -r 62a12dcd3a80 glibmm/receipt --- a/glibmm/receipt Wed May 13 22:48:36 2009 +0200 +++ b/glibmm/receipt Wed May 13 22:51:40 2009 +0200 @@ -1,7 +1,7 @@ # SliTaz package receipt. PACKAGE="glibmm" -VERSION="2.18.1" +VERSION="2.20.0" CATEGORY="x-window" SHORT_DESC="C++ interface for the popular GUI library GTK+." MAINTAINER="pankso@slitaz.org" @@ -9,7 +9,7 @@ BUILD_DEPENDS="libsigc++ libsigc++-dev libgio libgio-dev" TARBALL="$PACKAGE-$VERSION.tar.gz" WEB_SITE="http://www.gtkmm.org/" -WGET_URL="http://ftp.gnome.org/pub/GNOME/sources/glibmm/2.18/$TARBALL" +WGET_URL="http://ftp.gnome.org/pub/GNOME/sources/glibmm/2.20/$TARBALL" # Rules to configure and make the package. compile_rules() diff -r 948f0b6a41c4 -r 62a12dcd3a80 gtkmm-dev/receipt --- a/gtkmm-dev/receipt Wed May 13 22:48:36 2009 +0200 +++ b/gtkmm-dev/receipt Wed May 13 22:51:40 2009 +0200 @@ -1,7 +1,7 @@ # SliTaz package receipt. PACKAGE="gtkmm-dev" -VERSION="2.14.3" +VERSION="2.16.0" CATEGORY="development" SHORT_DESC="Callback Framework for C++ devel files." MAINTAINER="pankso@slitaz.org" diff -r 948f0b6a41c4 -r 62a12dcd3a80 gtkmm/receipt --- a/gtkmm/receipt Wed May 13 22:48:36 2009 +0200 +++ b/gtkmm/receipt Wed May 13 22:51:40 2009 +0200 @@ -1,7 +1,7 @@ # SliTaz package receipt. PACKAGE="gtkmm" -VERSION="2.14.3" +VERSION="2.16.0" CATEGORY="x-window" SHORT_DESC="C++ interface for the popular GUI library GTK+." MAINTAINER="pankso@slitaz.org" @@ -10,7 +10,7 @@ doxygen libgiomm-dev" TARBALL="$PACKAGE-$VERSION.tar.gz" WEB_SITE="http://www.gtkmm.org/" -WGET_URL="http://ftp.gnome.org/pub/GNOME/sources/gtkmm/2.14/$TARBALL" +WGET_URL="http://ftp.gnome.org/pub/GNOME/sources/gtkmm/2.16/$TARBALL" # Rules to configure and make the package. compile_rules() diff -r 948f0b6a41c4 -r 62a12dcd3a80 libgiomm-dev/receipt --- a/libgiomm-dev/receipt Wed May 13 22:48:36 2009 +0200 +++ b/libgiomm-dev/receipt Wed May 13 22:51:40 2009 +0200 @@ -1,7 +1,7 @@ # SliTaz package receipt. PACKAGE="libgiomm-dev" -VERSION="2.18.1" +VERSION="2.20.0" CATEGORY="development" SHORT_DESC="GIO Framework for C++ devel files." MAINTAINER="pankso@slitaz.org" diff -r 948f0b6a41c4 -r 62a12dcd3a80 libgiomm/receipt --- a/libgiomm/receipt Wed May 13 22:48:36 2009 +0200 +++ b/libgiomm/receipt Wed May 13 22:51:40 2009 +0200 @@ -1,7 +1,7 @@ # SliTaz package receipt. PACKAGE="libgiomm" -VERSION="2.18.1" +VERSION="2.20.0" CATEGORY="x-window" SHORT_DESC="GIO Framework for C++." MAINTAINER="pankso@slitaz.org" diff -r 948f0b6a41c4 -r 62a12dcd3a80 pangomm-dev/receipt --- a/pangomm-dev/receipt Wed May 13 22:48:36 2009 +0200 +++ b/pangomm-dev/receipt Wed May 13 22:51:40 2009 +0200 @@ -1,7 +1,7 @@ # SliTaz package receipt. PACKAGE="pangomm-dev" -VERSION="2.14.1" +VERSION="2.24.0" CATEGORY="development" SHORT_DESC="Pangomm library devel files." MAINTAINER="pankso@slitaz.org" diff -r 948f0b6a41c4 -r 62a12dcd3a80 pangomm/receipt --- a/pangomm/receipt Wed May 13 22:48:36 2009 +0200 +++ b/pangomm/receipt Wed May 13 22:51:40 2009 +0200 @@ -1,7 +1,7 @@ # SliTaz package receipt. PACKAGE="pangomm" -VERSION="2.14.1" +VERSION="2.24.0" CATEGORY="x-window" SHORT_DESC="Pango binding for GTKmm." MAINTAINER="pankso@slitaz.org" @@ -9,7 +9,7 @@ BUILD_DEPENDS="pixman-dev cairomm-dev glibmm-dev libgiomm-dev" TARBALL="$PACKAGE-$VERSION.tar.gz" WEB_SITE="http://ftp.gnome.org/pub/gnome/sources/pangomm/" -WGET_URL="http://ftp.gnome.org/pub/gnome/sources/pangomm/2.14/$TARBALL" +WGET_URL="http://ftp.gnome.org/pub/gnome/sources/pangomm/2.24/$TARBALL" # Rules to configure and make the package. compile_rules() @@ -18,7 +18,6 @@ ./configure \ --prefix=/usr \ --mandir=/usr/share/man \ - --with-html-dir=/usr/share/doc \ $CONFIGURE_ARGS && make && make DESTDIR=$PWD/_pkg install