CVE-2005-3186: Add check to XPM reader to prevent integer overflow for
specially crafted number of colors.
CVE-2005-2975: Fix endless loop with specially crafted number of colors.
Primarily from naddy@. General maintenance release but includes security
fixes for:
CVE-2005-3186: Add check to XPM reader to prevent integer overflow for
specially crafted number of colors.
CVE-2005-2975: Fix endless loop with specially crafted number of colors.
Also, minor port fix from me.
This is a security update addressing the following:
CAN-2004-0782: Heap-based overflow in pixbuf_create_from_xpm
CAN-2004-0783: Stack-based overflow in xpm_extract_color
CAN-2004-0788: ico loader integer overflow
Patches to -stable will be along in the next day or two.
wrong. These are generated files that should be updated automagically by
ports whenever GDK loaders or GTK immodules respectivly are added.
As such, these files shouldn't live under /etc but under /var/db... and
they should be generated on package install instead of through funky
sed magic in the Makefile.
So now they are. :)
Oh and regen the PLIST, since, we're hacking the crap out of it anyway.
deve/glib2 2.2.2 -> 2.2.3
devel/pango 1.2.3 -> 1.2.5
x11/gtk+2 2.2.2 -> 2.2.4
These are minor bugfix updates to the GTK 2.2 series but are starting
to be required by some GTK & Gnome apps.
breaking build or packaging otherwise
- the gtk+2 problem is of unknown nature for now
- hylafax and MyCC break due to systrace translating "" to the current
directory in 'test -d ""' and thus succeeding the test instead of failing;
this is a problem when testing if some variable holds an existing directory
name and that variable is empty
ok naddy@
This is GTK+ version 2.0.5. GTK+ is a multi-platform toolkit for
creating graphical user interfaces. Offering a complete set of widgets,
GTK+ is suitable for projects ranging from small one-off projects to
complete application suites.
