[pkgsrc/trunk]: pkgsrc/graphics/xzgv Fix for CVE-2006-1060 via Gentoo

[adrianp <adrianp%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/5b7a4250af2d
branches:  trunk
changeset: 518917:5b7a4250af2d
user:      adrianp <adrianp%pkgsrc.org@localhost>
date:      Sat Sep 23 14:59:34 2006 +0000

description:
Fix for CVE-2006-1060 via Gentoo
Bump to nb3

diffstat:

 graphics/xzgv/Makefile         |   4 +-
 graphics/xzgv/distinfo         |   9 ++--
 graphics/xzgv/patches/patch-ac |  82 ++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 89 insertions(+), 6 deletions(-)

diffs (119 lines):

diff -r cc0665e6593b -r 5b7a4250af2d graphics/xzgv/Makefile
--- a/graphics/xzgv/Makefile    Sat Sep 23 14:08:10 2006 +0000
+++ b/graphics/xzgv/Makefile    Sat Sep 23 14:59:34 2006 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.34 2006/04/17 13:46:37 wiz Exp $
+# $NetBSD: Makefile,v 1.35 2006/09/23 14:59:34 adrianp Exp $
 
 DISTNAME=      xzgv-0.8
 PKGNAME=       xzgv-0.8.0.1
-PKGREVISION=   2
+PKGREVISION=   3
 CATEGORIES=    graphics
 MASTER_SITES=  ftp://ftp.ibiblio.org/pub/Linux/apps/graphics/viewers/X/
 
diff -r cc0665e6593b -r 5b7a4250af2d graphics/xzgv/distinfo
--- a/graphics/xzgv/distinfo    Sat Sep 23 14:08:10 2006 +0000
+++ b/graphics/xzgv/distinfo    Sat Sep 23 14:59:34 2006 +0000
@@ -1,10 +1,11 @@
-$NetBSD: distinfo,v 1.8 2005/02/24 08:45:15 agc Exp $
+$NetBSD: distinfo,v 1.9 2006/09/23 14:59:34 adrianp Exp $
 
+SHA1 (xzgv-0.8-integer-overflow-fix.diff) = b18dfdaafe295e2c42764f59784b6b6201b489ea
+RMD160 (xzgv-0.8-integer-overflow-fix.diff) = bd75c87cf6f20e4fa2757afe472111e2253cb640
+Size (xzgv-0.8-integer-overflow-fix.diff) = 6374 bytes
 SHA1 (xzgv-0.8.tar.gz) = 1aa21336e2562849e6f5f984cbbfcb745489df3b
 RMD160 (xzgv-0.8.tar.gz) = e36466a73c27616610fd032b3a92898d95a55a17
 Size (xzgv-0.8.tar.gz) = 302801 bytes
-SHA1 (xzgv-0.8-integer-overflow-fix.diff) = b18dfdaafe295e2c42764f59784b6b6201b489ea
-RMD160 (xzgv-0.8-integer-overflow-fix.diff) = bd75c87cf6f20e4fa2757afe472111e2253cb640
-Size (xzgv-0.8-integer-overflow-fix.diff) = 6374 bytes
 SHA1 (patch-aa) = 7a0d6e6b24d788fb9cf45967e4c3b434c621def3
 SHA1 (patch-ab) = cf4c746e3c4b9ac3a5968211a8f2c0b69d43bc99
+SHA1 (patch-ac) = 3a67b625b6eabd0c6e2399fb0a59fde4460d3893
diff -r cc0665e6593b -r 5b7a4250af2d graphics/xzgv/patches/patch-ac
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/xzgv/patches/patch-ac    Sat Sep 23 14:59:34 2006 +0000
@@ -0,0 +1,82 @@
+$NetBSD: patch-ac,v 1.3 2006/09/23 14:59:34 adrianp Exp $
+
+--- src/readjpeg.c.orig        2006-09-23 15:52:41.000000000 +0100
++++ src/readjpeg.c
+@@ -179,11 +179,13 @@ static unsigned char **lineptrs;
+ static int have_image;
+ static int width,height;
+ static unsigned char *image;
++static int cmyk;
+ unsigned char *ptr,*ptr2;
+ int chkw,chkh;
+ int f,rec;
+ static int greyscale; /* static to satisfy gcc -Wall */
+ 
++cmyk=0;
+ greyscale=0;
+ 
+ lineptrs=NULL;
+@@ -225,6 +227,15 @@ if(cinfo.jpeg_color_space==JCS_GRAYSCALE
+   greyscale=1;
+   }
+ 
++if(cinfo.jpeg_color_space==JCS_CMYK)
++  cmyk=1;
++
++if(cinfo.jpeg_color_space==JCS_YCCK)
++  {
++  cmyk=1;
++  cinfo.out_color_space=JCS_CMYK;
++  }
++
+ *wp=width=cinfo.image_width;
+ *hp=height=cinfo.image_height;
+ 
+@@ -266,7 +277,7 @@ if(!careful_jpeg)
+ /* this one shouldn't hurt */
+ cinfo.do_block_smoothing=FALSE;
+ 
+-if(WH_BAD(width,height) || (*imagep=image=malloc(width*height*3))==NULL)
++if(WH_BAD(width,height) || (*imagep=image=malloc(width*(height+cmyk)*3))==NULL)
+   longjmp(jerr.setjmp_buffer,1);
+ 
+ jpeg_start_decompress(&cinfo);
+@@ -279,12 +290,33 @@ ptr=image+width*2*greyscale;     /* put data
+ for(f=0;f<height;f++,ptr+=width*3)
+   lineptrs[f]=ptr;
+ 
+-rec=cinfo.rec_outbuf_height;
+-while(cinfo.output_scanline<height)
++if(!cmyk)
+   {
+-  f=height-cinfo.output_scanline;
+-  jpeg_read_scanlines(&cinfo,lineptrs+cinfo.output_scanline,
+-                      f>rec?rec:f);
++  rec=cinfo.rec_outbuf_height;
++  while(cinfo.output_scanline<height)
++    {
++    f=height-cinfo.output_scanline;
++    jpeg_read_scanlines(&cinfo,lineptrs+cinfo.output_scanline,
++                        f>rec?rec:f);
++    }
++  }
++else  /* cmyk output */
++  {
++  int tmp;
++
++  ptr=image;
++  while(cinfo.output_scanline<height)
++    {
++    jpeg_read_scanlines(&cinfo,&ptr,1);
++    ptr2=ptr;
++    for(f=0;f<width;f++,ptr+=3,ptr2+=4)
++      {
++      tmp=ptr2[3];
++      ptr[0]=(tmp*ptr2[0])/255;
++      ptr[1]=(tmp*ptr2[1])/255;
++      ptr[2]=(tmp*ptr2[2])/255;
++      }
++    }
+   }
+ 
+ free(lineptrs);