[pkgsrc/trunk]: pkgsrc/graphics/SDL_image add a patch from upstream CVS to fi...

[drochner <drochner%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/c072d5690ec0
branches:  trunk
changeset: 538438:c072d5690ec0
user:      drochner <drochner%pkgsrc.org@localhost>
date:      Fri Feb 08 12:33:31 2008 +0000

description:
add a patch from upstream CVS to fix buffer overflow (CVE-2008-0544),
bump PKGREVISION

diffstat:

 graphics/SDL_image/Makefile         |   3 ++-
 graphics/SDL_image/distinfo         |   3 ++-
 graphics/SDL_image/patches/patch-aa |  30 ++++++++++++++++++++++++++++++
 3 files changed, 34 insertions(+), 2 deletions(-)

diffs (57 lines):

diff -r 7c57c7ad08e5 -r c072d5690ec0 graphics/SDL_image/Makefile
--- a/graphics/SDL_image/Makefile       Fri Feb 08 11:53:06 2008 +0000
+++ b/graphics/SDL_image/Makefile       Fri Feb 08 12:33:31 2008 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.28 2007/07/25 23:53:58 wiz Exp $
+# $NetBSD: Makefile,v 1.29 2008/02/08 12:33:31 drochner Exp $
 
 DISTNAME=      SDL_image-1.2.6
+PKGREVISION=   1
 CATEGORIES=    graphics devel
 MASTER_SITES=  http://www.libsdl.org/projects/SDL_image/release/
 
diff -r 7c57c7ad08e5 -r c072d5690ec0 graphics/SDL_image/distinfo
--- a/graphics/SDL_image/distinfo       Fri Feb 08 11:53:06 2008 +0000
+++ b/graphics/SDL_image/distinfo       Fri Feb 08 12:33:31 2008 +0000
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.6 2007/07/25 23:53:58 wiz Exp $
+$NetBSD: distinfo,v 1.7 2008/02/08 12:33:31 drochner Exp $
 
 SHA1 (SDL_image-1.2.6.tar.gz) = 5045df31e4db29d8890110fd18024c9d08efca30
 RMD160 (SDL_image-1.2.6.tar.gz) = 8aea5f07216eb887f599c0908f8ea2c2f9eeac93
 Size (SDL_image-1.2.6.tar.gz) = 1308812 bytes
+SHA1 (patch-aa) = eb852fd3c7218fe257ca40a6e90c81ec13dcaeb1
diff -r 7c57c7ad08e5 -r c072d5690ec0 graphics/SDL_image/patches/patch-aa
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/SDL_image/patches/patch-aa       Fri Feb 08 12:33:31 2008 +0000
@@ -0,0 +1,30 @@
+$NetBSD: patch-aa,v 1.1 2008/02/08 12:33:31 drochner Exp $
+
+--- IMG_lbm.c.orig     2007-07-20 06:36:32.000000000 +0200
++++ IMG_lbm.c
+@@ -28,6 +28,7 @@
+    EHB and HAM (specific Amiga graphic chip modes) support added by Marc Le Douarain
+    (http://www.multimania.com/mavati) in December 2003.
+    Stencil and colorkey fixes by David Raulo (david.raulo AT free DOT fr) in February 2004.
++   Buffer overflow fix in RLE decompression by David Raulo in January 2008.
+ */
+ 
+ #include <stdio.h>
+@@ -328,7 +329,7 @@ SDL_Surface *IMG_LoadLBM_RW( SDL_RWops *
+                                               count ^= 0xFF;
+                                               count += 2; /* now it */
+ 
+-                                              if ( !SDL_RWread( src, &color, 1, 1 ) )
++                                              if ( ( count > remainingbytes ) || !SDL_RWread( src, &color, 1, 1 ) )
+                                               {
+                                                  error="error reading BODY chunk";
+                                                       goto done;
+@@ -339,7 +340,7 @@ SDL_Surface *IMG_LoadLBM_RW( SDL_RWops *
+                                       {
+                                               ++count;
+ 
+-                                              if ( !SDL_RWread( src, ptr, count, 1 ) )
++                                              if ( ( count > remainingbytes ) || !SDL_RWread( src, ptr, count, 1 ) )
+                                               {
+                                                  error="error reading BODY chunk";
+                                                       goto done;