CVS commit: pkgsrc/graphics/xv

["Tim Zingelman" <tez%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   tez
Date:           Thu Jun 21 22:36:36 UTC 2018

Modified Files:
        pkgsrc/graphics/xv: Makefile distinfo
        pkgsrc/graphics/xv/patches: patch-ae

Log Message:
xv: fix for CVE-2017-18215

from https://bugzilla.suse.com/show_bug.cgi?id=1043479


To generate a diff of this commit:
cvs rdiff -u -r1.91 -r1.92 pkgsrc/graphics/xv/Makefile
cvs rdiff -u -r1.20 -r1.21 pkgsrc/graphics/xv/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/graphics/xv/patches/patch-ae

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/graphics/xv/Makefile
diff -u pkgsrc/graphics/xv/Makefile:1.91 pkgsrc/graphics/xv/Makefile:1.92
--- pkgsrc/graphics/xv/Makefile:1.91    Sun Jan 14 14:58:40 2018
+++ pkgsrc/graphics/xv/Makefile Thu Jun 21 22:36:36 2018
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.91 2018/01/14 14:58:40 rillig Exp $
+# $NetBSD: Makefile,v 1.92 2018/06/21 22:36:36 tez Exp $
 
 DISTNAME=      xv-3.10a
-PKGREVISION=   23
+PKGREVISION=   24
 CATEGORIES=    graphics x11
 MASTER_SITES=  ftp://ftp.cis.upenn.edu/pub/xv/
 DISTFILES=     ${DEFAULT_DISTFILES} ${JUMBO_PATCHES}

Index: pkgsrc/graphics/xv/distinfo
diff -u pkgsrc/graphics/xv/distinfo:1.20 pkgsrc/graphics/xv/distinfo:1.21
--- pkgsrc/graphics/xv/distinfo:1.20    Sun Nov 22 19:17:01 2015
+++ pkgsrc/graphics/xv/distinfo Thu Jun 21 22:36:36 2018
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.20 2015/11/22 19:17:01 tsutsui Exp $
+$NetBSD: distinfo,v 1.21 2018/06/21 22:36:36 tez Exp $
 
 SHA1 (xv-3.10a-enhancements.20070520-20081216.diff) = 40bfb0889b820e0f9d3bd7d771144ec3458acc66
 RMD160 (xv-3.10a-enhancements.20070520-20081216.diff) = dbd4ab25b5b62fb543befcf655d928db3a77e005
@@ -16,6 +16,6 @@ SHA1 (patch-aa) = bd6ef51bf962e1994e2e47
 SHA1 (patch-ab) = 5bfc8ae09b029e4661b27d94bba46540c7f320fb
 SHA1 (patch-ac) = a17b0095e6586b595190a07126ac58752d8a2562
 SHA1 (patch-ad) = d1fa6ae4c432528148ebe37b7a8bef8bd2059997
-SHA1 (patch-ae) = f17f17ac49dafb233cc9f0629f2425120a6b5495
+SHA1 (patch-ae) = 2bda08bae67fcf127c49b9ed780b7a247579c088
 SHA1 (patch-af) = 7f6e771788e04577d8db17bfe8fbcce8dca4a600
 SHA1 (patch-ag) = 120d589f728fd32ea267fd46bcc16f27d9f08116

Index: pkgsrc/graphics/xv/patches/patch-ae
diff -u pkgsrc/graphics/xv/patches/patch-ae:1.4 pkgsrc/graphics/xv/patches/patch-ae:1.5
--- pkgsrc/graphics/xv/patches/patch-ae:1.4     Sun Jan 23 23:58:01 2011
+++ pkgsrc/graphics/xv/patches/patch-ae Thu Jun 21 22:36:36 2018
@@ -1,6 +1,7 @@
-$NetBSD: patch-ae,v 1.4 2011/01/23 23:58:01 dholland Exp $
+$NetBSD: patch-ae,v 1.5 2018/06/21 22:36:36 tez Exp $
 
 Fix build with libpng 1.5.
+Fix CVE-2017-18215 from https://bugzilla.suse.com/show_bug.cgi?id=1043479
 
 --- xvpng.c.orig       2007-05-14 00:53:28.000000000 +0000
 +++ xvpng.c
@@ -514,7 +515,7 @@ Fix build with libpng 1.5.
 -                     info_ptr->text[i].text_length + 2;
 +    for (i = 0; i < num_text; i++)
 +      commentsize += strlen(text[i].key) + 1 +
-+                     text[i].text_length + 2;
++                     strlen(text[i].text) + 2;
  
      if ((pinfo->comment = malloc(commentsize)) == NULL) {
        png_warning(png_ptr,"can't allocate comment string");