[pkgsrc/pkgsrc-2008Q4]: pkgsrc/graphics/optipng Pullup ticket #2714 - request...

[tron <tron%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/689e62e73f66
branches:  pkgsrc-2008Q4
changeset: 552357:689e62e73f66
user:      tron <tron%pkgsrc.org@localhost>
date:      Tue Mar 03 19:57:53 2009 +0000

description:
Pullup ticket #2714 - requested by kefren
optipng: security patch

Revisions pulled up:
- graphics/optipng/Makefile                     1.17
- graphics/optipng/distinfo                     1.13
- graphics/optipng/patches/patch-ab             1.5
- graphics/optipng/patches/patch-ad             1.3
- graphics/optipng/patches/patch-ae             1.1
---
Module Name:    pkgsrc
Committed By:   kefren
Date:           Mon Mar  2 06:20:34 UTC 2009

Modified Files:
        pkgsrc/graphics/optipng: Makefile distinfo
Added Files:
        pkgsrc/graphics/optipng/patches: patch-ab patch-ad patch-ae

Log Message:
Add patches from upstream in order to update to 0.6.2.1

Changes:

   * Fix SA34035: Use after free error that can be used to execute arbitrary
     code via a specially crafted GIF image

diffstat:

 graphics/optipng/Makefile         |   3 ++-
 graphics/optipng/distinfo         |   5 ++++-
 graphics/optipng/patches/patch-ab |  36 ++++++++++++++++++++++++++++++++++++
 graphics/optipng/patches/patch-ad |  12 ++++++++++++
 graphics/optipng/patches/patch-ae |  12 ++++++++++++
 5 files changed, 66 insertions(+), 2 deletions(-)

diffs (99 lines):

diff -r 2588e8bf1c2e -r 689e62e73f66 graphics/optipng/Makefile
--- a/graphics/optipng/Makefile Sun Mar 01 16:40:00 2009 +0000
+++ b/graphics/optipng/Makefile Tue Mar 03 19:57:53 2009 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.16 2008/11/12 18:45:04 adam Exp $
+# $NetBSD: Makefile,v 1.16.2.1 2009/03/03 19:57:53 tron Exp $
 
 DISTNAME=      optipng-0.6.2
+PKGNAME=       ${DISTNAME}.1
 CATEGORIES=    graphics
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=optipng/}
 
diff -r 2588e8bf1c2e -r 689e62e73f66 graphics/optipng/distinfo
--- a/graphics/optipng/distinfo Sun Mar 01 16:40:00 2009 +0000
+++ b/graphics/optipng/distinfo Tue Mar 03 19:57:53 2009 +0000
@@ -1,7 +1,10 @@
-$NetBSD: distinfo,v 1.12 2008/11/12 18:45:04 adam Exp $
+$NetBSD: distinfo,v 1.12.2.1 2009/03/03 19:57:53 tron Exp $
 
 SHA1 (optipng-0.6.2.tar.gz) = 374b3537a262590ba2822f2b10d9241247b4da95
 RMD160 (optipng-0.6.2.tar.gz) = cd9ecfbd1c8901d14cb93fbc9f07403071cea37e
 Size (optipng-0.6.2.tar.gz) = 1052509 bytes
 SHA1 (patch-aa) = 0a0c92b9786193862465646373b82c6bc47cee2c
+SHA1 (patch-ab) = 7816dcfe5505695a3032bdb399b904e5db33a182
 SHA1 (patch-ac) = fb4eb567b5a24b2d26bf357061be80c57b4d4a3c
+SHA1 (patch-ad) = f44f5862de983da3a78529db1ba1b53d40d16dde
+SHA1 (patch-ae) = cf8a80e056bc25d59e2ffda73127e71056cc8ce2
diff -r 2588e8bf1c2e -r 689e62e73f66 graphics/optipng/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/optipng/patches/patch-ab Tue Mar 03 19:57:53 2009 +0000
@@ -0,0 +1,36 @@
+$NetBSD: patch-ab,v 1.4.22.1 2009/03/03 19:57:53 tron Exp $
+diff -ru optipng-0.6.2/lib/pngxtern/gif/gifread.c optipng-0.6.2.1/lib/pngxtern/gif/gifread.c
+--- lib/pngxtern/gif/gifread.c 2006-08-10 20:17:00.000000000 -0400
++++ lib/pngxtern/gif/gifread.c 2009-02-20 03:11:00.000000000 -0500
+@@ -219,8 +219,7 @@
+  **/
+ static void GIFReadNextExtension(struct GIFExtension *ext, FILE *stream)
+ {
+-    unsigned char *ptr;
+-    unsigned int len;
++    unsigned int offset, len;
+     int count, label;
+ 
+     GIF_FGETC(label, stream);
+@@ -233,7 +232,7 @@
+         return;
+     }
+ 
+-    ptr = ext->Buffer;
++    offset = 0;
+     len = ext->BufferSize;
+     for ( ;; )
+     {
+@@ -243,10 +242,10 @@
+             ext->BufferSize += 1024;
+             ext->Buffer = realloc(ext->Buffer, ext->BufferSize);
+         }
+-        count = ReadDataBlock(ptr, stream);
++        count = ReadDataBlock(ext->Buffer + offset, stream);
+         if (count == 0)
+             break;
+-        ptr += count;
++        offset += count;
+         len -= count;
+     }
+ }
diff -r 2588e8bf1c2e -r 689e62e73f66 graphics/optipng/patches/patch-ad
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/optipng/patches/patch-ad Tue Mar 03 19:57:53 2009 +0000
@@ -0,0 +1,12 @@
+$NetBSD: patch-ad,v 1.2.24.1 2009/03/03 19:57:53 tron Exp $
+diff -ru optipng-0.6.2/src/optipng.c optipng-0.6.2.1/src/optipng.c
+--- src/optipng.c      2008-11-09 23:56:00.000000000 -0500
++++ src/optipng.c      2008-11-11 13:57:00.000000000 -0500
+@@ -542,6 +542,7 @@
+ static void
+ app_init(void)
+ {
++    setvbuf(stdout, NULL, _IONBF, 0);
+     if (options.log_name != NULL)
+     {
+         /* Open the log file, line-buffered. */
diff -r 2588e8bf1c2e -r 689e62e73f66 graphics/optipng/patches/patch-ae
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/optipng/patches/patch-ae Tue Mar 03 19:57:53 2009 +0000
@@ -0,0 +1,12 @@
+$NetBSD: patch-ae,v 1.1.2.2 2009/03/03 19:57:53 tron Exp $
+diff -ru optipng-0.6.2/src/proginfo.h optipng-0.6.2.1/src/proginfo.h
+--- src/proginfo.h     2008-11-09 23:56:00.000000000 -0500
++++ src/proginfo.h     2009-02-22 23:38:00.000000000 -0500
+@@ -1,5 +1,5 @@
+ #define PROGRAM_NAME        "OptiPNG"
+ #define PROGRAM_DESCRIPTION "Advanced PNG optimizer"
+-#define PROGRAM_VERSION     "0.6.2"
+-#define PROGRAM_COPYRIGHT   "Copyright (C) 2001-2008 Cosmin Truta"
++#define PROGRAM_VERSION     "0.6.2.1"
++#define PROGRAM_COPYRIGHT   "Copyright (C) 2001-2009 Cosmin Truta"
+ #define PROGRAM_URI         "http://optipng.sourceforge.net/";