[pkgsrc/trunk]: pkgsrc/graphics/xv xv: fix for CVE-2017-18215

[tez <tez%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/5d86aec3164c
branches:  trunk
changeset: 309675:5d86aec3164c
user:      tez <tez%pkgsrc.org@localhost>
date:      Thu Jun 21 22:36:36 2018 +0000

description:
xv: fix for CVE-2017-18215

from https://bugzilla.suse.com/show_bug.cgi?id=1043479

diffstat:

 graphics/xv/Makefile         |  4 ++--
 graphics/xv/distinfo         |  4 ++--
 graphics/xv/patches/patch-ae |  5 +++--
 3 files changed, 7 insertions(+), 6 deletions(-)

diffs (51 lines):

diff -r d1465f643a07 -r 5d86aec3164c graphics/xv/Makefile
--- a/graphics/xv/Makefile      Thu Jun 21 20:55:44 2018 +0000
+++ b/graphics/xv/Makefile      Thu Jun 21 22:36:36 2018 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.91 2018/01/14 14:58:40 rillig Exp $
+# $NetBSD: Makefile,v 1.92 2018/06/21 22:36:36 tez Exp $
 
 DISTNAME=      xv-3.10a
-PKGREVISION=   23
+PKGREVISION=   24
 CATEGORIES=    graphics x11
 MASTER_SITES=  ftp://ftp.cis.upenn.edu/pub/xv/
 DISTFILES=     ${DEFAULT_DISTFILES} ${JUMBO_PATCHES}
diff -r d1465f643a07 -r 5d86aec3164c graphics/xv/distinfo
--- a/graphics/xv/distinfo      Thu Jun 21 20:55:44 2018 +0000
+++ b/graphics/xv/distinfo      Thu Jun 21 22:36:36 2018 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.20 2015/11/22 19:17:01 tsutsui Exp $
+$NetBSD: distinfo,v 1.21 2018/06/21 22:36:36 tez Exp $
 
 SHA1 (xv-3.10a-enhancements.20070520-20081216.diff) = 40bfb0889b820e0f9d3bd7d771144ec3458acc66
 RMD160 (xv-3.10a-enhancements.20070520-20081216.diff) = dbd4ab25b5b62fb543befcf655d928db3a77e005
@@ -16,6 +16,6 @@
 SHA1 (patch-ab) = 5bfc8ae09b029e4661b27d94bba46540c7f320fb
 SHA1 (patch-ac) = a17b0095e6586b595190a07126ac58752d8a2562
 SHA1 (patch-ad) = d1fa6ae4c432528148ebe37b7a8bef8bd2059997
-SHA1 (patch-ae) = f17f17ac49dafb233cc9f0629f2425120a6b5495
+SHA1 (patch-ae) = 2bda08bae67fcf127c49b9ed780b7a247579c088
 SHA1 (patch-af) = 7f6e771788e04577d8db17bfe8fbcce8dca4a600
 SHA1 (patch-ag) = 120d589f728fd32ea267fd46bcc16f27d9f08116
diff -r d1465f643a07 -r 5d86aec3164c graphics/xv/patches/patch-ae
--- a/graphics/xv/patches/patch-ae      Thu Jun 21 20:55:44 2018 +0000
+++ b/graphics/xv/patches/patch-ae      Thu Jun 21 22:36:36 2018 +0000
@@ -1,6 +1,7 @@
-$NetBSD: patch-ae,v 1.4 2011/01/23 23:58:01 dholland Exp $
+$NetBSD: patch-ae,v 1.5 2018/06/21 22:36:36 tez Exp $
 
 Fix build with libpng 1.5.
+Fix CVE-2017-18215 from https://bugzilla.suse.com/show_bug.cgi?id=1043479
 
 --- xvpng.c.orig       2007-05-14 00:53:28.000000000 +0000
 +++ xvpng.c
@@ -514,7 +515,7 @@
 -                     info_ptr->text[i].text_length + 2;
 +    for (i = 0; i < num_text; i++)
 +      commentsize += strlen(text[i].key) + 1 +
-+                     text[i].text_length + 2;
++                     strlen(text[i].text) + 2;
  
      if ((pinfo->comment = malloc(commentsize)) == NULL) {
        png_warning(png_ptr,"can't allocate comment string");