[pkgsrc/trunk]: pkgsrc/graphics/GraphicsMagick Add an patch to fixes CVE-2008...

[obache <obache%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/e5f2e227de18
branches:  trunk
changeset: 397014:e5f2e227de18
user:      obache <obache%pkgsrc.org@localhost>
date:      Sat Aug 08 04:41:07 2009 +0000

description:
Add an patch to fixes CVE-2008-1097, taken from upstream repository.
Bump PKGREVISION.

diffstat:

 graphics/GraphicsMagick/Makefile         |   3 ++-
 graphics/GraphicsMagick/distinfo         |   3 ++-
 graphics/GraphicsMagick/patches/patch-ab |  19 +++++++++++++++++++
 3 files changed, 23 insertions(+), 2 deletions(-)

diffs (47 lines):

diff -r 6aa0a781bf28 -r e5f2e227de18 graphics/GraphicsMagick/Makefile
--- a/graphics/GraphicsMagick/Makefile  Sat Aug 08 04:24:20 2009 +0000
+++ b/graphics/GraphicsMagick/Makefile  Sat Aug 08 04:41:07 2009 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.21 2009/01/27 04:38:44 obache Exp $
+# $NetBSD: Makefile,v 1.22 2009/08/08 04:41:07 obache Exp $
 #
 
 DISTNAME=      GraphicsMagick-1.3.5
+PKGREVISION=   1
 CATEGORIES=    graphics
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=graphicsmagick/} \
                ftp://ftp.graphicsmagick.org/pub/GraphicsMagick/1.3/
diff -r 6aa0a781bf28 -r e5f2e227de18 graphics/GraphicsMagick/distinfo
--- a/graphics/GraphicsMagick/distinfo  Sat Aug 08 04:24:20 2009 +0000
+++ b/graphics/GraphicsMagick/distinfo  Sat Aug 08 04:41:07 2009 +0000
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.17 2009/01/27 04:38:44 obache Exp $
+$NetBSD: distinfo,v 1.18 2009/08/08 04:41:07 obache Exp $
 
 SHA1 (GraphicsMagick-1.3.5.tar.gz) = f0a8ba6ccfd03be3fa1d29eaa55b8faa73e5e7a2
 RMD160 (GraphicsMagick-1.3.5.tar.gz) = cef96710a916954ecce894b03e058aaf5a304480
 Size (GraphicsMagick-1.3.5.tar.gz) = 7386555 bytes
+SHA1 (patch-ab) = f4e501afbfb5822a6803be76826e70de9a4cee15
diff -r 6aa0a781bf28 -r e5f2e227de18 graphics/GraphicsMagick/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/GraphicsMagick/patches/patch-ab  Sat Aug 08 04:41:07 2009 +0000
@@ -0,0 +1,19 @@
+$NetBSD: patch-ab,v 1.1 2009/08/08 04:41:08 obache Exp $
+
+Detect improper rows, columns, or depth.
+Fixes CVE-2008-1097 "Memory corruption in ImageMagick's PCX coder".
+
+http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/pcx.c.diff?r1=1.135;r2=1.136
+
+--- coders/pcx.c.orig  2008-11-07 17:36:01.000000000 +0000
++++ coders/pcx.c
+@@ -302,6 +302,9 @@ static Image *ReadPCXImage(const ImageIn
+     */
+     image->columns=(pcx_info.right-pcx_info.left)+1;
+     image->rows=(pcx_info.bottom-pcx_info.top)+1;
++    if ((image->columns == 0) || (image->rows == 0) ||
++        (pcx_info.bits_per_pixel == 0))
++      ThrowReaderException(CorruptImageError,ImproperImageHeader,image);
+     image->depth=pcx_info.bits_per_pixel <= 8 ? 8 : QuantumDepth;
+     image->units=PixelsPerInchResolution;
+     image->x_resolution=pcx_info.horizontal_resolution;