Pullup ticket #2714 - requested by kefren

optipng: security patch Revisions pulled up: - graphics/optipng/Makefile 1.17 - graphics/optipng/distinfo 1.13 - graphics/optipng/patches/patch-ab 1.5 - graphics/optipng/patches/patch-ad 1.3 - graphics/optipng/patches/patch-ae 1.1 --- Module Name: pkgsrc Committed By: kefren Date: Mon Mar 2 06:20:34 UTC 2009 Modified Files: pkgsrc/graphics/optipng: Makefile distinfo Added Files: pkgsrc/graphics/optipng/patches: patch-ab patch-ad patch-ae Log Message: Add patches from upstream in order to update to 0.6.2.1 Changes: * Fix SA34035: Use after free error that can be used to execute arbitrary code via a specially crafted GIF image
author: tron <tron> 2009-03-03 19:57:53 +0000
committer: tron <tron> 2009-03-03 19:57:53 +0000
commit: 3974c27f51cc0c15eef2868b7168d04dffd97d9d (patch)
tree: 8e6547378ce263a6ce5dbd2cfe988145b6b97764
parent: dae2d9950aba0fd8ebab09a52cb013de1a8a8562 (diff)
download: pkgsrc-3974c27f51cc0c15eef2868b7168d04dffd97d9d.tar.gz
5 files changed, 66 insertions, 2 deletions
diff --git a/graphics/optipng/Makefile b/graphics/optipng/Makefile
index e2eaea3e994..835eca1ce2d 100644
--- a/graphics/optipng/Makefile
+++ b/graphics/optipng/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.16 2008/11/12 18:45:04 adam Exp $
+# $NetBSD: Makefile,v 1.16.2.1 2009/03/03 19:57:53 tron Exp $
 
 DISTNAME=	optipng-0.6.2
+PKGNAME=	${DISTNAME}.1
 CATEGORIES=	graphics
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=optipng/}
 
diff --git a/graphics/optipng/distinfo b/graphics/optipng/distinfo
index 3e97c3b3483..3e621102abd 100644
--- a/graphics/optipng/distinfo
+++ b/graphics/optipng/distinfo
@@ -1,7 +1,10 @@
-$NetBSD: distinfo,v 1.12 2008/11/12 18:45:04 adam Exp $
+$NetBSD: distinfo,v 1.12.2.1 2009/03/03 19:57:53 tron Exp $
 
 SHA1 (optipng-0.6.2.tar.gz) = 374b3537a262590ba2822f2b10d9241247b4da95
 RMD160 (optipng-0.6.2.tar.gz) = cd9ecfbd1c8901d14cb93fbc9f07403071cea37e
 Size (optipng-0.6.2.tar.gz) = 1052509 bytes
 SHA1 (patch-aa) = 0a0c92b9786193862465646373b82c6bc47cee2c
+SHA1 (patch-ab) = 7816dcfe5505695a3032bdb399b904e5db33a182
 SHA1 (patch-ac) = fb4eb567b5a24b2d26bf357061be80c57b4d4a3c
+SHA1 (patch-ad) = f44f5862de983da3a78529db1ba1b53d40d16dde
+SHA1 (patch-ae) = cf8a80e056bc25d59e2ffda73127e71056cc8ce2
diff --git a/graphics/optipng/patches/patch-ab b/graphics/optipng/patches/patch-ab
new file mode 100644
index 00000000000..073e60bab6f
--- /dev/null
+++ b/graphics/optipng/patches/patch-ab
@@ -0,0 +1,36 @@
+$NetBSD: patch-ab,v 1.4.22.1 2009/03/03 19:57:53 tron Exp $
+diff -ru optipng-0.6.2/lib/pngxtern/gif/gifread.c optipng-0.6.2.1/lib/pngxtern/gif/gifread.c
+--- lib/pngxtern/gif/gifread.c	2006-08-10 20:17:00.000000000 -0400
++++ lib/pngxtern/gif/gifread.c	2009-02-20 03:11:00.000000000 -0500
+@@ -219,8 +219,7 @@
+  **/
+ static void GIFReadNextExtension(struct GIFExtension *ext, FILE *stream)
+ {
+-    unsigned char *ptr;
+-    unsigned int len;
++    unsigned int offset, len;
+     int count, label;
+ 
+     GIF_FGETC(label, stream);
+@@ -233,7 +232,7 @@
+         return;
+     }
+ 
+-    ptr = ext->Buffer;
++    offset = 0;
+     len = ext->BufferSize;
+     for ( ;; )
+     {
+@@ -243,10 +242,10 @@
+             ext->BufferSize += 1024;
+             ext->Buffer = realloc(ext->Buffer, ext->BufferSize);
+         }
+-        count = ReadDataBlock(ptr, stream);
++        count = ReadDataBlock(ext->Buffer + offset, stream);
+         if (count == 0)
+             break;
+-        ptr += count;
++        offset += count;
+         len -= count;
+     }
+ }
diff --git a/graphics/optipng/patches/patch-ad b/graphics/optipng/patches/patch-ad
new file mode 100644
index 00000000000..283d9c733c0
--- /dev/null
+++ b/graphics/optipng/patches/patch-ad
@@ -0,0 +1,12 @@
+$NetBSD: patch-ad,v 1.2.24.1 2009/03/03 19:57:53 tron Exp $
+diff -ru optipng-0.6.2/src/optipng.c optipng-0.6.2.1/src/optipng.c
+--- src/optipng.c	2008-11-09 23:56:00.000000000 -0500
++++ src/optipng.c	2008-11-11 13:57:00.000000000 -0500
+@@ -542,6 +542,7 @@
+ static void
+ app_init(void)
+ {
++    setvbuf(stdout, NULL, _IONBF, 0);
+     if (options.log_name != NULL)
+     {
+         /* Open the log file, line-buffered. */
diff --git a/graphics/optipng/patches/patch-ae b/graphics/optipng/patches/patch-ae
new file mode 100644
index 00000000000..3c0edc6d833
--- /dev/null
+++ b/graphics/optipng/patches/patch-ae
@@ -0,0 +1,12 @@
+$NetBSD: patch-ae,v 1.1.2.2 2009/03/03 19:57:53 tron Exp $
+diff -ru optipng-0.6.2/src/proginfo.h optipng-0.6.2.1/src/proginfo.h
+--- src/proginfo.h	2008-11-09 23:56:00.000000000 -0500
++++ src/proginfo.h	2009-02-22 23:38:00.000000000 -0500
+@@ -1,5 +1,5 @@
+ #define PROGRAM_NAME        "OptiPNG"
+ #define PROGRAM_DESCRIPTION "Advanced PNG optimizer"
+-#define PROGRAM_VERSION     "0.6.2"
+-#define PROGRAM_COPYRIGHT   "Copyright (C) 2001-2008 Cosmin Truta"
++#define PROGRAM_VERSION     "0.6.2.1"
++#define PROGRAM_COPYRIGHT   "Copyright (C) 2001-2009 Cosmin Truta"
+ #define PROGRAM_URI         "http://optipng.sourceforge.net/"
author	tron <tron>	2009-03-03 19:57:53 +0000
committer	tron <tron>	2009-03-03 19:57:53 +0000
commit	3974c27f51cc0c15eef2868b7168d04dffd97d9d (patch)
tree	8e6547378ce263a6ce5dbd2cfe988145b6b97764
parent	dae2d9950aba0fd8ebab09a52cb013de1a8a8562 (diff)
download	pkgsrc-3974c27f51cc0c15eef2868b7168d04dffd97d9d.tar.gz