also patch CVE-2007-6697 (buffer overflow in gif parser), from upstream

CVS, bump PKGREVISION

3 files changed, 19 insertions, 3 deletions

diff --git a/graphics/SDL_image/Makefile b/graphics/SDL_image/Makefile
index b075e7285d2..bec47688848 100644
--- a/graphics/SDL_image/Makefile
+++ b/graphics/SDL_image/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.29 2008/02/08 12:33:31 drochner Exp $
+# $NetBSD: Makefile,v 1.30 2008/02/11 10:12:24 drochner Exp $
 
 DISTNAME=	SDL_image-1.2.6
-PKGREVISION=	1
+PKGREVISION=	2
 CATEGORIES=	graphics devel
 MASTER_SITES=	http://www.libsdl.org/projects/SDL_image/release/
 
diff --git a/graphics/SDL_image/distinfo b/graphics/SDL_image/distinfo
index d55f2adc284..39155c50c3d 100644
--- a/graphics/SDL_image/distinfo
+++ b/graphics/SDL_image/distinfo
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.7 2008/02/08 12:33:31 drochner Exp $
+$NetBSD: distinfo,v 1.8 2008/02/11 10:12:24 drochner Exp $
 
 SHA1 (SDL_image-1.2.6.tar.gz) = 5045df31e4db29d8890110fd18024c9d08efca30
 RMD160 (SDL_image-1.2.6.tar.gz) = 8aea5f07216eb887f599c0908f8ea2c2f9eeac93
 Size (SDL_image-1.2.6.tar.gz) = 1308812 bytes
 SHA1 (patch-aa) = eb852fd3c7218fe257ca40a6e90c81ec13dcaeb1
+SHA1 (patch-ab) = 5ddd8f064834a47b7ebda5b1bc1e473351b3e005
diff --git a/graphics/SDL_image/patches/patch-ab b/graphics/SDL_image/patches/patch-ab
new file mode 100644
index 00000000000..fa629aaa855
--- /dev/null
+++ b/graphics/SDL_image/patches/patch-ab
@@ -0,0 +1,15 @@
+$NetBSD: patch-ab,v 1.1 2008/02/11 10:12:24 drochner Exp $
+
+--- IMG_gif.c.orig	2007-07-02 04:03:48.000000000 +0200
++++ IMG_gif.c
+@@ -418,6 +418,10 @@ LWZReadByte(SDL_RWops *src, int flag, in
+     static int stack[(1 << (MAX_LWZ_BITS)) * 2], *sp;
+     register int i;
+ 
++    /* Fixed buffer overflow found by Michael Skladnikiewicz */
++    if (input_code_size > MAX_LWZ_BITS)
++        return -1;
++
+     if (flag) {
+ 	set_code_size = input_code_size;
+ 	code_size = set_code_size + 1;