Add patches from upstream in order to update to 0.6.2.1

Changes: * Fix SA34035: Use after free error that can be used to execute arbitrary code via a specially crafted GIF image
author: kefren <kefren> 2009-03-02 06:20:33 +0000
committer: kefren <kefren> 2009-03-02 06:20:33 +0000
commit: 1f601ba38da0fc3415bcf450c144065e79db2de3 (patch)
tree: b2de5591ce6d66b96951bd137a181d77eadd0093 /graphics/optipng
parent: fea3960a051111d1b899af3950454b8bd008968a (diff)
download: pkgsrc-1f601ba38da0fc3415bcf450c144065e79db2de3.tar.gz
5 files changed, 66 insertions, 2 deletions
diff --git a/graphics/optipng/Makefile b/graphics/optipng/Makefile
index e2eaea3e994..e2f1bfd7b03 100644
--- a/graphics/optipng/Makefile
+++ b/graphics/optipng/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.16 2008/11/12 18:45:04 adam Exp $
+# $NetBSD: Makefile,v 1.17 2009/03/02 06:20:33 kefren Exp $
 
 DISTNAME=	optipng-0.6.2
+PKGNAME=	${DISTNAME}.1
 CATEGORIES=	graphics
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=optipng/}
 
diff --git a/graphics/optipng/distinfo b/graphics/optipng/distinfo
index 3e97c3b3483..ac11b84a2b6 100644
--- a/graphics/optipng/distinfo
+++ b/graphics/optipng/distinfo
@@ -1,7 +1,10 @@
-$NetBSD: distinfo,v 1.12 2008/11/12 18:45:04 adam Exp $
+$NetBSD: distinfo,v 1.13 2009/03/02 06:20:33 kefren Exp $
 
 SHA1 (optipng-0.6.2.tar.gz) = 374b3537a262590ba2822f2b10d9241247b4da95
 RMD160 (optipng-0.6.2.tar.gz) = cd9ecfbd1c8901d14cb93fbc9f07403071cea37e
 Size (optipng-0.6.2.tar.gz) = 1052509 bytes
 SHA1 (patch-aa) = 0a0c92b9786193862465646373b82c6bc47cee2c
+SHA1 (patch-ab) = 7816dcfe5505695a3032bdb399b904e5db33a182
 SHA1 (patch-ac) = fb4eb567b5a24b2d26bf357061be80c57b4d4a3c
+SHA1 (patch-ad) = f44f5862de983da3a78529db1ba1b53d40d16dde
+SHA1 (patch-ae) = cf8a80e056bc25d59e2ffda73127e71056cc8ce2
diff --git a/graphics/optipng/patches/patch-ab b/graphics/optipng/patches/patch-ab
new file mode 100644
index 00000000000..a48f7cfeea6
--- /dev/null
+++ b/graphics/optipng/patches/patch-ab
@@ -0,0 +1,36 @@
+$NetBSD: patch-ab,v 1.5 2009/03/02 06:20:34 kefren Exp $
+diff -ru optipng-0.6.2/lib/pngxtern/gif/gifread.c optipng-0.6.2.1/lib/pngxtern/gif/gifread.c
+--- lib/pngxtern/gif/gifread.c	2006-08-10 20:17:00.000000000 -0400
++++ lib/pngxtern/gif/gifread.c	2009-02-20 03:11:00.000000000 -0500
+@@ -219,8 +219,7 @@
+  **/
+ static void GIFReadNextExtension(struct GIFExtension *ext, FILE *stream)
+ {
+-    unsigned char *ptr;
+-    unsigned int len;
++    unsigned int offset, len;
+     int count, label;
+ 
+     GIF_FGETC(label, stream);
+@@ -233,7 +232,7 @@
+         return;
+     }
+ 
+-    ptr = ext->Buffer;
++    offset = 0;
+     len = ext->BufferSize;
+     for ( ;; )
+     {
+@@ -243,10 +242,10 @@
+             ext->BufferSize += 1024;
+             ext->Buffer = realloc(ext->Buffer, ext->BufferSize);
+         }
+-        count = ReadDataBlock(ptr, stream);
++        count = ReadDataBlock(ext->Buffer + offset, stream);
+         if (count == 0)
+             break;
+-        ptr += count;
++        offset += count;
+         len -= count;
+     }
+ }
diff --git a/graphics/optipng/patches/patch-ad b/graphics/optipng/patches/patch-ad
new file mode 100644
index 00000000000..6223effb2bc
--- /dev/null
+++ b/graphics/optipng/patches/patch-ad
@@ -0,0 +1,12 @@
+$NetBSD: patch-ad,v 1.3 2009/03/02 06:20:34 kefren Exp $
+diff -ru optipng-0.6.2/src/optipng.c optipng-0.6.2.1/src/optipng.c
+--- src/optipng.c	2008-11-09 23:56:00.000000000 -0500
++++ src/optipng.c	2008-11-11 13:57:00.000000000 -0500
+@@ -542,6 +542,7 @@
+ static void
+ app_init(void)
+ {
++    setvbuf(stdout, NULL, _IONBF, 0);
+     if (options.log_name != NULL)
+     {
+         /* Open the log file, line-buffered. */
diff --git a/graphics/optipng/patches/patch-ae b/graphics/optipng/patches/patch-ae
new file mode 100644
index 00000000000..02b8fb70049
--- /dev/null
+++ b/graphics/optipng/patches/patch-ae
@@ -0,0 +1,12 @@
+$NetBSD: patch-ae,v 1.1 2009/03/02 06:20:34 kefren Exp $
+diff -ru optipng-0.6.2/src/proginfo.h optipng-0.6.2.1/src/proginfo.h
+--- src/proginfo.h	2008-11-09 23:56:00.000000000 -0500
++++ src/proginfo.h	2009-02-22 23:38:00.000000000 -0500
+@@ -1,5 +1,5 @@
+ #define PROGRAM_NAME        "OptiPNG"
+ #define PROGRAM_DESCRIPTION "Advanced PNG optimizer"
+-#define PROGRAM_VERSION     "0.6.2"
+-#define PROGRAM_COPYRIGHT   "Copyright (C) 2001-2008 Cosmin Truta"
++#define PROGRAM_VERSION     "0.6.2.1"
++#define PROGRAM_COPYRIGHT   "Copyright (C) 2001-2009 Cosmin Truta"
+ #define PROGRAM_URI         "http://optipng.sourceforge.net/"
author	kefren <kefren>	2009-03-02 06:20:33 +0000
committer	kefren <kefren>	2009-03-02 06:20:33 +0000
commit	1f601ba38da0fc3415bcf450c144065e79db2de3 (patch)
tree	b2de5591ce6d66b96951bd137a181d77eadd0093 /graphics/optipng
parent	fea3960a051111d1b899af3950454b8bd008968a (diff)
download	pkgsrc-1f601ba38da0fc3415bcf450c144065e79db2de3.tar.gz