updating from version 2.36.4 to 2.36.6

adding patches for: CVE-2017-6311 CVE-2017-6312 CVE-2017-6313 CVE-2017-6314
from bugzilla.gnome.org

7 files changed, 103 insertions, 20 deletions

diff --git a/graphics/gdk-pixbuf2/Makefile.version b/graphics/gdk-pixbuf2/Makefile.version
index 03a9c9e4617..3ecded8a347 100644
--- a/graphics/gdk-pixbuf2/Makefile.version
+++ b/graphics/gdk-pixbuf2/Makefile.version
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile.version,v 1.15 2017/01/29 06:09:51 tsutsui Exp $
+# $NetBSD: Makefile.version,v 1.16 2017/05/14 12:55:16 spz Exp $
 #
 # used by graphics/gdk-pixbuf2/Makefile
 # used by graphics/gdk-pixbuf2-jasper/Makefile
 # used by graphics/gdk-pixbuf2-xlib/Makefile
 
-PIXBUF2_VERSION=	2.36.4
+PIXBUF2_VERSION=	2.36.6
 MSITE_VERSION=		${PIXBUF2_VERSION:R}
diff --git a/graphics/gdk-pixbuf2/PLIST b/graphics/gdk-pixbuf2/PLIST
index 9b60f905d66..d2855985de7 100644
--- a/graphics/gdk-pixbuf2/PLIST
+++ b/graphics/gdk-pixbuf2/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.15 2017/01/29 06:09:51 tsutsui Exp $
+@comment $NetBSD: PLIST,v 1.16 2017/05/14 12:55:16 spz Exp $
 bin/gdk-pixbuf-csource
 bin/gdk-pixbuf-pixdata
 bin/gdk-pixbuf-query-loaders
@@ -37,18 +37,6 @@ man/man1/gdk-pixbuf-query-loaders.1
 share/gir-1.0/GdkPixbuf-2.0.gir
 share/gtk-doc/html/gdk-pixbuf/GdkPixbufLoader.html
 share/gtk-doc/html/gdk-pixbuf/annotation-glossary.html
-share/gtk-doc/html/gdk-pixbuf/api-index-2-12.html
-share/gtk-doc/html/gdk-pixbuf/api-index-2-14.html
-share/gtk-doc/html/gdk-pixbuf/api-index-2-2.html
-share/gtk-doc/html/gdk-pixbuf/api-index-2-26.html
-share/gtk-doc/html/gdk-pixbuf/api-index-2-28.html
-share/gtk-doc/html/gdk-pixbuf/api-index-2-30.html
-share/gtk-doc/html/gdk-pixbuf/api-index-2-32.html
-share/gtk-doc/html/gdk-pixbuf/api-index-2-36.html
-share/gtk-doc/html/gdk-pixbuf/api-index-2-4.html
-share/gtk-doc/html/gdk-pixbuf/api-index-2-6.html
-share/gtk-doc/html/gdk-pixbuf/api-index-2-8.html
-share/gtk-doc/html/gdk-pixbuf/api-index-deprecated.html
 share/gtk-doc/html/gdk-pixbuf/api-index-full.html
 share/gtk-doc/html/gdk-pixbuf/composite.png
 share/gtk-doc/html/gdk-pixbuf/gdk-pixbuf-Animations.html
diff --git a/graphics/gdk-pixbuf2/distinfo b/graphics/gdk-pixbuf2/distinfo
index 5986c502132..afce11d1b0c 100644
--- a/graphics/gdk-pixbuf2/distinfo
+++ b/graphics/gdk-pixbuf2/distinfo
@@ -1,9 +1,13 @@
-$NetBSD: distinfo,v 1.32 2017/01/29 06:09:51 tsutsui Exp $
+$NetBSD: distinfo,v 1.33 2017/05/14 12:55:16 spz Exp $
 
-SHA1 (gdk-pixbuf-2.36.4.tar.xz) = d511ec0244b74bd3591eda7ccefcf79123f17d9d
-RMD160 (gdk-pixbuf-2.36.4.tar.xz) = db3e3f36826e5c866867b1ecf76e45e9c5e2c675
-SHA512 (gdk-pixbuf-2.36.4.tar.xz) = 3cede681a980998f0ace1a53cbf6faf25c0766582196c84a2860f1db7b2f08e04ef60c2046483b1ca5f9025bc20859a93ad295fd34c56dedcc214356c6375466
-Size (gdk-pixbuf-2.36.4.tar.xz) = 5158812 bytes
+SHA1 (gdk-pixbuf-2.36.6.tar.xz) = 8caa99dbbb143cddbb896bf35e01da717bb1479f
+RMD160 (gdk-pixbuf-2.36.6.tar.xz) = 9894ee0a16ed9fd6e7a152c1a5c2636985430d3a
+SHA512 (gdk-pixbuf-2.36.6.tar.xz) = b963f01161b58463c83499079545aa946fd824ec5e7167e0898698ac46e0cc3fb3dcb0cac5afabd6b7d957391b9c9bba55f340294076433155fc91052d5403ec
+Size (gdk-pixbuf-2.36.6.tar.xz) = 5166980 bytes
 SHA1 (patch-contrib_gdk-pixbuf-xlib_Makefile.in) = 636ab94c6bfde10c118b7833b4637a586781bfd5
 SHA1 (patch-gdk-pixbuf_Makefile.in) = 9173c4dbc89e4a4d34359e52885121c19a8a7ba6
 SHA1 (patch-gdk-pixbuf_gdk-pixbuf-scaled-anim.c) = 486db8d3f352b0d72b7074ba48f14ccbfa09deda
+SHA1 (patch-gdk-pixbuf_io-icns.c) = 71c1aa8ab88a260086b2bb345094d6a4376319a4
+SHA1 (patch-gdk-pixbuf_io-ico.c) = b9899618924d8201f3577d4d010e9c00be1c5d3b
+SHA1 (patch-gdk-pixbuf_io-tiff.c) = a43137f861ff9a240d148adb2a278c2112291652
+SHA1 (patch-thumbnailer_gnome-thumbnailer-skeleton.c) = ea0f9dd8fa79f3eb794873745ea3b132e157e176
diff --git a/graphics/gdk-pixbuf2/patches/patch-gdk-pixbuf_io-icns.c b/graphics/gdk-pixbuf2/patches/patch-gdk-pixbuf_io-icns.c
new file mode 100644
index 00000000000..87def76a5ef
--- /dev/null
+++ b/graphics/gdk-pixbuf2/patches/patch-gdk-pixbuf_io-icns.c
@@ -0,0 +1,16 @@
+$NetBSD: patch-gdk-pixbuf_io-icns.c,v 1.3 2017/05/14 12:55:16 spz Exp $
+
+from hint in https://bugzilla.gnome.org/show_bug.cgi?id=779016
+for CVE-2017-6313
+
+--- gdk-pixbuf/io-icns.c.orig	2016-10-22 03:38:29.000000000 +0000
++++ gdk-pixbuf/io-icns.c
+@@ -95,7 +95,7 @@ load_resources (unsigned size, IN gpoint
+       blocklen = GUINT32_FROM_BE (header->size);
+ 
+       /* Check that blocklen isn't garbage */
+-      if (blocklen > icnslen - (current - bytes))
++      if ((blocklen > icnslen - (current - bytes)) || (blocklen < sizeof (IcnsBlockHeader)))
+         return FALSE;
+ 
+       switch (size)
diff --git a/graphics/gdk-pixbuf2/patches/patch-gdk-pixbuf_io-ico.c b/graphics/gdk-pixbuf2/patches/patch-gdk-pixbuf_io-ico.c
new file mode 100644
index 00000000000..0cfd1152432
--- /dev/null
+++ b/graphics/gdk-pixbuf2/patches/patch-gdk-pixbuf_io-ico.c
@@ -0,0 +1,30 @@
+$NetBSD: patch-gdk-pixbuf_io-ico.c,v 1.1 2017/05/14 12:55:16 spz Exp $
+
+from https://bugzilla.gnome.org/attachment.cgi?id=347366&action=diff
+for CVE-2017-6312
+
+--- gdk-pixbuf/io-ico.c.orig	2017-02-27 17:24:19.000000000 +0000
++++ gdk-pixbuf/io-ico.c
+@@ -330,10 +330,8 @@ static void DecodeHeader(guchar *Data, g
+ 			return;
+ 		}
+ 
+-		/* We know how many bytes are in the "header" part. */
+-		State->HeaderSize = entry->DIBoffset + INFOHEADER_SIZE;
+-
+-		if (State->HeaderSize < 0) {
++		/* Avoid invoking undefined behavior in the State->HeaderSize calculation below */
++		if (entry->DIBoffset > G_MAXINT - INFOHEADER_SIZE) {
+ 			g_set_error (error,
+ 			             GDK_PIXBUF_ERROR,
+ 			             GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
+@@ -341,6 +339,9 @@ static void DecodeHeader(guchar *Data, g
+ 			return;
+ 		}
+ 
++		/* We know how many bytes are in the "header" part. */
++		State->HeaderSize = entry->DIBoffset + INFOHEADER_SIZE;
++
+ 		if (State->HeaderSize>State->BytesInHeaderBuf) {
+ 			guchar *tmp=g_try_realloc(State->HeaderBuf,State->HeaderSize);
+ 			if (!tmp) {
diff --git a/graphics/gdk-pixbuf2/patches/patch-gdk-pixbuf_io-tiff.c b/graphics/gdk-pixbuf2/patches/patch-gdk-pixbuf_io-tiff.c
new file mode 100644
index 00000000000..15397b28723
--- /dev/null
+++ b/graphics/gdk-pixbuf2/patches/patch-gdk-pixbuf_io-tiff.c
@@ -0,0 +1,21 @@
+$NetBSD: patch-gdk-pixbuf_io-tiff.c,v 1.1 2017/05/14 12:55:16 spz Exp $
+
+from https://bugzilla.gnome.org/attachment.cgi?id=350204&action=diff
+for CVE-2017-6314
+
+--- gdk-pixbuf/io-tiff.c.orig	2017-03-26 11:12:32.000000000 +0000
++++ gdk-pixbuf/io-tiff.c
+@@ -505,9 +505,12 @@ make_available_at_least (TiffContext *co
+         need_alloc = context->used + needed;
+         if (need_alloc > context->allocated) {
+                 guint new_size = 1;
+-                while (new_size < need_alloc)
++                while (new_size && (new_size < need_alloc))
+                         new_size *= 2;
+ 
++		if(!(new_size))
++			return FALSE;
++
+                 new_buffer = g_try_realloc (context->buffer, new_size);
+                 if (new_buffer) {
+                         context->buffer = new_buffer;
diff --git a/graphics/gdk-pixbuf2/patches/patch-thumbnailer_gnome-thumbnailer-skeleton.c b/graphics/gdk-pixbuf2/patches/patch-thumbnailer_gnome-thumbnailer-skeleton.c
new file mode 100644
index 00000000000..a0997ea2c28
--- /dev/null
+++ b/graphics/gdk-pixbuf2/patches/patch-thumbnailer_gnome-thumbnailer-skeleton.c
@@ -0,0 +1,24 @@
+$NetBSD: patch-thumbnailer_gnome-thumbnailer-skeleton.c,v 1.1 2017/05/14 12:55:16 spz Exp $
+
+from https://bug778204.bugzilla-attachments.gnome.org/attachment.cgi?id=349903
+for CVE-2017-6311
+
+--- thumbnailer/gnome-thumbnailer-skeleton.c.orig	2017-02-13 15:58:32.000000000 +0000
++++ thumbnailer/gnome-thumbnailer-skeleton.c
+@@ -315,11 +315,15 @@ int main (int argc, char **argv)
+ #endif
+ 	g_free (input_filename);
+ 
+-	if (!pixbuf) {
++	if (!pixbuf && error) {
+ 		g_warning ("Could not thumbnail '%s': %s", filenames[0], error->message);
+ 		g_error_free (error);
+ 		g_strfreev (filenames);
+ 		return 1;
++	} else if (!pixbuf) {
++		g_warning ("Could not thumbnail '%s'", filenames[0]);
++		g_strfreev (filenames);
++		return 1;
+ 	}
+ 
+ 	if (gdk_pixbuf_save (pixbuf, output, "png", &error, NULL) == FALSE) {