Pullup ticket 415 - requested by Lubomir Sedlacik

security fix for gdk-pixbuf

Revisions pulled up:
- pkgsrc/graphics/gdk-pixbuf/Makefile		1.31
- pkgsrc/graphics/gdk-pixbuf/buildlink3.mk	1.7
- pkgsrc/graphics/gdk-pixbuf/distinfo		1.16
- pkgsrc/graphics/gdk-pixbuf/patches/patch-ak	1.1


    Module Name:    pkgsrc
    Committed By:   salo
    Date:           Fri Apr  1 11:37:23 UTC 2005

    Modified Files:
            pkgsrc/graphics/gdk-pixbuf: Makefile buildlink3.mk distinfo
    Added Files:
            pkgsrc/graphics/gdk-pixbuf/patches: patch-ak

    Log Message:
    Security fix for CAN-2005-0891:

    "David Costanzo has reported a vulnerability in GdkPixbuf, which can be
     exploited by malicious people to crash certain applications on a user's
     system.

     The vulnerability is caused due to a double free error in the BMP loader.
     This can be exploited to crash an application linked against GdkPixbuf
     when a specially crafted BMP image is processed."

    Bump PKGREVISION.  Patch from Fedora.

4 files changed, 26 insertions, 5 deletions

diff --git a/graphics/gdk-pixbuf/Makefile b/graphics/gdk-pixbuf/Makefile
index 307d57ab052..86970452a1b 100644
--- a/graphics/gdk-pixbuf/Makefile
+++ b/graphics/gdk-pixbuf/Makefile
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.30 2004/12/28 23:18:21 reed Exp $
+# $NetBSD: Makefile,v 1.30.2.1 2005/04/03 03:32:58 snj Exp $
 #
 
 .include "Makefile.common"
 
 PKGNAME=	${DISTNAME}
-PKGREVISION=	4
+PKGREVISION=	5
 COMMENT=	The GNOME image loading library
 
 # XXX hopefully there is no x.gnome-config.x in PATH
diff --git a/graphics/gdk-pixbuf/buildlink3.mk b/graphics/gdk-pixbuf/buildlink3.mk
index 36c1fb92d16..05e2b994f73 100644
--- a/graphics/gdk-pixbuf/buildlink3.mk
+++ b/graphics/gdk-pixbuf/buildlink3.mk
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.6 2004/12/28 23:18:21 reed Exp $
+# $NetBSD: buildlink3.mk,v 1.6.2.1 2005/04/03 03:32:58 snj Exp $
 
 BUILDLINK_DEPTH:=		${BUILDLINK_DEPTH}+
 GDK_PIXBUF_BUILDLINK3_MK:=	${GDK_PIXBUF_BUILDLINK3_MK}+
@@ -12,7 +12,7 @@ BUILDLINK_PACKAGES+=	gdk-pixbuf
 
 .if !empty(GDK_PIXBUF_BUILDLINK3_MK:M+)
 BUILDLINK_DEPENDS.gdk-pixbuf+=		gdk-pixbuf>=0.22.0nb2
-BUILDLINK_RECOMMENDED.gdk-pixbuf+=	gdk-pixbuf>=0.22.0nb4
+BUILDLINK_RECOMMENDED.gdk-pixbuf+=	gdk-pixbuf>=0.22.0nb5
 BUILDLINK_PKGSRCDIR.gdk-pixbuf?=	../../graphics/gdk-pixbuf
 BUILDLINK_CPPFLAGS.gdk-pixbuf+= \
 	-I${BUILDLINK_PREFIX.gdk-pixbuf}/include/gdk-pixbuf-1.0
diff --git a/graphics/gdk-pixbuf/distinfo b/graphics/gdk-pixbuf/distinfo
index 98837d56ee9..d30d9f8c693 100644
--- a/graphics/gdk-pixbuf/distinfo
+++ b/graphics/gdk-pixbuf/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.15 2005/02/24 08:45:05 agc Exp $
+$NetBSD: distinfo,v 1.15.2.1 2005/04/03 03:32:58 snj Exp $
 
 SHA1 (gdk-pixbuf-0.22.0.tar.bz2) = 495324afb5abebc14567ffd5a6cd72333bcc7f5b
 RMD160 (gdk-pixbuf-0.22.0.tar.bz2) = 0e56a0f883fd8e3fb4d49b9a38f984b95cd96ece
@@ -13,3 +13,4 @@ SHA1 (patch-ag) = f798fefe61f7c22ee8480e39bf19d57c72b33282
 SHA1 (patch-ah) = 37df772bd4c818eb2dd567169598436467ea4f1c
 SHA1 (patch-ai) = df681c98b2e265548504eeecbd5a2962b4d3359d
 SHA1 (patch-aj) = 107cbe0e9756818ae2529cc4791d7cd06d476a7c
+SHA1 (patch-ak) = 123b32f70b0feb91bb3e0c2ca8e705ff2ae381bf
diff --git a/graphics/gdk-pixbuf/patches/patch-ak b/graphics/gdk-pixbuf/patches/patch-ak
new file mode 100644
index 00000000000..3407f2e8112
--- /dev/null
+++ b/graphics/gdk-pixbuf/patches/patch-ak
@@ -0,0 +1,20 @@
+$NetBSD: patch-ak,v 1.1.2.2 2005/04/03 03:32:58 snj Exp $
+
+--- gdk-pixbuf/io-bmp.c.orig	2002-09-27 23:12:40.000000000 +0200
++++ gdk-pixbuf/io-bmp.c	2005-04-01 13:05:14.000000000 +0200
+@@ -245,7 +245,14 @@
+ static gboolean
+ grow_buffer (struct bmp_progressive_state *State)
+ {
+-  guchar *tmp = realloc (State->buff, State->BufferSize);
++  guchar *tmp; 
++
++  if (State->BufferSize == 0) {
++    State->read_state = READ_STATE_ERROR;
++    return FALSE;
++  }
++
++  tmp = realloc (State->buff, State->BufferSize);
+   if (!tmp) {
+     State->read_state = READ_STATE_ERROR;
+     return FALSE;