This is a security update, which fixes a buffer overflow vulnerability.

Changes 10.34:
* Add pamthreshold, pamx, pamtoxvmini.
* pammasksharpen: Add -threshold.
* pnmtopng: make "N colors found" message verbose-only.
* pnmtopng: make "no room in palette" message non-verbose.
* picttoppm: Tolerate various PICT file corruptions.
* picttoppm: Don't issue warning message when file named
  'fontdir' doesn't exist.
* libnetpbm: Add ppmd_fill_path().
* ppmtobmp: Fix for PBM input.
* bmptopnm: Don't crash on BMP with no color map.
* bmptopnm: Fix wrong file name in error messages.
* ppmtogif: fix bug: always produces garbage output.
* ppmtompeg: fix input from Standard Input.
* pnmflip: fix bug: -rotate90, -rotate180, and -rotate270
  (and synonyms) don't work when followed by other rotation options.
* ppmtoilbm: Fig bug: generates more planes than necessary.
* pamtofits: fix buffer overflow in asembling header.
* picttoppm: fix bug - interprets some images wrong because of
  bogus "rowBytes" value.
* Redo asprintfN(), etc. so as not to use va_list in a way
  that doesn't work on some machines.
* cameratopam: remove definition of memmem() so it doesn't collide
  with same in some C libraries.  Add memmemN() and MEMEQ to libnetpbm.
* Fix build of filename.o.

8 files changed, 25 insertions, 97 deletions

diff --git a/graphics/netpbm/Makefile b/graphics/netpbm/Makefile
index 3d10bc03a9b..1199cfe7897 100644
--- a/graphics/netpbm/Makefile
+++ b/graphics/netpbm/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.142 2006/06/18 16:18:11 minskim Exp $
+# $NetBSD: Makefile,v 1.143 2006/06/25 06:35:58 adam Exp $
 
-DISTNAME=	netpbm-10.33
-PKGREVISION=	4
+DISTNAME=	netpbm-10.34
 CATEGORIES=	graphics
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=netpbm/}
 EXTRACT_SUFX=	.tgz
@@ -61,6 +60,7 @@ MAKE_ENV+=	JASPERHDR_DIR=${CPPFLAGS:M*:Q}
 .include "../../graphics/jasper/buildlink3.mk"
 .include "../../graphics/png/buildlink3.mk"
 .include "../../graphics/tiff/buildlink3.mk"
+.include "../../textproc/libxml2/buildlink3.mk"
 
 pre-configure:
 	${CP} ${WRKSRC}/Makefile.config.in ${WRKSRC}/Makefile.config
diff --git a/graphics/netpbm/distinfo b/graphics/netpbm/distinfo
index 80a92803ab9..68225cee903 100644
--- a/graphics/netpbm/distinfo
+++ b/graphics/netpbm/distinfo
@@ -1,16 +1,12 @@
-$NetBSD: distinfo,v 1.58 2006/06/18 16:18:11 minskim Exp $
+$NetBSD: distinfo,v 1.59 2006/06/25 06:35:58 adam Exp $
 
-SHA1 (netpbm-10.33.tgz) = ed1023fc8b5e15db274495b860f2f80df309454e
-RMD160 (netpbm-10.33.tgz) = 7721314f9ef27f22a6bb034ca9e3577cff2984e5
-Size (netpbm-10.33.tgz) = 2456707 bytes
-SHA1 (patch-aa) = 1ae80f9e1b1c9041dfe79870e8827157c0d0874a
-SHA1 (patch-ab) = 894da433f184ead77e09d1d50b97a0096deb8b99
-SHA1 (patch-ac) = 07f109139bf30da22b05d00189cbb7b4a5f8f05a
+SHA1 (netpbm-10.34.tgz) = 530458871f9d3dc763a1bf82f227eeb79098c601
+RMD160 (netpbm-10.34.tgz) = 57a596efa6cacb981135d554a72cbaffc4cfe72c
+Size (netpbm-10.34.tgz) = 2507007 bytes
+SHA1 (patch-aa) = dbb17588aa8f8628ad98af43935adc710f870d0f
+SHA1 (patch-ab) = 7781c51e9a8cc9de953540a04e19303244ef8d57
 SHA1 (patch-ad) = b4a5833e18afd5a991aad897674386a3f00c3ee1
 SHA1 (patch-ae) = 33a5be2843dd85b530f5e6ba496cd0380cd5edd1
 SHA1 (patch-af) = 41c3506dcd267ce15d5b7e5ff9b0c1ee97b54e26
-SHA1 (patch-ag) = 9565c0e777cbbbd4974000695c05044a2433f0c8
 SHA1 (patch-ah) = f2a542983932edebee2110868e631b394f380b26
-SHA1 (patch-ai) = ef03877b12769ccf624454b29539ae8b5fab550f
-SHA1 (patch-aj) = 771b2de6e9b32ad3c5d305411533cec5ac7c74c4
 SHA1 (patch-ca) = b63be9bd38dd182949edf3b892608b72d13c1fa0
diff --git a/graphics/netpbm/patches/patch-aa b/graphics/netpbm/patches/patch-aa
index 285646a255e..0afe376d83b 100644
--- a/graphics/netpbm/patches/patch-aa
+++ b/graphics/netpbm/patches/patch-aa
@@ -1,6 +1,6 @@
-$NetBSD: patch-aa,v 1.37 2006/06/18 16:18:11 minskim Exp $
+$NetBSD: patch-aa,v 1.38 2006/06/25 06:35:58 adam Exp $
 
---- Makefile.config.in.orig	2006-01-02 16:15:17.000000000 -0800
+--- Makefile.config.in.orig	2006-06-18 21:23:40.000000000 +0200
 +++ Makefile.config.in
 @@ -24,7 +24,7 @@ DEFAULT_TARGET = nonmerge
  # and skip it on those systems unless you want to debug it and fix it.
@@ -51,7 +51,7 @@ $NetBSD: patch-aa,v 1.37 2006/06/18 16:18:11 minskim Exp $
  # Solaris:
  # LEX = flex -e
  # Or just skip parts that need Lex:
-@@ -219,7 +221,7 @@ EXE =
+@@ -220,7 +222,7 @@ EXE =
  
  # Here, $(SONAME) resolves to the soname for the shared library being created.
  # The following are gcc options.  This works on GNU libc systems.
@@ -60,7 +60,7 @@ $NetBSD: patch-aa,v 1.37 2006/06/18 16:18:11 minskim Exp $
  # You need -nostart instead of -shared on BeOS.  Though the BeOS compiler is
  # ostensibly gcc, it has the -nostart option, which is not mentioned in gcc
  # documentation and doesn't exist in at least one non-BeOS installation.
-@@ -252,6 +254,19 @@ LDRELOC = NONE
+@@ -253,6 +255,19 @@ LDRELOC = NONE
  #LDRELOC = ld --reloc
  #LDRELOC = ld -r
  
@@ -80,7 +80,7 @@ $NetBSD: patch-aa,v 1.37 2006/06/18 16:18:11 minskim Exp $
  
  # On older systems, you have to make shared libraries out of position
  # independent code, so you need -fpic or fPIC here.  (The rule is: if
-@@ -274,11 +289,23 @@ LDRELOC = NONE
+@@ -275,11 +290,23 @@ LDRELOC = NONE
  CFLAGS_SHLIB = 
  # Solaris or SunOS with gcc, and NetBSD:
  #CFLAGS_SHLIB = -fpic
@@ -105,7 +105,7 @@ $NetBSD: patch-aa,v 1.37 2006/06/18 16:18:11 minskim Exp $
  # SHLIB_CLIB is the link option to include the C library in a shared library,
  # normally "-lc".  On typical systems, this serves no purpose.  On some,
  # though, it causes information about which C library to use to be recorded
-@@ -347,8 +374,8 @@ TIFFHDR_DIR =
+@@ -348,8 +375,8 @@ TIFFHDR_DIR =
  #TIFFLIB = libtiff.so
  #TIFFHDR_DIR = /usr/include/libtiff
  #NetBSD:
@@ -116,7 +116,7 @@ $NetBSD: patch-aa,v 1.37 2006/06/18 16:18:11 minskim Exp $
  # OSF, Tru64:
  #TIFFLIB = /usr/local1/DEC/lib/libtiff.so
  #TIFFHDR_DIR = /usr/local1/DEC/include
-@@ -378,8 +405,8 @@ JPEGHDR_DIR =
+@@ -379,8 +406,8 @@ JPEGHDR_DIR =
  #JPEGLIB = libjpeg.so
  #JPEGHDR_DIR = /usr/include/jpeg
  # Netbsd:
@@ -127,7 +127,7 @@ $NetBSD: patch-aa,v 1.37 2006/06/18 16:18:11 minskim Exp $
  # OSF, Tru64:
  #JPEGLIB = /usr/local1/DEC/libjpeg.so
  #JPEGHDR_DIR = /usr/local1/DEC/include
-@@ -399,12 +426,12 @@ JPEGHDR_DIR =
+@@ -400,12 +427,12 @@ JPEGHDR_DIR =
  # option.
  PNGLIB = NONE
  PNGHDR_DIR =
@@ -143,7 +143,7 @@ $NetBSD: patch-aa,v 1.37 2006/06/18 16:18:11 minskim Exp $
  # OSF/Tru64:
  #PNGLIB = /usr/local1/DEC/lib/libpng$(PNGVER).so
  #PNGHDR_DIR = /usr/local1/DEC/include
-@@ -414,8 +441,8 @@ PNGVER = 
+@@ -415,8 +442,8 @@ PNGVER = 
  # NONE for the PNG library, it doesn't matter what you specify here --
  # it won't get used.
  
@@ -154,7 +154,7 @@ $NetBSD: patch-aa,v 1.37 2006/06/18 16:18:11 minskim Exp $
  #ZLIB = libz.so
  
  # The JBIG lossless image compression library (aka JBIG-KIT):
-@@ -424,8 +451,8 @@ JBIGLIB = $(BUILDDIR)/converter/other/jb
+@@ -425,8 +452,8 @@ JBIGLIB = $(BUILDDIR)/converter/other/jb
  JBIGHDR_DIR = $(SRCDIR)/converter/other/jbig
  
  # The Jasper JPEG-2000 image compression library (aka JasPer):
@@ -165,7 +165,7 @@ $NetBSD: patch-aa,v 1.37 2006/06/18 16:18:11 minskim Exp $
  # JASPERDEPLIBS is the libraries (-l options or file names) on which
  # The Jasper library depends -- i.e. what you have to link into any
  # executable that links in the Jasper library.
-@@ -461,7 +488,7 @@ OMIT_NETWORK =
+@@ -471,7 +498,7 @@ OMIT_NETWORK =
  # built into the standard C library, so this can be null.  This is irrelevant
  # if OMIT_NETWORK is "y".
  
@@ -174,7 +174,7 @@ $NetBSD: patch-aa,v 1.37 2006/06/18 16:18:11 minskim Exp $
  # Solaris, SunOS:
  #NETWORKLD = -lsocket -lnsl
  # SCO:
-@@ -510,7 +537,7 @@ SUFFIXMANUALS5 = 5
+@@ -525,7 +552,7 @@ SUFFIXMANUALS5 = 5
  #Netpbm library functions.  The value is used only in make file tests.
  # "unixshared" means a unix-style shared library, typically named like 
  # libxyz.so.2.3
@@ -183,7 +183,7 @@ $NetBSD: patch-aa,v 1.37 2006/06/18 16:18:11 minskim Exp $
  # "unixstatic" means a unix-style static library, (like libxyz.a)
  #NETPBMLIBTYPE = unixstatic
  # "dll" means a Windows DLL shared library
-@@ -521,7 +548,7 @@ NETPBMLIBTYPE = unixshared
+@@ -536,7 +563,7 @@ NETPBMLIBTYPE = unixshared
  #NETPBMLIBSUFFIX is the suffix used on whatever kind of library is 
  #selected above.  All this is used for is to construct library names.
  #The make files never examine the actual value.
diff --git a/graphics/netpbm/patches/patch-ab b/graphics/netpbm/patches/patch-ab
index edb42533900..9fc0b3adc93 100644
--- a/graphics/netpbm/patches/patch-ab
+++ b/graphics/netpbm/patches/patch-ab
@@ -1,8 +1,8 @@
-$NetBSD: patch-ab,v 1.19 2006/02/27 22:01:16 adam Exp $
+$NetBSD: patch-ab,v 1.20 2006/06/25 06:35:58 adam Exp $
 
---- converter/other/Makefile.orig	2006-02-25 20:15:20.000000000 +0100
+--- converter/other/Makefile.orig	2006-05-28 01:16:09.000000000 +0200
 +++ converter/other/Makefile
-@@ -108,6 +108,13 @@ all:	$(BINARIES) $(SUBDIRS:%=%/all)
+@@ -126,6 +126,13 @@ all:	$(BINARIES) $(SUBDIRS:%=%/all)
  
  include $(SRCDIR)/Makefile.common
  
diff --git a/graphics/netpbm/patches/patch-ac b/graphics/netpbm/patches/patch-ac
deleted file mode 100644
index 46afb83e0e2..00000000000
--- a/graphics/netpbm/patches/patch-ac
+++ /dev/null
@@ -1,18 +0,0 @@
-$NetBSD: patch-ac,v 1.14 2005/01/18 14:16:20 adam Exp $
-
---- converter/ppm/ppmtompeg/param.c.orig	2004-12-03 05:05:39.000000000 +0000
-+++ converter/ppm/ppmtompeg/param.c
-@@ -7,13 +7,6 @@
- 
- /* COPYRIGHT INFORMATION IS AT THE END OF THIS FILE */
- 
--#define _XOPEN_SOURCE 1
--    /* This makes sure popen() is in stdio.h.  In GNU libc 2.1.3, 
--     _POSIX_C_SOURCE = 2 is sufficient, but on AIX 4.3, the higher level
--     _XOPEN_SOURCE is required.  2000.09.09 
--    */
--
--
- /*==============*
-  * HEADER FILES *
-  *==============*/
diff --git a/graphics/netpbm/patches/patch-ag b/graphics/netpbm/patches/patch-ag
deleted file mode 100644
index 3df0b2fad69..00000000000
--- a/graphics/netpbm/patches/patch-ag
+++ /dev/null
@@ -1,19 +0,0 @@
-$NetBSD: patch-ag,v 1.16 2006/05/14 16:39:05 wiz Exp $
-
---- converter/ppm/picttoppm.c.orig	2005-12-22 08:51:46.000000000 +0000
-+++ converter/ppm/picttoppm.c
-@@ -1715,12 +1715,12 @@ unpackbits(struct Rect* const bounds, 
-         rowBytes = rowBytesArg & 0x7fff;
-     else
-         rowBytes = rowBytesArg;
--    if (rowBytes == 0)
--        rowBytes = pixwidth;
- 
-     stage = "unpacking packbits";
- 
-     pixwidth = bounds->right - bounds->left;
-+    if (rowBytes == 0)
-+        rowBytes = pixwidth;
- 
-     pkpixsize = 1;
-     if (pixelSize == 16) {
diff --git a/graphics/netpbm/patches/patch-ai b/graphics/netpbm/patches/patch-ai
deleted file mode 100644
index c153af95c85..00000000000
--- a/graphics/netpbm/patches/patch-ai
+++ /dev/null
@@ -1,18 +0,0 @@
-$NetBSD: patch-ai,v 1.9 2006/05/14 16:39:05 wiz Exp $
-
---- converter/ppm/ppmtogif.c.orig	2006-02-15 19:46:41.000000000 +0000
-+++ converter/ppm/ppmtogif.c
-@@ -705,11 +705,9 @@ output(code_int const code) {
-        if we want to use the compressor more than once per invocation
-        (e.g. we want to create a multi-image gif).
-     */
--    static unsigned long curAccum;
--    static int curBits;
-+    static unsigned long curAccum = 0;
-+    static int curBits = 0;
- 
--    curBits = 0;  /* initial value */
--    curAccum = 0;  /* initial value */
-     curAccum &= masks[curBits];
- 
-     if (curBits > 0)
diff --git a/graphics/netpbm/patches/patch-aj b/graphics/netpbm/patches/patch-aj
deleted file mode 100644
index a24f270554f..00000000000
--- a/graphics/netpbm/patches/patch-aj
+++ /dev/null
@@ -1,13 +0,0 @@
-$NetBSD: patch-aj,v 1.9 2006/05/14 16:39:05 wiz Exp $
-
---- lib/Makefile.orig	2006-03-18 20:17:20.000000000 +0000
-+++ lib/Makefile
-@@ -184,7 +184,7 @@ standardppmdfont.c:standard.ppmdfont
- compile.h:
- 	$(SRCDIR)/buildtools/stamp-date >$@ || rm $@
- 
--util/shhopt.o util/nstring.o: FORCE
-+util/shhopt.o util/nstring.o util/filename.o: FORCE
- 	@if [ ! -d $(dir $@) ] ; then mkdir $(dir $@) ; fi
- 	$(MAKE) -C $(dir $@) -f $(SRCDIR)/$(SUBDIR)/$(dir $@)Makefile \
- 		SRCDIR=$(SRCDIR) BUILDDIR=$(BUILDDIR) $(notdir $@)