Pullup ticket 893 - requested by Adrian Portelli

security fix for libungif Revisions pulled up: - pkgsrc/graphics/libungif/Makefile 1.35 - pkgsrc/graphics/libungif/distinfo 1.10 - pkgsrc/graphics/libungif/patches/patch-ac 1.6 - pkgsrc/graphics/libungif/patches/patch-ad 1.1 - pkgsrc/graphics/libungif/patches/patch-ae 1.1 Module Name: pkgsrc Committed By: adrianp Date: Sat Nov 5 13:32:36 UTC 2005 Modified Files: pkgsrc/graphics/libungif: Makefile distinfo Added Files: pkgsrc/graphics/libungif/patches: patch-ac patch-ad patch-ae Log Message: Add patches for http://secunia.com/advisories/17436/ via. RedHat
author: salo <salo@pkgsrc.org> 2005-11-05 14:03:41 +0000
committer: salo <salo@pkgsrc.org> 2005-11-05 14:03:41 +0000
commit: b8c8071ab4064562b8e7a1889a9773267ec709f7 (patch)
tree: c52fdee5b71279b255e85f44f39e438c191b9633 /graphics
parent: 54f2f3296431ecab62ad14737b72ca2aa66aea44 (diff)
download: pkgsrc-b8c8071ab4064562b8e7a1889a9773267ec709f7.tar.gz
5 files changed, 107 insertions, 4 deletions
diff --git a/graphics/libungif/Makefile b/graphics/libungif/Makefile
index edb0d28dc6e..a6d7ce7b1e7 100644
--- a/graphics/libungif/Makefile
+++ b/graphics/libungif/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.34 2005/04/11 21:46:06 tv Exp $
+# $NetBSD: Makefile,v 1.34.4.1 2005/11/05 14:03:41 salo Exp $
 
 DISTNAME=	libungif-4.1.3
-PKGREVISION=	2
+PKGREVISION=	3
 CATEGORIES=	graphics
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=libungif/}
 EXTRACT_SUFX=	.tar.bz2
@@ -27,7 +27,7 @@ HTMLDIR=		${PREFIX}/share/doc/html/libungif
 REPLACE_PERL=		util/gifburst
 
 post-patch:
-	${RM} ${WRKSRC}/doc/gif2x11.html
+	@${RM} ${WRKSRC}/doc/gif2x11.html
 
 post-install:
 	cd ${PREFIX}/lib && 						\
diff --git a/graphics/libungif/distinfo b/graphics/libungif/distinfo
index daa2eddb399..664c438ee9e 100644
--- a/graphics/libungif/distinfo
+++ b/graphics/libungif/distinfo
@@ -1,7 +1,10 @@
-$NetBSD: distinfo,v 1.9 2005/03/20 11:07:33 schwarz Exp $
+$NetBSD: distinfo,v 1.9.6.1 2005/11/05 14:03:41 salo Exp $
 
 SHA1 (libungif-4.1.3.tar.bz2) = 04aab31b3e9e719a80320667bc23b3ee35505a34
 RMD160 (libungif-4.1.3.tar.bz2) = 287abf7560f5394e62c475f0d722938842ba6786
 Size (libungif-4.1.3.tar.bz2) = 439960 bytes
 SHA1 (patch-aa) = eb2d1f1d21e19adc8bc33dcbd24be5c20560f4fd
 SHA1 (patch-ab) = a93e2fe0a93aacda4566e723e681fd316fe2cb2a
+SHA1 (patch-ac) = 58985225879ea2d60a1eb9e8a17595f8a0ed95a5
+SHA1 (patch-ad) = dc5e0123b950674abe46be6508f3f8bb1a69641d
+SHA1 (patch-ae) = 43b271ae9ec6eddd8341526e6b8636c503cd209c
diff --git a/graphics/libungif/patches/patch-ac b/graphics/libungif/patches/patch-ac
new file mode 100644
index 00000000000..2cb61774da5
--- /dev/null
+++ b/graphics/libungif/patches/patch-ac
@@ -0,0 +1,16 @@
+$NetBSD: patch-ac,v 1.5.10.1 2005/11/05 14:03:41 salo Exp $
+
+--- lib/gifalloc.c.orig	2004-05-29 19:59:59.000000000 +0100
++++ lib/gifalloc.c
+@@ -420,8 +420,10 @@ FreeSavedImages(GifFileType * GifFile) {
+     }
+     for (sp = GifFile->SavedImages;
+          sp < GifFile->SavedImages + GifFile->ImageCount; sp++) {
+-        if (sp->ImageDesc.ColorMap)
++      if (sp->ImageDesc.ColorMap) {
+             FreeMapObject(sp->ImageDesc.ColorMap);
++	    sp->ImageDesc.ColorMap = NULL;
++      }
+ 
+         if (sp->RasterBits)
+             free((char *)sp->RasterBits);
diff --git a/graphics/libungif/patches/patch-ad b/graphics/libungif/patches/patch-ad
new file mode 100644
index 00000000000..4d8f03c424b
--- /dev/null
+++ b/graphics/libungif/patches/patch-ad
@@ -0,0 +1,63 @@
+$NetBSD: patch-ad,v 1.1.2.2 2005/11/05 14:03:41 salo Exp $
+
+--- lib/dgif_lib.c.orig	2004-05-29 19:59:59.000000000 +0100
++++ lib/dgif_lib.c
+@@ -263,6 +263,7 @@ DGifGetScreenDesc(GifFileType * GifFile)
+         for (i = 0; i < GifFile->SColorMap->ColorCount; i++) {
+             if (READ(GifFile, Buf, 3) != 3) {
+                 FreeMapObject(GifFile->SColorMap);
++		GifFile->SColorMap = NULL;
+                 _GifError = D_GIF_ERR_READ_FAILED;
+                 return GIF_ERROR;
+             }
+@@ -363,6 +364,7 @@ DGifGetImageDesc(GifFileType * GifFile) 
+         for (i = 0; i < GifFile->Image.ColorMap->ColorCount; i++) {
+             if (READ(GifFile, Buf, 3) != 3) {
+                 FreeMapObject(GifFile->Image.ColorMap);
++		GifFile->Image.ColorMap = NULL;
+                 _GifError = D_GIF_ERR_READ_FAILED;
+                 return GIF_ERROR;
+             }
+@@ -923,6 +925,12 @@ DGifDecompressInput(GifFileType * GifFil
+         0x0fff
+     };
+ 
++    /* The image can't contain more than LZ_BITS per code. */
++    if (Private->RunningBits > LZ_BITS) {
++        _GifError = D_GIF_ERR_IMAGE_DEFECT;
++        return GIF_ERROR;
++    }    
++
+     while (Private->CrntShiftState < Private->RunningBits) {
+         /* Needs to get more bytes from input stream for next code: */
+         if (DGifBufferedInput(GifFile, Private->Buf, &NextByte) == GIF_ERROR) {
+@@ -938,8 +946,12 @@ DGifDecompressInput(GifFileType * GifFil
+     Private->CrntShiftState -= Private->RunningBits;
+ 
+     /* If code cannot fit into RunningBits bits, must raise its size. Note
+-     * however that codes above 4095 are used for special signaling.  */
+-    if (++Private->RunningCode > Private->MaxCode1 &&
++     * however that codes above 4095 are used for special signaling.
++     * If we're using LZ_BITS bits already and we're at the max code, just
++     * keep using the table as it is, don't increment Private->RunningCode.
++     */
++    if (Private->RunningCode < LZ_MAX_CODE + 2 &&
++	++Private->RunningCode > Private->MaxCode1 &&
+         Private->RunningBits < LZ_BITS) {
+         Private->MaxCode1 <<= 1;
+         Private->RunningBits++;
+@@ -964,6 +976,14 @@ DGifBufferedInput(GifFileType * GifFile,
+             _GifError = D_GIF_ERR_READ_FAILED;
+             return GIF_ERROR;
+         }
++        /* There shouldn't be any empty data blocks here as the LZW spec
++         * says the LZW termination code should come first.  Therefore we
++         * shouldn't be inside this routine at that point.
++         */
++        if (Buf[0] == 0) {
++            _GifError = D_GIF_ERR_IMAGE_DEFECT;
++            return GIF_ERROR;
++        }
+         if (READ(GifFile, &Buf[1], Buf[0]) != Buf[0]) {
+             _GifError = D_GIF_ERR_READ_FAILED;
+             return GIF_ERROR;
diff --git a/graphics/libungif/patches/patch-ae b/graphics/libungif/patches/patch-ae
new file mode 100644
index 00000000000..cb572461f14
--- /dev/null
+++ b/graphics/libungif/patches/patch-ae
@@ -0,0 +1,21 @@
+$NetBSD: patch-ae,v 1.1.2.2 2005/11/05 14:03:41 salo Exp $
+
+--- lib/egif_lib.c.orig	2004-05-29 22:53:36.000000000 +0100
++++ lib/egif_lib.c
+@@ -712,10 +712,14 @@ EGifCloseFile(GifFileType * GifFile) {
+     Buf = ';';
+     WRITE(GifFile, &Buf, 1);
+ 
+-    if (GifFile->Image.ColorMap)
++    if (GifFile->Image.ColorMap) {
+         FreeMapObject(GifFile->Image.ColorMap);
+-    if (GifFile->SColorMap)
++	GifFile->Image.ColorMap = NULL;
++    }
++    if (GifFile->SColorMap) {
+         FreeMapObject(GifFile->SColorMap);
++	GifFile->SColorMap = NULL;
++    }
+     if (Private) {
+         free((char *)Private);
+     }
author	salo <salo@pkgsrc.org>	2005-11-05 14:03:41 +0000
committer	salo <salo@pkgsrc.org>	2005-11-05 14:03:41 +0000
commit	b8c8071ab4064562b8e7a1889a9773267ec709f7 (patch)
tree	c52fdee5b71279b255e85f44f39e438c191b9633 /graphics
parent	54f2f3296431ecab62ad14737b72ca2aa66aea44 (diff)
download	pkgsrc-b8c8071ab4064562b8e7a1889a9773267ec709f7.tar.gz