From 86c878954dbca78cb28c4f555de9b51b2341b10e Mon Sep 17 00:00:00 2001
From: adrianp <adrianp>
Date: Sat, 23 Sep 2006 14:59:34 +0000
Subject: Fix for CVE-2006-1060 via Gentoo Bump to nb3

---
 graphics/xzgv/Makefile         |  4 +--
 graphics/xzgv/distinfo         |  9 ++---
 graphics/xzgv/patches/patch-ac | 82 ++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 89 insertions(+), 6 deletions(-)
 create mode 100644 graphics/xzgv/patches/patch-ac

(limited to 'graphics/xzgv')

diff --git a/graphics/xzgv/Makefile b/graphics/xzgv/Makefile
index 0c60c0f89f6..ac2796b98f7 100644
--- a/graphics/xzgv/Makefile
+++ b/graphics/xzgv/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.34 2006/04/17 13:46:37 wiz Exp $
+# $NetBSD: Makefile,v 1.35 2006/09/23 14:59:34 adrianp Exp $
 
 DISTNAME=	xzgv-0.8
 PKGNAME=	xzgv-0.8.0.1
-PKGREVISION=	2
+PKGREVISION=	3
 CATEGORIES=	graphics
 MASTER_SITES=	ftp://ftp.ibiblio.org/pub/Linux/apps/graphics/viewers/X/
 
diff --git a/graphics/xzgv/distinfo b/graphics/xzgv/distinfo
index e35b000d6cf..fcd495366de 100644
--- a/graphics/xzgv/distinfo
+++ b/graphics/xzgv/distinfo
@@ -1,10 +1,11 @@
-$NetBSD: distinfo,v 1.8 2005/02/24 08:45:15 agc Exp $
+$NetBSD: distinfo,v 1.9 2006/09/23 14:59:34 adrianp Exp $
 
-SHA1 (xzgv-0.8.tar.gz) = 1aa21336e2562849e6f5f984cbbfcb745489df3b
-RMD160 (xzgv-0.8.tar.gz) = e36466a73c27616610fd032b3a92898d95a55a17
-Size (xzgv-0.8.tar.gz) = 302801 bytes
 SHA1 (xzgv-0.8-integer-overflow-fix.diff) = b18dfdaafe295e2c42764f59784b6b6201b489ea
 RMD160 (xzgv-0.8-integer-overflow-fix.diff) = bd75c87cf6f20e4fa2757afe472111e2253cb640
 Size (xzgv-0.8-integer-overflow-fix.diff) = 6374 bytes
+SHA1 (xzgv-0.8.tar.gz) = 1aa21336e2562849e6f5f984cbbfcb745489df3b
+RMD160 (xzgv-0.8.tar.gz) = e36466a73c27616610fd032b3a92898d95a55a17
+Size (xzgv-0.8.tar.gz) = 302801 bytes
 SHA1 (patch-aa) = 7a0d6e6b24d788fb9cf45967e4c3b434c621def3
 SHA1 (patch-ab) = cf4c746e3c4b9ac3a5968211a8f2c0b69d43bc99
+SHA1 (patch-ac) = 3a67b625b6eabd0c6e2399fb0a59fde4460d3893
diff --git a/graphics/xzgv/patches/patch-ac b/graphics/xzgv/patches/patch-ac
new file mode 100644
index 00000000000..c7e23180c08
--- /dev/null
+++ b/graphics/xzgv/patches/patch-ac
@@ -0,0 +1,82 @@
+$NetBSD: patch-ac,v 1.3 2006/09/23 14:59:34 adrianp Exp $
+
+--- src/readjpeg.c.orig	2006-09-23 15:52:41.000000000 +0100
++++ src/readjpeg.c
+@@ -179,11 +179,13 @@ static unsigned char **lineptrs;
+ static int have_image;
+ static int width,height;
+ static unsigned char *image;
++static int cmyk;
+ unsigned char *ptr,*ptr2;
+ int chkw,chkh;
+ int f,rec;
+ static int greyscale;	/* static to satisfy gcc -Wall */
+ 
++cmyk=0;
+ greyscale=0;
+ 
+ lineptrs=NULL;
+@@ -225,6 +227,15 @@ if(cinfo.jpeg_color_space==JCS_GRAYSCALE
+   greyscale=1;
+   }
+ 
++if(cinfo.jpeg_color_space==JCS_CMYK)
++  cmyk=1;
++
++if(cinfo.jpeg_color_space==JCS_YCCK)
++  {
++  cmyk=1;
++  cinfo.out_color_space=JCS_CMYK;
++  }
++
+ *wp=width=cinfo.image_width;
+ *hp=height=cinfo.image_height;
+ 
+@@ -266,7 +277,7 @@ if(!careful_jpeg)
+ /* this one shouldn't hurt */
+ cinfo.do_block_smoothing=FALSE;
+ 
+-if(WH_BAD(width,height) || (*imagep=image=malloc(width*height*3))==NULL)
++if(WH_BAD(width,height) || (*imagep=image=malloc(width*(height+cmyk)*3))==NULL)
+   longjmp(jerr.setjmp_buffer,1);
+ 
+ jpeg_start_decompress(&cinfo);
+@@ -279,12 +290,33 @@ ptr=image+width*2*greyscale;	/* put data
+ for(f=0;f<height;f++,ptr+=width*3)
+   lineptrs[f]=ptr;
+ 
+-rec=cinfo.rec_outbuf_height;
+-while(cinfo.output_scanline<height)
++if(!cmyk)
+   {
+-  f=height-cinfo.output_scanline;
+-  jpeg_read_scanlines(&cinfo,lineptrs+cinfo.output_scanline,
+-                      f>rec?rec:f);
++  rec=cinfo.rec_outbuf_height;
++  while(cinfo.output_scanline<height)
++    {
++    f=height-cinfo.output_scanline;
++    jpeg_read_scanlines(&cinfo,lineptrs+cinfo.output_scanline,
++                        f>rec?rec:f);
++    }
++  }
++else	/* cmyk output */
++  {
++  int tmp;
++
++  ptr=image;
++  while(cinfo.output_scanline<height)
++    {
++    jpeg_read_scanlines(&cinfo,&ptr,1);
++    ptr2=ptr;
++    for(f=0;f<width;f++,ptr+=3,ptr2+=4)
++      {
++      tmp=ptr2[3];
++      ptr[0]=(tmp*ptr2[0])/255;
++      ptr[1]=(tmp*ptr2[1])/255;
++      ptr[2]=(tmp*ptr2[2])/255;
++      }
++    }
+   }
+ 
+ free(lineptrs);
-- 
cgit v1.2.3