From 80fd9f3d62ab4265d15fd8ab8b0b692da20980b4 Mon Sep 17 00:00:00 2001
From: drochner <drochner@pkgsrc.org>
Date: Fri, 8 Feb 2008 12:33:31 +0000
Subject: add a patch from upstream CVS to fix buffer overflow (CVE-2008-0544),
 bump PKGREVISION

---
 graphics/SDL_image/Makefile         |  3 ++-
 graphics/SDL_image/distinfo         |  3 ++-
 graphics/SDL_image/patches/patch-aa | 30 ++++++++++++++++++++++++++++++
 3 files changed, 34 insertions(+), 2 deletions(-)
 create mode 100644 graphics/SDL_image/patches/patch-aa

(limited to 'graphics')

diff --git a/graphics/SDL_image/Makefile b/graphics/SDL_image/Makefile
index aeb9f707364..b075e7285d2 100644
--- a/graphics/SDL_image/Makefile
+++ b/graphics/SDL_image/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.28 2007/07/25 23:53:58 wiz Exp $
+# $NetBSD: Makefile,v 1.29 2008/02/08 12:33:31 drochner Exp $
 
 DISTNAME=	SDL_image-1.2.6
+PKGREVISION=	1
 CATEGORIES=	graphics devel
 MASTER_SITES=	http://www.libsdl.org/projects/SDL_image/release/
 
diff --git a/graphics/SDL_image/distinfo b/graphics/SDL_image/distinfo
index 11e1830eb49..d55f2adc284 100644
--- a/graphics/SDL_image/distinfo
+++ b/graphics/SDL_image/distinfo
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.6 2007/07/25 23:53:58 wiz Exp $
+$NetBSD: distinfo,v 1.7 2008/02/08 12:33:31 drochner Exp $
 
 SHA1 (SDL_image-1.2.6.tar.gz) = 5045df31e4db29d8890110fd18024c9d08efca30
 RMD160 (SDL_image-1.2.6.tar.gz) = 8aea5f07216eb887f599c0908f8ea2c2f9eeac93
 Size (SDL_image-1.2.6.tar.gz) = 1308812 bytes
+SHA1 (patch-aa) = eb852fd3c7218fe257ca40a6e90c81ec13dcaeb1
diff --git a/graphics/SDL_image/patches/patch-aa b/graphics/SDL_image/patches/patch-aa
new file mode 100644
index 00000000000..aad2dcc3650
--- /dev/null
+++ b/graphics/SDL_image/patches/patch-aa
@@ -0,0 +1,30 @@
+$NetBSD: patch-aa,v 1.1 2008/02/08 12:33:31 drochner Exp $
+
+--- IMG_lbm.c.orig	2007-07-20 06:36:32.000000000 +0200
++++ IMG_lbm.c
+@@ -28,6 +28,7 @@
+    EHB and HAM (specific Amiga graphic chip modes) support added by Marc Le Douarain
+    (http://www.multimania.com/mavati) in December 2003.
+    Stencil and colorkey fixes by David Raulo (david.raulo AT free DOT fr) in February 2004.
++   Buffer overflow fix in RLE decompression by David Raulo in January 2008.
+ */
+ 
+ #include <stdio.h>
+@@ -328,7 +329,7 @@ SDL_Surface *IMG_LoadLBM_RW( SDL_RWops *
+ 						count ^= 0xFF;
+ 						count += 2; /* now it */
+ 
+-						if ( !SDL_RWread( src, &color, 1, 1 ) )
++						if ( ( count > remainingbytes ) || !SDL_RWread( src, &color, 1, 1 ) )
+ 						{
+ 						   error="error reading BODY chunk";
+ 							goto done;
+@@ -339,7 +340,7 @@ SDL_Surface *IMG_LoadLBM_RW( SDL_RWops *
+ 					{
+ 						++count;
+ 
+-						if ( !SDL_RWread( src, ptr, count, 1 ) )
++						if ( ( count > remainingbytes ) || !SDL_RWread( src, ptr, count, 1 ) )
+ 						{
+ 						   error="error reading BODY chunk";
+ 							goto done;
-- 
cgit v1.2.3