From mail@sysfault.org  Mon Nov 24 11:45:04 2008
Return-Path: <mail@sysfault.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B6E5B1065679
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 24 Nov 2008 11:45:04 +0000 (UTC)
	(envelope-from mail@sysfault.org)
Received: from smtprelay05.ispgateway.de (smtprelay05.ispgateway.de [80.67.18.43])
	by mx1.freebsd.org (Postfix) with ESMTP id 4C3DD8FC24
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 24 Nov 2008 11:45:04 +0000 (UTC)
	(envelope-from mail@sysfault.org)
Received: from [89.182.18.98] (helo=medusa.sysfault.org)
	by smtprelay05.ispgateway.de with esmtpsa (TLSv1:AES256-SHA:256)
	(Exim 4.68)
	(envelope-from <mail@sysfault.org>)
	id 1L4ZsE-0006W5-KT
	for FreeBSD-gnats-submit@freebsd.org; Mon, 24 Nov 2008 12:45:02 +0100
Received: from localhost ([127.0.0.1] helo=medusa.sysfault.org)
	by medusa.sysfault.org with esmtp (Exim 4.69 (FreeBSD))
	(envelope-from <mail@sysfault.org>)
	id 1L4ZuQ-000A5t-5V
	for FreeBSD-gnats-submit@freebsd.org; Mon, 24 Nov 2008 12:47:18 +0100
Received: (from marcus@localhost)
	by medusa.sysfault.org (8.14.3/8.14.3/Submit) id mAOBlHt1038804;
	Mon, 24 Nov 2008 12:47:17 +0100 (CET)
	(envelope-from marcus)
Message-Id: <200811241147.mAOBlHt1038804@medusa.sysfault.org>
Date: Mon, 24 Nov 2008 12:47:17 +0100 (CET)
From: Marcus von Appen <mva@sysfault.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [Maintainer-update] graphics/sdl_image: update to 1.2.7
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         129128
>Category:       ports
>Synopsis:       [Maintainer-update] graphics/sdl_image: update to 1.2.7
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Mon Nov 24 11:50:03 UTC 2008
>Closed-Date:    Wed Dec 03 22:46:34 UTC 2008
>Last-Modified:  Wed Dec  3 22:50:05 UTC 2008
>Originator:     Marcus von Appen
>Release:        FreeBSD 7.1-PRERELEASE i386
>Organization:
>Environment:
System: FreeBSD medusa.sysfault.org 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #3: Sat Nov 22 19:19:14 CET 2008
>Description:
- Update to 1.2.7
- This fixes a buffer overflow in the BMP loading code
  (earlier fixes (LBM, GIF were already incorporated in the 1.2.6 patches)


Removed file(s):
- files/patch-IMG_gif.c
- files/patch-IMG_lbm.c

Generated with FreeBSD Port Tools 0.77
>How-To-Repeat:
>Fix:

--- sdl_image-1.2.7.patch begins here ---
diff -ruN --exclude=CVS /usr/ports/graphics/sdl_image/Makefile /usr/ports/graphics/sdl_image.new/Makefile
--- /usr/ports/graphics/sdl_image/Makefile	2008-08-21 08:17:23.000000000 +0200
+++ /usr/ports/graphics/sdl_image.new/Makefile	2008-11-24 12:44:53.000000000 +0100
@@ -6,8 +6,7 @@
 #
 
 PORTNAME=	sdl_image
-PORTVERSION=	1.2.6
-PORTREVISION=	1
+PORTVERSION=	1.2.7
 CATEGORIES=	graphics
 MASTER_SITES=	http://www.libsdl.org/projects/SDL_image/release/
 DISTNAME=	SDL_image-${PORTVERSION}
diff -ruN --exclude=CVS /usr/ports/graphics/sdl_image/distinfo /usr/ports/graphics/sdl_image.new/distinfo
--- /usr/ports/graphics/sdl_image/distinfo	2008-03-13 15:05:28.000000000 +0100
+++ /usr/ports/graphics/sdl_image.new/distinfo	2008-11-24 12:41:51.000000000 +0100
@@ -1,3 +1,3 @@
-MD5 (SDL_image-1.2.6.tar.gz) = b866dc4f647517bdaf57f6ffdefd013e
-SHA256 (SDL_image-1.2.6.tar.gz) = 88fcb1dbf934af33163667a6677312065c7d0a7f01cd764e3374c4c19b386ec4
-SIZE (SDL_image-1.2.6.tar.gz) = 1308812
+MD5 (SDL_image-1.2.7.tar.gz) = a729ff61f74f0a45ec7fe36354cf938e
+SHA256 (SDL_image-1.2.7.tar.gz) = 14e4d9932ae2af03d814cca9e56ab9ba0091ffe06c9387dde74dfb03a4dde3b3
+SIZE (SDL_image-1.2.7.tar.gz) = 1315517
diff -ruN --exclude=CVS /usr/ports/graphics/sdl_image/files/patch-IMG_gif.c /usr/ports/graphics/sdl_image.new/files/patch-IMG_gif.c
--- /usr/ports/graphics/sdl_image/files/patch-IMG_gif.c	2008-05-02 22:06:59.000000000 +0200
+++ /usr/ports/graphics/sdl_image.new/files/patch-IMG_gif.c	1970-01-01 01:00:00.000000000 +0100
@@ -1,13 +0,0 @@
---- IMG_gif.c	2007/02/13 10:09:17	2970
-+++ IMG_gif.c	2007/12/28 16:43:56	3462
-@@ -418,6 +418,10 @@
-     static int stack[(1 << (MAX_LWZ_BITS)) * 2], *sp;
-     register int i;
- 
-+    /* Fixed buffer overflow found by Michael Skladnikiewicz */
-+    if (input_code_size > MAX_LWZ_BITS)
-+        return -1;
-+
-     if (flag) {
- 	set_code_size = input_code_size;
- 	code_size = set_code_size + 1;
diff -ruN --exclude=CVS /usr/ports/graphics/sdl_image/files/patch-IMG_lbm.c /usr/ports/graphics/sdl_image.new/files/patch-IMG_lbm.c
--- /usr/ports/graphics/sdl_image/files/patch-IMG_lbm.c	2008-05-02 22:06:59.000000000 +0200
+++ /usr/ports/graphics/sdl_image.new/files/patch-IMG_lbm.c	1970-01-01 01:00:00.000000000 +0100
@@ -1,28 +0,0 @@
---- IMG_lbm.c	2007/07/20 04:37:11	3341
-+++ IMG_lbm.c	2008/01/03 20:05:34	3521
-@@ -28,6 +28,7 @@
-    EHB and HAM (specific Amiga graphic chip modes) support added by Marc Le Douarain
-    (http://www.multimania.com/mavati) in December 2003.
-    Stencil and colorkey fixes by David Raulo (david.raulo AT free DOT fr) in February 2004.
-+   Buffer overflow fix in RLE decompression by David Raulo in January 2008.
- */
- 
- #include <stdio.h>
-@@ -328,7 +329,7 @@
- 						count ^= 0xFF;
- 						count += 2; /* now it */
- 
--						if ( !SDL_RWread( src, &color, 1, 1 ) )
-+						if ( ( count > remainingbytes ) || !SDL_RWread( src, &color, 1, 1 ) )
- 						{
- 						   error="error reading BODY chunk";
- 							goto done;
-@@ -339,7 +340,7 @@
- 					{
- 						++count;
- 
--						if ( !SDL_RWread( src, ptr, count, 1 ) )
-+						if ( ( count > remainingbytes ) || !SDL_RWread( src, ptr, count, 1 ) )
- 						{
- 						   error="error reading BODY chunk";
- 							goto done;
--- sdl_image-1.2.7.patch ends here ---

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: pav 
State-Changed-When: Wed Dec 3 22:43:41 UTC 2008 
State-Changed-Why:  
Committed, thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=129128 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/129128: commit references a PR
Date: Wed,  3 Dec 2008 22:46:36 +0000 (UTC)

 pav         2008-12-03 22:46:24 UTC
 
   FreeBSD ports repository
 
   Modified files:
     graphics/sdl_image   Makefile distinfo 
   Removed files:
     graphics/sdl_image/files patch-IMG_gif.c patch-IMG_lbm.c 
   Log:
   - Update to 1.2.7
   
   PR:             ports/129128
   Submitted by:   Marcus von Appen <mva@sysfault.org> (maintainer)
   
   Revision  Changes    Path
   1.37      +1 -2      ports/graphics/sdl_image/Makefile
   1.13      +3 -3      ports/graphics/sdl_image/distinfo
   1.2       +0 -13     ports/graphics/sdl_image/files/patch-IMG_gif.c (dead)
   1.2       +0 -28     ports/graphics/sdl_image/files/patch-IMG_lbm.c (dead)
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
