add patches from upstream to address security bug #207933; force stabilize all

(Portage version: 2.1.3.19)
author: Michael Sterrett <mr_bones_@gentoo.org> 2008-01-29 08:54:30 +0000
committer: Michael Sterrett <mr_bones_@gentoo.org> 2008-01-29 08:54:30 +0000
commit: 433e029b29723ede1b9388a113e7005d49dc4b53 (patch)
tree: ff2b49e3975a9b8db1dc3ccf8b508eb1a299ef85 /media-libs/sdl-image
parent: Added conditional pkg-config dependencies for USE-flags gtk and ncurses (bug ... (diff)
download: gentoo-2-433e029b29723ede1b9388a113e7005d49dc4b53.tar.gz
gentoo-2-433e029b29723ede1b9388a113e7005d49dc4b53.tar.bz2
gentoo-2-433e029b29723ede1b9388a113e7005d49dc4b53.zip
12 files changed, 63 insertions, 221 deletions
diff --git a/media-libs/sdl-image/ChangeLog b/media-libs/sdl-image/ChangeLog
index f2ce3bdc2124..3330fc5fde2d 100644
--- a/media-libs/sdl-image/ChangeLog
+++ b/media-libs/sdl-image/ChangeLog
@@ -1,6 +1,16 @@
 # ChangeLog for media-libs/sdl-image
-# Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-libs/sdl-image/ChangeLog,v 1.40 2007/07/21 19:36:37 vapier Exp $
+# Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/media-libs/sdl-image/ChangeLog,v 1.41 2008/01/29 08:54:30 mr_bones_ Exp $
+
+*sdl-image-1.2.6-r1 (29 Jan 2008)
+
+  29 Jan 2008; Michael Sterrett <mr_bones_@gentoo.org>
+  +files/sdl-image-1.2.6-DOS.patch, -sdl-image-1.2.3-r1.ebuild,
+  -sdl-image-1.2.4.ebuild, -sdl-image-1.2.5.ebuild,
+  -sdl-image-1.2.5-r1.ebuild, -sdl-image-1.2.6.ebuild,
+  +sdl-image-1.2.6-r1.ebuild:
+  add patches from upstream to address security bug #207933; force stabilize all
+  previously stable archs and remove older, vulnerable versions
 
 *sdl-image-1.2.6 (21 Jul 2007)
 
@@ -148,7 +158,7 @@
   1 Feb 2002; G.Bevin <gbevin@gentoo.org> ChangeLog :
   
   Added initial ChangeLog which should be updated whenever the package is
-  updated in any way. This changelog is targetted to users. This means that the
+  updated in any way. This changelog is target's to users. This means that the
   comments should well explained and written in clean English. The details about
   writing correct changelogs are explained in the skel.ChangeLog file which you
   can find in the root directory of the portage repository.
diff --git a/media-libs/sdl-image/files/digest-sdl-image-1.2.3-r1 b/media-libs/sdl-image/files/digest-sdl-image-1.2.3-r1
deleted file mode 100644
index c57a8516f5bb..000000000000
--- a/media-libs/sdl-image/files/digest-sdl-image-1.2.3-r1
+++ /dev/null
@@ -1,3 +0,0 @@
-MD5 d55826ffbd2bdc48b09cc64a9ed9e59e SDL_image-1.2.3.tar.gz 636747
-RMD160 ef488b0d731170336f6a3b5254e24c69726e0d92 SDL_image-1.2.3.tar.gz 636747
-SHA256 2f710b94f547ec7e39844f7872e1fe8d6fe2a434c896cc8a54b5540854bb5a69 SDL_image-1.2.3.tar.gz 636747
diff --git a/media-libs/sdl-image/files/digest-sdl-image-1.2.4 b/media-libs/sdl-image/files/digest-sdl-image-1.2.4
deleted file mode 100644
index 03f05bfc34da..000000000000
--- a/media-libs/sdl-image/files/digest-sdl-image-1.2.4
+++ /dev/null
@@ -1,3 +0,0 @@
-MD5 70bf617f99e51a2c94550fc79d542f0b SDL_image-1.2.4.tar.gz 841885
-RMD160 0c42fecde17e841a98ffc6d7b4f6473e30447df1 SDL_image-1.2.4.tar.gz 841885
-SHA256 c295b5fdb8c51fd363a351b9ca66b1d3c50f99d5610a0629d719757a35139032 SDL_image-1.2.4.tar.gz 841885
diff --git a/media-libs/sdl-image/files/digest-sdl-image-1.2.5 b/media-libs/sdl-image/files/digest-sdl-image-1.2.5
deleted file mode 100644
index a8686610e756..000000000000
--- a/media-libs/sdl-image/files/digest-sdl-image-1.2.5
+++ /dev/null
@@ -1,6 +0,0 @@
-MD5 cd006109a73bf7dcc93e1c3ed15ee782 SDL_image-1.2.5.tar.gz 1308637
-RMD160 3dabd3de4259519412e6fdc5c83d268dfa0b1ec0 SDL_image-1.2.5.tar.gz 1308637
-SHA256 8a665d136fb17cc9fedcd8e42d21fcab553bd7ab67b6cafea2c6c7efe1adb308 SDL_image-1.2.5.tar.gz 1308637
-MD5 6ba5a176c3f93a1d916e87005d049c28 sdl-image1.2_1.2.5-2.diff.gz 11430
-RMD160 4b34099e5805841ff8ed068155e20b0c91ea21db sdl-image1.2_1.2.5-2.diff.gz 11430
-SHA256 ab4b63f5b459cf0d7505a4f6210c1c5e05175193095ae6d6cd3810ecf71d6176 sdl-image1.2_1.2.5-2.diff.gz 11430
diff --git a/media-libs/sdl-image/files/digest-sdl-image-1.2.5-r1 b/media-libs/sdl-image/files/digest-sdl-image-1.2.5-r1
deleted file mode 100644
index a8686610e756..000000000000
--- a/media-libs/sdl-image/files/digest-sdl-image-1.2.5-r1
+++ /dev/null
@@ -1,6 +0,0 @@
-MD5 cd006109a73bf7dcc93e1c3ed15ee782 SDL_image-1.2.5.tar.gz 1308637
-RMD160 3dabd3de4259519412e6fdc5c83d268dfa0b1ec0 SDL_image-1.2.5.tar.gz 1308637
-SHA256 8a665d136fb17cc9fedcd8e42d21fcab553bd7ab67b6cafea2c6c7efe1adb308 SDL_image-1.2.5.tar.gz 1308637
-MD5 6ba5a176c3f93a1d916e87005d049c28 sdl-image1.2_1.2.5-2.diff.gz 11430
-RMD160 4b34099e5805841ff8ed068155e20b0c91ea21db sdl-image1.2_1.2.5-2.diff.gz 11430
-SHA256 ab4b63f5b459cf0d7505a4f6210c1c5e05175193095ae6d6cd3810ecf71d6176 sdl-image1.2_1.2.5-2.diff.gz 11430
diff --git a/media-libs/sdl-image/files/digest-sdl-image-1.2.6 b/media-libs/sdl-image/files/digest-sdl-image-1.2.6-r1
index c3c6a2b24ffd..c3c6a2b24ffd 100644
--- a/media-libs/sdl-image/files/digest-sdl-image-1.2.6
+++ b/media-libs/sdl-image/files/digest-sdl-image-1.2.6-r1
diff --git a/media-libs/sdl-image/files/sdl-image-1.2.6-DOS.patch b/media-libs/sdl-image/files/sdl-image-1.2.6-DOS.patch
new file mode 100644
index 000000000000..ec648a6ecfb3
--- /dev/null
+++ b/media-libs/sdl-image/files/sdl-image-1.2.6-DOS.patch
@@ -0,0 +1,41 @@
+--- trunk/SDL_image/IMG_gif.c	2007/02/13 10:09:17	2970
++++ trunk/SDL_image/IMG_gif.c	2007/12/28 16:43:56	3462
+@@ -418,6 +418,10 @@
+     static int stack[(1 << (MAX_LWZ_BITS)) * 2], *sp;
+     register int i;
+ 
++    /* Fixed buffer overflow found by Michael Skladnikiewicz */
++    if (input_code_size > MAX_LWZ_BITS)
++        return -1;
++
+     if (flag) {
+ 	set_code_size = input_code_size;
+ 	code_size = set_code_size + 1;
+--- trunk/SDL_image/IMG_lbm.c	2007/07/20 04:37:11	3341
++++ trunk/SDL_image/IMG_lbm.c	2008/01/03 20:05:34	3521
+@@ -28,6 +28,7 @@
+    EHB and HAM (specific Amiga graphic chip modes) support added by Marc Le Douarain
+    (http://www.multimania.com/mavati) in December 2003.
+    Stencil and colorkey fixes by David Raulo (david.raulo AT free DOT fr) in February 2004.
++   Buffer overflow fix in RLE decompression by David Raulo in January 2008.
+ */
+ 
+ #include <stdio.h>
+@@ -328,7 +329,7 @@
+ 						count ^= 0xFF;
+ 						count += 2; /* now it */
+ 
+-						if ( !SDL_RWread( src, &color, 1, 1 ) )
++						if ( ( count > remainingbytes ) || !SDL_RWread( src, &color, 1, 1 ) )
+ 						{
+ 						   error="error reading BODY chunk";
+ 							goto done;
+@@ -339,7 +340,7 @@
+ 					{
+ 						++count;
+ 
+-						if ( !SDL_RWread( src, ptr, count, 1 ) )
++						if ( ( count > remainingbytes ) || !SDL_RWread( src, ptr, count, 1 ) )
+ 						{
+ 						   error="error reading BODY chunk";
+ 							goto done;
diff --git a/media-libs/sdl-image/sdl-image-1.2.3-r1.ebuild b/media-libs/sdl-image/sdl-image-1.2.3-r1.ebuild
deleted file mode 100644
index 5e28d50bdb76..000000000000
--- a/media-libs/sdl-image/sdl-image-1.2.3-r1.ebuild
+++ /dev/null
@@ -1,44 +0,0 @@
-# Copyright 1999-2007 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/media-libs/sdl-image/sdl-image-1.2.3-r1.ebuild,v 1.8 2007/07/12 03:10:24 mr_bones_ Exp $
-
-MY_P="${P/sdl-/SDL_}"
-S=${WORKDIR}/${MY_P}
-DESCRIPTION="image file loading library"
-HOMEPAGE="http://www.libsdl.org/projects/SDL_image/index.html"
-SRC_URI="http://www.libsdl.org/projects/SDL_image/release/${MY_P}.tar.gz"
-
-LICENSE="LGPL-2"
-SLOT="0"
-KEYWORDS="alpha amd64 hppa ~mips ppc ppc64 sparc x86"
-IUSE="gif jpeg tiff png"
-
-DEPEND="sys-libs/zlib
-	>=media-libs/libsdl-1.2.4
-	png? ( >=media-libs/libpng-1.2.1 )
-	jpeg? ( >=media-libs/jpeg-6b )
-	tiff? ( media-libs/tiff )"
-
-src_compile() {
-	econf \
-		$(use_enable gif) \
-		$(use_enable jpeg jpg) \
-		$(use_enable tiff tif) \
-		$(use_enable png) \
-		$(use_enable png pnm) \
-		--enable-bmp \
-		--enable-lbm \
-		--enable-pcx \
-		--enable-tga \
-		--enable-xcf \
-		--enable-xpm \
-		|| die
-	emake || die
-}
-
-src_install() {
-	make DESTDIR="${D}" install || die "make install failed"
-	into /usr
-	dobin .libs/showimage
-	dodoc CHANGES README
-}
diff --git a/media-libs/sdl-image/sdl-image-1.2.4.ebuild b/media-libs/sdl-image/sdl-image-1.2.4.ebuild
deleted file mode 100644
index d4e252da7dd8..000000000000
--- a/media-libs/sdl-image/sdl-image-1.2.4.ebuild
+++ /dev/null
@@ -1,47 +0,0 @@
-# Copyright 1999-2006 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/media-libs/sdl-image/sdl-image-1.2.4.ebuild,v 1.7 2006/04/11 19:44:15 flameeyes Exp $
-
-inherit flag-o-matic
-
-MY_P="${P/sdl-/SDL_}"
-DESCRIPTION="image file loading library"
-HOMEPAGE="http://www.libsdl.org/projects/SDL_image/index.html"
-SRC_URI="http://www.libsdl.org/projects/SDL_image/release/${MY_P}.tar.gz"
-
-LICENSE="LGPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~mips ~ppc ~ppc-macos ~ppc64 ~sparc ~x86 ~x86-fbsd"
-IUSE="gif jpeg tiff png"
-
-DEPEND="sys-libs/zlib
-	>=media-libs/libsdl-1.2.4
-	png? ( >=media-libs/libpng-1.2.1 )
-	jpeg? ( >=media-libs/jpeg-6b )
-	tiff? ( media-libs/tiff )"
-
-S=${WORKDIR}/${MY_P}
-
-src_compile() {
-	econf \
-		--disable-dependency-tracking \
-		$(use_enable gif) \
-		$(use_enable jpeg jpg) \
-		$(use_enable tiff tif) \
-		$(use_enable png) \
-		$(use_enable png pnm) \
-		--enable-bmp \
-		--enable-lbm \
-		--enable-pcx \
-		--enable-tga \
-		--enable-xcf \
-		--enable-xpm \
-		|| die
-	emake || die "emake failed"
-}
-
-src_install() {
-	make DESTDIR="${D}" install || die "make install failed"
-	dobin .libs/showimage || die "dobin failed"
-	dodoc CHANGES README
-}
diff --git a/media-libs/sdl-image/sdl-image-1.2.5-r1.ebuild b/media-libs/sdl-image/sdl-image-1.2.5-r1.ebuild
deleted file mode 100644
index b2486a01fb44..000000000000
--- a/media-libs/sdl-image/sdl-image-1.2.5-r1.ebuild
+++ /dev/null
@@ -1,53 +0,0 @@
-# Copyright 1999-2006 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/media-libs/sdl-image/sdl-image-1.2.5-r1.ebuild,v 1.12 2006/10/31 01:00:06 nyhm Exp $
-
-inherit eutils flag-o-matic
-
-MY_P="${P/sdl-/SDL_}"
-DESCRIPTION="image file loading library"
-HOMEPAGE="http://www.libsdl.org/projects/SDL_image/index.html"
-SRC_URI="http://www.libsdl.org/projects/SDL_image/release/${MY_P}.tar.gz
-	mirror://debian/pool/main/s/sdl-image1.2/sdl-image1.2_${PV}-2.diff.gz"
-
-LICENSE="LGPL-2.1"
-SLOT="0"
-KEYWORDS="alpha amd64 hppa ia64 mips ppc ppc-macos ppc64 sparc x86 ~x86-fbsd"
-IUSE="gif jpeg tiff png"
-
-DEPEND="sys-libs/zlib
-	>=media-libs/libsdl-1.2.10
-	png? ( >=media-libs/libpng-1.2.1 )
-	jpeg? ( >=media-libs/jpeg-6b )
-	tiff? ( media-libs/tiff )"
-
-S=${WORKDIR}/${MY_P}
-
-src_unpack() {
-	unpack ${A}
-	cd "${S}"
-	epatch "${WORKDIR}/sdl-image1.2_${PV}-2.diff"
-}
-
-src_compile() {
-	econf \
-		$(use_enable gif) \
-		$(use_enable jpeg jpg) \
-		$(use_enable tiff tif) \
-		$(use_enable png) \
-		$(use_enable png pnm) \
-		--enable-bmp \
-		--enable-lbm \
-		--enable-pcx \
-		--enable-tga \
-		--enable-xcf \
-		--enable-xpm \
-		|| die
-	emake || die "emake failed"
-}
-
-src_install() {
-	make DESTDIR="${D}" install || die "make install failed"
-	dobin .libs/showimage || die "dobin failed"
-	dodoc CHANGES README
-}
diff --git a/media-libs/sdl-image/sdl-image-1.2.5.ebuild b/media-libs/sdl-image/sdl-image-1.2.5.ebuild
deleted file mode 100644
index 02fce291969b..000000000000
--- a/media-libs/sdl-image/sdl-image-1.2.5.ebuild
+++ /dev/null
@@ -1,53 +0,0 @@
-# Copyright 1999-2006 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/media-libs/sdl-image/sdl-image-1.2.5.ebuild,v 1.4 2006/10/31 01:00:06 nyhm Exp $
-
-inherit eutils flag-o-matic
-
-MY_P="${P/sdl-/SDL_}"
-DESCRIPTION="image file loading library"
-HOMEPAGE="http://www.libsdl.org/projects/SDL_image/index.html"
-SRC_URI="http://www.libsdl.org/projects/SDL_image/release/${MY_P}.tar.gz
-	mirror://debian/pool/main/s/sdl-image1.2/sdl-image1.2_${PV}-2.diff.gz"
-
-LICENSE="LGPL-2.1"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~mips ~ppc ~ppc-macos ~ppc64 ~sparc ~x86 ~x86-fbsd"
-IUSE="gif jpeg tiff png"
-
-DEPEND="sys-libs/zlib
-	>=media-libs/libsdl-1.2.10
-	png? ( >=media-libs/libpng-1.2.1 )
-	jpeg? ( >=media-libs/jpeg-6b )
-	tiff? ( media-libs/tiff )"
-
-S=${WORKDIR}/${MY_P}
-
-src_unpack() {
-	unpack ${A}
-	cd "${S}"
-	epatch "${WORKDIR}/sdl-image1.2_${PV}-2.diff"
-}
-
-src_compile() {
-	econf \
-		$(use_enable gif) \
-		$(use_enable jpeg jpg) \
-		$(use_enable tiff tif) \
-		$(use_enable png) \
-		$(use_enable png pnm) \
-		--enable-bmp \
-		--enable-lbm \
-		--enable-pcx \
-		--enable-tga \
-		--enable-xcf \
-		--enable-xpm \
-		|| die
-	emake || die "emake failed"
-}
-
-src_install() {
-	make DESTDIR="${D}" install || die "make install failed"
-	dobin .libs/showimage || die "dobin failed"
-	dodoc CHANGES README
-}
diff --git a/media-libs/sdl-image/sdl-image-1.2.6.ebuild b/media-libs/sdl-image/sdl-image-1.2.6-r1.ebuild
index 048f1af53d47..1b5d80ff3f62 100644
--- a/media-libs/sdl-image/sdl-image-1.2.6.ebuild
+++ b/media-libs/sdl-image/sdl-image-1.2.6-r1.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2007 Gentoo Foundation
+# Copyright 1999-2008 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/media-libs/sdl-image/sdl-image-1.2.6.ebuild,v 1.1 2007/07/21 19:36:37 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-libs/sdl-image/sdl-image-1.2.6-r1.ebuild,v 1.1 2008/01/29 08:54:30 mr_bones_ Exp $
 
 inherit eutils flag-o-matic
 
@@ -11,7 +11,7 @@ SRC_URI="http://www.libsdl.org/projects/SDL_image/release/${MY_P}.tar.gz"
 
 LICENSE="LGPL-2.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~mips ~ppc ~ppc-macos ~ppc64 ~sparc ~x86 ~x86-fbsd"
+KEYWORDS="alpha amd64 hppa ia64 mips ppc ppc-macos ppc64 sparc x86 ~x86-fbsd"
 IUSE="gif jpeg tiff png"
 
 DEPEND="sys-libs/zlib
@@ -22,6 +22,12 @@ DEPEND="sys-libs/zlib
 
 S=${WORKDIR}/${MY_P}
 
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+	epatch "${FILESDIR}/${P}-DOS.patch"
+}
+
 src_compile() {
 	econf \
 		$(use_enable gif) \
author	Michael Sterrett <mr_bones_@gentoo.org>	2008-01-29 08:54:30 +0000
committer	Michael Sterrett <mr_bones_@gentoo.org>	2008-01-29 08:54:30 +0000
commit	433e029b29723ede1b9388a113e7005d49dc4b53 (patch)
tree	ff2b49e3975a9b8db1dc3ccf8b508eb1a299ef85 /media-libs/sdl-image
parent	Added conditional pkg-config dependencies for USE-flags gtk and ncurses (bug ... (diff)
download	gentoo-2-433e029b29723ede1b9388a113e7005d49dc4b53.tar.gz gentoo-2-433e029b29723ede1b9388a113e7005d49dc4b53.tar.bz2 gentoo-2-433e029b29723ede1b9388a113e7005d49dc4b53.zip