From owner-svn-ports-all@FreeBSD.ORG  Tue Apr  8 15:35:19 2014
Return-Path: <owner-svn-ports-all@FreeBSD.ORG>
Delivered-To: svn-ports-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 774BF604;
 Tue,  8 Apr 2014 15:35:19 +0000 (UTC)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 587D51FB4;
 Tue,  8 Apr 2014 15:35:19 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s38FZJmd078363;
 Tue, 8 Apr 2014 15:35:19 GMT (envelope-from naddy@svn.freebsd.org)
Received: (from naddy@localhost)
 by svn.freebsd.org (8.14.8/8.14.8/Submit) id s38FZIwG078361;
 Tue, 8 Apr 2014 15:35:19 GMT (envelope-from naddy@svn.freebsd.org)
Message-Id: <201404081535.s38FZIwG078361@svn.freebsd.org>
From: Christian Weisgerber <naddy@FreeBSD.org>
Date: Tue, 8 Apr 2014 15:35:18 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r350627 - in head/multimedia/xmms: . files
X-SVN-Group: ports-head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all/>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Apr 2014 15:35:19 -0000

Author: naddy
Date: Tue Apr  8 15:35:18 2014
New Revision: 350627
URL: http://svnweb.freebsd.org/changeset/ports/350627
QAT: https://qat.redports.org/buildarchive/r350627/

Log:
  Fix for integer overflow and underflow vulnerabilities in the
  processing of skin bitmap images.
  
  Obtained from:	Ubuntu (originally)
  Security:	http://www.vuxml.org/freebsd/20e23b65-a52e-11e3-ae3a-00224d7c32a2.html

Added:
  head/multimedia/xmms/files/patch-xmms_bmp.c   (contents, props changed)
Modified:
  head/multimedia/xmms/Makefile

Modified: head/multimedia/xmms/Makefile
==============================================================================
--- head/multimedia/xmms/Makefile	Tue Apr  8 15:33:31 2014	(r350626)
+++ head/multimedia/xmms/Makefile	Tue Apr  8 15:35:18 2014	(r350627)
@@ -3,7 +3,7 @@
 
 PORTNAME=	xmms
 PORTVERSION=	1.2.11
-PORTREVISION?=	20	# Also chinese/xmms and russian/xmms
+PORTREVISION?=	21	# Also chinese/xmms and russian/xmms
 CATEGORIES+=	multimedia audio ipv6
 MASTER_SITES=	http://www.xmms.org/files/1.2.x/ \
 		http://legacy.xmms2.org/ \
@@ -16,13 +16,10 @@ COMMENT?=	X Multimedia System -- An audi
 LICENSE=	GPLv2
 
 DEPRECATED=	Abandonware, please consider using multimedia/audacious instead
-FORBIDDEN=	Vulnerable: CVE-2007-0653 CVE-2007-0654
-EXPIRATION_DATE=	2014-05-01
 
 CONFLICTS?=	ru-xmms-[0-9]* zh-xmms-[0-9]*
 GNU_CONFIGURE=	yes
-USES=		desktop-file-utils pathfix gmake iconv
-USE_BZIP2=	yes
+USES=		desktop-file-utils pathfix gmake iconv tar:bzip2
 USE_GNOME=	gtk12
 USE_LDCONFIG=	yes
 USE_XORG=	sm x11 xxf86vm

Added: head/multimedia/xmms/files/patch-xmms_bmp.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/multimedia/xmms/files/patch-xmms_bmp.c	Tue Apr  8 15:35:18 2014	(r350627)
@@ -0,0 +1,43 @@
+--- xmms/bmp.c.orig	2006-07-16 15:40:04.000000000 +0200
++++ xmms/bmp.c	2014-04-08 17:04:26.000000000 +0200
+@@ -19,6 +19,12 @@
+  */
+ #include "xmms.h"
+ 
++#if HAVE_STDINT_H
++#include <stdint.h>
++#elif !defined(UINT32_MAX)
++#define UINT32_MAX 0xffffffffU
++#endif
++
+ struct rgb_quad
+ {
+ 	guchar rgbBlue;
+@@ -183,7 +189,7 @@ GdkPixmap *read_bmp(gchar * filename)
+ 	}
+ 	else if (bitcount != 24 && bitcount != 16 && bitcount != 32)
+ 	{
+-		gint ncols, i;
++		guint32 ncols, i;
+ 
+ 		ncols = offset - headSize - 14;
+ 		if (headSize == 12)
+@@ -201,9 +207,17 @@ GdkPixmap *read_bmp(gchar * filename)
+ 		}
+ 	}
+ 	fseek(file, offset, SEEK_SET);
++	/* verify buffer size */
++	if (!h || !w ||
++	    w > (((UINT32_MAX - 3) / 3) / h) ||
++	    h > (((UINT32_MAX - 3) / 3) / w)) {
++		g_warning("read_bmp(): width(%u)*height(%u) too large", w, h);
++		fclose(file);
++		return NULL;
++	}
++	data = g_malloc0((w * 3 * h) + 3);	/* +3 is just for safety */
+ 	buffer = g_malloc(imgsize);
+ 	fread(buffer, imgsize, 1, file);
+-	data = g_malloc0((w * 3 * h) + 3);	/* +3 is just for safety */
+ 
+ 	if (bitcount == 1)
+ 		read_1b_rgb(buffer, imgsize, data, w, h, rgb_quads);