SECURITY update to gdk-pixbuf-2.31.7.

This is supposed to be a development release but it fixes a *lot* of integer
overflows, a possible divide-by-zero bug and CVE-2015-4491 -- so we'll make an
exception. FreeBSD and most Linux distributions went for this version as well.

graphics/gdk-pixbuf2/Makefile

@@ -1,15 +1,14 @@
-# $OpenBSD: Makefile,v 1.50 2015/07/22 19:44:28 ajacoutot Exp $
+# $OpenBSD: Makefile,v 1.51 2015/09/01 15:58:26 ajacoutot Exp $
 
 COMMENT=		graphic library for gtk+2
 
 GNOME_PROJECT=		gdk-pixbuf
-GNOME_VERSION=		2.30.8
-REVISION=		1
+GNOME_VERSION=		2.31.7
 
 CATEGORIES=		graphics
 
-SHARED_LIBS +=  gdk_pixbuf-2.0       3000.0   # 3000.7
-SHARED_LIBS +=  gdk_pixbuf_xlib-2.0  3000.0   # 3000.7
+SHARED_LIBS +=  gdk_pixbuf-2.0       3001.0   # 3100.7
+SHARED_LIBS +=  gdk_pixbuf_xlib-2.0  3001.0   # 3100.7
 
 HOMEPAGE=		http://www.gtk.org/
 

graphics/gdk-pixbuf2/distinfo

@@ -1,2 +1,2 @@
-SHA256 (gdk-pixbuf-2.30.8.tar.xz) = SFODBhYRPbRDWDeZLArr2Uy7mTxE3FUGPO5/cqe++L4=
-SIZE (gdk-pixbuf-2.30.8.tar.xz) = 1336788
+SHA256 (gdk-pixbuf-2.31.7.tar.xz) = RzbgCRaIV86LsZKR8Ih8HcZVHLw8RtX/zQNOEz5P1hA=
+SIZE (gdk-pixbuf-2.31.7.tar.xz) = 2430852

graphics/gdk-pixbuf2/patches/patch-gdk-pixbuf_pixops_pixops_c

@@ -1,69 +0,0 @@
-$OpenBSD: patch-gdk-pixbuf_pixops_pixops_c,v 1.1 2015/07/22 19:44:28 ajacoutot Exp $
-
-From ffec86ed5010c5a2be14f47b33bcf4ed3169a199 Mon Sep 17 00:00:00 2001
-From: Matthias Clasen <mclasen@redhat.com>
-Date: Mon, 13 Jul 2015 00:33:40 -0400
-Subject: pixops: Be more careful about integer overflow
-
---- gdk-pixbuf/pixops/pixops.c.orig	Thu Mar  6 05:36:45 2014
-+++ gdk-pixbuf/pixops/pixops.c	Wed Jul 22 21:42:18 2015
-@@ -1192,8 +1192,17 @@ make_filter_table (PixopsFilter *filter)
-   int i_offset, j_offset;
-   int n_x = filter->x.n;
-   int n_y = filter->y.n;
--  int *weights = g_new (int, SUBSAMPLE * SUBSAMPLE * n_x * n_y);
-+  gsize n_weights;
-+  int *weights;
- 
-+  n_weights = SUBSAMPLE * SUBSAMPLE * n_x * n_y;
-+  if (n_weights / (SUBSAMPLE * SUBSAMPLE * n_x) != n_y)
-+    return NULL; /* overflow, bail */
-+
-+  weights = g_try_new (int, n_weights);
-+  if (!weights)
-+    return NULL; /* overflow, bail */
-+
-   for (i_offset=0; i_offset < SUBSAMPLE; i_offset++)
-     for (j_offset=0; j_offset < SUBSAMPLE; j_offset++)
-       {
-@@ -1267,9 +1276,12 @@ pixops_process (guchar         *dest_buf,
-   if (x_step == 0 || y_step == 0)
-     return; /* overflow, bail out */
- 
--  line_bufs = g_new (guchar *, filter->y.n);
-   filter_weights = make_filter_table (filter);
-+  if (!filter_weights)
-+    return; /* overflow, bail out */
- 
-+  line_bufs = g_new (guchar *, filter->y.n);
-+
-   check_shift = check_size ? get_check_shift (check_size) : 0;
- 
-   scaled_x_offset = floor (filter->x.offset * (1 << SCALE_SHIFT));
-@@ -1388,7 +1400,7 @@ tile_make_weights (PixopsFilterDimension *dim,
- 		   double                 scale)
- {
-   int n = ceil (1 / scale + 1);
--  double *pixel_weights = g_new (double, SUBSAMPLE * n);
-+  double *pixel_weights = g_malloc_n (sizeof (double) * SUBSAMPLE, n);
-   int offset;
-   int i;
- 
-@@ -1446,7 +1458,7 @@ bilinear_magnify_make_weights (PixopsFilterDimension *
-     }
- 
-   dim->n = n;
--  dim->weights = g_new (double, SUBSAMPLE * n);
-+  dim->weights = g_malloc_n (sizeof (double) * SUBSAMPLE, n);
- 
-   pixel_weights = dim->weights;
- 
-@@ -1537,7 +1549,7 @@ bilinear_box_make_weights (PixopsFilterDimension *dim,
- 			   double                 scale)
- {
-   int n = ceil (1/scale + 3.0);
--  double *pixel_weights = g_new (double, SUBSAMPLE * n);
-+  double *pixel_weights = g_malloc_n (sizeof (double) * SUBSAMPLE, n);
-   double w;
-   int offset, i;
- 

graphics/gdk-pixbuf2/patches/patch-tests_Makefile_in

@@ -0,0 +1,65 @@
+$OpenBSD: patch-tests_Makefile_in,v 1.1 2015/09/01 15:58:26 ajacoutot Exp $
+
+https://bugzilla.gnome.org/show_bug.cgi?id=754154
+
+--- tests/Makefile.in.orig	Tue Sep  1 13:46:32 2015
++++ tests/Makefile.in	Tue Sep  1 17:39:50 2015
+@@ -96,7 +96,7 @@ host_triplet = @host@
+ TESTS = $(am__EXEEXT_2)
+ installed_test_PROGRAMS = $(am__EXEEXT_5)
+ noinst_PROGRAMS = $(am__EXEEXT_6) pixbuf-read$(EXEEXT) \
+-	pixbuf-lowmem$(EXEEXT) pixbuf-random$(EXEEXT) $(am__EXEEXT_1)
++	pixbuf-random$(EXEEXT) $(am__EXEEXT_1)
+ check_PROGRAMS = $(am__EXEEXT_4)
+ @ENABLE_ALWAYS_BUILD_TESTS_TRUE@am__append_1 = $(all_test_ltlibs)
+ @ENABLE_ALWAYS_BUILD_TESTS_TRUE@am__append_2 = $(all_test_programs)
+@@ -243,12 +243,6 @@ pixbuf_jpeg_LDADD = $(LDADD)
+ pixbuf_jpeg_DEPENDENCIES = $(top_builddir)/gdk-pixbuf/libgdk_pixbuf-$(GDK_PIXBUF_API_VERSION).la \
+ 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ 	$(am__DEPENDENCIES_1)
+-pixbuf_lowmem_SOURCES = pixbuf-lowmem.c
+-pixbuf_lowmem_OBJECTS = pixbuf-lowmem.$(OBJEXT)
+-pixbuf_lowmem_LDADD = $(LDADD)
+-pixbuf_lowmem_DEPENDENCIES = $(top_builddir)/gdk-pixbuf/libgdk_pixbuf-$(GDK_PIXBUF_API_VERSION).la \
+-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+-	$(am__DEPENDENCIES_1)
+ pixbuf_random_SOURCES = pixbuf-random.c
+ pixbuf_random_OBJECTS = pixbuf-random.$(OBJEXT)
+ pixbuf_random_LDADD = $(LDADD)
+@@ -355,7 +349,7 @@ am__v_CCLD_1 = 
+ SOURCES = animation.c $(cve_2015_4491_SOURCES) \
+ 	$(pixbuf_composite_SOURCES) $(pixbuf_dpi_SOURCES) \
+ 	$(pixbuf_icc_SOURCES) $(pixbuf_icon_serialize_SOURCES) \
+-	$(pixbuf_jpeg_SOURCES) pixbuf-lowmem.c pixbuf-random.c \
++	$(pixbuf_jpeg_SOURCES) pixbuf-random.c \
+ 	pixbuf-randomly-modified.c pixbuf-read.c \
+ 	$(pixbuf_readonly_to_mutable_SOURCES) \
+ 	$(pixbuf_resource_SOURCES) $(pixbuf_save_SOURCES) \
+@@ -364,7 +358,7 @@ SOURCES = animation.c $(cve_2015_4491_SOURCES) \
+ DIST_SOURCES = animation.c $(cve_2015_4491_SOURCES) \
+ 	$(pixbuf_composite_SOURCES) $(pixbuf_dpi_SOURCES) \
+ 	$(pixbuf_icc_SOURCES) $(pixbuf_icon_serialize_SOURCES) \
+-	$(pixbuf_jpeg_SOURCES) pixbuf-lowmem.c pixbuf-random.c \
++	$(pixbuf_jpeg_SOURCES) pixbuf-random.c \
+ 	pixbuf-randomly-modified.c pixbuf-read.c \
+ 	$(pixbuf_readonly_to_mutable_SOURCES) \
+ 	$(pixbuf_resource_SOURCES) $(pixbuf_save_SOURCES) \
+@@ -1145,10 +1139,6 @@ pixbuf-jpeg$(EXEEXT): $(pixbuf_jpeg_OBJECTS) $(pixbuf_
+ 	@rm -f pixbuf-jpeg$(EXEEXT)
+ 	$(AM_V_CCLD)$(LINK) $(pixbuf_jpeg_OBJECTS) $(pixbuf_jpeg_LDADD) $(LIBS)
+ 
+-pixbuf-lowmem$(EXEEXT): $(pixbuf_lowmem_OBJECTS) $(pixbuf_lowmem_DEPENDENCIES) $(EXTRA_pixbuf_lowmem_DEPENDENCIES) 
+-	@rm -f pixbuf-lowmem$(EXEEXT)
+-	$(AM_V_CCLD)$(LINK) $(pixbuf_lowmem_OBJECTS) $(pixbuf_lowmem_LDADD) $(LIBS)
+-
+ pixbuf-random$(EXEEXT): $(pixbuf_random_OBJECTS) $(pixbuf_random_DEPENDENCIES) $(EXTRA_pixbuf_random_DEPENDENCIES) 
+ 	@rm -f pixbuf-random$(EXEEXT)
+ 	$(AM_V_CCLD)$(LINK) $(pixbuf_random_OBJECTS) $(pixbuf_random_LDADD) $(LIBS)
+@@ -1237,7 +1227,6 @@ distclean-compile:
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pixbuf-icc.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pixbuf-icon-serialize.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pixbuf-jpeg.Po@am__quote@
+-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pixbuf-lowmem.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pixbuf-random.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pixbuf-randomly-modified.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pixbuf-read.Po@am__quote@

graphics/gdk-pixbuf2/pkg/PLIST

@@ -1,4 +1,4 @@
-@comment $OpenBSD: PLIST,v 1.17 2015/05/22 11:31:15 ajacoutot Exp $
+@comment $OpenBSD: PLIST,v 1.18 2015/09/01 15:58:26 ajacoutot Exp $
 @conflict gtk+2-<2.22
 @conflict gtk+2-docs-<2.22
 @unexec-delete rm -f %D/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache
@@ -12,6 +12,7 @@ include/gdk-pixbuf-2.0/gdk-pixbuf-xlib/
 include/gdk-pixbuf-2.0/gdk-pixbuf-xlib/gdk-pixbuf-xlib.h
 include/gdk-pixbuf-2.0/gdk-pixbuf-xlib/gdk-pixbuf-xlibrgb.h
 include/gdk-pixbuf-2.0/gdk-pixbuf/gdk-pixbuf-animation.h
+include/gdk-pixbuf-2.0/gdk-pixbuf/gdk-pixbuf-autocleanups.h
 include/gdk-pixbuf-2.0/gdk-pixbuf/gdk-pixbuf-core.h
 include/gdk-pixbuf-2.0/gdk-pixbuf/gdk-pixbuf-enum-types.h
 include/gdk-pixbuf-2.0/gdk-pixbuf/gdk-pixbuf-features.h
@@ -50,6 +51,7 @@ share/gtk-doc/html/gdk-pixbuf/api-index-2-2.html
 share/gtk-doc/html/gdk-pixbuf/api-index-2-26.html
 share/gtk-doc/html/gdk-pixbuf/api-index-2-28.html
 share/gtk-doc/html/gdk-pixbuf/api-index-2-30.html
+share/gtk-doc/html/gdk-pixbuf/api-index-2-32.html
 share/gtk-doc/html/gdk-pixbuf/api-index-2-4.html
 share/gtk-doc/html/gdk-pixbuf/api-index-2-6.html
 share/gtk-doc/html/gdk-pixbuf/api-index-2-8.html
@@ -78,7 +80,6 @@ share/gtk-doc/html/gdk-pixbuf/gdk-pixbuf-query-loaders.html
 share/gtk-doc/html/gdk-pixbuf/gdk-pixbuf.devhelp2
 share/gtk-doc/html/gdk-pixbuf/home.png
 share/gtk-doc/html/gdk-pixbuf/index.html
-share/gtk-doc/html/gdk-pixbuf/index.sgml
 share/gtk-doc/html/gdk-pixbuf/left-insensitive.png
 share/gtk-doc/html/gdk-pixbuf/left.png
 share/gtk-doc/html/gdk-pixbuf/license.html
@@ -96,8 +97,6 @@ share/locale/ang/
 share/locale/ang/LC_MESSAGES/
 share/locale/ang/LC_MESSAGES/gdk-pixbuf.mo
 share/locale/ar/LC_MESSAGES/gdk-pixbuf.mo
-share/locale/as/
-share/locale/as/LC_MESSAGES/
 share/locale/as/LC_MESSAGES/gdk-pixbuf.mo
 share/locale/ast/
 share/locale/ast/LC_MESSAGES/
@@ -148,8 +147,6 @@ share/locale/fi/LC_MESSAGES/gdk-pixbuf.mo
 share/locale/fr/LC_MESSAGES/gdk-pixbuf.mo
 share/locale/ga/LC_MESSAGES/gdk-pixbuf.mo
 share/locale/gl/LC_MESSAGES/gdk-pixbuf.mo
-share/locale/gu/
-share/locale/gu/LC_MESSAGES/
 share/locale/gu/LC_MESSAGES/gdk-pixbuf.mo
 share/locale/he/LC_MESSAGES/gdk-pixbuf.mo
 share/locale/hi/LC_MESSAGES/gdk-pixbuf.mo
@@ -169,11 +166,10 @@ share/locale/is/LC_MESSAGES/gdk-pixbuf.mo
 share/locale/it/LC_MESSAGES/gdk-pixbuf.mo
 share/locale/ja/LC_MESSAGES/gdk-pixbuf.mo
 share/locale/ka/LC_MESSAGES/gdk-pixbuf.mo
+share/locale/kk/LC_MESSAGES/gdk-pixbuf.mo
 share/locale/km/
 share/locale/km/LC_MESSAGES/
 share/locale/km/LC_MESSAGES/gdk-pixbuf.mo
-share/locale/kn/
-share/locale/kn/LC_MESSAGES/
 share/locale/kn/LC_MESSAGES/gdk-pixbuf.mo
 share/locale/ko/LC_MESSAGES/gdk-pixbuf.mo
 share/locale/ku/
@@ -193,14 +189,10 @@ share/locale/mi/LC_MESSAGES/gdk-pixbuf.mo
 share/locale/mk/
 share/locale/mk/LC_MESSAGES/
 share/locale/mk/LC_MESSAGES/gdk-pixbuf.mo
-share/locale/ml/
-share/locale/ml/LC_MESSAGES/
 share/locale/ml/LC_MESSAGES/gdk-pixbuf.mo
 share/locale/mn/
 share/locale/mn/LC_MESSAGES/
 share/locale/mn/LC_MESSAGES/gdk-pixbuf.mo
-share/locale/mr/
-share/locale/mr/LC_MESSAGES/
 share/locale/mr/LC_MESSAGES/gdk-pixbuf.mo
 share/locale/ms/LC_MESSAGES/gdk-pixbuf.mo
 share/locale/my/
@@ -218,11 +210,7 @@ share/locale/nn/LC_MESSAGES/gdk-pixbuf.mo
 share/locale/nso/
 share/locale/nso/LC_MESSAGES/
 share/locale/nso/LC_MESSAGES/gdk-pixbuf.mo
-share/locale/oc/
-share/locale/oc/LC_MESSAGES/
 share/locale/oc/LC_MESSAGES/gdk-pixbuf.mo
-share/locale/or/
-share/locale/or/LC_MESSAGES/
 share/locale/or/LC_MESSAGES/gdk-pixbuf.mo
 share/locale/pa/LC_MESSAGES/gdk-pixbuf.mo
 share/locale/pl/LC_MESSAGES/gdk-pixbuf.mo
@@ -245,15 +233,11 @@ share/locale/sr@ije/LC_MESSAGES/
 share/locale/sr@ije/LC_MESSAGES/gdk-pixbuf.mo
 share/locale/sr@latin/LC_MESSAGES/gdk-pixbuf.mo
 share/locale/sv/LC_MESSAGES/gdk-pixbuf.mo
-share/locale/ta/
-share/locale/ta/LC_MESSAGES/
 share/locale/ta/LC_MESSAGES/gdk-pixbuf.mo
 share/locale/te/LC_MESSAGES/gdk-pixbuf.mo
 share/locale/tg/
 share/locale/tg/LC_MESSAGES/
 share/locale/tg/LC_MESSAGES/gdk-pixbuf.mo
-share/locale/th/
-share/locale/th/LC_MESSAGES/
 share/locale/th/LC_MESSAGES/gdk-pixbuf.mo
 share/locale/tk/
 share/locale/tk/LC_MESSAGES/