From f638292b7198d4d442e37251950c8a7b873064e1 Mon Sep 17 00:00:00 2001
From: jasper <jasper@openbsd.org>
Date: Thu, 15 Sep 2011 15:36:54 +0000
Subject: [PATCH]   Security fix for CVE-2011-2896,     SWI-Prolog XPCE
 Component "LZWReadByte()" Buffer Overflow Vulnerability

---
 lang/swi-prolog/Makefile                      |  4 +-
 .../patch-packages_xpce_src_img_gifread_c     | 48 +++++++++++++++++++
 2 files changed, 50 insertions(+), 2 deletions(-)
 create mode 100644 lang/swi-prolog/patches/patch-packages_xpce_src_img_gifread_c

diff --git a/lang/swi-prolog/Makefile b/lang/swi-prolog/Makefile
index 2e64c81a14e..3ba45f6e6bd 100644
--- a/lang/swi-prolog/Makefile
+++ b/lang/swi-prolog/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.36 2011/08/18 10:51:08 edd Exp $
+# $OpenBSD: Makefile,v 1.37 2011/09/15 15:36:54 jasper Exp $
 
 COMMENT =		Prolog for the real world
 
@@ -6,7 +6,7 @@ V =			5.10.4
 XV =			6.6.66
 DISTNAME =		pl-$V
 PKGNAME =		swi-prolog-$V
-REVISION =		3
+REVISION =		4
 CATEGORIES =		lang
 
 SHARED_LIBS =		pl	3.0
diff --git a/lang/swi-prolog/patches/patch-packages_xpce_src_img_gifread_c b/lang/swi-prolog/patches/patch-packages_xpce_src_img_gifread_c
new file mode 100644
index 00000000000..4f077d769e4
--- /dev/null
+++ b/lang/swi-prolog/patches/patch-packages_xpce_src_img_gifread_c
@@ -0,0 +1,48 @@
+$OpenBSD: patch-packages_xpce_src_img_gifread_c,v 1.1 2011/09/15 15:36:54 jasper Exp $
+
+From bb328029beb148691edc031d9db9cf0a503c8247 Mon Sep 17 00:00:00 2001
+From: Jan Wielemaker <J.Wielemaker@cs.vu.nl>
+Date: Thu, 18 Aug 2011 11:46:53 +0200
+Subject: [PATCH] SECURITY: Bug#7 Gif-reader bufferoverflow.  Petr Pisar.
+
+From 30fbc4e030cbef5871e1b96c31458116ce3e2ee8 Mon Sep 17 00:00:00 2001
+From: Jan Wielemaker <J.Wielemaker@cs.vu.nl>
+Date: Thu, 18 Aug 2011 16:26:44 +0200
+Subject: [PATCH] SECURITY: Bug#7: More gif-read fixes.
+
+--- packages/xpce/src/img/gifread.c.orig	Wed Sep 14 21:46:22 2011
++++ packages/xpce/src/img/gifread.c	Wed Sep 14 21:46:43 2011
+@@ -466,7 +466,7 @@ LZWReadByte(IOSTREAM * fd, int flag, int input_code_si
+       firstcode = oldcode = GetCode(fd, code_size, FALSE);
+     }
+     while (firstcode == clear_code);
+-    return firstcode;
++    return (firstcode&255);
+   }
+   if (sp > stack)
+     return *--sp;
+@@ -505,11 +505,11 @@ LZWReadByte(IOSTREAM * fd, int flag, int input_code_si
+     incode = code;
+ 
+     if (code == max_code)
+-    {
+-      *sp++ = firstcode;
++    { if ( sp < stack+sizeof(stack) )	/* stack is UCHAR */
++	*sp++ = firstcode;
+       code = oldcode;
+     }
+-    while (code >= clear_code)
++    while (code >= clear_code && sp < stack+sizeof(stack) )
+     {
+       *sp++ = vals[code];
+       if (code == (int) next[code])
+@@ -520,7 +520,8 @@ LZWReadByte(IOSTREAM * fd, int flag, int input_code_si
+       code = next[code];
+     }
+ 
+-    *sp++ = firstcode = vals[code];
++    if ( sp < stack+sizeof(stack) )
++      *sp++ = firstcode = vals[code];
+ 
+     if ((code = max_code) < (1 << MAX_LZW_BITS))
+     {