UPDATE: graphics/xzgv (security patch)

[Julian Leyh]

Hi there,

I have missed this security patch for a long time..

"suitably-constructed images can be made to run arbitrary commands (as
the user) when viewed with xzgv."

Updated:
 * apply security patch
 * correct my email address (old one is still working, but I don't now
   for how long)

Please test, comment, and commit.

Tested it on i386. No issues (there weren't any before and I don't know
suitably-constructed image to test it).

Regards,
Julian

diff -ur /usr/ports/graphics/xzgv/Makefile graphics/xzgv/Makefile
--- /usr/ports/graphics/xzgv/Makefile   Sat Mar 24 12:00:43 2007
+++ graphics/xzgv/Makefile      Mon Jul 16 19:55:44 2007
@@ -2,13 +2,16 @@
 
 COMMENT=       "picture viewer for X, with thumbnail-based file selector"
 DISTNAME=      xzgv-0.8
-PKGNAME=       ${DISTNAME}p0
+PKGNAME=       ${DISTNAME}p1
 CATEGORIES=    graphics
 
 HOMEPAGE=      http://rus.members.beeb.net/xzgv.html
 
-MAINTAINER=    Julian Leyh <[EMAIL PROTECTED]>
+MAINTAINER=    Julian Leyh <[EMAIL PROTECTED]>
 
+PATCHFILES=    xzgv-0.8-integer-overflow-fix.diff:0
+PATCH_DIST_STRIP=      -p1
+
 # GPL
 PERMIT_PACKAGE_CDROM=  Yes
 PERMIT_PACKAGE_FTP=    Yes
@@ -16,6 +19,7 @@
 PERMIT_DISTFILES_FTP=  Yes
 
 MASTER_SITES=  ftp://ftp.ibiblio.org/pub/Linux/apps/graphics/viewers/X/
+MASTER_SITES0= http://rus.members.beeb.net/
 
 MODULES=       devel/gettext
 
diff -ur /usr/ports/graphics/xzgv/distinfo graphics/xzgv/distinfo
--- /usr/ports/graphics/xzgv/distinfo   Sat Apr  7 17:21:23 2007
+++ graphics/xzgv/distinfo      Mon Jul 16 19:50:40 2007
@@ -1,5 +1,10 @@
+MD5 (xzgv-0.8-integer-overflow-fix.diff) = lJXoIweUXAhZmgvZ/8L09g==
 MD5 (xzgv-0.8.tar.gz) = 45InfxRHB2QC3y49nngssg==
+RMD160 (xzgv-0.8-integer-overflow-fix.diff) = vXXIfPbyDk+idXr+RyER4iU8tkA=
 RMD160 (xzgv-0.8.tar.gz) = 42RmpzwnYWYQ/QMrOpKJjZWlWhc=
+SHA1 (xzgv-0.8-integer-overflow-fix.diff) = sY39qv4pXixCdk9ZeEtrYgG0ieo=
 SHA1 (xzgv-0.8.tar.gz) = GqITNuJWKEnm9fmEy7/LdFSJ3zs=
+SHA256 (xzgv-0.8-integer-overflow-fix.diff) = 
yKAeI0zAzjoLnxuZ03gb4OrsZcKE3DdSpoy5KaHa9x8=
 SHA256 (xzgv-0.8.tar.gz) = T2JHZl38Pk03b0Vzebnkx3wqhIZZ/ysN1Td8CqCeWIQ=
+SIZE (xzgv-0.8-integer-overflow-fix.diff) = 6374
 SIZE (xzgv-0.8.tar.gz) = 302801