add a patch from upstream CVS to fix buffer overflow (CVE-2008-0544),

bump PKGREVISION

graphics/SDL_image/Makefile

@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.28 2007/07/25 23:53:58 wiz Exp $
+# $NetBSD: Makefile,v 1.29 2008/02/08 12:33:31 drochner Exp $
 
 DISTNAME=	SDL_image-1.2.6
+PKGREVISION=	1
 CATEGORIES=	graphics devel
 MASTER_SITES=	http://www.libsdl.org/projects/SDL_image/release/
 

graphics/SDL_image/distinfo

@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.6 2007/07/25 23:53:58 wiz Exp $
+$NetBSD: distinfo,v 1.7 2008/02/08 12:33:31 drochner Exp $
 
 SHA1 (SDL_image-1.2.6.tar.gz) = 5045df31e4db29d8890110fd18024c9d08efca30
 RMD160 (SDL_image-1.2.6.tar.gz) = 8aea5f07216eb887f599c0908f8ea2c2f9eeac93
 Size (SDL_image-1.2.6.tar.gz) = 1308812 bytes
+SHA1 (patch-aa) = eb852fd3c7218fe257ca40a6e90c81ec13dcaeb1

graphics/SDL_image/patches/patch-aa

@@ -0,0 +1,30 @@
+$NetBSD: patch-aa,v 1.1 2008/02/08 12:33:31 drochner Exp $
+
+--- IMG_lbm.c.orig	2007-07-20 06:36:32.000000000 +0200
++++ IMG_lbm.c
+@@ -28,6 +28,7 @@
+    EHB and HAM (specific Amiga graphic chip modes) support added by Marc Le Douarain
+    (http://www.multimania.com/mavati) in December 2003.
+    Stencil and colorkey fixes by David Raulo (david.raulo AT free DOT fr) in February 2004.
++   Buffer overflow fix in RLE decompression by David Raulo in January 2008.
+ */
+ 
+ #include <stdio.h>
+@@ -328,7 +329,7 @@ SDL_Surface *IMG_LoadLBM_RW( SDL_RWops *
+ 						count ^= 0xFF;
+ 						count += 2; /* now it */
+ 
+-						if ( !SDL_RWread( src, &color, 1, 1 ) )
++						if ( ( count > remainingbytes ) || !SDL_RWread( src, &color, 1, 1 ) )
+ 						{
+ 						   error="error reading BODY chunk";
+ 							goto done;
+@@ -339,7 +340,7 @@ SDL_Surface *IMG_LoadLBM_RW( SDL_RWops *
+ 					{
+ 						++count;
+ 
+-						if ( !SDL_RWread( src, ptr, count, 1 ) )
++						if ( ( count > remainingbytes ) || !SDL_RWread( src, ptr, count, 1 ) )
+ 						{
+ 						   error="error reading BODY chunk";
+ 							goto done;