diff options
author | Alexandre Rostovtsev <tetromino@gentoo.org> | 2012-04-14 20:52:57 +0000 |
---|---|---|
committer | Alexandre Rostovtsev <tetromino@gentoo.org> | 2012-04-14 20:52:57 +0000 |
commit | 7aea6e927764475a2f3166f38b2d0ce7c4d3f936 (patch) | |
tree | aea3231c6f0528a7a54d4a6145ff1b3750752f47 /x11-libs/gdk-pixbuf | |
parent | marked x86 per bug 411775 (diff) | |
download | gentoo-2-7aea6e927764475a2f3166f38b2d0ce7c4d3f936.tar.gz gentoo-2-7aea6e927764475a2f3166f38b2d0ce7c4d3f936.tar.bz2 gentoo-2-7aea6e927764475a2f3166f38b2d0ce7c4d3f936.zip |
Fix integer overflow in xbm loader (bug #412033).
(Portage version: 2.2.0_alpha100/cvs/Linux x86_64)
Diffstat (limited to 'x11-libs/gdk-pixbuf')
-rw-r--r-- | x11-libs/gdk-pixbuf/ChangeLog | 10 | ||||
-rw-r--r-- | x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.24.1-xbm-overflow.patch | 48 | ||||
-rw-r--r-- | x11-libs/gdk-pixbuf/gdk-pixbuf-2.24.1-r1.ebuild | 94 | ||||
-rw-r--r-- | x11-libs/gdk-pixbuf/gdk-pixbuf-2.26.1.ebuild (renamed from x11-libs/gdk-pixbuf/gdk-pixbuf-2.26.0.ebuild) | 2 |
4 files changed, 152 insertions, 2 deletions
diff --git a/x11-libs/gdk-pixbuf/ChangeLog b/x11-libs/gdk-pixbuf/ChangeLog index 8e44a2f44e08..9cae7dcbd5a9 100644 --- a/x11-libs/gdk-pixbuf/ChangeLog +++ b/x11-libs/gdk-pixbuf/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for x11-libs/gdk-pixbuf # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/x11-libs/gdk-pixbuf/ChangeLog,v 1.48 2012/04/12 17:04:23 tetromino Exp $ +# $Header: /var/cvsroot/gentoo-x86/x11-libs/gdk-pixbuf/ChangeLog,v 1.49 2012/04/14 20:52:57 tetromino Exp $ + +*gdk-pixbuf-2.26.1 (14 Apr 2012) +*gdk-pixbuf-2.24.1-r1 (14 Apr 2012) + + 14 Apr 2012; Alexandre Rostovtsev <tetromino@gentoo.org> + +gdk-pixbuf-2.24.1-r1.ebuild, +files/gdk-pixbuf-2.24.1-xbm-overflow.patch, + -gdk-pixbuf-2.26.0.ebuild, +gdk-pixbuf-2.26.1.ebuild: + Fix integer overflow in xbm loader (bug #412033). 12 Apr 2012; Alexandre Rostovtsev <tetromino@gentoo.org> gdk-pixbuf-2.26.0.ebuild: diff --git a/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.24.1-xbm-overflow.patch b/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.24.1-xbm-overflow.patch new file mode 100644 index 000000000000..66b15f70ce63 --- /dev/null +++ b/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.24.1-xbm-overflow.patch @@ -0,0 +1,48 @@ +From 4f0f465f991cd454d03189497f923eb40c170c22 Mon Sep 17 00:00:00 2001 +From: Matthias Clasen <mclasen@redhat.com> +Date: Sat, 14 Apr 2012 14:21:09 -0400 +Subject: [PATCH] Avoid an integer overflow in the xbm loader + +At the same time, reject some silly input, such as negative +width or height. + +https://bugzilla.gnome.org/show_bug.cgi?id=672811 +--- + gdk-pixbuf/io-xbm.c | 12 ++++++++++-- + 1 files changed, 10 insertions(+), 2 deletions(-) + +diff --git a/gdk-pixbuf/io-xbm.c b/gdk-pixbuf/io-xbm.c +index 46653b9..4f3e1e8 100644 +--- a/gdk-pixbuf/io-xbm.c ++++ b/gdk-pixbuf/io-xbm.c +@@ -183,10 +183,16 @@ read_bitmap_file_data (FILE *fstream, + type++; + } + +- if (!strcmp ("width", type)) ++ if (!strcmp ("width", type)) { ++ if (value <= 0) ++ RETURN (FALSE); + ww = (unsigned int) value; +- if (!strcmp ("height", type)) ++ } ++ if (!strcmp ("height", type)) { ++ if (value <= 0) ++ RETURN (FALSE); + hh = (unsigned int) value; ++ } + if (!strcmp ("hot", type)) { + if (type-- == name_and_type + || type-- == name_and_type) +@@ -231,6 +237,8 @@ read_bitmap_file_data (FILE *fstream, + bytes_per_line = (ww+7)/8 + padding; + + size = bytes_per_line * hh; ++ if (size / bytes_per_line != hh) /* overflow */ ++ RETURN (FALSE); + bits = g_malloc (size); + + if (version10p) { +-- +1.7.8.5 + diff --git a/x11-libs/gdk-pixbuf/gdk-pixbuf-2.24.1-r1.ebuild b/x11-libs/gdk-pixbuf/gdk-pixbuf-2.24.1-r1.ebuild new file mode 100644 index 000000000000..174a429fe132 --- /dev/null +++ b/x11-libs/gdk-pixbuf/gdk-pixbuf-2.24.1-r1.ebuild @@ -0,0 +1,94 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/x11-libs/gdk-pixbuf/gdk-pixbuf-2.24.1-r1.ebuild,v 1.1 2012/04/14 20:52:57 tetromino Exp $ + +EAPI="4" + +inherit eutils gnome.org multilib libtool autotools + +DESCRIPTION="Image loading library for GTK+" +HOMEPAGE="http://www.gtk.org/" + +LICENSE="LGPL-2" +SLOT="2" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86 ~x86-fbsd ~x86-freebsd ~x86-interix ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="+X debug doc +introspection jpeg jpeg2k tiff test" + +COMMON_DEPEND=" + >=dev-libs/glib-2.27.2:2 + >=media-libs/libpng-1.4:0 + introspection? ( >=dev-libs/gobject-introspection-0.9.3 ) + jpeg? ( virtual/jpeg ) + jpeg2k? ( media-libs/jasper ) + tiff? ( >=media-libs/tiff-3.9.2:0 ) + X? ( x11-libs/libX11 )" +DEPEND="${COMMON_DEPEND} + >=dev-util/pkgconfig-0.9 + >=sys-apps/coreutils-8.5 + >=sys-devel/gettext-0.17 + >=dev-util/gtk-doc-am-1.11 + doc? ( + >=dev-util/gtk-doc-1.11 + ~app-text/docbook-xml-dtd-4.1.2 )" +# librsvg blocker is for the new pixbuf loader API, you lose icons otherwise +RDEPEND="${COMMON_DEPEND} + !<gnome-base/gail-1000 + !<gnome-base/librsvg-2.31.0 + !<x11-libs/gtk+-2.21.3:2 + !<x11-libs/gtk+-2.90.4:3" + +src_prepare() { + # This will avoid polluting the pkg-config file with versioned libpng, + # which is causing problems with libpng14 -> libpng15 upgrade + # See upstream bug #667068 + sed -i -e 's:libpng15:libpng libpng15:' configure.ac || die + # Backport from 2.26.1, fixes xbm loader overflow + epatch "${FILESDIR}/${P}-xbm-overflow.patch" + eautoreconf +} + +src_configure() { + # png always on to display icons (foser) + local myconf=" + $(use_enable doc gtk-doc) + $(use_with jpeg libjpeg) + $(use_with jpeg2k libjasper) + $(use_with tiff libtiff) + $(use_enable introspection) + $(use_with X x11) + --with-libpng" + + # Passing --disable-debug is not recommended for production use + use debug && myconf="${myconf} --enable-debug=yes" + + econf ${myconf} +} + +src_install() { + emake DESTDIR="${D}" install + dodoc AUTHORS NEWS* README* + + # New library, remove .la files + find "${D}" -name '*.la' -exec rm -f '{}' + || die +} + +pkg_postinst() { + # causes segfault if set, see bug 375615 + unset __GL_NO_DSO_FINALIZER + + tmp_file=$(mktemp --suffix=gdk_pixbuf_ebuild) + # be atomic! + gdk-pixbuf-query-loaders > "${tmp_file}" + if [ "${?}" = "0" ]; then + cat "${tmp_file}" > "${EROOT}usr/$(get_libdir)/gdk-pixbuf-2.0/2.10.0/loaders.cache" + else + ewarn "Cannot update loaders.cache, gdk-pixbuf-query-loaders failed to run" + fi + rm "${tmp_file}" + + if [ -e "${EROOT}"usr/lib/gtk-2.0/2.*/loaders ]; then + elog "You need to rebuild ebuilds that installed into" "${EROOT}"usr/lib/gtk-2.0/2.*/loaders + elog "to do that you can use qfile from portage-utils:" + elog "emerge -va1 \$(qfile -qC ${EPREFIX}/usr/lib/gtk-2.0/2.*/loaders)" + fi +} diff --git a/x11-libs/gdk-pixbuf/gdk-pixbuf-2.26.0.ebuild b/x11-libs/gdk-pixbuf/gdk-pixbuf-2.26.1.ebuild index 1eea78fcbb23..0449e17340b5 100644 --- a/x11-libs/gdk-pixbuf/gdk-pixbuf-2.26.0.ebuild +++ b/x11-libs/gdk-pixbuf/gdk-pixbuf-2.26.1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2012 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/x11-libs/gdk-pixbuf/gdk-pixbuf-2.26.0.ebuild,v 1.3 2012/04/12 17:04:23 tetromino Exp $ +# $Header: /var/cvsroot/gentoo-x86/x11-libs/gdk-pixbuf/gdk-pixbuf-2.26.1.ebuild,v 1.1 2012/04/14 20:52:57 tetromino Exp $ EAPI="4" |