summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlexandre Rostovtsev <tetromino@gentoo.org>2012-04-14 20:52:57 +0000
committerAlexandre Rostovtsev <tetromino@gentoo.org>2012-04-14 20:52:57 +0000
commit7aea6e927764475a2f3166f38b2d0ce7c4d3f936 (patch)
treeaea3231c6f0528a7a54d4a6145ff1b3750752f47 /x11-libs/gdk-pixbuf
parentmarked x86 per bug 411775 (diff)
downloadgentoo-2-7aea6e927764475a2f3166f38b2d0ce7c4d3f936.tar.gz
gentoo-2-7aea6e927764475a2f3166f38b2d0ce7c4d3f936.tar.bz2
gentoo-2-7aea6e927764475a2f3166f38b2d0ce7c4d3f936.zip
Fix integer overflow in xbm loader (bug #412033).
(Portage version: 2.2.0_alpha100/cvs/Linux x86_64)
Diffstat (limited to 'x11-libs/gdk-pixbuf')
-rw-r--r--x11-libs/gdk-pixbuf/ChangeLog10
-rw-r--r--x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.24.1-xbm-overflow.patch48
-rw-r--r--x11-libs/gdk-pixbuf/gdk-pixbuf-2.24.1-r1.ebuild94
-rw-r--r--x11-libs/gdk-pixbuf/gdk-pixbuf-2.26.1.ebuild (renamed from x11-libs/gdk-pixbuf/gdk-pixbuf-2.26.0.ebuild)2
4 files changed, 152 insertions, 2 deletions
diff --git a/x11-libs/gdk-pixbuf/ChangeLog b/x11-libs/gdk-pixbuf/ChangeLog
index 8e44a2f44e08..9cae7dcbd5a9 100644
--- a/x11-libs/gdk-pixbuf/ChangeLog
+++ b/x11-libs/gdk-pixbuf/ChangeLog
@@ -1,6 +1,14 @@
# ChangeLog for x11-libs/gdk-pixbuf
# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/x11-libs/gdk-pixbuf/ChangeLog,v 1.48 2012/04/12 17:04:23 tetromino Exp $
+# $Header: /var/cvsroot/gentoo-x86/x11-libs/gdk-pixbuf/ChangeLog,v 1.49 2012/04/14 20:52:57 tetromino Exp $
+
+*gdk-pixbuf-2.26.1 (14 Apr 2012)
+*gdk-pixbuf-2.24.1-r1 (14 Apr 2012)
+
+ 14 Apr 2012; Alexandre Rostovtsev <tetromino@gentoo.org>
+ +gdk-pixbuf-2.24.1-r1.ebuild, +files/gdk-pixbuf-2.24.1-xbm-overflow.patch,
+ -gdk-pixbuf-2.26.0.ebuild, +gdk-pixbuf-2.26.1.ebuild:
+ Fix integer overflow in xbm loader (bug #412033).
12 Apr 2012; Alexandre Rostovtsev <tetromino@gentoo.org>
gdk-pixbuf-2.26.0.ebuild:
diff --git a/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.24.1-xbm-overflow.patch b/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.24.1-xbm-overflow.patch
new file mode 100644
index 000000000000..66b15f70ce63
--- /dev/null
+++ b/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.24.1-xbm-overflow.patch
@@ -0,0 +1,48 @@
+From 4f0f465f991cd454d03189497f923eb40c170c22 Mon Sep 17 00:00:00 2001
+From: Matthias Clasen <mclasen@redhat.com>
+Date: Sat, 14 Apr 2012 14:21:09 -0400
+Subject: [PATCH] Avoid an integer overflow in the xbm loader
+
+At the same time, reject some silly input, such as negative
+width or height.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=672811
+---
+ gdk-pixbuf/io-xbm.c | 12 ++++++++++--
+ 1 files changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/gdk-pixbuf/io-xbm.c b/gdk-pixbuf/io-xbm.c
+index 46653b9..4f3e1e8 100644
+--- a/gdk-pixbuf/io-xbm.c
++++ b/gdk-pixbuf/io-xbm.c
+@@ -183,10 +183,16 @@ read_bitmap_file_data (FILE *fstream,
+ type++;
+ }
+
+- if (!strcmp ("width", type))
++ if (!strcmp ("width", type)) {
++ if (value <= 0)
++ RETURN (FALSE);
+ ww = (unsigned int) value;
+- if (!strcmp ("height", type))
++ }
++ if (!strcmp ("height", type)) {
++ if (value <= 0)
++ RETURN (FALSE);
+ hh = (unsigned int) value;
++ }
+ if (!strcmp ("hot", type)) {
+ if (type-- == name_and_type
+ || type-- == name_and_type)
+@@ -231,6 +237,8 @@ read_bitmap_file_data (FILE *fstream,
+ bytes_per_line = (ww+7)/8 + padding;
+
+ size = bytes_per_line * hh;
++ if (size / bytes_per_line != hh) /* overflow */
++ RETURN (FALSE);
+ bits = g_malloc (size);
+
+ if (version10p) {
+--
+1.7.8.5
+
diff --git a/x11-libs/gdk-pixbuf/gdk-pixbuf-2.24.1-r1.ebuild b/x11-libs/gdk-pixbuf/gdk-pixbuf-2.24.1-r1.ebuild
new file mode 100644
index 000000000000..174a429fe132
--- /dev/null
+++ b/x11-libs/gdk-pixbuf/gdk-pixbuf-2.24.1-r1.ebuild
@@ -0,0 +1,94 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/x11-libs/gdk-pixbuf/gdk-pixbuf-2.24.1-r1.ebuild,v 1.1 2012/04/14 20:52:57 tetromino Exp $
+
+EAPI="4"
+
+inherit eutils gnome.org multilib libtool autotools
+
+DESCRIPTION="Image loading library for GTK+"
+HOMEPAGE="http://www.gtk.org/"
+
+LICENSE="LGPL-2"
+SLOT="2"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86 ~x86-fbsd ~x86-freebsd ~x86-interix ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="+X debug doc +introspection jpeg jpeg2k tiff test"
+
+COMMON_DEPEND="
+ >=dev-libs/glib-2.27.2:2
+ >=media-libs/libpng-1.4:0
+ introspection? ( >=dev-libs/gobject-introspection-0.9.3 )
+ jpeg? ( virtual/jpeg )
+ jpeg2k? ( media-libs/jasper )
+ tiff? ( >=media-libs/tiff-3.9.2:0 )
+ X? ( x11-libs/libX11 )"
+DEPEND="${COMMON_DEPEND}
+ >=dev-util/pkgconfig-0.9
+ >=sys-apps/coreutils-8.5
+ >=sys-devel/gettext-0.17
+ >=dev-util/gtk-doc-am-1.11
+ doc? (
+ >=dev-util/gtk-doc-1.11
+ ~app-text/docbook-xml-dtd-4.1.2 )"
+# librsvg blocker is for the new pixbuf loader API, you lose icons otherwise
+RDEPEND="${COMMON_DEPEND}
+ !<gnome-base/gail-1000
+ !<gnome-base/librsvg-2.31.0
+ !<x11-libs/gtk+-2.21.3:2
+ !<x11-libs/gtk+-2.90.4:3"
+
+src_prepare() {
+ # This will avoid polluting the pkg-config file with versioned libpng,
+ # which is causing problems with libpng14 -> libpng15 upgrade
+ # See upstream bug #667068
+ sed -i -e 's:libpng15:libpng libpng15:' configure.ac || die
+ # Backport from 2.26.1, fixes xbm loader overflow
+ epatch "${FILESDIR}/${P}-xbm-overflow.patch"
+ eautoreconf
+}
+
+src_configure() {
+ # png always on to display icons (foser)
+ local myconf="
+ $(use_enable doc gtk-doc)
+ $(use_with jpeg libjpeg)
+ $(use_with jpeg2k libjasper)
+ $(use_with tiff libtiff)
+ $(use_enable introspection)
+ $(use_with X x11)
+ --with-libpng"
+
+ # Passing --disable-debug is not recommended for production use
+ use debug && myconf="${myconf} --enable-debug=yes"
+
+ econf ${myconf}
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+ dodoc AUTHORS NEWS* README*
+
+ # New library, remove .la files
+ find "${D}" -name '*.la' -exec rm -f '{}' + || die
+}
+
+pkg_postinst() {
+ # causes segfault if set, see bug 375615
+ unset __GL_NO_DSO_FINALIZER
+
+ tmp_file=$(mktemp --suffix=gdk_pixbuf_ebuild)
+ # be atomic!
+ gdk-pixbuf-query-loaders > "${tmp_file}"
+ if [ "${?}" = "0" ]; then
+ cat "${tmp_file}" > "${EROOT}usr/$(get_libdir)/gdk-pixbuf-2.0/2.10.0/loaders.cache"
+ else
+ ewarn "Cannot update loaders.cache, gdk-pixbuf-query-loaders failed to run"
+ fi
+ rm "${tmp_file}"
+
+ if [ -e "${EROOT}"usr/lib/gtk-2.0/2.*/loaders ]; then
+ elog "You need to rebuild ebuilds that installed into" "${EROOT}"usr/lib/gtk-2.0/2.*/loaders
+ elog "to do that you can use qfile from portage-utils:"
+ elog "emerge -va1 \$(qfile -qC ${EPREFIX}/usr/lib/gtk-2.0/2.*/loaders)"
+ fi
+}
diff --git a/x11-libs/gdk-pixbuf/gdk-pixbuf-2.26.0.ebuild b/x11-libs/gdk-pixbuf/gdk-pixbuf-2.26.1.ebuild
index 1eea78fcbb23..0449e17340b5 100644
--- a/x11-libs/gdk-pixbuf/gdk-pixbuf-2.26.0.ebuild
+++ b/x11-libs/gdk-pixbuf/gdk-pixbuf-2.26.1.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/x11-libs/gdk-pixbuf/gdk-pixbuf-2.26.0.ebuild,v 1.3 2012/04/12 17:04:23 tetromino Exp $
+# $Header: /var/cvsroot/gentoo-x86/x11-libs/gdk-pixbuf/gdk-pixbuf-2.26.1.ebuild,v 1.1 2012/04/14 20:52:57 tetromino Exp $
EAPI="4"