diff options
author | Sebastian Pipping <sping@gentoo.org> | 2012-09-22 21:44:00 +0000 |
---|---|---|
committer | Sebastian Pipping <sping@gentoo.org> | 2012-09-22 21:44:00 +0000 |
commit | 878eb84aca32f583bbefaa397207b53fffd64ad1 (patch) | |
tree | fc1805e12e4f81d47c8adfa7bdfbfe1a97ed90be /media-gfx | |
parent | Remove old (diff) | |
download | gentoo-2-878eb84aca32f583bbefaa397207b53fffd64ad1.tar.gz gentoo-2-878eb84aca32f583bbefaa397207b53fffd64ad1.tar.bz2 gentoo-2-878eb84aca32f583bbefaa397207b53fffd64ad1.zip |
media-gfx/gimp: Fix CVE-2012-3236 (bug #428708)
(Portage version: 2.1.10.65/cvs/Linux x86_64)
Diffstat (limited to 'media-gfx')
-rw-r--r-- | media-gfx/gimp/ChangeLog | 8 | ||||
-rw-r--r-- | media-gfx/gimp/files/gimp-2.6.12-CVE-2012-3236.patch | 39 | ||||
-rw-r--r-- | media-gfx/gimp/gimp-2.6.12-r5.ebuild | 169 |
3 files changed, 215 insertions, 1 deletions
diff --git a/media-gfx/gimp/ChangeLog b/media-gfx/gimp/ChangeLog index 5d3c4be465b2..35ec9e0593f7 100644 --- a/media-gfx/gimp/ChangeLog +++ b/media-gfx/gimp/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for media-gfx/gimp # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/media-gfx/gimp/ChangeLog,v 1.388 2012/09/22 21:21:59 sping Exp $ +# $Header: /var/cvsroot/gentoo-x86/media-gfx/gimp/ChangeLog,v 1.389 2012/09/22 21:44:00 sping Exp $ + +*gimp-2.6.12-r5 (22 Sep 2012) + + 22 Sep 2012; Sebastian Pipping <sping@gentoo.org> +gimp-2.6.12-r5.ebuild, + +files/gimp-2.6.12-CVE-2012-3236.patch: + Apply upstream patch for CVE-2012-3236 (bug #428708) 22 Sep 2012; Sebastian Pipping <sping@gentoo.org> -gimp-2.6.11-r5.ebuild, -gimp-2.6.11-r6.ebuild, -gimp-2.7.3.ebuild, -gimp-2.7.3-r1.ebuild, diff --git a/media-gfx/gimp/files/gimp-2.6.12-CVE-2012-3236.patch b/media-gfx/gimp/files/gimp-2.6.12-CVE-2012-3236.patch new file mode 100644 index 000000000000..e4d3a9f96fb4 --- /dev/null +++ b/media-gfx/gimp/files/gimp-2.6.12-CVE-2012-3236.patch @@ -0,0 +1,39 @@ +From ace45631595e8781a1420842582d67160097163c Mon Sep 17 00:00:00 2001 +From: Michael Natterer <mitch@gimp.org> +Date: Wed, 06 Jun 2012 19:21:10 +0000 +Subject: Bug 676804 - file handling DoS for fit file format + +Apply patch from joe@reactionis.co.uk which fixes a buffer overflow on +broken/malicious fits files. +--- +(limited to 'plug-ins/file-fits/fits-io.c') + +diff --git a/plug-ins/file-fits/fits-io.c b/plug-ins/file-fits/fits-io.c +index 03d9652..ed77318 100644 +--- a/plug-ins/file-fits/fits-io.c ++++ b/plug-ins/file-fits/fits-io.c +@@ -1054,10 +1054,18 @@ static FITS_HDU_LIST *fits_decode_header (FITS_RECORD_LIST *hdr, + hdulist->used.simple = (strncmp (hdr->data, "SIMPLE ", 8) == 0); + hdulist->used.xtension = (strncmp (hdr->data, "XTENSION", 8) == 0); + if (hdulist->used.xtension) +- { +- fdat = fits_decode_card (fits_search_card (hdr, "XTENSION"), typ_fstring); +- strcpy (hdulist->xtension, fdat->fstring); +- } ++ { ++ fdat = fits_decode_card (fits_search_card (hdr, "XTENSION"), typ_fstring); ++ if (fdat != NULL) ++ { ++ strcpy (hdulist->xtension, fdat->fstring); ++ } ++ else ++ { ++ strcpy (errmsg, "No valid XTENSION header found."); ++ goto err_return; ++ } ++ } + + FITS_DECODE_CARD (hdr, "NAXIS", fdat, typ_flong); + hdulist->naxis = fdat->flong; +-- +cgit v0.9.0.2 diff --git a/media-gfx/gimp/gimp-2.6.12-r5.ebuild b/media-gfx/gimp/gimp-2.6.12-r5.ebuild new file mode 100644 index 000000000000..ff62e0429fb8 --- /dev/null +++ b/media-gfx/gimp/gimp-2.6.12-r5.ebuild @@ -0,0 +1,169 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/media-gfx/gimp/gimp-2.6.12-r5.ebuild,v 1.1 2012/09/22 21:44:00 sping Exp $ + +EAPI="3" + +PYTHON_DEPEND="python? 2:2.5" + +inherit eutils gnome2 fdo-mime multilib python + +DESCRIPTION="GNU Image Manipulation Program" +HOMEPAGE="http://www.gimp.org/" +SRC_URI=" + http://dev.gentoo.org/~jlec/distfiles/${PN}-2.6.11-underlinking.patch.xz + mirror://gimp/v2.6/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="2" +KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86" + +LANGS="am ar ast az be bg ca ca@valencia cs da de dz el en_CA en_GB eo es et eu fa fi fr ga gl gu he hi hr hu id is it ja ka kk km kn ko lt lv mk ml mr ms my nb nds ne nl nn oc or pa pl pt pt_BR ro ru rw si sk sl sr sr@latin sv ta th tr tt uk vi xh yi zh_CN zh_HK zh_TW" +IUSE="alsa aalib altivec curl dbus debug doc exif gnome jpeg lcms mmx mng pdf png python smp sse svg tiff webkit wmf" + +for lang in ${LANGS}; do + IUSE+=" linguas_${lang}" +done + +RDEPEND=" + >=dev-libs/glib-2.18.1:2 + dev-libs/libxml2 + dev-libs/libxslt + >=media-libs/fontconfig-2.2.0 + >=media-libs/freetype-2.1.7 + >=media-libs/gegl-0.0.22 <media-libs/gegl-0.2 + >=x11-libs/gtk+-2.12.5:2 + x11-libs/libXpm + >=x11-libs/pango-1.18.0 + sys-libs/zlib + x11-themes/hicolor-icon-theme + aalib? ( media-libs/aalib ) + alsa? ( media-libs/alsa-lib ) + curl? ( net-misc/curl ) + dbus? ( dev-libs/dbus-glib ) + exif? ( >=media-libs/libexif-0.6.15 ) + gnome? ( gnome-base/gvfs ) + jpeg? ( virtual/jpeg:0 ) + lcms? ( =media-libs/lcms-1* ) + mng? ( media-libs/libmng ) + pdf? ( >=app-text/poppler-0.12.3-r3[cairo] ) + png? ( >=media-libs/libpng-1.2.2:0 ) + python? ( >=dev-python/pygtk-2.10.4:2 ) + svg? ( >=gnome-base/librsvg-2.8.0:2 ) + tiff? ( >=media-libs/tiff-3.5.7:0 ) + webkit? ( net-libs/webkit-gtk:2 ) + wmf? ( >=media-libs/libwmf-0.2.8 )" +DEPEND="${RDEPEND} + >=dev-util/intltool-0.40 + virtual/pkgconfig + >=sys-devel/gettext-0.17 + doc? ( >=dev-util/gtk-doc-1 )" + +DOCS="AUTHORS ChangeLog* HACKING NEWS README*" + +pkg_setup() { + G2CONF="--enable-default-binary \ + --with-x \ + $(use_with aalib aa) \ + $(use_with alsa) \ + $(use_enable altivec) \ + $(use_with curl libcurl) \ + $(use_with dbus) \ + --without-hal \ + $(use_with gnome gvfs) \ + --without-gnomevfs \ + $(use_with webkit) \ + $(use_with jpeg libjpeg) \ + $(use_with exif libexif) \ + $(use_with lcms) \ + $(use_enable mmx) \ + $(use_with mng libmng) \ + $(use_with pdf poppler) \ + $(use_with png libpng) \ + $(use_enable python) \ + $(use_enable smp mp) \ + $(use_enable sse) \ + $(use_with svg librsvg) \ + $(use_with tiff libtiff) \ + $(use_with wmf)" + + if use python; then + python_set_active_version 2 + python_pkg_setup + fi +} + +src_prepare() { + # don't use empty, removed header + # https://bugs.gentoo.org/show_bug.cgi?id=377075 + epatch "${FILESDIR}"/gimp-curl-headers.diff + + # apply file-uri patch by upstream + # https://bugs.gentoo.org/show_bug.cgi?id=372941 + # https://bugzilla.gnome.org/show_bug.cgi?id=653980#c6 + epatch "${FILESDIR}"/${PN}-2.6.11-file-uri.patch + + # fix test suite + # https://bugs.gentoo.org/show_bug.cgi?id=406625 + epatch "${FILESDIR}"/${P}-potfiles-skip.patch + + # buffer overflow patch backport + # https://bugs.gentoo.org/show_bug.cgi?id=418425 + epatch "${FILESDIR}"/${P}-CVE-2012-2763.patch + + # CEL and GIF plug-ins: Heap-based buffer overflows (CVE-2012-{3403,3481}) + # https://bugs.gentoo.org/show_bug.cgi?id=434580 + # Patches from Fedora <http://pkgs.fedoraproject.org/cgit/gimp.git/tree/?h=f16> + epatch "${FILESDIR}"/${P}-CVE-2012-3403.patch + epatch "${FILESDIR}"/${P}-CVE-2012-3481.patch + + # DoS via .fit files (CVE-2012-3236) + # https://bugs.gentoo.org/show_bug.cgi?id=428708 + # https://bugzilla.gnome.org/show_bug.cgi?id=676804 + epatch "${FILESDIR}"/${P}-CVE-2012-3236.patch + + echo '#!/bin/sh' > py-compile + gnome2_src_prepare +} + +_clean_up_locales() { + elog "Cleaning up locales..." + for lang in ${LANGS}; do + use "linguas_${lang}" && { + elog "- keeping ${lang}" + continue + } + rm -Rf "${D}"/usr/share/locale/"${lang}" || die + done +} + +src_install() { + gnome2_src_install + + if use python; then + python_convert_shebangs -r $(python_get_version) "${ED}" + python_need_rebuild + fi + + # Workaround for bug #321111 to give GIMP the least + # precedence on PDF documents by default + mv "${D}"/usr/share/applications/{,zzz-}gimp.desktop || die + + find "${D}" -name '*.la' -delete || die + + _clean_up_locales +} + +pkg_postinst() { + gnome2_pkg_postinst + + use python && python_mod_optimize /usr/$(get_libdir)/gimp/2.0/python \ + /usr/$(get_libdir)/gimp/2.0/plug-ins +} + +pkg_postrm() { + gnome2_pkg_postrm + + use python && python_mod_cleanup /usr/$(get_libdir)/gimp/2.0/python \ + /usr/$(get_libdir)/gimp/2.0/plug-ins +} |