diff options
author | Pacho Ramos <pacho@gentoo.org> | 2011-07-04 11:39:50 +0000 |
---|---|---|
committer | Pacho Ramos <pacho@gentoo.org> | 2011-07-04 11:39:50 +0000 |
commit | 2a219b54b2d8ad6c28aeaead8d5f3ebb2e1715b5 (patch) | |
tree | fbd6da8c3b90e6cb5a119920a1d51c55444a0f2d /x11-libs | |
parent | Pass Python ABI patterns list to _python_check_python_abi_matching() to (diff) | |
download | gentoo-2-2a219b54b2d8ad6c28aeaead8d5f3ebb2e1715b5.tar.gz gentoo-2-2a219b54b2d8ad6c28aeaead8d5f3ebb2e1715b5.tar.bz2 gentoo-2-2a219b54b2d8ad6c28aeaead8d5f3ebb2e1715b5.zip |
GIF: Don't return a partially initialized pixbuf structure, fix security bug #373999 by Tim Sammut.
(Portage version: 2.1.10.3/cvs/Linux x86_64)
Diffstat (limited to 'x11-libs')
-rw-r--r-- | x11-libs/gdk-pixbuf/ChangeLog | 9 | ||||
-rw-r--r-- | x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.22.1-CVE-2011-2485.patch | 56 | ||||
-rw-r--r-- | x11-libs/gdk-pixbuf/gdk-pixbuf-2.22.1-r2.ebuild | 87 |
3 files changed, 151 insertions, 1 deletions
diff --git a/x11-libs/gdk-pixbuf/ChangeLog b/x11-libs/gdk-pixbuf/ChangeLog index 10c98536769a..3f02c6ba745b 100644 --- a/x11-libs/gdk-pixbuf/ChangeLog +++ b/x11-libs/gdk-pixbuf/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for x11-libs/gdk-pixbuf # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/x11-libs/gdk-pixbuf/ChangeLog,v 1.20 2011/06/29 14:59:58 angelos Exp $ +# $Header: /var/cvsroot/gentoo-x86/x11-libs/gdk-pixbuf/ChangeLog,v 1.21 2011/07/04 11:39:50 pacho Exp $ + +*gdk-pixbuf-2.22.1-r2 (04 Jul 2011) + + 04 Jul 2011; Pacho Ramos <pacho@gentoo.org> +gdk-pixbuf-2.22.1-r2.ebuild, + +files/gdk-pixbuf-2.22.1-CVE-2011-2485.patch: + GIF: Don't return a partially initialized pixbuf structure, fix security bug + #373999 by Tim Sammut. 29 Jun 2011; Christoph Mende <angelos@gentoo.org> gdk-pixbuf-2.22.1-r1.ebuild: diff --git a/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.22.1-CVE-2011-2485.patch b/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.22.1-CVE-2011-2485.patch new file mode 100644 index 000000000000..6c5e93348faf --- /dev/null +++ b/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.22.1-CVE-2011-2485.patch @@ -0,0 +1,56 @@ +From f8569bb13e2aa1584dde61ca545144750f7a7c98 Mon Sep 17 00:00:00 2001 +From: Matthias Clasen <mclasen@redhat.com> +Date: Fri, 24 Jun 2011 05:09:35 +0000 +Subject: GIF: Don't return a partially initialized pixbuf structure + +It was found that gdk-pixbuf GIF image loader gdk_pixbuf__gif_image_load() +routine did not properly handle certain return values from their subroutines. +A remote attacker could provide a specially-crafted GIF image, which once +opened in an application, linked against gdk-pixbuf would lead to gdk-pixbuf +to return partially initialized pixbuf structure, possibly having huge +width and height, leading to that particular application termination due +excessive memory use. + +The CVE identifier of CVE-2011-2485 has been assigned to this issue. +--- +diff --git a/gdk-pixbuf/io-gif.c b/gdk-pixbuf/io-gif.c +index 0b370ee..8a1fa3e 100644 +--- a/gdk-pixbuf/io-gif.c ++++ b/gdk-pixbuf/io-gif.c +@@ -1455,6 +1455,7 @@ gdk_pixbuf__gif_image_load (FILE *file, GError **error) + { + GifContext *context; + GdkPixbuf *pixbuf; ++ gint retval; + + g_return_val_if_fail (file != NULL, NULL); + +@@ -1472,19 +1473,25 @@ gdk_pixbuf__gif_image_load (FILE *file, GError **error) + context->error = error; + context->stop_after_first_frame = TRUE; + +- if (gif_main_loop (context) == -1 || context->animation->frames == NULL) { ++ retval = gif_main_loop (context); ++ if (retval == -1 || context->animation->frames == NULL) { + if (context->error && *(context->error) == NULL) + g_set_error_literal (context->error, + GDK_PIXBUF_ERROR, + GDK_PIXBUF_ERROR_CORRUPT_IMAGE, + _("GIF file was missing some data (perhaps it was truncated somehow?)")); + } ++ else if (retval == -2) { ++ pixbuf = NULL; ++ goto out; ++ } + + pixbuf = gdk_pixbuf_animation_get_static_image (GDK_PIXBUF_ANIMATION (context->animation)); + + if (pixbuf) + g_object_ref (pixbuf); + ++out: + g_object_unref (context->animation); + + g_free (context->buf); +-- +cgit v0.9 diff --git a/x11-libs/gdk-pixbuf/gdk-pixbuf-2.22.1-r2.ebuild b/x11-libs/gdk-pixbuf/gdk-pixbuf-2.22.1-r2.ebuild new file mode 100644 index 000000000000..ea95caa96d13 --- /dev/null +++ b/x11-libs/gdk-pixbuf/gdk-pixbuf-2.22.1-r2.ebuild @@ -0,0 +1,87 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/x11-libs/gdk-pixbuf/gdk-pixbuf-2.22.1-r2.ebuild,v 1.1 2011/07/04 11:39:50 pacho Exp $ + +EAPI="3" + +inherit gnome.org multilib libtool autotools + +DESCRIPTION="Image loading library for GTK+" +HOMEPAGE="http://www.gtk.org/" + +LICENSE="LGPL-2" +SLOT="2" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sh ~sparc ~x86 ~x86-fbsd ~x86-freebsd ~x86-interix ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="+X debug doc +introspection jpeg jpeg2k svg tiff test" + +# librsvg blocker is for the new pixbuf loader API, you lose icons otherwise +RDEPEND=" + >=dev-libs/glib-2.25.15 + >=media-libs/libpng-1.2.44:0 + introspection? ( >=dev-libs/gobject-introspection-0.9.3 ) + jpeg? ( virtual/jpeg ) + jpeg2k? ( media-libs/jasper ) + tiff? ( >=media-libs/tiff-3.9.2 ) + X? ( x11-libs/libX11 ) + !<gnome-base/gail-1000 + !<gnome-base/librsvg-2.31.0 + !<x11-libs/gtk+-2.21.3:2 + !<x11-libs/gtk+-2.90.4:3" +DEPEND="${RDEPEND} + >=dev-util/pkgconfig-0.9 + >=sys-devel/gettext-0.17 + >=dev-util/gtk-doc-am-1.11 + doc? ( + >=dev-util/gtk-doc-1.11 + ~app-text/docbook-xml-dtd-4.1.2 )" +# Needed as reported in bug #363715 +PDEPEND="svg? ( gnome-base/librsvg )" + +src_prepare() { + # Only build against libX11 if the user wants to do so + epatch "${FILESDIR}"/${PN}-2.21.4-fix-automagic-x11.patch + + # Fix libpng-1.5 compatibility, bug 354557 — taken from upstream + epatch "${FILESDIR}/${P}-fix-libpng15.patch" + + # GIF: Don't return a partially initialized pixbuf structure + epatch "${FILESDIR}/${P}-CVE-2011-2485.patch" + + elibtoolize + eautoreconf +} + +src_configure() { + # png always on to display icons (foser) + local myconf=" + $(use_enable doc gtk-doc) + $(use_with jpeg libjpeg) + $(use_with jpeg2k libjasper) + $(use_with tiff libtiff) + $(use_enable introspection) + $(use_with X x11) + --with-libpng" + + # Passing --disable-debug is not recommended for production use + use debug && myconf="${myconf} --enable-debug=yes" + + econf ${myconf} +} + +src_install() { + emake DESTDIR="${D}" install || die + + dodoc AUTHORS NEWS* README* || die + + find "${ED}" -name '*.la' -exec rm -f {} + +} + +pkg_postinst() { + gdk-pixbuf-query-loaders > "${EROOT}usr/$(get_libdir)/gdk-pixbuf-2.0/2.10.0/loaders.cache" + + if [ -e "${EROOT}"usr/lib/gtk-2.0/2.*/loaders ]; then + elog "You need to rebuild ebuilds that installed into" "${EROOT}"usr/lib/gtk-2.0/2.*/loaders + elog "to do that you can use qfile from portage-utils:" + elog "emerge -va1 \$(qfile -qC ${EPREFIX}/usr/lib/gtk-2.0/2.*/loaders)" + fi +} |