summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPacho Ramos <pacho@gentoo.org>2011-07-04 11:39:50 +0000
committerPacho Ramos <pacho@gentoo.org>2011-07-04 11:39:50 +0000
commit2a219b54b2d8ad6c28aeaead8d5f3ebb2e1715b5 (patch)
treefbd6da8c3b90e6cb5a119920a1d51c55444a0f2d /x11-libs
parentPass Python ABI patterns list to _python_check_python_abi_matching() to (diff)
downloadgentoo-2-2a219b54b2d8ad6c28aeaead8d5f3ebb2e1715b5.tar.gz
gentoo-2-2a219b54b2d8ad6c28aeaead8d5f3ebb2e1715b5.tar.bz2
gentoo-2-2a219b54b2d8ad6c28aeaead8d5f3ebb2e1715b5.zip
GIF: Don't return a partially initialized pixbuf structure, fix security bug #373999 by Tim Sammut.
(Portage version: 2.1.10.3/cvs/Linux x86_64)
Diffstat (limited to 'x11-libs')
-rw-r--r--x11-libs/gdk-pixbuf/ChangeLog9
-rw-r--r--x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.22.1-CVE-2011-2485.patch56
-rw-r--r--x11-libs/gdk-pixbuf/gdk-pixbuf-2.22.1-r2.ebuild87
3 files changed, 151 insertions, 1 deletions
diff --git a/x11-libs/gdk-pixbuf/ChangeLog b/x11-libs/gdk-pixbuf/ChangeLog
index 10c98536769a..3f02c6ba745b 100644
--- a/x11-libs/gdk-pixbuf/ChangeLog
+++ b/x11-libs/gdk-pixbuf/ChangeLog
@@ -1,6 +1,13 @@
# ChangeLog for x11-libs/gdk-pixbuf
# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/x11-libs/gdk-pixbuf/ChangeLog,v 1.20 2011/06/29 14:59:58 angelos Exp $
+# $Header: /var/cvsroot/gentoo-x86/x11-libs/gdk-pixbuf/ChangeLog,v 1.21 2011/07/04 11:39:50 pacho Exp $
+
+*gdk-pixbuf-2.22.1-r2 (04 Jul 2011)
+
+ 04 Jul 2011; Pacho Ramos <pacho@gentoo.org> +gdk-pixbuf-2.22.1-r2.ebuild,
+ +files/gdk-pixbuf-2.22.1-CVE-2011-2485.patch:
+ GIF: Don't return a partially initialized pixbuf structure, fix security bug
+ #373999 by Tim Sammut.
29 Jun 2011; Christoph Mende <angelos@gentoo.org>
gdk-pixbuf-2.22.1-r1.ebuild:
diff --git a/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.22.1-CVE-2011-2485.patch b/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.22.1-CVE-2011-2485.patch
new file mode 100644
index 000000000000..6c5e93348faf
--- /dev/null
+++ b/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.22.1-CVE-2011-2485.patch
@@ -0,0 +1,56 @@
+From f8569bb13e2aa1584dde61ca545144750f7a7c98 Mon Sep 17 00:00:00 2001
+From: Matthias Clasen <mclasen@redhat.com>
+Date: Fri, 24 Jun 2011 05:09:35 +0000
+Subject: GIF: Don't return a partially initialized pixbuf structure
+
+It was found that gdk-pixbuf GIF image loader gdk_pixbuf__gif_image_load()
+routine did not properly handle certain return values from their subroutines.
+A remote attacker could provide a specially-crafted GIF image, which once
+opened in an application, linked against gdk-pixbuf would lead to gdk-pixbuf
+to return partially initialized pixbuf structure, possibly having huge
+width and height, leading to that particular application termination due
+excessive memory use.
+
+The CVE identifier of CVE-2011-2485 has been assigned to this issue.
+---
+diff --git a/gdk-pixbuf/io-gif.c b/gdk-pixbuf/io-gif.c
+index 0b370ee..8a1fa3e 100644
+--- a/gdk-pixbuf/io-gif.c
++++ b/gdk-pixbuf/io-gif.c
+@@ -1455,6 +1455,7 @@ gdk_pixbuf__gif_image_load (FILE *file, GError **error)
+ {
+ GifContext *context;
+ GdkPixbuf *pixbuf;
++ gint retval;
+
+ g_return_val_if_fail (file != NULL, NULL);
+
+@@ -1472,19 +1473,25 @@ gdk_pixbuf__gif_image_load (FILE *file, GError **error)
+ context->error = error;
+ context->stop_after_first_frame = TRUE;
+
+- if (gif_main_loop (context) == -1 || context->animation->frames == NULL) {
++ retval = gif_main_loop (context);
++ if (retval == -1 || context->animation->frames == NULL) {
+ if (context->error && *(context->error) == NULL)
+ g_set_error_literal (context->error,
+ GDK_PIXBUF_ERROR,
+ GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
+ _("GIF file was missing some data (perhaps it was truncated somehow?)"));
+ }
++ else if (retval == -2) {
++ pixbuf = NULL;
++ goto out;
++ }
+
+ pixbuf = gdk_pixbuf_animation_get_static_image (GDK_PIXBUF_ANIMATION (context->animation));
+
+ if (pixbuf)
+ g_object_ref (pixbuf);
+
++out:
+ g_object_unref (context->animation);
+
+ g_free (context->buf);
+--
+cgit v0.9
diff --git a/x11-libs/gdk-pixbuf/gdk-pixbuf-2.22.1-r2.ebuild b/x11-libs/gdk-pixbuf/gdk-pixbuf-2.22.1-r2.ebuild
new file mode 100644
index 000000000000..ea95caa96d13
--- /dev/null
+++ b/x11-libs/gdk-pixbuf/gdk-pixbuf-2.22.1-r2.ebuild
@@ -0,0 +1,87 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/x11-libs/gdk-pixbuf/gdk-pixbuf-2.22.1-r2.ebuild,v 1.1 2011/07/04 11:39:50 pacho Exp $
+
+EAPI="3"
+
+inherit gnome.org multilib libtool autotools
+
+DESCRIPTION="Image loading library for GTK+"
+HOMEPAGE="http://www.gtk.org/"
+
+LICENSE="LGPL-2"
+SLOT="2"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sh ~sparc ~x86 ~x86-fbsd ~x86-freebsd ~x86-interix ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="+X debug doc +introspection jpeg jpeg2k svg tiff test"
+
+# librsvg blocker is for the new pixbuf loader API, you lose icons otherwise
+RDEPEND="
+ >=dev-libs/glib-2.25.15
+ >=media-libs/libpng-1.2.44:0
+ introspection? ( >=dev-libs/gobject-introspection-0.9.3 )
+ jpeg? ( virtual/jpeg )
+ jpeg2k? ( media-libs/jasper )
+ tiff? ( >=media-libs/tiff-3.9.2 )
+ X? ( x11-libs/libX11 )
+ !<gnome-base/gail-1000
+ !<gnome-base/librsvg-2.31.0
+ !<x11-libs/gtk+-2.21.3:2
+ !<x11-libs/gtk+-2.90.4:3"
+DEPEND="${RDEPEND}
+ >=dev-util/pkgconfig-0.9
+ >=sys-devel/gettext-0.17
+ >=dev-util/gtk-doc-am-1.11
+ doc? (
+ >=dev-util/gtk-doc-1.11
+ ~app-text/docbook-xml-dtd-4.1.2 )"
+# Needed as reported in bug #363715
+PDEPEND="svg? ( gnome-base/librsvg )"
+
+src_prepare() {
+ # Only build against libX11 if the user wants to do so
+ epatch "${FILESDIR}"/${PN}-2.21.4-fix-automagic-x11.patch
+
+ # Fix libpng-1.5 compatibility, bug 354557 — taken from upstream
+ epatch "${FILESDIR}/${P}-fix-libpng15.patch"
+
+ # GIF: Don't return a partially initialized pixbuf structure
+ epatch "${FILESDIR}/${P}-CVE-2011-2485.patch"
+
+ elibtoolize
+ eautoreconf
+}
+
+src_configure() {
+ # png always on to display icons (foser)
+ local myconf="
+ $(use_enable doc gtk-doc)
+ $(use_with jpeg libjpeg)
+ $(use_with jpeg2k libjasper)
+ $(use_with tiff libtiff)
+ $(use_enable introspection)
+ $(use_with X x11)
+ --with-libpng"
+
+ # Passing --disable-debug is not recommended for production use
+ use debug && myconf="${myconf} --enable-debug=yes"
+
+ econf ${myconf}
+}
+
+src_install() {
+ emake DESTDIR="${D}" install || die
+
+ dodoc AUTHORS NEWS* README* || die
+
+ find "${ED}" -name '*.la' -exec rm -f {} +
+}
+
+pkg_postinst() {
+ gdk-pixbuf-query-loaders > "${EROOT}usr/$(get_libdir)/gdk-pixbuf-2.0/2.10.0/loaders.cache"
+
+ if [ -e "${EROOT}"usr/lib/gtk-2.0/2.*/loaders ]; then
+ elog "You need to rebuild ebuilds that installed into" "${EROOT}"usr/lib/gtk-2.0/2.*/loaders
+ elog "to do that you can use qfile from portage-utils:"
+ elog "emerge -va1 \$(qfile -qC ${EPREFIX}/usr/lib/gtk-2.0/2.*/loaders)"
+ fi
+}