Fix integer overflow in xbm loader (bug #412033).

(Portage version: 2.2.0_alpha100/cvs/Linux x86_64)
author: Alexandre Rostovtsev <tetromino@gentoo.org> 2012-04-14 20:52:57 +0000
committer: Alexandre Rostovtsev <tetromino@gentoo.org> 2012-04-14 20:52:57 +0000
commit: 7aea6e927764475a2f3166f38b2d0ce7c4d3f936 (patch)
tree: aea3231c6f0528a7a54d4a6145ff1b3750752f47 /x11-libs
parent: marked x86 per bug 411775 (diff)
download: gentoo-2-7aea6e927764475a2f3166f38b2d0ce7c4d3f936.tar.gz
gentoo-2-7aea6e927764475a2f3166f38b2d0ce7c4d3f936.tar.bz2
gentoo-2-7aea6e927764475a2f3166f38b2d0ce7c4d3f936.zip
4 files changed, 152 insertions, 2 deletions
diff --git a/x11-libs/gdk-pixbuf/ChangeLog b/x11-libs/gdk-pixbuf/ChangeLog
index 8e44a2f44e08..9cae7dcbd5a9 100644
--- a/x11-libs/gdk-pixbuf/ChangeLog
+++ b/x11-libs/gdk-pixbuf/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for x11-libs/gdk-pixbuf
 # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/x11-libs/gdk-pixbuf/ChangeLog,v 1.48 2012/04/12 17:04:23 tetromino Exp $
+# $Header: /var/cvsroot/gentoo-x86/x11-libs/gdk-pixbuf/ChangeLog,v 1.49 2012/04/14 20:52:57 tetromino Exp $
+
+*gdk-pixbuf-2.26.1 (14 Apr 2012)
+*gdk-pixbuf-2.24.1-r1 (14 Apr 2012)
+
+  14 Apr 2012; Alexandre Rostovtsev <tetromino@gentoo.org>
+  +gdk-pixbuf-2.24.1-r1.ebuild, +files/gdk-pixbuf-2.24.1-xbm-overflow.patch,
+  -gdk-pixbuf-2.26.0.ebuild, +gdk-pixbuf-2.26.1.ebuild:
+  Fix integer overflow in xbm loader (bug #412033).
 
   12 Apr 2012; Alexandre Rostovtsev <tetromino@gentoo.org>
   gdk-pixbuf-2.26.0.ebuild:
diff --git a/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.24.1-xbm-overflow.patch b/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.24.1-xbm-overflow.patch
new file mode 100644
index 000000000000..66b15f70ce63
--- /dev/null
+++ b/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.24.1-xbm-overflow.patch
@@ -0,0 +1,48 @@
+From 4f0f465f991cd454d03189497f923eb40c170c22 Mon Sep 17 00:00:00 2001
+From: Matthias Clasen <mclasen@redhat.com>
+Date: Sat, 14 Apr 2012 14:21:09 -0400
+Subject: [PATCH] Avoid an integer overflow in the xbm loader
+
+At the same time, reject some silly input, such as negative
+width or height.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=672811
+---
+ gdk-pixbuf/io-xbm.c |   12 ++++++++++--
+ 1 files changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/gdk-pixbuf/io-xbm.c b/gdk-pixbuf/io-xbm.c
+index 46653b9..4f3e1e8 100644
+--- a/gdk-pixbuf/io-xbm.c
++++ b/gdk-pixbuf/io-xbm.c
+@@ -183,10 +183,16 @@ read_bitmap_file_data (FILE    *fstream,
+ 				type++;
+ 			}
+ 
+-			if (!strcmp ("width", type))
++			if (!strcmp ("width", type)) {
++                                if (value <= 0)
++                                        RETURN (FALSE);
+ 				ww = (unsigned int) value;
+-			if (!strcmp ("height", type))
++                        }
++			if (!strcmp ("height", type)) {
++                                if (value <= 0)
++                                        RETURN (FALSE);
+ 				hh = (unsigned int) value;
++                        }
+ 			if (!strcmp ("hot", type)) {
+ 				if (type-- == name_and_type
+ 				    || type-- == name_and_type)
+@@ -231,6 +237,8 @@ read_bitmap_file_data (FILE    *fstream,
+ 		bytes_per_line = (ww+7)/8 + padding;
+ 
+ 		size = bytes_per_line * hh;
++                if (size / bytes_per_line != hh) /* overflow */
++                        RETURN (FALSE);
+ 		bits = g_malloc (size);
+ 
+ 		if (version10p) {
+-- 
+1.7.8.5
+
diff --git a/x11-libs/gdk-pixbuf/gdk-pixbuf-2.24.1-r1.ebuild b/x11-libs/gdk-pixbuf/gdk-pixbuf-2.24.1-r1.ebuild
new file mode 100644
index 000000000000..174a429fe132
--- /dev/null
+++ b/x11-libs/gdk-pixbuf/gdk-pixbuf-2.24.1-r1.ebuild
@@ -0,0 +1,94 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/x11-libs/gdk-pixbuf/gdk-pixbuf-2.24.1-r1.ebuild,v 1.1 2012/04/14 20:52:57 tetromino Exp $
+
+EAPI="4"
+
+inherit eutils gnome.org multilib libtool autotools
+
+DESCRIPTION="Image loading library for GTK+"
+HOMEPAGE="http://www.gtk.org/"
+
+LICENSE="LGPL-2"
+SLOT="2"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86 ~x86-fbsd ~x86-freebsd ~x86-interix ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="+X debug doc +introspection jpeg jpeg2k tiff test"
+
+COMMON_DEPEND="
+	>=dev-libs/glib-2.27.2:2
+	>=media-libs/libpng-1.4:0
+	introspection? ( >=dev-libs/gobject-introspection-0.9.3 )
+	jpeg? ( virtual/jpeg )
+	jpeg2k? ( media-libs/jasper )
+	tiff? ( >=media-libs/tiff-3.9.2:0 )
+	X? ( x11-libs/libX11 )"
+DEPEND="${COMMON_DEPEND}
+	>=dev-util/pkgconfig-0.9
+	>=sys-apps/coreutils-8.5
+	>=sys-devel/gettext-0.17
+	>=dev-util/gtk-doc-am-1.11
+	doc? (
+		>=dev-util/gtk-doc-1.11
+		~app-text/docbook-xml-dtd-4.1.2 )"
+# librsvg blocker is for the new pixbuf loader API, you lose icons otherwise
+RDEPEND="${COMMON_DEPEND}
+	!<gnome-base/gail-1000
+	!<gnome-base/librsvg-2.31.0
+	!<x11-libs/gtk+-2.21.3:2
+	!<x11-libs/gtk+-2.90.4:3"
+
+src_prepare() {
+	# This will avoid polluting the pkg-config file with versioned libpng,
+	# which is causing problems with libpng14 -> libpng15 upgrade
+	# See upstream bug #667068
+	sed -i -e 's:libpng15:libpng libpng15:' configure.ac || die
+	# Backport from 2.26.1, fixes xbm loader overflow
+	epatch "${FILESDIR}/${P}-xbm-overflow.patch"
+	eautoreconf
+}
+
+src_configure() {
+	# png always on to display icons (foser)
+	local myconf="
+		$(use_enable doc gtk-doc)
+		$(use_with jpeg libjpeg)
+		$(use_with jpeg2k libjasper)
+		$(use_with tiff libtiff)
+		$(use_enable introspection)
+		$(use_with X x11)
+		--with-libpng"
+
+	# Passing --disable-debug is not recommended for production use
+	use debug && myconf="${myconf} --enable-debug=yes"
+
+	econf ${myconf}
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+	dodoc AUTHORS NEWS* README*
+
+	# New library, remove .la files
+	find "${D}" -name '*.la' -exec rm -f '{}' + || die
+}
+
+pkg_postinst() {
+	# causes segfault if set, see bug 375615
+	unset __GL_NO_DSO_FINALIZER
+
+	tmp_file=$(mktemp --suffix=gdk_pixbuf_ebuild)
+	# be atomic!
+	gdk-pixbuf-query-loaders > "${tmp_file}"
+	if [ "${?}" = "0" ]; then
+		cat "${tmp_file}" > "${EROOT}usr/$(get_libdir)/gdk-pixbuf-2.0/2.10.0/loaders.cache"
+	else
+		ewarn "Cannot update loaders.cache, gdk-pixbuf-query-loaders failed to run"
+	fi
+	rm "${tmp_file}"
+
+	if [ -e "${EROOT}"usr/lib/gtk-2.0/2.*/loaders ]; then
+		elog "You need to rebuild ebuilds that installed into" "${EROOT}"usr/lib/gtk-2.0/2.*/loaders
+		elog "to do that you can use qfile from portage-utils:"
+		elog "emerge -va1 \$(qfile -qC ${EPREFIX}/usr/lib/gtk-2.0/2.*/loaders)"
+	fi
+}
diff --git a/x11-libs/gdk-pixbuf/gdk-pixbuf-2.26.0.ebuild b/x11-libs/gdk-pixbuf/gdk-pixbuf-2.26.1.ebuild
index 1eea78fcbb23..0449e17340b5 100644
--- a/x11-libs/gdk-pixbuf/gdk-pixbuf-2.26.0.ebuild
+++ b/x11-libs/gdk-pixbuf/gdk-pixbuf-2.26.1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2012 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/x11-libs/gdk-pixbuf/gdk-pixbuf-2.26.0.ebuild,v 1.3 2012/04/12 17:04:23 tetromino Exp $
+# $Header: /var/cvsroot/gentoo-x86/x11-libs/gdk-pixbuf/gdk-pixbuf-2.26.1.ebuild,v 1.1 2012/04/14 20:52:57 tetromino Exp $
 
 EAPI="4"
author	Alexandre Rostovtsev <tetromino@gentoo.org>	2012-04-14 20:52:57 +0000
committer	Alexandre Rostovtsev <tetromino@gentoo.org>	2012-04-14 20:52:57 +0000
commit	7aea6e927764475a2f3166f38b2d0ce7c4d3f936 (patch)
tree	aea3231c6f0528a7a54d4a6145ff1b3750752f47 /x11-libs
parent	marked x86 per bug 411775 (diff)
download	gentoo-2-7aea6e927764475a2f3166f38b2d0ce7c4d3f936.tar.gz gentoo-2-7aea6e927764475a2f3166f38b2d0ce7c4d3f936.tar.bz2 gentoo-2-7aea6e927764475a2f3166f38b2d0ce7c4d3f936.zip