(#172752) Security bump. CVE 2007-1667: libX11 XInitImage input validation.

Package-Manager: portage-2.1.2.3

6 files changed, 176 insertions, 1 deletions

diff --git a/x11-libs/libX11/ChangeLog b/x11-libs/libX11/ChangeLog
index d82922877d52..a04cefb4913a 100644
--- a/x11-libs/libX11/ChangeLog
+++ b/x11-libs/libX11/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for x11-libs/libX11
 # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/x11-libs/libX11/ChangeLog,v 1.62 2007/02/04 18:23:48 joshuabaergen Exp $
+# $Header: /var/cvsroot/gentoo-x86/x11-libs/libX11/ChangeLog,v 1.63 2007/04/05 06:54:21 dberkholz Exp $
+
+*libX11-1.1.1-r1 (05 Apr 2007)
+*libX11-1.0.3-r2 (05 Apr 2007)
+
+  05 Apr 2007; Donnie Berkholz <dberkholz@gentoo.org>;
+  +files/xorg-libX11-1.1.1-xinitimage.diff, +libX11-1.0.3-r2.ebuild,
+  +libX11-1.1.1-r1.ebuild:
+  (#172752) Security bump. CVE 2007-1667: libX11 XInitImage input validation.
 
   04 Feb 2007; Joshua Baergen <joshuabaergen@gentoo.org>
   libX11-1.0.1-r1.ebuild, libX11-1.0.3.ebuild, libX11-1.0.3-r1.ebuild:
diff --git a/x11-libs/libX11/files/digest-libX11-1.0.3-r2 b/x11-libs/libX11/files/digest-libX11-1.0.3-r2
new file mode 100644
index 000000000000..12c8959efbd3
--- /dev/null
+++ b/x11-libs/libX11/files/digest-libX11-1.0.3-r2
@@ -0,0 +1,3 @@
+MD5 60b787a812c92d33f71860e4e19cb59d libX11-1.0.3.tar.bz2 1449835
+RMD160 285a878a8ec9ecbd86e67897ca15ce96c994f38a libX11-1.0.3.tar.bz2 1449835
+SHA256 fb42f2400c3709a0c2c17f27cc4a902c191ebd6228c70698891bf3a13ea5b3ac libX11-1.0.3.tar.bz2 1449835
diff --git a/x11-libs/libX11/files/digest-libX11-1.1.1-r1 b/x11-libs/libX11/files/digest-libX11-1.1.1-r1
new file mode 100644
index 000000000000..3770fe4a802b
--- /dev/null
+++ b/x11-libs/libX11/files/digest-libX11-1.1.1-r1
@@ -0,0 +1,3 @@
+MD5 848b80f77b20ae1fa5c882bbfa531ebc libX11-1.1.1.tar.bz2 1426405
+RMD160 99c2d2bd6823c09667dffa5e4265924e93e76eef libX11-1.1.1.tar.bz2 1426405
+SHA256 5359db57793430429786b648ac570d4ab205797306e049bf1e8675250af21541 libX11-1.1.1.tar.bz2 1426405
diff --git a/x11-libs/libX11/files/xorg-libX11-1.1.1-xinitimage.diff b/x11-libs/libX11/files/xorg-libX11-1.1.1-xinitimage.diff
new file mode 100644
index 000000000000..2ba968d9fc19
--- /dev/null
+++ b/x11-libs/libX11/files/xorg-libX11-1.1.1-xinitimage.diff
@@ -0,0 +1,87 @@
+diff --git a/src/ImUtil.c b/src/ImUtil.c
+index 83fd030..9e667bb 100644
+--- a/src/ImUtil.c
++++ b/src/ImUtil.c
+@@ -327,12 +327,13 @@ XImage *XCreateImage (dpy, visual, depth
+ {
+ 	register XImage *image;
+ 	int bits_per_pixel = 1;
++	int min_bytes_per_line;
+ 
+ 	if (depth == 0 || depth > 32 ||
+ 	    (format != XYBitmap && format != XYPixmap && format != ZPixmap) ||
+ 	    (format == XYBitmap && depth != 1) ||
+ 	    (xpad != 8 && xpad != 16 && xpad != 32) ||
+-	    offset < 0 || image_bytes_per_line < 0)
++	    offset < 0)
+ 	    return (XImage *) NULL;
+ 	if ((image = (XImage *) Xcalloc(1, (unsigned) sizeof(XImage))) == NULL)
+ 	    return (XImage *) NULL;
+@@ -363,16 +364,21 @@ XImage *XCreateImage (dpy, visual, depth
+ 	/*
+ 	 * compute per line accelerator.
+ 	 */
+-	if (image_bytes_per_line == 0)
+ 	{
+ 	if (format == ZPixmap)
+-	    image->bytes_per_line = 
++	    min_bytes_per_line = 
+ 	       ROUNDUP((bits_per_pixel * width), image->bitmap_pad);
+ 	else
+-	    image->bytes_per_line =
++	    min_bytes_per_line =
+ 	        ROUNDUP((width + offset), image->bitmap_pad);
+ 	}
+-	else image->bytes_per_line = image_bytes_per_line;
++	if (image_bytes_per_line == 0) {
++	    image->bytes_per_line = min_bytes_per_line;
++	} else if (image_bytes_per_line < min_bytes_per_line) {
++	    return 0;
++	} else {
++	    image->bytes_per_line = image_bytes_per_line;
++	}
+ 
+ 	image->bits_per_pixel = bits_per_pixel;
+ 	image->obdata = NULL;
+@@ -384,7 +390,11 @@ XImage *XCreateImage (dpy, visual, depth
+ Status XInitImage (image)
+     XImage *image;
+ {
++	int min_bytes_per_line;
++
+ 	if (image->depth == 0 || image->depth > 32 ||
++	    image->bits_per_pixel > 32 || image->bitmap_unit > 32 ||
++	    image->bits_per_pixel < 0 || image->bitmap_unit < 0 ||
+ 	    (image->format != XYBitmap &&
+ 	     image->format != XYPixmap &&
+ 	     image->format != ZPixmap) ||
+@@ -392,21 +402,24 @@ Status XInitImage (image)
+ 	    (image->bitmap_pad != 8 &&
+ 	     image->bitmap_pad != 16 &&
+ 	     image->bitmap_pad != 32) ||
+-	    image->xoffset < 0 || image->bytes_per_line < 0)
++	    image->xoffset < 0)
+ 	    return 0;
+ 
+ 	/*
+ 	 * compute per line accelerator.
+ 	 */
+-	if (image->bytes_per_line == 0)
+-	{
+ 	if (image->format == ZPixmap)
+-	    image->bytes_per_line = 
++	    min_bytes_per_line = 
+ 	       ROUNDUP((image->bits_per_pixel * image->width),
+ 		       image->bitmap_pad);
+ 	else
+-	    image->bytes_per_line =
++	    min_bytes_per_line =
+ 	        ROUNDUP((image->width + image->xoffset), image->bitmap_pad);
++
++	if (image->bytes_per_line == 0) {
++	    image->bytes_per_line = min_bytes_per_line;
++	} else if (image->bytes_per_line < min_bytes_per_line) {
++	    return 0;
+ 	}
+ 
+ 	_XInitImageFuncPtrs (image);
diff --git a/x11-libs/libX11/libX11-1.0.3-r2.ebuild b/x11-libs/libX11/libX11-1.0.3-r2.ebuild
new file mode 100644
index 000000000000..78708e00f043
--- /dev/null
+++ b/x11-libs/libX11/libX11-1.0.3-r2.ebuild
@@ -0,0 +1,41 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/x11-libs/libX11/libX11-1.0.3-r2.ebuild,v 1.1 2007/04/05 06:54:21 dberkholz Exp $
+
+# Must be before x-modular eclass is inherited
+#SNAPSHOT="yes"
+
+inherit x-modular
+
+DESCRIPTION="X.Org X11 library"
+
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd"
+IUSE="ipv6"
+
+RDEPEND=">=x11-libs/xtrans-1.0.1
+	x11-libs/libXau
+	x11-libs/libXdmcp
+	x11-proto/kbproto
+	x11-proto/inputproto
+	>=x11-proto/xproto-7.0.6"
+DEPEND="${RDEPEND}
+	x11-proto/xf86bigfontproto
+	x11-proto/bigreqsproto
+	x11-proto/xextproto
+	x11-proto/xcmiscproto
+	>=x11-misc/util-macros-0.99.0_p20051007"
+
+CONFIGURE_OPTIONS="$(use_enable ipv6)"
+# xorg really doesn't like xlocale disabled.
+# $(use_enable nls xlocale)
+
+PATCHES="${FILESDIR}/CVE-2006-5397.patch
+	${FILESDIR}/xorg-libX11-1.1.1-xinitimage.diff"
+
+src_install() {
+	x-modular_src_install
+
+	local ENVD="10libx11"
+	echo "LDPATH=\"/usr/lib\"" > "${T}"/${ENVD}
+	doenvd "${T}"/${ENVD}
+}
diff --git a/x11-libs/libX11/libX11-1.1.1-r1.ebuild b/x11-libs/libX11/libX11-1.1.1-r1.ebuild
new file mode 100644
index 000000000000..269199271c88
--- /dev/null
+++ b/x11-libs/libX11/libX11-1.1.1-r1.ebuild
@@ -0,0 +1,33 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/x11-libs/libX11/libX11-1.1.1-r1.ebuild,v 1.1 2007/04/05 06:54:21 dberkholz Exp $
+
+# Must be before x-modular eclass is inherited
+#SNAPSHOT="yes"
+
+inherit x-modular
+
+DESCRIPTION="X.Org X11 library"
+
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd"
+IUSE="ipv6 xcb"
+RDEPEND=">=x11-libs/xtrans-1.0.1
+	x11-libs/libXau
+	x11-libs/libXdmcp
+	x11-proto/kbproto
+	>=x11-proto/xproto-7.0.6
+	xcb? ( >=x11-libs/libxcb-1.0 )"
+DEPEND="${RDEPEND}
+	x11-proto/xf86bigfontproto
+	x11-proto/bigreqsproto
+	x11-proto/inputproto
+	x11-proto/xextproto
+	x11-proto/xcmiscproto
+	>=x11-misc/util-macros-0.99.0_p20051007"
+
+CONFIGURE_OPTIONS="$(use_enable ipv6)
+	$(use_with xcb)"
+# xorg really doesn't like xlocale disabled.
+# $(use_enable nls xlocale)
+
+PATCHES="${FILESDIR}/xorg-libX11-1.1.1-xinitimage.diff"