Add fix for malformed GIF loading exploit, bug #208464

(Portage version: 2.1.4.4)

3 files changed, 147 insertions, 2 deletions

diff --git a/dev-util/insight/ChangeLog b/dev-util/insight/ChangeLog
index 7ca772a0afd3..5eefcbcbd197 100644
--- a/dev-util/insight/ChangeLog
+++ b/dev-util/insight/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for dev-util/insight
-# Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-util/insight/ChangeLog,v 1.41 2007/11/09 08:41:38 vapier Exp $
+# Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/dev-util/insight/ChangeLog,v 1.42 2008/03/08 16:30:51 tester Exp $
+
+*insight-6.7.1-r1 (08 Mar 2008)
+
+  08 Mar 2008; Olivier Crête <tester@gentoo.org> +files/tkImgGIF.patch,
+  +insight-6.7.1-r1.ebuild:
+  Add fix for malformed GIF loading exploit, bug #208464
 
 *insight-6.7.1 (09 Nov 2007)
 
diff --git a/dev-util/insight/files/tkImgGIF.patch b/dev-util/insight/files/tkImgGIF.patch
new file mode 100644
index 000000000000..e8a81f384f28
--- /dev/null
+++ b/dev-util/insight/files/tkImgGIF.patch
@@ -0,0 +1,63 @@
+Index: generic/tkImgGIF.c
+===================================================================
+RCS file: /cvsroot/tktoolkit/tk/generic/tkImgGIF.c,v
+retrieving revision 1.24.2.5
+diff -u -r1.24.2.5 tkImgGIF.c
+--- generic/tkImgGIF.c	11 Sep 2007 18:01:45 -0000	1.24.2.5
++++ generic/tkImgGIF.c	25 Jan 2008 19:23:01 -0000
+@@ -826,6 +826,12 @@
+ 		Tcl_PosixError(interp), (char *) NULL);
+ 	return TCL_ERROR;
+     }
++
++    if (initialCodeSize > MAX_LWZ_BITS) {
++	Tcl_SetResult(interp, "malformed image", TCL_STATIC);
++	return TCL_ERROR;
++    }
++
+     if (transparent != -1) {
+ 	cmap[transparent][CM_RED] = 0;
+ 	cmap[transparent][CM_GREEN] = 0;
+Index: tests/imgPhoto.test
+===================================================================
+RCS file: /cvsroot/tktoolkit/tk/tests/imgPhoto.test,v
+retrieving revision 1.15.2.5
+diff -u -r1.15.2.5 imgPhoto.test
+--- tests/imgPhoto.test	11 Sep 2007 18:01:46 -0000	1.15.2.5
++++ tests/imgPhoto.test	25 Jan 2008 19:23:01 -0000
+@@ -681,6 +681,35 @@
+     image delete $i
+ }
+ 
++test imgPhoto-14.4 {GIF buffer overflow} -setup {
++    set i [image create photo]
++} -body {
++    # This crashes Tk up to 8.4.17 and 8.5.0
++    $i configure -data {
++	R0lGODlhCgAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/
++	AP//AAAA//8A/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
++	AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
++	AAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBmAABmMwBmZgBm
++	mQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/
++	AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz
++	mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPM
++	ADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYA
++	mWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZ
++	AGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/
++	mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lm
++	AJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM
++	mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wz
++	AMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZ
++	mcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8A
++	AP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9m
++	mf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/Mmf/MzP/M////
++	AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAKAAoAABUSAAD/HEiwoMGD
++	CBMqXMiwYcKAADs=
++    } 
++} -cleanup {
++    image delete $i
++} -returnCodes error -result {malformed image}
++
+ test imgPhoto-15.1 {photo images can fail to allocate memory gracefully} \
+ 	{nonPortable} {
+     # This is not portable to very large machines with more around
diff --git a/dev-util/insight/insight-6.7.1-r1.ebuild b/dev-util/insight/insight-6.7.1-r1.ebuild
new file mode 100644
index 000000000000..21628e1b77e4
--- /dev/null
+++ b/dev-util/insight/insight-6.7.1-r1.ebuild
@@ -0,0 +1,76 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-util/insight/insight-6.7.1-r1.ebuild,v 1.1 2008/03/08 16:30:51 tester Exp $
+
+inherit eutils flag-o-matic
+
+export CTARGET=${CTARGET:-${CHOST}}
+if [[ ${CTARGET} == ${CHOST} ]] ; then
+	if [[ ${CATEGORY/cross-} != ${CATEGORY} ]] ; then
+		export CTARGET=${CATEGORY/cross-}
+	fi
+fi
+
+DESCRIPTION="A graphical interface to the GNU debugger"
+HOMEPAGE="http://sourceware.org/insight/"
+SRC_URI="ftp://sources.redhat.com/pub/${PN}/releases/${P}.tar.bz2"
+
+LICENSE="GPL-2 LGPL-2"
+[[ ${CTARGET} != ${CHOST} ]] \
+	&& SLOT="${CTARGET}" \
+	|| SLOT="0"
+KEYWORDS="~alpha ~amd64 ~ppc ~sparc ~x86"
+IUSE="nls"
+
+RDEPEND="sys-libs/ncurses
+	x11-libs/libX11"
+DEPEND="${RDEPEND}
+	nls? ( sys-devel/gettext )"
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+	epatch "${FILESDIR}"/${PN}-6.6-DESTDIR.patch
+	epatch "${FILESDIR}"/${PN}-6.6-burn-paths.patch
+
+	cd "${S}/tk"
+	epatch "${FILESDIR}"/tkImgGIF.patch
+}
+
+src_compile() {
+	append-flags -fno-strict-aliasing # tcl code sucks
+	strip-linguas -u bfd/po opcodes/po
+	econf \
+		--disable-werror \
+		$(use_enable nls) \
+		--enable-gdbtk \
+		--disable-tui \
+		--datadir=/usr/share/${PN} \
+		|| die
+	emake || die
+}
+
+src_install() {
+	# the tcl-related subdirs are not parallel safe
+	emake -j1 DESTDIR="${D}" install || die
+
+	# Don't install docs when building a cross-insight
+	if [[ ${CTARGET} == ${CHOST} ]] ; then
+		dodoc gdb/gdbtk/{README,TODO}
+	fi
+
+	# the gui tcl code does not consider any of the configure
+	# options given it ... instead, it requires the path to
+	# be /usr/share/redhat/...
+	mv "${D}"/usr/share/${PN}/redhat "${D}"/usr/share/ || die
+
+	# scrub all the cruft we dont want
+	local x
+	cd "${D}"/usr/bin
+	for x in * ; do
+		[[ ${x} != *insight ]] && rm -f ${x}
+	done
+	cd "${D}"
+	rm -rf usr/{include,man,share/{info,locale,man}}
+	rm -rf usr/lib*
+}