Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/media-gfx
diff options
context:
space:
mode:
authorSebastian Pipping <sping@gentoo.org>2012-09-14 22:42:43 +0000
committerSebastian Pipping <sping@gentoo.org>2012-09-14 22:42:43 +0000
commit83107c2e29cada77e33bdffd4a8ffe604a0d78cc (patch)
tree07e43429d54620d0f7c6b2f6d7defd2df71134e4 /media-gfx
parentRemove old (diff)
downloadgentoo-2-83107c2e29cada77e33bdffd4a8ffe604a0d78cc.tar.gz
gentoo-2-83107c2e29cada77e33bdffd4a8ffe604a0d78cc.tar.bz2
gentoo-2-83107c2e29cada77e33bdffd4a8ffe604a0d78cc.zip
media-gfx/gimp: 2.6.12-r3 (CVE-2012-3481, bug #434580)
(Portage version: 2.1.10.65/cvs/Linux x86_64)
Diffstat (limited to 'media-gfx')
-rw-r--r--media-gfx/gimp/ChangeLog10
-rw-r--r--media-gfx/gimp/files/gimp-2.6.12-fix-type-overflow-CVE-2012-3481.patch30
-rw-r--r--media-gfx/gimp/files/gimp-2.6.12-limit-len-and-height-CVE-2012-3481.patch31
-rw-r--r--media-gfx/gimp/gimp-2.6.12-r3.ebuild163
4 files changed, 233 insertions, 1 deletions
diff --git a/media-gfx/gimp/ChangeLog b/media-gfx/gimp/ChangeLog
index 625316a94ff4..a2dea8644c84 100644
--- a/media-gfx/gimp/ChangeLog
+++ b/media-gfx/gimp/ChangeLog
@@ -1,6 +1,14 @@
# ChangeLog for media-gfx/gimp
# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-gfx/gimp/ChangeLog,v 1.383 2012/09/03 22:47:10 sping Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-gfx/gimp/ChangeLog,v 1.384 2012/09/14 22:42:43 sping Exp $
+
+*gimp-2.6.12-r3 (14 Sep 2012)
+
+ 14 Sep 2012; Sebastian Pipping <sping@gentoo.org> +gimp-2.6.12-r3.ebuild,
+ +files/gimp-2.6.12-fix-type-overflow-CVE-2012-3481.patch,
+ +files/gimp-2.6.12-limit-len-and-height-CVE-2012-3481.patch:
+ Add patches for CVE-2012-3481 to 2.6.12 (bug #434580), 2.8.2 is patched by
+ upstream already
03 Sep 2012; Sebastian Pipping <sping@gentoo.org> gimp-9999.ebuild:
Bump dependencies of live ebuild on GEGL and BABL to actual but out-of-tree
diff --git a/media-gfx/gimp/files/gimp-2.6.12-fix-type-overflow-CVE-2012-3481.patch b/media-gfx/gimp/files/gimp-2.6.12-fix-type-overflow-CVE-2012-3481.patch
new file mode 100644
index 000000000000..8ac0934038d9
--- /dev/null
+++ b/media-gfx/gimp/files/gimp-2.6.12-fix-type-overflow-CVE-2012-3481.patch
@@ -0,0 +1,30 @@
+From 407606bdbb404c0a1bf14751a394459e1bedfc08 Mon Sep 17 00:00:00 2001
+From: Nils Philippsen <nils@redhat.com>
+Date: Tue, 14 Aug 2012 15:27:39 +0200
+Subject: [PATCH 2/2] file-gif-load: fix type overflow (CVE-2012-3481)
+
+Cast variables properly to avoid overflowing when computing how much
+memory to allocate.
+---
+ plug-ins/common/file-gif-load.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/plug-ins/common/file-gif-load.c b/plug-ins/common/file-gif-load.c
+index 909b184..b46ba08 100644
+--- a/plug-ins/common/file-gif-load.c
++++ b/plug-ins/common/file-gif-load.c
+@@ -1033,9 +1033,9 @@ ReadImage (FILE *fd,
+ }
+
+ if (alpha_frame)
+- dest = (guchar *) g_malloc (len * height * (promote_to_rgb ? 4 : 2));
++ dest = (guchar *) g_malloc ((gsize)len * (gsize)height * (promote_to_rgb ? 4 : 2));
+ else
+- dest = (guchar *) g_malloc (len * height);
++ dest = (guchar *) g_malloc ((gsize)len * (gsize)height);
+
+ #ifdef GIFDEBUG
+ g_print ("GIF: reading %d by %d%s GIF image, ncols=%d\n",
+--
+1.7.11.4
+
diff --git a/media-gfx/gimp/files/gimp-2.6.12-limit-len-and-height-CVE-2012-3481.patch b/media-gfx/gimp/files/gimp-2.6.12-limit-len-and-height-CVE-2012-3481.patch
new file mode 100644
index 000000000000..e94224bb47e4
--- /dev/null
+++ b/media-gfx/gimp/files/gimp-2.6.12-limit-len-and-height-CVE-2012-3481.patch
@@ -0,0 +1,31 @@
+From 4ec417c50d4cce935a87b5beab051e85cbfcec45 Mon Sep 17 00:00:00 2001
+From: Jan Lieskovsky <jlieskov@redhat.com>
+Date: Tue, 14 Aug 2012 12:18:22 +0200
+Subject: [PATCH 1/2] file-gif-load: limit len and height (CVE-2012-3481)
+
+Ensure values of len and height can't overflow g_malloc() argument type.
+---
+ plug-ins/common/file-gif-load.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/plug-ins/common/file-gif-load.c b/plug-ins/common/file-gif-load.c
+index 9a0720b..909b184 100644
+--- a/plug-ins/common/file-gif-load.c
++++ b/plug-ins/common/file-gif-load.c
+@@ -1025,6 +1025,13 @@ ReadImage (FILE *fd,
+ cur_progress = 0;
+ max_progress = height;
+
++ if (len > (G_MAXSIZE / height / (alpha_frame ? (promote_to_rgb ? 4 : 2) : 1)))
++ {
++ g_message ("'%s' has a larger image size than GIMP can handle.",
++ gimp_filename_to_utf8 (filename));
++ return -1;
++ }
++
+ if (alpha_frame)
+ dest = (guchar *) g_malloc (len * height * (promote_to_rgb ? 4 : 2));
+ else
+--
+1.7.11.4
+
diff --git a/media-gfx/gimp/gimp-2.6.12-r3.ebuild b/media-gfx/gimp/gimp-2.6.12-r3.ebuild
new file mode 100644
index 000000000000..788ed656a047
--- /dev/null
+++ b/media-gfx/gimp/gimp-2.6.12-r3.ebuild
@@ -0,0 +1,163 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/media-gfx/gimp/gimp-2.6.12-r3.ebuild,v 1.1 2012/09/14 22:42:43 sping Exp $
+
+EAPI="3"
+
+PYTHON_DEPEND="python? 2:2.5"
+
+inherit eutils gnome2 fdo-mime multilib python
+
+DESCRIPTION="GNU Image Manipulation Program"
+HOMEPAGE="http://www.gimp.org/"
+SRC_URI="
+ http://dev.gentoo.org/~jlec/distfiles/${PN}-2.6.11-underlinking.patch.xz
+ mirror://gimp/v2.6/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="2"
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+
+LANGS="am ar ast az be bg ca ca@valencia cs da de dz el en_CA en_GB eo es et eu fa fi fr ga gl gu he hi hr hu id is it ja ka kk km kn ko lt lv mk ml mr ms my nb nds ne nl nn oc or pa pl pt pt_BR ro ru rw si sk sl sr sr@latin sv ta th tr tt uk vi xh yi zh_CN zh_HK zh_TW"
+IUSE="alsa aalib altivec curl dbus debug doc exif gnome jpeg lcms mmx mng pdf png python smp sse svg tiff webkit wmf"
+
+for lang in ${LANGS}; do
+ IUSE+=" linguas_${lang}"
+done
+
+RDEPEND="
+ >=dev-libs/glib-2.18.1:2
+ dev-libs/libxml2
+ dev-libs/libxslt
+ >=media-libs/fontconfig-2.2.0
+ >=media-libs/freetype-2.1.7
+ >=media-libs/gegl-0.0.22 <media-libs/gegl-0.2
+ >=x11-libs/gtk+-2.12.5:2
+ x11-libs/libXpm
+ >=x11-libs/pango-1.18.0
+ sys-libs/zlib
+ x11-themes/hicolor-icon-theme
+ aalib? ( media-libs/aalib )
+ alsa? ( media-libs/alsa-lib )
+ curl? ( net-misc/curl )
+ dbus? ( dev-libs/dbus-glib )
+ exif? ( >=media-libs/libexif-0.6.15 )
+ gnome? ( gnome-base/gvfs )
+ jpeg? ( virtual/jpeg:0 )
+ lcms? ( =media-libs/lcms-1* )
+ mng? ( media-libs/libmng )
+ pdf? ( >=app-text/poppler-0.12.3-r3[cairo] )
+ png? ( >=media-libs/libpng-1.2.2:0 )
+ python? ( >=dev-python/pygtk-2.10.4:2 )
+ svg? ( >=gnome-base/librsvg-2.8.0:2 )
+ tiff? ( >=media-libs/tiff-3.5.7:0 )
+ webkit? ( net-libs/webkit-gtk:2 )
+ wmf? ( >=media-libs/libwmf-0.2.8 )"
+DEPEND="${RDEPEND}
+ >=dev-util/intltool-0.40
+ virtual/pkgconfig
+ >=sys-devel/gettext-0.17
+ doc? ( >=dev-util/gtk-doc-1 )"
+
+DOCS="AUTHORS ChangeLog* HACKING NEWS README*"
+
+pkg_setup() {
+ G2CONF="--enable-default-binary \
+ --with-x \
+ $(use_with aalib aa) \
+ $(use_with alsa) \
+ $(use_enable altivec) \
+ $(use_with curl libcurl) \
+ $(use_with dbus) \
+ --without-hal \
+ $(use_with gnome gvfs) \
+ --without-gnomevfs \
+ $(use_with webkit) \
+ $(use_with jpeg libjpeg) \
+ $(use_with exif libexif) \
+ $(use_with lcms) \
+ $(use_enable mmx) \
+ $(use_with mng libmng) \
+ $(use_with pdf poppler) \
+ $(use_with png libpng) \
+ $(use_enable python) \
+ $(use_enable smp mp) \
+ $(use_enable sse) \
+ $(use_with svg librsvg) \
+ $(use_with tiff libtiff) \
+ $(use_with wmf)"
+
+ if use python; then
+ python_set_active_version 2
+ python_pkg_setup
+ fi
+}
+
+src_prepare() {
+ # don't use empty, removed header
+ # https://bugs.gentoo.org/show_bug.cgi?id=377075
+ epatch "${FILESDIR}"/gimp-curl-headers.diff
+
+ # apply file-uri patch by upstream
+ # https://bugs.gentoo.org/show_bug.cgi?id=372941
+ # https://bugzilla.gnome.org/show_bug.cgi?id=653980#c6
+ epatch "${FILESDIR}"/${PN}-2.6.11-file-uri.patch
+
+ # fix test suite
+ # https://bugs.gentoo.org/show_bug.cgi?id=406625
+ epatch "${FILESDIR}"/${P}-potfiles-skip.patch
+
+ # buffer overflow patch backport
+ # https://bugs.gentoo.org/show_bug.cgi?id=418425
+ epatch "${FILESDIR}"/${P}-CVE-2012-2763.patch
+
+ # CEL and GIF plug-ins: Heap-based buffer overflows (CVE-2012-{3403,3481})
+ # https://bugs.gentoo.org/show_bug.cgi?id=434580
+ epatch "${FILESDIR}"/${PN}-2.6.12-fix-type-overflow-CVE-2012-3481.patch
+ epatch "${FILESDIR}"/${PN}-2.6.12-limit-len-and-height-CVE-2012-3481.patch
+
+ echo '#!/bin/sh' > py-compile
+ gnome2_src_prepare
+}
+
+_clean_up_locales() {
+ elog "Cleaning up locales..."
+ for lang in ${LANGS}; do
+ use "linguas_${lang}" && {
+ elog "- keeping ${lang}"
+ continue
+ }
+ rm -Rf "${D}"/usr/share/locale/"${lang}" || die
+ done
+}
+
+src_install() {
+ gnome2_src_install
+
+ if use python; then
+ python_convert_shebangs -r $(python_get_version) "${ED}"
+ python_need_rebuild
+ fi
+
+ # Workaround for bug #321111 to give GIMP the least
+ # precedence on PDF documents by default
+ mv "${D}"/usr/share/applications/{,zzz-}gimp.desktop || die
+
+ find "${D}" -name '*.la' -delete || die
+
+ _clean_up_locales
+}
+
+pkg_postinst() {
+ gnome2_pkg_postinst
+
+ use python && python_mod_optimize /usr/$(get_libdir)/gimp/2.0/python \
+ /usr/$(get_libdir)/gimp/2.0/plug-ins
+}
+
+pkg_postrm() {
+ gnome2_pkg_postrm
+
+ use python && python_mod_cleanup /usr/$(get_libdir)/gimp/2.0/python \
+ /usr/$(get_libdir)/gimp/2.0/plug-ins
+}