diff options
| author |   Joe McCann <joem@gentoo.org> | 2004-12-04 22:33:51 +0000 |
|---|---|---|
| committer | Joe McCann <joem@gentoo.org> | 2004-12-04 22:33:51 +0000 |
| commit | 01ce7cfb7a4d4a7d779a56d4e590bc9f85b2f273 (patch) | |
| tree | 9309cbafacb05c4fb68bdcd3d829ac3a287e4e67 /media-libs/imlib | |
| parent | Version bump, bug #72920 (Manifest recommit) (diff) | |
| download | gentoo-2-01ce7cfb7a4d4a7d779a56d4e590bc9f85b2f273.tar.gz gentoo-2-01ce7cfb7a4d4a7d779a56d4e590bc9f85b2f273.tar.bz2 gentoo-2-01ce7cfb7a4d4a7d779a56d4e590bc9f85b2f273.zip | |
Adding security patch. See bug #72681 for more information
Diffstat (limited to 'media-libs/imlib')
| -rw-r--r-- | media-libs/imlib/ChangeLog | 8 | ||||
| -rw-r--r-- | media-libs/imlib/Manifest | 7 | ||||
| -rw-r--r-- | media-libs/imlib/files/digest-imlib-1.9.14-r3 | 1 | ||||
| -rw-r--r-- | media-libs/imlib/files/imlib-1.9.14-sec2.patch | 510 | ||||
| -rw-r--r-- | media-libs/imlib/imlib-1.9.14-r3.ebuild | 50 |
5 files changed, 573 insertions, 3 deletions
diff --git a/media-libs/imlib/ChangeLog b/media-libs/imlib/ChangeLog index 40212f8960a3..f6976e2d08a3 100644 --- a/media-libs/imlib/ChangeLog +++ b/media-libs/imlib/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for media-libs/imlib # Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/media-libs/imlib/ChangeLog,v 1.27 2004/10/17 06:07:42 hardave Exp $ +# $Header: /var/cvsroot/gentoo-x86/media-libs/imlib/ChangeLog,v 1.28 2004/12/04 22:33:51 joem Exp $ + +*imlib-1.9.14-r3 (04 Dec 2004) + + 04 Dec 2004; Joe McCann <joem@gentoo.org> +files/imlib-1.9.14-sec2.patch, + +imlib-1.9.14-r3.ebuild: + Adding security patch. See bug #72681 for more information 17 Oct 2004; Hardave Riar <hardave@gentoo.org> imlib-1.9.14-r2.ebuild: Stable on mips, bug #62487. diff --git a/media-libs/imlib/Manifest b/media-libs/imlib/Manifest index a56cd653e7d2..a0a666d03320 100644 --- a/media-libs/imlib/Manifest +++ b/media-libs/imlib/Manifest @@ -1,7 +1,10 @@ -MD5 bc27b28e9216a0810bc3f2c25246e4d1 ChangeLog 3773 +MD5 0ecaa2b99db1393e4fdf8eaf6fbdbb4e ChangeLog 3970 MD5 13ebbdff38b389c23e8cac50e2c913a6 imlib-1.9.14-r1.ebuild 1029 -MD5 03ad2e6c4ab41244af1015a8bbb0b39f metadata.xml 158 MD5 c3d91305f3a060258a5fb19cf5590bde imlib-1.9.14-r2.ebuild 1104 +MD5 03ad2e6c4ab41244af1015a8bbb0b39f metadata.xml 158 +MD5 18f8ce7b273d3bd8b6a91764ae07006e imlib-1.9.14-r3.ebuild 1181 MD5 249b41b845e39ccae3a4022bead066e9 files/digest-imlib-1.9.14-r1 65 MD5 249b41b845e39ccae3a4022bead066e9 files/digest-imlib-1.9.14-r2 65 MD5 785e01e32ee3640d632ac61e28d14aa4 files/imlib-1.9.14-bound.patch 11764 +MD5 b273d36aa60adbfaacaf6062234e4c1f files/imlib-1.9.14-sec2.patch 13040 +MD5 249b41b845e39ccae3a4022bead066e9 files/digest-imlib-1.9.14-r3 65 diff --git a/media-libs/imlib/files/digest-imlib-1.9.14-r3 b/media-libs/imlib/files/digest-imlib-1.9.14-r3 new file mode 100644 index 000000000000..2506fdb6b205 --- /dev/null +++ b/media-libs/imlib/files/digest-imlib-1.9.14-r3 @@ -0,0 +1 @@ +MD5 a337643f75bb431034d7213ac74f13dc imlib-1.9.14.tar.bz2 587947 diff --git a/media-libs/imlib/files/imlib-1.9.14-sec2.patch b/media-libs/imlib/files/imlib-1.9.14-sec2.patch new file mode 100644 index 000000000000..c820270d47e1 --- /dev/null +++ b/media-libs/imlib/files/imlib-1.9.14-sec2.patch @@ -0,0 +1,510 @@ +diff -urN imlib-1.9.13.orig/Imlib/load.c imlib-1.9.13/Imlib/load.c +--- imlib-1.9.13.orig/Imlib/load.c Wed Mar 13 19:06:29 2002 ++++ imlib-1.9.13/Imlib/load.c Thu Sep 16 17:21:01 2004 +@@ -4,6 +4,8 @@ + #include "Imlib_private.h" + #include <setjmp.h> + ++#define G_MAXINT ((int) 0x7fffffff) ++ + /* Split the ID - damages input */ + + static char * +@@ -41,13 +43,17 @@ + + /* + * Make sure we don't wrap on our memory allocations ++ * we check G_MAXINT/4 because rend.c malloc's w * h * bpp ++ * + 3 is safety margin + */ + + void * _imlib_malloc_image(unsigned int w, unsigned int h) + { +- if( w > 32767 || h > 32767) +- return NULL; +- return malloc(w * h * 3); ++ if (w <= 0 || w > 32767 || ++ h <= 0 || h > 32767 || ++ h >= (G_MAXINT/4 - 1) / w) ++ return NULL; ++ return malloc(w * h * 3 + 3); + } + + #ifdef HAVE_LIBJPEG +@@ -360,7 +366,9 @@ + npix = ww * hh; + *w = (int)ww; + *h = (int)hh; +- if(ww > 32767 || hh > 32767) ++ if (ww <= 0 || ww > 32767 || ++ hh <= 0 || hh > 32767 || ++ hh >= (G_MAXINT/sizeof(uint32)) / ww) + { + TIFFClose(tif); + return NULL; +@@ -463,7 +471,7 @@ + } + *w = gif->Image.Width; + *h = gif->Image.Height; +- if (*h > 32767 || *w > 32767) ++ if (*h <= 0 || *h > 32767 || *w <= 0 || *w > 32767) + { + return NULL; + } +@@ -965,7 +973,12 @@ + comment = 0; + quote = 0; + context = 0; ++ memset(lookup, 0, sizeof(lookup)); ++ + line = malloc(lsz); ++ if (!line) ++ return NULL; ++ + while (!done) + { + pc = c; +@@ -994,25 +1007,25 @@ + { + /* Header */ + sscanf(line, "%i %i %i %i", w, h, &ncolors, &cpp); +- if (ncolors > 32766) ++ if (ncolors <= 0 || ncolors > 32766) + { + fprintf(stderr, "IMLIB ERROR: XPM files wth colors > 32766 not supported\n"); + free(line); + return NULL; + } +- if (cpp > 5) ++ if (cpp <= 0 || cpp > 5) + { + fprintf(stderr, "IMLIB ERROR: XPM files with characters per pixel > 5 not supported\n"); + free(line); + return NULL; + } +- if (*w > 32767) ++ if (*w <= 0 || *w > 32767) + { + fprintf(stderr, "IMLIB ERROR: Image width > 32767 pixels for file\n"); + free(line); + return NULL; + } +- if (*h > 32767) ++ if (*h <= 0 || *h > 32767) + { + fprintf(stderr, "IMLIB ERROR: Image height > 32767 pixels for file\n"); + free(line); +@@ -1045,11 +1058,13 @@ + { + int slen; + int hascolor, iscolor; ++ int space; + + iscolor = 0; + hascolor = 0; + tok[0] = 0; + col[0] = 0; ++ space = sizeof(col) - 1; + s[0] = 0; + len = strlen(line); + strncpy(cmap[j].str, line, cpp); +@@ -1072,10 +1087,10 @@ + { + if (k >= len) + { +- if (col[0]) +- strcat(col, " "); +- if (strlen(col) + strlen(s) < sizeof(col)) +- strcat(col, s); ++ if (col[0] && space > 0) ++ strcat(col, " "), space -= 1; ++ if (slen <= space) ++ strcat(col, s), space -= slen; + } + if (col[0]) + { +@@ -1105,14 +1120,17 @@ + } + } + } +- strcpy(tok, s); ++ if (slen < sizeof(tok)); ++ strcpy(tok, s); + col[0] = 0; ++ space = sizeof(col) - 1; + } + else + { +- if (col[0]) +- strcat(col, " "); +- strcat(col, s); ++ if (col[0] && space > 0) ++ strcat(col, " "), space -=1; ++ if (slen <= space) ++ strcat(col, s), space -= slen; + } + } + } +@@ -1341,12 +1359,12 @@ + sscanf(s, "%i %i", w, h); + a = *w; + b = *h; +- if (a > 32767) ++ if (a <= 0 || a > 32767) + { + fprintf(stderr, "IMLIB ERROR: Image width > 32767 pixels for file\n"); + return NULL; + } +- if (b > 32767) ++ if (b <= 0 || b > 32767) + { + fprintf(stderr, "IMLIB ERROR: Image height > 32767 pixels for file\n"); + return NULL; +diff -urN imlib-1.9.13.orig/Imlib/utils.c imlib-1.9.13/Imlib/utils.c +--- imlib-1.9.13.orig/Imlib/utils.c Mon Mar 4 17:45:28 2002 ++++ imlib-1.9.13/Imlib/utils.c Thu Sep 16 17:21:15 2004 +@@ -1496,36 +1496,56 @@ + context = 0; + ptr = NULL; + end = NULL; ++ memset(lookup, 0, sizeof(lookup)); + + while (!done) + { + line = data[count++]; ++ if (!line) ++ break; ++ line = strdup(line); ++ if (!line) ++ break; ++ len = strlen(line); ++ for (i = 0; i < len; ++i) ++ { ++ c = line[i]; ++ if (c < 32) ++ line[i] = 32; ++ else if (c > 127) ++ line[i] = 127; ++ } ++ + if (context == 0) + { + /* Header */ + sscanf(line, "%i %i %i %i", &w, &h, &ncolors, &cpp); +- if (ncolors > 32766) ++ if (ncolors <= 0 || ncolors > 32766) + { + fprintf(stderr, "IMLIB ERROR: XPM data wth colors > 32766 not supported\n"); + free(im); ++ free(line); + return NULL; + } +- if (cpp > 5) ++ if (cpp <= 0 || cpp > 5) + { + fprintf(stderr, "IMLIB ERROR: XPM data with characters per pixel > 5 not supported\n"); + free(im); ++ free(line); + return NULL; + } +- if (w > 32767) ++ if (w <= 0 || w > 32767) + { + fprintf(stderr, "IMLIB ERROR: Image width > 32767 pixels for data\n"); + free(im); ++ free(line); + return NULL; + } +- if (h > 32767) ++ if (h <= 0 || h > 32767) + { + fprintf(stderr, "IMLIB ERROR: Image height > 32767 pixels for data\n"); + free(im); ++ free(line); + return NULL; + } + cmap = malloc(sizeof(struct _cmap) * ncolors); +@@ -1533,6 +1553,7 @@ + if (!cmap) + { + free(im); ++ free(line); + return NULL; + } + im->rgb_width = w; +@@ -1542,6 +1563,7 @@ + { + free(cmap); + free(im); ++ free(line); + return NULL; + } + im->alpha_data = NULL; +@@ -1817,6 +1839,7 @@ + } + if ((ptr) && ((ptr - im->rgb_data) >= w * h * 3)) + done = 1; ++ free(line); + } + if (!transp) + { +diff -urN imlib-1.9.13.orig/gdk_imlib/io-gif.c imlib-1.9.13/gdk_imlib/io-gif.c +--- imlib-1.9.13.orig/gdk_imlib/io-gif.c Mon Mar 4 17:26:51 2002 ++++ imlib-1.9.13/gdk_imlib/io-gif.c Thu Sep 16 16:11:31 2004 +@@ -55,7 +55,7 @@ + } + *w = gif->Image.Width; + *h = gif->Image.Height; +- if(*h > 32767 || *w > 32767) ++ if(*h <= 0 || *h > 32767 || *w <= 0 || *w > 32767) + { + return NULL; + } +diff -urN imlib-1.9.13.orig/gdk_imlib/io-ppm.c imlib-1.9.13/gdk_imlib/io-ppm.c +--- imlib-1.9.13.orig/gdk_imlib/io-ppm.c Mon Mar 4 17:26:51 2002 ++++ imlib-1.9.13/gdk_imlib/io-ppm.c Thu Sep 16 16:13:13 2004 +@@ -53,12 +53,12 @@ + sscanf(s, "%i %i", w, h); + a = *w; + b = *h; +- if (a > 32767) ++ if (a <= 0 || a > 32767) + { + fprintf(stderr, "gdk_imlib ERROR: Image width > 32767 pixels for file\n"); + return NULL; + } +- if (b > 32767) ++ if (b <= 0 || b > 32767) + { + fprintf(stderr, "gdk_imlib ERROR: Image height > 32767 pixels for file\n"); + return NULL; +diff -urN imlib-1.9.13.orig/gdk_imlib/io-tiff.c imlib-1.9.13/gdk_imlib/io-tiff.c +--- imlib-1.9.13.orig/gdk_imlib/io-tiff.c Mon Mar 4 17:26:51 2002 ++++ imlib-1.9.13/gdk_imlib/io-tiff.c Thu Sep 16 16:13:57 2004 +@@ -36,7 +36,9 @@ + npix = ww * hh; + *w = (int)ww; + *h = (int)hh; +- if(ww > 32767 || hh > 32767) ++ if (ww <= 0 || ww > 32767 || ++ hh <= 0 || hh > 32767 || ++ hh >= (G_MAXINT/sizeof(uint32)) / ww) + { + TIFFClose(tif); + return NULL; +diff -urN imlib-1.9.13.orig/gdk_imlib/io-xpm.c imlib-1.9.13/gdk_imlib/io-xpm.c +--- imlib-1.9.13.orig/gdk_imlib/io-xpm.c Mon Mar 4 17:26:51 2002 ++++ imlib-1.9.13/gdk_imlib/io-xpm.c Thu Sep 16 17:08:24 2004 +@@ -40,8 +40,12 @@ + context = 0; + i = j = 0; + cmap = NULL; ++ memset(lookup, 0, sizeof(lookup)); + + line = malloc(lsz); ++ if (!line) ++ return NULL; ++ + while (!done) + { + pc = c; +@@ -70,25 +74,25 @@ + { + /* Header */ + sscanf(line, "%i %i %i %i", w, h, &ncolors, &cpp); +- if (ncolors > 32766) ++ if (ncolors <= 0 || ncolors > 32766) + { + fprintf(stderr, "gdk_imlib ERROR: XPM files wth colors > 32766 not supported\n"); + free(line); + return NULL; + } +- if (cpp > 5) ++ if (cpp <= 0 || cpp > 5) + { + fprintf(stderr, "gdk_imlib ERROR: XPM files with characters per pixel > 5 not supported\n"); + free(line); + return NULL; + } +- if (*w > 32767) ++ if (*w <= 0 || *w > 32767) + { + fprintf(stderr, "gdk_imlib ERROR: Image width > 32767 pixels for file\n"); + free(line); + return NULL; + } +- if (*h > 32767) ++ if (*h <= 0 || *h > 32767) + { + fprintf(stderr, "gdk_imlib ERROR: Image height > 32767 pixels for file\n"); + free(line); +@@ -120,11 +124,13 @@ + { + int slen; + int hascolor, iscolor; ++ int space; + + hascolor = 0; + iscolor = 0; + tok[0] = 0; + col[0] = 0; ++ space = sizeof(col) - 1; + s[0] = 0; + len = strlen(line); + strncpy(cmap[j].str, line, cpp); +@@ -147,10 +153,10 @@ + { + if (k >= len) + { +- if (col[0]) +- strcat(col, " "); +- if (strlen(col) + strlen(s) < sizeof(col)) +- strcat(col, s); ++ if (col[0] && space > 0) ++ strncat(col, " ", space), space -= 1; ++ if (slen <= space) ++ strcat(col, s), space -= slen; + } + if (col[0]) + { +@@ -180,14 +186,17 @@ + } + } + } +- strcpy(tok, s); ++ if (slen < sizeof(tok)) ++ strcpy(tok, s); + col[0] = 0; ++ space = sizeof(col) - 1; + } + else + { +- if (col[0]) +- strcat(col, " "); +- strcat(col, s); ++ if (col[0] && space > 0) ++ strcat(col, " "), space -= 1; ++ if (slen <= space) ++ strcat(col, s), space -= slen; + } + } + } +diff -urN imlib-1.9.13.orig/gdk_imlib/misc.c imlib-1.9.13/gdk_imlib/misc.c +--- imlib-1.9.13.orig/gdk_imlib/misc.c Mon Mar 4 17:26:51 2002 ++++ imlib-1.9.13/gdk_imlib/misc.c Thu Sep 16 16:35:32 2004 +@@ -1355,11 +1355,16 @@ + + /* + * Make sure we don't wrap on our memory allocations ++ * we check G_MAX_INT/4 because rend.c malloc's w * h * bpp ++ * + 3 is safety margin + */ + + void *_gdk_malloc_image(unsigned int w, unsigned int h) + { +- if( w > 32767 || h > 32767) ++ if (w <= 0 || w > 32767 || ++ h <= 0 || h > 32767 || ++ h >= (G_MAXINT/4 - 1) / w) + return NULL; +- return malloc(w * h * 3); ++ return malloc(w * h * 3 + 3); + } ++ +diff -urN imlib-1.9.13.orig/gdk_imlib/utils.c imlib-1.9.13/gdk_imlib/utils.c +--- imlib-1.9.13.orig/gdk_imlib/utils.c Mon Mar 4 17:26:51 2002 ++++ imlib-1.9.13/gdk_imlib/utils.c Thu Sep 16 17:28:35 2004 +@@ -1236,36 +1236,56 @@ + context = 0; + ptr = NULL; + end = NULL; ++ memset(lookup, 0, sizeof(lookup)); + + while (!done) + { + line = data[count++]; ++ if (!line) ++ break; ++ line = strdup(line); ++ if (!line) ++ break; ++ len = strlen(line); ++ for (i = 0; i < len; ++i) ++ { ++ c = line[i]; ++ if (c < 32) ++ line[i] = 32; ++ else if (c > 127) ++ line[i] = 127; ++ } ++ + if (context == 0) + { + /* Header */ + sscanf(line, "%i %i %i %i", &w, &h, &ncolors, &cpp); +- if (ncolors > 32766) ++ if (ncolors <= 0 || ncolors > 32766) + { + fprintf(stderr, "gdk_imlib ERROR: XPM data wth colors > 32766 not supported\n"); + free(im); ++ free(line); + return NULL; + } +- if (cpp > 5) ++ if (cpp <= 0 || cpp > 5) + { + fprintf(stderr, "gdk_imlib ERROR: XPM data with characters per pixel > 5 not supported\n"); + free(im); ++ free(line); + return NULL; + } +- if (w > 32767) ++ if (w <= 0 || w > 32767) + { + fprintf(stderr, "gdk_imlib ERROR: Image width > 32767 pixels for data\n"); + free(im); ++ free(line); + return NULL; + } +- if (h > 32767) ++ if (h <= 0 || h > 32767) + { + fprintf(stderr, "gdk_imlib ERROR: Image height > 32767 pixels for data\n"); + free(im); ++ free(line); + return NULL; + } + cmap = malloc(sizeof(struct _cmap) * ncolors); +@@ -1273,6 +1293,7 @@ + if (!cmap) + { + free(im); ++ free(line); + return NULL; + } + im->rgb_width = w; +@@ -1282,6 +1303,7 @@ + { + free(cmap); + free(im); ++ free(line); + return NULL; + } + im->alpha_data = NULL; +@@ -1355,7 +1377,7 @@ + strcpy(col + colptr, " "); + colptr++; + } +- if (colptr + ls <= sizeof(col)) ++ if (colptr + ls < sizeof(col)) + { + strcpy(col + colptr, s); + colptr += ls; +@@ -1558,6 +1580,7 @@ + } + if ((ptr) && ((ptr - im->rgb_data) >= w * h * 3)) + done = 1; ++ free(line); + } + if (!transp) + { diff --git a/media-libs/imlib/imlib-1.9.14-r3.ebuild b/media-libs/imlib/imlib-1.9.14-r3.ebuild new file mode 100644 index 000000000000..90d0a17eb46f --- /dev/null +++ b/media-libs/imlib/imlib-1.9.14-r3.ebuild @@ -0,0 +1,50 @@ +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/media-libs/imlib/imlib-1.9.14-r3.ebuild,v 1.1 2004/12/04 22:33:51 joem Exp $ + +inherit gnome.org libtool eutils + +DESCRIPTION="general image loading and rendering library" +HOMEPAGE="http://developer.gnome.org/arch/imaging/imlib.html" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc x86" +IUSE="" + +DEPEND="=x11-libs/gtk+-1.2* + >=media-libs/tiff-3.5.5 + >=media-libs/giflib-4.1.0 + >=media-libs/libpng-1.2.1 + >=media-libs/jpeg-6b" + +src_unpack() { + unpack ${A} + # fix config script bug 3425 + cd ${S} + mv imlib-config.in imlib-config.in.bad + sed -e "49,51D" -e "55,57D" imlib-config.in.bad > imlib-config.in + + # Security fix per bug #62487 + epatch ${FILESDIR}/${P}-bound.patch + + #Security fix for bug #72681 + epatch ${FILESDIR}/${P}-sec2.patch +} + +src_compile() { + elibtoolize + econf --sysconfdir=/etc/imlib || die + emake || die +} + +src_install() { + einstall \ + includedir=${D}/usr/include \ + sysconfdir=${D}/etc/imlib \ + || die + preplib /usr + + dodoc AUTHORS ChangeLog README NEWS + dohtml -r doc +} |