Version bump with security fixes from upstream, bug #276235

Package-Manager: portage-2.2_rc33/cvs/Linux x86_64
author: Alexis Ballier <aballier@gentoo.org> 2009-07-24 20:51:30 +0000
committer: Alexis Ballier <aballier@gentoo.org> 2009-07-24 20:51:30 +0000
commit: 4cdb0c84d001c591bdd65cb0c30fdfeb3d34e418 (patch)
tree: 6ed275829f9a0b2f8ecdb960f7a8320c390f930f /dev-ml/camlimages
parent: dev-python/pyreverse has been deleted. (diff)
download: historical-4cdb0c84d001c591bdd65cb0c30fdfeb3d34e418.tar.gz
historical-4cdb0c84d001c591bdd65cb0c30fdfeb3d34e418.tar.bz2
historical-4cdb0c84d001c591bdd65cb0c30fdfeb3d34e418.zip
6 files changed, 285 insertions, 8 deletions
diff --git a/dev-ml/camlimages/ChangeLog b/dev-ml/camlimages/ChangeLog
index c5888eaf107a..9137bd73ea25 100644
--- a/dev-ml/camlimages/ChangeLog
+++ b/dev-ml/camlimages/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for dev-ml/camlimages
-# Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-ml/camlimages/ChangeLog,v 1.16 2008/09/02 18:06:25 aballier Exp $
+# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/dev-ml/camlimages/ChangeLog,v 1.17 2009/07/24 20:51:30 aballier Exp $
+
+*camlimages-3.0.1 (24 Jul 2009)
+
+  24 Jul 2009; Alexis Ballier <aballier@gentoo.org>
+  +camlimages-3.0.1.ebuild, +files/camlimages-3.0.1-CVE-2009-2295.patch,
+  +files/camlimages-3.0.1-lablgtk.patch, metadata.xml:
+  Version bump with security fixes from upstream, bug #276235
 
   02 Sep 2008; Alexis Ballier <aballier@gentoo.org> -camlimages-2.20.ebuild:
   remove old
diff --git a/dev-ml/camlimages/Manifest b/dev-ml/camlimages/Manifest
index 0eb87eed7075..405c7583c777 100644
--- a/dev-ml/camlimages/Manifest
+++ b/dev-ml/camlimages/Manifest
@@ -4,14 +4,18 @@ Hash: SHA1
 AUX META 143 RMD160 dedf7cbe1a4511c1791ae536bfd078c47c6db69b SHA1 e7777bcbc6ba245734131eb1ee9645269db7338e SHA256 2a934de5f1649633f656014b95f342029de034fd3c7a7057d6d3164201b97579
 AUX META.camlimages.in 850 RMD160 25b79bc73cdc1010ee62efe8f0ce5ae557f6cad7 SHA1 8f77fbe9f52b44bc054876040e58bc803ca54e5a SHA256 0303478d950eb12bcbc9dbab8b315830d9b60a757fb9c770fe505b609a103a66
 AUX camlimages-2.20-ocaml-3.09.diff 385 RMD160 b235b80d0e972a9c05c1f6acbdff335775c0a4e5 SHA1 c53ec44ab5c363b085eeca099d6cda7349b14a8b SHA256 5666ac67637d63fd40248ae2ead4ab6a9ab8b96139a670926ba28f186ed5027f
+AUX camlimages-3.0.1-CVE-2009-2295.patch 4347 RMD160 e383255355958e23ccf1136eb2482868fbba403c SHA1 0285ff2fb792946443ab9e25d83472dc6a51640d SHA256 5b8c460ee211169bd65e42469a7ed3428dc4ace6a76ecd67c2c99dcf1d392ac0
+AUX camlimages-3.0.1-lablgtk.patch 1375 RMD160 537f4e3008388fad9ffcd05f8b3ddfe171940a73 SHA1 053cf492697b65532cf06d2da702482d1acbb8c9 SHA256 413efcc6b767966ea2c6abb4219f821574987bb8094a615c7575e60e7a617aea
 DIST camlimages-2.2.tgz 1385525 RMD160 0f108ef3da565aeb0ab10d00e45819399af36d8c SHA1 bc0062739be5ca9236f28145f17f840bf3f295ee SHA256 9b8861d7b8c6752ad33ef2af5c486efa626b19ad9ea190641a736384629f1026
+DIST camlimages-3.0.1.tar.gz 1320064 RMD160 fcc2be8bd98bf06a268d7247118d8f4f4bcbacb5 SHA1 ca53397c76fa82da4bfa1ad0650032483a352d0c SHA256 d4e0edc9f11d5997166f5cd08b0e043fa7b917bd0d271f6591c24220ae6b3521
 EBUILD camlimages-2.20-r2.ebuild 2058 RMD160 0a8f53c87d151169aeca09b8e8b63cc5627c3352 SHA1 26caa179abad9eb56cfebd84317d9c665fda5653 SHA256 df3986810fb42abb66b80d70b333ec1e0aa2978d5254c8f4f153551d7095317c
-MISC ChangeLog 2847 RMD160 571440ed4fabdbf122d73f1a457e0d2db6a71129 SHA1 20c3acb241e5ce73af57a3d90f8923aad7a125fd SHA256 293882e5cfc293fc1c7766294c72785d3d97a7259712621b147dc36c19dc9ad8
-MISC metadata.xml 155 RMD160 dfaa057e679b01302a807c75a32a910098b26809 SHA1 94024f83dcacbb53e92be090dd0f994ec93dc90d SHA256 118048376ebb76f57628b0819f3de4856e73959c2578c88715d37ea2d1e0af81
+EBUILD camlimages-3.0.1.ebuild 1336 RMD160 b7f676cab3c409564b2bdf44392b1e1bccf0b088 SHA1 be0d2058dc407745b5ad75e9b576782878f51526 SHA256 91ac29c52d905bbb91b9e2604cd25fa77ebe078b27eef5a74800af6dc961439a
+MISC ChangeLog 3123 RMD160 b7acffad618c0704176eeba20e715aaac7c178be SHA1 acf59f5b7da7b2fd2b7e5a4ed13a0e98045fb651 SHA256 732cf1b3a61f95cc59ad687a807ac8130b45f84cc3967160263715f3964d5ef2
+MISC metadata.xml 234 RMD160 75062c045394f9d93ad6d830d4959666fac81241 SHA1 ff9422155c085b977935e76dbb87dc9f6ed6bb42 SHA256 d43df7cc2b17c0287287c854adb59220224c48e5f0f7c13232f61b440af6a87e
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.9 (GNU/Linux)
+Version: GnuPG v2.0.11 (GNU/Linux)
 
-iEYEARECAAYFAki9gKgACgkQvFcC4BYPU0qqoACfQG8FdCdm27KLNOtXKboBq3af
-aE0AniJaKGuy9co00kqhDp/VKE8wdqEv
-=D+Ym
+iEYEARECAAYFAkpqHyYACgkQvFcC4BYPU0r0TgCeLB15nDWrSH6Yl8g1ezaDGZ+l
+LQIAnAnn1pNmTolDAO3NBagZBCOK12sF
+=Gyty
 -----END PGP SIGNATURE-----
diff --git a/dev-ml/camlimages/camlimages-3.0.1.ebuild b/dev-ml/camlimages/camlimages-3.0.1.ebuild
new file mode 100644
index 000000000000..569699907313
--- /dev/null
+++ b/dev-ml/camlimages/camlimages-3.0.1.ebuild
@@ -0,0 +1,58 @@
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-ml/camlimages/camlimages-3.0.1.ebuild,v 1.1 2009/07/24 20:51:30 aballier Exp $
+
+EAPI=2
+
+inherit eutils
+
+IUSE="doc gif gs gtk jpeg tiff truetype xpm"
+
+DESCRIPTION="An image manipulation library for ocaml"
+HOMEPAGE="http://gallium.inria.fr/camlimages/"
+SRC_URI="http://gallium.inria.fr/camlimages/${P}.tar.gz"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~x86"
+
+RDEPEND=">=dev-lang/ocaml-3.10.2[ocamlopt]
+	gif? ( media-libs/giflib )
+	gtk? ( dev-ml/lablgtk )
+	gs? ( virtual/ghostscript )
+	jpeg? ( media-libs/jpeg )
+	tiff? ( media-libs/tiff )
+	media-libs/libpng
+	truetype? ( >=media-libs/freetype-2 )
+	xpm? ( x11-libs/libXpm )
+	"
+DEPEND="${DEPEND}
+	dev-ml/findlib"
+
+src_prepare() {
+	epatch "${FILESDIR}/${P}-lablgtk.patch"
+	epatch "${FILESDIR}/${P}-CVE-2009-2295.patch"
+}
+
+src_configure() {
+	econf \
+		$(use_with gif) \
+		$(use_with gs) \
+		$(use_with gtk lablgtk2) \
+		--without-lablgtk \
+		$(use_with jpeg) \
+		--with-png \
+		$(use_with tiff) \
+		$(use_with truetype freetype) \
+		$(use_with xpm)
+}
+
+src_compile() {
+	emake -j1 || die
+}
+
+src_install() {
+	emake DESTDIR="${D}" ocamlsitelibdir="$(ocamlfind printconf destdir)/${PN}" install || die
+	dodoc README
+	use doc && dohtml doc/*
+}
diff --git a/dev-ml/camlimages/files/camlimages-3.0.1-CVE-2009-2295.patch b/dev-ml/camlimages/files/camlimages-3.0.1-CVE-2009-2295.patch
new file mode 100644
index 000000000000..c94b9b11672e
--- /dev/null
+++ b/dev-ml/camlimages/files/camlimages-3.0.1-CVE-2009-2295.patch
@@ -0,0 +1,154 @@
+Index: src/gifread.c
+===================================================================
+--- src/gifread.c.orig
++++ src/gifread.c
+@@ -20,6 +20,8 @@
+ #include <caml/memory.h>
+ #include <caml/fail.h>
+ 
++#include "oversized.h"
++
+ #include <stdio.h>
+ #include <string.h>
+ 
+@@ -191,6 +193,9 @@ value dGifGetLine( value hdl )
+ 
+   GifFileType *GifFile = (GifFileType*) hdl;
+ 
++  if( oversized( GifFile->Image.Width, sizeof(GifPixelType) ) ){
++    failwith_oversized("gif");
++  }
+   buf = alloc_string( GifFile->Image.Width * sizeof(GifPixelType) ); 
+ 
+   if( DGifGetLine(GifFile, String_val(buf), GifFile->Image.Width ) 
+Index: src/jpegread.c
+===================================================================
+--- src/jpegread.c.orig
++++ src/jpegread.c
+@@ -20,6 +20,8 @@
+ #include <caml/memory.h>
+ #include <caml/fail.h>
+ 
++#include "oversized.h"
++
+ #include <stdio.h>
+ #include <string.h>
+ 
+@@ -156,6 +158,12 @@ read_JPEG_file (value name)
+    */ 
+   /* JSAMPLEs per row in output buffer */
+ 
++  if( oversized(cinfo.output_width, cinfo.output_components) ){
++    jpeg_destroy_decompress(&cinfo);
++    fclose(infile);
++    failwith_oversized("jpeg");
++  }
++
+   row_stride = cinfo.output_width * cinfo.output_components;
+ 
+   /* Make a one-row-high sample array that will go away when done with image */
+@@ -177,6 +185,12 @@ read_JPEG_file (value name)
+     jpeg_read_scanlines(&cinfo, buffer + cinfo.output_scanline, 1); 
+   }
+ 
++  if( oversized(row_stride, cinfo.output_height) ){
++    jpeg_destroy_decompress(&cinfo);
++    fclose(infile);
++    failwith_oversized("jpeg");
++  }
++
+   {
+     CAMLlocalN(r,3);
+     r[0] = Val_int(cinfo.output_width);
+@@ -352,6 +366,7 @@ value open_jpeg_file_for_read_start( jpe
+ 
+   { 
+     CAMLlocalN(r,3);
++    // CR jfuruse: integer overflow
+     r[0] = Val_int(cinfop->output_width);
+     r[1] = Val_int(cinfop->output_height);
+     r[2] = alloc_tuple(3);
+Index: src/oversized.h
+===================================================================
+--- /dev/null
++++ src/oversized.h
+@@ -0,0 +1,9 @@
++#include <limits.h>
++/* Test if x or y are negative, or if multiplying x * y would cause an
++ * arithmetic overflow.
++ */
++#define oversized(x, y)						\
++  ((x) < 0 || (y) < 0 || ((y) != 0 && (x) > INT_MAX / (y)))
++
++#define failwith_oversized(lib) \
++  failwith("#lib error: image contains oversized or bogus width and height");
+Index: src/pngread.c
+===================================================================
+--- src/pngread.c.orig
++++ src/pngread.c
+@@ -17,6 +17,8 @@
+ 
+ #include <png.h>
+ 
++#include "oversized.h"
++
+ #include <caml/mlvalues.h>
+ #include <caml/alloc.h>
+ #include <caml/memory.h>
+@@ -81,6 +83,9 @@ value read_png_file_as_rgb24( name )
+   png_get_IHDR(png_ptr, info_ptr, &width, &height, &bit_depth, &color_type,
+ 	       &interlace_type, NULL, NULL);
+ 
++  if (oversized (width, height))
++    failwith_oversized("png");
++
+   if ( color_type == PNG_COLOR_TYPE_GRAY ||
+        color_type == PNG_COLOR_TYPE_GRAY_ALPHA ) { 
+     png_set_gray_to_rgb(png_ptr); 
+@@ -102,10 +107,16 @@ value read_png_file_as_rgb24( name )
+ 
+   rowbytes = png_get_rowbytes(png_ptr, info_ptr);
+ 
++  if (oversized (rowbytes, height))
++    failwith_oversized("png");
++
+   {
+     int i;
+     png_bytep *row_pointers;
+ 
++    if (oversized (sizeof (png_bytep), height))
++      failwith_oversized("png");
++
+     row_pointers = (png_bytep*) stat_alloc(sizeof(png_bytep) * height);
+ 
+     res = alloc_tuple(3);
+@@ -235,6 +246,9 @@ value read_png_file( name )
+   png_get_IHDR(png_ptr, info_ptr, &width, &height, &bit_depth, &color_type,
+ 	       &interlace_type, NULL, NULL);
+ 
++  if (oversized (width, height))
++    failwith_oversized("png");
++
+   if ( color_type == PNG_COLOR_TYPE_GRAY ||
+        color_type == PNG_COLOR_TYPE_GRAY_ALPHA ) { 
+     png_set_gray_to_rgb(png_ptr); 
+@@ -251,6 +265,9 @@ value read_png_file( name )
+ 
+   rowbytes = png_get_rowbytes(png_ptr, info_ptr);
+ 
++  if (oversized (rowbytes, height))
++    failwith_oversized("png");
++
+ /*
+ fprintf(stderr, "pngread.c: actual loading\n"); fflush(stderr);
+ */
+@@ -259,6 +276,9 @@ fprintf(stderr, "pngread.c: actual loadi
+     png_bytep *row_pointers;
+     char mesg[256];
+  
++    if (oversized (sizeof (png_bytep), height))
++      failwith_oversized("png");
++
+     row_pointers = (png_bytep*)stat_alloc(sizeof(png_bytep) * height);
+     res = alloc_tuple(3);
+ 
diff --git a/dev-ml/camlimages/files/camlimages-3.0.1-lablgtk.patch b/dev-ml/camlimages/files/camlimages-3.0.1-lablgtk.patch
new file mode 100644
index 000000000000..1b29dd509ed2
--- /dev/null
+++ b/dev-ml/camlimages/files/camlimages-3.0.1-lablgtk.patch
@@ -0,0 +1,51 @@
+Index: camlimages-3.0.1/examples/liv/liv.ml
+===================================================================
+--- camlimages-3.0.1.orig/examples/liv/liv.ml
++++ camlimages-3.0.1/examples/liv/liv.ml
+@@ -12,6 +12,10 @@
+ 
+ (* $Id: camlimages-3.0.1-lablgtk.patch,v 1.1 2009/07/24 20:51:30 aballier Exp $ *)
+ 
++
++module D = Display
++open D
++
+ open Images;;
+ open OImages;;
+ 
+@@ -21,14 +25,13 @@ open GMain;;
+ 
+ open Livmisc;;
+ open Gui;;
+-open Display;;
+ open Tout;;
+ 
+ open Gc;;
+ 
+ exception Skipped;;
+ 
+-let base_filters = ref ([] : Display.filter list);;
++let base_filters = ref ([] : D.filter list);;
+ 
+ let r = Gc.get () in
+ r.max_overhead <- 0; Gc.set r;
+@@ -52,15 +55,15 @@ Arg.parse [
+   "-root",
+     Arg.String
+       (function
+-       | "center" -> Display.root_mode := `CENTER
+-       | "random" -> Display.root_mode := `RANDOM
++       | "center" -> D.root_mode := `CENTER
++       | "random" -> D.root_mode := `RANDOM
+        | _ -> raise (Failure "root mode")),
+     ": on root [center|random]";
+   "-transition",
+     Arg.String
+       (function
+-       | "myst" -> Display.transition := `MYST
+-       | "transparent" -> Display.transition := `TRANSPARENT
++       | "myst" -> D.transition := `MYST
++       | "transparent" -> D.transition := `TRANSPARENT
+        | _ -> raise (Failure "transition")),
+     ": transition [myst|transparent]";
+   "-transparentborder",
diff --git a/dev-ml/camlimages/metadata.xml b/dev-ml/camlimages/metadata.xml
index 2193d772e351..f85e344ba8e2 100644
--- a/dev-ml/camlimages/metadata.xml
+++ b/dev-ml/camlimages/metadata.xml
@@ -2,4 +2,7 @@
 <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
 <herd>ml</herd>
+<use>
+	<flag name="gs">Ghostscript support (virtual/ghostscript)</flag>
+</use>
 </pkgmetadata>
author	Alexis Ballier <aballier@gentoo.org>	2009-07-24 20:51:30 +0000
committer	Alexis Ballier <aballier@gentoo.org>	2009-07-24 20:51:30 +0000
commit	4cdb0c84d001c591bdd65cb0c30fdfeb3d34e418 (patch)
tree	6ed275829f9a0b2f8ecdb960f7a8320c390f930f /dev-ml/camlimages
parent	dev-python/pyreverse has been deleted. (diff)
download	historical-4cdb0c84d001c591bdd65cb0c30fdfeb3d34e418.tar.gz historical-4cdb0c84d001c591bdd65cb0c30fdfeb3d34e418.tar.bz2 historical-4cdb0c84d001c591bdd65cb0c30fdfeb3d34e418.zip