media-gfx/gimp: Fix CVE-2012-3236 (bug #428708)

Package-Manager: portage-2.1.10.65/cvs/Linux x86_64
author: Sebastian Pipping <sping@gentoo.org> 2012-09-22 21:44:00 +0000
committer: Sebastian Pipping <sping@gentoo.org> 2012-09-22 21:44:00 +0000
commit: 64723db20ef7b9db39afc9fc35c681978af17fd4 (patch)
tree: b1dca454433da64fe9c09b2ef2e61191645fafda /media-gfx/gimp
parent: Remove old (diff)
download: historical-64723db20ef7b9db39afc9fc35c681978af17fd4.tar.gz
historical-64723db20ef7b9db39afc9fc35c681978af17fd4.tar.bz2
historical-64723db20ef7b9db39afc9fc35c681978af17fd4.zip
4 files changed, 221 insertions, 5 deletions
diff --git a/media-gfx/gimp/ChangeLog b/media-gfx/gimp/ChangeLog
index 5d3c4be465b2..35ec9e0593f7 100644
--- a/media-gfx/gimp/ChangeLog
+++ b/media-gfx/gimp/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for media-gfx/gimp
 # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-gfx/gimp/ChangeLog,v 1.388 2012/09/22 21:21:59 sping Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-gfx/gimp/ChangeLog,v 1.389 2012/09/22 21:44:00 sping Exp $
+
+*gimp-2.6.12-r5 (22 Sep 2012)
+
+  22 Sep 2012; Sebastian Pipping <sping@gentoo.org> +gimp-2.6.12-r5.ebuild,
+  +files/gimp-2.6.12-CVE-2012-3236.patch:
+  Apply upstream patch for CVE-2012-3236 (bug #428708)
 
   22 Sep 2012; Sebastian Pipping <sping@gentoo.org> -gimp-2.6.11-r5.ebuild,
   -gimp-2.6.11-r6.ebuild, -gimp-2.7.3.ebuild, -gimp-2.7.3-r1.ebuild,
diff --git a/media-gfx/gimp/Manifest b/media-gfx/gimp/Manifest
index aca9d5bb3584..748c6dfe2c84 100644
--- a/media-gfx/gimp/Manifest
+++ b/media-gfx/gimp/Manifest
@@ -5,6 +5,7 @@ AUX gimp-2.6.11-cve-2011-2896.patch 1818 RMD160 4cc01a8197a31f3793897150e190ea09
 AUX gimp-2.6.11-file-uri.patch 2209 RMD160 17cd5c7b454e7f64f7ed50cec4d9fe160ce7f2fc SHA1 77b3f6f50934a70f2ac938cfa0a1876ee72c2d14 SHA256 cb9da632417fcc866c047104cfbe25b5b9964fa5e65e333c042fdf23c19e692f
 AUX gimp-2.6.11-poppler-0.17.patch 15620 RMD160 5f22b65bcadecbff1b67a42a6dd48fd167272bc9 SHA1 418cbe80cc5cd7f6476ce196c755344954df83e0 SHA256 69b214ff495c7cbc1f52c0c56fa9a09e4dfba47f54da8bb3c8b063b26b8d04bd
 AUX gimp-2.6.12-CVE-2012-2763.patch 711 RMD160 51799cd0ca7e188086f10d95dcc97e1a7a6ac708 SHA1 0545a3f3a52d45507419d6977eebb0df12b6a037 SHA256 6ea0d78cf8a70bdc8cd7877ec41750ee5d4bbf5f391910328eae3b3d6e83dc48
+AUX gimp-2.6.12-CVE-2012-3236.patch 1336 RMD160 b8ae2a04f541101b38a20aba6c2feb021b63eafd SHA1 b6a0b9e1c1f0c26c8eda945e5172eef7ac6705af SHA256 06dd5fec6d6842463f3f03861663cfb474a75ec8a3ccf86e0dc0e9855ff1dd71
 AUX gimp-2.6.12-CVE-2012-3403.patch 16268 RMD160 1992474c0d975ca9af0254cacbbe4fffebd42e78 SHA1 fe8366fa143b21f1f1dfa80dfe9697ff7ebaf97c SHA256 882c06f5726b96dbd442659e98729e1e9cb6e9e62de1bb6104ac2be7de9d5c5a
 AUX gimp-2.6.12-CVE-2012-3481.patch 1937 RMD160 73d475236fb2d20419482ecabb268fa3aac6b5f4 SHA1 c54923c25423152a633a8a650257a7a13b586cb4 SHA256 eeb6fefb10280033dcd56d06d9b90e24c1c2c6689c1a54580c17e828384b5324
 AUX gimp-2.6.12-potfiles-skip.patch 481 RMD160 4ddf02e9f6f1c09daf9d29546bd3f107b555a016 SHA1 1419bac320d9bfec8fb92b5dabdb626013d7542d SHA256 1ed0292cab5bc744b3c4450827accc86f1719eb8e75416c282e84a8f65eb9f2f
@@ -22,14 +23,15 @@ DIST gimp-2.6.12.tar.bz2 16745411 RMD160 3c7ae863474dea670eaeb914e333ba6bf50c7fc
 DIST gimp-2.8.2.tar.bz2 20161424 RMD160 353cf862302417c35df902618a3ba05ac0b3af41 SHA1 64ad90cedc5e8e348310b6eb6b7821ec110c0886 SHA256 0cd1a7e67e132ead810e16e31ff929394c83fcf841e4a295c45d6f3829601ad9
 EBUILD gimp-2.6.12-r2.ebuild 4240 RMD160 f0d1cbf57c8c29b37ac674652a57af2b71a470c0 SHA1 4c7e027c434999cae32ad1ae42cfbc63b3948b3c SHA256 61341c946e69d629c04c2e24bbf6bb9f29cea7d865f495e31b604b94a890e216
 EBUILD gimp-2.6.12-r4.ebuild 4545 RMD160 88b96905f5319d02b3ab4f6678fc7db64d68154b SHA1 e1667b788aa92eedc9763d05b124635aa3d87295 SHA256 cac9754ffb84f08a49aed8eead219fdbf1634109c8985e258204fb94249c166b
+EBUILD gimp-2.6.12-r5.ebuild 4734 RMD160 9e8409b914d99026ba372b25906bfec1d8dbf934 SHA1 105662c377f42a7b6ff06d39e236f11c30862f8c SHA256 3e15c88e15e8d898e0974e5368e031989039d3c7ea581cfbbcc88ee00f521c62
 EBUILD gimp-2.8.2.ebuild 4681 RMD160 7d7bdfcf917c8c38947121f962df6524eb1ab7f3 SHA1 be3b73fa2ed34bac4fb4e93198f17471e047c933 SHA256 bf99275d4dd2fc2ac38421b60ad73a17473716604ebb12c0cdb9b3e75b7b8056
 EBUILD gimp-9999.ebuild 3845 RMD160 79c8a722d960037fda7f7830fd7167db23e42b64 SHA1 ba35425a897cba1c272a5012911b62c9e52fb5d3 SHA256 f4cf8c8d37cebd612041ac1144d32dbf8e0f4813f94a21317c5a20f4f38696ab
-MISC ChangeLog 55521 RMD160 f4f48c61bad28d0c5d0af1da0b16b08d7a9ca25f SHA1 eae74ee9a1ebc215119fcfe8a1494550040a60f6 SHA256 175755a2f3b478da1efc98a2439e3ae989887a841a502847bdc15ef2a10078b5
+MISC ChangeLog 55726 RMD160 015c26182c2b71e204e4517df7c59dc00200327f SHA1 268dd4a6ce7a18c4efb390a6b4666248b98b5ee0 SHA256 9e0eefc9c42e737b71dcc9b189f0c24f45bcf0fd6f659a911b7178372f90e7c7
 MISC metadata.xml 395 RMD160 21c615f6cbae64b239eb177892aa533f261dcdfe SHA1 d37e0e0c4b92b44b787ea0f5d841a59be30dbd2f SHA256 f39e4503da8cb7302e8f1a947baf406445ea8420ddfac9c1bfd4fe75d0e4fb34
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.19 (GNU/Linux)
 
-iEYEARECAAYFAlBeK/oACgkQsAvGakAaFgBbYwCfXSDx8cBNtviUONl5WhjlEFpW
-iS4An2xXNzTKjbFQg6ZOY6WP7trevquG
-=sd1s
+iEYEARECAAYFAlBeMSIACgkQsAvGakAaFgAx5wCeNBYY31fT3p2tzzbPhvtGvC6H
+sMYAn2qoqhG7QkOXDmZ42rFnyu9g18VB
+=vdMC
 -----END PGP SIGNATURE-----
diff --git a/media-gfx/gimp/files/gimp-2.6.12-CVE-2012-3236.patch b/media-gfx/gimp/files/gimp-2.6.12-CVE-2012-3236.patch
new file mode 100644
index 000000000000..e4d3a9f96fb4
--- /dev/null
+++ b/media-gfx/gimp/files/gimp-2.6.12-CVE-2012-3236.patch
@@ -0,0 +1,39 @@
+From ace45631595e8781a1420842582d67160097163c Mon Sep 17 00:00:00 2001
+From: Michael Natterer <mitch@gimp.org>
+Date: Wed, 06 Jun 2012 19:21:10 +0000
+Subject: Bug 676804 - file handling DoS for fit file format
+
+Apply patch from joe@reactionis.co.uk which fixes a buffer overflow on
+broken/malicious fits files.
+---
+(limited to 'plug-ins/file-fits/fits-io.c')
+
+diff --git a/plug-ins/file-fits/fits-io.c b/plug-ins/file-fits/fits-io.c
+index 03d9652..ed77318 100644
+--- a/plug-ins/file-fits/fits-io.c
++++ b/plug-ins/file-fits/fits-io.c
+@@ -1054,10 +1054,18 @@ static FITS_HDU_LIST *fits_decode_header (FITS_RECORD_LIST *hdr,
+  hdulist->used.simple = (strncmp (hdr->data, "SIMPLE  ", 8) == 0);
+  hdulist->used.xtension = (strncmp (hdr->data, "XTENSION", 8) == 0);
+  if (hdulist->used.xtension)
+- {
+-   fdat = fits_decode_card (fits_search_card (hdr, "XTENSION"), typ_fstring);
+-   strcpy (hdulist->xtension, fdat->fstring);
+- }
++   {
++     fdat = fits_decode_card (fits_search_card (hdr, "XTENSION"), typ_fstring);
++     if (fdat != NULL)
++       {
++         strcpy (hdulist->xtension, fdat->fstring);
++       }
++     else
++       {
++         strcpy (errmsg, "No valid XTENSION header found.");
++         goto err_return;
++       }
++   }
+ 
+  FITS_DECODE_CARD (hdr, "NAXIS", fdat, typ_flong);
+  hdulist->naxis = fdat->flong;
+--
+cgit v0.9.0.2
diff --git a/media-gfx/gimp/gimp-2.6.12-r5.ebuild b/media-gfx/gimp/gimp-2.6.12-r5.ebuild
new file mode 100644
index 000000000000..ff62e0429fb8
--- /dev/null
+++ b/media-gfx/gimp/gimp-2.6.12-r5.ebuild
@@ -0,0 +1,169 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/media-gfx/gimp/gimp-2.6.12-r5.ebuild,v 1.1 2012/09/22 21:44:00 sping Exp $
+
+EAPI="3"
+
+PYTHON_DEPEND="python? 2:2.5"
+
+inherit eutils gnome2 fdo-mime multilib python
+
+DESCRIPTION="GNU Image Manipulation Program"
+HOMEPAGE="http://www.gimp.org/"
+SRC_URI="
+	http://dev.gentoo.org/~jlec/distfiles/${PN}-2.6.11-underlinking.patch.xz
+	mirror://gimp/v2.6/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="2"
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+
+LANGS="am ar ast az be bg ca ca@valencia cs da de dz el en_CA en_GB eo es et eu fa fi fr ga gl gu he hi hr hu id is it ja ka kk km kn ko lt lv mk ml mr ms my nb nds ne nl nn oc or pa pl pt pt_BR ro ru rw si sk sl sr sr@latin sv ta th tr tt uk vi xh yi zh_CN zh_HK zh_TW"
+IUSE="alsa aalib altivec curl dbus debug doc exif gnome jpeg lcms mmx mng pdf png python smp sse svg tiff webkit wmf"
+
+for lang in ${LANGS}; do
+	IUSE+=" linguas_${lang}"
+done
+
+RDEPEND="
+	>=dev-libs/glib-2.18.1:2
+	dev-libs/libxml2
+	dev-libs/libxslt
+	>=media-libs/fontconfig-2.2.0
+	>=media-libs/freetype-2.1.7
+	>=media-libs/gegl-0.0.22 <media-libs/gegl-0.2
+	>=x11-libs/gtk+-2.12.5:2
+	x11-libs/libXpm
+	>=x11-libs/pango-1.18.0
+	sys-libs/zlib
+	x11-themes/hicolor-icon-theme
+	aalib? ( media-libs/aalib )
+	alsa? ( media-libs/alsa-lib )
+	curl? ( net-misc/curl )
+	dbus? ( dev-libs/dbus-glib )
+	exif? ( >=media-libs/libexif-0.6.15 )
+	gnome? ( gnome-base/gvfs )
+	jpeg? ( virtual/jpeg:0 )
+	lcms? ( =media-libs/lcms-1* )
+	mng? ( media-libs/libmng )
+	pdf? ( >=app-text/poppler-0.12.3-r3[cairo] )
+	png? ( >=media-libs/libpng-1.2.2:0 )
+	python?	( >=dev-python/pygtk-2.10.4:2 )
+	svg? ( >=gnome-base/librsvg-2.8.0:2 )
+	tiff? ( >=media-libs/tiff-3.5.7:0 )
+	webkit? ( net-libs/webkit-gtk:2 )
+	wmf? ( >=media-libs/libwmf-0.2.8 )"
+DEPEND="${RDEPEND}
+	>=dev-util/intltool-0.40
+	virtual/pkgconfig
+	>=sys-devel/gettext-0.17
+	doc? ( >=dev-util/gtk-doc-1 )"
+
+DOCS="AUTHORS ChangeLog* HACKING NEWS README*"
+
+pkg_setup() {
+	G2CONF="--enable-default-binary \
+		--with-x \
+		$(use_with aalib aa) \
+		$(use_with alsa) \
+		$(use_enable altivec) \
+		$(use_with curl libcurl) \
+		$(use_with dbus) \
+		--without-hal \
+		$(use_with gnome gvfs) \
+		--without-gnomevfs \
+		$(use_with webkit) \
+		$(use_with jpeg libjpeg) \
+		$(use_with exif libexif) \
+		$(use_with lcms) \
+		$(use_enable mmx) \
+		$(use_with mng libmng) \
+		$(use_with pdf poppler) \
+		$(use_with png libpng) \
+		$(use_enable python) \
+		$(use_enable smp mp) \
+		$(use_enable sse) \
+		$(use_with svg librsvg) \
+		$(use_with tiff libtiff) \
+		$(use_with wmf)"
+
+	if use python; then
+		python_set_active_version 2
+		python_pkg_setup
+	fi
+}
+
+src_prepare() {
+	# don't use empty, removed header
+	# https://bugs.gentoo.org/show_bug.cgi?id=377075
+	epatch "${FILESDIR}"/gimp-curl-headers.diff
+
+	# apply file-uri patch by upstream
+	# https://bugs.gentoo.org/show_bug.cgi?id=372941
+	# https://bugzilla.gnome.org/show_bug.cgi?id=653980#c6
+	epatch "${FILESDIR}"/${PN}-2.6.11-file-uri.patch
+
+	# fix test suite
+	# https://bugs.gentoo.org/show_bug.cgi?id=406625
+	epatch "${FILESDIR}"/${P}-potfiles-skip.patch
+
+	# buffer overflow patch backport
+	# https://bugs.gentoo.org/show_bug.cgi?id=418425
+	epatch "${FILESDIR}"/${P}-CVE-2012-2763.patch
+
+	# CEL and GIF plug-ins: Heap-based buffer overflows (CVE-2012-{3403,3481})
+	# https://bugs.gentoo.org/show_bug.cgi?id=434580
+	# Patches from Fedora <http://pkgs.fedoraproject.org/cgit/gimp.git/tree/?h=f16>
+	epatch "${FILESDIR}"/${P}-CVE-2012-3403.patch
+	epatch "${FILESDIR}"/${P}-CVE-2012-3481.patch
+
+	# DoS via .fit files (CVE-2012-3236)
+	# https://bugs.gentoo.org/show_bug.cgi?id=428708
+	# https://bugzilla.gnome.org/show_bug.cgi?id=676804
+	epatch "${FILESDIR}"/${P}-CVE-2012-3236.patch
+
+	echo '#!/bin/sh' > py-compile
+	gnome2_src_prepare
+}
+
+_clean_up_locales() {
+	elog "Cleaning up locales..."
+	for lang in ${LANGS}; do
+		use "linguas_${lang}" && {
+			elog "- keeping ${lang}"
+			continue
+		}
+		rm -Rf "${D}"/usr/share/locale/"${lang}" || die
+	done
+}
+
+src_install() {
+	gnome2_src_install
+
+	if use python; then
+		python_convert_shebangs -r $(python_get_version) "${ED}"
+		python_need_rebuild
+	fi
+
+	# Workaround for bug #321111 to give GIMP the least
+	# precedence on PDF documents by default
+	mv "${D}"/usr/share/applications/{,zzz-}gimp.desktop || die
+
+	find "${D}" -name '*.la' -delete || die
+
+	_clean_up_locales
+}
+
+pkg_postinst() {
+	gnome2_pkg_postinst
+
+	use python && python_mod_optimize /usr/$(get_libdir)/gimp/2.0/python \
+		/usr/$(get_libdir)/gimp/2.0/plug-ins
+}
+
+pkg_postrm() {
+	gnome2_pkg_postrm
+
+	use python && python_mod_cleanup /usr/$(get_libdir)/gimp/2.0/python \
+		/usr/$(get_libdir)/gimp/2.0/plug-ins
+}
author	Sebastian Pipping <sping@gentoo.org>	2012-09-22 21:44:00 +0000
committer	Sebastian Pipping <sping@gentoo.org>	2012-09-22 21:44:00 +0000
commit	64723db20ef7b9db39afc9fc35c681978af17fd4 (patch)
tree	b1dca454433da64fe9c09b2ef2e61191645fafda /media-gfx/gimp
parent	Remove old (diff)
download	historical-64723db20ef7b9db39afc9fc35c681978af17fd4.tar.gz historical-64723db20ef7b9db39afc9fc35c681978af17fd4.tar.bz2 historical-64723db20ef7b9db39afc9fc35c681978af17fd4.zip