[gentoo-commits] repo/gentoo:master commit in: x11-libs/gdk-pixbuf/, x11-libs/gdk-pixbuf/files/

Mon, 12 Oct 2015 16:34:56 -0700 

commit:     1dfb62b200770993df34d207358805fba6612605
Author:     Alexandre Rostovtsev <tetromino <AT> gentoo <DOT> org>
AuthorDate: Mon Oct 12 23:19:17 2015 +0000
Commit:     Alexandre Rostovtsev <tetromino <AT> gentoo <DOT> org>
CommitDate: Mon Oct 12 23:33:34 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1dfb62b2

x11-libs/gdk-pixbuf: bump to 2.32.1, fixes heap overflows

Fixes multiple heap overflows (CVE-2015-7673, CVE-2015-7674).
Drops support for wbmp, ras, pcx formats.
Fixes support for icns and 256x256 ico formats.

Gentoo-Bug: 562878, 562880
Reported-by: Agostino Sarubbo

 x11-libs/gdk-pixbuf/Manifest                       |   1 +
 .../gdk-pixbuf-2.32.1-gint64-shift-overflow.patch  |  81 +++++++++++++
 x11-libs/gdk-pixbuf/gdk-pixbuf-2.32.1.ebuild       | 129 +++++++++++++++++++++
 3 files changed, 211 insertions(+)

diff --git a/x11-libs/gdk-pixbuf/Manifest b/x11-libs/gdk-pixbuf/Manifest
index 3bbc8ef..a6dadd3 100644
--- a/x11-libs/gdk-pixbuf/Manifest
+++ b/x11-libs/gdk-pixbuf/Manifest
@@ -1 +1,2 @@
 DIST gdk-pixbuf-2.30.8.tar.xz 1336788 SHA256 
4853830616113db4435837992c0aebd94cbb993c44dc55063cee7f72a7bef8be SHA512 
2888cf035b70330e8d3ac87af54b69b2c990440fd59922464088d2a685e90022ad39c83d1ce1ccccfac3872b55ce9445ec4a3e9c7ab6371e20b19e20df7f261d
 WHIRLPOOL 
e7f69807ed629c5703750a91cc7a95ee2b3aa178a74c9197c20f863648436a023d140cf1274ba38369e8da3d77216bb1fcc66bae5b612ee8ee33ee4b42e11d65
+DIST gdk-pixbuf-2.32.1.tar.xz 2427908 SHA256 
4432b74f25538c7d6bcb3ca51adabdd666168955f25812a2568dc9637697f3bc SHA512 
4c744f166e86c17cafebe0db9434794666b64850a60597e34675cf9b902e48e89c3ff45032a10899944ae59b6c0db63c1ff33c4d2c50846393e77bad3a3adec2
 WHIRLPOOL 
566b73752c1e478fdf7011c3d2222ea39eb13052741c70a0dffd6a0800e892e951207856b90e0d20c352981565682dec28c51fc4951f2236767e97c838d239a2

diff --git 
a/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.32.1-gint64-shift-overflow.patch 
b/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.32.1-gint64-shift-overflow.patch
new file mode 100644
index 0000000..273956e
--- /dev/null
+++ b/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.32.1-gint64-shift-overflow.patch
@@ -0,0 +1,81 @@
+From 2fb6bce8b3fdae67b8cdd93f253dad3743fc01b8 Mon Sep 17 00:00:00 2001
+From: Mike Gorse <mgo...@suse.com>
+Date: Tue, 6 Oct 2015 11:46:24 -0500
+Subject: [PATCH] pixops: use gint64 in more places to avoid overflow when
+ shifting
+
+---
+ gdk-pixbuf/pixops/pixops.c | 34 +++++++++++++++++-----------------
+ 1 file changed, 17 insertions(+), 17 deletions(-)
+
+diff --git a/gdk-pixbuf/pixops/pixops.c b/gdk-pixbuf/pixops/pixops.c
+index b0abecd..6a4a096 100644
+--- a/gdk-pixbuf/pixops/pixops.c
++++ b/gdk-pixbuf/pixops/pixops.c
+@@ -354,11 +354,11 @@ pixops_composite_nearest (guchar        *dest_buf,
+                         double         scale_y,
+                         int            overall_alpha)
+ {
+-  int i;
+-  int x;
+-  int x_step = (1 << SCALE_SHIFT) / scale_x;
+-  int y_step = (1 << SCALE_SHIFT) / scale_y;
+-  int xmax, xstart, xstop, x_pos, y_pos;
++  gint64 i;
++  gint64 x;
++  gint64 x_step = (1 << SCALE_SHIFT) / scale_x;
++  gint64 y_step = (1 << SCALE_SHIFT) / scale_y;
++  gint64 xmax, xstart, xstop, x_pos, y_pos;
+   const guchar *p;
+   unsigned int  a0;
+ 
+@@ -524,13 +524,13 @@ pixops_composite_color_nearest (guchar        *dest_buf,
+                               guint32        color1,
+                               guint32        color2)
+ {
+-  int i, j;
+-  int x;
+-  int x_step = (1 << SCALE_SHIFT) / scale_x;
+-  int y_step = (1 << SCALE_SHIFT) / scale_y;
++  gint64 i, j;
++  gint64 x;
++  gint64 x_step = (1 << SCALE_SHIFT) / scale_x;
++  gint64 y_step = (1 << SCALE_SHIFT) / scale_y;
+   int r1, g1, b1, r2, g2, b2;
+   int check_shift = get_check_shift (check_size);
+-  int xmax, xstart, xstop, x_pos, y_pos;
++  gint64 xmax, xstart, xstop, x_pos, y_pos;
+   const guchar *p;
+   unsigned int  a0;
+ 
+@@ -1338,20 +1338,20 @@ pixops_process (guchar         *dest_buf,
+               PixopsLineFunc  line_func,
+               PixopsPixelFunc pixel_func)
+ {
+-  int i, j;
+-  int x, y;                   /* X and Y position in source (fixed_point) */
++  gint64 i, j;
++  gint64 x, y;                        /* X and Y position in source 
(fixed_point) */
+ 
+   guchar **line_bufs;
+   int *filter_weights;
+ 
+-  int x_step;
+-  int y_step;
++  gint64 x_step;
++  gint64 y_step;
+ 
+   int check_shift;
+-  int scaled_x_offset;
++  gint64 scaled_x_offset;
+ 
+-  int run_end_x;
+-  int run_end_index;
++  gint64 run_end_x;
++  gint64 run_end_index;
+ 
+   x_step = (1 << SCALE_SHIFT) / scale_x; /* X step in source (fixed point) */
+   y_step = (1 << SCALE_SHIFT) / scale_y; /* Y step in source (fixed point) */
+-- 
+2.6.1
+

diff --git a/x11-libs/gdk-pixbuf/gdk-pixbuf-2.32.1.ebuild 
b/x11-libs/gdk-pixbuf/gdk-pixbuf-2.32.1.ebuild
new file mode 100644
index 0000000..a0ddb14
--- /dev/null
+++ b/x11-libs/gdk-pixbuf/gdk-pixbuf-2.32.1.ebuild
@@ -0,0 +1,129 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+GCONF_DEBUG="no"
+GNOME2_LA_PUNT="yes"
+
+inherit eutils flag-o-matic gnome2 multilib libtool multilib-minimal
+
+DESCRIPTION="Image loading library for GTK+"
+HOMEPAGE="http://www.gtk.org/";
+
+LICENSE="LGPL-2+"
+SLOT="2"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh 
~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-freebsd ~x86-interix ~amd64-linux 
~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris 
~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="+X debug +introspection jpeg jpeg2k tiff test"
+
+COMMON_DEPEND="
+       >=dev-libs/glib-2.37.6:2[${MULTILIB_USEDEP}]
+       >=media-libs/libpng-1.4:0=[${MULTILIB_USEDEP}]
+       introspection? ( >=dev-libs/gobject-introspection-0.9.3 )
+       jpeg? ( virtual/jpeg:0=[${MULTILIB_USEDEP}] )
+       jpeg2k? ( media-libs/jasper:=[${MULTILIB_USEDEP}] )
+       tiff? ( >=media-libs/tiff-3.9.2:0=[${MULTILIB_USEDEP}] )
+       X? ( x11-libs/libX11[${MULTILIB_USEDEP}] )
+"
+DEPEND="${COMMON_DEPEND}
+       >=dev-util/gtk-doc-am-1.20
+       >=sys-devel/gettext-0.19
+       virtual/pkgconfig
+"
+# librsvg blocker is for the new pixbuf loader API, you lose icons otherwise
+RDEPEND="${COMMON_DEPEND}
+       !<gnome-base/gail-1000
+       !<gnome-base/librsvg-2.31.0
+       !<x11-libs/gtk+-2.21.3:2
+       !<x11-libs/gtk+-2.90.4:3
+       abi_x86_32? (
+               !<=app-emulation/emul-linux-x86-gtklibs-20131008-r2
+               !app-emulation/emul-linux-x86-gtklibs[-abi_x86_32(-)]
+       )
+"
+
+MULTILIB_CHOST_TOOLS=(
+       /usr/bin/gdk-pixbuf-query-loaders
+)
+
+src_prepare() {
+       # Upstream patches from 2.32.x
+       epatch "${FILESDIR}"/${P}-gint64-shift-overflow.patch
+
+       # ERROR: cve-2015-4491 - missing test plan
+       # FIXME - check if this works in 2.31.7
+       # $sed -e 's/cve-2015-4491$(EXEEXT)//' -i tests/Makefile.in || die
+
+       # This will avoid polluting the pkg-config file with versioned libpng,
+       # which is causing problems with libpng14 -> libpng15 upgrade
+       # See upstream bug #667068
+       # First check that the pattern is present, to catch upstream changes on 
bumps,
+       # because sed doesn't return failure code if it doesn't do any 
replacements
+       grep -q  'l in libpng16' configure || die "libpng check order has 
changed upstream"
+       sed -e 's:l in libpng16:l in libpng libpng16:' -i configure || die
+       [[ ${CHOST} == *-solaris* ]] && append-libs intl
+
+       gnome2_src_prepare
+}
+
+multilib_src_configure() {
+       # png always on to display icons
+       ECONF_SOURCE="${S}" \
+       gnome2_src_configure \
+               $(usex debug --enable-debug=yes "") \
+               $(use_with jpeg libjpeg) \
+               $(use_with jpeg2k libjasper) \
+               $(use_with tiff libtiff) \
+               $(multilib_native_use_enable introspection) \
+               $(use_with X x11) \
+               --with-libpng
+
+       # work-around gtk-doc out-of-source brokedness
+       if multilib_is_native_abi; then
+               ln -s "${S}"/docs/reference/${PN}/html 
docs/reference/${PN}/html || die
+       fi
+}
+
+multilib_src_install() {
+       # Parallel install fails when no gdk-pixbuf is already installed, bug 
#481372
+       MAKEOPTS="${MAKEOPTS} -j1" gnome2_src_install
+}
+
+pkg_preinst() {
+       gnome2_pkg_preinst
+
+       multilib_pkg_preinst() {
+               # Make sure loaders.cache belongs to gdk-pixbuf alone
+               local cache="usr/$(get_libdir)/${PN}-2.0/2.10.0/loaders.cache"
+
+               if [[ -e ${EROOT}${cache} ]]; then
+                       cp "${EROOT}"${cache} "${ED}"/${cache} || die
+               else
+                       touch "${ED}"/${cache} || die
+               fi
+       }
+
+       multilib_foreach_abi multilib_pkg_preinst
+}
+
+pkg_postinst() {
+       # causes segfault if set, see bug 375615
+       unset __GL_NO_DSO_FINALIZER
+
+       multilib_foreach_abi gnome2_pkg_postinst
+
+       # Migration snippet for when this was handled by gtk+
+       if [ -e "${EROOT}"usr/lib/gtk-2.0/2.*/loaders ]; then
+               elog "You need to rebuild ebuilds that installed into" 
"${EROOT}"usr/lib/gtk-2.0/2.*/loaders
+               elog "to do that you can use qfile from portage-utils:"
+               elog "emerge -va1 \$(qfile -qC 
${EPREFIX}/usr/lib/gtk-2.0/2.*/loaders)"
+       fi
+}
+
+pkg_postrm() {
+       gnome2_pkg_postrm
+
+       if [[ -z ${REPLACED_BY_VERSIONS} ]]; then
+               rm -f "${EROOT}"usr/lib*/${PN}-2.0/2.10.0/loaders.cache
+       fi
+}

Reply via email to