Date: Tuesday, October 19, 2010 @ 19:18:53 Author: stephane Revision: 96361
db-5.1 rebuild Apply security patches from Gentoo Fix FS#20977 and FS#21148 Added: xemacs/trunk/xemacs-21.5.29-large-images.patch xemacs/trunk/xemacs-21.5.29-optimization-bug.patch xemacs/trunk/xemacs-21.5.29-vcdiff.patch Modified: xemacs/trunk/PKGBUILD ---------------------------------------+ PKGBUILD | 50 ++++++++++++---- xemacs-21.5.29-large-images.patch | 96 ++++++++++++++++++++++++++++++++ xemacs-21.5.29-optimization-bug.patch | 14 ++++ xemacs-21.5.29-vcdiff.patch | 19 ++++++ 4 files changed, 167 insertions(+), 12 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2010-10-19 22:10:37 UTC (rev 96360) +++ PKGBUILD 2010-10-19 23:18:53 UTC (rev 96361) @@ -1,25 +1,46 @@ # $Id$ # Maintainer: juergen <juer...@archlinux.org> +# Contributor : Stéphane Gaudreault <steph...@archlinux.org> pkgname=xemacs pkgver=21.5.29 -pkgrel=2 +pkgrel=3 pkgdesc="highly customizable open source text editor and application development system forked from GNU Emacs" arch=(i686 x86_64) url="http://www.xemacs.org/" license=('GPL') -depends=('db>=4.8' 'libpng' 'libtiff' 'gpm>=1.20.4' 'bash' 'ncurses>=5.6-7' 'desktop-file-utils' 'libxaw' 'libjpeg') +depends=('db' 'libpng' 'libtiff' 'gpm>=1.20.4' 'bash' 'ncurses>=5.6-7' 'desktop-file-utils' 'libxaw' 'libjpeg') optdepends=('xorg-fonts-75dpi: X bitmap fonts needed for the interface' - 'xorg-fonts-100dpi: X bitmap fonts needed for the interface') + 'xorg-fonts-100dpi: X bitmap fonts needed for the interface') makedepends=('giflib' 'xbitmaps') install=xemacs.install -source=(http://ftp.xemacs.org/pub/xemacs/beta/$pkgname-$pkgver.tar.gz xemacs.desktop) -md5sums=('5364192ae0d3de23d9f4ce197e6493b5' 'a4d3d5c0aa2c7ce7bec491f809ca3694') - +source=(http://ftp.xemacs.org/pub/xemacs/beta/$pkgname-$pkgver.tar.gz + xemacs.desktop + xemacs-21.5.29-large-images.patch + xemacs-21.5.29-optimization-bug.patch + xemacs-21.5.29-vcdiff.patch) +md5sums=('5364192ae0d3de23d9f4ce197e6493b5' + 'a4d3d5c0aa2c7ce7bec491f809ca3694' + '23ca5a7c50fe7ebebd9fc4525882cdf1' + 'eb061b10ea3bbe1026df5326ae1618e3' + '4ada657a351b226cdd557f9faaeab075') + build() { cd "${srcdir}/${pkgname}-${pkgver}" - infodir=/usr/share/info - mandir=/usr/share/man/man1 + + # Fix security issue in vcdiff script + patch -Np0 -i ../xemacs-21.5.29-vcdiff.patch + + # Fix problem caused by improper optimization with GCC>=4.1.2 on i686 + # (and possibly other arches). See + # http://tracker.xemacs.org/XEmacs/its/issue354 + # for the upstream bug report. + patch -Np0 -i ../xemacs-21.5.29-optimization-bug.patch + + # Fix for security bug + # See http://bugs.gentoo.org/show_bug.cgi?id=275397 + patch -Np1 -i ../xemacs-21.5.29-large-images.patch + ./configure --build="${CHOST}" --prefix=/usr --with-dynamic \ --with-x11 --without-postgresql --with-athena=xaw \ --enable-database=berkdb --without-ldap \ @@ -28,12 +49,17 @@ --enable-external-widget \ --with-jpeg --with-png --with-tiff \ --with-ncurses --with-pop --with-xfs --disable-sound \ - --infodir=${infodir} \ - --mandir=${mandir} || return 1 + --infodir=/usr/share/info \ + --with-mule \ + --mandir=/usr/share/man/man1 - make || return 1 - make -j1 prefix="${pkgdir}/usr" mandir="${pkgdir}${mandir}" infodir="${pkgdir}${infodir}" install gzip-el || return 1 + make +} +package() { + cd "${srcdir}/${pkgname}-${pkgver}" + make -j1 prefix="${pkgdir}/usr" mandir="${pkgdir}/usr/share/man/man1" infodir="${pkgdir}/usr/share/info" install gzip-el + rm ${pkgdir}/usr/bin/{b2m,ctags,etags,rcs-checkin} rm ${pkgdir}/usr/share/man/man1/{ctags.1,etags.1} Added: xemacs-21.5.29-large-images.patch =================================================================== --- xemacs-21.5.29-large-images.patch (rev 0) +++ xemacs-21.5.29-large-images.patch 2010-10-19 23:18:53 UTC (rev 96361) @@ -0,0 +1,96 @@ +APPROVE COMMIT 21.5 + +This patch has been committed. When trying to open very large image +files (or image files with header files that claim the image is very +large), we multiply length times width to get the number of pixels in +the image (and possibly multiply that number if a pixel occupies more +than 1 byte). The multiplication can overflow, resulting in passing +negative or insufficiently positive size values to malloc. This patch +checks whether the multiplication will overflow. If so, XEmacs +refuses to attempt to load the image. + +(Patch taken from upstream, already applied there) + +--- a/src/glyphs-eimage.c Mon Jun 29 08:20:47 2009 -0600 ++++ b/src/glyphs-eimage.c Wed Jul 01 15:42:54 2009 -0600 +@@ -409,6 +409,7 @@ + */ + + { ++ UINT_64_BIT pixels_sq; + int jpeg_gray = 0; /* if we're dealing with a grayscale */ + /* Step 4: set parameters for decompression. */ + +@@ -431,7 +432,10 @@ + jpeg_start_decompress (&cinfo); + + /* Step 6: Read in the data and put into EImage format (8bit RGB triples)*/ +- ++ pixels_sq = ++ (UINT_64_BIT) cinfo.output_width * (UINT_64_BIT) cinfo.output_height; ++ if (pixels_sq > ((size_t) -1) / 3) ++ signal_image_error ("JPEG image too large to instantiate", instantiator); + unwind.eimage = + xnew_binbytes (cinfo.output_width * cinfo.output_height * 3); + if (!unwind.eimage) +@@ -677,6 +681,7 @@ + { + ColorMapObject *cmo = unwind.giffile->SColorMap; + int i, j, row, pass, interlace, slice; ++ UINT_64_BIT pixels_sq; + Binbyte *eip; + /* interlaced gifs have rows in this order: + 0, 8, 16, ..., 4, 12, 20, ..., 2, 6, 10, ..., 1, 3, 5, ... */ +@@ -685,6 +690,9 @@ + + height = unwind.giffile->SHeight; + width = unwind.giffile->SWidth; ++ pixels_sq = (UINT_64_BIT) width * (UINT_64_BIT) height; ++ if (pixels_sq > ((size_t) -1) / (3 * unwind.giffile->ImageCount)) ++ signal_image_error ("GIF image too large to instantiate", instantiator); + unwind.eimage = + xnew_binbytes (width * height * 3 * unwind.giffile->ImageCount); + if (!unwind.eimage) +@@ -948,11 +956,15 @@ + { + int y; + Binbyte **row_pointers; ++ UINT_64_BIT pixels_sq; + height = info_ptr->height; + width = info_ptr->width; ++ pixels_sq = (UINT_64_BIT) width * (UINT_64_BIT) height; ++ if (pixels_sq > ((size_t) -1) / 3) ++ signal_image_error ("PNG image too large to instantiate", instantiator); + + /* Wow, allocate all the memory. Truly, exciting. */ +- unwind.eimage = xnew_array_and_zero (Binbyte, width * height * 3); ++ unwind.eimage = xnew_array_and_zero (Binbyte, (size_t) (pixels_sq * 3)); + /* libpng expects that the image buffer passed in contains a + picture to draw on top of if the png has any transparencies. + This could be a good place to pass that in... */ +@@ -1299,6 +1311,7 @@ + + uint32 *raster; + Binbyte *ep; ++ UINT_64_BIT pixels_sq; + + assert (!NILP (data)); + +@@ -1321,12 +1334,15 @@ + + TIFFGetField (unwind.tiff, TIFFTAG_IMAGEWIDTH, &width); + TIFFGetField (unwind.tiff, TIFFTAG_IMAGELENGTH, &height); +- unwind.eimage = xnew_binbytes (width * height * 3); ++ pixels_sq = (UINT_64_BIT) width * (UINT_64_BIT) height; ++ if (pixels_sq >= 1 << 29) ++ signal_image_error ("TIFF image too large to instantiate", instantiator); ++ unwind.eimage = xnew_binbytes (pixels_sq * 3); + + /* #### This is little more than proof-of-concept/function testing. + It needs to be reimplemented via scanline reads for both memory + compactness. */ +- raster = (uint32*) _TIFFmalloc (width * height * sizeof (uint32)); ++ raster = (uint32*) _TIFFmalloc ((tsize_t) (pixels_sq * sizeof (uint32))); + if (raster != NULL) + { + int i, j; Added: xemacs-21.5.29-optimization-bug.patch =================================================================== --- xemacs-21.5.29-optimization-bug.patch (rev 0) +++ xemacs-21.5.29-optimization-bug.patch 2010-10-19 23:18:53 UTC (rev 96361) @@ -0,0 +1,14 @@ +Work around a GCC optimization bug as described in +http://tracker.xemacs.org/XEmacs/its/issue354 + +--- src/dumper.c.~1~ 2008-01-26 09:54:11.000000000 +0100 ++++ src/dumper.c 2008-05-03 10:17:03.000000000 +0200 +@@ -2584,7 +2584,7 @@ + #endif /* !WIN32_NATIVE */ + + +-static int ++int + pdump_file_try (Wexttext *exe_path) + { + Wexttext *w = exe_path + wext_strlen (exe_path); Added: xemacs-21.5.29-vcdiff.patch =================================================================== --- xemacs-21.5.29-vcdiff.patch (rev 0) +++ xemacs-21.5.29-vcdiff.patch 2010-10-19 23:18:53 UTC (rev 96361) @@ -0,0 +1,19 @@ +--- lib-src/vcdiff.~1~ 1996-12-18 23:42:33.000000000 +0100 ++++ lib-src/vcdiff 2008-04-09 08:20:36.000000000 +0200 +@@ -79,14 +79,14 @@ + case $f in + s.* | */s.*) + if +- rev1=/tmp/geta$$ ++ rev1=`mktemp /tmp/geta.XXXXXXXX` + get -s -p -k $sid1 "$f" > $rev1 && + case $sid2 in + '') + workfile=`expr " /$f" : '.*/s.\(.*\)'` + ;; + *) +- rev2=/tmp/getb$$ ++ rev2=`mktemp /tmp/getb.XXXXXXXX` + get -s -p -k $sid2 "$f" > $rev2 + workfile=$rev2 + esac