summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChris White <chriswhite@gentoo.org>2004-09-06 18:17:10 +0000
committerChris White <chriswhite@gentoo.org>2004-09-06 18:17:10 +0000
commit78ff4188e78f8da08050d765070f6693040bdb36 (patch)
tree0697e459e777249ff595d80bab887b3558b8b51b
parentSwitch to use epause and ebeep, bug #62950 (Manifest recommit) (diff)
downloadgentoo-2-78ff4188e78f8da08050d765070f6693040bdb36.tar.gz
gentoo-2-78ff4188e78f8da08050d765070f6693040bdb36.tar.bz2
gentoo-2-78ff4188e78f8da08050d765070f6693040bdb36.zip
Security rev bump per Bug #62487. x86 stable marked for security bug.
-rw-r--r--media-libs/imlib/ChangeLog8
-rw-r--r--media-libs/imlib/Manifest4
-rw-r--r--media-libs/imlib/files/digest-imlib-1.9.14-r21
-rw-r--r--media-libs/imlib/files/imlib-1.9.14-bound.patch372
-rw-r--r--media-libs/imlib/imlib-1.9.14-r2.ebuild48
5 files changed, 432 insertions, 1 deletions
diff --git a/media-libs/imlib/ChangeLog b/media-libs/imlib/ChangeLog
index 0dbc6995408a..8930d1104f0d 100644
--- a/media-libs/imlib/ChangeLog
+++ b/media-libs/imlib/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for media-libs/imlib
# Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-libs/imlib/ChangeLog,v 1.22 2004/08/26 13:20:05 hanno Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-libs/imlib/ChangeLog,v 1.23 2004/09/06 18:17:10 chriswhite Exp $
+
+*imlib-1.9.14-r2 (06 Sep 2004)
+
+ 06 Sep 2004; Chris White <chriswhite@gentoo.org>
+ +files/imlib-1.9.14-bound.patch, +imlib-1.9.14-r2.ebuild:
+ Security rev bump per Bug #62487. x86 stable marked for security bug.
26 Aug 2004; Hanno Boeck <hanno@gentoo.org> imlib-1.9.14-r1.ebuild:
Re-indtroduced the hard-gtk-dep, because the "hack" to disable it didn't
diff --git a/media-libs/imlib/Manifest b/media-libs/imlib/Manifest
index f13af588ed27..2413055affce 100644
--- a/media-libs/imlib/Manifest
+++ b/media-libs/imlib/Manifest
@@ -1,3 +1,7 @@
MD5 34f3d96491e4deca088607ec313b125a ChangeLog 3137
MD5 7aaf257fcfc9454467c6d23901e040af imlib-1.9.14-r1.ebuild 1034
+MD5 862b0584a9d6943e29981bda77601905 imlib-1.9.14-r2.ebuild 1119
+MD5 9de297e663a0d8c7ec5b5c8a8bd91e98 imlib.out 3238
MD5 249b41b845e39ccae3a4022bead066e9 files/digest-imlib-1.9.14-r1 65
+MD5 249b41b845e39ccae3a4022bead066e9 files/digest-imlib-1.9.14-r2 65
+MD5 785e01e32ee3640d632ac61e28d14aa4 files/imlib-1.9.14-bound.patch 11764
diff --git a/media-libs/imlib/files/digest-imlib-1.9.14-r2 b/media-libs/imlib/files/digest-imlib-1.9.14-r2
new file mode 100644
index 000000000000..2506fdb6b205
--- /dev/null
+++ b/media-libs/imlib/files/digest-imlib-1.9.14-r2
@@ -0,0 +1 @@
+MD5 a337643f75bb431034d7213ac74f13dc imlib-1.9.14.tar.bz2 587947
diff --git a/media-libs/imlib/files/imlib-1.9.14-bound.patch b/media-libs/imlib/files/imlib-1.9.14-bound.patch
new file mode 100644
index 000000000000..d2385e529392
--- /dev/null
+++ b/media-libs/imlib/files/imlib-1.9.14-bound.patch
@@ -0,0 +1,372 @@
+diff -uprk.orig imlib-1.9.14.orig/gdk_imlib/io-bmp.c imlib-1.9.14/gdk_imlib/io-bmp.c
+--- imlib-1.9.14.orig/gdk_imlib/io-bmp.c 2002-03-04 20:06:29 +0300
++++ imlib-1.9.14/gdk_imlib/io-bmp.c 2004-09-02 16:36:16 +0400
+@@ -10,7 +10,7 @@ loader_bmp (FILE *file, int *w, int *h,
+ linesize, linepos, rshift = 0, gshift = 0, bshift = 0;
+ unsigned char byte;
+ short int word;
+- long int dbuf[4], dword, rmask = 0, gmask = 0, bmask = 0, offset,
++ long int dbuf[4], dword, rmask = 0xff, gmask = 0xff, bmask = 0xff, offset,
+ size;
+ signed char bbuf[4];
+ struct _cmap
+@@ -32,7 +32,7 @@ loader_bmp (FILE *file, int *w, int *h,
+ * Reading the bmp header
+ */
+
+- fread(&bbuf, 1, 2, file);
++ fread(bbuf, 1, 2, file);
+
+ fread(dbuf, 4, 4, file);
+
+@@ -42,12 +42,12 @@ loader_bmp (FILE *file, int *w, int *h,
+ fread(dbuf, 4, 2, file);
+ *w = (int)dbuf[0];
+ *h = (int)dbuf[1];
+- if (*w > 32767)
++ if ((*w < 0) || (*w > 32767))
+ {
+ fprintf(stderr, "IMLIB ERROR: Image width > 32767 pixels for file\n");
+ return NULL;
+ }
+- if (*h > 32767)
++ if ((*h < 0) || (*h > 32767))
+ {
+ fprintf(stderr, "IMLIB ERROR: Image height > 32767 pixels for file\n");
+ return NULL;
+@@ -72,6 +72,9 @@ loader_bmp (FILE *file, int *w, int *h,
+ ncolors = (int)dbuf[0];
+ if (ncolors == 0)
+ ncolors = 1 << bpp;
++ if ((ncolors < 0) || (ncolors > (1 << bpp)))
++ ncolors = 1 << bpp;
++
+ /* some more sanity checks */
+ if (((comp == BI_RLE4) && (bpp != 4)) || ((comp == BI_RLE8) && (bpp != 8)) || ((comp == BI_BITFIELDS) && (bpp != 16 && bpp != 32)))
+ {
+@@ -197,9 +200,13 @@ loader_bmp (FILE *file, int *w, int *h,
+ for (bit = 0; bit < 8; bit++)
+ {
+ index = ((byte & (0x80 >> bit)) ? 1 : 0);
+- ptr[poffset] = cmap[index].r;
+- ptr[poffset + 1] = cmap[index].g;
+- ptr[poffset + 2] = cmap[index].b;
++ /* possibly corrupted file? */
++ if (index < ncolors && poffset < *w * *h * 3)
++ {
++ ptr[poffset] = cmap[index].r;
++ ptr[poffset + 1] = cmap[index].g;
++ ptr[poffset + 2] = cmap[index].b;
++ }
+ column++;
+ }
+ }
+@@ -221,9 +228,13 @@ loader_bmp (FILE *file, int *w, int *h,
+ index = ((byte & (0xF0 >> nibble * 4)) >> (!nibble * 4));
+ if (index >= 16)
+ index = 15;
+- ptr[poffset] = cmap[index].r;
+- ptr[poffset + 1] = cmap[index].g;
+- ptr[poffset + 2] = cmap[index].b;
++ /* possibly corrupted file? */
++ if (index < ncolors && poffset < *w * *h * 3)
++ {
++ ptr[poffset] = cmap[index].r;
++ ptr[poffset + 1] = cmap[index].g;
++ ptr[poffset + 2] = cmap[index].b;
++ }
+ column++;
+ }
+ }
+@@ -263,9 +274,13 @@ loader_bmp (FILE *file, int *w, int *h,
+ {
+ linepos++;
+ byte = getc(file);
+- ptr[poffset] = cmap[byte].r;
+- ptr[poffset + 1] = cmap[byte].g;
+- ptr[poffset + 2] = cmap[byte].b;
++ /* possibly corrupted file? */
++ if (byte < ncolors && poffset < *w * *h * 3)
++ {
++ ptr[poffset] = cmap[byte].r;
++ ptr[poffset + 1] = cmap[byte].g;
++ ptr[poffset + 2] = cmap[byte].b;
++ }
+ column++;
+ }
+ if (absolute & 0x01)
+@@ -276,9 +291,13 @@ loader_bmp (FILE *file, int *w, int *h,
+ {
+ for (i = 0; i < first; i++)
+ {
+- ptr[poffset] = cmap[byte].r;
+- ptr[poffset + 1] = cmap[byte].g;
+- ptr[poffset + 2] = cmap[byte].b;
++ /* possibly corrupted file? */
++ if (byte < ncolors && poffset < *w * *h * 3)
++ {
++ ptr[poffset] = cmap[byte].r;
++ ptr[poffset + 1] = cmap[byte].g;
++ ptr[poffset + 2] = cmap[byte].b;
++ }
+ column++;
+ linepos++;
+ }
+@@ -286,20 +305,27 @@ loader_bmp (FILE *file, int *w, int *h,
+ }
+ else
+ {
+- ptr[poffset] = cmap[byte].r;
+- ptr[poffset + 1] = cmap[byte].g;
+- ptr[poffset + 2] = cmap[byte].b;
++ /* possibly corrupted file? */
++ if (byte < ncolors && poffset < *w * *h * 3)
++ {
++ ptr[poffset] = cmap[byte].r;
++ ptr[poffset + 1] = cmap[byte].g;
++ ptr[poffset + 2] = cmap[byte].b;
++ }
+ column++;
+- linepos += size;
+ }
+ }
+ }
+ else if (bpp == 24)
+ {
+- linepos += fread(&bbuf, 1, 3, file);
+- ptr[poffset] = (unsigned char)bbuf[2];
+- ptr[poffset + 1] = (unsigned char)bbuf[1];
+- ptr[poffset + 2] = (unsigned char)bbuf[0];
++ linepos += fread(bbuf, 1, 3, file);
++ /* possibly corrupted file? */
++ if (poffset < *w * *h * 3)
++ {
++ ptr[poffset] = (unsigned char)bbuf[2];
++ ptr[poffset + 1] = (unsigned char)bbuf[1];
++ ptr[poffset + 2] = (unsigned char)bbuf[0];
++ }
+ column++;
+ }
+ else if (bpp == 16)
+@@ -307,12 +333,16 @@ loader_bmp (FILE *file, int *w, int *h,
+ unsigned char temp;
+
+ linepos += fread(&word, 2, 1, file);
+- temp = (word & rmask) >> rshift;
+- ptr[poffset] = temp;
+- temp = (word & gmask) >> gshift;
+- ptr[poffset + 1] = temp;
+- temp = (word & bmask) >> gshift;
+- ptr[poffset + 2] = temp;
++ /* possibly corrupted file? */
++ if (poffset < *w * *h * 3)
++ {
++ temp = (word & rmask) >> rshift;
++ ptr[poffset] = temp;
++ temp = (word & gmask) >> gshift;
++ ptr[poffset + 1] = temp;
++ temp = (word & bmask) >> gshift;
++ ptr[poffset + 2] = temp;
++ }
+ column++;
+ }
+ else
+@@ -320,12 +350,16 @@ loader_bmp (FILE *file, int *w, int *h,
+ unsigned char temp;
+
+ linepos += fread(&dword, 4, 1, file);
+- temp = (dword & rmask) >> rshift;
+- ptr[poffset] = temp;
+- temp = (dword & gmask) >> gshift;
+- ptr[poffset + 1] = temp;
+- temp = (dword & bmask) >> bshift;
+- ptr[poffset + 2] = temp;
++ /* possibly corrupted file? */
++ if (poffset < *w * *h * 3)
++ {
++ temp = (dword & rmask) >> rshift;
++ ptr[poffset] = temp;
++ temp = (dword & gmask) >> gshift;
++ ptr[poffset + 1] = temp;
++ temp = (dword & bmask) >> bshift;
++ ptr[poffset + 2] = temp;
++ }
+ column++;
+ }
+ }
+diff -uprk.orig imlib-1.9.14.orig/Imlib/load.c imlib-1.9.14/Imlib/load.c
+--- imlib-1.9.14.orig/Imlib/load.c 2002-03-22 17:43:04 +0300
++++ imlib-1.9.14/Imlib/load.c 2004-09-02 16:34:16 +0400
+@@ -631,12 +631,12 @@ _LoadBMP(ImlibData * id, FILE *file, int
+ fread(dbuf, 4, 2, file);
+ *w = (int)dbuf[0];
+ *h = (int)dbuf[1];
+- if (*w > 32767)
++ if ((*w < 0) || (*w > 32767))
+ {
+ fprintf(stderr, "IMLIB ERROR: Image width > 32767 pixels for file\n");
+ return NULL;
+ }
+- if (*h > 32767)
++ if ((*h < 0) || (*h > 32767))
+ {
+ fprintf(stderr, "IMLIB ERROR: Image height > 32767 pixels for file\n");
+ return NULL;
+@@ -661,6 +661,9 @@ _LoadBMP(ImlibData * id, FILE *file, int
+ ncolors = (int)dbuf[0];
+ if (ncolors == 0)
+ ncolors = 1 << bpp;
++ if ((ncolors < 0) || (ncolors > (1 << bpp)))
++ ncolors = 1 << bpp;
++
+ /* some more sanity checks */
+ if (((comp == BI_RLE4) && (bpp != 4)) || ((comp == BI_RLE8) && (bpp != 8)) || ((comp == BI_BITFIELDS) && (bpp != 16 && bpp != 32)))
+ {
+@@ -786,9 +789,13 @@ _LoadBMP(ImlibData * id, FILE *file, int
+ for (bit = 0; bit < 8; bit++)
+ {
+ index = ((byte & (0x80 >> bit)) ? 1 : 0);
+- ptr[poffset] = cmap[index].r;
+- ptr[poffset + 1] = cmap[index].g;
+- ptr[poffset + 2] = cmap[index].b;
++ /* possibly corrupted file? */
++ if (index < ncolors && poffset < *w * *h * 3)
++ {
++ ptr[poffset] = cmap[index].r;
++ ptr[poffset + 1] = cmap[index].g;
++ ptr[poffset + 2] = cmap[index].b;
++ }
+ column++;
+ }
+ }
+@@ -810,9 +817,13 @@ _LoadBMP(ImlibData * id, FILE *file, int
+ index = ((byte & (0xF0 >> nibble * 4)) >> (!nibble * 4));
+ if (index >= 16)
+ index = 15;
+- ptr[poffset] = cmap[index].r;
+- ptr[poffset + 1] = cmap[index].g;
+- ptr[poffset + 2] = cmap[index].b;
++ /* possibly corrupted file? */
++ if (index < ncolors && poffset < *w * *h * 3)
++ {
++ ptr[poffset] = cmap[index].r;
++ ptr[poffset + 1] = cmap[index].g;
++ ptr[poffset + 2] = cmap[index].b;
++ }
+ column++;
+ }
+ }
+@@ -851,9 +862,13 @@ _LoadBMP(ImlibData * id, FILE *file, int
+ {
+ linepos++;
+ byte = getc(file);
+- ptr[poffset] = cmap[byte].r;
+- ptr[poffset + 1] = cmap[byte].g;
+- ptr[poffset + 2] = cmap[byte].b;
++ /* possibly corrupted file? */
++ if (byte < ncolors && poffset < *w * *h * 3)
++ {
++ ptr[poffset] = cmap[byte].r;
++ ptr[poffset + 1] = cmap[byte].g;
++ ptr[poffset + 2] = cmap[byte].b;
++ }
+ column++;
+ }
+ if (absolute & 0x01)
+@@ -864,9 +879,13 @@ _LoadBMP(ImlibData * id, FILE *file, int
+ {
+ for (i = 0; i < first; i++)
+ {
+- ptr[poffset] = cmap[byte].r;
+- ptr[poffset + 1] = cmap[byte].g;
+- ptr[poffset + 2] = cmap[byte].b;
++ /* possibly corrupted file? */
++ if (byte < ncolors && poffset < *w * *h * 3)
++ {
++ ptr[poffset] = cmap[byte].r;
++ ptr[poffset + 1] = cmap[byte].g;
++ ptr[poffset + 2] = cmap[byte].b;
++ }
+ column++;
+ linepos++;
+ }
+@@ -874,9 +893,13 @@ _LoadBMP(ImlibData * id, FILE *file, int
+ }
+ else
+ {
+- ptr[poffset] = cmap[byte].r;
+- ptr[poffset + 1] = cmap[byte].g;
+- ptr[poffset + 2] = cmap[byte].b;
++ /* possibly corrupted file? */
++ if (byte < ncolors && poffset < *w * *h * 3)
++ {
++ ptr[poffset] = cmap[byte].r;
++ ptr[poffset + 1] = cmap[byte].g;
++ ptr[poffset + 2] = cmap[byte].b;
++ }
+ column++;
+ }
+ }
+@@ -884,9 +907,13 @@ _LoadBMP(ImlibData * id, FILE *file, int
+ else if (bpp == 24)
+ {
+ linepos += fread(bbuf, 1, 3, file);
+- ptr[poffset] = (unsigned char)bbuf[2];
+- ptr[poffset + 1] = (unsigned char)bbuf[1];
+- ptr[poffset + 2] = (unsigned char)bbuf[0];
++ /* possibly corrupted file? */
++ if (poffset < *w * *h * 3)
++ {
++ ptr[poffset] = (unsigned char)bbuf[2];
++ ptr[poffset + 1] = (unsigned char)bbuf[1];
++ ptr[poffset + 2] = (unsigned char)bbuf[0];
++ }
+ column++;
+ }
+ else if (bpp == 16)
+@@ -894,12 +921,16 @@ _LoadBMP(ImlibData * id, FILE *file, int
+ unsigned char temp;
+
+ linepos += fread(&word, 2, 1, file);
+- temp = (word & rmask) >> rshift;
+- ptr[poffset] = temp;
+- temp = (word & gmask) >> gshift;
+- ptr[poffset + 1] = temp;
+- temp = (word & bmask) >> gshift;
+- ptr[poffset + 2] = temp;
++ /* possibly corrupted file? */
++ if (poffset < *w * *h * 3)
++ {
++ temp = (word & rmask) >> rshift;
++ ptr[poffset] = temp;
++ temp = (word & gmask) >> gshift;
++ ptr[poffset + 1] = temp;
++ temp = (word & bmask) >> gshift;
++ ptr[poffset + 2] = temp;
++ }
+ column++;
+ }
+ else
+@@ -907,12 +938,16 @@ _LoadBMP(ImlibData * id, FILE *file, int
+ unsigned char temp;
+
+ linepos += fread(&dword, 4, 1, file);
+- temp = (dword & rmask) >> rshift;
+- ptr[poffset] = temp;
+- temp = (dword & gmask) >> gshift;
+- ptr[poffset + 1] = temp;
+- temp = (dword & bmask) >> bshift;
+- ptr[poffset + 2] = temp;
++ /* possibly corrupted file? */
++ if (poffset < *w * *h * 3)
++ {
++ temp = (dword & rmask) >> rshift;
++ ptr[poffset] = temp;
++ temp = (dword & gmask) >> gshift;
++ ptr[poffset + 1] = temp;
++ temp = (dword & bmask) >> bshift;
++ ptr[poffset + 2] = temp;
++ }
+ column++;
+ }
+ }
diff --git a/media-libs/imlib/imlib-1.9.14-r2.ebuild b/media-libs/imlib/imlib-1.9.14-r2.ebuild
new file mode 100644
index 000000000000..0c2297dd23f1
--- /dev/null
+++ b/media-libs/imlib/imlib-1.9.14-r2.ebuild
@@ -0,0 +1,48 @@
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/media-libs/imlib/imlib-1.9.14-r2.ebuild,v 1.1 2004/09/06 18:17:10 chriswhite Exp $
+
+inherit gnome.org libtool eutils
+
+DESCRIPTION="general image loading and rendering library"
+HOMEPAGE="http://developer.gnome.org/arch/imaging/imlib.html"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="x86 ~ppc ~sparc ~alpha ~hppa ~amd64 ~ia64 ~mips ~ppc64"
+IUSE=""
+
+DEPEND="=x11-libs/gtk+-1.2*
+ >=media-libs/tiff-3.5.5
+ >=media-libs/giflib-4.1.0
+ >=media-libs/libpng-1.2.1
+ >=media-libs/jpeg-6b"
+
+src_unpack() {
+ unpack ${A}
+ # fix config script bug 3425
+ cd ${S}
+ mv imlib-config.in imlib-config.in.bad
+ sed -e "49,51D" -e "55,57D" imlib-config.in.bad > imlib-config.in
+
+ # Security fix per bug #62487
+ epatch ${FILESDIR}/${P}-bound.patch
+}
+
+src_compile() {
+ elibtoolize
+ econf --sysconfdir=/etc/imlib || die
+ emake || die
+}
+
+src_install() {
+ einstall \
+ includedir=${D}/usr/include \
+ sysconfdir=${D}/etc/imlib \
+ || die
+
+ preplib /usr
+
+ dodoc AUTHORS COPYING* ChangeLog README NEWS
+ dohtml -r doc
+}