diff options
author | Chris White <chriswhite@gentoo.org> | 2004-09-06 18:17:10 +0000 |
---|---|---|
committer | Chris White <chriswhite@gentoo.org> | 2004-09-06 18:17:10 +0000 |
commit | 78ff4188e78f8da08050d765070f6693040bdb36 (patch) | |
tree | 0697e459e777249ff595d80bab887b3558b8b51b | |
parent | Switch to use epause and ebeep, bug #62950 (Manifest recommit) (diff) | |
download | gentoo-2-78ff4188e78f8da08050d765070f6693040bdb36.tar.gz gentoo-2-78ff4188e78f8da08050d765070f6693040bdb36.tar.bz2 gentoo-2-78ff4188e78f8da08050d765070f6693040bdb36.zip |
Security rev bump per Bug #62487. x86 stable marked for security bug.
-rw-r--r-- | media-libs/imlib/ChangeLog | 8 | ||||
-rw-r--r-- | media-libs/imlib/Manifest | 4 | ||||
-rw-r--r-- | media-libs/imlib/files/digest-imlib-1.9.14-r2 | 1 | ||||
-rw-r--r-- | media-libs/imlib/files/imlib-1.9.14-bound.patch | 372 | ||||
-rw-r--r-- | media-libs/imlib/imlib-1.9.14-r2.ebuild | 48 |
5 files changed, 432 insertions, 1 deletions
diff --git a/media-libs/imlib/ChangeLog b/media-libs/imlib/ChangeLog index 0dbc6995408a..8930d1104f0d 100644 --- a/media-libs/imlib/ChangeLog +++ b/media-libs/imlib/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for media-libs/imlib # Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/media-libs/imlib/ChangeLog,v 1.22 2004/08/26 13:20:05 hanno Exp $ +# $Header: /var/cvsroot/gentoo-x86/media-libs/imlib/ChangeLog,v 1.23 2004/09/06 18:17:10 chriswhite Exp $ + +*imlib-1.9.14-r2 (06 Sep 2004) + + 06 Sep 2004; Chris White <chriswhite@gentoo.org> + +files/imlib-1.9.14-bound.patch, +imlib-1.9.14-r2.ebuild: + Security rev bump per Bug #62487. x86 stable marked for security bug. 26 Aug 2004; Hanno Boeck <hanno@gentoo.org> imlib-1.9.14-r1.ebuild: Re-indtroduced the hard-gtk-dep, because the "hack" to disable it didn't diff --git a/media-libs/imlib/Manifest b/media-libs/imlib/Manifest index f13af588ed27..2413055affce 100644 --- a/media-libs/imlib/Manifest +++ b/media-libs/imlib/Manifest @@ -1,3 +1,7 @@ MD5 34f3d96491e4deca088607ec313b125a ChangeLog 3137 MD5 7aaf257fcfc9454467c6d23901e040af imlib-1.9.14-r1.ebuild 1034 +MD5 862b0584a9d6943e29981bda77601905 imlib-1.9.14-r2.ebuild 1119 +MD5 9de297e663a0d8c7ec5b5c8a8bd91e98 imlib.out 3238 MD5 249b41b845e39ccae3a4022bead066e9 files/digest-imlib-1.9.14-r1 65 +MD5 249b41b845e39ccae3a4022bead066e9 files/digest-imlib-1.9.14-r2 65 +MD5 785e01e32ee3640d632ac61e28d14aa4 files/imlib-1.9.14-bound.patch 11764 diff --git a/media-libs/imlib/files/digest-imlib-1.9.14-r2 b/media-libs/imlib/files/digest-imlib-1.9.14-r2 new file mode 100644 index 000000000000..2506fdb6b205 --- /dev/null +++ b/media-libs/imlib/files/digest-imlib-1.9.14-r2 @@ -0,0 +1 @@ +MD5 a337643f75bb431034d7213ac74f13dc imlib-1.9.14.tar.bz2 587947 diff --git a/media-libs/imlib/files/imlib-1.9.14-bound.patch b/media-libs/imlib/files/imlib-1.9.14-bound.patch new file mode 100644 index 000000000000..d2385e529392 --- /dev/null +++ b/media-libs/imlib/files/imlib-1.9.14-bound.patch @@ -0,0 +1,372 @@ +diff -uprk.orig imlib-1.9.14.orig/gdk_imlib/io-bmp.c imlib-1.9.14/gdk_imlib/io-bmp.c +--- imlib-1.9.14.orig/gdk_imlib/io-bmp.c 2002-03-04 20:06:29 +0300 ++++ imlib-1.9.14/gdk_imlib/io-bmp.c 2004-09-02 16:36:16 +0400 +@@ -10,7 +10,7 @@ loader_bmp (FILE *file, int *w, int *h, + linesize, linepos, rshift = 0, gshift = 0, bshift = 0; + unsigned char byte; + short int word; +- long int dbuf[4], dword, rmask = 0, gmask = 0, bmask = 0, offset, ++ long int dbuf[4], dword, rmask = 0xff, gmask = 0xff, bmask = 0xff, offset, + size; + signed char bbuf[4]; + struct _cmap +@@ -32,7 +32,7 @@ loader_bmp (FILE *file, int *w, int *h, + * Reading the bmp header + */ + +- fread(&bbuf, 1, 2, file); ++ fread(bbuf, 1, 2, file); + + fread(dbuf, 4, 4, file); + +@@ -42,12 +42,12 @@ loader_bmp (FILE *file, int *w, int *h, + fread(dbuf, 4, 2, file); + *w = (int)dbuf[0]; + *h = (int)dbuf[1]; +- if (*w > 32767) ++ if ((*w < 0) || (*w > 32767)) + { + fprintf(stderr, "IMLIB ERROR: Image width > 32767 pixels for file\n"); + return NULL; + } +- if (*h > 32767) ++ if ((*h < 0) || (*h > 32767)) + { + fprintf(stderr, "IMLIB ERROR: Image height > 32767 pixels for file\n"); + return NULL; +@@ -72,6 +72,9 @@ loader_bmp (FILE *file, int *w, int *h, + ncolors = (int)dbuf[0]; + if (ncolors == 0) + ncolors = 1 << bpp; ++ if ((ncolors < 0) || (ncolors > (1 << bpp))) ++ ncolors = 1 << bpp; ++ + /* some more sanity checks */ + if (((comp == BI_RLE4) && (bpp != 4)) || ((comp == BI_RLE8) && (bpp != 8)) || ((comp == BI_BITFIELDS) && (bpp != 16 && bpp != 32))) + { +@@ -197,9 +200,13 @@ loader_bmp (FILE *file, int *w, int *h, + for (bit = 0; bit < 8; bit++) + { + index = ((byte & (0x80 >> bit)) ? 1 : 0); +- ptr[poffset] = cmap[index].r; +- ptr[poffset + 1] = cmap[index].g; +- ptr[poffset + 2] = cmap[index].b; ++ /* possibly corrupted file? */ ++ if (index < ncolors && poffset < *w * *h * 3) ++ { ++ ptr[poffset] = cmap[index].r; ++ ptr[poffset + 1] = cmap[index].g; ++ ptr[poffset + 2] = cmap[index].b; ++ } + column++; + } + } +@@ -221,9 +228,13 @@ loader_bmp (FILE *file, int *w, int *h, + index = ((byte & (0xF0 >> nibble * 4)) >> (!nibble * 4)); + if (index >= 16) + index = 15; +- ptr[poffset] = cmap[index].r; +- ptr[poffset + 1] = cmap[index].g; +- ptr[poffset + 2] = cmap[index].b; ++ /* possibly corrupted file? */ ++ if (index < ncolors && poffset < *w * *h * 3) ++ { ++ ptr[poffset] = cmap[index].r; ++ ptr[poffset + 1] = cmap[index].g; ++ ptr[poffset + 2] = cmap[index].b; ++ } + column++; + } + } +@@ -263,9 +274,13 @@ loader_bmp (FILE *file, int *w, int *h, + { + linepos++; + byte = getc(file); +- ptr[poffset] = cmap[byte].r; +- ptr[poffset + 1] = cmap[byte].g; +- ptr[poffset + 2] = cmap[byte].b; ++ /* possibly corrupted file? */ ++ if (byte < ncolors && poffset < *w * *h * 3) ++ { ++ ptr[poffset] = cmap[byte].r; ++ ptr[poffset + 1] = cmap[byte].g; ++ ptr[poffset + 2] = cmap[byte].b; ++ } + column++; + } + if (absolute & 0x01) +@@ -276,9 +291,13 @@ loader_bmp (FILE *file, int *w, int *h, + { + for (i = 0; i < first; i++) + { +- ptr[poffset] = cmap[byte].r; +- ptr[poffset + 1] = cmap[byte].g; +- ptr[poffset + 2] = cmap[byte].b; ++ /* possibly corrupted file? */ ++ if (byte < ncolors && poffset < *w * *h * 3) ++ { ++ ptr[poffset] = cmap[byte].r; ++ ptr[poffset + 1] = cmap[byte].g; ++ ptr[poffset + 2] = cmap[byte].b; ++ } + column++; + linepos++; + } +@@ -286,20 +305,27 @@ loader_bmp (FILE *file, int *w, int *h, + } + else + { +- ptr[poffset] = cmap[byte].r; +- ptr[poffset + 1] = cmap[byte].g; +- ptr[poffset + 2] = cmap[byte].b; ++ /* possibly corrupted file? */ ++ if (byte < ncolors && poffset < *w * *h * 3) ++ { ++ ptr[poffset] = cmap[byte].r; ++ ptr[poffset + 1] = cmap[byte].g; ++ ptr[poffset + 2] = cmap[byte].b; ++ } + column++; +- linepos += size; + } + } + } + else if (bpp == 24) + { +- linepos += fread(&bbuf, 1, 3, file); +- ptr[poffset] = (unsigned char)bbuf[2]; +- ptr[poffset + 1] = (unsigned char)bbuf[1]; +- ptr[poffset + 2] = (unsigned char)bbuf[0]; ++ linepos += fread(bbuf, 1, 3, file); ++ /* possibly corrupted file? */ ++ if (poffset < *w * *h * 3) ++ { ++ ptr[poffset] = (unsigned char)bbuf[2]; ++ ptr[poffset + 1] = (unsigned char)bbuf[1]; ++ ptr[poffset + 2] = (unsigned char)bbuf[0]; ++ } + column++; + } + else if (bpp == 16) +@@ -307,12 +333,16 @@ loader_bmp (FILE *file, int *w, int *h, + unsigned char temp; + + linepos += fread(&word, 2, 1, file); +- temp = (word & rmask) >> rshift; +- ptr[poffset] = temp; +- temp = (word & gmask) >> gshift; +- ptr[poffset + 1] = temp; +- temp = (word & bmask) >> gshift; +- ptr[poffset + 2] = temp; ++ /* possibly corrupted file? */ ++ if (poffset < *w * *h * 3) ++ { ++ temp = (word & rmask) >> rshift; ++ ptr[poffset] = temp; ++ temp = (word & gmask) >> gshift; ++ ptr[poffset + 1] = temp; ++ temp = (word & bmask) >> gshift; ++ ptr[poffset + 2] = temp; ++ } + column++; + } + else +@@ -320,12 +350,16 @@ loader_bmp (FILE *file, int *w, int *h, + unsigned char temp; + + linepos += fread(&dword, 4, 1, file); +- temp = (dword & rmask) >> rshift; +- ptr[poffset] = temp; +- temp = (dword & gmask) >> gshift; +- ptr[poffset + 1] = temp; +- temp = (dword & bmask) >> bshift; +- ptr[poffset + 2] = temp; ++ /* possibly corrupted file? */ ++ if (poffset < *w * *h * 3) ++ { ++ temp = (dword & rmask) >> rshift; ++ ptr[poffset] = temp; ++ temp = (dword & gmask) >> gshift; ++ ptr[poffset + 1] = temp; ++ temp = (dword & bmask) >> bshift; ++ ptr[poffset + 2] = temp; ++ } + column++; + } + } +diff -uprk.orig imlib-1.9.14.orig/Imlib/load.c imlib-1.9.14/Imlib/load.c +--- imlib-1.9.14.orig/Imlib/load.c 2002-03-22 17:43:04 +0300 ++++ imlib-1.9.14/Imlib/load.c 2004-09-02 16:34:16 +0400 +@@ -631,12 +631,12 @@ _LoadBMP(ImlibData * id, FILE *file, int + fread(dbuf, 4, 2, file); + *w = (int)dbuf[0]; + *h = (int)dbuf[1]; +- if (*w > 32767) ++ if ((*w < 0) || (*w > 32767)) + { + fprintf(stderr, "IMLIB ERROR: Image width > 32767 pixels for file\n"); + return NULL; + } +- if (*h > 32767) ++ if ((*h < 0) || (*h > 32767)) + { + fprintf(stderr, "IMLIB ERROR: Image height > 32767 pixels for file\n"); + return NULL; +@@ -661,6 +661,9 @@ _LoadBMP(ImlibData * id, FILE *file, int + ncolors = (int)dbuf[0]; + if (ncolors == 0) + ncolors = 1 << bpp; ++ if ((ncolors < 0) || (ncolors > (1 << bpp))) ++ ncolors = 1 << bpp; ++ + /* some more sanity checks */ + if (((comp == BI_RLE4) && (bpp != 4)) || ((comp == BI_RLE8) && (bpp != 8)) || ((comp == BI_BITFIELDS) && (bpp != 16 && bpp != 32))) + { +@@ -786,9 +789,13 @@ _LoadBMP(ImlibData * id, FILE *file, int + for (bit = 0; bit < 8; bit++) + { + index = ((byte & (0x80 >> bit)) ? 1 : 0); +- ptr[poffset] = cmap[index].r; +- ptr[poffset + 1] = cmap[index].g; +- ptr[poffset + 2] = cmap[index].b; ++ /* possibly corrupted file? */ ++ if (index < ncolors && poffset < *w * *h * 3) ++ { ++ ptr[poffset] = cmap[index].r; ++ ptr[poffset + 1] = cmap[index].g; ++ ptr[poffset + 2] = cmap[index].b; ++ } + column++; + } + } +@@ -810,9 +817,13 @@ _LoadBMP(ImlibData * id, FILE *file, int + index = ((byte & (0xF0 >> nibble * 4)) >> (!nibble * 4)); + if (index >= 16) + index = 15; +- ptr[poffset] = cmap[index].r; +- ptr[poffset + 1] = cmap[index].g; +- ptr[poffset + 2] = cmap[index].b; ++ /* possibly corrupted file? */ ++ if (index < ncolors && poffset < *w * *h * 3) ++ { ++ ptr[poffset] = cmap[index].r; ++ ptr[poffset + 1] = cmap[index].g; ++ ptr[poffset + 2] = cmap[index].b; ++ } + column++; + } + } +@@ -851,9 +862,13 @@ _LoadBMP(ImlibData * id, FILE *file, int + { + linepos++; + byte = getc(file); +- ptr[poffset] = cmap[byte].r; +- ptr[poffset + 1] = cmap[byte].g; +- ptr[poffset + 2] = cmap[byte].b; ++ /* possibly corrupted file? */ ++ if (byte < ncolors && poffset < *w * *h * 3) ++ { ++ ptr[poffset] = cmap[byte].r; ++ ptr[poffset + 1] = cmap[byte].g; ++ ptr[poffset + 2] = cmap[byte].b; ++ } + column++; + } + if (absolute & 0x01) +@@ -864,9 +879,13 @@ _LoadBMP(ImlibData * id, FILE *file, int + { + for (i = 0; i < first; i++) + { +- ptr[poffset] = cmap[byte].r; +- ptr[poffset + 1] = cmap[byte].g; +- ptr[poffset + 2] = cmap[byte].b; ++ /* possibly corrupted file? */ ++ if (byte < ncolors && poffset < *w * *h * 3) ++ { ++ ptr[poffset] = cmap[byte].r; ++ ptr[poffset + 1] = cmap[byte].g; ++ ptr[poffset + 2] = cmap[byte].b; ++ } + column++; + linepos++; + } +@@ -874,9 +893,13 @@ _LoadBMP(ImlibData * id, FILE *file, int + } + else + { +- ptr[poffset] = cmap[byte].r; +- ptr[poffset + 1] = cmap[byte].g; +- ptr[poffset + 2] = cmap[byte].b; ++ /* possibly corrupted file? */ ++ if (byte < ncolors && poffset < *w * *h * 3) ++ { ++ ptr[poffset] = cmap[byte].r; ++ ptr[poffset + 1] = cmap[byte].g; ++ ptr[poffset + 2] = cmap[byte].b; ++ } + column++; + } + } +@@ -884,9 +907,13 @@ _LoadBMP(ImlibData * id, FILE *file, int + else if (bpp == 24) + { + linepos += fread(bbuf, 1, 3, file); +- ptr[poffset] = (unsigned char)bbuf[2]; +- ptr[poffset + 1] = (unsigned char)bbuf[1]; +- ptr[poffset + 2] = (unsigned char)bbuf[0]; ++ /* possibly corrupted file? */ ++ if (poffset < *w * *h * 3) ++ { ++ ptr[poffset] = (unsigned char)bbuf[2]; ++ ptr[poffset + 1] = (unsigned char)bbuf[1]; ++ ptr[poffset + 2] = (unsigned char)bbuf[0]; ++ } + column++; + } + else if (bpp == 16) +@@ -894,12 +921,16 @@ _LoadBMP(ImlibData * id, FILE *file, int + unsigned char temp; + + linepos += fread(&word, 2, 1, file); +- temp = (word & rmask) >> rshift; +- ptr[poffset] = temp; +- temp = (word & gmask) >> gshift; +- ptr[poffset + 1] = temp; +- temp = (word & bmask) >> gshift; +- ptr[poffset + 2] = temp; ++ /* possibly corrupted file? */ ++ if (poffset < *w * *h * 3) ++ { ++ temp = (word & rmask) >> rshift; ++ ptr[poffset] = temp; ++ temp = (word & gmask) >> gshift; ++ ptr[poffset + 1] = temp; ++ temp = (word & bmask) >> gshift; ++ ptr[poffset + 2] = temp; ++ } + column++; + } + else +@@ -907,12 +938,16 @@ _LoadBMP(ImlibData * id, FILE *file, int + unsigned char temp; + + linepos += fread(&dword, 4, 1, file); +- temp = (dword & rmask) >> rshift; +- ptr[poffset] = temp; +- temp = (dword & gmask) >> gshift; +- ptr[poffset + 1] = temp; +- temp = (dword & bmask) >> bshift; +- ptr[poffset + 2] = temp; ++ /* possibly corrupted file? */ ++ if (poffset < *w * *h * 3) ++ { ++ temp = (dword & rmask) >> rshift; ++ ptr[poffset] = temp; ++ temp = (dword & gmask) >> gshift; ++ ptr[poffset + 1] = temp; ++ temp = (dword & bmask) >> bshift; ++ ptr[poffset + 2] = temp; ++ } + column++; + } + } diff --git a/media-libs/imlib/imlib-1.9.14-r2.ebuild b/media-libs/imlib/imlib-1.9.14-r2.ebuild new file mode 100644 index 000000000000..0c2297dd23f1 --- /dev/null +++ b/media-libs/imlib/imlib-1.9.14-r2.ebuild @@ -0,0 +1,48 @@ +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/media-libs/imlib/imlib-1.9.14-r2.ebuild,v 1.1 2004/09/06 18:17:10 chriswhite Exp $ + +inherit gnome.org libtool eutils + +DESCRIPTION="general image loading and rendering library" +HOMEPAGE="http://developer.gnome.org/arch/imaging/imlib.html" + +SLOT="0" +LICENSE="GPL-2" +KEYWORDS="x86 ~ppc ~sparc ~alpha ~hppa ~amd64 ~ia64 ~mips ~ppc64" +IUSE="" + +DEPEND="=x11-libs/gtk+-1.2* + >=media-libs/tiff-3.5.5 + >=media-libs/giflib-4.1.0 + >=media-libs/libpng-1.2.1 + >=media-libs/jpeg-6b" + +src_unpack() { + unpack ${A} + # fix config script bug 3425 + cd ${S} + mv imlib-config.in imlib-config.in.bad + sed -e "49,51D" -e "55,57D" imlib-config.in.bad > imlib-config.in + + # Security fix per bug #62487 + epatch ${FILESDIR}/${P}-bound.patch +} + +src_compile() { + elibtoolize + econf --sysconfdir=/etc/imlib || die + emake || die +} + +src_install() { + einstall \ + includedir=${D}/usr/include \ + sysconfdir=${D}/etc/imlib \ + || die + + preplib /usr + + dodoc AUTHORS COPYING* ChangeLog README NEWS + dohtml -r doc +} |