summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Volkov <pva@gentoo.org>2007-12-10 20:14:28 +0000
committerPeter Volkov <pva@gentoo.org>2007-12-10 20:14:28 +0000
commit6ef481c2205b0d761f87a1165c2318a91b82deaa (patch)
treeb1d26257ce67e3c2cb88f7b31610e0560fcd6ff5 /media-libs
parentAdd patch fixing news test. (diff)
downloadgentoo-2-6ef481c2205b0d761f87a1165c2318a91b82deaa.tar.gz
gentoo-2-6ef481c2205b0d761f87a1165c2318a91b82deaa.tar.bz2
gentoo-2-6ef481c2205b0d761f87a1165c2318a91b82deaa.zip
Fixed denial of service (infinite loop) via a BMP image, bug #201887.
Fixed bug which prevented imlib to render images is MIT-SHM when the MIT-SHM extension doesn't support shared pixmaps (bugs.debian.org/448360). Thank for report Antti Mäkelä <zarhan AT cs.tut.fi>. Homepage changed. No website is available for this old library, so pointing to sources location. (Portage version: 2.1.3.19)
Diffstat (limited to 'media-libs')
-rw-r--r--media-libs/imlib/ChangeLog13
-rw-r--r--media-libs/imlib/files/digest-imlib-1.9.15-r23
-rw-r--r--media-libs/imlib/files/imlib-1.9.15-bpp16-CVE-2007-3568.patch11
-rw-r--r--media-libs/imlib/files/imlib-1.9.15-fix-rendering.patch105
-rw-r--r--media-libs/imlib/imlib-1.9.15-r2.ebuild63
5 files changed, 194 insertions, 1 deletions
diff --git a/media-libs/imlib/ChangeLog b/media-libs/imlib/ChangeLog
index 5da421f9d4f2..20ac825a3b50 100644
--- a/media-libs/imlib/ChangeLog
+++ b/media-libs/imlib/ChangeLog
@@ -1,6 +1,17 @@
# ChangeLog for media-libs/imlib
# Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-libs/imlib/ChangeLog,v 1.57 2007/09/23 14:18:20 drac Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-libs/imlib/ChangeLog,v 1.58 2007/12/10 20:14:24 pva Exp $
+
+*imlib-1.9.15-r2 (10 Dec 2007)
+
+ 10 Dec 2007; <pva@gentoo.org>
+ +files/imlib-1.9.15-bpp16-CVE-2007-3568.patch,
+ +files/imlib-1.9.15-fix-rendering.patch, +imlib-1.9.15-r2.ebuild:
+ Fixed denial of service (infinite loop) via a BMP image, bug #201887. Fixed
+ bug which prevented imlib to render images is MIT-SHM when the MIT-SHM
+ extension doesn't support shared pixmaps (bugs.debian.org/448360). Thank for
+ report Antti Mäkelä <zarhan AT cs.tut.fi>. Homepage changed. No website is
+ available for this old library, so pointing to sources location.
23 Sep 2007; Samuli Suominen <drac@gentoo.org> imlib-1.9.15-r1.ebuild:
Fix modular X deps wrt #192733.
diff --git a/media-libs/imlib/files/digest-imlib-1.9.15-r2 b/media-libs/imlib/files/digest-imlib-1.9.15-r2
new file mode 100644
index 000000000000..52c816f8266d
--- /dev/null
+++ b/media-libs/imlib/files/digest-imlib-1.9.15-r2
@@ -0,0 +1,3 @@
+MD5 7db987e6c52e4daf70d7d0f471238eae imlib-1.9.15.tar.bz2 683242
+RMD160 195b80833167134ba2d9a9574d420279f9cf55f4 imlib-1.9.15.tar.bz2 683242
+SHA256 4e6a270308a9ae16586bfc133c1a3dfb2e56f431edb66aaa3a80e36e5ed84ce0 imlib-1.9.15.tar.bz2 683242
diff --git a/media-libs/imlib/files/imlib-1.9.15-bpp16-CVE-2007-3568.patch b/media-libs/imlib/files/imlib-1.9.15-bpp16-CVE-2007-3568.patch
new file mode 100644
index 000000000000..94595ffdf55a
--- /dev/null
+++ b/media-libs/imlib/files/imlib-1.9.15-bpp16-CVE-2007-3568.patch
@@ -0,0 +1,11 @@
+--- Imlib/load.c.orig 2007-08-13 23:06:20.000000000 -0300
++++ Imlib/load.c 2007-08-13 23:06:51.000000000 -0300
+@@ -645,7 +645,7 @@
+ planes = (int)word;
+ fread(&word, 2, 1, file);
+ bpp = (int)word;
+- if (bpp != 1 && bpp != 4 && bpp != 8 && bpp && 16 && bpp != 24 && bpp != 32)
++ if (bpp != 1 && bpp != 4 && bpp != 8 && bpp != 16 && bpp != 24 && bpp != 32)
+ {
+ fprintf(stderr, "IMLIB ERROR: unknown bitdepth in file\n");
+ return NULL;
diff --git a/media-libs/imlib/files/imlib-1.9.15-fix-rendering.patch b/media-libs/imlib/files/imlib-1.9.15-fix-rendering.patch
new file mode 100644
index 000000000000..6212ed31428e
--- /dev/null
+++ b/media-libs/imlib/files/imlib-1.9.15-fix-rendering.patch
@@ -0,0 +1,105 @@
+Michel Dänzer <daenzer AT debian.org>
+
+* The boolean value returned via the last parameter to XShmQueryVersion()
+ isn't honoured everywhere.
+* The init functions that take parameters allow the caller to enable shared
+ pixmaps when they aren't supported (or disabled by configuration files).
+
+
+These result in incorrect rendering when the MIT-SHM extension doesn't support
+shared pixmaps, e.g. using EXA with current versions of Xorg.
+
+http://bugs.gentoo.org/show_bug.cgi?id=197489
+
+diff -up -ru imlib-1.9.15.orig/gdk_imlib/misc.c imlib-1.9.15/gdk_imlib/misc.c
+--- imlib-1.9.15.orig/gdk_imlib/misc.c 2002-03-04 18:06:32.000000000 +0100
++++ imlib-1.9.15/gdk_imlib/misc.c 2007-10-28 14:00:04.000000000 +0100
+@@ -674,6 +674,10 @@ gdk_imlib_init_params(GdkImlibInitParams
+ visual = gdk_rgb_get_visual();
+ id->x.visual = GDK_VISUAL_XVISUAL(visual); /* the visual type */
+ id->x.depth = visual->depth; /* the depth of the screen in bpp */
++
++ id->x.shm = 0;
++ id->x.shmp = 0;
++ id->max_shm = 0;
+ #ifdef HAVE_SHM
+ if (XShmQueryExtension(id->x.disp))
+ {
+@@ -689,17 +693,14 @@ gdk_imlib_init_params(GdkImlibInitParams
+ id->x.last_xim = NULL;
+ id->x.last_sxim = NULL;
+ id->max_shm = 0x7fffffff;
+- if (XShmPixmapFormat(id->x.disp) == ZPixmap)
++ if ((XShmPixmapFormat(id->x.disp) == ZPixmap) &&
++ (pm == True))
+ id->x.shmp = 1;
+ }
+ }
+ }
+- else
+ #endif
+- {
+- id->x.shm = 0;
+- id->x.shmp = 0;
+- }
++
+ id->cache.on_image = 0;
+ id->cache.size_image = 0;
+ id->cache.num_image = 0;
+@@ -935,8 +936,8 @@ gdk_imlib_init_params(GdkImlibInitParams
+ }
+ if (p->flags & PARAMS_SHAREDPIXMAPS)
+ {
+- if (id->x.shm)
+- id->x.shmp = p->sharedpixmaps;
++ if (!p->sharedpixmaps)
++ id->x.shmp = 0;
+ }
+ if (p->flags & PARAMS_PALETTEOVERRIDE)
+ override = p->paletteoverride;
+diff -up -ru imlib-1.9.15.orig/Imlib/misc.c imlib-1.9.15/Imlib/misc.c
+--- imlib-1.9.15.orig/Imlib/misc.c 2004-09-21 02:22:59.000000000 +0200
++++ imlib-1.9.15/Imlib/misc.c 2007-10-28 14:00:23.000000000 +0100
+@@ -675,6 +675,10 @@ Imlib_init_with_params(Display * disp, I
+ id->x.root = DefaultRootWindow(disp); /* the root window id */
+ id->x.visual = DefaultVisual(disp, id->x.screen); /* the visual type */
+ id->x.depth = DefaultDepth(disp, id->x.screen); /* the depth of the screen in bpp */
++
++ id->x.shm = 0;
++ id->x.shmp = 0;
++ id->max_shm = 0;
+ #ifdef HAVE_SHM
+ if (XShmQueryExtension(id->x.disp))
+ {
+@@ -690,17 +694,14 @@ Imlib_init_with_params(Display * disp, I
+ id->x.last_xim = NULL;
+ id->x.last_sxim = NULL;
+ id->max_shm = 0x7fffffff;
+- if (XShmPixmapFormat(id->x.disp) == ZPixmap)
++ if ((XShmPixmapFormat(id->x.disp) == ZPixmap &&
++ (pm == True)))
+ id->x.shmp = 1;
+ }
+ }
+ }
+- else
+ #endif
+- {
+- id->x.shm = 0;
+- id->x.shmp = 0;
+- }
++
+ id->cache.on_image = 0;
+ id->cache.size_image = 0;
+ id->cache.num_image = 0;
+@@ -952,8 +953,8 @@ Imlib_init_with_params(Display * disp, I
+ }
+ if (p->flags & PARAMS_SHAREDPIXMAPS)
+ {
+- if (id->x.shm)
+- id->x.shmp = p->sharedpixmaps;
++ if (!p->sharedpixmaps)
++ id->x.shmp = 0;
+ }
+ if (p->flags & PARAMS_PALETTEOVERRIDE)
+ override = p->paletteoverride;
diff --git a/media-libs/imlib/imlib-1.9.15-r2.ebuild b/media-libs/imlib/imlib-1.9.15-r2.ebuild
new file mode 100644
index 000000000000..91d40a11760e
--- /dev/null
+++ b/media-libs/imlib/imlib-1.9.15-r2.ebuild
@@ -0,0 +1,63 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/media-libs/imlib/imlib-1.9.15-r2.ebuild,v 1.1 2007/12/10 20:14:24 pva Exp $
+
+inherit autotools eutils gnome.org
+
+DESCRIPTION="Image loading and rendering library"
+HOMEPAGE="http://ftp.acc.umu.se/pub/GNOME/sources/imlib/1.9/"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86 ~x86-fbsd"
+IUSE="doc gtk"
+
+RDEPEND="gtk? ( =x11-libs/gtk+-1.2* )
+ >=media-libs/tiff-3.5.5
+ >=media-libs/giflib-4.1.0
+ >=media-libs/libpng-1.2.1
+ >=media-libs/jpeg-6b
+ x11-libs/libICE
+ x11-libs/libSM
+ x11-libs/libXext"
+DEPEND="${RDEPEND}"
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+
+ # Fix aclocal underquoted definition warnings.
+ # Conditionalize gdk functions for bug 40453.
+ # Fix imlib-config for bug 3425.
+ epatch "${FILESDIR}"/${P}.patch
+
+ # Fix security bug 72681.
+ epatch "${FILESDIR}"/${PN}-security.patch
+
+ # Fixes security bug #201887
+ epatch "${FILESDIR}"/${P}-bpp16-CVE-2007-3568.patch
+
+ # Fixes #197489
+ epatch "${FILESDIR}"/${P}-fix-rendering.patch
+
+ eautoconf
+ _elibtoolize
+}
+
+src_compile() {
+ econf --sysconfdir=/etc/imlib \
+ $(use_enable gtk gdk) \
+ $(use_enable gtk gtktest)
+
+ emake || die "emake failed."
+}
+
+src_install() {
+ emake DESTDIR="${D}" install || die "emake install failed."
+
+ dodoc AUTHORS ChangeLog README
+ use doc && dohtml doc/*
+
+ # Hack to avoid installing pkgconfig file.
+ use gtk || rm "${D}"/usr/lib*/pkgconfig/imlibgdk.pc
+}