diff options
| author |   Olivier Crête <tester@gentoo.org> | 2008-03-08 16:30:51 +0000 |
|---|---|---|
| committer | Olivier Crête <tester@gentoo.org> | 2008-03-08 16:30:51 +0000 |
| commit | bc67856282dd58b6ea24c7ba5d765a89941d0133 (patch) | |
| tree | e02cf2ea45a8350ad3894b37541abe9770a929b8 /dev-util/insight | |
| parent | amd64 stable wrt bug #209049 (diff) | |
| download | historical-bc67856282dd58b6ea24c7ba5d765a89941d0133.tar.gz historical-bc67856282dd58b6ea24c7ba5d765a89941d0133.tar.bz2 historical-bc67856282dd58b6ea24c7ba5d765a89941d0133.zip | |
Add fix for malformed GIF loading exploit, bug #208464
Package-Manager: portage-2.1.4.4
Diffstat (limited to 'dev-util/insight')
| -rw-r--r-- | dev-util/insight/ChangeLog | 10 | ||||
| -rw-r--r-- | dev-util/insight/Manifest | 14 | ||||
| -rw-r--r-- | dev-util/insight/files/tkImgGIF.patch | 63 | ||||
| -rw-r--r-- | dev-util/insight/insight-6.7.1-r1.ebuild | 76 |
4 files changed, 160 insertions, 3 deletions
diff --git a/dev-util/insight/ChangeLog b/dev-util/insight/ChangeLog index 7ca772a0afd3..5eefcbcbd197 100644 --- a/dev-util/insight/ChangeLog +++ b/dev-util/insight/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for dev-util/insight -# Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/dev-util/insight/ChangeLog,v 1.41 2007/11/09 08:41:38 vapier Exp $ +# Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/dev-util/insight/ChangeLog,v 1.42 2008/03/08 16:30:51 tester Exp $ + +*insight-6.7.1-r1 (08 Mar 2008) + + 08 Mar 2008; Olivier Crête <tester@gentoo.org> +files/tkImgGIF.patch, + +insight-6.7.1-r1.ebuild: + Add fix for malformed GIF loading exploit, bug #208464 *insight-6.7.1 (09 Nov 2007) diff --git a/dev-util/insight/Manifest b/dev-util/insight/Manifest index 0856958d4b1f..a9969ea8b234 100644 --- a/dev-util/insight/Manifest +++ b/dev-util/insight/Manifest @@ -1,11 +1,23 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + AUX 99insight 70 RMD160 52fcaed6d1e98148a618831a70244e0ff7ff20e2 SHA1 279361aa99e14f091277c23e31922a9fa75a0b02 SHA256 3d2b493b8b7879f26b8189b3d424aeefa39f9eba1784b34c6741882eff9c1e78 AUX insight-6.6-DESTDIR.patch 7362 RMD160 f3ea5ca1d9dc2cabe1507c079c4af0427ef7867b SHA1 981f91bd340a1ab84d96c37f74de636ff17ea2a3 SHA256 3a8680c762b3d3fd75a02662dc5d0fac262e30aa91407b7cf553abd201b6d0a0 AUX insight-6.6-burn-paths.patch 446 RMD160 e2ec981c7effaadf4ea2fc5382349e246d441dd1 SHA1 f021a3fc73ffcd3cd416a824b2f09b06dc442b7c SHA256 c80421818de4f7daaf1b8fde2251a06dc97b8de1fa38d6ef77aecabd301bf182 +AUX tkImgGIF.patch 2577 RMD160 ac6e4f4632bdf2ca8047a65238b691cbc063b8a2 SHA1 9aca848bbd3228325e1172ee409c1f8dac063636 SHA256 cd43fc8520b42f0c4a4b82cc89ae5b980f08426d1aa9936de28312e1e1f5b9d9 DIST insight-6.5.tar.bz2 21393030 RMD160 b3be9abd75ae9dab0a5070ea3f145718493bd55c SHA1 d7aa4baed9f564dd07b4d184cf706d9487607ee3 SHA256 84fa7cc6b17b73b68c131a9afcdb6bd23149b73d82b61986cfbc1fe092e83730 DIST insight-6.6.tar.bz2 22569121 RMD160 fa5c4a2a812fc07a02669460e582db3d35a8b484 SHA1 ab08d2dd753f761c3401e4fc1d4fa63f117623ee SHA256 937c21b75be6f3db60f43cf9507e2e59237abe8ee568e512b6bd94358781144c DIST insight-6.7.1.tar.bz2 23172660 RMD160 475429a4429c65db7a783072eb5f2b00f05ee530 SHA1 014a1492621afd5c5ec012b1f4fdc43eef400e7b SHA256 c3b3fd534b1da4be279517e1755ce4fa65bc011ed0d62a1bb7e1aab219513542 EBUILD insight-6.5.ebuild 1185 RMD160 359e0ffb6888a5acfaceb3c64b5b014db8b42668 SHA1 0152b1d77e2c54308bb455c56fc4dfa27d59cb35 SHA256 c83c82e3d10f892b30a4dac00e7d6e437f921553aaf9ffb811369ef41ec48c01 EBUILD insight-6.6.ebuild 1844 RMD160 0c60a58dd790d4ccdee45c31413ab280cfbc287a SHA1 4a114c01cb106c5cf6f2a5df7ec85660ea90b089 SHA256 bb8d6e50b0b62c309538e40ac2e74d686ee7f7dfa0349daadeb05aabb5601809 +EBUILD insight-6.7.1-r1.ebuild 1911 RMD160 ca240a11de0013b164a05c8e8166f25300f1d7ae SHA1 760c2bd49c23c9d9dc09cb974781a92da1cad3c6 SHA256 470e7dff35410fc6b4ec133933b8f5fc99c730695407cc2cf7792e1745159584 EBUILD insight-6.7.1.ebuild 1856 RMD160 40a9bc6def8a94281e7c43f4ed7ab2862519bafe SHA1 98fa8b7d59be93d6314042fb4750dbef55cf3065 SHA256 fc3b6b2a6289a351a0d783a7e78af09ab89415229235bcac7ddc4072017f7cd4 -MISC ChangeLog 4925 RMD160 a1ab43cf3bbd8b530e3fafa735431b696c52f0cc SHA1 b6c5598c5140c6fd8a614ce846abd480786957a6 SHA256 f52e0545f0823ad23a1f01aa0e1817f4e26cee8c583074b30e825372d1e9125f +MISC ChangeLog 5117 RMD160 76118e8104a949ccd14513d65bd938afec908371 SHA1 5c48c54b5d74306da22f0172c5b7e8fd270230bd SHA256 da5a67e6cdcf71afb7ee496a872c365120700fe72a94b3de6cc34dd621a34bd0 MISC metadata.xml 286 RMD160 12882e7694c3c4e380056119fe840917e8e7b8db SHA1 072f7af8878782a0d06b23a554ad3241daad15b9 SHA256 6c1d998e5098e6d7a2d0df5b9f38fccc23a06b02e8d37a4f03f98b7c70da4fde +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.7 (GNU/Linux) + +iD8DBQFH0r9GmOfEJZHYOKcRAshdAJ9ipKmbS6AG1YKvOkwZFZzJNGUjXACfScxu +IvBGa27JXHigTFBzAT8y+HI= +=Q5lT +-----END PGP SIGNATURE----- diff --git a/dev-util/insight/files/tkImgGIF.patch b/dev-util/insight/files/tkImgGIF.patch new file mode 100644 index 000000000000..e8a81f384f28 --- /dev/null +++ b/dev-util/insight/files/tkImgGIF.patch @@ -0,0 +1,63 @@ +Index: generic/tkImgGIF.c +=================================================================== +RCS file: /cvsroot/tktoolkit/tk/generic/tkImgGIF.c,v +retrieving revision 1.24.2.5 +diff -u -r1.24.2.5 tkImgGIF.c +--- generic/tkImgGIF.c 11 Sep 2007 18:01:45 -0000 1.24.2.5 ++++ generic/tkImgGIF.c 25 Jan 2008 19:23:01 -0000 +@@ -826,6 +826,12 @@ + Tcl_PosixError(interp), (char *) NULL); + return TCL_ERROR; + } ++ ++ if (initialCodeSize > MAX_LWZ_BITS) { ++ Tcl_SetResult(interp, "malformed image", TCL_STATIC); ++ return TCL_ERROR; ++ } ++ + if (transparent != -1) { + cmap[transparent][CM_RED] = 0; + cmap[transparent][CM_GREEN] = 0; +Index: tests/imgPhoto.test +=================================================================== +RCS file: /cvsroot/tktoolkit/tk/tests/imgPhoto.test,v +retrieving revision 1.15.2.5 +diff -u -r1.15.2.5 imgPhoto.test +--- tests/imgPhoto.test 11 Sep 2007 18:01:46 -0000 1.15.2.5 ++++ tests/imgPhoto.test 25 Jan 2008 19:23:01 -0000 +@@ -681,6 +681,35 @@ + image delete $i + } + ++test imgPhoto-14.4 {GIF buffer overflow} -setup { ++ set i [image create photo] ++} -body { ++ # This crashes Tk up to 8.4.17 and 8.5.0 ++ $i configure -data { ++ R0lGODlhCgAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/ ++ AP//AAAA//8A/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ++ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ++ AAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBmAABmMwBmZgBm ++ mQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/ ++ AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz ++ mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPM ++ ADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYA ++ mWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZ ++ AGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/ ++ mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lm ++ AJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM ++ mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wz ++ AMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZ ++ mcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8A ++ AP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9m ++ mf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/Mmf/MzP/M//// ++ AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAKAAoAABUSAAD/HEiwoMGD ++ CBMqXMiwYcKAADs= ++ } ++} -cleanup { ++ image delete $i ++} -returnCodes error -result {malformed image} ++ + test imgPhoto-15.1 {photo images can fail to allocate memory gracefully} \ + {nonPortable} { + # This is not portable to very large machines with more around diff --git a/dev-util/insight/insight-6.7.1-r1.ebuild b/dev-util/insight/insight-6.7.1-r1.ebuild new file mode 100644 index 000000000000..21628e1b77e4 --- /dev/null +++ b/dev-util/insight/insight-6.7.1-r1.ebuild @@ -0,0 +1,76 @@ +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/dev-util/insight/insight-6.7.1-r1.ebuild,v 1.1 2008/03/08 16:30:51 tester Exp $ + +inherit eutils flag-o-matic + +export CTARGET=${CTARGET:-${CHOST}} +if [[ ${CTARGET} == ${CHOST} ]] ; then + if [[ ${CATEGORY/cross-} != ${CATEGORY} ]] ; then + export CTARGET=${CATEGORY/cross-} + fi +fi + +DESCRIPTION="A graphical interface to the GNU debugger" +HOMEPAGE="http://sourceware.org/insight/" +SRC_URI="ftp://sources.redhat.com/pub/${PN}/releases/${P}.tar.bz2" + +LICENSE="GPL-2 LGPL-2" +[[ ${CTARGET} != ${CHOST} ]] \ + && SLOT="${CTARGET}" \ + || SLOT="0" +KEYWORDS="~alpha ~amd64 ~ppc ~sparc ~x86" +IUSE="nls" + +RDEPEND="sys-libs/ncurses + x11-libs/libX11" +DEPEND="${RDEPEND} + nls? ( sys-devel/gettext )" + +src_unpack() { + unpack ${A} + cd "${S}" + epatch "${FILESDIR}"/${PN}-6.6-DESTDIR.patch + epatch "${FILESDIR}"/${PN}-6.6-burn-paths.patch + + cd "${S}/tk" + epatch "${FILESDIR}"/tkImgGIF.patch +} + +src_compile() { + append-flags -fno-strict-aliasing # tcl code sucks + strip-linguas -u bfd/po opcodes/po + econf \ + --disable-werror \ + $(use_enable nls) \ + --enable-gdbtk \ + --disable-tui \ + --datadir=/usr/share/${PN} \ + || die + emake || die +} + +src_install() { + # the tcl-related subdirs are not parallel safe + emake -j1 DESTDIR="${D}" install || die + + # Don't install docs when building a cross-insight + if [[ ${CTARGET} == ${CHOST} ]] ; then + dodoc gdb/gdbtk/{README,TODO} + fi + + # the gui tcl code does not consider any of the configure + # options given it ... instead, it requires the path to + # be /usr/share/redhat/... + mv "${D}"/usr/share/${PN}/redhat "${D}"/usr/share/ || die + + # scrub all the cruft we dont want + local x + cd "${D}"/usr/bin + for x in * ; do + [[ ${x} != *insight ]] && rm -f ${x} + done + cd "${D}" + rm -rf usr/{include,man,share/{info,locale,man}} + rm -rf usr/lib* +} |