media-gfx/gimp: Integrate patch for security issue CVE-2011-2896 (bug #379289)

Package-Manager: portage-2.1.10.11/cvs/Linux x86_64
author: Sebastian Pipping <sping@gentoo.org> 2011-09-03 19:26:31 +0000
committer: Sebastian Pipping <sping@gentoo.org> 2011-09-03 19:26:31 +0000
commit: 673881bbe1e216f7c6885fd664982300f5c6d82e (patch)
tree: bae2eb4bee8a31d4f37cd9131ea3631990e6bfff /media-gfx
parent: Fix l10n collision with the non-recompiled-yet libreoffice. (diff)
download: historical-673881bbe1e216f7c6885fd664982300f5c6d82e.tar.gz
historical-673881bbe1e216f7c6885fd664982300f5c6d82e.tar.bz2
historical-673881bbe1e216f7c6885fd664982300f5c6d82e.zip
4 files changed, 213 insertions, 5 deletions
diff --git a/media-gfx/gimp/ChangeLog b/media-gfx/gimp/ChangeLog
index cae92ddee6db..30331644f60c 100644
--- a/media-gfx/gimp/ChangeLog
+++ b/media-gfx/gimp/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for media-gfx/gimp
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-gfx/gimp/ChangeLog,v 1.336 2011/09/02 21:03:50 sping Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-gfx/gimp/ChangeLog,v 1.337 2011/09/03 19:26:31 sping Exp $
+
+*gimp-2.6.11-r5 (03 Sep 2011)
+
+  03 Sep 2011; Sebastian Pipping <sping@gentoo.org> +gimp-2.6.11-r5.ebuild,
+  +files/gimp-2.6.11-cve-2011-2896.patch:
+  Integrate patch for security issue CVE-2011-2896 (bug #379289)
 
   02 Sep 2011; Sebastian Pipping <sping@gentoo.org> metadata.xml:
   Add myself as a backup maintainer
diff --git a/media-gfx/gimp/Manifest b/media-gfx/gimp/Manifest
index 3b17143dc3be..d052ff5bfa28 100644
--- a/media-gfx/gimp/Manifest
+++ b/media-gfx/gimp/Manifest
@@ -1,6 +1,7 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
+AUX gimp-2.6.11-cve-2011-2896.patch 1818 RMD160 4cc01a8197a31f3793897150e190ea097135efe7 SHA1 fc510e48d6a0e4840b7d98d93d0d4350add167ca SHA256 6613af30b70afb984a89dc8fa75ca6ba3271471d7fd62de23a1a9fda2fd5ec89
 AUX gimp-2.6.11-file-uri.patch 2209 RMD160 17cd5c7b454e7f64f7ed50cec4d9fe160ce7f2fc SHA1 77b3f6f50934a70f2ac938cfa0a1876ee72c2d14 SHA256 cb9da632417fcc866c047104cfbe25b5b9964fa5e65e333c042fdf23c19e692f
 AUX gimp-2.7.3-glib-2.29.patch 478 RMD160 24895c62b2ad03247a8bc47d79cd55059188b283 SHA1 c4b8719c7904f4b1349e40ca1e409367a9f5997a SHA256 76a2bac5fbcaacbef592e6c137e12b72320f38224c3c9a717b82f6c34404bbdc
 AUX gimp-CVE-2010-4540-to-4543.diff 5678 RMD160 0947a979ae64b2520967a6e8c3493aa37e425c3d SHA1 9b9cae60c775d4312552434373618c6cb9188e3e SHA256 b1fb9d83959cfc8e7a1ebf5d8812454686d618463010bbc0e802a1476e58305f
@@ -13,15 +14,16 @@ EBUILD gimp-2.6.11-r1.ebuild 3248 RMD160 324ff1505eeed9d839cc9695df3289dff0e5bf6
 EBUILD gimp-2.6.11-r2.ebuild 3259 RMD160 0f869b84f27b578b0c50da27545afc724ec236fc SHA1 4159ab5be4c896576ab9ca18d5b68b544665d23a SHA256 437a9aeff3e6c03814f0ce2912b8037e2005876aee294be79804a7765aa29180
 EBUILD gimp-2.6.11-r3.ebuild 3442 RMD160 6c00cf7623c95dd96c2ff7ff4dbc20b85f0626ee SHA1 78a5a60ff16cbe6b60db16c141ad5c330247ab68 SHA256 8ef54a8f1812a0f951c621c1adfc556629c65cd151411679bb197a9202a3c406
 EBUILD gimp-2.6.11-r4.ebuild 3599 RMD160 716dc59bece8d051abbff3342792967c3bbad8c8 SHA1 b084de1d1852f47b47538c436a1e821fd83396d6 SHA256 a2092b38bc668c4d642957d141139e8a020361d2ae1f4405b89c741abbde7fb5
+EBUILD gimp-2.6.11-r5.ebuild 3732 RMD160 4b1d9a83cb3511bff59e911be80c1db51b643e2f SHA1 6f15eca4c188d940970bf83318ee5a75f4c70475 SHA256 8dd0dc5968ca94da3bcd85f3485eea0b084694a96a232f76c8a1e9ca72563e81
 EBUILD gimp-2.7.3-r1.ebuild 3390 RMD160 9b078def828d702fee05f0be342d3fee26774746 SHA1 6461bdf711374d5f8e2dd50b2e6387984b668d56 SHA256 244d4182eed991e506bfec846cf71ef089a699cd91d1787472f8907e68aa3ca5
 EBUILD gimp-2.7.3.ebuild 3230 RMD160 6b38a0a065ec8425f8a4f148091d9592654df883 SHA1 ac744bc74f5f667dde7f81b51c2119e417bf2f8c SHA256 7158983e329c36765e33024aef0559640ea49a9f1e6bcca25508129d7663a2e4
 EBUILD gimp-9999.ebuild 3443 RMD160 b8468c1dd4625ab3267f66af056eac8a89596c53 SHA1 010d83b218f0ae999a81e683ea0e4ededf0fed00 SHA256 464b8c58ff4a11584d3eda30aa2c18be662e94a0cd7edac9532fc7b6e56cca4d
-MISC ChangeLog 46102 RMD160 002e231d96e4d7af24952d2c670d6429d8e62b6a SHA1 3f333da26c8625db66ec97f8233da13a232b0a35 SHA256 8612d4ce9d9557b4f6c80a442c39f102d6a33e4d6db80f308be10013d8c1c89a
+MISC ChangeLog 46317 RMD160 3a6258649eeb9796598e0647c07c22d5b195996d SHA1 ae623cfcd5a0746348924e0b27e82da18ee64b0e SHA256 c63665e763dc87c8d9b31027da6b76aea900eba64aa575f9d44b6b21c6e9ada0
 MISC metadata.xml 472 RMD160 547b7867106120c129e2e7e70bd4e846c03d70ba SHA1 0da3893d8a4fba77cd2a926b55b658ce6b2e1487 SHA256 cf7b040b367f5356b4dd0986e4b13af385a11110931612464c27b174cf558128
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.18 (GNU/Linux)
 
-iEYEARECAAYFAk5hRLwACgkQsAvGakAaFgAI0QCeKpeOAsCJaJq9MREmSof/dBL6
-e0AAoNQuZ26v0qeJVkDuwFFeb9QkrUkC
-=xtj5
+iEYEARECAAYFAk5if2QACgkQsAvGakAaFgAJ5ACgkGlClr8VBlPeMUF1+jrPyxgd
+Tz4AoNA4ku9MumDhTvWeIIdsnI+/YNue
+=Un6R
 -----END PGP SIGNATURE-----
diff --git a/media-gfx/gimp/files/gimp-2.6.11-cve-2011-2896.patch b/media-gfx/gimp/files/gimp-2.6.11-cve-2011-2896.patch
new file mode 100644
index 000000000000..735d771750d6
--- /dev/null
+++ b/media-gfx/gimp/files/gimp-2.6.11-cve-2011-2896.patch
@@ -0,0 +1,61 @@
+From 376ad788c1a1c31d40f18494889c383f6909ebfc Mon Sep 17 00:00:00 2001
+From: Nils Philippsen <nils@redhat.com>
+Date: Thu, 04 Aug 2011 10:51:42 +0000
+Subject: file-gif-load: fix heap corruption and buffer overflow (CVE-2011-2896)
+
+---
+(limited to 'plug-ins/common/file-gif-load.c')
+
+diff --git a/plug-ins/common/file-gif-load.c b/plug-ins/common/file-gif-load.c
+index 81f3bd0..c91e7aa 100644
+--- a/plug-ins/common/file-gif-load.c
++++ b/plug-ins/common/file-gif-load.c
+@@ -713,7 +713,8 @@ LZWReadByte (FILE *fd,
+   static gint firstcode, oldcode;
+   static gint clear_code, end_code;
+   static gint table[2][(1 << MAX_LZW_BITS)];
+-  static gint stack[(1 << (MAX_LZW_BITS)) * 2], *sp;
++#define STACK_SIZE ((1 << (MAX_LZW_BITS)) * 2)
++  static gint stack[STACK_SIZE], *sp;
+   gint        i;
+ 
+   if (just_reset_LZW)
+@@ -788,7 +789,7 @@ LZWReadByte (FILE *fd,
+ 
+           return firstcode & 255;
+         }
+-      else if (code == end_code)
++      else if (code == end_code || code > max_code)
+         {
+           gint   count;
+           guchar buf[260];
+@@ -807,13 +808,14 @@ LZWReadByte (FILE *fd,
+ 
+       incode = code;
+ 
+-      if (code >= max_code)
++      if (code == max_code)
+         {
+-          *sp++ = firstcode;
++          if (sp < &(stack[STACK_SIZE]))
++            *sp++ = firstcode;
+           code = oldcode;
+         }
+ 
+-      while (code >= clear_code)
++      while (code >= clear_code && sp < &(stack[STACK_SIZE]))
+         {
+           *sp++ = table[1][code];
+           if (code == table[0][code])
+@@ -824,7 +826,8 @@ LZWReadByte (FILE *fd,
+           code = table[0][code];
+         }
+ 
+-      *sp++ = firstcode = table[1][code];
++      if (sp < &(stack[STACK_SIZE]))
++        *sp++ = firstcode = table[1][code];
+ 
+       if ((code = max_code) < (1 << MAX_LZW_BITS))
+         {
+--
+cgit v0.9.0.2
diff --git a/media-gfx/gimp/gimp-2.6.11-r5.ebuild b/media-gfx/gimp/gimp-2.6.11-r5.ebuild
new file mode 100644
index 000000000000..58849f03b06b
--- /dev/null
+++ b/media-gfx/gimp/gimp-2.6.11-r5.ebuild
@@ -0,0 +1,139 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/media-gfx/gimp/gimp-2.6.11-r5.ebuild,v 1.1 2011/09/03 19:26:31 sping Exp $
+
+EAPI="3"
+PYTHON_DEPEND="python? 2:2.5"
+
+inherit eutils gnome2 fdo-mime multilib python
+
+DESCRIPTION="GNU Image Manipulation Program"
+HOMEPAGE="http://www.gimp.org/"
+SRC_URI="mirror://gimp/v2.6/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="2"
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+
+IUSE="alsa aalib altivec curl dbus debug doc exif gnome jpeg lcms mmx mng pdf png python smp sse svg tiff webkit wmf"
+
+RDEPEND=">=dev-libs/glib-2.18.1:2
+	>=x11-libs/gtk+-2.12.5:2
+	>=x11-libs/pango-1.18.0
+	x11-libs/libXpm
+	>=media-libs/freetype-2.1.7
+	>=media-libs/fontconfig-2.2.0
+	sys-libs/zlib
+	dev-libs/libxml2
+	dev-libs/libxslt
+	x11-misc/xdg-utils
+	x11-themes/hicolor-icon-theme
+	>=media-libs/gegl-0.0.22
+	aalib? ( media-libs/aalib )
+	alsa? ( media-libs/alsa-lib )
+	curl? ( net-misc/curl )
+	dbus? ( dev-libs/dbus-glib )
+	gnome? ( gnome-base/gvfs )
+	webkit? ( net-libs/webkit-gtk:2 )
+	jpeg? ( virtual/jpeg:0 )
+	exif? ( >=media-libs/libexif-0.6.15 )
+	lcms? ( =media-libs/lcms-1* )
+	mng? ( media-libs/libmng )
+	pdf? ( >=app-text/poppler-0.12.3-r3[cairo] )
+	png? ( >=media-libs/libpng-1.2.2:0 )
+	python?	( >=dev-python/pygtk-2.10.4:2 )
+	tiff? ( >=media-libs/tiff-3.5.7 )
+	svg? ( >=gnome-base/librsvg-2.8.0:2 )
+	wmf? ( >=media-libs/libwmf-0.2.8 )"
+DEPEND="${RDEPEND}
+	>=dev-util/pkgconfig-0.12.0
+	>=dev-util/intltool-0.40
+	>=sys-devel/gettext-0.17
+	doc? ( >=dev-util/gtk-doc-1 )"
+
+DOCS="AUTHORS ChangeLog* HACKING NEWS README*"
+
+pkg_setup() {
+	G2CONF="--enable-default-binary \
+		--with-x \
+		$(use_with aalib aa) \
+		$(use_with alsa) \
+		$(use_enable altivec) \
+		$(use_with curl libcurl) \
+		$(use_with dbus) \
+		--without-hal \
+		$(use_with gnome gvfs) \
+		--without-gnomevfs \
+		$(use_with webkit) \
+		$(use_with jpeg libjpeg) \
+		$(use_with exif libexif) \
+		$(use_with lcms) \
+		$(use_enable mmx) \
+		$(use_with mng libmng) \
+		$(use_with pdf poppler) \
+		$(use_with png libpng) \
+		$(use_enable python) \
+		$(use_enable smp mp) \
+		$(use_enable sse) \
+		$(use_with svg librsvg) \
+		$(use_with tiff libtiff) \
+		$(use_with wmf)"
+
+	if use python; then
+		python_set_active_version 2
+		python_pkg_setup
+	fi
+}
+
+src_prepare() {
+	# security fixes from upstream, see
+	# https://bugzilla.gnome.org/show_bug.cgi?id=639203
+	epatch "${FILESDIR}"/gimp-CVE-2010-4540-to-4543.diff
+
+	# security fix from upstream, see
+	# https://bugs.gentoo.org/show_bug.cgi?id=379289
+	epatch "${FILESDIR}"/${P}-cve-2011-2896.patch
+
+	# fixes for libpng 1.5 (incomplete), see
+	# https://bugzilla.gnome.org/show_bug.cgi?id=640409
+	epatch "${FILESDIR}"/gimp-libpng15-v2.diff
+
+	# don't use empty, removed header
+	# https://bugs.gentoo.org/show_bug.cgi?id=377075
+	epatch "${FILESDIR}"/gimp-curl-headers.diff
+
+	# apply file-uri patch by upstream
+	# https://bugs.gentoo.org/show_bug.cgi?id=372941
+	# https://bugzilla.gnome.org/show_bug.cgi?id=653980#c6
+	epatch "${FILESDIR}"/${P}-file-uri.patch
+
+	echo '#!/bin/sh' > py-compile
+	gnome2_src_prepare
+}
+
+src_install() {
+	gnome2_src_install
+
+	if use python; then
+		python_convert_shebangs -r $(python_get_version) "${ED}"
+		python_need_rebuild
+	fi
+
+	# Workaround for bug #321111 to give GIMP the least
+	# precedence on PDF documents by default
+	mv "${D}"/usr/share/applications/{,zzz-}gimp.desktop || die
+}
+
+pkg_postinst() {
+	gnome2_pkg_postinst
+
+	use python && python_mod_optimize /usr/$(get_libdir)/gimp/2.0/python \
+		/usr/$(get_libdir)/gimp/2.0/plug-ins
+}
+
+pkg_postrm() {
+	gnome2_pkg_postrm
+
+	use python && python_mod_cleanup /usr/$(get_libdir)/gimp/2.0/python \
+		/usr/$(get_libdir)/gimp/2.0/plug-ins
+}
author	Sebastian Pipping <sping@gentoo.org>	2011-09-03 19:26:31 +0000
committer	Sebastian Pipping <sping@gentoo.org>	2011-09-03 19:26:31 +0000
commit	673881bbe1e216f7c6885fd664982300f5c6d82e (patch)
tree	bae2eb4bee8a31d4f37cd9131ea3631990e6bfff /media-gfx
parent	Fix l10n collision with the non-recompiled-yet libreoffice. (diff)
download	historical-673881bbe1e216f7c6885fd664982300f5c6d82e.tar.gz historical-673881bbe1e216f7c6885fd664982300f5c6d82e.tar.bz2 historical-673881bbe1e216f7c6885fd664982300f5c6d82e.zip