add security patch , mark x86

4 files changed, 117 insertions, 13 deletions

diff --git a/x11-libs/gtk+/ChangeLog b/x11-libs/gtk+/ChangeLog
index 43e8cd7706e9..07bed2041995 100644
--- a/x11-libs/gtk+/ChangeLog
+++ b/x11-libs/gtk+/ChangeLog
@@ -1,6 +1,9 @@
 # ChangeLog for x11-libs/gtk+
 # Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/x11-libs/gtk+/ChangeLog,v 1.118 2004/08/30 21:42:19 tgall Exp $
+# $Header: /var/cvsroot/gentoo-x86/x11-libs/gtk+/ChangeLog,v 1.119 2004/09/19 21:48:03 foser Exp $
+
+  19 Sep 2004; foser <foser@gentoo.org> gtk+-2.4.9.ebuild, gtk+-2.4.9-ico_xpm_secure.patch :
+  Add security fix for the ico & xpm loaders (#64230)
 
   30 Aug 2004; Tom Gall <tgall@gentoo.org> gtk+-2.4.4.ebuild:
   only stable version of gtk+-2.4.3 for ppc64 was removed,
diff --git a/x11-libs/gtk+/Manifest b/x11-libs/gtk+/Manifest
index 30ff2c21251d..579dd43497d9 100644
--- a/x11-libs/gtk+/Manifest
+++ b/x11-libs/gtk+/Manifest
@@ -1,20 +1,21 @@
-MD5 b9c146ddbb79bab4d6c5b082c19fd323 ChangeLog 18320
-MD5 745da6d8feb5c80670d33a3c43400bf5 gtk+-1.2.10-r10.ebuild 1719
 MD5 264f07045948900c7457af906640d922 gtk+-1.2.10-r11.ebuild 1792
-MD5 6880289256085cb8cb69a597d8098333 gtk+-2.4.1.ebuild 2238
-MD5 c71782090e919ffa2ab2f172c079887b gtk+-2.4.4.ebuild 2989
 MD5 4b173bf958771b902f94c9bf0702ad7f gtk+-2.4.7.ebuild 3037
-MD5 ae56a7aa77f278f2ed2eaf5cff5496bd gtk+-2.4.9.ebuild 3040
+MD5 745da6d8feb5c80670d33a3c43400bf5 gtk+-1.2.10-r10.ebuild 1719
+MD5 c987445a3c9acd3ca2cfe27bee4faf9b gtk+-2.4.9.ebuild 3113
+MD5 c71782090e919ffa2ab2f172c079887b gtk+-2.4.4.ebuild 2989
+MD5 6880289256085cb8cb69a597d8098333 gtk+-2.4.1.ebuild 2238
+MD5 d6f418dee566b7daef1e46557f2cebe2 ChangeLog 18468
 MD5 03ad2e6c4ab41244af1015a8bbb0b39f metadata.xml 158
-MD5 621a7db3e7e6856c66eec5caeea1e88e files/digest-gtk+-1.2.10-r10 138
-MD5 621a7db3e7e6856c66eec5caeea1e88e files/digest-gtk+-1.2.10-r11 138
 MD5 18620b7ba0f3cf18b663d7e314669aa7 files/digest-gtk+-2.4.1 64
 MD5 1010233f6bd82db56f1e6efa4cb7327a files/digest-gtk+-2.4.4 133
 MD5 3cbd11bc85612e3d8111ed4d030f27dd files/digest-gtk+-2.4.7 133
 MD5 28fa6c231f22418b560385c58a179543 files/digest-gtk+-2.4.9 133
+MD5 621a7db3e7e6856c66eec5caeea1e88e files/digest-gtk+-1.2.10-r10 138
+MD5 621a7db3e7e6856c66eec5caeea1e88e files/digest-gtk+-1.2.10-r11 138
+MD5 36d00cf3b4035e6cb9873ade9ed1a9ce files/gtkrc 627
 MD5 5e3ff7fa761495300d3f30c9207c13f8 files/gtk+-1.2-locale_fix.patch 419
-MD5 69a6335566f344b004a5db02b68008ed files/gtk+-2.0.6-exportsymbols.patch 558
-MD5 d94ff41d82a8f0c56dd68a2fa71ef2fc files/gtk+-2.2.1-disable_icons_smooth_alpha.patch 1383
 MD5 df6efc98861d335b1a09eab5c6011620 files/gtk+-2.4-smoothscroll.patch 29006
+MD5 69a6335566f344b004a5db02b68008ed files/gtk+-2.0.6-exportsymbols.patch 558
 MD5 c036eedc28ac4fb298c20ef606d53935 files/gtk+-2.4.1-define_sensible_icon_theme.patch 582
-MD5 36d00cf3b4035e6cb9873ade9ed1a9ce files/gtkrc 627
+MD5 d94ff41d82a8f0c56dd68a2fa71ef2fc files/gtk+-2.2.1-disable_icons_smooth_alpha.patch 1383
+MD5 06d8be5421935ac9ed4da45830bb68bc files/gtk+-2.4.9-xpm_ico_secure.patch 3291
diff --git a/x11-libs/gtk+/files/gtk+-2.4.9-xpm_ico_secure.patch b/x11-libs/gtk+/files/gtk+-2.4.9-xpm_ico_secure.patch
new file mode 100644
index 000000000000..7cf696a443f6
--- /dev/null
+++ b/x11-libs/gtk+/files/gtk+-2.4.9-xpm_ico_secure.patch
@@ -0,0 +1,97 @@
+--- gtk+/gdk-pixbuf/io-ico.c	7 Jan 2004 00:26:58 -0000	1.34
++++ gtk+/gdk-pixbuf/io-ico.c	15 Sep 2004 14:32:13 -0000	1.34.2.1
+@@ -323,6 +323,14 @@ static void DecodeHeader(guchar *Data, g
+ 	
+ 	State->HeaderSize+=I;
+ 	
++	if (State->HeaderSize < 0) {
++		g_set_error (error,
++			     GDK_PIXBUF_ERROR,
++			     GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
++			     _("Invalid header in icon"));
++		return;
++	}
++
+  	if (State->HeaderSize>State->BytesInHeaderBuf) {
+ 	        guchar *tmp=g_try_realloc(State->HeaderBuf,State->HeaderSize);
+ 		if (!tmp) {
+Index: gdk-pixbuf/io-xpm.c
+===================================================================
+RCS file: /cvs/gnome/gtk+/gdk-pixbuf/io-xpm.c,v
+retrieving revision 1.42
+retrieving revision 1.42.2.1
+diff -u -p -r1.42 -r1.42.2.1
+--- gtk+/gdk-pixbuf/io-xpm.c	8 Mar 2003 20:48:58 -0000	1.42
++++ gtk+/gdk-pixbuf/io-xpm.c	15 Sep 2004 14:32:13 -0000	1.42.2.1
+@@ -1079,7 +1079,7 @@ xpm_extract_color (const gchar *buffer)
+ 	gint key = 0;
+ 	gint current_key = 1;
+ 	gint space = 128;
+-	gchar word[128], color[128], current_color[128];
++	gchar word[129], color[129], current_color[129];
+ 	gchar *r; 
+ 	
+ 	word[0] = '\0';
+@@ -1121,8 +1121,8 @@ xpm_extract_color (const gchar *buffer)
+ 				return NULL;
+ 			/* accumulate color name */
+ 			if (color[0] != '\0') {
+-				strcat (color, " ");
+-				space--;
++				strncat (color, " ", space);
++				space -= MIN (space, 1);
+ 			}
+ 			strncat (color, word, space);
+ 			space -= MIN (space, strlen (word));
+@@ -1246,27 +1246,43 @@ pixbuf_create_from_xpm (const gchar * (*
+ 		return NULL;
+ 
+ 	}
+-	if (n_col <= 0) {
++	if (cpp <= 0 || cpp >= 32) {
+                 g_set_error (error,
+                              GDK_PIXBUF_ERROR,
+                              GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
+-                             _("XPM file has invalid number of colors"));
++                             _("XPM has invalid number of chars per pixel"));
+ 		return NULL;
+-
+ 	}
+-	if (cpp <= 0 || cpp >= 32) {
++	if (n_col <= 0 || n_col >= G_MAXINT / (cpp + 1)) {
+                 g_set_error (error,
+                              GDK_PIXBUF_ERROR,
+                              GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
+-                             _("XPM has invalid number of chars per pixel"));
++                             _("XPM file has invalid number of colors"));
+ 		return NULL;
+ 	}
+ 
+ 	/* The hash is used for fast lookups of color from chars */
+ 	color_hash = g_hash_table_new (g_str_hash, g_str_equal);
+ 
+-	name_buf = g_new (gchar, n_col * (cpp + 1));
+-	colors = g_new (XPMColor, n_col);
++	name_buf = g_try_malloc (n_col * (cpp + 1));
++	if (!name_buf) {
++		g_set_error (error,
++			     GDK_PIXBUF_ERROR,
++                             GDK_PIXBUF_ERROR_INSUFFICIENT_MEMORY,
++                             _("Can't allocate memory for loading XPM image"));
++		g_hash_table_destroy (color_hash);
++		return NULL;
++	}
++	colors = (XPMColor *) g_try_malloc (sizeof (XPMColor) * n_col);
++	if (!colors) {
++		g_set_error (error,
++			     GDK_PIXBUF_ERROR,
++                             GDK_PIXBUF_ERROR_INSUFFICIENT_MEMORY,
++                             _("Can't allocate memory for loading XPM image"));
++		g_hash_table_destroy (color_hash);
++		g_free (name_buf);
++		return NULL;
++	}
+ 
+ 	for (cnt = 0; cnt < n_col; cnt++) {
+ 		gchar *color_name;
+
diff --git a/x11-libs/gtk+/gtk+-2.4.9.ebuild b/x11-libs/gtk+/gtk+-2.4.9.ebuild
index 773de4cae700..ab7d9d6b5c7a 100644
--- a/x11-libs/gtk+/gtk+-2.4.9.ebuild
+++ b/x11-libs/gtk+/gtk+-2.4.9.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/x11-libs/gtk+/gtk+-2.4.9.ebuild,v 1.2 2004/08/29 13:00:37 foser Exp $
+# $Header: /var/cvsroot/gentoo-x86/x11-libs/gtk+/gtk+-2.4.9.ebuild,v 1.3 2004/09/19 21:48:03 foser Exp $
 
 inherit libtool flag-o-matic eutils
 
@@ -11,7 +11,7 @@ SRC_URI="ftp://ftp.gtk.org/pub/gtk/v2.4/${P}.tar.bz2
 
 LICENSE="LGPL-2"
 SLOT="2"
-KEYWORDS="~x86 ~ppc ~sparc ~mips ~alpha ~arm ~hppa ~amd64 ~ia64 ~ppc64"
+KEYWORDS="x86 ~ppc ~sparc ~mips ~alpha ~arm ~hppa ~amd64 ~ia64 ~ppc64"
 IUSE="doc tiff jpeg"
 
 RDEPEND="virtual/x11
@@ -33,6 +33,9 @@ src_unpack() {
 	unpack ${A}
 
 	cd ${S}
+	# security fixes (#64230)
+	epatch ${FILESDIR}/${P}-xpm_ico_secure.patch
+
 	# Turn of --export-symbols-regex for now, since it removes
 	# the wrong symbols
 	epatch ${FILESDIR}/gtk+-2.0.6-exportsymbols.patch