diff options
| author | V3n3RiX <venerix@redcorelinux.org> | 2018-01-03 19:17:21 +0000 |
|---|---|---|
| committer | V3n3RiX <venerix@redcorelinux.org> | 2018-01-03 19:17:21 +0000 |
| commit | 81e4fbcb846ed1cabdad699c0029b166dd7273b7 (patch) | |
| tree | 16f1236b7a386949c02a6e3c13d0fcd8298fa133 /media-gfx/gimp | |
| parent | a70f42c65202d88c203c40910fef8f96f333d1ee (diff) | |
gentoo resync : 03.01.2018
Diffstat (limited to 'media-gfx/gimp')
| -rw-r--r-- | media-gfx/gimp/Manifest | 10 | ||||
| -rw-r--r-- | media-gfx/gimp/files/gimp-2.8.22-cve-2017-17784.patch | 32 | ||||
| -rw-r--r-- | media-gfx/gimp/files/gimp-2.8.22-cve-2017-17785.patch | 161 | ||||
| -rw-r--r-- | media-gfx/gimp/files/gimp-2.8.22-cve-2017-17786-1.patch | 53 | ||||
| -rw-r--r-- | media-gfx/gimp/files/gimp-2.8.22-cve-2017-17786-2.patch | 31 | ||||
| -rw-r--r-- | media-gfx/gimp/files/gimp-2.8.22-cve-2017-17787.patch | 33 | ||||
| -rw-r--r-- | media-gfx/gimp/files/gimp-2.8.22-cve-2017-17788.patch | 29 | ||||
| -rw-r--r-- | media-gfx/gimp/files/gimp-2.8.22-cve-2017-17789.patch | 38 | ||||
| -rw-r--r-- | media-gfx/gimp/files/gimp-2.9.8-cve-2017-17784.patch | 30 | ||||
| -rw-r--r-- | media-gfx/gimp/gimp-2.8.22-r1.ebuild | 176 | ||||
| -rw-r--r-- | media-gfx/gimp/gimp-2.9.8-r1.ebuild | 205 |
11 files changed, 798 insertions, 0 deletions
diff --git a/media-gfx/gimp/Manifest b/media-gfx/gimp/Manifest index ad1860e4f456..3bf58427294b 100644 --- a/media-gfx/gimp/Manifest +++ b/media-gfx/gimp/Manifest @@ -1,12 +1,22 @@ AUX gimp-2.7.4-no-deprecation.patch 1061 BLAKE2B c34baed7be101547994f23a818d81b855c5b0058d5acce7bb185801083a07874a1a2c6fcc41a79502077cb03c3532d9cfba88212592449b747957b0c08eff205 SHA512 3454f3b1a7579b1da4c36b765ae2a54adab13f0a4ecf02c4c0c3c55a12ff7af57d6d0467f663d2ef3de6cda116095f5f662a29cb3d729e0533edd585731a1dc9 AUX gimp-2.8.10-clang.patch 7670 BLAKE2B 923573fe329c9b8268ec220b2a0441ae765085c088a1524c5e323cc9615cfec4b8a57b2195e441ea9f43dd609f51f2de60512833652e822b466188787ffe41ec SHA512 772ee0837a214f3ef70e823662fe12e57ee8fd5f800c6508e757b86169b86a5cbd86695870993a66d3726c019d24f79616831bed8baabce3e1d247ecbfe204fc AUX gimp-2.8.14-blend-center.patch 999 BLAKE2B 5324cf539a3ef54356f943d3a4cff7ed6abd0aecc5fa7af54193c5cdea0b4c3ca2073696dd1253ad49a451f6a87a50476a48b8bb6c6820e1b90338f3dd7efb0b SHA512 1d3cbe9d1b02e2d10ba982265f7d89f593aa6973f76d529dd909f36efe1c9d968360ec208943f66c00f6589f5c679368099e0db579ddb3655c15cb6ce8bdf930 +AUX gimp-2.8.22-cve-2017-17784.patch 1124 BLAKE2B 8358642d77aca1509942023384254295be74567e68147ca81a854c527ace4ab383ab5ae3dfff9a6e956e10da48db18faa1c84c71c780dff03e4fd84ec2feb180 SHA512 8feab75b01c8d5d57bf869f64ca377f8cfb239079fba97f66bf34f341d9d15f9a8e403b1fe04d27bdbb39151f99a208aa5236c8dd0b6afeac45400a29efa0da7 +AUX gimp-2.8.22-cve-2017-17785.patch 4747 BLAKE2B 45ccd40aca7b5d2603280c27275cee66cc7167c5f1a01c3025c21d70e3ae5f15b962ac3850d57aefd37b66ff76d2a86a7403ab72ae3927ca7763dc1b48bcd8d5 SHA512 51794739489a5e8babbc13c426dc34172caeab07cc8a64b5a8f19a4b88b736e3c9801cc4dadf6848b1e49031d2f1c7a336403a470a26a9ad8cad0a485a8342bd +AUX gimp-2.8.22-cve-2017-17786-1.patch 2003 BLAKE2B b235625ab65426052b4a4d46923cbb5b2c67f95d03be9830e82b87c0d590f94f0c3a38aa3a447f7278498c3456e878eeaade44719e23360ecaf6971ce5a77738 SHA512 d4887c49cf73c8f0238c338137ac94854524daea8535e206e34a9dfdb63dbc9ec91839d01085c484c995b26882215b652f4f7e23aa614f29272b5a18c8afc019 +AUX gimp-2.8.22-cve-2017-17786-2.patch 1253 BLAKE2B a862581d48a990e3c4b8d185f4cf57d867b4171d27bb224dcf515c219fc181c0329870f98d7d09b9978c0332c485734172aa8cf933496c8b0cfb74be91bf9f1a SHA512 24d02cff72ec684aafd2cc6006955f283e6d5e102c37be0b426cade34219022a8225b367643ce3cfd786425fe53005e7db6a595ba507c7eacf402eebe2b44fa0 +AUX gimp-2.8.22-cve-2017-17787.patch 1058 BLAKE2B baeffda42385b552709781a772ef5947682a6b3c8ea01d97e32dca63fdb5ddeeea85550c4116196d16e63381cffa4ba03873490936da2cb501ee8d50367c0cbd SHA512 438376075d0a46809fd5f12f3d364b914c989ca512739b69da0f609100525da8dbc525ce57c144b5388eec525fd2d7b5c8098e63ddb70c68c186dee9b2ce7b83 +AUX gimp-2.8.22-cve-2017-17788.patch 1012 BLAKE2B 90bc17b66dd40426073a2581c20e68551b1c80378e055704d36ad56cc0a2b7448c847b847aacded6b8033ee86b3bb42e679845a46c65c1ea2d3af8c90aeb53f8 SHA512 82231c53664535c66d70b4e129b24afa31a50d465968f1012e20420ee71842435acf7d43de78cdac81602d80b89a927c03f9d60159c89c41d4b88e6851ed8acc +AUX gimp-2.8.22-cve-2017-17789.patch 1245 BLAKE2B 14d519b8b024e51b452806b4acb6f00231e535ba3502875e8e90350e62c2cd0ff634ab1b38f16bb098670dd1e9d21c88aa64e19c3f81600acc7ea448e8f22b90 SHA512 f2f4aff0f0478356513a1f6da0732c5d0986ef1deb7b8e68bd283b7259887cf9a4d4785f00e48f03892cc86aa715b9764302640b2b891ab16617ef595ab779b8 AUX gimp-2.9.6-underlinking.patch 653 BLAKE2B eee76b9aeff7da49c102b44899df7e3a5dd8e62b8d135c5400ac5c5c114524834070e8f5c97076022fec3b68098433f8433c82dddf0c41803c41cce3d9b3d552 SHA512 3ed27297af495828d9394d7bdd067d416733ae7a3665784ee37b19273d002a585fcb22f30ec6db93164b0f0c7220af6020984820da4c78a356b2ae71fb9e61c3 +AUX gimp-2.9.8-cve-2017-17784.patch 1087 BLAKE2B 2398e735ccd7b0a5cc393f297b60d4a51038aeb146779268f78fb2f0a24ef912468510de2a0f640c5f905fe9959581686f55bccc022633b6f2a3a93ab3f12848 SHA512 5bc928860b2f2b53cc72c9c3caf6a532cf7e61b02e0716ee99a5166a07b01bdd46edfeae7bf6e333ce14ca11b5fcb963cbd42005e02f914d909431bf201dc6d5 DIST gimp-2.8.22.tar.bz2 20873278 BLAKE2B 673246fd2354f1cecc74bf389df698f594b7553cc88a1d2679ae410ad39923abae843dfe9623ec195b4f967b5eccd199769a6300bf028ae04b8df4932df11505 SHA512 84a78d428282538b606b3cd1ff571e52c3d828fceade171b2012bc1cdcb85919fc7734e7e6c45ed3a8683657fa580412b32c1b511b8a512172a8c1df930493e6 DIST gimp-2.9.6.tar.bz2 25472593 BLAKE2B 2f860f2ad085024b5bc7fc14a9db57d63b5c5f8b714239ef4b65d21c04d61ddff2233ea5d0fd0110655005ca31f60a25feaace38d34ceb7c8ed6d3e255fe7738 SHA512 c874daedb00fbfa4156f0e244b217e221b047cb3bd22a81fb190a5d9d774212dc7802ec215151c6dc87136148bf9f84ca23a0a6340681a53c39b5fa71b2ded89 DIST gimp-2.9.8.tar.bz2 26161474 BLAKE2B f00a58d33848a818a2cb3b74920b33156330a26423a2b567cd8372258f87b44ae1ad812f2b3ee9a093b919d022e8b71ef518d40b76ab94c616f9916b3d1effec SHA512 897092aa823961e6ed5dac47eaadd3a25c419364d6ca791987d99e495d0d4eba1d75e08c809dfa305e8feec9da606193b608e3470e0ef18fcfaa98ee8aedfe02 +EBUILD gimp-2.8.22-r1.ebuild 5207 BLAKE2B 6a023d3beaeee22a66f49e4d5d56d63472ac3f45997787c5458edc36658add3719e442d0e4f2ae16b3c07b7c77fa04e244a07b4b458879bd034f8241793254dc SHA512 f7085aa8760438d03b08dbf42c409ce0f8ea1e3690b7d5158c4c7b6b8ae35e492b92b65007c819b253d86b4a71655ac995410bb53a170cfe026878c951a5752c EBUILD gimp-2.8.22.ebuild 4760 BLAKE2B 99f573094528e2c4b4424c9f4867db83c16910fb1d2c8a9b27c15a797330c06596c1a2b4fb7487ea2feac80c9b873060d70919c69024b944e883772d4e2f763f SHA512 4911218b41c0b0f21af7fb8e0b31f2958d41dce51f8764bd92f8c4604a54b7e79528c819b5c464186af7c3f9890a5afc77d6ac85caaa47820d8010481c23a3e4 EBUILD gimp-2.9.6.ebuild 5334 BLAKE2B 814390cfa05d733a4a79efdd4e93f92dca9c2ad37024681221aa9f2b8df791789a22108b5ad34757f4186ee275a6d0c0fe301bf7b50c7808fe650fe5da5767d3 SHA512 bb8602bffe9a22b3ddd24ffcc6d08cb0dcf9f8f64052b77f0d948521c60a06ad87fbf0bdc4c0000d146e19d300fc2e76cf01e425b5a63ad15c9b20cb8c0ae960 +EBUILD gimp-2.9.8-r1.ebuild 5787 BLAKE2B 98e530afd8152b5ca02b36cfb4de7dfaa8155e922946dfb4873912bb393dd249c31918674fb9c45538a6b4305ddafcde5b8cc2e90f65a83498b3f905ed02956e SHA512 0d89258666c4c370038d714679ddde5fccfb403b58fbed794c0a7f0928d5e93e3e671f6daec31888100743424d311585d0f29c09a1c9915b6284d5d2c0986244 EBUILD gimp-2.9.8.ebuild 5297 BLAKE2B 9db3e9ccbc2fcd4f5e01b176483152e8164085f0ea866a71ddd7de50896cb55df92bb4282c78050bd891a4e2442ef2f4567be8b18ef88130e19a340880f2a7d2 SHA512 8924f968092c523b92926b652e021c7b21e0345bd25a44d6a390d09b4d234cb33556f0d19313f60e64d19f703014438f42268fa58ed4147af5d3758f92d9e0ea EBUILD gimp-9999.ebuild 5399 BLAKE2B 21f8e5d29e2d23ddda03b6eefb25fe96689d9e48a0412270b5020f20fe1fb2e26b43a3e00930843364387a41f429b64c3c954ec6dfca640dcb7ac7b1bee635d9 SHA512 a1990254a48dc25e0f47591f500b6605bbbe8abc3d2558a7a72d078ac28698f71f95b0ba4eac28131ea2d3e064d4c64f8741693dc37d5bef517c101092e43616 MISC metadata.xml 388 BLAKE2B 2e779c672c788e3631b0532be9a6081767215bf9687cb2546c92d3c6f4a00d8e8f6e32cca607019847200ed416336f752cfbfaf43b2f600b4bea63eb985e63d5 SHA512 e3a626ac39cea422d1b4660731048d764c4b6f1985e09577865f0047ecbc61c8677d6f15626dbbc03ceb3cb18887ba58747df5d91f5f4b2126afb9ad12eaccb0 diff --git a/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17784.patch b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17784.patch new file mode 100644 index 000000000000..c7df330409f8 --- /dev/null +++ b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17784.patch @@ -0,0 +1,32 @@ +From c57f9dcf1934a9ab0cd67650f2dea18cb0902270 Mon Sep 17 00:00:00 2001 +From: Jehan <jehan@girinstud.io> +Date: Thu, 21 Dec 2017 12:25:32 +0100 +Subject: Bug 790784 - (CVE-2017-17784) heap overread in gbr parser / + load_image. + +We were assuming the input name was well formed, hence was +nul-terminated. As any data coming from external input, this has to be +thorougly checked. +Similar to commit 06d24a79af94837d615d0024916bb95a01bf3c59 but adapted +to older gimp-2-8 code. +--- + plug-ins/common/file-gbr.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/plug-ins/common/file-gbr.c b/plug-ins/common/file-gbr.c +index b028100..d3f01d9 100644 +--- a/plug-ins/common/file-gbr.c ++++ b/plug-ins/common/file-gbr.c +@@ -443,7 +443,8 @@ load_image (const gchar *filename, + { + gchar *temp = g_new (gchar, bn_size); + +- if ((read (fd, temp, bn_size)) < bn_size) ++ if ((read (fd, temp, bn_size)) < bn_size || ++ temp[bn_size - 1] != '\0') + { + g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, + _("Error in GIMP brush file '%s'"), +-- +cgit v0.12 + diff --git a/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17785.patch b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17785.patch new file mode 100644 index 000000000000..1f77d36ec6ca --- /dev/null +++ b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17785.patch @@ -0,0 +1,161 @@ +From 1882bac996a20ab5c15c42b0c5e8f49033a1af54 Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann <tobias@stoeckmann.org> +Date: Sun, 29 Oct 2017 15:19:41 +0100 +Subject: Bug 739133 - (CVE-2017-17785) Heap overflow while parsing FLI files. + +It is possible to trigger a heap overflow while parsing FLI files. The +RLE decoder is vulnerable to out of boundary writes due to lack of +boundary checks. + +The variable "framebuf" points to a memory area which was allocated +with fli_header->width * fli_header->height bytes. The RLE decoder +therefore must never write beyond that limit. + +If an illegal frame is detected, the parser won't stop, which means +that the next valid sequence is properly parsed again. This should +allow GIMP to parse FLI files as good as possible even if they are +broken by an attacker or by accident. + +While at it, I changed the variable xc to be of type size_t, because +the multiplication of width and height could overflow a 16 bit type. + +Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> +(cherry picked from commit edb251a7ef1602d20a5afcbf23f24afb163de63b) +--- + plug-ins/file-fli/fli.c | 50 ++++++++++++++++++++++++++++++++++--------------- + 1 file changed, 35 insertions(+), 15 deletions(-) + +diff --git a/plug-ins/file-fli/fli.c b/plug-ins/file-fli/fli.c +index 313efeb..ffb651e 100644 +--- a/plug-ins/file-fli/fli.c ++++ b/plug-ins/file-fli/fli.c +@@ -25,6 +25,8 @@ + + #include "config.h" + ++#include <glib/gstdio.h> ++ + #include <string.h> + #include <stdio.h> + +@@ -461,23 +463,27 @@ void fli_read_brun(FILE *f, s_fli_header *fli_header, unsigned char *framebuf) + unsigned short yc; + unsigned char *pos; + for (yc=0; yc < fli_header->height; yc++) { +- unsigned short xc, pc, pcnt; ++ unsigned short pc, pcnt; ++ size_t n, xc; + pc=fli_read_char(f); + xc=0; + pos=framebuf+(fli_header->width * yc); ++ n=(size_t)fli_header->width * (fli_header->height-yc); + for (pcnt=pc; pcnt>0; pcnt--) { + unsigned short ps; + ps=fli_read_char(f); + if (ps & 0x80) { + unsigned short len; +- for (len=-(signed char)ps; len>0; len--) { ++ for (len=-(signed char)ps; len>0 && xc<n; len--) { + pos[xc++]=fli_read_char(f); + } + } else { + unsigned char val; ++ size_t len; ++ len=MIN(n-xc,ps); + val=fli_read_char(f); +- memset(&(pos[xc]), val, ps); +- xc+=ps; ++ memset(&(pos[xc]), val, len); ++ xc+=len; + } + } + } +@@ -564,25 +570,34 @@ void fli_read_lc(FILE *f, s_fli_header *fli_header, unsigned char *old_framebuf, + memcpy(framebuf, old_framebuf, fli_header->width * fli_header->height); + firstline = fli_read_short(f); + numline = fli_read_short(f); ++ if (numline > fli_header->height || fli_header->height-numline < firstline) ++ return; ++ + for (yc=0; yc < numline; yc++) { +- unsigned short xc, pc, pcnt; ++ unsigned short pc, pcnt; ++ size_t n, xc; + pc=fli_read_char(f); + xc=0; + pos=framebuf+(fli_header->width * (firstline+yc)); ++ n=(size_t)fli_header->width * (fli_header->height-firstline-yc); + for (pcnt=pc; pcnt>0; pcnt--) { + unsigned short ps,skip; + skip=fli_read_char(f); + ps=fli_read_char(f); +- xc+=skip; ++ xc+=MIN(n-xc,skip); + if (ps & 0x80) { + unsigned char val; ++ size_t len; + ps=-(signed char)ps; + val=fli_read_char(f); +- memset(&(pos[xc]), val, ps); +- xc+=ps; ++ len=MIN(n-xc,ps); ++ memset(&(pos[xc]), val, len); ++ xc+=len; + } else { +- fread(&(pos[xc]), ps, 1, f); +- xc+=ps; ++ size_t len; ++ len=MIN(n-xc,ps); ++ fread(&(pos[xc]), len, 1, f); ++ xc+=len; + } + } + } +@@ -689,7 +704,8 @@ void fli_read_lc_2(FILE *f, s_fli_header *fli_header, unsigned char *old_framebu + yc=0; + numline = fli_read_short(f); + for (lc=0; lc < numline; lc++) { +- unsigned short xc, pc, pcnt, lpf, lpn; ++ unsigned short pc, pcnt, lpf, lpn; ++ size_t n, xc; + pc=fli_read_short(f); + lpf=0; lpn=0; + while (pc & 0x8000) { +@@ -700,26 +716,30 @@ void fli_read_lc_2(FILE *f, s_fli_header *fli_header, unsigned char *old_framebu + } + pc=fli_read_short(f); + } ++ yc=MIN(yc, fli_header->height); + xc=0; + pos=framebuf+(fli_header->width * yc); ++ n=(size_t)fli_header->width * (fli_header->height-yc); + for (pcnt=pc; pcnt>0; pcnt--) { + unsigned short ps,skip; + skip=fli_read_char(f); + ps=fli_read_char(f); +- xc+=skip; ++ xc+=MIN(n-xc,skip); + if (ps & 0x80) { + unsigned char v1,v2; + ps=-(signed char)ps; + v1=fli_read_char(f); + v2=fli_read_char(f); +- while (ps>0) { ++ while (ps>0 && xc+1<n) { + pos[xc++]=v1; + pos[xc++]=v2; + ps--; + } + } else { +- fread(&(pos[xc]), ps, 2, f); +- xc+=ps << 1; ++ size_t len; ++ len=MIN((n-xc)/2,ps); ++ fread(&(pos[xc]), len, 2, f); ++ xc+=len << 1; + } + } + if (lpf) pos[xc]=lpn; +-- +cgit v0.12 + diff --git a/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17786-1.patch b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17786-1.patch new file mode 100644 index 000000000000..4047f7cb3c9f --- /dev/null +++ b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17786-1.patch @@ -0,0 +1,53 @@ +From ef9c821fff8b637a2178eab1c78cae6764c50e12 Mon Sep 17 00:00:00 2001 +From: Jehan <jehan@girinstud.io> +Date: Wed, 20 Dec 2017 13:02:38 +0100 +Subject: Bug 739134 - (CVE-2017-17786) Out of bounds read / heap overflow + in... +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +... TGA importer. + +Be more thorough on valid TGA RGB and RGBA images. +In particular current TGA plug-in can import RGBA as 32 bits (8 bits per +channel) and 16 bits (5 bits per color channel and 1 bit for alpha), and +RGB as 15 and 24 bits. +Maybe there exist more variants, but if they do exist, we simply don't +support them yet. + +Thanks to Hanno Böck for the report and a first patch attempt. + +(cherry picked from commit 674b62ad45b6579ec6d7923dc3cb1ef4e8b5498b) +--- + plug-ins/common/file-tga.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/plug-ins/common/file-tga.c b/plug-ins/common/file-tga.c +index aef9870..426acc2 100644 +--- a/plug-ins/common/file-tga.c ++++ b/plug-ins/common/file-tga.c +@@ -564,12 +564,16 @@ load_image (const gchar *filename, + } + break; + case TGA_TYPE_COLOR: +- if (info.bpp != 15 && info.bpp != 16 && +- info.bpp != 24 && info.bpp != 32) ++ if ((info.bpp != 15 && info.bpp != 16 && ++ info.bpp != 24 && info.bpp != 32) || ++ ((info.bpp == 15 || info.bpp == 24) && ++ info.alphaBits != 0) || ++ (info.bpp == 16 && info.alphaBits != 1) || ++ (info.bpp == 32 && info.alphaBits != 8)) + { +- g_message ("Unhandled sub-format in '%s' (type = %u, bpp = %u)", ++ g_message ("Unhandled sub-format in '%s' (type = %u, bpp = %u, alpha = %u)", + gimp_filename_to_utf8 (filename), +- info.imageType, info.bpp); ++ info.imageType, info.bpp, info.alphaBits); + return -1; + } + break; +-- +cgit v0.12 + diff --git a/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17786-2.patch b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17786-2.patch new file mode 100644 index 000000000000..7177dd3c1f11 --- /dev/null +++ b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17786-2.patch @@ -0,0 +1,31 @@ +From 22e2571c25425f225abdb11a566cc281fca6f366 Mon Sep 17 00:00:00 2001 +From: Jehan <jehan@girinstud.io> +Date: Wed, 20 Dec 2017 13:26:26 +0100 +Subject: plug-ins: TGA 16-bit RGB (without alpha bit) is also valid. + +According to some spec on the web, 16-bit RGB is also valid. In this +case, the last bit is simply ignored (at least that's how it is +implemented right now). + +(cherry picked from commit 8ea316667c8a3296bce2832b3986b58d0fdfc077) +--- + plug-ins/common/file-tga.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/plug-ins/common/file-tga.c b/plug-ins/common/file-tga.c +index 426acc2..eb14a1d 100644 +--- a/plug-ins/common/file-tga.c ++++ b/plug-ins/common/file-tga.c +@@ -568,7 +568,8 @@ load_image (const gchar *filename, + info.bpp != 24 && info.bpp != 32) || + ((info.bpp == 15 || info.bpp == 24) && + info.alphaBits != 0) || +- (info.bpp == 16 && info.alphaBits != 1) || ++ (info.bpp == 16 && info.alphaBits != 1 && ++ info.alphaBits != 0) || + (info.bpp == 32 && info.alphaBits != 8)) + { + g_message ("Unhandled sub-format in '%s' (type = %u, bpp = %u, alpha = %u)", +-- +cgit v0.12 + diff --git a/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17787.patch b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17787.patch new file mode 100644 index 000000000000..654726388ea6 --- /dev/null +++ b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17787.patch @@ -0,0 +1,33 @@ +From 87ba505fff85989af795f4ab6a047713f4d9381d Mon Sep 17 00:00:00 2001 +From: Jehan <jehan@girinstud.io> +Date: Thu, 21 Dec 2017 12:49:41 +0100 +Subject: Bug 790853 - (CVE-2017-17787) heap overread in psp importer. + +As any external data, we have to check that strings being read at fixed +length are properly nul-terminated. + +(cherry picked from commit eb2980683e6472aff35a3117587c4f814515c74d) +--- + plug-ins/common/file-psp.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c +index 4cbafe3..e350e4d 100644 +--- a/plug-ins/common/file-psp.c ++++ b/plug-ins/common/file-psp.c +@@ -890,6 +890,12 @@ read_creator_block (FILE *f, + g_free (string); + return -1; + } ++ if (string[length - 1] != '\0') ++ { ++ g_message ("Creator keyword data not nul-terminated"); ++ g_free (string); ++ return -1; ++ } + switch (keyword) + { + case PSP_CRTR_FLD_TITLE: +-- +cgit v0.12 + diff --git a/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17788.patch b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17788.patch new file mode 100644 index 000000000000..2bf16b85e607 --- /dev/null +++ b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17788.patch @@ -0,0 +1,29 @@ +From: Hanno Boeck <hanno@hboeck.de> +Date: Mon, 27 Nov 2017 00:37:29 +0100 +Subject: 790783 - buffer overread in XCF parser if version field... +Origin: https://git.gnome.org/browse/GIMP/commit/?id=702c4227e8b6169f781e4bb5ae4b5733f51ab126 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17788 +Bug-Debian: https://bugs.debian.org/885347 +Bug: https://bugzilla.gnome.org/show_bug.cgi?id=790783 + +...has no null terminator + +Check for the presence of '\0' before using atoi() on the version +string. Patch slightly modified (mitch). +[carnil: backport to gimp-2-8: affected code in xcf_load_invoker] +--- + app/xcf/xcf.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/app/xcf/xcf.c ++++ b/app/xcf/xcf.c +@@ -318,7 +318,8 @@ xcf_load_invoker (GimpProcedure *pr + { + info.file_version = 0; + } +- else if (id[9] == 'v') ++ else if (id[9] == 'v' && ++ id[13] == '\0') + { + info.file_version = atoi (id + 10); + } diff --git a/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17789.patch b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17789.patch new file mode 100644 index 000000000000..3d63694f6790 --- /dev/null +++ b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17789.patch @@ -0,0 +1,38 @@ +From 01898f10f87a094665a7fdcf7153990f4e511d3f Mon Sep 17 00:00:00 2001 +From: Jehan <jehan@girinstud.io> +Date: Wed, 20 Dec 2017 16:44:20 +0100 +Subject: Bug 790849 - (CVE-2017-17789) CVE-2017-17789 Heap buffer overflow... + +... in PSP importer. +Check if declared block length is valid (i.e. within the actual file) +before going further. +Consider the file as broken otherwise and fail loading it. + +(cherry picked from commit 28e95fbeb5720e6005a088fa811f5bf3c1af48b8) +--- + plug-ins/common/file-psp.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c +index ac0fff7..4cbafe3 100644 +--- a/plug-ins/common/file-psp.c ++++ b/plug-ins/common/file-psp.c +@@ -1771,6 +1771,15 @@ load_image (const gchar *filename, + { + block_start = ftell (f); + ++ if (block_start + block_total_len > st.st_size) ++ { ++ g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, ++ _("Could not open '%s' for reading: %s"), ++ gimp_filename_to_utf8 (filename), ++ _("invalid block size")); ++ goto error; ++ } ++ + if (id == PSP_IMAGE_BLOCK) + { + if (block_number != 0) +-- +cgit v0.12 + diff --git a/media-gfx/gimp/files/gimp-2.9.8-cve-2017-17784.patch b/media-gfx/gimp/files/gimp-2.9.8-cve-2017-17784.patch new file mode 100644 index 000000000000..e46703d3d3d4 --- /dev/null +++ b/media-gfx/gimp/files/gimp-2.9.8-cve-2017-17784.patch @@ -0,0 +1,30 @@ +From 06d24a79af94837d615d0024916bb95a01bf3c59 Mon Sep 17 00:00:00 2001 +From: Jehan <jehan@girinstud.io> +Date: Thu, 21 Dec 2017 12:15:34 +0100 +Subject: Bug 790784 - (CVE-2017-17784) heap overread in gbr parser / + load_image. + +We were assuming the input name was well formed, hence was +nul-terminated. As any data coming from external input, this has to be +thorougly checked. +--- + plug-ins/common/file-gbr.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/plug-ins/common/file-gbr.c b/plug-ins/common/file-gbr.c +index b8933e7..585e74a 100644 +--- a/plug-ins/common/file-gbr.c ++++ b/plug-ins/common/file-gbr.c +@@ -456,7 +456,8 @@ load_image (GFile *file, + + if (! g_input_stream_read_all (input, temp, size, + &bytes_read, NULL, error) || +- bytes_read != size) ++ bytes_read != size || ++ temp[size - 1] != '\0') + { + g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, + _("Error in GIMP brush file '%s'"), +-- +cgit v0.12 + diff --git a/media-gfx/gimp/gimp-2.8.22-r1.ebuild b/media-gfx/gimp/gimp-2.8.22-r1.ebuild new file mode 100644 index 000000000000..afa66f120198 --- /dev/null +++ b/media-gfx/gimp/gimp-2.8.22-r1.ebuild @@ -0,0 +1,176 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 +PYTHON_COMPAT=( python2_7 ) + +inherit versionator virtualx autotools eutils gnome2 fdo-mime multilib python-single-r1 + +DESCRIPTION="GNU Image Manipulation Program" +HOMEPAGE="https://www.gimp.org/" +SRC_URI="mirror://gimp/v$(get_version_component_range 1-2)/${P}.tar.bz2" +LICENSE="GPL-3 LGPL-3" +SLOT="2" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~x64-solaris ~x86-solaris" + +LANGS="am ar ast az be bg br ca ca@valencia cs csb da de dz el en_CA en_GB eo es et eu fa fi fr ga gl gu he hi hr hu id is it ja ka kk km kn ko lt lv mk ml ms my nb nds ne nl nn oc pa pl pt pt_BR ro ru rw si sk sl sr sr@latin sv ta te th tr tt uk vi xh yi zh_CN zh_HK zh_TW" +IUSE="alsa aalib altivec aqua bzip2 curl dbus debug doc exif gnome postscript jpeg jpeg2k lcms cpu_flags_x86_mmx mng pdf png python smp cpu_flags_x86_sse svg tiff udev wmf xpm" + +for lang in ${LANGS}; do + IUSE+=" linguas_${lang}" +done + +RDEPEND=">=dev-libs/glib-2.30.2:2 + >=dev-libs/atk-2.2.0 + >=x11-libs/gtk+-2.24.10:2 + >=x11-libs/gdk-pixbuf-2.24.1:2 + >=x11-libs/cairo-1.10.2 + >=x11-libs/pango-1.29.4 + xpm? ( x11-libs/libXpm ) + >=media-libs/freetype-2.1.7 + >=media-libs/fontconfig-2.2.0 + sys-libs/zlib + dev-libs/libxml2 + dev-libs/libxslt + x11-themes/hicolor-icon-theme + >=media-libs/babl-0.1.10 + >=media-libs/gegl-0.2.0:0 + aalib? ( media-libs/aalib ) + alsa? ( media-libs/alsa-lib ) + aqua? ( x11-libs/gtk-mac-integration ) + curl? ( net-misc/curl ) + dbus? ( dev-libs/dbus-glib ) + gnome? ( gnome-base/gvfs ) + jpeg? ( virtual/jpeg:0 ) + jpeg2k? ( media-libs/jasper:= ) + exif? ( >=media-libs/libexif-0.6.15 ) + lcms? ( >=media-libs/lcms-2.2:2 ) + mng? ( media-libs/libmng ) + pdf? ( >=app-text/poppler-0.12.4[cairo] ) + png? ( >=media-libs/libpng-1.2.37:0 ) + python? ( + ${PYTHON_DEPS} + >=dev-python/pygtk-2.10.4:2[${PYTHON_USEDEP}] + ) + tiff? ( >=media-libs/tiff-3.5.7:0 ) + svg? ( >=gnome-base/librsvg-2.36.0:2 ) + wmf? ( >=media-libs/libwmf-0.2.8 ) + x11-libs/libXcursor + sys-libs/zlib + bzip2? ( app-arch/bzip2 ) + postscript? ( app-text/ghostscript-gpl ) + udev? ( virtual/libgudev:= )" +DEPEND="${RDEPEND} + sys-apps/findutils + virtual/pkgconfig + >=dev-util/intltool-0.40.1 + >=sys-devel/gettext-0.19 + doc? ( >=dev-util/gtk-doc-1 ) + >=sys-devel/libtool-2.2 + >=sys-devel/automake-1.11 + dev-util/gtk-doc-am" # due to our call to eautoreconf below (bug #386453) + +DOCS="AUTHORS ChangeLog* HACKING NEWS README*" + +S="${WORKDIR}"/${P} + +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" + +pkg_setup() { + G2CONF="--enable-default-binary \ + --disable-silent-rules \ + $(use_with !aqua x) \ + $(use_with aalib aa) \ + $(use_with alsa) \ + $(use_enable altivec) \ + $(use_with bzip2) \ + $(use_with curl libcurl) \ + $(use_with dbus) \ + $(use_with gnome gvfs) \ + --without-webkit \ + $(use_with jpeg libjpeg) \ + $(use_with jpeg2k libjasper) \ + $(use_with exif libexif) \ + $(use_with lcms lcms lcms2) \ + $(use_with postscript gs) \ + $(use_enable cpu_flags_x86_mmx mmx) \ + $(use_with mng libmng) \ + $(use_with pdf poppler) \ + $(use_with png libpng) \ + $(use_enable python) \ + $(use_enable smp mp) \ + $(use_enable cpu_flags_x86_sse sse) \ + $(use_with svg librsvg) \ + $(use_with tiff libtiff) \ + $(use_with udev gudev) \ + $(use_with wmf) \ + --with-xmc \ + $(use_with xpm libxpm) \ + --without-xvfb-run" + + if use python; then + python-single-r1_pkg_setup + fi +} + +src_prepare() { + epatch "${FILESDIR}"/${P}-cve-2017-17784.patch # bug 641954 + epatch "${FILESDIR}"/${P}-cve-2017-17785.patch # bug 641954 + epatch "${FILESDIR}"/${P}-cve-2017-17786-1.patch # bug 641954 + epatch "${FILESDIR}"/${P}-cve-2017-17786-2.patch # bug 641954 + epatch "${FILESDIR}"/${P}-cve-2017-17787.patch # bug 641954 + epatch "${FILESDIR}"/${P}-cve-2017-17788.patch # bug 641954 + epatch "${FILESDIR}"/${P}-cve-2017-17789.patch # bug 641954 + + epatch "${FILESDIR}"/${PN}-2.8.14-blend-center.patch # bug 558878 + epatch "${FILESDIR}"/${PN}-2.7.4-no-deprecation.patch # bug 395695, comment 9 and 16 + epatch "${FILESDIR}"/${PN}-2.8.10-clang.patch # bug 449370 compile with clang + + sed -i -e 's/== "xquartz"/= "xquartz"/' configure.ac || die #494864 + eautoreconf # If you remove this: remove dev-util/gtk-doc-am from DEPEND, too + + gnome2_src_prepare +} + +_clean_up_locales() { + einfo "Cleaning up locales..." + for lang in ${LANGS}; do + use "linguas_${lang}" && { + einfo "- keeping ${lang}" + continue + } + rm -Rf "${ED}"/usr/share/locale/"${lang}" || die + done +} + +src_test() { + Xemake check +} + +src_install() { + gnome2_src_install + + if use python; then + python_optimize + fi + + # Workaround for bug #321111 to give GIMP the least + # precedence on PDF documents by default + mv "${ED}"/usr/share/applications/{,zzz-}gimp.desktop || die + + prune_libtool_files --all + + # Prevent dead symlink gimp-console.1 from downstream man page compression (bug #433527) + local gimp_app_version=$(get_version_component_range 1-2) + mv "${ED}"/usr/share/man/man1/gimp-console{-${gimp_app_version},}.1 || die + + _clean_up_locales +} + +pkg_postinst() { + gnome2_pkg_postinst +} + +pkg_postrm() { + gnome2_pkg_postrm +} diff --git a/media-gfx/gimp/gimp-2.9.8-r1.ebuild b/media-gfx/gimp/gimp-2.9.8-r1.ebuild new file mode 100644 index 000000000000..76986e47e6ef --- /dev/null +++ b/media-gfx/gimp/gimp-2.9.8-r1.ebuild @@ -0,0 +1,205 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +PYTHON_COMPAT=( python2_7 ) + +inherit versionator virtualx autotools eutils gnome2 multilib python-single-r1 + +DESCRIPTION="GNU Image Manipulation Program" +HOMEPAGE="https://www.gimp.org/" +SRC_URI="mirror://gimp/v$(get_version_component_range 1-2)/${P}.tar.bz2" +LICENSE="GPL-3 LGPL-3" +SLOT="2" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc64 ~x86" + +LANGS="am ar ast az be bg br ca ca@valencia cs csb da de dz el en_CA en_GB eo es et eu fa fi fr ga gl gu he hi hr hu id is it ja ka kk km kn ko lt lv mk ml ms my nb nds ne nl nn oc pa pl pt pt_BR ro ru rw si sk sl sr sr@latin sv ta te th tr tt uk vi xh yi zh_CN zh_HK zh_TW" +IUSE="alsa aalib altivec aqua debug doc openexr gnome postscript jpeg2k cpu_flags_x86_mmx mng pdf python smp cpu_flags_x86_sse udev vector-icons webp wmf xpm" + +for lang in ${LANGS}; do + IUSE+=" linguas_${lang}" +done + +RDEPEND=">=dev-libs/glib-2.40.0:2 + >=dev-libs/atk-2.2.0 + >=x11-libs/gtk+-2.24.10:2 + dev-util/gtk-update-icon-cache + >=x11-libs/gdk-pixbuf-2.31:2 + >=x11-libs/cairo-1.12.2 + >=x11-libs/pango-1.29.4 + xpm? ( x11-libs/libXpm ) + >=media-libs/freetype-2.1.7 + >=media-libs/harfbuzz-0.9.19 + >=media-libs/gexiv2-0.10.6 + >=media-libs/libmypaint-1.3.0[gegl] + >=media-libs/fontconfig-2.2.0 + sys-libs/zlib + dev-libs/libxml2 + dev-libs/libxslt + x11-themes/hicolor-icon-theme + >=media-libs/babl-0.1.38 + >=media-libs/gegl-0.3.24:0.3[cairo] + >=dev-libs/glib-2.43 + aalib? ( media-libs/aalib ) + alsa? ( media-libs/alsa-lib ) + aqua? ( x11-libs/gtk-mac-integration ) + gnome? ( gnome-base/gvfs ) + virtual/jpeg:0 + jpeg2k? ( media-libs/jasper:= ) + >=media-libs/lcms-2.8:2 + mng? ( media-libs/libmng ) + openexr? ( >=media-libs/openexr-1.6.1 ) + pdf? ( >=app-text/poppler-0.44[cairo] >=app-text/poppler-data-0.4.7 ) + >=media-libs/libpng-1.6.25:0 + python? ( + ${PYTHON_DEPS} + >=dev-python/pygtk-2.10.4:2[${PYTHON_USEDEP}] + >=dev-python/pycairo-1.0.2[${PYTHON_USEDEP}] + ) + >=media-libs/tiff-3.5.7:0 + >=gnome-base/librsvg-2.40.6:2 + webp? ( >=media-libs/libwebp-0.6.0 ) + wmf? ( >=media-libs/libwmf-0.2.8 ) + net-libs/glib-networking[ssl] + x11-libs/libXcursor + sys-libs/zlib + app-arch/bzip2 + >=app-arch/xz-utils-5.0.0 + postscript? ( app-text/ghostscript-gpl ) + udev? ( virtual/libgudev:= )" +DEPEND="${RDEPEND} + >=dev-lang/perl-5.10.0 + dev-libs/appstream-glib + sys-apps/findutils + virtual/pkgconfig + >=dev-util/intltool-0.40.1 + >=sys-devel/gettext-0.19 + doc? ( >=dev-util/gtk-doc-1 ) + >=sys-devel/libtool-2.2 + >=sys-devel/automake-1.11 + dev-util/gtk-doc-am" # due to our call to eautoreconf below (bug #386453) + +DOCS="AUTHORS ChangeLog* HACKING NEWS README*" + +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" + +pkg_setup() { + if use python; then + python-single-r1_pkg_setup + fi +} + +src_prepare() { + epatch "${FILESDIR}"/${P}-cve-2017-17784.patch # bug 641954 + epatch "${FILESDIR}"/${PN}-2.8.22-cve-2017-17785.patch # bug 641954 + epatch "${FILESDIR}"/${PN}-2.8.22-cve-2017-17786-1.patch # bug 641954 + epatch "${FILESDIR}"/${PN}-2.8.22-cve-2017-17786-2.patch # bug 641954 + epatch "${FILESDIR}"/${PN}-2.8.22-cve-2017-17787.patch # bug 641954 + # NOTE: CVE-2017-17788 already fixed upstream + epatch "${FILESDIR}"/${PN}-2.8.22-cve-2017-17789.patch # bug 641954 + + eapply_user + + sed -i -e 's/== "xquartz"/= "xquartz"/' configure.ac || die #494864 + sed 's:-DGIMP_DISABLE_DEPRECATED:-DGIMP_protect_DISABLE_DEPRECATED:g' -i configure.ac || die #615144 + eautoreconf # If you remove this: remove dev-util/gtk-doc-am from DEPEND, too + + gnome2_src_prepare + + sed 's:-DGIMP_protect_DISABLE_DEPRECATED:-DGIMP_DISABLE_DEPRECATED:g' -i configure || die #615144 + fgrep -q GIMP_DISABLE_DEPRECATED configure || die #615144, self-test +} + +src_configure() { + local myconf=( + GEGL=${EPREFIX}/usr/bin/gegl-0.3 + GDBUS_CODEGEN=${EPREFIX}/bin/false + + --enable-default-binary + --disable-silent-rules + + $(use_with !aqua x) + $(use_with aalib aa) + $(use_with alsa) + $(use_enable altivec) + --with-appdata-test + --without-webkit + $(use_with jpeg2k libjasper) + $(use_with postscript gs) + $(use_enable cpu_flags_x86_mmx mmx) + $(use_with mng libmng) + $(use_with openexr) + $(use_with webp) + $(use_with pdf poppler) + $(use_enable python) + $(use_enable smp mp) + $(use_enable cpu_flags_x86_sse sse) + $(use_with udev gudev) + $(use_with wmf) + --with-xmc + $(use_with xpm libxpm) + $(use_enable vector-icons) + --without-xvfb-run + ) + + gnome2_src_configure "${myconf[@]}" +} + +src_compile() { + # Bugs #569738 and #591214 + local nv + for nv in /dev/nvidia-uvm /dev/nvidiactl /dev/nvidia{0..9} ; do + # We do not check for existence as they may show up later + # https://bugs.gentoo.org/show_bug.cgi?id=569738#c21 + addwrite "${nv}" + done + addwrite /dev/dri/ # bug #574038 + addwrite /dev/ati/ # bug 589198 + addwrite /proc/mtrr # bug 589198 + + export XDG_DATA_DIRS=${EPREFIX}/usr/share # bug 587004 + gnome2_src_compile +} + +_clean_up_locales() { + einfo "Cleaning up locales..." + for lang in ${LANGS}; do + use "linguas_${lang}" && { + einfo "- keeping ${lang}" + continue + } + rm -Rf "${ED}"/usr/share/locale/"${lang}" || die + done +} + +src_test() { + virtx emake check +} + +src_install() { + gnome2_src_install + + if use python; then + python_optimize + fi + + # Workaround for bug #321111 to give GIMP the least + # precedence on PDF documents by default + mv "${ED}"/usr/share/applications/{,zzz-}gimp.desktop || die + + prune_libtool_files --all + + # Prevent dead symlink gimp-console.1 from downstream man page compression (bug #433527) + local gimp_app_version=$(get_version_component_range 1-2) + mv "${ED}"/usr/share/man/man1/gimp-console{-${gimp_app_version},}.1 || die + + _clean_up_locales +} + +pkg_postinst() { + gnome2_pkg_postinst +} + +pkg_postrm() { + gnome2_pkg_postrm +} |