SECURITY: CVE-2006-1060 and gentoo bug #127008; fixed heap overflow in xzgv

(Portage version: 2.1_pre7-r4)
author: Jonathan Smith <smithj@gentoo.org> 2006-04-07 17:57:16 +0000
committer: Jonathan Smith <smithj@gentoo.org> 2006-04-07 17:57:16 +0000
commit: 4cab0d27acf07bd052a35ece9f7e572602c7a6d3 (patch)
tree: ab8c2dffd936eb9a3a4ea184b43bd1bc939df420 /media-gfx/xzgv
parent: ppc stable, bug #129100 (diff)
download: gentoo-2-4cab0d27acf07bd052a35ece9f7e572602c7a6d3.tar.gz
gentoo-2-4cab0d27acf07bd052a35ece9f7e572602c7a6d3.tar.bz2
gentoo-2-4cab0d27acf07bd052a35ece9f7e572602c7a6d3.zip
6 files changed, 112 insertions, 8 deletions
diff --git a/media-gfx/xzgv/ChangeLog b/media-gfx/xzgv/ChangeLog
index dffe39dac618..6ff9c2f93b4a 100644
--- a/media-gfx/xzgv/ChangeLog
+++ b/media-gfx/xzgv/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for media-gfx/xzgv
-# Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-gfx/xzgv/ChangeLog,v 1.22 2005/12/14 04:05:16 spyderous Exp $
+# Copyright 2002-2006 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/media-gfx/xzgv/ChangeLog,v 1.23 2006/04/07 17:57:16 smithj Exp $
+
+*xzgv-0.8-r2 (07 Apr 2006)
+
+  07 Apr 2006; <smithj@gentoo.org>
+  +files/xzgv-0.8-patched-cmyk-ycck-fix.diff, -xzgv-0.8-r1.ebuild,
+  +xzgv-0.8-r2.ebuild:
+  SECURITY: CVE-2006-1060 and gentoo bug #127008; fixed heap overflow in xzgv
 
   14 Dec 2005; Donnie Berkholz <spyderous@gentoo.org>; xzgv-0.8-r1.ebuild:
   Fix modular X dependencies. GTK+-1 pulls in libX11.
diff --git a/media-gfx/xzgv/Manifest b/media-gfx/xzgv/Manifest
index e77927972ba8..eafc5076e957 100644
--- a/media-gfx/xzgv/Manifest
+++ b/media-gfx/xzgv/Manifest
@@ -1,5 +1,18 @@
-MD5 bf371b2ea232f734f06b11ad58923582 ChangeLog 2524
-MD5 df76e36ea08fa4317c30d7879eec9f93 files/digest-xzgv-0.8-r1 60
+MD5 f49195502a80785921edd92ca5611d84 ChangeLog 2756
+RMD160 d6438b2ebfc602bc6a398c7629eeb9e73155781e ChangeLog 2756
+SHA256 7af40423d0784459e33062b1a4e6887d629c7a17f576e2f1f9027d306bd8fbc9 ChangeLog 2756
+MD5 e72199e9175d25ece180121f3031c93c files/digest-xzgv-0.8-r2 226
+RMD160 4dda9ce561816d5413e66004f40a1ec9cb95dedd files/digest-xzgv-0.8-r2 226
+SHA256 e77f7af9469e3de557755540e9587dc45eca766cea116786b0b9163b474ce83b files/digest-xzgv-0.8-r2 226
 MD5 9495e82307945c08599a0bd9ffc2f4f6 files/xzgv-0.8-integer-overflow-fix.diff 6374
+RMD160 bd75c87cf6f20e4fa2757afe472111e2253cb640 files/xzgv-0.8-integer-overflow-fix.diff 6374
+SHA256 c8a01e234cc0ce3a0b9f1b99d3781be0eaec65c284dc3752a68cb929a1daf71f files/xzgv-0.8-integer-overflow-fix.diff 6374
+MD5 5bd803c395982c07ce099415b6f51402 files/xzgv-0.8-patched-cmyk-ycck-fix.diff 1844
+RMD160 2e1c4cf43455b9b95c35133b5b4db308fb513340 files/xzgv-0.8-patched-cmyk-ycck-fix.diff 1844
+SHA256 ae8b857d71006d5986d5f72894e637ec0dcf63edd77195cc1c17c7f556d856c2 files/xzgv-0.8-patched-cmyk-ycck-fix.diff 1844
 MD5 ba9c20ee3f3568176dc0dd45b3cab35b metadata.xml 218
-MD5 d3e145ee87a83d9c79fdce1ea075a1c3 xzgv-0.8-r1.ebuild 1394
+RMD160 2d49623b0718e8ef5056a06bfc3bc51c65c9f6a3 metadata.xml 218
+SHA256 794091c4d1e23e2f0b2b7a3d7c52ba5b56a15f2599b55b85210aaff6cb54500e metadata.xml 218
+MD5 70311083506b29522dfb0c7cde76cf93 xzgv-0.8-r2.ebuild 1469
+RMD160 b579cc05ae3a5b3309fdd676e8f75c5230eb6b5d xzgv-0.8-r2.ebuild 1469
+SHA256 1cdcf4a6801a2cb1e0f386787c2a197c9d1e77dfe7fbfc008dbb8e3b2b4562ca xzgv-0.8-r2.ebuild 1469
diff --git a/media-gfx/xzgv/files/digest-xzgv-0.8-r1 b/media-gfx/xzgv/files/digest-xzgv-0.8-r1
deleted file mode 100644
index 0840bb8d59ac..000000000000
--- a/media-gfx/xzgv/files/digest-xzgv-0.8-r1
+++ /dev/null
@@ -1 +0,0 @@
-MD5 e392277f1447076402df2e3d9e782cb2 xzgv-0.8.tar.gz 302801
diff --git a/media-gfx/xzgv/files/digest-xzgv-0.8-r2 b/media-gfx/xzgv/files/digest-xzgv-0.8-r2
new file mode 100644
index 000000000000..9523647e2c49
--- /dev/null
+++ b/media-gfx/xzgv/files/digest-xzgv-0.8-r2
@@ -0,0 +1,3 @@
+MD5 e392277f1447076402df2e3d9e782cb2 xzgv-0.8.tar.gz 302801
+RMD160 e36466a73c27616610fd032b3a92898d95a55a17 xzgv-0.8.tar.gz 302801
+SHA256 4f6247665dfc3e4d376f457379b9e4c77c2a848659ff2b0dd5377c0aa09e5884 xzgv-0.8.tar.gz 302801
diff --git a/media-gfx/xzgv/files/xzgv-0.8-patched-cmyk-ycck-fix.diff b/media-gfx/xzgv/files/xzgv-0.8-patched-cmyk-ycck-fix.diff
new file mode 100644
index 000000000000..f5385863b880
--- /dev/null
+++ b/media-gfx/xzgv/files/xzgv-0.8-patched-cmyk-ycck-fix.diff
@@ -0,0 +1,80 @@
+--- xzgv-0.8-patched/src/readjpeg.c	Tue Mar 21 12:16:07 2006
++++ xzgv/src/readjpeg.c	Wed Sep 21 21:15:01 2005
+@@ -179,11 +179,13 @@
+ static int have_image;
+ static int width,height;
+ static unsigned char *image;
++static int cmyk;
+ unsigned char *ptr,*ptr2;
+ int chkw,chkh;
+ int f,rec;
+ static int greyscale;	/* static to satisfy gcc -Wall */
+ 
++cmyk=0;
+ greyscale=0;
+ 
+ lineptrs=NULL;
+@@ -225,6 +227,15 @@
+   greyscale=1;
+   }
+ 
++if(cinfo.jpeg_color_space==JCS_CMYK)
++  cmyk=1;
++
++if(cinfo.jpeg_color_space==JCS_YCCK)
++  {
++  cmyk=1;
++  cinfo.out_color_space=JCS_CMYK;
++  }
++
+ *wp=width=cinfo.image_width;
+ *hp=height=cinfo.image_height;
+ 
+@@ -266,7 +277,7 @@
+ /* this one shouldn't hurt */
+ cinfo.do_block_smoothing=FALSE;
+ 
+-if(WH_BAD(width,height) || (*imagep=image=malloc(width*height*3))==NULL)
++if(WH_BAD(width,height) || (*imagep=image=malloc(width*(height+cmyk)*3))==NULL)
+   longjmp(jerr.setjmp_buffer,1);
+ 
+ jpeg_start_decompress(&cinfo);
+@@ -279,12 +290,33 @@
+ for(f=0;f<height;f++,ptr+=width*3)
+   lineptrs[f]=ptr;
+ 
+-rec=cinfo.rec_outbuf_height;
+-while(cinfo.output_scanline<height)
++if(!cmyk)
+   {
+-  f=height-cinfo.output_scanline;
+-  jpeg_read_scanlines(&cinfo,lineptrs+cinfo.output_scanline,
+-                      f>rec?rec:f);
++  rec=cinfo.rec_outbuf_height;
++  while(cinfo.output_scanline<height)
++    {
++    f=height-cinfo.output_scanline;
++    jpeg_read_scanlines(&cinfo,lineptrs+cinfo.output_scanline,
++                        f>rec?rec:f);
++    }
++  }
++else	/* cmyk output */
++  {
++  int tmp;
++
++  ptr=image;
++  while(cinfo.output_scanline<height)
++    {
++    jpeg_read_scanlines(&cinfo,&ptr,1);
++    ptr2=ptr;
++    for(f=0;f<width;f++,ptr+=3,ptr2+=4)
++      {
++      tmp=ptr2[3];
++      ptr[0]=(tmp*ptr2[0])/255;
++      ptr[1]=(tmp*ptr2[1])/255;
++      ptr[2]=(tmp*ptr2[2])/255;
++      }
++    }
+   }
+ 
+ free(lineptrs);
diff --git a/media-gfx/xzgv/xzgv-0.8-r1.ebuild b/media-gfx/xzgv/xzgv-0.8-r2.ebuild
index 6247ae43b2c3..e0d84c154784 100644
--- a/media-gfx/xzgv/xzgv-0.8-r1.ebuild
+++ b/media-gfx/xzgv/xzgv-0.8-r2.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2005 Gentoo Foundation
+# Copyright 1999-2006 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/media-gfx/xzgv/xzgv-0.8-r1.ebuild,v 1.13 2005/12/14 04:05:16 spyderous Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-gfx/xzgv/xzgv-0.8-r2.ebuild,v 1.1 2006/04/07 17:57:16 smithj Exp $
 
 inherit eutils
 
@@ -37,6 +37,8 @@ src_unpack() {
 
 	# Fix for bug #74069
 	epatch ${FILESDIR}/${P}-integer-overflow-fix.diff
+	# Fix for bug #127008
+	epatch ${FILESDIR}/${P}-patched-cmyk-ycck-fix.diff
 }
 
 src_compile() {
author	Jonathan Smith <smithj@gentoo.org>	2006-04-07 17:57:16 +0000
committer	Jonathan Smith <smithj@gentoo.org>	2006-04-07 17:57:16 +0000
commit	4cab0d27acf07bd052a35ece9f7e572602c7a6d3 (patch)
tree	ab8c2dffd936eb9a3a4ea184b43bd1bc939df420 /media-gfx/xzgv
parent	ppc stable, bug #129100 (diff)
download	gentoo-2-4cab0d27acf07bd052a35ece9f7e572602c7a6d3.tar.gz gentoo-2-4cab0d27acf07bd052a35ece9f7e572602c7a6d3.tar.bz2 gentoo-2-4cab0d27acf07bd052a35ece9f7e572602c7a6d3.zip