From 4cab0d27acf07bd052a35ece9f7e572602c7a6d3 Mon Sep 17 00:00:00 2001 From: Jonathan Smith Date: Fri, 7 Apr 2006 17:57:16 +0000 Subject: SECURITY: CVE-2006-1060 and gentoo bug #127008; fixed heap overflow in xzgv (Portage version: 2.1_pre7-r4) --- media-gfx/xzgv/ChangeLog | 11 ++- media-gfx/xzgv/Manifest | 19 ++++- media-gfx/xzgv/files/digest-xzgv-0.8-r1 | 1 - media-gfx/xzgv/files/digest-xzgv-0.8-r2 | 3 + .../xzgv/files/xzgv-0.8-patched-cmyk-ycck-fix.diff | 80 ++++++++++++++++++++++ media-gfx/xzgv/xzgv-0.8-r1.ebuild | 68 ------------------ media-gfx/xzgv/xzgv-0.8-r2.ebuild | 70 +++++++++++++++++++ 7 files changed, 178 insertions(+), 74 deletions(-) delete mode 100644 media-gfx/xzgv/files/digest-xzgv-0.8-r1 create mode 100644 media-gfx/xzgv/files/digest-xzgv-0.8-r2 create mode 100644 media-gfx/xzgv/files/xzgv-0.8-patched-cmyk-ycck-fix.diff delete mode 100644 media-gfx/xzgv/xzgv-0.8-r1.ebuild create mode 100644 media-gfx/xzgv/xzgv-0.8-r2.ebuild (limited to 'media-gfx/xzgv') diff --git a/media-gfx/xzgv/ChangeLog b/media-gfx/xzgv/ChangeLog index dffe39dac618..6ff9c2f93b4a 100644 --- a/media-gfx/xzgv/ChangeLog +++ b/media-gfx/xzgv/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for media-gfx/xzgv -# Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/media-gfx/xzgv/ChangeLog,v 1.22 2005/12/14 04:05:16 spyderous Exp $ +# Copyright 2002-2006 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/media-gfx/xzgv/ChangeLog,v 1.23 2006/04/07 17:57:16 smithj Exp $ + +*xzgv-0.8-r2 (07 Apr 2006) + + 07 Apr 2006; + +files/xzgv-0.8-patched-cmyk-ycck-fix.diff, -xzgv-0.8-r1.ebuild, + +xzgv-0.8-r2.ebuild: + SECURITY: CVE-2006-1060 and gentoo bug #127008; fixed heap overflow in xzgv 14 Dec 2005; Donnie Berkholz ; xzgv-0.8-r1.ebuild: Fix modular X dependencies. GTK+-1 pulls in libX11. diff --git a/media-gfx/xzgv/Manifest b/media-gfx/xzgv/Manifest index e77927972ba8..eafc5076e957 100644 --- a/media-gfx/xzgv/Manifest +++ b/media-gfx/xzgv/Manifest @@ -1,5 +1,18 @@ -MD5 bf371b2ea232f734f06b11ad58923582 ChangeLog 2524 -MD5 df76e36ea08fa4317c30d7879eec9f93 files/digest-xzgv-0.8-r1 60 +MD5 f49195502a80785921edd92ca5611d84 ChangeLog 2756 +RMD160 d6438b2ebfc602bc6a398c7629eeb9e73155781e ChangeLog 2756 +SHA256 7af40423d0784459e33062b1a4e6887d629c7a17f576e2f1f9027d306bd8fbc9 ChangeLog 2756 +MD5 e72199e9175d25ece180121f3031c93c files/digest-xzgv-0.8-r2 226 +RMD160 4dda9ce561816d5413e66004f40a1ec9cb95dedd files/digest-xzgv-0.8-r2 226 +SHA256 e77f7af9469e3de557755540e9587dc45eca766cea116786b0b9163b474ce83b files/digest-xzgv-0.8-r2 226 MD5 9495e82307945c08599a0bd9ffc2f4f6 files/xzgv-0.8-integer-overflow-fix.diff 6374 +RMD160 bd75c87cf6f20e4fa2757afe472111e2253cb640 files/xzgv-0.8-integer-overflow-fix.diff 6374 +SHA256 c8a01e234cc0ce3a0b9f1b99d3781be0eaec65c284dc3752a68cb929a1daf71f files/xzgv-0.8-integer-overflow-fix.diff 6374 +MD5 5bd803c395982c07ce099415b6f51402 files/xzgv-0.8-patched-cmyk-ycck-fix.diff 1844 +RMD160 2e1c4cf43455b9b95c35133b5b4db308fb513340 files/xzgv-0.8-patched-cmyk-ycck-fix.diff 1844 +SHA256 ae8b857d71006d5986d5f72894e637ec0dcf63edd77195cc1c17c7f556d856c2 files/xzgv-0.8-patched-cmyk-ycck-fix.diff 1844 MD5 ba9c20ee3f3568176dc0dd45b3cab35b metadata.xml 218 -MD5 d3e145ee87a83d9c79fdce1ea075a1c3 xzgv-0.8-r1.ebuild 1394 +RMD160 2d49623b0718e8ef5056a06bfc3bc51c65c9f6a3 metadata.xml 218 +SHA256 794091c4d1e23e2f0b2b7a3d7c52ba5b56a15f2599b55b85210aaff6cb54500e metadata.xml 218 +MD5 70311083506b29522dfb0c7cde76cf93 xzgv-0.8-r2.ebuild 1469 +RMD160 b579cc05ae3a5b3309fdd676e8f75c5230eb6b5d xzgv-0.8-r2.ebuild 1469 +SHA256 1cdcf4a6801a2cb1e0f386787c2a197c9d1e77dfe7fbfc008dbb8e3b2b4562ca xzgv-0.8-r2.ebuild 1469 diff --git a/media-gfx/xzgv/files/digest-xzgv-0.8-r1 b/media-gfx/xzgv/files/digest-xzgv-0.8-r1 deleted file mode 100644 index 0840bb8d59ac..000000000000 --- a/media-gfx/xzgv/files/digest-xzgv-0.8-r1 +++ /dev/null @@ -1 +0,0 @@ -MD5 e392277f1447076402df2e3d9e782cb2 xzgv-0.8.tar.gz 302801 diff --git a/media-gfx/xzgv/files/digest-xzgv-0.8-r2 b/media-gfx/xzgv/files/digest-xzgv-0.8-r2 new file mode 100644 index 000000000000..9523647e2c49 --- /dev/null +++ b/media-gfx/xzgv/files/digest-xzgv-0.8-r2 @@ -0,0 +1,3 @@ +MD5 e392277f1447076402df2e3d9e782cb2 xzgv-0.8.tar.gz 302801 +RMD160 e36466a73c27616610fd032b3a92898d95a55a17 xzgv-0.8.tar.gz 302801 +SHA256 4f6247665dfc3e4d376f457379b9e4c77c2a848659ff2b0dd5377c0aa09e5884 xzgv-0.8.tar.gz 302801 diff --git a/media-gfx/xzgv/files/xzgv-0.8-patched-cmyk-ycck-fix.diff b/media-gfx/xzgv/files/xzgv-0.8-patched-cmyk-ycck-fix.diff new file mode 100644 index 000000000000..f5385863b880 --- /dev/null +++ b/media-gfx/xzgv/files/xzgv-0.8-patched-cmyk-ycck-fix.diff @@ -0,0 +1,80 @@ +--- xzgv-0.8-patched/src/readjpeg.c Tue Mar 21 12:16:07 2006 ++++ xzgv/src/readjpeg.c Wed Sep 21 21:15:01 2005 +@@ -179,11 +179,13 @@ + static int have_image; + static int width,height; + static unsigned char *image; ++static int cmyk; + unsigned char *ptr,*ptr2; + int chkw,chkh; + int f,rec; + static int greyscale; /* static to satisfy gcc -Wall */ + ++cmyk=0; + greyscale=0; + + lineptrs=NULL; +@@ -225,6 +227,15 @@ + greyscale=1; + } + ++if(cinfo.jpeg_color_space==JCS_CMYK) ++ cmyk=1; ++ ++if(cinfo.jpeg_color_space==JCS_YCCK) ++ { ++ cmyk=1; ++ cinfo.out_color_space=JCS_CMYK; ++ } ++ + *wp=width=cinfo.image_width; + *hp=height=cinfo.image_height; + +@@ -266,7 +277,7 @@ + /* this one shouldn't hurt */ + cinfo.do_block_smoothing=FALSE; + +-if(WH_BAD(width,height) || (*imagep=image=malloc(width*height*3))==NULL) ++if(WH_BAD(width,height) || (*imagep=image=malloc(width*(height+cmyk)*3))==NULL) + longjmp(jerr.setjmp_buffer,1); + + jpeg_start_decompress(&cinfo); +@@ -279,12 +290,33 @@ + for(f=0;frec?rec:f); ++ rec=cinfo.rec_outbuf_height; ++ while(cinfo.output_scanlinerec?rec:f); ++ } ++ } ++else /* cmyk output */ ++ { ++ int tmp; ++ ++ ptr=image; ++ while(cinfo.output_scanline xzgv.info.gz - rm xzgv.gz - - cd ${S} - - dodoc AUTHORS ChangeLog INSTALL NEWS README* TODO -} diff --git a/media-gfx/xzgv/xzgv-0.8-r2.ebuild b/media-gfx/xzgv/xzgv-0.8-r2.ebuild new file mode 100644 index 000000000000..e0d84c154784 --- /dev/null +++ b/media-gfx/xzgv/xzgv-0.8-r2.ebuild @@ -0,0 +1,70 @@ +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/media-gfx/xzgv/xzgv-0.8-r2.ebuild,v 1.1 2006/04/07 17:57:16 smithj Exp $ + +inherit eutils + +DESCRIPTION="An X image viewer" +HOMEPAGE="http://rus.members.beeb.net/xzgv.html" +SRC_URI="ftp://ftp.ibiblio.org/pub/Linux/apps/graphics/viewers/X/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="alpha amd64 ~hppa ia64 ppc ~ppc64 sparc x86" +IUSE="" + +DEPEND="media-libs/libpng + media-libs/jpeg + media-libs/tiff + sys-libs/zlib + =x11-libs/gtk+-1.2* + >=media-libs/imlib-1.0" + +src_unpack() { + unpack ${A} + + cd ${S} + cp config.mk config.mk.orig + sed -i -e "s:-O2 -Wall:${CFLAGS}:" config.mk + + case "${ARCH}" in + "x86") + ;; + *) + sed -i -e "s/CFLAGS+=-DINTERP_MMX/#&/" config.mk + ;; + esac + + # Fix for bug #74069 + epatch ${FILESDIR}/${P}-integer-overflow-fix.diff + # Fix for bug #127008 + epatch ${FILESDIR}/${P}-patched-cmyk-ycck-fix.diff +} + +src_compile() { + emake || die +} + +src_install() { + dodir /usr/bin /usr/share/info /usr/share/man/man1 + make PREFIX=${D}/usr \ + SHARE_INFIX=/share \ + INFO_DIR_UPDATE=no \ + MANDIR=${D}/usr/share/man/man1 \ + install || die + + # Fix info files + cd ${D}/usr/share/info + for i in 1 2 3 + do + mv xzgv-$i.gz xzgv.info-$i.gz + done + gzip -dc xzgv.gz | \ + sed -e 's:^xzgv-:xzgv\.info-:g' | \ + gzip -9c > xzgv.info.gz + rm xzgv.gz + + cd ${S} + + dodoc AUTHORS ChangeLog INSTALL NEWS README* TODO +} -- cgit v1.2.3-65-gdbad