Add patch for pngdec bug, CVE-2009-1932, bug #272972

Package-Manager: portage-2.1.6.11/cvs/Linux i686
author: Olivier Crête <tester@gentoo.org> 2009-06-06 21:18:46 +0000
committer: Olivier Crête <tester@gentoo.org> 2009-06-06 21:18:46 +0000
commit: 668f4ae198732db69ce31003feb151c3f3a1a005 (patch)
tree: 1ecc99a7b4ad277fd549e2d48f74ae23d0787d3f
parent: Add warning about .la files removal and fix. (diff)
download: historical-668f4ae198732db69ce31003feb151c3f3a1a005.tar.gz
historical-668f4ae198732db69ce31003feb151c3f3a1a005.tar.bz2
historical-668f4ae198732db69ce31003feb151c3f3a1a005.zip
4 files changed, 153 insertions, 2 deletions
diff --git a/media-libs/gst-plugins-good/ChangeLog b/media-libs/gst-plugins-good/ChangeLog
index ecc4cc255d67..3512daf02513 100644
--- a/media-libs/gst-plugins-good/ChangeLog
+++ b/media-libs/gst-plugins-good/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for media-libs/gst-plugins-good
 # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-libs/gst-plugins-good/ChangeLog,v 1.66 2009/05/23 03:35:45 jer Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-libs/gst-plugins-good/ChangeLog,v 1.67 2009/06/06 21:18:46 tester Exp $
+
+*gst-plugins-good-0.10.14-r1 (06 Jun 2009)
+
+  06 Jun 2009; Olivier Crête <tester@gentoo.org>
+  +files/gst-plugins-good-0.10.15-CVE-2009-1932.patch,
+  +gst-plugins-good-0.10.14-r1.ebuild:
+  Add patch for pngdec bug, CVE-2009-1932, bug #272972
 
   23 May 2009; Jeroen Roovers <jer@gentoo.org>
   gst-plugins-good-0.10.14.ebuild:
diff --git a/media-libs/gst-plugins-good/Manifest b/media-libs/gst-plugins-good/Manifest
index 7054828931d7..fe9b7601abd2 100644
--- a/media-libs/gst-plugins-good/Manifest
+++ b/media-libs/gst-plugins-good/Manifest
@@ -1,6 +1,18 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+AUX gst-plugins-good-0.10.15-CVE-2009-1932.patch 2520 RMD160 7f0290630f1c0cfcee4e0edb8934d8596bd8728b SHA1 0281f3117ab6adbb64b739f585b183f008f02b73 SHA256 cd3e52355e26e784de82c12d888194d490da213eac4baeeee4914fdf78b718d4
 DIST gst-plugins-good-0.10.14.tar.bz2 2228076 RMD160 7832c2087c2a5d6c354f5a931dcc49f24c547ee9 SHA1 49dbcfcbbab9bd6a1e54d9e548184016c20f3aba SHA256 12205d01cb99900ed6f936a09ac31b5849f8a7ff3c9a93e5857a76dc3e30788a
 DIST gst-plugins-good-0.10.8.tar.bz2 1917366 RMD160 00766eafafc000a407dc244ed5b9f33f9eee56f7 SHA1 bcba3aae2893e3d598f9890a5c7bcd0ae366e5c6 SHA256 7723728b5fa771f06078c32e9e315e161b8eebc460d1fb6fcbf4b60df5c057ee
+EBUILD gst-plugins-good-0.10.14-r1.ebuild 1879 RMD160 90ded980326f4e1779c02524ef149f440f519861 SHA1 f321e506a24d5834e37a9f450cfa8a10d411fe1a SHA256 9eafb2fc4c57f5d3c5c69f11d6ed3faf8d6b1809c2d4d9b561a85e03b1eb64c5
 EBUILD gst-plugins-good-0.10.14.ebuild 1787 RMD160 db9a32e961c02edc6ce95bcab6e8a790b9233d67 SHA1 d1080b1f814de53b4eab9d706df8e140879e1c21 SHA256 e98c4b1146e1e7e914ba49f44a669d0e6fdd28480ba81eea2caca1cd8b59b975
 EBUILD gst-plugins-good-0.10.8-r1.ebuild 1787 RMD160 5fe5fdc5ed073643369ee8421bdf3080ab72d4d2 SHA1 649e4280401fa3ca4333e25b4738d78ebdd96ee6 SHA256 bf08e9dcb77e4c5510f081be76435cd7bcfc1a309860e70e0e59de4475f7fca7
-MISC ChangeLog 8775 RMD160 413e0a3ddb8456a840368ae0bc27f9f2c7b66296 SHA1 dff939f8bf1e7b46388389e578c1c665a5fe1991 SHA256 1fefaa9eeb3afea277a90ce7e2daa5623862ddd82e289ef22bcb43643b70ed65
+MISC ChangeLog 9022 RMD160 eb2a781f420c2118f88fc61eb639a6c2f89c85df SHA1 744b9db5429b085fcc6b3e933af3d7d1a3b5f378 SHA256 7376f3545369b69dbeb8e190ff2e623a70038822e7411bb83535489907cdf7c3
 MISC metadata.xml 183 RMD160 1ff3457acfc2fe0f859b9cc5879b3093b2979fe9 SHA1 829dff00498fcdadd7e4f172770790cf601450b2 SHA256 d204aaee1ef1b7f278926aeadf0958d8b6a81affb746a3924a565263a97022fc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.11 (GNU/Linux)
+
+iEYEARECAAYFAkoq3TsACgkQmOfEJZHYOKfYRACgwBBDpLTG0DXPCyMEGWZV9l8H
+9k8AoNaXiyE2/E0zdK1MwsLeSnfe7/jN
+=DKsY
+-----END PGP SIGNATURE-----
diff --git a/media-libs/gst-plugins-good/files/gst-plugins-good-0.10.15-CVE-2009-1932.patch b/media-libs/gst-plugins-good/files/gst-plugins-good-0.10.15-CVE-2009-1932.patch
new file mode 100644
index 000000000000..e07289bc0fd0
--- /dev/null
+++ b/media-libs/gst-plugins-good/files/gst-plugins-good-0.10.15-CVE-2009-1932.patch
@@ -0,0 +1,63 @@
+From d9544bcc44adcef769cbdf7f6453e140058a3adc Mon Sep 17 00:00:00 2001
+From: Jan Schmidt <thaytan@noraisin.net>
+Date: Wed, 27 May 2009 16:06:34 +0000
+Subject: pngdec: Avoid possible overflow in calculations
+
+A malformed (or simply huge) PNG file can lead to integer overflow in
+calculating the size of the output buffer, leading to crashes or buffer
+overflows later. Fixes SA35205 security advisory.
+---
+diff --git a/ext/libpng/gstpngdec.c b/ext/libpng/gstpngdec.c
+index 524b468..dde459d 100644
+--- a/ext/libpng/gstpngdec.c
++++ b/ext/libpng/gstpngdec.c
+@@ -201,7 +201,14 @@ user_info_callback (png_structp png_ptr, png_infop info)
+ 
+   /* Allocate output buffer */
+   pngdec->rowbytes = png_get_rowbytes (pngdec->png, pngdec->info);
+-  buffer_size = pngdec->height * GST_ROUND_UP_4 (pngdec->rowbytes);
++  if (pngdec->rowbytes > (G_MAXUINT32 - 3)
++      || pngdec->height > G_MAXUINT32 / pngdec->rowbytes) {
++    ret = GST_FLOW_ERROR;
++    goto beach;
++  }
++  pngdec->rowbytes = GST_ROUND_UP_4 (pngdec->rowbytes);
++  buffer_size = pngdec->height * pngdec->rowbytes;
++
+   ret =
+       gst_pad_alloc_buffer_and_set_caps (pngdec->srcpad, GST_BUFFER_OFFSET_NONE,
+       buffer_size, GST_PAD_CAPS (pngdec->srcpad), &buffer);
+@@ -228,7 +235,7 @@ user_endrow_callback (png_structp png_ptr, png_bytep new_row,
+   /* If buffer_out doesn't exist, it means buffer_alloc failed, which 
+    * will already have set the return code */
+   if (GST_IS_BUFFER (pngdec->buffer_out)) {
+-    size_t offset = row_num * GST_ROUND_UP_4 (pngdec->rowbytes);
++    size_t offset = row_num * pngdec->rowbytes;
+ 
+     GST_LOG ("got row %u, copying in buffer %p at offset %" G_GSIZE_FORMAT,
+         (guint) row_num, pngdec->buffer_out, offset);
+@@ -496,7 +503,12 @@ gst_pngdec_task (GstPad * pad)
+ 
+   /* Allocate output buffer */
+   rowbytes = png_get_rowbytes (pngdec->png, pngdec->info);
+-  buffer_size = pngdec->height * GST_ROUND_UP_4 (rowbytes);
++  if (rowbytes > (G_MAXUINT32 - 3) || pngdec->height > G_MAXUINT32 / rowbytes) {
++    ret = GST_FLOW_ERROR;
++    goto pause;
++  }
++  rowbytes = GST_ROUND_UP_4 (rowbytes);
++  buffer_size = pngdec->height * rowbytes;
+   ret =
+       gst_pad_alloc_buffer_and_set_caps (pngdec->srcpad, GST_BUFFER_OFFSET_NONE,
+       buffer_size, GST_PAD_CAPS (pngdec->srcpad), &buffer);
+@@ -509,7 +521,7 @@ gst_pngdec_task (GstPad * pad)
+ 
+   for (i = 0; i < pngdec->height; i++) {
+     rows[i] = inp;
+-    inp += GST_ROUND_UP_4 (rowbytes);
++    inp += rowbytes;
+   }
+ 
+   /* Read the actual picture */
+--
+cgit v0.8.2
diff --git a/media-libs/gst-plugins-good/gst-plugins-good-0.10.14-r1.ebuild b/media-libs/gst-plugins-good/gst-plugins-good-0.10.14-r1.ebuild
new file mode 100644
index 000000000000..054d561d2be4
--- /dev/null
+++ b/media-libs/gst-plugins-good/gst-plugins-good-0.10.14-r1.ebuild
@@ -0,0 +1,69 @@
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/media-libs/gst-plugins-good/gst-plugins-good-0.10.14-r1.ebuild,v 1.1 2009/06/06 21:18:46 tester Exp $
+
+# order is important, gnome2 after gst-plugins
+inherit gst-plugins-good gst-plugins10 gnome2 eutils flag-o-matic libtool
+
+DESCRIPTION="Basepack of plugins for gstreamer"
+HOMEPAGE="http://gstreamer.net/"
+SRC_URI="http://gstreamer.freedesktop.org/src/${PN}/${P}.tar.bz2"
+
+LICENSE="LGPL-2.1"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sh ~sparc ~x86 ~x86-fbsd"
+IUSE=""
+
+RDEPEND=">=media-libs/gst-plugins-base-0.10.22
+	 >=media-libs/gstreamer-0.10.22
+	 >=dev-libs/liboil-0.3.14"
+DEPEND="${RDEPEND}
+	>=sys-devel/gettext-0.11.5
+	dev-util/pkgconfig
+	!<media-libs/gst-plugins-bad-0.10.10"
+
+# overrides the eclass
+src_unpack() {
+	unpack ${A}
+
+	cd "${S}"
+	epatch "${FILESDIR}/gst-plugins-good-0.10.15-CVE-2009-1932.patch"
+
+	# Required for FreeBSD sane .so versioning
+	elibtoolize
+}
+
+src_compile() {
+	# gst doesnt handle optimisations well
+	strip-flags
+	replace-flags "-O3" "-O2"
+	filter-flags "-fprefetch-loop-arrays" # see bug 22249
+
+	gst-plugins-good_src_configure \
+		--with-default-audiosink=autoaudiosink \
+		--with-default-visualizer=goom
+
+	emake || die "emake failed."
+}
+
+# override eclass
+src_install() {
+	gnome2_src_install
+}
+
+DOCS="AUTHORS README RELEASE"
+
+pkg_postinst () {
+	gnome2_pkg_postinst
+
+	echo
+	elog "The Gstreamer plugins setup has changed quite a bit on Gentoo,"
+	elog "applications now should provide the basic plugins needed."
+	echo
+	elog "The new seperate plugins are all named 'gst-plugins-<plugin>'."
+	elog "To get a listing of currently available plugins execute 'emerge -s gst-plugins-'."
+	elog "In most cases it shouldn't be needed though to emerge extra plugins."
+}
+
+pkg_postrm() {
+	gnome2_pkg_postrm
+}
author	Olivier Crête <tester@gentoo.org>	2009-06-06 21:18:46 +0000
committer	Olivier Crête <tester@gentoo.org>	2009-06-06 21:18:46 +0000
commit	668f4ae198732db69ce31003feb151c3f3a1a005 (patch)
tree	1ecc99a7b4ad277fd549e2d48f74ae23d0787d3f
parent	Add warning about .la files removal and fix. (diff)
download	historical-668f4ae198732db69ce31003feb151c3f3a1a005.tar.gz historical-668f4ae198732db69ce31003feb151c3f3a1a005.tar.bz2 historical-668f4ae198732db69ce31003feb151c3f3a1a005.zip