summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOlivier Crête <tester@gentoo.org>2008-03-08 16:30:51 +0000
committerOlivier Crête <tester@gentoo.org>2008-03-08 16:30:51 +0000
commit26c5df12e0fa0b622364554b86c3b5088c9e13c8 (patch)
treecf3ae320de595badaebc53595ec4c14633bdce17 /dev-util
parentamd64 stable wrt bug #209049 (diff)
downloadgentoo-2-26c5df12e0fa0b622364554b86c3b5088c9e13c8.tar.gz
gentoo-2-26c5df12e0fa0b622364554b86c3b5088c9e13c8.tar.bz2
gentoo-2-26c5df12e0fa0b622364554b86c3b5088c9e13c8.zip
Add fix for malformed GIF loading exploit, bug #208464
(Portage version: 2.1.4.4)
Diffstat (limited to 'dev-util')
-rw-r--r--dev-util/insight/ChangeLog10
-rw-r--r--dev-util/insight/files/tkImgGIF.patch63
-rw-r--r--dev-util/insight/insight-6.7.1-r1.ebuild76
3 files changed, 147 insertions, 2 deletions
diff --git a/dev-util/insight/ChangeLog b/dev-util/insight/ChangeLog
index 7ca772a0afd3..5eefcbcbd197 100644
--- a/dev-util/insight/ChangeLog
+++ b/dev-util/insight/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for dev-util/insight
-# Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-util/insight/ChangeLog,v 1.41 2007/11/09 08:41:38 vapier Exp $
+# Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/dev-util/insight/ChangeLog,v 1.42 2008/03/08 16:30:51 tester Exp $
+
+*insight-6.7.1-r1 (08 Mar 2008)
+
+ 08 Mar 2008; Olivier Crête <tester@gentoo.org> +files/tkImgGIF.patch,
+ +insight-6.7.1-r1.ebuild:
+ Add fix for malformed GIF loading exploit, bug #208464
*insight-6.7.1 (09 Nov 2007)
diff --git a/dev-util/insight/files/tkImgGIF.patch b/dev-util/insight/files/tkImgGIF.patch
new file mode 100644
index 000000000000..e8a81f384f28
--- /dev/null
+++ b/dev-util/insight/files/tkImgGIF.patch
@@ -0,0 +1,63 @@
+Index: generic/tkImgGIF.c
+===================================================================
+RCS file: /cvsroot/tktoolkit/tk/generic/tkImgGIF.c,v
+retrieving revision 1.24.2.5
+diff -u -r1.24.2.5 tkImgGIF.c
+--- generic/tkImgGIF.c 11 Sep 2007 18:01:45 -0000 1.24.2.5
++++ generic/tkImgGIF.c 25 Jan 2008 19:23:01 -0000
+@@ -826,6 +826,12 @@
+ Tcl_PosixError(interp), (char *) NULL);
+ return TCL_ERROR;
+ }
++
++ if (initialCodeSize > MAX_LWZ_BITS) {
++ Tcl_SetResult(interp, "malformed image", TCL_STATIC);
++ return TCL_ERROR;
++ }
++
+ if (transparent != -1) {
+ cmap[transparent][CM_RED] = 0;
+ cmap[transparent][CM_GREEN] = 0;
+Index: tests/imgPhoto.test
+===================================================================
+RCS file: /cvsroot/tktoolkit/tk/tests/imgPhoto.test,v
+retrieving revision 1.15.2.5
+diff -u -r1.15.2.5 imgPhoto.test
+--- tests/imgPhoto.test 11 Sep 2007 18:01:46 -0000 1.15.2.5
++++ tests/imgPhoto.test 25 Jan 2008 19:23:01 -0000
+@@ -681,6 +681,35 @@
+ image delete $i
+ }
+
++test imgPhoto-14.4 {GIF buffer overflow} -setup {
++ set i [image create photo]
++} -body {
++ # This crashes Tk up to 8.4.17 and 8.5.0
++ $i configure -data {
++ R0lGODlhCgAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/
++ AP//AAAA//8A/wD//////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
++ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
++ AAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBmAABmMwBmZgBm
++ mQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/
++ AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMz
++ mTMzzDMz/zNmADNmMzNmZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPM
++ ADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYA
++ mWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZmzGZm/2aZ
++ AGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/
++ mWb/zGb//5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lm
++ AJlmM5lmZplmmZlmzJlm/5mZAJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnM
++ mZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwAM8wAZswAmcwAzMwA/8wz
++ AMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZZsyZ
++ mcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8A
++ AP8AM/8AZv8Amf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9m
++ mf9mzP9m//+ZAP+ZM/+ZZv+Zmf+ZzP+Z///MAP/MM//MZv/Mmf/MzP/M////
++ AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAKAAoAABUSAAD/HEiwoMGD
++ CBMqXMiwYcKAADs=
++ }
++} -cleanup {
++ image delete $i
++} -returnCodes error -result {malformed image}
++
+ test imgPhoto-15.1 {photo images can fail to allocate memory gracefully} \
+ {nonPortable} {
+ # This is not portable to very large machines with more around
diff --git a/dev-util/insight/insight-6.7.1-r1.ebuild b/dev-util/insight/insight-6.7.1-r1.ebuild
new file mode 100644
index 000000000000..21628e1b77e4
--- /dev/null
+++ b/dev-util/insight/insight-6.7.1-r1.ebuild
@@ -0,0 +1,76 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-util/insight/insight-6.7.1-r1.ebuild,v 1.1 2008/03/08 16:30:51 tester Exp $
+
+inherit eutils flag-o-matic
+
+export CTARGET=${CTARGET:-${CHOST}}
+if [[ ${CTARGET} == ${CHOST} ]] ; then
+ if [[ ${CATEGORY/cross-} != ${CATEGORY} ]] ; then
+ export CTARGET=${CATEGORY/cross-}
+ fi
+fi
+
+DESCRIPTION="A graphical interface to the GNU debugger"
+HOMEPAGE="http://sourceware.org/insight/"
+SRC_URI="ftp://sources.redhat.com/pub/${PN}/releases/${P}.tar.bz2"
+
+LICENSE="GPL-2 LGPL-2"
+[[ ${CTARGET} != ${CHOST} ]] \
+ && SLOT="${CTARGET}" \
+ || SLOT="0"
+KEYWORDS="~alpha ~amd64 ~ppc ~sparc ~x86"
+IUSE="nls"
+
+RDEPEND="sys-libs/ncurses
+ x11-libs/libX11"
+DEPEND="${RDEPEND}
+ nls? ( sys-devel/gettext )"
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+ epatch "${FILESDIR}"/${PN}-6.6-DESTDIR.patch
+ epatch "${FILESDIR}"/${PN}-6.6-burn-paths.patch
+
+ cd "${S}/tk"
+ epatch "${FILESDIR}"/tkImgGIF.patch
+}
+
+src_compile() {
+ append-flags -fno-strict-aliasing # tcl code sucks
+ strip-linguas -u bfd/po opcodes/po
+ econf \
+ --disable-werror \
+ $(use_enable nls) \
+ --enable-gdbtk \
+ --disable-tui \
+ --datadir=/usr/share/${PN} \
+ || die
+ emake || die
+}
+
+src_install() {
+ # the tcl-related subdirs are not parallel safe
+ emake -j1 DESTDIR="${D}" install || die
+
+ # Don't install docs when building a cross-insight
+ if [[ ${CTARGET} == ${CHOST} ]] ; then
+ dodoc gdb/gdbtk/{README,TODO}
+ fi
+
+ # the gui tcl code does not consider any of the configure
+ # options given it ... instead, it requires the path to
+ # be /usr/share/redhat/...
+ mv "${D}"/usr/share/${PN}/redhat "${D}"/usr/share/ || die
+
+ # scrub all the cruft we dont want
+ local x
+ cd "${D}"/usr/bin
+ for x in * ; do
+ [[ ${x} != *insight ]] && rm -f ${x}
+ done
+ cd "${D}"
+ rm -rf usr/{include,man,share/{info,locale,man}}
+ rm -rf usr/lib*
+}