media-gfx/gimp: 2.8.2-r1 (security, bug #444280)

(Portage version: 2.1.11.31/cvs/Linux x86_64, signed Manifest commit with key 0x401A1600)

3 files changed, 348 insertions, 1 deletions

diff --git a/media-gfx/gimp/ChangeLog b/media-gfx/gimp/ChangeLog
index 3224f6482bfd..c0740d43870c 100644
--- a/media-gfx/gimp/ChangeLog
+++ b/media-gfx/gimp/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for media-gfx/gimp
 # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-gfx/gimp/ChangeLog,v 1.398 2012/09/29 20:14:22 sping Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-gfx/gimp/ChangeLog,v 1.399 2012/11/25 19:38:46 sping Exp $
+
+*gimp-2.8.2-r1 (25 Nov 2012)
+
+  25 Nov 2012; Sebastian Pipping <sping@gentoo.org> +gimp-2.8.2-r1.ebuild,
+  +files/gimp-2.8.2-xwd-file-security.patch:
+  Apply upstream security patch on reading XWD files (bug #444280)
 
   29 Sep 2012; Sebastian Pipping <sping@gentoo.org> -gimp-2.6.12-r2.ebuild,
   -gimp-2.6.12-r4.ebuild:
diff --git a/media-gfx/gimp/files/gimp-2.8.2-xwd-file-security.patch b/media-gfx/gimp/files/gimp-2.8.2-xwd-file-security.patch
new file mode 100644
index 000000000000..da69ec6a0b58
--- /dev/null
+++ b/media-gfx/gimp/files/gimp-2.8.2-xwd-file-security.patch
@@ -0,0 +1,173 @@
+From 2873262fccba12af144ed96ed91be144d92ff2e1 Mon Sep 17 00:00:00 2001
+From: Michael Natterer <mitch@gimp.org>
+Date: Wed, 07 Nov 2012 23:16:31 +0000
+Subject: Bug 687392 - Memory corruption vulnerability when reading XWD files
+
+Applied and enhanced patch from andres which makes file-xwd detect
+this kind of file corruption and abort loading with an error message.
+(cherry picked from commit 0b35f6a082a0b3c372c568ea6bde39a4796acde2)
+---
+diff --git a/plug-ins/common/file-xwd.c b/plug-ins/common/file-xwd.c
+index 4e8a95e..f91d757 100644
+--- a/plug-ins/common/file-xwd.c
++++ b/plug-ins/common/file-xwd.c
+@@ -186,11 +186,13 @@ static gint32 load_xwd_f2_d16_b16 (const gchar *,
+ static gint32 load_xwd_f2_d24_b32 (const gchar *,
+                                    FILE *,
+                                    L_XWDFILEHEADER *,
+-                                   L_XWDCOLOR *);
++                                   L_XWDCOLOR *,
++                                   GError **);
+ static gint32 load_xwd_f1_d24_b1  (const gchar *,
+                                    FILE *,
+                                    L_XWDFILEHEADER *,
+-                                   L_XWDCOLOR *);
++                                   L_XWDCOLOR *,
++                                   GError **);
+ 
+ static L_CARD32 read_card32  (FILE *,
+                               gint *);
+@@ -540,7 +542,8 @@ load_image (const gchar  *filename,
+     case 1:    /* Single plane pixmap */
+       if ((depth <= 24) && (bpp == 1))
+         {
+-          image_ID = load_xwd_f1_d24_b1 (filename, ifp, &xwdhdr, xwdcolmap);
++          image_ID = load_xwd_f1_d24_b1 (filename, ifp, &xwdhdr, xwdcolmap,
++                                         error);
+         }
+       break;
+ 
+@@ -559,7 +562,8 @@ load_image (const gchar  *filename,
+         }
+       else if ((depth <= 24) && ((bpp == 24) || (bpp == 32)))
+         {
+-          image_ID = load_xwd_f2_d24_b32 (filename, ifp, &xwdhdr, xwdcolmap);
++          image_ID = load_xwd_f2_d24_b32 (filename, ifp, &xwdhdr, xwdcolmap,
++                                          error);
+         }
+       break;
+     }
+@@ -570,7 +574,7 @@ load_image (const gchar  *filename,
+   if (xwdcolmap)
+     g_free (xwdcolmap);
+ 
+-  if (image_ID == -1)
++  if (image_ID == -1 && ! (error && *error))
+     g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
+                  _("XWD-file %s has format %d, depth %d and bits per pixel %d. "
+                    "Currently this is not supported."),
+@@ -1624,10 +1628,11 @@ load_xwd_f2_d16_b16 (const gchar     *filename,
+ /* Load XWD with pixmap_format 2, pixmap_depth up to 24, bits_per_pixel 24/32 */
+ 
+ static gint32
+-load_xwd_f2_d24_b32 (const gchar     *filename,
+-                     FILE            *ifp,
+-                     L_XWDFILEHEADER *xwdhdr,
+-                     L_XWDCOLOR      *xwdcolmap)
++load_xwd_f2_d24_b32 (const gchar      *filename,
++                     FILE             *ifp,
++                     L_XWDFILEHEADER  *xwdhdr,
++                     L_XWDCOLOR       *xwdcolmap,
++                     GError          **error)
+ {
+   register guchar *dest, lsbyte_first;
+   gint             width, height, linepad, i, j, c0, c1, c2, c3;
+@@ -1652,12 +1657,6 @@ load_xwd_f2_d24_b32 (const gchar     *filename,
+   width  = xwdhdr->l_pixmap_width;
+   height = xwdhdr->l_pixmap_height;
+ 
+-  image_ID = create_new_image (filename, width, height, GIMP_RGB,
+-                               &layer_ID, &drawable, &pixel_rgn);
+-
+-  tile_height = gimp_tile_height ();
+-  data = g_malloc (tile_height * width * 3);
+-
+   redmask   = xwdhdr->l_red_mask;
+   greenmask = xwdhdr->l_green_mask;
+   bluemask  = xwdhdr->l_blue_mask;
+@@ -1685,6 +1684,22 @@ load_xwd_f2_d24_b32 (const gchar     *filename,
+   maxblue = 0; while (bluemask >> (blueshift + maxblue)) maxblue++;
+   maxblue = (1 << maxblue) - 1;
+ 
++  if (maxred   > sizeof (redmap)   ||
++      maxgreen > sizeof (greenmap) ||
++      maxblue  > sizeof (bluemap))
++    {
++      g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
++                   _("XWD-file %s is corrupt."),
++                   gimp_filename_to_utf8 (filename));
++      return -1;
++    }
++
++  image_ID = create_new_image (filename, width, height, GIMP_RGB,
++                               &layer_ID, &drawable, &pixel_rgn);
++
++  tile_height = gimp_tile_height ();
++  data = g_malloc (tile_height * width * 3);
++
+   /* Set map-arrays for red, green, blue */
+   for (red = 0; red <= maxred; red++)
+     redmap[red] = (red * 255) / maxred;
+@@ -1825,10 +1840,11 @@ load_xwd_f2_d24_b32 (const gchar     *filename,
+ /* Load XWD with pixmap_format 1, pixmap_depth up to 24, bits_per_pixel 1 */
+ 
+ static gint32
+-load_xwd_f1_d24_b1 (const gchar     *filename,
+-                    FILE            *ifp,
+-                    L_XWDFILEHEADER *xwdhdr,
+-                    L_XWDCOLOR      *xwdcolmap)
++load_xwd_f1_d24_b1 (const gchar      *filename,
++                    FILE             *ifp,
++                    L_XWDFILEHEADER  *xwdhdr,
++                    L_XWDCOLOR       *xwdcolmap,
++                    GError          **error)
+ {
+   register guchar *dest, outmask, inmask, do_reverse;
+   gint             width, height, i, j, plane, fromright;
+@@ -1863,13 +1879,6 @@ load_xwd_f1_d24_b1 (const gchar     *filename,
+   indexed         = (xwdhdr->l_pixmap_depth <= 8);
+   bytes_per_pixel = (indexed ? 1 : 3);
+ 
+-  image_ID = create_new_image (filename, width, height,
+-                               indexed ? GIMP_INDEXED : GIMP_RGB,
+-                               &layer_ID, &drawable, &pixel_rgn);
+-
+-  tile_height = gimp_tile_height ();
+-  data = g_malloc (tile_height * width * bytes_per_pixel);
+-
+   for (j = 0; j < 256; j++)   /* Create an array for reversing bits */
+     {
+       inmask = 0;
+@@ -1913,6 +1922,16 @@ load_xwd_f1_d24_b1 (const gchar     *filename,
+       maxblue = 0; while (bluemask >> (blueshift + maxblue)) maxblue++;
+       maxblue = (1 << maxblue) - 1;
+ 
++      if (maxred   > sizeof (redmap)   ||
++          maxgreen > sizeof (greenmap) ||
++          maxblue  > sizeof (bluemap))
++        {
++          g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
++                       _("XWD-file %s is corrupt."),
++                       gimp_filename_to_utf8 (filename));
++          return -1;
++        }
++
+       /* Set map-arrays for red, green, blue */
+       for (red = 0; red <= maxred; red++)
+         redmap[red] = (red * 255) / maxred;
+@@ -1922,6 +1941,13 @@ load_xwd_f1_d24_b1 (const gchar     *filename,
+         bluemap[blue] = (blue * 255) / maxblue;
+     }
+ 
++  image_ID = create_new_image (filename, width, height,
++                               indexed ? GIMP_INDEXED : GIMP_RGB,
++                               &layer_ID, &drawable, &pixel_rgn);
++
++  tile_height = gimp_tile_height ();
++  data = g_malloc (tile_height * width * bytes_per_pixel);
++
+   ncols = xwdhdr->l_colormap_entries;
+   if (xwdhdr->l_ncolors < ncols)
+     ncols = xwdhdr->l_ncolors;
+--
+cgit v0.9.0.2
diff --git a/media-gfx/gimp/gimp-2.8.2-r1.ebuild b/media-gfx/gimp/gimp-2.8.2-r1.ebuild
new file mode 100644
index 000000000000..f56f7ac886f6
--- /dev/null
+++ b/media-gfx/gimp/gimp-2.8.2-r1.ebuild
@@ -0,0 +1,168 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/media-gfx/gimp/gimp-2.8.2-r1.ebuild,v 1.1 2012/11/25 19:38:46 sping Exp $
+
+EAPI="3"
+PYTHON_DEPEND="python? 2:2.5"
+
+inherit versionator autotools eutils gnome2 fdo-mime multilib python
+
+DESCRIPTION="GNU Image Manipulation Program"
+HOMEPAGE="http://www.gimp.org/"
+SRC_URI="mirror://gimp/v$(get_version_component_range 1-2)/${P}.tar.bz2"
+LICENSE="GPL-3 LGPL-3"
+SLOT="2"
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+
+LANGS="am ar ast az be bg br ca ca@valencia cs csb da de dz el en_CA en_GB eo es et eu fa fi fr ga gl gu he hi hr hu id is it ja ka kk km kn ko lt lv mk ml ms my nb nds ne nl nn oc pa pl pt pt_BR ro ru rw si sk sl sr sr@latin sv ta te th tr tt uk vi xh yi zh_CN zh_HK zh_TW"
+IUSE="alsa aalib altivec bzip2 curl dbus debug doc exif gnome postscript jpeg jpeg2k lcms mmx mng pdf png python smp sse svg tiff udev webkit wmf xpm"
+
+for lang in ${LANGS}; do
+	IUSE+=" linguas_${lang}"
+done
+
+RDEPEND=">=dev-libs/glib-2.30.2:2
+	>=dev-libs/atk-2.2.0
+	>=x11-libs/gtk+-2.24.10:2
+	>=x11-libs/gdk-pixbuf-2.24.1:2
+	>=x11-libs/cairo-1.10.2
+	>=x11-libs/pango-1.29.4
+	xpm? ( x11-libs/libXpm )
+	>=media-libs/freetype-2.1.7
+	>=media-libs/fontconfig-2.2.0
+	sys-libs/zlib
+	dev-libs/libxml2
+	dev-libs/libxslt
+	x11-themes/hicolor-icon-theme
+	>=media-libs/babl-0.1.10
+	>=media-libs/gegl-0.2.0
+	aalib? ( media-libs/aalib )
+	alsa? ( media-libs/alsa-lib )
+	curl? ( net-misc/curl )
+	dbus? ( dev-libs/dbus-glib )
+	gnome? ( gnome-base/gvfs )
+	webkit? ( >=net-libs/webkit-gtk-1.6.1:2 )
+	jpeg? ( virtual/jpeg:0 )
+	jpeg2k? ( media-libs/jasper )
+	exif? ( >=media-libs/libexif-0.6.15 )
+	lcms? ( >=media-libs/lcms-1.16:0 )
+	mng? ( media-libs/libmng )
+	pdf? ( >=app-text/poppler-0.12.4[cairo] )
+	png? ( >=media-libs/libpng-1.2.37:0 )
+	python?	( >=dev-python/pygtk-2.10.4:2 )
+	tiff? ( >=media-libs/tiff-3.5.7:0 )
+	svg? ( >=gnome-base/librsvg-2.36.0:2 )
+	wmf? ( >=media-libs/libwmf-0.2.8 )
+	x11-libs/libXcursor
+	sys-libs/zlib
+	bzip2? ( app-arch/bzip2 )
+	postscript? ( app-text/ghostscript-gpl )
+	udev? ( sys-fs/udev[gudev] )"
+DEPEND="${RDEPEND}
+	sys-apps/findutils
+	virtual/pkgconfig
+	>=dev-util/intltool-0.40.1
+	>=sys-devel/gettext-0.17
+	doc? ( >=dev-util/gtk-doc-1 )
+	>=sys-devel/libtool-2.2
+	>=sys-devel/automake-1.11
+	dev-util/gtk-doc-am"  # due to our call to eautoreconf below (bug #386453)
+
+DOCS="AUTHORS ChangeLog* HACKING NEWS README*"
+
+S="${WORKDIR}"/${P}
+
+pkg_setup() {
+	G2CONF="--enable-default-binary \
+		--with-x \
+		--disable-silent-rules \
+		$(use_with aalib aa) \
+		$(use_with alsa) \
+		$(use_enable altivec) \
+		$(use_with bzip2) \
+		$(use_with curl libcurl) \
+		$(use_with dbus) \
+		$(use_with gnome gvfs) \
+		$(use_with webkit) \
+		$(use_with jpeg libjpeg) \
+		$(use_with jpeg2k libjasper) \
+		$(use_with exif libexif) \
+		$(use_with lcms) \
+		$(use_with postscript gs) \
+		$(use_enable mmx) \
+		$(use_with mng libmng) \
+		$(use_with pdf poppler) \
+		$(use_with png libpng) \
+		$(use_enable python) \
+		$(use_enable smp mp) \
+		$(use_enable sse) \
+		$(use_with svg librsvg) \
+		$(use_with tiff libtiff) \
+		$(use_with udev gudev) \
+		$(use_with wmf) \
+		--with-xmc \
+		$(use_with xpm libxpm) \
+		--without-xvfb-run"
+
+	if use python; then
+		python_set_active_version 2
+		python_pkg_setup
+	fi
+}
+
+src_prepare() {
+	# https://bugs.gentoo.org/show_bug.cgi?id=444280
+	epatch "${FILESDIR}"/${P}-xwd-file-security.patch
+
+	epatch "${FILESDIR}"/${PN}-2.7.4-no-deprecation.patch  # bug 395695, comment 9 and 16
+	eautoreconf  # If you remove this: remove dev-util/gtk-doc-am from DEPEND, too
+
+	echo '#!/bin/sh' > py-compile
+	gnome2_src_prepare
+}
+
+_clean_up_locales() {
+	einfo "Cleaning up locales..."
+	for lang in ${LANGS}; do
+		use "linguas_${lang}" && {
+			einfo "- keeping ${lang}"
+			continue
+		}
+		rm -Rf "${D}"/usr/share/locale/"${lang}" || die
+	done
+}
+
+src_install() {
+	gnome2_src_install
+
+	if use python; then
+		python_convert_shebangs -r $(python_get_version) "${ED}"
+		python_need_rebuild
+	fi
+
+	# Workaround for bug #321111 to give GIMP the least
+	# precedence on PDF documents by default
+	mv "${D}"/usr/share/applications/{,zzz-}gimp.desktop || die
+
+	find "${D}" -name '*.la' -delete || die
+
+	# Prevent dead symlink gimp-console.1 from downstream man page compression (bug #433527)
+	local gimp_app_version=$(get_version_component_range 1-2)
+	mv "${D}"/usr/share/man/man1/gimp-console{-${gimp_app_version},}.1 || die
+
+	_clean_up_locales
+}
+
+pkg_postinst() {
+	gnome2_pkg_postinst
+
+	use python && python_mod_optimize /usr/$(get_libdir)/gimp/2.0/python \
+		/usr/$(get_libdir)/gimp/2.0/plug-ins
+}
+
+pkg_postrm() {
+	gnome2_pkg_postrm
+
+	use python && python_mod_cleanup /usr/$(get_libdir)/gimp/2.0/python \
+		/usr/$(get_libdir)/gimp/2.0/plug-ins
+}