media-gfx/gimp: 2.6.12-r2 for CVE-2012-2763

Package-Manager: portage-2.1.10.65/cvs/Linux x86_64
author: Sebastian Pipping <sping@gentoo.org> 2012-07-08 22:57:28 +0000
committer: Sebastian Pipping <sping@gentoo.org> 2012-07-08 22:57:28 +0000
commit: bde35c824fbe4045fc75b309cc99fc53a7afeacc (patch)
tree: dac29482940c7cfa32cc590d62ece1d5bf9b96d8 /media-gfx/gimp
parent: marked x86 per bug 425054 (diff)
download: historical-bde35c824fbe4045fc75b309cc99fc53a7afeacc.tar.gz
historical-bde35c824fbe4045fc75b309cc99fc53a7afeacc.tar.bz2
historical-bde35c824fbe4045fc75b309cc99fc53a7afeacc.zip
4 files changed, 191 insertions, 5 deletions
diff --git a/media-gfx/gimp/ChangeLog b/media-gfx/gimp/ChangeLog
index f7153500959a..62578ebaa3e9 100644
--- a/media-gfx/gimp/ChangeLog
+++ b/media-gfx/gimp/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for media-gfx/gimp
 # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-gfx/gimp/ChangeLog,v 1.374 2012/06/20 22:34:00 sping Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-gfx/gimp/ChangeLog,v 1.375 2012/07/08 22:57:28 sping Exp $
+
+*gimp-2.6.12-r2 (08 Jul 2012)
+
+  08 Jul 2012; Sebastian Pipping <sping@gentoo.org> +gimp-2.6.12-r2.ebuild,
+  +files/gimp-2.6.12-CVE-2012-2763.patch:
+  Add backport of patch to CVE-2012-2763 by mancha
 
   20 Jun 2012; Sebastian Pipping <sping@gentoo.org> gimp-2.8.0-r1.ebuild:
   Make use of --disable-silent-rules configure parameter to make build logs
diff --git a/media-gfx/gimp/Manifest b/media-gfx/gimp/Manifest
index afe90e64d422..cac16205052e 100644
--- a/media-gfx/gimp/Manifest
+++ b/media-gfx/gimp/Manifest
@@ -4,6 +4,7 @@ Hash: SHA1
 AUX gimp-2.6.11-cve-2011-2896.patch 1818 RMD160 4cc01a8197a31f3793897150e190ea097135efe7 SHA1 fc510e48d6a0e4840b7d98d93d0d4350add167ca SHA256 6613af30b70afb984a89dc8fa75ca6ba3271471d7fd62de23a1a9fda2fd5ec89
 AUX gimp-2.6.11-file-uri.patch 2209 RMD160 17cd5c7b454e7f64f7ed50cec4d9fe160ce7f2fc SHA1 77b3f6f50934a70f2ac938cfa0a1876ee72c2d14 SHA256 cb9da632417fcc866c047104cfbe25b5b9964fa5e65e333c042fdf23c19e692f
 AUX gimp-2.6.11-poppler-0.17.patch 15620 RMD160 5f22b65bcadecbff1b67a42a6dd48fd167272bc9 SHA1 418cbe80cc5cd7f6476ce196c755344954df83e0 SHA256 69b214ff495c7cbc1f52c0c56fa9a09e4dfba47f54da8bb3c8b063b26b8d04bd
+AUX gimp-2.6.12-CVE-2012-2763.patch 711 RMD160 51799cd0ca7e188086f10d95dcc97e1a7a6ac708 SHA1 0545a3f3a52d45507419d6977eebb0df12b6a037 SHA256 6ea0d78cf8a70bdc8cd7877ec41750ee5d4bbf5f391910328eae3b3d6e83dc48
 AUX gimp-2.6.12-potfiles-skip.patch 481 RMD160 4ddf02e9f6f1c09daf9d29546bd3f107b555a016 SHA1 1419bac320d9bfec8fb92b5dabdb626013d7542d SHA256 1ed0292cab5bc744b3c4450827accc86f1719eb8e75416c282e84a8f65eb9f2f
 AUX gimp-2.7.3-glib-2.29.patch 478 RMD160 24895c62b2ad03247a8bc47d79cd55059188b283 SHA1 c4b8719c7904f4b1349e40ca1e409367a9f5997a SHA256 76a2bac5fbcaacbef592e6c137e12b72320f38224c3c9a717b82f6c34404bbdc
 AUX gimp-2.7.3-libm.patch 995 RMD160 7db10366261d3b302cac3fda669d805fa3a9d09e SHA1 612e372060d37ea13939a92eff6b5383710f9b51 SHA256 cb49b9611aca4e0082cc2f3e0c334341df3ac41009fda41355bd8af77b8601ca
@@ -29,6 +30,7 @@ EBUILD gimp-2.6.11-r4.ebuild 3592 RMD160 c31c57e3efe9bfbd986492375956a6a043224ae
 EBUILD gimp-2.6.11-r5.ebuild 3860 RMD160 312435af1cb9aea93e5c1cae5928996b34f08097 SHA1 7eca0eb13df34a64fb97622ad2c82e0e14999182 SHA256 9c281a31d6b73ce539cf3c900967c2a151b145065f5fa7e541ccfa77c6f386c5
 EBUILD gimp-2.6.11-r6.ebuild 4087 RMD160 e0fc1eedefb122cccc8317eb9abfe914e02475cf SHA1 ab49b429e4910d703dad2d93f7cc425296691029 SHA256 73363236f423cd87341c1a9d14b69da103cdac2fa0e5c0540f094cd40448fe52
 EBUILD gimp-2.6.12-r1.ebuild 4111 RMD160 44cdeffbdee85e8647bf0349cb528da4a9e14137 SHA1 e5670de2586b29fea302ce665c818e0c04d5bc3f SHA256 f32c0f92ee3e9c347ef1f2040598eaa64f8e185ba98a88f987099c8038800d02
+EBUILD gimp-2.6.12-r2.ebuild 4243 RMD160 3ae53601063b0a5df9c6ce086b55987465dcaf3d SHA1 bff3a50b2f54a8810cb452d89cb5c3fbb18c1622 SHA256 b491ab0624217cc95542e5212d398a11a22ea72fe6c404a530413485f3e28631
 EBUILD gimp-2.6.12.ebuild 3502 RMD160 4e0fd3ae96ec46500b95f39c239d4d8d4e9d33e8 SHA1 28a9368980d4c70d7d721b44d901b3d8b7b2d615 SHA256 54c71b43a91c0ab52ca97ff01adb9bdb8023c6723b65d7b8cea93441c4c7d3ea
 EBUILD gimp-2.7.3-r1.ebuild 3619 RMD160 9a0442bae9acad14346f89ee7d7341daa25a58c4 SHA1 8699aa4739d44918918cc7dd301d93ad797e0c6c SHA256 ef525f90f19a2a5fb21ceefc77c7332764749b1d5476eaa2a0956d1ec22af75b
 EBUILD gimp-2.7.3.ebuild 3225 RMD160 7184efc8e9b6b38b10e5ac2a0fa745113f470668 SHA1 14d0c039f5f7655f880db96cf865c90c85e5c7a4 SHA256 2d947c62bae5e393e9dcdca6b7029e5284b782b55f47b5e945734b671454c755
@@ -38,12 +40,12 @@ EBUILD gimp-2.8.0-r1.ebuild 4519 RMD160 563e4615d36808903b3b682d6dac36d942852a0d
 EBUILD gimp-2.8.0.ebuild 3930 RMD160 fa79fad2a08964c49c0958aa17d4637f5b7bd22d SHA1 ef7b18a376e321b543ef672a0d2c156f9cf0a70a SHA256 e3cc280f66b82dd2eeaf623d6403855e2231beae8c86b6d8c94a58fc9422a514
 EBUILD gimp-2.8.0_rc1.ebuild 3842 RMD160 6016ef2c7b758be8a939ef18be3de06c71d81e1f SHA1 dd5ef8c8ef296f6208f7251c892602683fd2f973 SHA256 33160f825372ae0e42293b1af29e5e7e74175f9da19620cc2a2b1faf7dd6955b
 EBUILD gimp-9999.ebuild 3849 RMD160 4ce43a5028d602b1f99b61afe5d6edbc54e3b92d SHA1 62b4ff5ef27893794224a4a8a44e5c2324bbd5d5 SHA256 80448904474576d67a5a352124d110b28dd4cd63f2248336d0c419bb3e47d5ba
-MISC ChangeLog 52841 RMD160 213c9b9a884e33c3070757ae3ce2c276bd7fb568 SHA1 8391e1880fae405e679943cd53229a7afe0176b9 SHA256 1a673d912be6087bd5d5ce2642d4fa0ddc79182026b06428aeabf84fdc0f8ff2
+MISC ChangeLog 53042 RMD160 def34c8e5f3049e29d1a3aa663b95c1793f9a2db SHA1 22c39863ed4bc95c00479105e0e422ea317a83a1 SHA256 c9f24f379aafdfae0e818a1cfda55cd4ca5c83a103369aad281209438a4fd12e
 MISC metadata.xml 395 RMD160 21c615f6cbae64b239eb177892aa533f261dcdfe SHA1 d37e0e0c4b92b44b787ea0f5d841a59be30dbd2f SHA256 f39e4503da8cb7302e8f1a947baf406445ea8420ddfac9c1bfd4fe75d0e4fb34
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.19 (GNU/Linux)
 
-iEYEARECAAYFAk/iT8MACgkQsAvGakAaFgB0vgCfbfFkvvRHzz7L9QEEjnS/UQN0
-FE4AnjSYH8f+oUy9UugM3jm1mitZW9Fb
-=51WR
+iEYEARECAAYFAk/6EEcACgkQsAvGakAaFgBHgQCeLDBEpICpcy7ciiGE6KbZxrCm
+swwAoKSpBr5+CYX7V/uncbadU1/+yCtU
+=hvcK
 -----END PGP SIGNATURE-----
diff --git a/media-gfx/gimp/files/gimp-2.6.12-CVE-2012-2763.patch b/media-gfx/gimp/files/gimp-2.6.12-CVE-2012-2763.patch
new file mode 100644
index 000000000000..c922b6399cc8
--- /dev/null
+++ b/media-gfx/gimp/files/gimp-2.6.12-CVE-2012-2763.patch
@@ -0,0 +1,20 @@
+Fix for CVE-2012-2763 for GIMP 2.6.x by mancha. Based on commit
+76155d79df8d497. Thanks to muks, Kevin, and Ankh for identifying
+the relevant code change.
+
+Ref: Fixed potential buffer overflow in readstr_upto().
+
+================================================
+
+--- a/plug-ins/script-fu/tinyscheme/scheme.c.orig	2012-06-30
++++ b/plug-ins/script-fu/tinyscheme/scheme.c		2012-06-30
+@@ -1727,7 +1727,8 @@ static char *readstr_upto(scheme *sc, ch
+     c = inchar(sc);
+     len = g_unichar_to_utf8(c, p);
+     p += len;
+-  } while (c && !is_one_of(delim, c));
++  } while ((p - sc->strbuff < sizeof(sc->strbuff)) &&
++           (c && !is_one_of(delim, c)));
+ 
+   if(p==sc->strbuff+2 && c_prev=='\\')
+     *p = '\0';
diff --git a/media-gfx/gimp/gimp-2.6.12-r2.ebuild b/media-gfx/gimp/gimp-2.6.12-r2.ebuild
new file mode 100644
index 000000000000..cce2b62adf04
--- /dev/null
+++ b/media-gfx/gimp/gimp-2.6.12-r2.ebuild
@@ -0,0 +1,158 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/media-gfx/gimp/gimp-2.6.12-r2.ebuild,v 1.1 2012/07/08 22:57:28 sping Exp $
+
+EAPI="3"
+
+PYTHON_DEPEND="python? 2:2.5"
+
+inherit eutils gnome2 fdo-mime multilib python
+
+DESCRIPTION="GNU Image Manipulation Program"
+HOMEPAGE="http://www.gimp.org/"
+SRC_URI="
+	http://dev.gentoo.org/~jlec/distfiles/${PN}-2.6.11-underlinking.patch.xz
+	mirror://gimp/v2.6/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="2"
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+
+LANGS="am ar ast az be bg ca ca@valencia cs da de dz el en_CA en_GB eo es et eu fa fi fr ga gl gu he hi hr hu id is it ja ka kk km kn ko lt lv mk ml mr ms my nb nds ne nl nn oc or pa pl pt pt_BR ro ru rw si sk sl sr sr@latin sv ta th tr tt uk vi xh yi zh_CN zh_HK zh_TW"
+IUSE="alsa aalib altivec curl dbus debug doc exif gnome jpeg lcms mmx mng pdf png python smp sse svg tiff webkit wmf"
+
+for lang in ${LANGS}; do
+	IUSE+=" linguas_${lang}"
+done
+
+RDEPEND="
+	>=dev-libs/glib-2.18.1:2
+	dev-libs/libxml2
+	dev-libs/libxslt
+	>=media-libs/fontconfig-2.2.0
+	>=media-libs/freetype-2.1.7
+	>=media-libs/gegl-0.0.22 <media-libs/gegl-0.2
+	>=x11-libs/gtk+-2.12.5:2
+	x11-libs/libXpm
+	>=x11-libs/pango-1.18.0
+	sys-libs/zlib
+	x11-themes/hicolor-icon-theme
+	aalib? ( media-libs/aalib )
+	alsa? ( media-libs/alsa-lib )
+	curl? ( net-misc/curl )
+	dbus? ( dev-libs/dbus-glib )
+	exif? ( >=media-libs/libexif-0.6.15 )
+	gnome? ( gnome-base/gvfs )
+	jpeg? ( virtual/jpeg:0 )
+	lcms? ( =media-libs/lcms-1* )
+	mng? ( media-libs/libmng )
+	pdf? ( >=app-text/poppler-0.12.3-r3[cairo] )
+	png? ( >=media-libs/libpng-1.2.2:0 )
+	python?	( >=dev-python/pygtk-2.10.4:2 )
+	svg? ( >=gnome-base/librsvg-2.8.0:2 )
+	tiff? ( >=media-libs/tiff-3.5.7:0 )
+	webkit? ( net-libs/webkit-gtk:2 )
+	wmf? ( >=media-libs/libwmf-0.2.8 )"
+DEPEND="${RDEPEND}
+	>=dev-util/intltool-0.40
+	virtual/pkgconfig
+	>=sys-devel/gettext-0.17
+	doc? ( >=dev-util/gtk-doc-1 )"
+
+DOCS="AUTHORS ChangeLog* HACKING NEWS README*"
+
+pkg_setup() {
+	G2CONF="--enable-default-binary \
+		--with-x \
+		$(use_with aalib aa) \
+		$(use_with alsa) \
+		$(use_enable altivec) \
+		$(use_with curl libcurl) \
+		$(use_with dbus) \
+		--without-hal \
+		$(use_with gnome gvfs) \
+		--without-gnomevfs \
+		$(use_with webkit) \
+		$(use_with jpeg libjpeg) \
+		$(use_with exif libexif) \
+		$(use_with lcms) \
+		$(use_enable mmx) \
+		$(use_with mng libmng) \
+		$(use_with pdf poppler) \
+		$(use_with png libpng) \
+		$(use_enable python) \
+		$(use_enable smp mp) \
+		$(use_enable sse) \
+		$(use_with svg librsvg) \
+		$(use_with tiff libtiff) \
+		$(use_with wmf)"
+
+	if use python; then
+		python_set_active_version 2
+		python_pkg_setup
+	fi
+}
+
+src_prepare() {
+	# don't use empty, removed header
+	# https://bugs.gentoo.org/show_bug.cgi?id=377075
+	epatch "${FILESDIR}"/gimp-curl-headers.diff
+
+	# apply file-uri patch by upstream
+	# https://bugs.gentoo.org/show_bug.cgi?id=372941
+	# https://bugzilla.gnome.org/show_bug.cgi?id=653980#c6
+	epatch "${FILESDIR}"/${PN}-2.6.11-file-uri.patch
+
+	# fix test suite
+	# https://bugs.gentoo.org/show_bug.cgi?id=406625
+	epatch "${FILESDIR}"/${P}-potfiles-skip.patch
+
+	# buffer overflow patch backport
+	# https://bugs.gentoo.org/show_bug.cgi?id=418425
+	epatch "${FILESDIR}"/${P}-CVE-2012-2763.patch
+
+	echo '#!/bin/sh' > py-compile
+	gnome2_src_prepare
+}
+
+_clean_up_locales() {
+	elog "Cleaning up locales..."
+	for lang in ${LANGS}; do
+		use "linguas_${lang}" && {
+			elog "- keeping ${lang}"
+			continue
+		}
+		rm -Rf "${D}"/usr/share/locale/"${lang}" || die
+	done
+}
+
+src_install() {
+	gnome2_src_install
+
+	if use python; then
+		python_convert_shebangs -r $(python_get_version) "${ED}"
+		python_need_rebuild
+	fi
+
+	# Workaround for bug #321111 to give GIMP the least
+	# precedence on PDF documents by default
+	mv "${D}"/usr/share/applications/{,zzz-}gimp.desktop || die
+
+	find "${D}" -name '*.la' -delete || die
+
+	_clean_up_locales
+}
+
+pkg_postinst() {
+	gnome2_pkg_postinst
+
+	use python && python_mod_optimize /usr/$(get_libdir)/gimp/2.0/python \
+		/usr/$(get_libdir)/gimp/2.0/plug-ins
+}
+
+pkg_postrm() {
+	gnome2_pkg_postrm
+
+	use python && python_mod_cleanup /usr/$(get_libdir)/gimp/2.0/python \
+		/usr/$(get_libdir)/gimp/2.0/plug-ins
+}
author	Sebastian Pipping <sping@gentoo.org>	2012-07-08 22:57:28 +0000
committer	Sebastian Pipping <sping@gentoo.org>	2012-07-08 22:57:28 +0000
commit	bde35c824fbe4045fc75b309cc99fc53a7afeacc (patch)
tree	dac29482940c7cfa32cc590d62ece1d5bf9b96d8 /media-gfx/gimp
parent	marked x86 per bug 425054 (diff)
download	historical-bde35c824fbe4045fc75b309cc99fc53a7afeacc.tar.gz historical-bde35c824fbe4045fc75b309cc99fc53a7afeacc.tar.bz2 historical-bde35c824fbe4045fc75b309cc99fc53a7afeacc.zip