[crux-commits] ports/opt (3.2): gtk: updated to 2.24.30. Added patch for CVE-2013-7447

commit c3c11645bc9422a2b7d0ae95ce336d26848d3f57 Author: Fredrik Rinnestam <fredrik@crux.nu> Date: Tue Jul 26 18:22:40 2016 +0200 gtk: updated to 2.24.30. Added patch for CVE-2013-7447 diff --git a/gtk/.footprint b/gtk/.footprint index 64d773e..d68044f 100644 --- a/gtk/.footprint +++ b/gtk/.footprint @@ -325,13 +325,13 @@ lrwxrwxrwx root/root usr/lib/libgailutil.so -> libgailutil.so.18.0.1 lrwxrwxrwx root/root usr/lib/libgailutil.so.18 -> libgailutil.so.18.0.1 -rwxr-xr-x root/root usr/lib/libgailutil.so.18.0.1 -rw-r--r-- root/root usr/lib/libgdk-x11-2.0.la -lrwxrwxrwx root/root usr/lib/libgdk-x11-2.0.so -> libgdk-x11-2.0.so.0.2400.29 -lrwxrwxrwx root/root usr/lib/libgdk-x11-2.0.so.0 -> libgdk-x11-2.0.so.0.2400.29 --rwxr-xr-x root/root usr/lib/libgdk-x11-2.0.so.0.2400.29 +lrwxrwxrwx root/root usr/lib/libgdk-x11-2.0.so -> libgdk-x11-2.0.so.0.2400.30 +lrwxrwxrwx root/root usr/lib/libgdk-x11-2.0.so.0 -> libgdk-x11-2.0.so.0.2400.30 +-rwxr-xr-x root/root usr/lib/libgdk-x11-2.0.so.0.2400.30 -rw-r--r-- root/root usr/lib/libgtk-x11-2.0.la -lrwxrwxrwx root/root usr/lib/libgtk-x11-2.0.so -> libgtk-x11-2.0.so.0.2400.29 -lrwxrwxrwx root/root usr/lib/libgtk-x11-2.0.so.0 -> libgtk-x11-2.0.so.0.2400.29 --rwxr-xr-x root/root usr/lib/libgtk-x11-2.0.so.0.2400.29 +lrwxrwxrwx root/root usr/lib/libgtk-x11-2.0.so -> libgtk-x11-2.0.so.0.2400.30 +lrwxrwxrwx root/root usr/lib/libgtk-x11-2.0.so.0 -> libgtk-x11-2.0.so.0.2400.30 +-rwxr-xr-x root/root usr/lib/libgtk-x11-2.0.so.0.2400.30 drwxr-xr-x root/root usr/lib/pkgconfig/ -rw-r--r-- root/root usr/lib/pkgconfig/gail.pc -rw-r--r-- root/root usr/lib/pkgconfig/gdk-2.0.pc diff --git a/gtk/.md5sum b/gtk/.md5sum index f4dfee7..8830abb 100644 --- a/gtk/.md5sum +++ b/gtk/.md5sum @@ -1,3 +1,4 @@ -1b7a3689f65617387b5b54520f4439e8 gtk+-2.24.29.tar.xz +26c6e8f072ff456f5a1bedb47f4bb760 CVE-2013-7447.patch +04568ba5c58b75e3c7543e45628ad789 gtk+-2.24.30.tar.xz 943d209df9d2cbdde16263b7bbfd4c10 gtk-register.sh 981cbb7e87666badc4798ceaf62c7f72 gtk.immodules diff --git a/gtk/CVE-2013-7447.patch b/gtk/CVE-2013-7447.patch new file mode 100644 index 0000000..04656ac --- /dev/null +++ b/gtk/CVE-2013-7447.patch @@ -0,0 +1,32 @@ +From 407c89863d08780861d120f8ccfc8e13582a2fda Mon Sep 17 00:00:00 2001 +From: Matthias Clasen <mclasen@redhat.com> +Date: Sat, 29 Jun 2013 22:06:54 -0400 +Subject: Avoid integer overflow + +Use g_malloc_n in gdk_cairo_set_source_pixbuf when allocating +a large block of memory, to avoid integer overflow. + +Pointed out by Bert Massop in +https://bugzilla.gnome.org/show_bug.cgi?id=703220 + +(cherry picked from commit 894b1ae76a32720f4bb3d39cf460402e3ce331d6) +--- + gdk/gdkcairo.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gdk/gdkcairo.c b/gdk/gdkcairo.c +index a3baa54..3fdb570 100644 +--- a/gdk/gdkcairo.c ++++ b/gdk/gdkcairo.c +@@ -211,7 +211,7 @@ gdk_cairo_set_source_pixbuf (cairo_t *cr, + format = CAIRO_FORMAT_ARGB32; + + cairo_stride = cairo_format_stride_for_width (format, width); +- cairo_pixels = g_malloc (height * cairo_stride); ++ cairo_pixels = g_malloc_n (height, cairo_stride); + surface = cairo_image_surface_create_for_data ((unsigned char *)cairo_pixels, + format, + width, height, cairo_stride); +-- +cgit v0.12 + diff --git a/gtk/Pkgfile b/gtk/Pkgfile index de70333..ea98983 100644 --- a/gtk/Pkgfile +++ b/gtk/Pkgfile @@ -4,20 +4,21 @@ # Depends on: atk, hicolor-icon-theme, gdk-pixbuf, pango, xorg-libsm, xorg-libxcursor, xorg-libxinerama, xorg-libxrandr, xorg-libxcomposite name=gtk -version=2.24.29 +version=2.24.30 release=1 source=(http://download.gnome.org/sources/gtk+/2.24/${name}+-$version.tar.xz \ - gtk.immodules gtk-register.sh) + CVE-2013-7447.patch gtk.immodules gtk-register.sh) build () { - cd gtk+-$version + cd gtk+-$version + patch -p1 -i $SRC/CVE-2013-7447.patch - ./configure --prefix=/usr - make - make DESTDIR=$PKG install - mkdir -p $PKG/usr/etc/gtk-2.0 - install -m 644 $SRC/gtk.immodules $PKG/usr/etc/gtk-2.0/ - rm -r $PKG/usr/share/{locale,gtk-doc,gtk-2.0} $PKG/usr/bin/gtk-demo + ./configure --prefix=/usr + make + make DESTDIR=$PKG install + mkdir -p $PKG/usr/etc/gtk-2.0 + install -m 644 $SRC/gtk.immodules $PKG/usr/etc/gtk-2.0/ + rm -r $PKG/usr/share/{locale,gtk-doc,gtk-2.0} $PKG/usr/bin/gtk-demo - install -m 0755 $SRC/gtk-register.sh $PKG/usr/bin/gtk-register + install -m 0755 $SRC/gtk-register.sh $PKG/usr/bin/gtk-register }