[arch-commits] Commit in xemacs/trunk (4 files)

Stéphane Gaudreault stephane at archlinux.org
Tue Oct 19 23:18:53 UTC 2010 

    Date: Tuesday, October 19, 2010 @ 19:18:53
  Author: stephane
Revision: 96361

db-5.1 rebuild
Apply security patches from Gentoo
Fix FS#20977 and FS#21148

Added:
  xemacs/trunk/xemacs-21.5.29-large-images.patch
  xemacs/trunk/xemacs-21.5.29-optimization-bug.patch
  xemacs/trunk/xemacs-21.5.29-vcdiff.patch
Modified:
  xemacs/trunk/PKGBUILD

---------------------------------------+
 PKGBUILD                              |   50 ++++++++++++----
 xemacs-21.5.29-large-images.patch     |   96 ++++++++++++++++++++++++++++++++
 xemacs-21.5.29-optimization-bug.patch |   14 ++++
 xemacs-21.5.29-vcdiff.patch           |   19 ++++++
 4 files changed, 167 insertions(+), 12 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2010-10-19 22:10:37 UTC (rev 96360)
+++ PKGBUILD	2010-10-19 23:18:53 UTC (rev 96361)
@@ -1,25 +1,46 @@
 # $Id$
 # Maintainer: juergen <juergen at archlinux.org>
+# Contributor : Stéphane Gaudreault <stephane at archlinux.org>
 
 pkgname=xemacs
 pkgver=21.5.29
-pkgrel=2
+pkgrel=3
 pkgdesc="highly customizable open source text editor and application development system forked from GNU Emacs"
 arch=(i686 x86_64)
 url="http://www.xemacs.org/"
 license=('GPL')
-depends=('db>=4.8' 'libpng' 'libtiff' 'gpm>=1.20.4' 'bash' 'ncurses>=5.6-7' 'desktop-file-utils' 'libxaw' 'libjpeg')
+depends=('db' 'libpng' 'libtiff' 'gpm>=1.20.4' 'bash' 'ncurses>=5.6-7' 'desktop-file-utils' 'libxaw' 'libjpeg')
 optdepends=('xorg-fonts-75dpi: X bitmap fonts needed for the interface'
-            'xorg-fonts-100dpi: X bitmap fonts needed for the interface') 
+            'xorg-fonts-100dpi: X bitmap fonts needed for the interface')
 makedepends=('giflib' 'xbitmaps')
 install=xemacs.install
-source=(http://ftp.xemacs.org/pub/xemacs/beta/$pkgname-$pkgver.tar.gz xemacs.desktop)
-md5sums=('5364192ae0d3de23d9f4ce197e6493b5' 'a4d3d5c0aa2c7ce7bec491f809ca3694')
-       
+source=(http://ftp.xemacs.org/pub/xemacs/beta/$pkgname-$pkgver.tar.gz
+        xemacs.desktop
+        xemacs-21.5.29-large-images.patch
+        xemacs-21.5.29-optimization-bug.patch
+        xemacs-21.5.29-vcdiff.patch)
+md5sums=('5364192ae0d3de23d9f4ce197e6493b5'
+         'a4d3d5c0aa2c7ce7bec491f809ca3694'
+         '23ca5a7c50fe7ebebd9fc4525882cdf1'
+         'eb061b10ea3bbe1026df5326ae1618e3'
+         '4ada657a351b226cdd557f9faaeab075')
+
 build() {
   cd "${srcdir}/${pkgname}-${pkgver}"
-  infodir=/usr/share/info
-  mandir=/usr/share/man/man1
+
+  # Fix security issue in vcdiff script
+  patch -Np0 -i ../xemacs-21.5.29-vcdiff.patch
+
+	# Fix problem caused by improper optimization with GCC>=4.1.2 on i686
+ 	# (and possibly other arches). See
+ 	# http://tracker.xemacs.org/XEmacs/its/issue354
+  # for the upstream bug report.
+  patch -Np0 -i ../xemacs-21.5.29-optimization-bug.patch
+ 	
+ 	# Fix for security bug
+  # See http://bugs.gentoo.org/show_bug.cgi?id=275397
+  patch -Np1 -i ../xemacs-21.5.29-large-images.patch
+
   ./configure --build="${CHOST}" --prefix=/usr --with-dynamic \
       --with-x11 --without-postgresql --with-athena=xaw \
       --enable-database=berkdb --without-ldap \
@@ -28,12 +49,17 @@
       --enable-external-widget \
       --with-jpeg --with-png --with-tiff \
       --with-ncurses --with-pop --with-xfs --disable-sound \
-      --infodir=${infodir} \
-      --mandir=${mandir} || return 1
+      --infodir=/usr/share/info \
+      --with-mule \
+      --mandir=/usr/share/man/man1
 
-  make || return 1
-  make -j1 prefix="${pkgdir}/usr" mandir="${pkgdir}${mandir}" infodir="${pkgdir}${infodir}" install gzip-el || return 1
+  make
+}
 
+package() {
+  cd "${srcdir}/${pkgname}-${pkgver}"
+  make -j1 prefix="${pkgdir}/usr" mandir="${pkgdir}/usr/share/man/man1" infodir="${pkgdir}/usr/share/info" install gzip-el
+
   rm ${pkgdir}/usr/bin/{b2m,ctags,etags,rcs-checkin}
   rm ${pkgdir}/usr/share/man/man1/{ctags.1,etags.1}
 

Added: xemacs-21.5.29-large-images.patch
===================================================================
--- xemacs-21.5.29-large-images.patch	                        (rev 0)
+++ xemacs-21.5.29-large-images.patch	2010-10-19 23:18:53 UTC (rev 96361)
@@ -0,0 +1,96 @@
+APPROVE COMMIT 21.5
+
+This patch has been committed.  When trying to open very large image
+files (or image files with header files that claim the image is very
+large), we multiply length times width to get the number of pixels in
+the image (and possibly multiply that number if a pixel occupies more
+than 1 byte).  The multiplication can overflow, resulting in passing
+negative or insufficiently positive size values to malloc.  This patch
+checks whether the multiplication will overflow.  If so, XEmacs
+refuses to attempt to load the image.
+
+(Patch taken from upstream, already applied there)
+
+--- a/src/glyphs-eimage.c	Mon Jun 29 08:20:47 2009 -0600
++++ b/src/glyphs-eimage.c	Wed Jul 01 15:42:54 2009 -0600
+@@ -409,6 +409,7 @@
+    */
+
+   {
++    UINT_64_BIT pixels_sq;
+     int jpeg_gray = 0;		/* if we're dealing with a grayscale */
+     /* Step 4: set parameters for decompression.   */
+
+@@ -431,7 +432,10 @@
+     jpeg_start_decompress (&cinfo);
+
+     /* Step 6: Read in the data and put into EImage format (8bit RGB triples)*/
+-
++    pixels_sq =
++      (UINT_64_BIT) cinfo.output_width * (UINT_64_BIT) cinfo.output_height;
++    if (pixels_sq > ((size_t) -1) / 3)
++      signal_image_error ("JPEG image too large to instantiate", instantiator);
+     unwind.eimage =
+       xnew_binbytes (cinfo.output_width * cinfo.output_height * 3);
+     if (!unwind.eimage)
+@@ -677,6 +681,7 @@
+   {
+     ColorMapObject *cmo = unwind.giffile->SColorMap;
+     int i, j, row, pass, interlace, slice;
++    UINT_64_BIT pixels_sq;
+     Binbyte *eip;
+     /* interlaced gifs have rows in this order:
+        0, 8, 16, ..., 4, 12, 20, ..., 2, 6, 10, ..., 1, 3, 5, ...  */
+@@ -685,6 +690,9 @@
+
+     height = unwind.giffile->SHeight;
+     width = unwind.giffile->SWidth;
++    pixels_sq = (UINT_64_BIT) width * (UINT_64_BIT) height;
++    if (pixels_sq > ((size_t) -1) / (3 * unwind.giffile->ImageCount))
++      signal_image_error ("GIF image too large to instantiate", instantiator);
+     unwind.eimage =
+       xnew_binbytes (width * height * 3 * unwind.giffile->ImageCount);
+     if (!unwind.eimage)
+@@ -948,11 +956,15 @@
+   {
+     int y;
+     Binbyte **row_pointers;
++    UINT_64_BIT pixels_sq;
+     height = info_ptr->height;
+     width = info_ptr->width;
++    pixels_sq = (UINT_64_BIT) width * (UINT_64_BIT) height;
++    if (pixels_sq > ((size_t) -1) / 3)
++      signal_image_error ("PNG image too large to instantiate", instantiator);
+
+     /* Wow, allocate all the memory.  Truly, exciting. */
+-    unwind.eimage = xnew_array_and_zero (Binbyte, width * height * 3);
++    unwind.eimage = xnew_array_and_zero (Binbyte, (size_t) (pixels_sq * 3));
+     /* libpng expects that the image buffer passed in contains a
+        picture to draw on top of if the png has any transparencies.
+        This could be a good place to pass that in... */
+@@ -1299,6 +1311,7 @@
+
+     uint32 *raster;
+     Binbyte *ep;
++    UINT_64_BIT pixels_sq;
+
+     assert (!NILP (data));
+
+@@ -1321,12 +1334,15 @@
+
+     TIFFGetField (unwind.tiff, TIFFTAG_IMAGEWIDTH, &width);
+     TIFFGetField (unwind.tiff, TIFFTAG_IMAGELENGTH, &height);
+-    unwind.eimage = xnew_binbytes (width * height * 3);
++    pixels_sq = (UINT_64_BIT) width * (UINT_64_BIT) height;
++    if (pixels_sq >= 1 << 29)
++      signal_image_error ("TIFF image too large to instantiate", instantiator);
++    unwind.eimage = xnew_binbytes (pixels_sq * 3);
+
+     /* #### This is little more than proof-of-concept/function testing.
+        It needs to be reimplemented via scanline reads for both memory
+        compactness. */
+-    raster = (uint32*) _TIFFmalloc (width * height * sizeof (uint32));
++    raster = (uint32*) _TIFFmalloc ((tsize_t) (pixels_sq * sizeof (uint32)));
+     if (raster != NULL)
+       {
+ 	int i, j;

Added: xemacs-21.5.29-optimization-bug.patch
===================================================================
--- xemacs-21.5.29-optimization-bug.patch	                        (rev 0)
+++ xemacs-21.5.29-optimization-bug.patch	2010-10-19 23:18:53 UTC (rev 96361)
@@ -0,0 +1,14 @@
+Work around a GCC optimization bug as described in
+http://tracker.xemacs.org/XEmacs/its/issue354
+
+--- src/dumper.c.~1~	2008-01-26 09:54:11.000000000 +0100
++++ src/dumper.c	2008-05-03 10:17:03.000000000 +0200
+@@ -2584,7 +2584,7 @@
+ #endif /* !WIN32_NATIVE */
+ 
+ 
+-static int
++int
+ pdump_file_try (Wexttext *exe_path)
+ {
+   Wexttext *w = exe_path + wext_strlen (exe_path);

Added: xemacs-21.5.29-vcdiff.patch
===================================================================
--- xemacs-21.5.29-vcdiff.patch	                        (rev 0)
+++ xemacs-21.5.29-vcdiff.patch	2010-10-19 23:18:53 UTC (rev 96361)
@@ -0,0 +1,19 @@
+--- lib-src/vcdiff.~1~	1996-12-18 23:42:33.000000000 +0100
++++ lib-src/vcdiff	2008-04-09 08:20:36.000000000 +0200
+@@ -79,14 +79,14 @@
+ 	case $f in
+ 	s.* | */s.*)
+ 		if
+-			rev1=/tmp/geta$$
++			rev1=`mktemp /tmp/geta.XXXXXXXX`
+ 			get -s -p -k $sid1 "$f" > $rev1 &&
+ 			case $sid2 in
+ 			'')
+ 				workfile=`expr " /$f" : '.*/s.\(.*\)'`
+ 				;;
+ 			*)
+-				rev2=/tmp/getb$$
++				rev2=`mktemp /tmp/getb.XXXXXXXX`
+ 				get -s -p -k $sid2 "$f" > $rev2
+ 				workfile=$rev2
+ 			esac

More information about the arch-commits mailing list