From ef039a84dfd7c5de2f77e47f135948119e8ef161 Mon Sep 17 00:00:00 2001
From: rhatto <rhatto@370017ae-e619-0410-ac65-c121f96126d4>
Date: Sat, 25 Apr 2009 16:31:45 +0000
Subject: imlib2: adding fix for CVE-2008-5187

git-svn-id: svn+slack://slack.fluxo.info/var/svn/slackbuilds@2156 370017ae-e619-0410-ac65-c121f96126d4
---
 media/libs/imlib2/Manifest          |  24 +++++++++
 media/libs/imlib2/imlib2-1.4.2.diff |  12 +++++
 media/libs/imlib2/imlib2.SlackBuild | 105 ++++++++++++++++++++++++++++++++++--
 3 files changed, 136 insertions(+), 5 deletions(-)
 create mode 100644 media/libs/imlib2/Manifest
 create mode 100644 media/libs/imlib2/imlib2-1.4.2.diff

(limited to 'media')

diff --git a/media/libs/imlib2/Manifest b/media/libs/imlib2/Manifest
new file mode 100644
index 00000000..1a93d472
--- /dev/null
+++ b/media/libs/imlib2/Manifest
@@ -0,0 +1,24 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+DIST imlib2-1.4.2.tar.gz 932684 MD5 0c866a7e696ad5ac58bc9312149f15f0 RMD160 9b1f40ee392c1e27c6a75bbf7e8c7fb379e74695 SHA1 769ea1da26774cd7531d1d66432cf8d7d7b30c2b SHA256 9099c7c33e4150ba6b43d12d1fbe2b7479cfe30285af49a531337c18c088110a SHA512 d2db1f5efef58c1705cb7088b22323d29996229a2964655723f0e3812df08645b1c18b543bce774b990e2c3db32ff23b709059a1d8e941c0f7f45f1602661596
+MKBUILD imlib2.mkbuild 4247 MD5 eb648f4297abe4bd646cecacc0da1649 RMD160 1398c9e162596d150cfa9ee7bc548ed51beff9e1 SHA1 97c45c262f34116cb99fa1cbb903fbe4d2a5e440 SHA256 1d6ec014cdc5f46037301c70295acb659712937f365dec4b762ad2f045094ae0 SHA512 5824599437f036987fe1bbf9392d137f176df43582620449190c2b36e68c8cc29263a2dcfa05928d1b294c18d0f89c5411ea8a3d1227906868a6ef36825f277d
+PATCH imlib2-1.4.2.diff 647 MD5 97523ae37781df933e293ad1838e736e RMD160 aaddd99a4d8c208c540078d030ac24384d86dce5 SHA1 f98dde66eb1effee3a51d58741fde01748a7ff99 SHA256 403e83bbd29a9a8e37b6a24916ab7f56ad03cf115106ae62a2390e78ce48af15 SHA512 f4a3d26b0a660c736c96ef7f9d16685e794ff542944d00c5f13023724ce7034b1fb5a320b05efe419fdff3655445d9d8570d6c9dd34b824714066e4c62677f40
+SLACKBUILD imlib2.SlackBuild 7960 MD5 ddae0e3dc08b5056533e5deb968a4ceb RMD160 c525c2c3afed5b111d06a500efbc962a436f7959 SHA1 d02680646801cdf413d50e21dd1556f14ed5f211 SHA256 94bad8140f0a98d18e1cd60696d23c3d328de4bde8624706e8fdc263687d6e3a SHA512 1e3500519811f733406eba0ea8f98e9aee887d3450afe72fff655b31804e019985d1c4c6606fe28b808817797df32e97453d558aa3fe54d17abc7460818d858c
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (GNU/Linux)
+
+iQIcBAEBAgAGBQJJ8zvDAAoJEEHL93ESzgeizMoP/i3N7PGL5yj8Ca4NeXaiMLz6
+2CkP3iSenr7Zg+Eem/uapYR9hmDmXovsCLtQqzGKGPlVuLnLdcYKcKADmBINF1Pe
+LjR5Wo03NS+pc0cvqrHkLT0u4bH7mKTsPxqnwDhQ+ocx6yU9ehVktsRN4px+ldRv
+Mso1hXTTy2NRadn5eNq42UPvChRGmIUWzSjMqBarT7No1f6Pu/z8/aokCo+MlFm5
+0PzvWYAX09tPT07wRZZyzOSJVAYnl1/Q1OLHjgZNR8k05mc7RNWgBTtxTkj90isa
+LfOQ7M3K7SA7ORp8C1bf4h3dLCIpKR81At71NqtRMi4R7yqOZFuIk6yH1rOBS7rW
+RM615QtcrnYPiztj356VNuhE+oCX1MQabICIFmll2Ha8Ks+bikefClxgE41D2WXJ
+GW5TNHn+MvwmcAHvuwx5Evpo41IF6//brbGF9YNHGjGCRzdYjD4PkK/7VLY+4blp
+Ll/Z0q6XydScTa8teIiWvDr1fHlQJfIaUFFUcMgq19TF5J0MiGplsMGuhetVYswB
+GQdMxQB/+mDKBQTR9ar0zNYEmzz6wSG9rNmI2EDjgnRhZypnRNVuPik+0K2oI6lf
+05XNOO8UOOViTijVML+L9b4vxZNc4nrcjUnEroE+ACPNJgW/hq5M7UcY0fE3Ete5
+obGC80bHIgxmot/+qe+X
+=yGO2
+-----END PGP SIGNATURE-----
diff --git a/media/libs/imlib2/imlib2-1.4.2.diff b/media/libs/imlib2/imlib2-1.4.2.diff
new file mode 100644
index 00000000..30523efb
--- /dev/null
+++ b/media/libs/imlib2/imlib2-1.4.2.diff
@@ -0,0 +1,12 @@
+diff -Naur imlib2-1.4.2.orig/src/modules/loaders/loader_xpm.c imlib2-1.4.2/src/modules/loaders/loader_xpm.c
+--- imlib2-1.4.2.orig/src/modules/loaders/loader_xpm.c	2008-10-21 00:32:51.000000000 -0200
++++ imlib2-1.4.2/src/modules/loaders/loader_xpm.c	2009-04-25 13:31:35.000000000 -0300
+@@ -253,7 +253,7 @@
+                                  return 0;
+                               }
+                             ptr = im->data;
+-                            end = ptr + (sizeof(DATA32) * w * h);
++                            end = ptr + (pixels);
+                             pixels = w * h;
+                          }
+                        else
diff --git a/media/libs/imlib2/imlib2.SlackBuild b/media/libs/imlib2/imlib2.SlackBuild
index 0806c7db..cb9ffc6a 100755
--- a/media/libs/imlib2/imlib2.SlackBuild
+++ b/media/libs/imlib2/imlib2.SlackBuild
@@ -17,6 +17,7 @@
 # slackbuild for imlib2, by Alexandre Vieira de Souza
 # requires:  
 # tested: imlib2-1.4.2
+# model: generic.mkSlackBuild $Rev: 805 $
 #
 
 # Look for slackbuildrc
@@ -33,11 +34,12 @@ PKG_NAME="imlib2"
 ARCH=${ARCH:=i486}
 SRC_VERSION=${VERSION:=1.4.2}
 PKG_VERSION="$(echo "$SRC_VERSION" | tr '[[:blank:]-]' '_')"
-BUILD=${BUILD:=1avs}
+BUILD=${BUILD:=2avs}
 SRC_DIR=${SRC_DIR:=$CWD}/$PKG_NAME
 TMP=${TMP:=/tmp}
 PKG=${PKG:=$TMP/package-$PKG_NAME}
 REPOS=${REPOS:=$TMP}
+SLACKBUILD_PATH=${SLACKBUILD_PATH:="media/libs/imlib2"}
 PREFIX=${PREFIX:=/usr}
 PKG_WORK="$TMP/$SRC_NAME"
 CONF_OPTIONS=${CONF_OPTIONS:=""}
@@ -47,9 +49,9 @@ NUMJOBS=${NUMJOBS:="-j4"}
 LIBDIR="$PREFIX/lib"
 
 if [ "$ARCH" = "i386" ]; then
-  SLKCFLAGS="-O2 -march=i386 -mcpu=i686"
+  SLKCFLAGS="-O2 -march=i386 -mtune=i686"
 elif [ "$ARCH" = "i486" ]; then
-  SLKCFLAGS="-O2 -march=i486 -mcpu=i686"
+  SLKCFLAGS="-O2 -march=i486 -mtune=i686"
 elif [ "$ARCH" = "i686" ]; then
   SLKCFLAGS="-O2 -march=i686"
 elif [ "$ARCH" = "s390" ]; then
@@ -65,6 +67,7 @@ ERROR_WGET=31;      ERROR_MAKE=32;      ERROR_INSTALL=33
 ERROR_MD5=34;       ERROR_CONF=35;      ERROR_HELP=36
 ERROR_TAR=37;       ERROR_MKPKG=38;     ERROR_GPG=39
 ERROR_PATCH=40;     ERROR_VCS=41;       ERROR_MKDIR=42
+ERROR_MANIFEST=43;
 
 # Clean up any leftovers of previous builds
 rm -rf "$PKG_WORK" 2> /dev/null
@@ -84,12 +87,103 @@ if [ ! -s "$SRC_DIR/$SRC" ] || ! gunzip -t "$SRC_DIR/$SRC" 2> /dev/null; then
   wget "$URL" -O "$SRC_DIR/$SRC" || exit $ERROR_WGET
 fi
 
+# Check Manifest file
+if [ -e "$CWD/Manifest" ]; then
+
+  # Manifest signature checking
+  if grep -q -- "-----BEGIN PGP SIGNED MESSAGE-----" $CWD/Manifest; then
+    echo "Checking Manifest signature..."
+    gpg --verify $CWD/Manifest
+    if [ "$?" != "0" ]; then
+      exit $ERROR_MANIFEST
+    fi
+  fi
+
+  MANIFEST_LINES="`grep -E -v "^(MKBUILD|SLACKBUILD)" $CWD/Manifest | wc -l`"
+
+  for ((MANIFEST_COUNT=1; MANIFEST_COUNT <= $MANIFEST_LINES; MANIFEST_COUNT++)); do
+
+    MANIFEST_LINE="`grep -E -v "^(MKBUILD|SLACKBUILD)" $CWD/Manifest | head -n $MANIFEST_COUNT | tail -n 1`"
+    MANIFEST_FILE="`echo $MANIFEST_LINE | awk '{ print $2 }'`"
+    MANIFEST_FILE_TYPE="`echo $MANIFEST_LINE | awk '{ print $1 }'`"
+
+    if [ -e "$SRC_DIR/$MANIFEST_FILE" ]; then
+      MANIFEST_FILE="$SRC_DIR/$MANIFEST_FILE"
+    else
+      MANIFEST_FILE="`find $CWD -name $MANIFEST_FILE`"
+    fi
+
+    if [ ! -e "$MANIFEST_FILE" ] || [ -d "$MANIFEST_FILE" ]; then
+      continue
+    fi
+
+    echo "Checking Manifest for $MANIFEST_FILE_TYPE $MANIFEST_FILE integrity..."
+
+    SIZE_SRC="`wc -c $MANIFEST_FILE | awk '{ print $1 }'`"
+    SIZE_MANIFEST="`echo $MANIFEST_LINE | awk '{ print $3 }'`"
+
+    # Check source code size
+    if [ "$SIZE_SRC" != "$SIZE_MANIFEST" ]; then
+      echo "SIZE Manifest: $SIZE_MANIFEST; SIZE $SRC: $SIZE_SRC"
+      exit $ERROR_MANIFEST
+    else
+      echo "Size match."
+    fi
+
+    # Check source code integrity
+    for ALGO in md5 rmd160 sha1 sha256 sha512; do
+      if [ $ALGO = "rmd160" ]; then
+        ALGO_SRC="`openssl rmd160 $MANIFEST_FILE | awk '{ print $2 }'`"
+      else
+        ALGO_SRC="`"$ALGO"sum $MANIFEST_FILE | awk '{ print $1 }'`"
+      fi
+      ALGO="`echo $ALGO | tr '[:lower:]' '[:upper:]'`"
+      ALGO_MANIFEST=$(echo $MANIFEST_LINE | sed "s/.* $ALGO //" | awk '{ print $1 }')
+      if [ "$ALGO_SRC" != "$ALGO_MANIFEST" ]; then
+        echo "$ALGO Manifest: $ALGO_MANIFEST; $ALGO $SRC: $ALGO_SRC"
+        exit $ERROR_MANIFEST
+      else
+        echo "$ALGO match."
+      fi
+    done
+
+  done
+
+else
+  exit $ERROR_MANIFEST
+fi
+
 # Untar
 cd "$PKG_WORK"
 tar --no-same-owner --no-same-permissions -xvf "$SRC_DIR/$SRC" || exit $ERROR_TAR
 PKG_SRC="$PWD/`ls -l | awk '/^d/ { print $NF }'`"
 cd "$PKG_SRC"
 
+# Patch source
+patches=" [[PATCH URLS]]
+         $PKG_NAME.diff $PKG_NAME-$PKG_VERSION.diff
+         $PKG_NAME-$PKG_VERSION-$ARCH.diff $PKG_NAME-$ARCH.diff"
+for patch in $patches; do
+  patch="`basename $patch`"
+  if [ -f "$CWD/$patch" ]; then
+    patch -Np1 < "$CWD/$patch" || exit $ERROR_PATCH
+  elif [ -f "$CWD/patches/$patch" ]; then
+    patch -Np1 < "$CWD/patches/$patch" || exit $ERROR_PATCH
+  elif [ -f "$CWD/$patch.gz" ]; then
+    gzip -dc "$CWD/$patch.gz" | patch -Np1 || exit $ERROR_PATCH
+  elif [ -f "$CWD/patches/$patch.gz" ]; then
+    gzip -dc "$CWD/patches/$patch.gz" | patch -Np1 || exit $ERROR_PATCH
+  elif [ -f "$SRC_DIR/$patch" ]; then
+    if [ "`basename $patch .gz`" != "$patch" ]; then
+      gzip -dc $SRC_DIR/$patch | patch -Np1 || exit $ERROR_PATCH
+    elif [ "`basename $patch .bz2`" != "$patch" ]; then
+      bzip2 -dc $SRC_DIR/$patch | patch -Np1 || exit $ERROR_PATCH
+    else
+      patch -Np1 < "$SRC_DIR/$patch" || exit $ERROR_PATCH
+    fi
+  fi
+done
+
 # Configure
 CFLAGS="$SLKCFLAGS" \
   CXXFLAGS="$SLKCFLAGS" \
@@ -145,9 +239,10 @@ EODESC
 
 # Build the package
 cd "$PKG"
-makepkg -l y -c n "$REPOS/$PKG_NAME-$PKG_VERSION-$ARCH-$BUILD.tgz" || exit $ERROR_MKPKG
+mkdir -p $REPOS/$SLACKBUILD_PATH
+makepkg -l y -c n "$REPOS/$SLACKBUILD_PATH/$PKG_NAME-$PKG_VERSION-$ARCH-$BUILD.tgz" || exit $ERROR_MKPKG
 
 # Delete source and build directories if requested
-if [ "$CLEANUP" == "yes" ]; then
+if [ "$CLEANUP" == "yes" ] || [ "$1" = "--cleanup" ]; then
   rm -rf "$PKG_WORK" "$PKG"
 fi
-- 
cgit v1.2.3