x11-libs/gdk-pixbuf: bump to 2.32.1, fixes heap overflows

Fixes multiple heap overflows (CVE-2015-7673, CVE-2015-7674).
Drops support for wbmp, ras, pcx formats.
Fixes support for icns and 256x256 ico formats.

Gentoo-Bug: 562878, 562880
Reported-by: Agostino Sarubbo

3 files changed, 211 insertions, 0 deletions

diff --git a/x11-libs/gdk-pixbuf/Manifest b/x11-libs/gdk-pixbuf/Manifest
index 3bbc8ef7816b..a6dadd3c99c4 100644
--- a/x11-libs/gdk-pixbuf/Manifest
+++ b/x11-libs/gdk-pixbuf/Manifest
@@ -1 +1,2 @@
 DIST gdk-pixbuf-2.30.8.tar.xz 1336788 SHA256 4853830616113db4435837992c0aebd94cbb993c44dc55063cee7f72a7bef8be SHA512 2888cf035b70330e8d3ac87af54b69b2c990440fd59922464088d2a685e90022ad39c83d1ce1ccccfac3872b55ce9445ec4a3e9c7ab6371e20b19e20df7f261d WHIRLPOOL e7f69807ed629c5703750a91cc7a95ee2b3aa178a74c9197c20f863648436a023d140cf1274ba38369e8da3d77216bb1fcc66bae5b612ee8ee33ee4b42e11d65
+DIST gdk-pixbuf-2.32.1.tar.xz 2427908 SHA256 4432b74f25538c7d6bcb3ca51adabdd666168955f25812a2568dc9637697f3bc SHA512 4c744f166e86c17cafebe0db9434794666b64850a60597e34675cf9b902e48e89c3ff45032a10899944ae59b6c0db63c1ff33c4d2c50846393e77bad3a3adec2 WHIRLPOOL 566b73752c1e478fdf7011c3d2222ea39eb13052741c70a0dffd6a0800e892e951207856b90e0d20c352981565682dec28c51fc4951f2236767e97c838d239a2
diff --git a/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.32.1-gint64-shift-overflow.patch b/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.32.1-gint64-shift-overflow.patch
new file mode 100644
index 000000000000..273956ea402e
--- /dev/null
+++ b/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.32.1-gint64-shift-overflow.patch
@@ -0,0 +1,81 @@
+From 2fb6bce8b3fdae67b8cdd93f253dad3743fc01b8 Mon Sep 17 00:00:00 2001
+From: Mike Gorse <mgorse@suse.com>
+Date: Tue, 6 Oct 2015 11:46:24 -0500
+Subject: [PATCH] pixops: use gint64 in more places to avoid overflow when
+ shifting
+
+---
+ gdk-pixbuf/pixops/pixops.c | 34 +++++++++++++++++-----------------
+ 1 file changed, 17 insertions(+), 17 deletions(-)
+
+diff --git a/gdk-pixbuf/pixops/pixops.c b/gdk-pixbuf/pixops/pixops.c
+index b0abecd..6a4a096 100644
+--- a/gdk-pixbuf/pixops/pixops.c
++++ b/gdk-pixbuf/pixops/pixops.c
+@@ -354,11 +354,11 @@ pixops_composite_nearest (guchar        *dest_buf,
+ 			  double         scale_y,
+ 			  int            overall_alpha)
+ {
+-  int i;
+-  int x;
+-  int x_step = (1 << SCALE_SHIFT) / scale_x;
+-  int y_step = (1 << SCALE_SHIFT) / scale_y;
+-  int xmax, xstart, xstop, x_pos, y_pos;
++  gint64 i;
++  gint64 x;
++  gint64 x_step = (1 << SCALE_SHIFT) / scale_x;
++  gint64 y_step = (1 << SCALE_SHIFT) / scale_y;
++  gint64 xmax, xstart, xstop, x_pos, y_pos;
+   const guchar *p;
+   unsigned int  a0;
+ 
+@@ -524,13 +524,13 @@ pixops_composite_color_nearest (guchar        *dest_buf,
+ 				guint32        color1,
+ 				guint32        color2)
+ {
+-  int i, j;
+-  int x;
+-  int x_step = (1 << SCALE_SHIFT) / scale_x;
+-  int y_step = (1 << SCALE_SHIFT) / scale_y;
++  gint64 i, j;
++  gint64 x;
++  gint64 x_step = (1 << SCALE_SHIFT) / scale_x;
++  gint64 y_step = (1 << SCALE_SHIFT) / scale_y;
+   int r1, g1, b1, r2, g2, b2;
+   int check_shift = get_check_shift (check_size);
+-  int xmax, xstart, xstop, x_pos, y_pos;
++  gint64 xmax, xstart, xstop, x_pos, y_pos;
+   const guchar *p;
+   unsigned int  a0;
+ 
+@@ -1338,20 +1338,20 @@ pixops_process (guchar         *dest_buf,
+ 		PixopsLineFunc  line_func,
+ 		PixopsPixelFunc pixel_func)
+ {
+-  int i, j;
+-  int x, y;			/* X and Y position in source (fixed_point) */
++  gint64 i, j;
++  gint64 x, y;			/* X and Y position in source (fixed_point) */
+ 
+   guchar **line_bufs;
+   int *filter_weights;
+ 
+-  int x_step;
+-  int y_step;
++  gint64 x_step;
++  gint64 y_step;
+ 
+   int check_shift;
+-  int scaled_x_offset;
++  gint64 scaled_x_offset;
+ 
+-  int run_end_x;
+-  int run_end_index;
++  gint64 run_end_x;
++  gint64 run_end_index;
+ 
+   x_step = (1 << SCALE_SHIFT) / scale_x; /* X step in source (fixed point) */
+   y_step = (1 << SCALE_SHIFT) / scale_y; /* Y step in source (fixed point) */
+-- 
+2.6.1
+
diff --git a/x11-libs/gdk-pixbuf/gdk-pixbuf-2.32.1.ebuild b/x11-libs/gdk-pixbuf/gdk-pixbuf-2.32.1.ebuild
new file mode 100644
index 000000000000..a0ddb14adbb9
--- /dev/null
+++ b/x11-libs/gdk-pixbuf/gdk-pixbuf-2.32.1.ebuild
@@ -0,0 +1,129 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+GCONF_DEBUG="no"
+GNOME2_LA_PUNT="yes"
+
+inherit eutils flag-o-matic gnome2 multilib libtool multilib-minimal
+
+DESCRIPTION="Image loading library for GTK+"
+HOMEPAGE="http://www.gtk.org/"
+
+LICENSE="LGPL-2+"
+SLOT="2"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-freebsd ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="+X debug +introspection jpeg jpeg2k tiff test"
+
+COMMON_DEPEND="
+	>=dev-libs/glib-2.37.6:2[${MULTILIB_USEDEP}]
+	>=media-libs/libpng-1.4:0=[${MULTILIB_USEDEP}]
+	introspection? ( >=dev-libs/gobject-introspection-0.9.3 )
+	jpeg? ( virtual/jpeg:0=[${MULTILIB_USEDEP}] )
+	jpeg2k? ( media-libs/jasper:=[${MULTILIB_USEDEP}] )
+	tiff? ( >=media-libs/tiff-3.9.2:0=[${MULTILIB_USEDEP}] )
+	X? ( x11-libs/libX11[${MULTILIB_USEDEP}] )
+"
+DEPEND="${COMMON_DEPEND}
+	>=dev-util/gtk-doc-am-1.20
+	>=sys-devel/gettext-0.19
+	virtual/pkgconfig
+"
+# librsvg blocker is for the new pixbuf loader API, you lose icons otherwise
+RDEPEND="${COMMON_DEPEND}
+	!<gnome-base/gail-1000
+	!<gnome-base/librsvg-2.31.0
+	!<x11-libs/gtk+-2.21.3:2
+	!<x11-libs/gtk+-2.90.4:3
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-gtklibs-20131008-r2
+		!app-emulation/emul-linux-x86-gtklibs[-abi_x86_32(-)]
+	)
+"
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/gdk-pixbuf-query-loaders
+)
+
+src_prepare() {
+	# Upstream patches from 2.32.x
+	epatch "${FILESDIR}"/${P}-gint64-shift-overflow.patch
+
+	# ERROR: cve-2015-4491 - missing test plan
+	# FIXME - check if this works in 2.31.7
+	# $sed -e 's/cve-2015-4491$(EXEEXT)//' -i tests/Makefile.in || die
+
+	# This will avoid polluting the pkg-config file with versioned libpng,
+	# which is causing problems with libpng14 -> libpng15 upgrade
+	# See upstream bug #667068
+	# First check that the pattern is present, to catch upstream changes on bumps,
+	# because sed doesn't return failure code if it doesn't do any replacements
+	grep -q  'l in libpng16' configure || die "libpng check order has changed upstream"
+	sed -e 's:l in libpng16:l in libpng libpng16:' -i configure || die
+	[[ ${CHOST} == *-solaris* ]] && append-libs intl
+
+	gnome2_src_prepare
+}
+
+multilib_src_configure() {
+	# png always on to display icons
+	ECONF_SOURCE="${S}" \
+	gnome2_src_configure \
+		$(usex debug --enable-debug=yes "") \
+		$(use_with jpeg libjpeg) \
+		$(use_with jpeg2k libjasper) \
+		$(use_with tiff libtiff) \
+		$(multilib_native_use_enable introspection) \
+		$(use_with X x11) \
+		--with-libpng
+
+	# work-around gtk-doc out-of-source brokedness
+	if multilib_is_native_abi; then
+		ln -s "${S}"/docs/reference/${PN}/html docs/reference/${PN}/html || die
+	fi
+}
+
+multilib_src_install() {
+	# Parallel install fails when no gdk-pixbuf is already installed, bug #481372
+	MAKEOPTS="${MAKEOPTS} -j1" gnome2_src_install
+}
+
+pkg_preinst() {
+	gnome2_pkg_preinst
+
+	multilib_pkg_preinst() {
+		# Make sure loaders.cache belongs to gdk-pixbuf alone
+		local cache="usr/$(get_libdir)/${PN}-2.0/2.10.0/loaders.cache"
+
+		if [[ -e ${EROOT}${cache} ]]; then
+			cp "${EROOT}"${cache} "${ED}"/${cache} || die
+		else
+			touch "${ED}"/${cache} || die
+		fi
+	}
+
+	multilib_foreach_abi multilib_pkg_preinst
+}
+
+pkg_postinst() {
+	# causes segfault if set, see bug 375615
+	unset __GL_NO_DSO_FINALIZER
+
+	multilib_foreach_abi gnome2_pkg_postinst
+
+	# Migration snippet for when this was handled by gtk+
+	if [ -e "${EROOT}"usr/lib/gtk-2.0/2.*/loaders ]; then
+		elog "You need to rebuild ebuilds that installed into" "${EROOT}"usr/lib/gtk-2.0/2.*/loaders
+		elog "to do that you can use qfile from portage-utils:"
+		elog "emerge -va1 \$(qfile -qC ${EPREFIX}/usr/lib/gtk-2.0/2.*/loaders)"
+	fi
+}
+
+pkg_postrm() {
+	gnome2_pkg_postrm
+
+	if [[ -z ${REPLACED_BY_VERSIONS} ]]; then
+		rm -f "${EROOT}"usr/lib*/${PN}-2.0/2.10.0/loaders.cache
+	fi
+}