summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/gimp.scm36
-rw-r--r--gnu/packages/patches/gegl-CVE-2012-4433.patch117
3 files changed, 9 insertions, 145 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index a9a7e69aea..c7faab466a 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -697,7 +697,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/gd-CVE-2018-5711.patch			\
   %D%/packages/patches/gd-fix-tests-on-i686.patch		\
   %D%/packages/patches/gd-freetype-test-failure.patch		\
-  %D%/packages/patches/gegl-CVE-2012-4433.patch			\
   %D%/packages/patches/gemma-intel-compat.patch			\
   %D%/packages/patches/geoclue-config.patch			\
   %D%/packages/patches/ghc-8.0-fall-back-to-madv_dontneed.patch \
diff --git a/gnu/packages/gimp.scm b/gnu/packages/gimp.scm
index 0f27ceb44e..64fe04b4f9 100644
--- a/gnu/packages/gimp.scm
+++ b/gnu/packages/gimp.scm
@@ -77,43 +77,25 @@ provided, as well as a framework to add new color models and data types.")
 (define-public gegl
   (package
     (name "gegl")
-    (version "0.2.0")
+    (version "0.4.0")
     (source (origin
               (method url-fetch)
-              (uri (list (string-append "http://download.gimp.org/pub/gegl/"
+              (uri (list (string-append "https://download.gimp.org/pub/gegl/"
                                         (string-take version 3)
                                         "/" name "-" version ".tar.bz2")))
               (sha256
                (base32
-                "09nlv06li9nrn74ifpm7223mxpg0s7cii702z72cpbwrjh6nlbnz"))
-              (patches (search-patches "gegl-CVE-2012-4433.patch"))))
+                "1ighk4z8nlqrzyj8w97s140hzj59564l3xv6fpzbr97m1zx2nkfh"))))
     (build-system gnu-build-system)
     (arguments
-     '(;; More than just the one test disabled below now fails; disable them
-       ;; all according to the rationale given below.
-       #:tests? #f
-       #:configure-flags '("LDFLAGS=-lm")
-       #:phases
-       (modify-phases %standard-phases
-         (add-before 'build 'pre-build
-           (lambda _
-             ;; This test program seems to crash on exit. Specifically, whilst
-             ;; g_object_unreffing bufferA and bufferB - This seems to be a bug
-             ;; in the destructor.  This is just a test program so will not have
-             ;; any wider effect, although might be hiding another problem.
-             ;; According to advice received on irc.gimp.org#gegl although 0.2.0
-             ;; is the latest released version, any bug reports against it will
-             ;; be ignored.  So we are on our own.
-             (substitute* "tools/img_cmp.c"
-               (("g_object_unref \\(buffer.\\);") ""))
-
-             (substitute* "tests/compositions/Makefile"
-               (("/bin/sh") (which "sh")))
-             #t)))))
-    (inputs
+     '(#:configure-flags '("LDFLAGS=-lm")))
+    ;; These are propagated to satisfy 'gegl-0.4.pc'.
+    (propagated-inputs
      `(("babl" ,babl)
        ("glib" ,glib)
-       ("cairo" ,cairo)
+       ("json-glib" ,json-glib)))
+    (inputs
+     `(("cairo" ,cairo)
        ("pango" ,pango)
        ("libpng" ,libpng)
        ("libjpeg" ,libjpeg-8)))
diff --git a/gnu/packages/patches/gegl-CVE-2012-4433.patch b/gnu/packages/patches/gegl-CVE-2012-4433.patch
deleted file mode 100644
index 7352b78dba..0000000000
--- a/gnu/packages/patches/gegl-CVE-2012-4433.patch
+++ /dev/null
@@ -1,117 +0,0 @@
-From: Michael Gilbert <mgilbert@debian.org>
-Date: Mon, 9 Sep 2013 17:34:32 +0200
-Subject: Fix_CVE-2012-4433
-
-Multiple buffer overflow issues.
-
-Closes: #692435
----
- operations/external/ppm-load.c | 62 ++++++++++++++++++++++++++++++++++++------
- 1 file changed, 53 insertions(+), 9 deletions(-)
-
-diff --git a/operations/external/ppm-load.c b/operations/external/ppm-load.c
-index efe6d56..465096d 100644
---- a/operations/external/ppm-load.c
-+++ b/operations/external/ppm-load.c
-@@ -36,6 +36,7 @@ gegl_chant_file_path (path, _("File"), "", _("Path of file to load."))
- #include "gegl-chant.h"
- #include <stdio.h>
- #include <stdlib.h>
-+#include <errno.h>
- 
- typedef enum {
-   PIXMAP_ASCII  = 51,
-@@ -44,8 +45,8 @@ typedef enum {
- 
- typedef struct {
- 	map_type   type;
--	gint       width;
--	gint       height;
-+	glong      width;
-+	glong      height;
-         gsize      numsamples; /* width * height * channels */
-         gsize      bpc;        /* bytes per channel */
- 	guchar    *data;
-@@ -82,12 +83,33 @@ ppm_load_read_header(FILE       *fp,
-       }
- 
-     /* Get Width and Height */
--    img->width  = strtol (header,&ptr,0);
--    img->height = atoi (ptr);
--    img->numsamples = img->width * img->height * CHANNEL_COUNT;
-+    errno = 0;
-+    img->width  = strtol (header,&ptr,10);
-+    if (errno)
-+      {
-+        g_warning ("Error reading width: %s", strerror(errno));
-+        return FALSE;
-+      }
-+    else if (img->width < 0)
-+      {
-+        g_warning ("Error: width is negative");
-+        return FALSE;
-+      }
-+
-+    img->height = strtol (ptr,&ptr,10);
-+    if (errno)
-+      {
-+        g_warning ("Error reading height: %s", strerror(errno));
-+        return FALSE;
-+      }
-+    else if (img->width < 0)
-+      {
-+        g_warning ("Error: height is negative");
-+        return FALSE;
-+      }
- 
-     fgets (header,MAX_CHARS_IN_ROW,fp);
--    maxval = strtol (header,&ptr,0);
-+    maxval = strtol (header,&ptr,10);
- 
-     if ((maxval != 255) && (maxval != 65535))
-       {
-@@ -109,6 +131,16 @@ ppm_load_read_header(FILE       *fp,
-       g_warning ("%s: Programmer stupidity error", G_STRLOC);
-     }
- 
-+    /* Later on, img->numsamples is multiplied with img->bpc to allocate
-+     * memory. Ensure it doesn't overflow. */
-+    if (!img->width || !img->height ||
-+        G_MAXSIZE / img->width / img->height / CHANNEL_COUNT < img->bpc)
-+      {
-+        g_warning ("Illegal width/height: %ld/%ld", img->width, img->height);
-+        return FALSE;
-+      }
-+    img->numsamples = img->width * img->height * CHANNEL_COUNT;
-+
-     return TRUE;
- }
- 
-@@ -229,12 +261,24 @@ process (GeglOperation       *operation,
-   if (!ppm_load_read_header (fp, &img))
-     goto out;
- 
--  rect.height = img.height;
--  rect.width = img.width;
--
-   /* Allocating Array Size */
-+
-+  /* Should use g_try_malloc(), but this causes crashes elsewhere because the
-+   * error signalled by returning FALSE isn't properly acted upon. Therefore
-+   * g_malloc() is used here which aborts if the requested memory size can't be
-+   * allocated causing a controlled crash. */
-   img.data = (guchar*) g_malloc (img.numsamples * img.bpc);
- 
-+  /* No-op without g_try_malloc(), see above. */
-+  if (! img.data)
-+    {
-+      g_warning ("Couldn't allocate %" G_GSIZE_FORMAT " bytes, giving up.", ((gsize)img.numsamples * img.bpc));
-+      goto out;
-+    }
-+
-+  rect.height = img.height;
-+  rect.width = img.width;
-+
-   switch (img.bpc)
-     {
-     case 1: