gtk-32: 2.24.29 -> 2.24.30

4 files changed, 45 insertions, 10 deletions

diff --git a/gtk-32/.footprint b/gtk-32/.footprint
index 558ab6bb..b8f413aa 100644
--- a/gtk-32/.footprint
+++ b/gtk-32/.footprint
@@ -47,13 +47,13 @@ lrwxrwxrwx	root/root	usr/lib32/libgailutil.so -> libgailutil.so.18.0.1
 lrwxrwxrwx	root/root	usr/lib32/libgailutil.so.18 -> libgailutil.so.18.0.1
 -rwxr-xr-x	root/root	usr/lib32/libgailutil.so.18.0.1
 -rw-r--r--	root/root	usr/lib32/libgdk-x11-2.0.la
-lrwxrwxrwx	root/root	usr/lib32/libgdk-x11-2.0.so -> libgdk-x11-2.0.so.0.2400.29
-lrwxrwxrwx	root/root	usr/lib32/libgdk-x11-2.0.so.0 -> libgdk-x11-2.0.so.0.2400.29
--rwxr-xr-x	root/root	usr/lib32/libgdk-x11-2.0.so.0.2400.29
+lrwxrwxrwx	root/root	usr/lib32/libgdk-x11-2.0.so -> libgdk-x11-2.0.so.0.2400.30
+lrwxrwxrwx	root/root	usr/lib32/libgdk-x11-2.0.so.0 -> libgdk-x11-2.0.so.0.2400.30
+-rwxr-xr-x	root/root	usr/lib32/libgdk-x11-2.0.so.0.2400.30
 -rw-r--r--	root/root	usr/lib32/libgtk-x11-2.0.la
-lrwxrwxrwx	root/root	usr/lib32/libgtk-x11-2.0.so -> libgtk-x11-2.0.so.0.2400.29
-lrwxrwxrwx	root/root	usr/lib32/libgtk-x11-2.0.so.0 -> libgtk-x11-2.0.so.0.2400.29
--rwxr-xr-x	root/root	usr/lib32/libgtk-x11-2.0.so.0.2400.29
+lrwxrwxrwx	root/root	usr/lib32/libgtk-x11-2.0.so -> libgtk-x11-2.0.so.0.2400.30
+lrwxrwxrwx	root/root	usr/lib32/libgtk-x11-2.0.so.0 -> libgtk-x11-2.0.so.0.2400.30
+-rwxr-xr-x	root/root	usr/lib32/libgtk-x11-2.0.so.0.2400.30
 drwxr-xr-x	root/root	usr/lib32/pkgconfig/
 -rw-r--r--	root/root	usr/lib32/pkgconfig/gail.pc
 -rw-r--r--	root/root	usr/lib32/pkgconfig/gdk-2.0.pc
diff --git a/gtk-32/.md5sum b/gtk-32/.md5sum
index 31ea9ce4..d88fc3a0 100644
--- a/gtk-32/.md5sum
+++ b/gtk-32/.md5sum
@@ -1 +1,2 @@
-1b7a3689f65617387b5b54520f4439e8  gtk+-2.24.29.tar.xz
+26c6e8f072ff456f5a1bedb47f4bb760  CVE-2013-7447.patch
+04568ba5c58b75e3c7543e45628ad789  gtk+-2.24.30.tar.xz
diff --git a/gtk-32/CVE-2013-7447.patch b/gtk-32/CVE-2013-7447.patch
new file mode 100644
index 00000000..04656ac2
--- /dev/null
+++ b/gtk-32/CVE-2013-7447.patch
@@ -0,0 +1,32 @@
+From 407c89863d08780861d120f8ccfc8e13582a2fda Mon Sep 17 00:00:00 2001
+From: Matthias Clasen <mclasen@redhat.com>
+Date: Sat, 29 Jun 2013 22:06:54 -0400
+Subject: Avoid integer overflow
+
+Use g_malloc_n in gdk_cairo_set_source_pixbuf when allocating
+a large block of memory, to avoid integer overflow.
+
+Pointed out by Bert Massop in
+https://bugzilla.gnome.org/show_bug.cgi?id=703220
+
+(cherry picked from commit 894b1ae76a32720f4bb3d39cf460402e3ce331d6)
+---
+ gdk/gdkcairo.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gdk/gdkcairo.c b/gdk/gdkcairo.c
+index a3baa54..3fdb570 100644
+--- a/gdk/gdkcairo.c
++++ b/gdk/gdkcairo.c
+@@ -211,7 +211,7 @@ gdk_cairo_set_source_pixbuf (cairo_t         *cr,
+     format = CAIRO_FORMAT_ARGB32;
+ 
+   cairo_stride = cairo_format_stride_for_width (format, width);
+-  cairo_pixels = g_malloc (height * cairo_stride);
++  cairo_pixels = g_malloc_n (height, cairo_stride);
+   surface = cairo_image_surface_create_for_data ((unsigned char *)cairo_pixels,
+                                                  format,
+                                                  width, height, cairo_stride);
+-- 
+cgit v0.12
+
diff --git a/gtk-32/Pkgfile b/gtk-32/Pkgfile
index d0b1936c..47606818 100644
--- a/gtk-32/Pkgfile
+++ b/gtk-32/Pkgfile
@@ -4,16 +4,18 @@
 # Depends on: atk-32 gdk-pixbuf-32 pango-32 xorg-libsm-32 xorg-libxcursor-32 xorg-libxinerama-32 xorg-libxrandr-32 xorg-libxcomposite-32 gtk
 
 name=gtk-32
-version=2.24.29
+version=2.24.30
 release=1
-source=(http://download.gnome.org/sources/gtk+/${version%.*}/gtk+-$version.tar.xz)
+source=(http://download.gnome.org/sources/gtk+/${version%.*}/gtk+-$version.tar.xz
+	CVE-2013-7447.patch)
 
 build() {
 	cd gtk+-$version
 
+	patch -p1 -i $SRC/CVE-2013-7447.patch
+
 	./configure \
 		--prefix=/usr \
-		--mandir=/usr/man \
 		--libdir=/usr/lib32 \
 		--disable-cups