gtk: updated to 2.24.30. Added patch for CVE-2013-7447

gtk/.footprint

@@ -325,13 +325,13 @@ lrwxrwxrwx	root/root	usr/lib/libgailutil.so -> libgailutil.so.18.0.1
 lrwxrwxrwx	root/root	usr/lib/libgailutil.so.18 -> libgailutil.so.18.0.1
 -rwxr-xr-x	root/root	usr/lib/libgailutil.so.18.0.1
 -rw-r--r--	root/root	usr/lib/libgdk-x11-2.0.la
-lrwxrwxrwx	root/root	usr/lib/libgdk-x11-2.0.so -> libgdk-x11-2.0.so.0.2400.29
-lrwxrwxrwx	root/root	usr/lib/libgdk-x11-2.0.so.0 -> libgdk-x11-2.0.so.0.2400.29
--rwxr-xr-x	root/root	usr/lib/libgdk-x11-2.0.so.0.2400.29
+lrwxrwxrwx	root/root	usr/lib/libgdk-x11-2.0.so -> libgdk-x11-2.0.so.0.2400.30
+lrwxrwxrwx	root/root	usr/lib/libgdk-x11-2.0.so.0 -> libgdk-x11-2.0.so.0.2400.30
+-rwxr-xr-x	root/root	usr/lib/libgdk-x11-2.0.so.0.2400.30
 -rw-r--r--	root/root	usr/lib/libgtk-x11-2.0.la
-lrwxrwxrwx	root/root	usr/lib/libgtk-x11-2.0.so -> libgtk-x11-2.0.so.0.2400.29
-lrwxrwxrwx	root/root	usr/lib/libgtk-x11-2.0.so.0 -> libgtk-x11-2.0.so.0.2400.29
--rwxr-xr-x	root/root	usr/lib/libgtk-x11-2.0.so.0.2400.29
+lrwxrwxrwx	root/root	usr/lib/libgtk-x11-2.0.so -> libgtk-x11-2.0.so.0.2400.30
+lrwxrwxrwx	root/root	usr/lib/libgtk-x11-2.0.so.0 -> libgtk-x11-2.0.so.0.2400.30
+-rwxr-xr-x	root/root	usr/lib/libgtk-x11-2.0.so.0.2400.30
 drwxr-xr-x	root/root	usr/lib/pkgconfig/
 -rw-r--r--	root/root	usr/lib/pkgconfig/gail.pc
 -rw-r--r--	root/root	usr/lib/pkgconfig/gdk-2.0.pc

gtk/.md5sum

@@ -1,3 +1,4 @@
-1b7a3689f65617387b5b54520f4439e8  gtk+-2.24.29.tar.xz
+26c6e8f072ff456f5a1bedb47f4bb760  CVE-2013-7447.patch
+04568ba5c58b75e3c7543e45628ad789  gtk+-2.24.30.tar.xz
 943d209df9d2cbdde16263b7bbfd4c10  gtk-register.sh
 981cbb7e87666badc4798ceaf62c7f72  gtk.immodules

gtk/CVE-2013-7447.patch

@@ -0,0 +1,32 @@
+From 407c89863d08780861d120f8ccfc8e13582a2fda Mon Sep 17 00:00:00 2001
+From: Matthias Clasen <mclasen@redhat.com>
+Date: Sat, 29 Jun 2013 22:06:54 -0400
+Subject: Avoid integer overflow
+
+Use g_malloc_n in gdk_cairo_set_source_pixbuf when allocating
+a large block of memory, to avoid integer overflow.
+
+Pointed out by Bert Massop in
+https://bugzilla.gnome.org/show_bug.cgi?id=703220
+
+(cherry picked from commit 894b1ae76a32720f4bb3d39cf460402e3ce331d6)
+---
+ gdk/gdkcairo.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gdk/gdkcairo.c b/gdk/gdkcairo.c
+index a3baa54..3fdb570 100644
+--- a/gdk/gdkcairo.c
++++ b/gdk/gdkcairo.c
+@@ -211,7 +211,7 @@ gdk_cairo_set_source_pixbuf (cairo_t         *cr,
+     format = CAIRO_FORMAT_ARGB32;
+ 
+   cairo_stride = cairo_format_stride_for_width (format, width);
+-  cairo_pixels = g_malloc (height * cairo_stride);
++  cairo_pixels = g_malloc_n (height, cairo_stride);
+   surface = cairo_image_surface_create_for_data ((unsigned char *)cairo_pixels,
+                                                  format,
+                                                  width, height, cairo_stride);
+-- 
+cgit v0.12
+

gtk/Pkgfile

@@ -4,20 +4,21 @@
 # Depends on: atk, hicolor-icon-theme, gdk-pixbuf, pango, xorg-libsm, xorg-libxcursor, xorg-libxinerama, xorg-libxrandr, xorg-libxcomposite
 
 name=gtk
-version=2.24.29
+version=2.24.30
 release=1
 source=(http://download.gnome.org/sources/gtk+/2.24/${name}+-$version.tar.xz \
-        gtk.immodules gtk-register.sh)
+	CVE-2013-7447.patch gtk.immodules gtk-register.sh)
 
 build () {
-    cd gtk+-$version
+	cd gtk+-$version
+	patch -p1 -i $SRC/CVE-2013-7447.patch
 
-    ./configure --prefix=/usr
-    make
-    make DESTDIR=$PKG install
-    mkdir -p $PKG/usr/etc/gtk-2.0
-    install -m 644 $SRC/gtk.immodules $PKG/usr/etc/gtk-2.0/
-    rm -r $PKG/usr/share/{locale,gtk-doc,gtk-2.0} $PKG/usr/bin/gtk-demo
+	./configure --prefix=/usr
+	make
+	make DESTDIR=$PKG install
+	mkdir -p $PKG/usr/etc/gtk-2.0
+	install -m 644 $SRC/gtk.immodules $PKG/usr/etc/gtk-2.0/
+	rm -r $PKG/usr/share/{locale,gtk-doc,gtk-2.0} $PKG/usr/bin/gtk-demo
 
-    install -m 0755 $SRC/gtk-register.sh $PKG/usr/bin/gtk-register
+	install -m 0755 $SRC/gtk-register.sh $PKG/usr/bin/gtk-register
 }