[gentoo-commits] repo/gentoo:master commit in: media-libs/jbig2dec/, media-libs/jbig2dec/files/ - gentoo-commits

From:	"Andreas Hüttel" <dilfridge@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: media-libs/jbig2dec/, media-libs/jbig2dec/files/
Date:	Tue, 30 May 2017 19:36:18
Message-Id:	`1496172959.93ef99f17ee716bb4e5d10add0b0ab6184c80600.dilfridge@gentoo`

1

commit:     93ef99f17ee716bb4e5d10add0b0ab6184c80600

2

Author:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>

3

AuthorDate: Tue May 30 19:35:59 2017 +0000

4

Commit:     Andreas Hüttel <dilfridge <AT> gentoo <DOT> org>

5

CommitDate: Tue May 30 19:35:59 2017 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=93ef99f1

7

8

media-libs/jbig2dec: Revision bump for bug 620202

9

10

Package-Manager: Portage-2.3.6, Repoman-2.3.2

11

12

 .../files/jbig2dec-0.13-CVE-2017-9216.patch        | 31 ++++++++++++++

13

 media-libs/jbig2dec/jbig2dec-0.13-r2.ebuild        | 49 ++++++++++++++++++++++

14

 2 files changed, 80 insertions(+)

15

16

diff --git a/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-9216.patch b/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-9216.patch

17

new file mode 100644

18

index 00000000000..789ed6c9656

19

--- /dev/null

20

+++ b/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-9216.patch

21

@@ -0,0 +1,31 @@

22

+From 3ebffb1d96ba0cacec23016eccb4047dab365853 Mon Sep 17 00:00:00 2001

23

+From: Shailesh Mistry <shailesh.mistry@××××××××××.uk>

24

+Date: Wed, 24 May 2017 19:29:57 +0100

25

+Subject: [PATCH] Bug 697934: Fix SEGV due to error code being ignored.

26

+

27

+The return code from jbig2_decode_text_region was being ignored so the

28

+code continued to try and parse the invalid file using incomplete/empty

29

+structures.

30

+---

31

+ jbig2dec/jbig2_symbol_dict.c | 4 +++-

32

+ 1 file changed, 3 insertions(+), 1 deletion(-)

33

+

34

+diff --git a/jbig2_symbol_dict.c b/jbig2_symbol_dict.c

35

+index 3cc1731..672425d 100644

36

+--- a/jbig2_symbol_dict.c

37

++++ b/jbig2_symbol_dict.c

38

+@@ -493,8 +493,10 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,

39

+                         }

40

+

41

+                         /* multiple symbols are handled as a text region */

42

+-                        jbig2_decode_text_region(ctx, segment, tparams, (const Jbig2SymbolDict * const *)refagg_dicts,

43

++                        code = jbig2_decode_text_region(ctx, segment, tparams, (const Jbig2SymbolDict * const *)refagg_dicts,

44

+                                                  n_refagg_dicts, image, data, size, GR_stats, as, ws);

45

++                        if (code < 0)

46

++                            goto cleanup4;

47

+

48

+                         SDNEWSYMS->glyphs[NSYMSDECODED] = image;

49

+                         refagg_dicts[0]->glyphs[params->SDNUMINSYMS + NSYMSDECODED] = jbig2_image_clone(ctx, SDNEWSYMS->glyphs[NSYMSDECODED]);

50

+--

51

+2.9.1

52

+

53

54

diff --git a/media-libs/jbig2dec/jbig2dec-0.13-r2.ebuild b/media-libs/jbig2dec/jbig2dec-0.13-r2.ebuild

55

new file mode 100644

56

index 00000000000..16b53ba954a

57

--- /dev/null

58

+++ b/media-libs/jbig2dec/jbig2dec-0.13-r2.ebuild

59

@@ -0,0 +1,49 @@

60

+# Copyright 1999-2017 Gentoo Foundation

61

+# Distributed under the terms of the GNU General Public License v2

62

+

63

+EAPI=6

64

+

65

+DESCRIPTION="A decoder implementation of the JBIG2 image compression format"

66

+HOMEPAGE="http://ghostscript.com/jbig2dec.html"

67

+SRC_URI="http://downloads.ghostscript.com/public/${PN}/${P}.tar.gz

68

+	test? ( http://jbig2dec.sourceforge.net/ubc/jb2streams.zip )"

69

+

70

+LICENSE="AGPL-3"

71

+SLOT="0"

72

+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~x86-solaris"

73

+IUSE="png static-libs test"

74

+

75

+RDEPEND="png? ( media-libs/libpng:0= )"

76

+DEPEND="${RDEPEND}

77

+	test? ( app-arch/unzip )"

78

+

79

+RESTRICT="test"

80

+# bug 324275

81

+

82

+DOCS="CHANGES README"

83

+

84

+PATCHES=(

85

+	"${FILESDIR}/${P}-CVE-2016-9601.patch"

86

+	"${FILESDIR}/${P}-CVE-2017-9216.patch"

87

+)

88

+

89

+src_prepare() {

90

+	default

91

+

92

+	if use test; then

93

+		mkdir "${WORKDIR}/ubc" || die

94

+		mv -v "${WORKDIR}"/*.jb2 "${WORKDIR}/ubc/" || die

95

+		mv -v "${WORKDIR}"/*.bmp "${WORKDIR}/ubc/" || die

96

+	fi

97

+}

98

+

99

+src_configure() {

100

+	econf \

101

+		$(use_enable static-libs static) \

102

+		$(use_with png libpng)

103

+}

104

+

105

+src_install() {

106

+	default

107

+	find "${ED}" -name '*.la' -exec rm {} + || die

108

+}

1	commit: 93ef99f17ee716bb4e5d10add0b0ab6184c80600
2	Author: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
3	AuthorDate: Tue May 30 19:35:59 2017 +0000
4	Commit: Andreas Hüttel <dilfridge <AT> gentoo <DOT> org>
5	CommitDate: Tue May 30 19:35:59 2017 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=93ef99f1
7
8	media-libs/jbig2dec: Revision bump for bug 620202
9
10	Package-Manager: Portage-2.3.6, Repoman-2.3.2
11
12	.../files/jbig2dec-0.13-CVE-2017-9216.patch \| 31 ++++++++++++++
13	media-libs/jbig2dec/jbig2dec-0.13-r2.ebuild \| 49 ++++++++++++++++++++++
14	2 files changed, 80 insertions(+)
15
16	diff --git a/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-9216.patch b/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-9216.patch
17	new file mode 100644
18	index 00000000000..789ed6c9656
19	--- /dev/null
20	+++ b/media-libs/jbig2dec/files/jbig2dec-0.13-CVE-2017-9216.patch
21	@@ -0,0 +1,31 @@
22	+From 3ebffb1d96ba0cacec23016eccb4047dab365853 Mon Sep 17 00:00:00 2001
23	+From: Shailesh Mistry <shailesh.mistry@××××××××××.uk>
24	+Date: Wed, 24 May 2017 19:29:57 +0100
25	+Subject: [PATCH] Bug 697934: Fix SEGV due to error code being ignored.
26	+
27	+The return code from jbig2_decode_text_region was being ignored so the
28	+code continued to try and parse the invalid file using incomplete/empty
29	+structures.
30	+---
31	+ jbig2dec/jbig2_symbol_dict.c \| 4 +++-
32	+ 1 file changed, 3 insertions(+), 1 deletion(-)
33	+
34	+diff --git a/jbig2_symbol_dict.c b/jbig2_symbol_dict.c
35	+index 3cc1731..672425d 100644
36	+--- a/jbig2_symbol_dict.c
37	++++ b/jbig2_symbol_dict.c
38	+@@ -493,8 +493,10 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
39	+ }
40	+
41	+ /* multiple symbols are handled as a text region */
42	+- jbig2_decode_text_region(ctx, segment, tparams, (const Jbig2SymbolDict * const *)refagg_dicts,
43	++ code = jbig2_decode_text_region(ctx, segment, tparams, (const Jbig2SymbolDict * const *)refagg_dicts,
44	+ n_refagg_dicts, image, data, size, GR_stats, as, ws);
45	++ if (code < 0)
46	++ goto cleanup4;
47	+
48	+ SDNEWSYMS->glyphs[NSYMSDECODED] = image;
49	+ refagg_dicts[0]->glyphs[params->SDNUMINSYMS + NSYMSDECODED] = jbig2_image_clone(ctx, SDNEWSYMS->glyphs[NSYMSDECODED]);
50	+--
51	+2.9.1
52	+
53
54	diff --git a/media-libs/jbig2dec/jbig2dec-0.13-r2.ebuild b/media-libs/jbig2dec/jbig2dec-0.13-r2.ebuild
55	new file mode 100644
56	index 00000000000..16b53ba954a
57	--- /dev/null
58	+++ b/media-libs/jbig2dec/jbig2dec-0.13-r2.ebuild
59	@@ -0,0 +1,49 @@
60	+# Copyright 1999-2017 Gentoo Foundation
61	+# Distributed under the terms of the GNU General Public License v2
62	+
63	+EAPI=6
64	+
65	+DESCRIPTION="A decoder implementation of the JBIG2 image compression format"
66	+HOMEPAGE="http://ghostscript.com/jbig2dec.html"
67	+SRC_URI="http://downloads.ghostscript.com/public/${PN}/${P}.tar.gz
68	+ test? ( http://jbig2dec.sourceforge.net/ubc/jb2streams.zip )"
69	+
70	+LICENSE="AGPL-3"
71	+SLOT="0"
72	+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~x86-solaris"
73	+IUSE="png static-libs test"
74	+
75	+RDEPEND="png? ( media-libs/libpng:0= )"
76	+DEPEND="${RDEPEND}
77	+ test? ( app-arch/unzip )"
78	+
79	+RESTRICT="test"
80	+# bug 324275
81	+
82	+DOCS="CHANGES README"
83	+
84	+PATCHES=(
85	+ "${FILESDIR}/${P}-CVE-2016-9601.patch"
86	+ "${FILESDIR}/${P}-CVE-2017-9216.patch"
87	+)
88	+
89	+src_prepare() {
90	+ default
91	+
92	+ if use test; then
93	+ mkdir "${WORKDIR}/ubc" \|\| die
94	+ mv -v "${WORKDIR}"/*.jb2 "${WORKDIR}/ubc/" \|\| die
95	+ mv -v "${WORKDIR}"/*.bmp "${WORKDIR}/ubc/" \|\| die
96	+ fi
97	+}
98	+
99	+src_configure() {
100	+ econf \
101	+ $(use_enable static-libs static) \
102	+ $(use_with png libpng)
103	+}
104	+
105	+src_install() {
106	+ default
107	+ find "${ED}" -name '*.la' -exec rm {} + \|\| die
108	+}

Gentoo Archives: gentoo-commits