Gentoo Archives: gentoo-commits

From: Sebastian Pipping <sping@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: media-gfx/optipng/files/, media-gfx/optipng/
Date: Mon, 04 Dec 2017 19:40:51
Message-Id: 1512416411.0da7381ee3668b7d015fc4082a001dcda0b94707.sping@gentoo
1 commit: 0da7381ee3668b7d015fc4082a001dcda0b94707
2 Author: Sebastian Pipping <sping <AT> gentoo <DOT> org>
3 AuthorDate: Mon Dec 4 19:37:28 2017 +0000
4 Commit: Sebastian Pipping <sping <AT> gentoo <DOT> org>
5 CommitDate: Mon Dec 4 19:40:11 2017 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0da7381e
7
8 media-gfx/optipng: CVE-2017-16938
9
10 Package-Manager: Portage-2.3.16, Repoman-2.3.6
11
12 .../files/optipng-0.7.6-cve-2017-16938.patch | 22 ++++++++
13 media-gfx/optipng/optipng-0.7.6-r2.ebuild | 59 ++++++++++++++++++++++
14 2 files changed, 81 insertions(+)
15
16 diff --git a/media-gfx/optipng/files/optipng-0.7.6-cve-2017-16938.patch b/media-gfx/optipng/files/optipng-0.7.6-cve-2017-16938.patch
17 new file mode 100644
18 index 00000000000..71edf20cfef
19 --- /dev/null
20 +++ b/media-gfx/optipng/files/optipng-0.7.6-cve-2017-16938.patch
21 @@ -0,0 +1,22 @@
22 +From e05fb81a20541833a2d62ce08552b18c0920b9a1 Mon Sep 17 00:00:00 2001
23 +From: Cosmin Truta <ctruta@×××××.com>
24 +Date: Sat, 25 Nov 2017 23:17:46 -0500
25 +Subject: [PATCH] gifread: Detect indirect circular dependencies in LZW tables
26 +
27 +---
28 + src/gifread/gifread.c | 2 ++
29 + 1 file changed, 2 insertions(+)
30 +
31 +diff --git a/src/gifread/gifread.c b/src/gifread/gifread.c
32 +index 0123456789abcdef..0123456789abcdef 100644
33 +--- a/src/gifread/gifread.c
34 ++++ b/src/gifread/gifread.c
35 +@@ -499,6 +499,8 @@ static int LZWReadByte(int init_flag, int input_code_size, FILE *stream)
36 + *sp++ = table[1][code];
37 + if (code == table[0][code])
38 + GIFError("GIF/LZW error: circular table entry");
39 ++ if ((size_t)(sp - stack) >= sizeof(stack) / sizeof(stack[0]))
40 ++ GIFError("GIF/LZW error: circular table");
41 + code = table[0][code];
42 + }
43 +
44
45 diff --git a/media-gfx/optipng/optipng-0.7.6-r2.ebuild b/media-gfx/optipng/optipng-0.7.6-r2.ebuild
46 new file mode 100644
47 index 00000000000..b5096a87c8f
48 --- /dev/null
49 +++ b/media-gfx/optipng/optipng-0.7.6-r2.ebuild
50 @@ -0,0 +1,59 @@
51 +# Copyright 1999-2017 Gentoo Foundation
52 +# Distributed under the terms of the GNU General Public License v2
53 +
54 +EAPI=6
55 +
56 +inherit eutils toolchain-funcs
57 +
58 +DESCRIPTION="Compress PNG files without affecting image quality"
59 +HOMEPAGE="http://optipng.sourceforge.net/"
60 +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz"
61 +
62 +LICENSE="ZLIB"
63 +SLOT="0"
64 +KEYWORDS="~alpha ~amd64 ~arm ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos ~x86-solaris"
65 +IUSE=""
66 +
67 +RDEPEND="sys-libs/zlib
68 + media-libs/libpng:0"
69 +DEPEND="${RDEPEND}
70 + sys-apps/findutils"
71 +
72 +src_prepare() {
73 + epatch "${FILESDIR}"/${PN}-0.7.5-estonian.patch
74 + epatch "${FILESDIR}"/${PN}-0.7.6-cve-2017-1000229.patch # bug 637936
75 + epatch "${FILESDIR}"/${PN}-0.7.6-cve-2017-16938.patch # bug 639690
76 +
77 + rm -R src/{libpng,zlib} || die
78 + find . -type d -name build -exec rm -R {} + || die
79 +
80 + # next release is almost a complete rewrite, so plug this compilation
81 + # problem in anticipation of the much (c)leaner(?) rewrite
82 + sed -i \
83 + -e 's/^#ifdef AT_FDCWD/#if defined(AT_FDCWD) \&\& !(defined (__SVR4) \&\& defined (__sun))/' \
84 + src/optipng/osys.c || die
85 +
86 + tc-export CC AR RANLIB
87 + export LD=$(tc-getCC)
88 +
89 + eapply_user
90 +}
91 +
92 +src_configure() {
93 + ./configure \
94 + -with-system-libpng \
95 + -with-system-zlib \
96 + || die "configure failed"
97 +}
98 +
99 +src_compile() {
100 + emake -C src/optipng
101 +}
102 +
103 +src_install() {
104 + dodoc README.txt doc/*.txt
105 + dohtml doc/*.html
106 + doman src/${PN}/man/${PN}.1
107 +
108 + dobin src/${PN}/${PN}
109 +}