[gentoo-commits] repo/gentoo:master commit in: media-sound/lilypond/files/, media-sound/lilypond/ - gentoo-commits

From:	"Miroslav Šulc" <fordfrog@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: media-sound/lilypond/files/, media-sound/lilypond/
Date:	Wed, 05 Aug 2020 17:57:38
Message-Id:	`1596650246.b643169012fae9013d509ef7fc19602450113b77.fordfrog@gentoo`

1

commit:     b643169012fae9013d509ef7fc19602450113b77

2

Author:     Miroslav Šulc <fordfrog <AT> gentoo <DOT> org>

3

AuthorDate: Wed Aug  5 17:57:09 2020 +0000

4

Commit:     Miroslav Šulc <fordfrog <AT> gentoo <DOT> org>

5

CommitDate: Wed Aug  5 17:57:26 2020 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b6431690

7

8

media-sound/lilypond: fixed cve-2020-17353

9

10

Bug: https://bugs.gentoo.org/736074

11

Package-Manager: Portage-3.0.1, Repoman-2.3.23

12

Signed-off-by: Miroslav Šulc <fordfrog <AT> gentoo.org>

13

14

 .../files/lilypond-fix-cve-2020-17353.patch        | 101 +++++++++++++++++++++

15

 ...ond-2.21.4.ebuild => lilypond-2.21.1-r1.ebuild} |   5 +-

16

 ...ond-2.21.4.ebuild => lilypond-2.21.4-r1.ebuild} |   1 +

17

 3 files changed, 105 insertions(+), 2 deletions(-)

18

19

diff --git a/media-sound/lilypond/files/lilypond-fix-cve-2020-17353.patch b/media-sound/lilypond/files/lilypond-fix-cve-2020-17353.patch

20

new file mode 100644

21

index 00000000000..e91947eae05

22

--- /dev/null

23

+++ b/media-sound/lilypond/files/lilypond-fix-cve-2020-17353.patch

24

@@ -0,0 +1,101 @@

25

+From b84ea4740f3279516905c5db05f4074e777c16ff Mon Sep 17 00:00:00 2001

26

+From: Han-Wen Nienhuys <hanwenn@×××××.com>

27

+Date: Tue, 21 Jul 2020 14:45:08 +0200

28

+Subject: [PATCH] scm: disable embedded-ps and embedded-svg in -dsafe mode

29

+

30

+This prevents executing privileged PostScript and exploiting

31

+Ghostscript vulnerablilities

32

+

33

+Tested:

34

+ $ lilypond -dsafe input/regression/les-nereides.ly

35

+ (works, kinda)

36

+

37

+ $ cat f.ly

38

+ { c4_ \markup \postscript #" (x) show " }

39

+

40

+ $ lilypond -dsafe f

41

+ Preprocessing graphical objects.../home/hanwen/vc/lilypond/out/share/lilypond/current/scm/define-markup-commands.scm:1145:3: In procedure ly_make_stencil in expression (ly:make-stencil (list # #) (quote #) ...):

42

+  /home/hanwen/vc/lilypond/out/share/lilypond/current/scm/define-markup-commands.scm:1145:3: Wrong type argument in position 1 (expecting registered stencil expression): (embedded-ps "

43

+---

44

+ scm/define-stencil-commands.scm | 65 ++++++++++++++++++++++-------------------

45

+ 1 file changed, 35 insertions(+), 30 deletions(-)

46

+

47

+diff --git a/scm/define-stencil-commands.scm b/scm/define-stencil-commands.scm

48

+index 09a2299..e388788 100644

49

+--- a/scm/define-stencil-commands.scm

50

++++ b/scm/define-stencil-commands.scm

51

+@@ -21,36 +21,41 @@

52

+ (define-public (ly:all-stencil-commands)

53

+   "Return the list of stencil commands that can be

54

+ defined in the output modules (@file{output-*.scm})."

55

+-  '(blank

56

+-    char

57

+-    circle

58

+-    dashed-line

59

+-    draw-line

60

+-    ellipse

61

+-    embedded-ps

62

+-    embedded-svg

63

+-    end-group-node

64

+-    glyph-string

65

+-    grob-cause

66

+-    named-glyph

67

+-    no-origin

68

+-    page-link

69

+-    path

70

+-    partial-ellipse

71

+-    placebox

72

+-    polygon

73

+-    resetcolor

74

+-    resetrotation

75

+-    resetscale

76

+-    round-filled-box

77

+-    setcolor

78

+-    setrotation

79

+-    setscale

80

+-    start-group-node

81

+-    text

82

+-    unknown

83

+-    url-link

84

+-    utf-8-string

85

++  (let*

86

++      ((commands '(blank

87

++                   char

88

++                   circle

89

++                   dashed-line

90

++                   draw-line

91

++                   ellipse

92

++                   end-group-node

93

++                   glyph-string

94

++                   grob-cause

95

++                   named-glyph

96

++                   no-origin

97

++                   page-link

98

++                   path

99

++                   partial-ellipse

100

++                   placebox

101

++                   polygon

102

++                   resetcolor

103

++                   resetrotation

104

++                   resetscale

105

++                   round-filled-box

106

++                   setcolor

107

++                   setrotation

108

++                   setscale

109

++                   start-group-node

110

++                   text

111

++                   unknown

112

++                   url-link

113

++                   utf-8-string

114

++                   )))

115

++

116

++    (if (ly:get-option 'safe)

117

++        commands

118

++        (append '(embedded-ps embedded-svg)

119

++                commands))

120

+     ))

121

+

122

+ ;; TODO:

123

+--

124

+1.9.1

125

+

126

127

diff --git a/media-sound/lilypond/lilypond-2.21.4.ebuild b/media-sound/lilypond/lilypond-2.21.1-r1.ebuild

128

similarity index 95%

129

copy from media-sound/lilypond/lilypond-2.21.4.ebuild

130

copy to media-sound/lilypond/lilypond-2.21.1-r1.ebuild

131

index 3aa63a51f18..1f1e8202a99 100644

132

--- a/media-sound/lilypond/lilypond-2.21.4.ebuild

133

+++ b/media-sound/lilypond/lilypond-2.21.1-r1.ebuild

134

@@ -2,7 +2,7 @@

135

 # Distributed under the terms of the GNU General Public License v2

136

137

 EAPI=7

138

-PYTHON_COMPAT=( python3_{6,7,8,9} )

139

+PYTHON_COMPAT=( python3_{6,7,8} )

140

141

 inherit elisp-common autotools python-single-r1 toolchain-funcs xdg-utils

142

143

@@ -54,7 +54,8 @@ DEPEND="${RDEPEND}

144

 RESTRICT="test"

145

146

 PATCHES=(

147

-	"${FILESDIR}"/${PN}-2.21.1-fix-font-size.patch

148

+	"${FILESDIR}"/${P}-fix-font-size.patch

149

+	"${FILESDIR}"/${PN}-fix-cve-2020-17353.patch

150

)

151

152

 DOCS=( DEDICATION HACKING README.txt ROADMAP )

153

154

diff --git a/media-sound/lilypond/lilypond-2.21.4.ebuild b/media-sound/lilypond/lilypond-2.21.4-r1.ebuild

155

similarity index 98%

156

rename from media-sound/lilypond/lilypond-2.21.4.ebuild

157

rename to media-sound/lilypond/lilypond-2.21.4-r1.ebuild

158

index 3aa63a51f18..0196e4c7d4d 100644

159

--- a/media-sound/lilypond/lilypond-2.21.4.ebuild

160

+++ b/media-sound/lilypond/lilypond-2.21.4-r1.ebuild

161

@@ -55,6 +55,7 @@ RESTRICT="test"

162

163

 PATCHES=(

164

 	"${FILESDIR}"/${PN}-2.21.1-fix-font-size.patch

165

+	"${FILESDIR}"/${PN}-fix-cve-2020-17353.patch

166

)

167

168

 DOCS=( DEDICATION HACKING README.txt ROADMAP )

1	commit: b643169012fae9013d509ef7fc19602450113b77
2	Author: Miroslav Šulc <fordfrog <AT> gentoo <DOT> org>
3	AuthorDate: Wed Aug 5 17:57:09 2020 +0000
4	Commit: Miroslav Šulc <fordfrog <AT> gentoo <DOT> org>
5	CommitDate: Wed Aug 5 17:57:26 2020 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b6431690
7
8	media-sound/lilypond: fixed cve-2020-17353
9
10	Bug: https://bugs.gentoo.org/736074
11	Package-Manager: Portage-3.0.1, Repoman-2.3.23
12	Signed-off-by: Miroslav Šulc <fordfrog <AT> gentoo.org>
13
14	.../files/lilypond-fix-cve-2020-17353.patch \| 101 +++++++++++++++++++++
15	...ond-2.21.4.ebuild => lilypond-2.21.1-r1.ebuild} \| 5 +-
16	...ond-2.21.4.ebuild => lilypond-2.21.4-r1.ebuild} \| 1 +
17	3 files changed, 105 insertions(+), 2 deletions(-)
18
19	diff --git a/media-sound/lilypond/files/lilypond-fix-cve-2020-17353.patch b/media-sound/lilypond/files/lilypond-fix-cve-2020-17353.patch
20	new file mode 100644
21	index 00000000000..e91947eae05
22	--- /dev/null
23	+++ b/media-sound/lilypond/files/lilypond-fix-cve-2020-17353.patch
24	@@ -0,0 +1,101 @@
25	+From b84ea4740f3279516905c5db05f4074e777c16ff Mon Sep 17 00:00:00 2001
26	+From: Han-Wen Nienhuys <hanwenn@×××××.com>
27	+Date: Tue, 21 Jul 2020 14:45:08 +0200
28	+Subject: [PATCH] scm: disable embedded-ps and embedded-svg in -dsafe mode
29	+
30	+This prevents executing privileged PostScript and exploiting
31	+Ghostscript vulnerablilities
32	+
33	+Tested:
34	+ $ lilypond -dsafe input/regression/les-nereides.ly
35	+ (works, kinda)
36	+
37	+ $ cat f.ly
38	+ { c4_ \markup \postscript #" (x) show " }
39	+
40	+ $ lilypond -dsafe f
41	+ Preprocessing graphical objects.../home/hanwen/vc/lilypond/out/share/lilypond/current/scm/define-markup-commands.scm:1145:3: In procedure ly_make_stencil in expression (ly:make-stencil (list # #) (quote #) ...):
42	+ /home/hanwen/vc/lilypond/out/share/lilypond/current/scm/define-markup-commands.scm:1145:3: Wrong type argument in position 1 (expecting registered stencil expression): (embedded-ps "
43	+---
44	+ scm/define-stencil-commands.scm \| 65 ++++++++++++++++++++++-------------------
45	+ 1 file changed, 35 insertions(+), 30 deletions(-)
46	+
47	+diff --git a/scm/define-stencil-commands.scm b/scm/define-stencil-commands.scm
48	+index 09a2299..e388788 100644
49	+--- a/scm/define-stencil-commands.scm
50	++++ b/scm/define-stencil-commands.scm
51	+@@ -21,36 +21,41 @@
52	+ (define-public (ly:all-stencil-commands)
53	+ "Return the list of stencil commands that can be
54	+ defined in the output modules (@file{output-*.scm})."
55	+- '(blank
56	+- char
57	+- circle
58	+- dashed-line
59	+- draw-line
60	+- ellipse
61	+- embedded-ps
62	+- embedded-svg
63	+- end-group-node
64	+- glyph-string
65	+- grob-cause
66	+- named-glyph
67	+- no-origin
68	+- page-link
69	+- path
70	+- partial-ellipse
71	+- placebox
72	+- polygon
73	+- resetcolor
74	+- resetrotation
75	+- resetscale
76	+- round-filled-box
77	+- setcolor
78	+- setrotation
79	+- setscale
80	+- start-group-node
81	+- text
82	+- unknown
83	+- url-link
84	+- utf-8-string
85	++ (let*
86	++ ((commands '(blank
87	++ char
88	++ circle
89	++ dashed-line
90	++ draw-line
91	++ ellipse
92	++ end-group-node
93	++ glyph-string
94	++ grob-cause
95	++ named-glyph
96	++ no-origin
97	++ page-link
98	++ path
99	++ partial-ellipse
100	++ placebox
101	++ polygon
102	++ resetcolor
103	++ resetrotation
104	++ resetscale
105	++ round-filled-box
106	++ setcolor
107	++ setrotation
108	++ setscale
109	++ start-group-node
110	++ text
111	++ unknown
112	++ url-link
113	++ utf-8-string
114	++ )))
115	++
116	++ (if (ly:get-option 'safe)
117	++ commands
118	++ (append '(embedded-ps embedded-svg)
119	++ commands))
120	+ ))
121	+
122	+ ;; TODO:
123	+--
124	+1.9.1
125	+
126
127	diff --git a/media-sound/lilypond/lilypond-2.21.4.ebuild b/media-sound/lilypond/lilypond-2.21.1-r1.ebuild
128	similarity index 95%
129	copy from media-sound/lilypond/lilypond-2.21.4.ebuild
130	copy to media-sound/lilypond/lilypond-2.21.1-r1.ebuild
131	index 3aa63a51f18..1f1e8202a99 100644
132	--- a/media-sound/lilypond/lilypond-2.21.4.ebuild
133	+++ b/media-sound/lilypond/lilypond-2.21.1-r1.ebuild
134	@@ -2,7 +2,7 @@
135	# Distributed under the terms of the GNU General Public License v2
136
137	EAPI=7
138	-PYTHON_COMPAT=( python3_{6,7,8,9} )
139	+PYTHON_COMPAT=( python3_{6,7,8} )
140
141	inherit elisp-common autotools python-single-r1 toolchain-funcs xdg-utils
142
143	@@ -54,7 +54,8 @@ DEPEND="${RDEPEND}
144	RESTRICT="test"
145
146	PATCHES=(
147	- "${FILESDIR}"/${PN}-2.21.1-fix-font-size.patch
148	+ "${FILESDIR}"/${P}-fix-font-size.patch
149	+ "${FILESDIR}"/${PN}-fix-cve-2020-17353.patch
150	)
151
152	DOCS=( DEDICATION HACKING README.txt ROADMAP )
153
154	diff --git a/media-sound/lilypond/lilypond-2.21.4.ebuild b/media-sound/lilypond/lilypond-2.21.4-r1.ebuild
155	similarity index 98%
156	rename from media-sound/lilypond/lilypond-2.21.4.ebuild
157	rename to media-sound/lilypond/lilypond-2.21.4-r1.ebuild
158	index 3aa63a51f18..0196e4c7d4d 100644
159	--- a/media-sound/lilypond/lilypond-2.21.4.ebuild
160	+++ b/media-sound/lilypond/lilypond-2.21.4-r1.ebuild
161	@@ -55,6 +55,7 @@ RESTRICT="test"
162
163	PATCHES=(
164	"${FILESDIR}"/${PN}-2.21.1-fix-font-size.patch
165	+ "${FILESDIR}"/${PN}-fix-cve-2020-17353.patch
166	)
167
168	DOCS=( DEDICATION HACKING README.txt ROADMAP )

Gentoo Archives: gentoo-commits