1 |
commit: 73a84757832eef175ea2b082378277d546c8accc |
2 |
Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Sep 30 16:46:58 2018 +0000 |
4 |
Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Sep 30 16:46:58 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=73a84757 |
7 |
|
8 |
media-libs/exempi: Fix CVE-2018-12648 |
9 |
|
10 |
Bug: https://bugs.gentoo.org/659038 |
11 |
Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org> |
12 |
Package-Manager: Portage-2.3.50, Repoman-2.3.11 |
13 |
|
14 |
media-libs/exempi/exempi-2.4.5-r1.ebuild | 58 ++++++++++++++++++++++ |
15 |
.../exempi/files/exempi-2.4.5-CVE-2018-12648.patch | 42 ++++++++++++++++ |
16 |
2 files changed, 100 insertions(+) |
17 |
|
18 |
diff --git a/media-libs/exempi/exempi-2.4.5-r1.ebuild b/media-libs/exempi/exempi-2.4.5-r1.ebuild |
19 |
new file mode 100644 |
20 |
index 00000000000..234df5a17a5 |
21 |
--- /dev/null |
22 |
+++ b/media-libs/exempi/exempi-2.4.5-r1.ebuild |
23 |
@@ -0,0 +1,58 @@ |
24 |
+# Copyright 1999-2018 Gentoo Authors |
25 |
+# Distributed under the terms of the GNU General Public License v2 |
26 |
+ |
27 |
+EAPI=6 |
28 |
+ |
29 |
+inherit autotools |
30 |
+ |
31 |
+DESCRIPTION="Port of the Adobe XMP SDK to work on UNIX" |
32 |
+HOMEPAGE="https://libopenraw.freedesktop.org/wiki/Exempi" |
33 |
+SRC_URI="https://libopenraw.freedesktop.org/download/${P}.tar.gz" |
34 |
+ |
35 |
+LICENSE="BSD" |
36 |
+SLOT="2/3" |
37 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sh ~sparc ~x86 ~x86-fbsd" |
38 |
+IUSE="examples static-libs test" |
39 |
+ |
40 |
+RDEPEND=" |
41 |
+ >=dev-libs/expat-2:= |
42 |
+ sys-libs/zlib |
43 |
+ virtual/libiconv |
44 |
+" |
45 |
+DEPEND="${RDEPEND}" |
46 |
+BDEPEND=" |
47 |
+ sys-devel/autoconf-archive |
48 |
+ sys-devel/gettext |
49 |
+ test? ( >=dev-libs/boost-1.48 ) |
50 |
+" |
51 |
+ |
52 |
+PATCHES=( |
53 |
+ "${FILESDIR}"/${PN}-2.4.2-iconv.patch |
54 |
+ "${FILESDIR}"/${P}-CVE-2018-12648.patch |
55 |
+) |
56 |
+ |
57 |
+src_prepare() { |
58 |
+ default |
59 |
+ cp /usr/share/gettext/config.rpath . || die |
60 |
+ eautoreconf |
61 |
+} |
62 |
+ |
63 |
+src_configure() { |
64 |
+ # Valgrind detection is "disabled" due to bug #295875 |
65 |
+ econf \ |
66 |
+ $(use_enable static-libs static) \ |
67 |
+ $(use_enable test unittest) \ |
68 |
+ VALGRIND="" |
69 |
+} |
70 |
+ |
71 |
+src_install() { |
72 |
+ default |
73 |
+ find "${D}" -name '*.la' -delete || die |
74 |
+ |
75 |
+ if use examples; then |
76 |
+ emake -C samples/source distclean |
77 |
+ rm samples/{,source,testfiles}/Makefile* || die |
78 |
+ insinto /usr/share/doc/${PF}/examples |
79 |
+ doins -r samples/* |
80 |
+ fi |
81 |
+} |
82 |
|
83 |
diff --git a/media-libs/exempi/files/exempi-2.4.5-CVE-2018-12648.patch b/media-libs/exempi/files/exempi-2.4.5-CVE-2018-12648.patch |
84 |
new file mode 100644 |
85 |
index 00000000000..36f0d073435 |
86 |
--- /dev/null |
87 |
+++ b/media-libs/exempi/files/exempi-2.4.5-CVE-2018-12648.patch |
88 |
@@ -0,0 +1,42 @@ |
89 |
+From 8ed2f034705fd2d032c81383eee8208fd4eee0ac Mon Sep 17 00:00:00 2001 |
90 |
+From: Victor Rodriguez <victor.rodriguez.bahena@×××××.com> |
91 |
+Date: Sat, 18 Aug 2018 13:54:55 +0000 |
92 |
+Subject: [PATCH] Issue #9 - Fix null-pointer-dereference (CVE-2018-12648) |
93 |
+MIME-Version: 1.0 |
94 |
+Content-Type: text/plain; charset=UTF-8 |
95 |
+Content-Transfer-Encoding: 8bit |
96 |
+ |
97 |
+The WEBP::GetLE32 function in |
98 |
+XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a |
99 |
+NULL pointer dereference. |
100 |
+ |
101 |
+https://bugs.freedesktop.org/show_bug.cgi?id=106981 |
102 |
+https://gitlab.freedesktop.org/libopenraw/exempi/issues/9 |
103 |
+ |
104 |
+Signed-off-by: Victor Rodriguez <victor.rodriguez.bahena@×××××.com> |
105 |
+Signed-off-by: Hubert Figuière <hub@××××××××.net> |
106 |
+--- |
107 |
+ XMPFiles/source/FormatSupport/WEBP_Support.cpp | 8 +++++--- |
108 |
+ 1 file changed, 5 insertions(+), 3 deletions(-) |
109 |
+ |
110 |
+diff --git a/XMPFiles/source/FormatSupport/WEBP_Support.cpp b/XMPFiles/source/FormatSupport/WEBP_Support.cpp |
111 |
+index ffaf220..4fe705b 100644 |
112 |
+--- a/XMPFiles/source/FormatSupport/WEBP_Support.cpp |
113 |
++++ b/XMPFiles/source/FormatSupport/WEBP_Support.cpp |
114 |
+@@ -160,9 +160,11 @@ bool VP8XChunk::xmp() |
115 |
+ } |
116 |
+ void VP8XChunk::xmp(bool hasXMP) |
117 |
+ { |
118 |
+- XMP_Uns32 flags = GetLE32(&this->data[0]); |
119 |
+- flags ^= (-hasXMP ^ flags) & (1 << XMP_FLAG_BIT); |
120 |
+- PutLE32(&this->data[0], flags); |
121 |
++ if (&this->data[0] != NULL) { |
122 |
++ XMP_Uns32 flags = GetLE32(&this->data[0]); |
123 |
++ flags ^= (-hasXMP ^ flags) & (1 << XMP_FLAG_BIT); |
124 |
++ PutLE32(&this->data[0], flags); |
125 |
++ } |
126 |
+ } |
127 |
+ |
128 |
+ Container::Container(WEBP_MetaHandler* handler) : Chunk(NULL, handler) |
129 |
+-- |
130 |
+2.18.0 |