Gentoo Archives: gentoo-commits

From: Andreas Sturmlechner <asturm@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: media-libs/exempi/, media-libs/exempi/files/
Date: Sun, 30 Sep 2018 16:48:50
Message-Id: 1538326018.73a84757832eef175ea2b082378277d546c8accc.asturm@gentoo
1 commit: 73a84757832eef175ea2b082378277d546c8accc
2 Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
3 AuthorDate: Sun Sep 30 16:46:58 2018 +0000
4 Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
5 CommitDate: Sun Sep 30 16:46:58 2018 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=73a84757
7
8 media-libs/exempi: Fix CVE-2018-12648
9
10 Bug: https://bugs.gentoo.org/659038
11 Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org>
12 Package-Manager: Portage-2.3.50, Repoman-2.3.11
13
14 media-libs/exempi/exempi-2.4.5-r1.ebuild | 58 ++++++++++++++++++++++
15 .../exempi/files/exempi-2.4.5-CVE-2018-12648.patch | 42 ++++++++++++++++
16 2 files changed, 100 insertions(+)
17
18 diff --git a/media-libs/exempi/exempi-2.4.5-r1.ebuild b/media-libs/exempi/exempi-2.4.5-r1.ebuild
19 new file mode 100644
20 index 00000000000..234df5a17a5
21 --- /dev/null
22 +++ b/media-libs/exempi/exempi-2.4.5-r1.ebuild
23 @@ -0,0 +1,58 @@
24 +# Copyright 1999-2018 Gentoo Authors
25 +# Distributed under the terms of the GNU General Public License v2
26 +
27 +EAPI=6
28 +
29 +inherit autotools
30 +
31 +DESCRIPTION="Port of the Adobe XMP SDK to work on UNIX"
32 +HOMEPAGE="https://libopenraw.freedesktop.org/wiki/Exempi"
33 +SRC_URI="https://libopenraw.freedesktop.org/download/${P}.tar.gz"
34 +
35 +LICENSE="BSD"
36 +SLOT="2/3"
37 +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sh ~sparc ~x86 ~x86-fbsd"
38 +IUSE="examples static-libs test"
39 +
40 +RDEPEND="
41 + >=dev-libs/expat-2:=
42 + sys-libs/zlib
43 + virtual/libiconv
44 +"
45 +DEPEND="${RDEPEND}"
46 +BDEPEND="
47 + sys-devel/autoconf-archive
48 + sys-devel/gettext
49 + test? ( >=dev-libs/boost-1.48 )
50 +"
51 +
52 +PATCHES=(
53 + "${FILESDIR}"/${PN}-2.4.2-iconv.patch
54 + "${FILESDIR}"/${P}-CVE-2018-12648.patch
55 +)
56 +
57 +src_prepare() {
58 + default
59 + cp /usr/share/gettext/config.rpath . || die
60 + eautoreconf
61 +}
62 +
63 +src_configure() {
64 + # Valgrind detection is "disabled" due to bug #295875
65 + econf \
66 + $(use_enable static-libs static) \
67 + $(use_enable test unittest) \
68 + VALGRIND=""
69 +}
70 +
71 +src_install() {
72 + default
73 + find "${D}" -name '*.la' -delete || die
74 +
75 + if use examples; then
76 + emake -C samples/source distclean
77 + rm samples/{,source,testfiles}/Makefile* || die
78 + insinto /usr/share/doc/${PF}/examples
79 + doins -r samples/*
80 + fi
81 +}
82
83 diff --git a/media-libs/exempi/files/exempi-2.4.5-CVE-2018-12648.patch b/media-libs/exempi/files/exempi-2.4.5-CVE-2018-12648.patch
84 new file mode 100644
85 index 00000000000..36f0d073435
86 --- /dev/null
87 +++ b/media-libs/exempi/files/exempi-2.4.5-CVE-2018-12648.patch
88 @@ -0,0 +1,42 @@
89 +From 8ed2f034705fd2d032c81383eee8208fd4eee0ac Mon Sep 17 00:00:00 2001
90 +From: Victor Rodriguez <victor.rodriguez.bahena@×××××.com>
91 +Date: Sat, 18 Aug 2018 13:54:55 +0000
92 +Subject: [PATCH] Issue #9 - Fix null-pointer-dereference (CVE-2018-12648)
93 +MIME-Version: 1.0
94 +Content-Type: text/plain; charset=UTF-8
95 +Content-Transfer-Encoding: 8bit
96 +
97 +The WEBP::GetLE32 function in
98 +XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a
99 +NULL pointer dereference.
100 +
101 +https://bugs.freedesktop.org/show_bug.cgi?id=106981
102 +https://gitlab.freedesktop.org/libopenraw/exempi/issues/9
103 +
104 +Signed-off-by: Victor Rodriguez <victor.rodriguez.bahena@×××××.com>
105 +Signed-off-by: Hubert Figuière <hub@××××××××.net>
106 +---
107 + XMPFiles/source/FormatSupport/WEBP_Support.cpp | 8 +++++---
108 + 1 file changed, 5 insertions(+), 3 deletions(-)
109 +
110 +diff --git a/XMPFiles/source/FormatSupport/WEBP_Support.cpp b/XMPFiles/source/FormatSupport/WEBP_Support.cpp
111 +index ffaf220..4fe705b 100644
112 +--- a/XMPFiles/source/FormatSupport/WEBP_Support.cpp
113 ++++ b/XMPFiles/source/FormatSupport/WEBP_Support.cpp
114 +@@ -160,9 +160,11 @@ bool VP8XChunk::xmp()
115 + }
116 + void VP8XChunk::xmp(bool hasXMP)
117 + {
118 +- XMP_Uns32 flags = GetLE32(&this->data[0]);
119 +- flags ^= (-hasXMP ^ flags) & (1 << XMP_FLAG_BIT);
120 +- PutLE32(&this->data[0], flags);
121 ++ if (&this->data[0] != NULL) {
122 ++ XMP_Uns32 flags = GetLE32(&this->data[0]);
123 ++ flags ^= (-hasXMP ^ flags) & (1 << XMP_FLAG_BIT);
124 ++ PutLE32(&this->data[0], flags);
125 ++ }
126 + }
127 +
128 + Container::Container(WEBP_MetaHandler* handler) : Chunk(NULL, handler)
129 +--
130 +2.18.0