Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Sebastian Pipping <sping@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: media-gfx/gimp/files/, media-gfx/gimp/
Date: Wed, 03 Jan 2018 03:21:22
Message-Id: 1514949303.c0f2d036a569a8a7d5dca3f17ab8c2f952b8cce6.sping@gentoo
1 commit: c0f2d036a569a8a7d5dca3f17ab8c2f952b8cce6
2 Author: Sebastian Pipping <sping <AT> gentoo <DOT> org>
3 AuthorDate: Wed Jan 3 03:15:03 2018 +0000
4 Commit: Sebastian Pipping <sping <AT> gentoo <DOT> org>
5 CommitDate: Wed Jan 3 03:15:03 2018 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c0f2d036
7
8 media-gfx/gimp: CVE-2017-17784 to CVE-2017-17789
9
10 Package-Manager: Portage-2.3.16, Repoman-2.3.6
11
12 .../gimp/files/gimp-2.8.22-cve-2017-17784.patch | 32 ++++
13 .../gimp/files/gimp-2.8.22-cve-2017-17785.patch | 161 ++++++++++++++++
14 .../gimp/files/gimp-2.8.22-cve-2017-17786-1.patch | 53 ++++++
15 .../gimp/files/gimp-2.8.22-cve-2017-17786-2.patch | 31 ++++
16 .../gimp/files/gimp-2.8.22-cve-2017-17787.patch | 33 ++++
17 .../gimp/files/gimp-2.8.22-cve-2017-17788.patch | 29 +++
18 .../gimp/files/gimp-2.8.22-cve-2017-17789.patch | 38 ++++
19 .../gimp/files/gimp-2.9.8-cve-2017-17784.patch | 30 +++
20 media-gfx/gimp/gimp-2.8.22-r1.ebuild | 176 ++++++++++++++++++
21 media-gfx/gimp/gimp-2.9.8-r1.ebuild | 205 +++++++++++++++++++++
22 10 files changed, 788 insertions(+)
23
24 diff --git a/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17784.patch b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17784.patch
25 new file mode 100644
26 index 00000000000..c7df330409f
27 --- /dev/null
28 +++ b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17784.patch
29 @@ -0,0 +1,32 @@
30 +From c57f9dcf1934a9ab0cd67650f2dea18cb0902270 Mon Sep 17 00:00:00 2001
31 +From: Jehan <jehan@×××××××××.io>
32 +Date: Thu, 21 Dec 2017 12:25:32 +0100
33 +Subject: Bug 790784 - (CVE-2017-17784) heap overread in gbr parser /
34 + load_image.
35 +
36 +We were assuming the input name was well formed, hence was
37 +nul-terminated. As any data coming from external input, this has to be
38 +thorougly checked.
39 +Similar to commit 06d24a79af94837d615d0024916bb95a01bf3c59 but adapted
40 +to older gimp-2-8 code.
41 +---
42 + plug-ins/common/file-gbr.c | 3 ++-
43 + 1 file changed, 2 insertions(+), 1 deletion(-)
44 +
45 +diff --git a/plug-ins/common/file-gbr.c b/plug-ins/common/file-gbr.c
46 +index b028100..d3f01d9 100644
47 +--- a/plug-ins/common/file-gbr.c
48 ++++ b/plug-ins/common/file-gbr.c
49 +@@ -443,7 +443,8 @@ load_image (const gchar *filename,
50 + {
51 + gchar *temp = g_new (gchar, bn_size);
52 +
53 +- if ((read (fd, temp, bn_size)) < bn_size)
54 ++ if ((read (fd, temp, bn_size)) < bn_size ||
55 ++ temp[bn_size - 1] != '\0')
56 + {
57 + g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
58 + _("Error in GIMP brush file '%s'"),
59 +--
60 +cgit v0.12
61 +
62
63 diff --git a/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17785.patch b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17785.patch
64 new file mode 100644
65 index 00000000000..1f77d36ec6c
66 --- /dev/null
67 +++ b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17785.patch
68 @@ -0,0 +1,161 @@
69 +From 1882bac996a20ab5c15c42b0c5e8f49033a1af54 Mon Sep 17 00:00:00 2001
70 +From: Tobias Stoeckmann <tobias@××××××××××.org>
71 +Date: Sun, 29 Oct 2017 15:19:41 +0100
72 +Subject: Bug 739133 - (CVE-2017-17785) Heap overflow while parsing FLI files.
73 +
74 +It is possible to trigger a heap overflow while parsing FLI files. The
75 +RLE decoder is vulnerable to out of boundary writes due to lack of
76 +boundary checks.
77 +
78 +The variable "framebuf" points to a memory area which was allocated
79 +with fli_header->width * fli_header->height bytes. The RLE decoder
80 +therefore must never write beyond that limit.
81 +
82 +If an illegal frame is detected, the parser won't stop, which means
83 +that the next valid sequence is properly parsed again. This should
84 +allow GIMP to parse FLI files as good as possible even if they are
85 +broken by an attacker or by accident.
86 +
87 +While at it, I changed the variable xc to be of type size_t, because
88 +the multiplication of width and height could overflow a 16 bit type.
89 +
90 +Signed-off-by: Tobias Stoeckmann <tobias@××××××××××.org>
91 +(cherry picked from commit edb251a7ef1602d20a5afcbf23f24afb163de63b)
92 +---
93 + plug-ins/file-fli/fli.c | 50 ++++++++++++++++++++++++++++++++++---------------
94 + 1 file changed, 35 insertions(+), 15 deletions(-)
95 +
96 +diff --git a/plug-ins/file-fli/fli.c b/plug-ins/file-fli/fli.c
97 +index 313efeb..ffb651e 100644
98 +--- a/plug-ins/file-fli/fli.c
99 ++++ b/plug-ins/file-fli/fli.c
100 +@@ -25,6 +25,8 @@
101 +
102 + #include "config.h"
103 +
104 ++#include <glib/gstdio.h>
105 ++
106 + #include <string.h>
107 + #include <stdio.h>
108 +
109 +@@ -461,23 +463,27 @@ void fli_read_brun(FILE *f, s_fli_header *fli_header, unsigned char *framebuf)
110 + unsigned short yc;
111 + unsigned char *pos;
112 + for (yc=0; yc < fli_header->height; yc++) {
113 +- unsigned short xc, pc, pcnt;
114 ++ unsigned short pc, pcnt;
115 ++ size_t n, xc;
116 + pc=fli_read_char(f);
117 + xc=0;
118 + pos=framebuf+(fli_header->width * yc);
119 ++ n=(size_t)fli_header->width * (fli_header->height-yc);
120 + for (pcnt=pc; pcnt>0; pcnt--) {
121 + unsigned short ps;
122 + ps=fli_read_char(f);
123 + if (ps & 0x80) {
124 + unsigned short len;
125 +- for (len=-(signed char)ps; len>0; len--) {
126 ++ for (len=-(signed char)ps; len>0 && xc<n; len--) {
127 + pos[xc++]=fli_read_char(f);
128 + }
129 + } else {
130 + unsigned char val;
131 ++ size_t len;
132 ++ len=MIN(n-xc,ps);
133 + val=fli_read_char(f);
134 +- memset(&(pos[xc]), val, ps);
135 +- xc+=ps;
136 ++ memset(&(pos[xc]), val, len);
137 ++ xc+=len;
138 + }
139 + }
140 + }
141 +@@ -564,25 +570,34 @@ void fli_read_lc(FILE *f, s_fli_header *fli_header, unsigned char *old_framebuf,
142 + memcpy(framebuf, old_framebuf, fli_header->width * fli_header->height);
143 + firstline = fli_read_short(f);
144 + numline = fli_read_short(f);
145 ++ if (numline > fli_header->height || fli_header->height-numline < firstline)
146 ++ return;
147 ++
148 + for (yc=0; yc < numline; yc++) {
149 +- unsigned short xc, pc, pcnt;
150 ++ unsigned short pc, pcnt;
151 ++ size_t n, xc;
152 + pc=fli_read_char(f);
153 + xc=0;
154 + pos=framebuf+(fli_header->width * (firstline+yc));
155 ++ n=(size_t)fli_header->width * (fli_header->height-firstline-yc);
156 + for (pcnt=pc; pcnt>0; pcnt--) {
157 + unsigned short ps,skip;
158 + skip=fli_read_char(f);
159 + ps=fli_read_char(f);
160 +- xc+=skip;
161 ++ xc+=MIN(n-xc,skip);
162 + if (ps & 0x80) {
163 + unsigned char val;
164 ++ size_t len;
165 + ps=-(signed char)ps;
166 + val=fli_read_char(f);
167 +- memset(&(pos[xc]), val, ps);
168 +- xc+=ps;
169 ++ len=MIN(n-xc,ps);
170 ++ memset(&(pos[xc]), val, len);
171 ++ xc+=len;
172 + } else {
173 +- fread(&(pos[xc]), ps, 1, f);
174 +- xc+=ps;
175 ++ size_t len;
176 ++ len=MIN(n-xc,ps);
177 ++ fread(&(pos[xc]), len, 1, f);
178 ++ xc+=len;
179 + }
180 + }
181 + }
182 +@@ -689,7 +704,8 @@ void fli_read_lc_2(FILE *f, s_fli_header *fli_header, unsigned char *old_framebu
183 + yc=0;
184 + numline = fli_read_short(f);
185 + for (lc=0; lc < numline; lc++) {
186 +- unsigned short xc, pc, pcnt, lpf, lpn;
187 ++ unsigned short pc, pcnt, lpf, lpn;
188 ++ size_t n, xc;
189 + pc=fli_read_short(f);
190 + lpf=0; lpn=0;
191 + while (pc & 0x8000) {
192 +@@ -700,26 +716,30 @@ void fli_read_lc_2(FILE *f, s_fli_header *fli_header, unsigned char *old_framebu
193 + }
194 + pc=fli_read_short(f);
195 + }
196 ++ yc=MIN(yc, fli_header->height);
197 + xc=0;
198 + pos=framebuf+(fli_header->width * yc);
199 ++ n=(size_t)fli_header->width * (fli_header->height-yc);
200 + for (pcnt=pc; pcnt>0; pcnt--) {
201 + unsigned short ps,skip;
202 + skip=fli_read_char(f);
203 + ps=fli_read_char(f);
204 +- xc+=skip;
205 ++ xc+=MIN(n-xc,skip);
206 + if (ps & 0x80) {
207 + unsigned char v1,v2;
208 + ps=-(signed char)ps;
209 + v1=fli_read_char(f);
210 + v2=fli_read_char(f);
211 +- while (ps>0) {
212 ++ while (ps>0 && xc+1<n) {
213 + pos[xc++]=v1;
214 + pos[xc++]=v2;
215 + ps--;
216 + }
217 + } else {
218 +- fread(&(pos[xc]), ps, 2, f);
219 +- xc+=ps << 1;
220 ++ size_t len;
221 ++ len=MIN((n-xc)/2,ps);
222 ++ fread(&(pos[xc]), len, 2, f);
223 ++ xc+=len << 1;
224 + }
225 + }
226 + if (lpf) pos[xc]=lpn;
227 +--
228 +cgit v0.12
229 +
230
231 diff --git a/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17786-1.patch b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17786-1.patch
232 new file mode 100644
233 index 00000000000..4047f7cb3c9
234 --- /dev/null
235 +++ b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17786-1.patch
236 @@ -0,0 +1,53 @@
237 +From ef9c821fff8b637a2178eab1c78cae6764c50e12 Mon Sep 17 00:00:00 2001
238 +From: Jehan <jehan@×××××××××.io>
239 +Date: Wed, 20 Dec 2017 13:02:38 +0100
240 +Subject: Bug 739134 - (CVE-2017-17786) Out of bounds read / heap overflow
241 + in...
242 +MIME-Version: 1.0
243 +Content-Type: text/plain; charset=UTF-8
244 +Content-Transfer-Encoding: 8bit
245 +
246 +... TGA importer.
247 +
248 +Be more thorough on valid TGA RGB and RGBA images.
249 +In particular current TGA plug-in can import RGBA as 32 bits (8 bits per
250 +channel) and 16 bits (5 bits per color channel and 1 bit for alpha), and
251 +RGB as 15 and 24 bits.
252 +Maybe there exist more variants, but if they do exist, we simply don't
253 +support them yet.
254 +
255 +Thanks to Hanno Böck for the report and a first patch attempt.
256 +
257 +(cherry picked from commit 674b62ad45b6579ec6d7923dc3cb1ef4e8b5498b)
258 +---
259 + plug-ins/common/file-tga.c | 12 ++++++++----
260 + 1 file changed, 8 insertions(+), 4 deletions(-)
261 +
262 +diff --git a/plug-ins/common/file-tga.c b/plug-ins/common/file-tga.c
263 +index aef9870..426acc2 100644
264 +--- a/plug-ins/common/file-tga.c
265 ++++ b/plug-ins/common/file-tga.c
266 +@@ -564,12 +564,16 @@ load_image (const gchar *filename,
267 + }
268 + break;
269 + case TGA_TYPE_COLOR:
270 +- if (info.bpp != 15 && info.bpp != 16 &&
271 +- info.bpp != 24 && info.bpp != 32)
272 ++ if ((info.bpp != 15 && info.bpp != 16 &&
273 ++ info.bpp != 24 && info.bpp != 32) ||
274 ++ ((info.bpp == 15 || info.bpp == 24) &&
275 ++ info.alphaBits != 0) ||
276 ++ (info.bpp == 16 && info.alphaBits != 1) ||
277 ++ (info.bpp == 32 && info.alphaBits != 8))
278 + {
279 +- g_message ("Unhandled sub-format in '%s' (type = %u, bpp = %u)",
280 ++ g_message ("Unhandled sub-format in '%s' (type = %u, bpp = %u, alpha = %u)",
281 + gimp_filename_to_utf8 (filename),
282 +- info.imageType, info.bpp);
283 ++ info.imageType, info.bpp, info.alphaBits);
284 + return -1;
285 + }
286 + break;
287 +--
288 +cgit v0.12
289 +
290
291 diff --git a/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17786-2.patch b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17786-2.patch
292 new file mode 100644
293 index 00000000000..7177dd3c1f1
294 --- /dev/null
295 +++ b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17786-2.patch
296 @@ -0,0 +1,31 @@
297 +From 22e2571c25425f225abdb11a566cc281fca6f366 Mon Sep 17 00:00:00 2001
298 +From: Jehan <jehan@×××××××××.io>
299 +Date: Wed, 20 Dec 2017 13:26:26 +0100
300 +Subject: plug-ins: TGA 16-bit RGB (without alpha bit) is also valid.
301 +
302 +According to some spec on the web, 16-bit RGB is also valid. In this
303 +case, the last bit is simply ignored (at least that's how it is
304 +implemented right now).
305 +
306 +(cherry picked from commit 8ea316667c8a3296bce2832b3986b58d0fdfc077)
307 +---
308 + plug-ins/common/file-tga.c | 3 ++-
309 + 1 file changed, 2 insertions(+), 1 deletion(-)
310 +
311 +diff --git a/plug-ins/common/file-tga.c b/plug-ins/common/file-tga.c
312 +index 426acc2..eb14a1d 100644
313 +--- a/plug-ins/common/file-tga.c
314 ++++ b/plug-ins/common/file-tga.c
315 +@@ -568,7 +568,8 @@ load_image (const gchar *filename,
316 + info.bpp != 24 && info.bpp != 32) ||
317 + ((info.bpp == 15 || info.bpp == 24) &&
318 + info.alphaBits != 0) ||
319 +- (info.bpp == 16 && info.alphaBits != 1) ||
320 ++ (info.bpp == 16 && info.alphaBits != 1 &&
321 ++ info.alphaBits != 0) ||
322 + (info.bpp == 32 && info.alphaBits != 8))
323 + {
324 + g_message ("Unhandled sub-format in '%s' (type = %u, bpp = %u, alpha = %u)",
325 +--
326 +cgit v0.12
327 +
328
329 diff --git a/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17787.patch b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17787.patch
330 new file mode 100644
331 index 00000000000..654726388ea
332 --- /dev/null
333 +++ b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17787.patch
334 @@ -0,0 +1,33 @@
335 +From 87ba505fff85989af795f4ab6a047713f4d9381d Mon Sep 17 00:00:00 2001
336 +From: Jehan <jehan@×××××××××.io>
337 +Date: Thu, 21 Dec 2017 12:49:41 +0100
338 +Subject: Bug 790853 - (CVE-2017-17787) heap overread in psp importer.
339 +
340 +As any external data, we have to check that strings being read at fixed
341 +length are properly nul-terminated.
342 +
343 +(cherry picked from commit eb2980683e6472aff35a3117587c4f814515c74d)
344 +---
345 + plug-ins/common/file-psp.c | 6 ++++++
346 + 1 file changed, 6 insertions(+)
347 +
348 +diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c
349 +index 4cbafe3..e350e4d 100644
350 +--- a/plug-ins/common/file-psp.c
351 ++++ b/plug-ins/common/file-psp.c
352 +@@ -890,6 +890,12 @@ read_creator_block (FILE *f,
353 + g_free (string);
354 + return -1;
355 + }
356 ++ if (string[length - 1] != '\0')
357 ++ {
358 ++ g_message ("Creator keyword data not nul-terminated");
359 ++ g_free (string);
360 ++ return -1;
361 ++ }
362 + switch (keyword)
363 + {
364 + case PSP_CRTR_FLD_TITLE:
365 +--
366 +cgit v0.12
367 +
368
369 diff --git a/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17788.patch b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17788.patch
370 new file mode 100644
371 index 00000000000..2bf16b85e60
372 --- /dev/null
373 +++ b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17788.patch
374 @@ -0,0 +1,29 @@
375 +From: Hanno Boeck <hanno@××××××.de>
376 +Date: Mon, 27 Nov 2017 00:37:29 +0100
377 +Subject: 790783 - buffer overread in XCF parser if version field...
378 +Origin: https://git.gnome.org/browse/GIMP/commit/?id=702c4227e8b6169f781e4bb5ae4b5733f51ab126
379 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17788
380 +Bug-Debian: https://bugs.debian.org/885347
381 +Bug: https://bugzilla.gnome.org/show_bug.cgi?id=790783
382 +
383 +...has no null terminator
384 +
385 +Check for the presence of '\0' before using atoi() on the version
386 +string. Patch slightly modified (mitch).
387 +[carnil: backport to gimp-2-8: affected code in xcf_load_invoker]
388 +---
389 + app/xcf/xcf.c | 3 ++-
390 + 1 file changed, 2 insertions(+), 1 deletion(-)
391 +
392 +--- a/app/xcf/xcf.c
393 ++++ b/app/xcf/xcf.c
394 +@@ -318,7 +318,8 @@ xcf_load_invoker (GimpProcedure *pr
395 + {
396 + info.file_version = 0;
397 + }
398 +- else if (id[9] == 'v')
399 ++ else if (id[9] == 'v' &&
400 ++ id[13] == '\0')
401 + {
402 + info.file_version = atoi (id + 10);
403 + }
404
405 diff --git a/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17789.patch b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17789.patch
406 new file mode 100644
407 index 00000000000..3d63694f679
408 --- /dev/null
409 +++ b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17789.patch
410 @@ -0,0 +1,38 @@
411 +From 01898f10f87a094665a7fdcf7153990f4e511d3f Mon Sep 17 00:00:00 2001
412 +From: Jehan <jehan@×××××××××.io>
413 +Date: Wed, 20 Dec 2017 16:44:20 +0100
414 +Subject: Bug 790849 - (CVE-2017-17789) CVE-2017-17789 Heap buffer overflow...
415 +
416 +... in PSP importer.
417 +Check if declared block length is valid (i.e. within the actual file)
418 +before going further.
419 +Consider the file as broken otherwise and fail loading it.
420 +
421 +(cherry picked from commit 28e95fbeb5720e6005a088fa811f5bf3c1af48b8)
422 +---
423 + plug-ins/common/file-psp.c | 9 +++++++++
424 + 1 file changed, 9 insertions(+)
425 +
426 +diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c
427 +index ac0fff7..4cbafe3 100644
428 +--- a/plug-ins/common/file-psp.c
429 ++++ b/plug-ins/common/file-psp.c
430 +@@ -1771,6 +1771,15 @@ load_image (const gchar *filename,
431 + {
432 + block_start = ftell (f);
433 +
434 ++ if (block_start + block_total_len > st.st_size)
435 ++ {
436 ++ g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
437 ++ _("Could not open '%s' for reading: %s"),
438 ++ gimp_filename_to_utf8 (filename),
439 ++ _("invalid block size"));
440 ++ goto error;
441 ++ }
442 ++
443 + if (id == PSP_IMAGE_BLOCK)
444 + {
445 + if (block_number != 0)
446 +--
447 +cgit v0.12
448 +
449
450 diff --git a/media-gfx/gimp/files/gimp-2.9.8-cve-2017-17784.patch b/media-gfx/gimp/files/gimp-2.9.8-cve-2017-17784.patch
451 new file mode 100644
452 index 00000000000..e46703d3d3d
453 --- /dev/null
454 +++ b/media-gfx/gimp/files/gimp-2.9.8-cve-2017-17784.patch
455 @@ -0,0 +1,30 @@
456 +From 06d24a79af94837d615d0024916bb95a01bf3c59 Mon Sep 17 00:00:00 2001
457 +From: Jehan <jehan@×××××××××.io>
458 +Date: Thu, 21 Dec 2017 12:15:34 +0100
459 +Subject: Bug 790784 - (CVE-2017-17784) heap overread in gbr parser /
460 + load_image.
461 +
462 +We were assuming the input name was well formed, hence was
463 +nul-terminated. As any data coming from external input, this has to be
464 +thorougly checked.
465 +---
466 + plug-ins/common/file-gbr.c | 3 ++-
467 + 1 file changed, 2 insertions(+), 1 deletion(-)
468 +
469 +diff --git a/plug-ins/common/file-gbr.c b/plug-ins/common/file-gbr.c
470 +index b8933e7..585e74a 100644
471 +--- a/plug-ins/common/file-gbr.c
472 ++++ b/plug-ins/common/file-gbr.c
473 +@@ -456,7 +456,8 @@ load_image (GFile *file,
474 +
475 + if (! g_input_stream_read_all (input, temp, size,
476 + &bytes_read, NULL, error) ||
477 +- bytes_read != size)
478 ++ bytes_read != size ||
479 ++ temp[size - 1] != '\0')
480 + {
481 + g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
482 + _("Error in GIMP brush file '%s'"),
483 +--
484 +cgit v0.12
485 +
486
487 diff --git a/media-gfx/gimp/gimp-2.8.22-r1.ebuild b/media-gfx/gimp/gimp-2.8.22-r1.ebuild
488 new file mode 100644
489 index 00000000000..afa66f12019
490 --- /dev/null
491 +++ b/media-gfx/gimp/gimp-2.8.22-r1.ebuild
492 @@ -0,0 +1,176 @@
493 +# Copyright 1999-2018 Gentoo Foundation
494 +# Distributed under the terms of the GNU General Public License v2
495 +
496 +EAPI=5
497 +PYTHON_COMPAT=( python2_7 )
498 +
499 +inherit versionator virtualx autotools eutils gnome2 fdo-mime multilib python-single-r1
500 +
501 +DESCRIPTION="GNU Image Manipulation Program"
502 +HOMEPAGE="https://www.gimp.org/"
503 +SRC_URI="mirror://gimp/v$(get_version_component_range 1-2)/${P}.tar.bz2"
504 +LICENSE="GPL-3 LGPL-3"
505 +SLOT="2"
506 +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~x64-solaris ~x86-solaris"
507 +
508 +LANGS="am ar ast az be bg br ca ca@valencia cs csb da de dz el en_CA en_GB eo es et eu fa fi fr ga gl gu he hi hr hu id is it ja ka kk km kn ko lt lv mk ml ms my nb nds ne nl nn oc pa pl pt pt_BR ro ru rw si sk sl sr sr@latin sv ta te th tr tt uk vi xh yi zh_CN zh_HK zh_TW"
509 +IUSE="alsa aalib altivec aqua bzip2 curl dbus debug doc exif gnome postscript jpeg jpeg2k lcms cpu_flags_x86_mmx mng pdf png python smp cpu_flags_x86_sse svg tiff udev wmf xpm"
510 +
511 +for lang in ${LANGS}; do
512 + IUSE+=" linguas_${lang}"
513 +done
514 +
515 +RDEPEND=">=dev-libs/glib-2.30.2:2
516 + >=dev-libs/atk-2.2.0
517 + >=x11-libs/gtk+-2.24.10:2
518 + >=x11-libs/gdk-pixbuf-2.24.1:2
519 + >=x11-libs/cairo-1.10.2
520 + >=x11-libs/pango-1.29.4
521 + xpm? ( x11-libs/libXpm )
522 + >=media-libs/freetype-2.1.7
523 + >=media-libs/fontconfig-2.2.0
524 + sys-libs/zlib
525 + dev-libs/libxml2
526 + dev-libs/libxslt
527 + x11-themes/hicolor-icon-theme
528 + >=media-libs/babl-0.1.10
529 + >=media-libs/gegl-0.2.0:0
530 + aalib? ( media-libs/aalib )
531 + alsa? ( media-libs/alsa-lib )
532 + aqua? ( x11-libs/gtk-mac-integration )
533 + curl? ( net-misc/curl )
534 + dbus? ( dev-libs/dbus-glib )
535 + gnome? ( gnome-base/gvfs )
536 + jpeg? ( virtual/jpeg:0 )
537 + jpeg2k? ( media-libs/jasper:= )
538 + exif? ( >=media-libs/libexif-0.6.15 )
539 + lcms? ( >=media-libs/lcms-2.2:2 )
540 + mng? ( media-libs/libmng )
541 + pdf? ( >=app-text/poppler-0.12.4[cairo] )
542 + png? ( >=media-libs/libpng-1.2.37:0 )
543 + python? (
544 + ${PYTHON_DEPS}
545 + >=dev-python/pygtk-2.10.4:2[${PYTHON_USEDEP}]
546 + )
547 + tiff? ( >=media-libs/tiff-3.5.7:0 )
548 + svg? ( >=gnome-base/librsvg-2.36.0:2 )
549 + wmf? ( >=media-libs/libwmf-0.2.8 )
550 + x11-libs/libXcursor
551 + sys-libs/zlib
552 + bzip2? ( app-arch/bzip2 )
553 + postscript? ( app-text/ghostscript-gpl )
554 + udev? ( virtual/libgudev:= )"
555 +DEPEND="${RDEPEND}
556 + sys-apps/findutils
557 + virtual/pkgconfig
558 + >=dev-util/intltool-0.40.1
559 + >=sys-devel/gettext-0.19
560 + doc? ( >=dev-util/gtk-doc-1 )
561 + >=sys-devel/libtool-2.2
562 + >=sys-devel/automake-1.11
563 + dev-util/gtk-doc-am" # due to our call to eautoreconf below (bug #386453)
564 +
565 +DOCS="AUTHORS ChangeLog* HACKING NEWS README*"
566 +
567 +S="${WORKDIR}"/${P}
568 +
569 +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
570 +
571 +pkg_setup() {
572 + G2CONF="--enable-default-binary \
573 + --disable-silent-rules \
574 + $(use_with !aqua x) \
575 + $(use_with aalib aa) \
576 + $(use_with alsa) \
577 + $(use_enable altivec) \
578 + $(use_with bzip2) \
579 + $(use_with curl libcurl) \
580 + $(use_with dbus) \
581 + $(use_with gnome gvfs) \
582 + --without-webkit \
583 + $(use_with jpeg libjpeg) \
584 + $(use_with jpeg2k libjasper) \
585 + $(use_with exif libexif) \
586 + $(use_with lcms lcms lcms2) \
587 + $(use_with postscript gs) \
588 + $(use_enable cpu_flags_x86_mmx mmx) \
589 + $(use_with mng libmng) \
590 + $(use_with pdf poppler) \
591 + $(use_with png libpng) \
592 + $(use_enable python) \
593 + $(use_enable smp mp) \
594 + $(use_enable cpu_flags_x86_sse sse) \
595 + $(use_with svg librsvg) \
596 + $(use_with tiff libtiff) \
597 + $(use_with udev gudev) \
598 + $(use_with wmf) \
599 + --with-xmc \
600 + $(use_with xpm libxpm) \
601 + --without-xvfb-run"
602 +
603 + if use python; then
604 + python-single-r1_pkg_setup
605 + fi
606 +}
607 +
608 +src_prepare() {
609 + epatch "${FILESDIR}"/${P}-cve-2017-17784.patch # bug 641954
610 + epatch "${FILESDIR}"/${P}-cve-2017-17785.patch # bug 641954
611 + epatch "${FILESDIR}"/${P}-cve-2017-17786-1.patch # bug 641954
612 + epatch "${FILESDIR}"/${P}-cve-2017-17786-2.patch # bug 641954
613 + epatch "${FILESDIR}"/${P}-cve-2017-17787.patch # bug 641954
614 + epatch "${FILESDIR}"/${P}-cve-2017-17788.patch # bug 641954
615 + epatch "${FILESDIR}"/${P}-cve-2017-17789.patch # bug 641954
616 +
617 + epatch "${FILESDIR}"/${PN}-2.8.14-blend-center.patch # bug 558878
618 + epatch "${FILESDIR}"/${PN}-2.7.4-no-deprecation.patch # bug 395695, comment 9 and 16
619 + epatch "${FILESDIR}"/${PN}-2.8.10-clang.patch # bug 449370 compile with clang
620 +
621 + sed -i -e 's/== "xquartz"/= "xquartz"/' configure.ac || die #494864
622 + eautoreconf # If you remove this: remove dev-util/gtk-doc-am from DEPEND, too
623 +
624 + gnome2_src_prepare
625 +}
626 +
627 +_clean_up_locales() {
628 + einfo "Cleaning up locales..."
629 + for lang in ${LANGS}; do
630 + use "linguas_${lang}" && {
631 + einfo "- keeping ${lang}"
632 + continue
633 + }
634 + rm -Rf "${ED}"/usr/share/locale/"${lang}" || die
635 + done
636 +}
637 +
638 +src_test() {
639 + Xemake check
640 +}
641 +
642 +src_install() {
643 + gnome2_src_install
644 +
645 + if use python; then
646 + python_optimize
647 + fi
648 +
649 + # Workaround for bug #321111 to give GIMP the least
650 + # precedence on PDF documents by default
651 + mv "${ED}"/usr/share/applications/{,zzz-}gimp.desktop || die
652 +
653 + prune_libtool_files --all
654 +
655 + # Prevent dead symlink gimp-console.1 from downstream man page compression (bug #433527)
656 + local gimp_app_version=$(get_version_component_range 1-2)
657 + mv "${ED}"/usr/share/man/man1/gimp-console{-${gimp_app_version},}.1 || die
658 +
659 + _clean_up_locales
660 +}
661 +
662 +pkg_postinst() {
663 + gnome2_pkg_postinst
664 +}
665 +
666 +pkg_postrm() {
667 + gnome2_pkg_postrm
668 +}
669
670 diff --git a/media-gfx/gimp/gimp-2.9.8-r1.ebuild b/media-gfx/gimp/gimp-2.9.8-r1.ebuild
671 new file mode 100644
672 index 00000000000..76986e47e6e
673 --- /dev/null
674 +++ b/media-gfx/gimp/gimp-2.9.8-r1.ebuild
675 @@ -0,0 +1,205 @@
676 +# Copyright 1999-2018 Gentoo Foundation
677 +# Distributed under the terms of the GNU General Public License v2
678 +
679 +EAPI=6
680 +PYTHON_COMPAT=( python2_7 )
681 +
682 +inherit versionator virtualx autotools eutils gnome2 multilib python-single-r1
683 +
684 +DESCRIPTION="GNU Image Manipulation Program"
685 +HOMEPAGE="https://www.gimp.org/"
686 +SRC_URI="mirror://gimp/v$(get_version_component_range 1-2)/${P}.tar.bz2"
687 +LICENSE="GPL-3 LGPL-3"
688 +SLOT="2"
689 +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc64 ~x86"
690 +
691 +LANGS="am ar ast az be bg br ca ca@valencia cs csb da de dz el en_CA en_GB eo es et eu fa fi fr ga gl gu he hi hr hu id is it ja ka kk km kn ko lt lv mk ml ms my nb nds ne nl nn oc pa pl pt pt_BR ro ru rw si sk sl sr sr@latin sv ta te th tr tt uk vi xh yi zh_CN zh_HK zh_TW"
692 +IUSE="alsa aalib altivec aqua debug doc openexr gnome postscript jpeg2k cpu_flags_x86_mmx mng pdf python smp cpu_flags_x86_sse udev vector-icons webp wmf xpm"
693 +
694 +for lang in ${LANGS}; do
695 + IUSE+=" linguas_${lang}"
696 +done
697 +
698 +RDEPEND=">=dev-libs/glib-2.40.0:2
699 + >=dev-libs/atk-2.2.0
700 + >=x11-libs/gtk+-2.24.10:2
701 + dev-util/gtk-update-icon-cache
702 + >=x11-libs/gdk-pixbuf-2.31:2
703 + >=x11-libs/cairo-1.12.2
704 + >=x11-libs/pango-1.29.4
705 + xpm? ( x11-libs/libXpm )
706 + >=media-libs/freetype-2.1.7
707 + >=media-libs/harfbuzz-0.9.19
708 + >=media-libs/gexiv2-0.10.6
709 + >=media-libs/libmypaint-1.3.0[gegl]
710 + >=media-libs/fontconfig-2.2.0
711 + sys-libs/zlib
712 + dev-libs/libxml2
713 + dev-libs/libxslt
714 + x11-themes/hicolor-icon-theme
715 + >=media-libs/babl-0.1.38
716 + >=media-libs/gegl-0.3.24:0.3[cairo]
717 + >=dev-libs/glib-2.43
718 + aalib? ( media-libs/aalib )
719 + alsa? ( media-libs/alsa-lib )
720 + aqua? ( x11-libs/gtk-mac-integration )
721 + gnome? ( gnome-base/gvfs )
722 + virtual/jpeg:0
723 + jpeg2k? ( media-libs/jasper:= )
724 + >=media-libs/lcms-2.8:2
725 + mng? ( media-libs/libmng )
726 + openexr? ( >=media-libs/openexr-1.6.1 )
727 + pdf? ( >=app-text/poppler-0.44[cairo] >=app-text/poppler-data-0.4.7 )
728 + >=media-libs/libpng-1.6.25:0
729 + python? (
730 + ${PYTHON_DEPS}
731 + >=dev-python/pygtk-2.10.4:2[${PYTHON_USEDEP}]
732 + >=dev-python/pycairo-1.0.2[${PYTHON_USEDEP}]
733 + )
734 + >=media-libs/tiff-3.5.7:0
735 + >=gnome-base/librsvg-2.40.6:2
736 + webp? ( >=media-libs/libwebp-0.6.0 )
737 + wmf? ( >=media-libs/libwmf-0.2.8 )
738 + net-libs/glib-networking[ssl]
739 + x11-libs/libXcursor
740 + sys-libs/zlib
741 + app-arch/bzip2
742 + >=app-arch/xz-utils-5.0.0
743 + postscript? ( app-text/ghostscript-gpl )
744 + udev? ( virtual/libgudev:= )"
745 +DEPEND="${RDEPEND}
746 + >=dev-lang/perl-5.10.0
747 + dev-libs/appstream-glib
748 + sys-apps/findutils
749 + virtual/pkgconfig
750 + >=dev-util/intltool-0.40.1
751 + >=sys-devel/gettext-0.19
752 + doc? ( >=dev-util/gtk-doc-1 )
753 + >=sys-devel/libtool-2.2
754 + >=sys-devel/automake-1.11
755 + dev-util/gtk-doc-am" # due to our call to eautoreconf below (bug #386453)
756 +
757 +DOCS="AUTHORS ChangeLog* HACKING NEWS README*"
758 +
759 +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
760 +
761 +pkg_setup() {
762 + if use python; then
763 + python-single-r1_pkg_setup
764 + fi
765 +}
766 +
767 +src_prepare() {
768 + epatch "${FILESDIR}"/${P}-cve-2017-17784.patch # bug 641954
769 + epatch "${FILESDIR}"/${PN}-2.8.22-cve-2017-17785.patch # bug 641954
770 + epatch "${FILESDIR}"/${PN}-2.8.22-cve-2017-17786-1.patch # bug 641954
771 + epatch "${FILESDIR}"/${PN}-2.8.22-cve-2017-17786-2.patch # bug 641954
772 + epatch "${FILESDIR}"/${PN}-2.8.22-cve-2017-17787.patch # bug 641954
773 + # NOTE: CVE-2017-17788 already fixed upstream
774 + epatch "${FILESDIR}"/${PN}-2.8.22-cve-2017-17789.patch # bug 641954
775 +
776 + eapply_user
777 +
778 + sed -i -e 's/== "xquartz"/= "xquartz"/' configure.ac || die #494864
779 + sed 's:-DGIMP_DISABLE_DEPRECATED:-DGIMP_protect_DISABLE_DEPRECATED:g' -i configure.ac || die #615144
780 + eautoreconf # If you remove this: remove dev-util/gtk-doc-am from DEPEND, too
781 +
782 + gnome2_src_prepare
783 +
784 + sed 's:-DGIMP_protect_DISABLE_DEPRECATED:-DGIMP_DISABLE_DEPRECATED:g' -i configure || die #615144
785 + fgrep -q GIMP_DISABLE_DEPRECATED configure || die #615144, self-test
786 +}
787 +
788 +src_configure() {
789 + local myconf=(
790 + GEGL=${EPREFIX}/usr/bin/gegl-0.3
791 + GDBUS_CODEGEN=${EPREFIX}/bin/false
792 +
793 + --enable-default-binary
794 + --disable-silent-rules
795 +
796 + $(use_with !aqua x)
797 + $(use_with aalib aa)
798 + $(use_with alsa)
799 + $(use_enable altivec)
800 + --with-appdata-test
801 + --without-webkit
802 + $(use_with jpeg2k libjasper)
803 + $(use_with postscript gs)
804 + $(use_enable cpu_flags_x86_mmx mmx)
805 + $(use_with mng libmng)
806 + $(use_with openexr)
807 + $(use_with webp)
808 + $(use_with pdf poppler)
809 + $(use_enable python)
810 + $(use_enable smp mp)
811 + $(use_enable cpu_flags_x86_sse sse)
812 + $(use_with udev gudev)
813 + $(use_with wmf)
814 + --with-xmc
815 + $(use_with xpm libxpm)
816 + $(use_enable vector-icons)
817 + --without-xvfb-run
818 + )
819 +
820 + gnome2_src_configure "${myconf[@]}"
821 +}
822 +
823 +src_compile() {
824 + # Bugs #569738 and #591214
825 + local nv
826 + for nv in /dev/nvidia-uvm /dev/nvidiactl /dev/nvidia{0..9} ; do
827 + # We do not check for existence as they may show up later
828 + # https://bugs.gentoo.org/show_bug.cgi?id=569738#c21
829 + addwrite "${nv}"
830 + done
831 + addwrite /dev/dri/ # bug #574038
832 + addwrite /dev/ati/ # bug 589198
833 + addwrite /proc/mtrr # bug 589198
834 +
835 + export XDG_DATA_DIRS=${EPREFIX}/usr/share # bug 587004
836 + gnome2_src_compile
837 +}
838 +
839 +_clean_up_locales() {
840 + einfo "Cleaning up locales..."
841 + for lang in ${LANGS}; do
842 + use "linguas_${lang}" && {
843 + einfo "- keeping ${lang}"
844 + continue
845 + }
846 + rm -Rf "${ED}"/usr/share/locale/"${lang}" || die
847 + done
848 +}
849 +
850 +src_test() {
851 + virtx emake check
852 +}
853 +
854 +src_install() {
855 + gnome2_src_install
856 +
857 + if use python; then
858 + python_optimize
859 + fi
860 +
861 + # Workaround for bug #321111 to give GIMP the least
862 + # precedence on PDF documents by default
863 + mv "${ED}"/usr/share/applications/{,zzz-}gimp.desktop || die
864 +
865 + prune_libtool_files --all
866 +
867 + # Prevent dead symlink gimp-console.1 from downstream man page compression (bug #433527)
868 + local gimp_app_version=$(get_version_component_range 1-2)
869 + mv "${ED}"/usr/share/man/man1/gimp-console{-${gimp_app_version},}.1 || die
870 +
871 + _clean_up_locales
872 +}
873 +
874 +pkg_postinst() {
875 + gnome2_pkg_postinst
876 +}
877 +
878 +pkg_postrm() {
879 + gnome2_pkg_postrm
880 +}
Report Message
Find on MARC Find on Google Groups