[gentoo-commits] repo/gentoo:master commit in: media-gfx/autotrace/, media-gfx/autotrace/files/ - gentoo-commits

From:	Agostino Sarubbo <ago@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: media-gfx/autotrace/, media-gfx/autotrace/files/
Date:	Tue, 04 Apr 2017 07:25:10
Message-Id:	`1491290692.2fcc7c830301a4ae876393e6ca0e1f74b7deca9f.ago@gentoo`

1

commit:     2fcc7c830301a4ae876393e6ca0e1f74b7deca9f

2

Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>

3

AuthorDate: Tue Apr  4 07:24:52 2017 +0000

4

Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>

5

CommitDate: Tue Apr  4 07:24:52 2017 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2fcc7c83

7

8

media-gfx/autotrace: add a patch to fix CVE-2016-7392, wrt bug #613992

9

10

Package-Manager: Portage-2.3.3, Repoman-2.3.1

11

Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

12

13

 media-gfx/autotrace/autotrace-0.31.1-r8.ebuild     | 63 ++++++++++++++++++++++

14

 .../files/autotrace-0.31.1-CVE-2016-7392.patch     | 15 ++++++

15

 2 files changed, 78 insertions(+)

16

17

diff --git a/media-gfx/autotrace/autotrace-0.31.1-r8.ebuild b/media-gfx/autotrace/autotrace-0.31.1-r8.ebuild

18

new file mode 100644

19

index 00000000000..685183f2c27

20

--- /dev/null

21

+++ b/media-gfx/autotrace/autotrace-0.31.1-r8.ebuild

22

@@ -0,0 +1,63 @@

23

+# Copyright 1999-2017 Gentoo Foundation

24

+# Distributed under the terms of the GNU General Public License v2

25

+

26

+EAPI=5

27

+inherit autotools eutils

28

+

29

+_dpatch=15

30

+

31

+DESCRIPTION="A program for converting bitmaps to vector graphics"

32

+HOMEPAGE="http://packages.qa.debian.org/a/autotrace.html http://autotrace.sourceforge.net/"

33

+SRC_URI="mirror://debian/pool/main/a/${PN}/${PN}_${PV}.orig.tar.gz

34

+	mirror://debian/pool/main/a/${PN}/${PN}_${PV}-${_dpatch}.diff.gz"

35

+

36

+LICENSE="GPL-2 LGPL-2.1"

37

+SLOT="0"

38

+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~amd64-fbsd ~x86-fbsd"

39

+IUSE="+imagemagick static-libs"

40

+

41

+RDEPEND="media-libs/libexif:=

42

+	media-libs/libpng:0=

43

+	>=media-libs/ming-0.4.2:=

44

+	>=media-gfx/pstoedit-3.50:=

45

+	imagemagick? ( >=media-gfx/imagemagick-6.6.2.5 )"

46

+DEPEND="${RDEPEND}

47

+	virtual/pkgconfig"

48

+

49

+DOCS=( AUTHORS ChangeLog NEWS README )

50

+

51

+src_prepare() {

52

+	epatch "${WORKDIR}"/${PN}_${PV}-${_dpatch}.diff

53

+

54

+	epatch \

55

+		"${FILESDIR}"/${P}-{m4,libpng14,pkgconfig}.patch \

56

+		"${FILESDIR}"/${P}-swf-output.patch \

57

+		"${FILESDIR}"/${P}-GetOnePixel.patch \

58

+		"${FILESDIR}"/${P}-libpng-1.5.patch

59

+

60

+	# Fix building on PowerPC with Altivec

61

+	epatch "${FILESDIR}"/${P}-bool.patch

62

+

63

+	# Addresses bug #466078

64

+	epatch "${FILESDIR}"/${P}-CVE-2013-1953.patch

65

+

66

+	# bug #613992

67

+	epatch "${FILESDIR}"/${P}-CVE-2016-7392.patch

68

+

69

+	sed -i -e 's:AM_CONFIG_HEADER:AC_CONFIG_HEADERS:' configure.in || die #468496

70

+

71

+	eautoreconf

72

+}

73

+

74

+src_configure() {

75

+	econf \

76

+		$(use_enable static-libs static) \

77

+		$(use_with imagemagick magick) \

78

+		--with-ming \

79

+		--with-pstoedit

80

+}

81

+

82

+src_install() {

83

+	default

84

+	prune_libtool_files --all

85

+}

86

87

diff --git a/media-gfx/autotrace/files/autotrace-0.31.1-CVE-2016-7392.patch b/media-gfx/autotrace/files/autotrace-0.31.1-CVE-2016-7392.patch

88

new file mode 100644

89

index 00000000000..e3bb0303cb8

90

--- /dev/null

91

+++ b/media-gfx/autotrace/files/autotrace-0.31.1-CVE-2016-7392.patch

92

@@ -0,0 +1,15 @@

93

+Patch from debian to fix CVE-2016-7392

94

+https://blogs.gentoo.org/ago/2016/09/10/autotrace-heap-based-buffer-overflow-in-pstoedit_suffix_table_init-output-pstoedit-c/

95

+

96

+--- a/output-pstoedit.c

97

++++ b/output-pstoedit.c

98

+@@ -84,7 +84,7 @@

99

+       dd_tmp   = dd_start;

100

+       while (dd_tmp->symbolicname)

101

+ 	dd_tmp++;

102

+-      XMALLOC(pstoedit_suffix_table, sizeof(char *) * 2 * (dd_tmp - dd_start) + 1);

103

++      XMALLOC(pstoedit_suffix_table, sizeof(char *) * (2 * (dd_tmp - dd_start) + 1));

104

+

105

+ #if defined (OUTPUT_PSTOEDIT_DEBUG) && defined(__GNUC__)

106

+   fprintf(stderr, "OUTPUT PSTOEDIT BACKEND DEBUG(%s)\n", __FUNCTION__);

107

+

1	commit: 2fcc7c830301a4ae876393e6ca0e1f74b7deca9f
2	Author: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
3	AuthorDate: Tue Apr 4 07:24:52 2017 +0000
4	Commit: Agostino Sarubbo <ago <AT> gentoo <DOT> org>
5	CommitDate: Tue Apr 4 07:24:52 2017 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2fcc7c83
7
8	media-gfx/autotrace: add a patch to fix CVE-2016-7392, wrt bug #613992
9
10	Package-Manager: Portage-2.3.3, Repoman-2.3.1
11	Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>
12
13	media-gfx/autotrace/autotrace-0.31.1-r8.ebuild \| 63 ++++++++++++++++++++++
14	.../files/autotrace-0.31.1-CVE-2016-7392.patch \| 15 ++++++
15	2 files changed, 78 insertions(+)
16
17	diff --git a/media-gfx/autotrace/autotrace-0.31.1-r8.ebuild b/media-gfx/autotrace/autotrace-0.31.1-r8.ebuild
18	new file mode 100644
19	index 00000000000..685183f2c27
20	--- /dev/null
21	+++ b/media-gfx/autotrace/autotrace-0.31.1-r8.ebuild
22	@@ -0,0 +1,63 @@
23	+# Copyright 1999-2017 Gentoo Foundation
24	+# Distributed under the terms of the GNU General Public License v2
25	+
26	+EAPI=5
27	+inherit autotools eutils
28	+
29	+_dpatch=15
30	+
31	+DESCRIPTION="A program for converting bitmaps to vector graphics"
32	+HOMEPAGE="http://packages.qa.debian.org/a/autotrace.html http://autotrace.sourceforge.net/"
33	+SRC_URI="mirror://debian/pool/main/a/${PN}/${PN}_${PV}.orig.tar.gz
34	+ mirror://debian/pool/main/a/${PN}/${PN}_${PV}-${_dpatch}.diff.gz"
35	+
36	+LICENSE="GPL-2 LGPL-2.1"
37	+SLOT="0"
38	+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~amd64-fbsd ~x86-fbsd"
39	+IUSE="+imagemagick static-libs"
40	+
41	+RDEPEND="media-libs/libexif:=
42	+ media-libs/libpng:0=
43	+ >=media-libs/ming-0.4.2:=
44	+ >=media-gfx/pstoedit-3.50:=
45	+ imagemagick? ( >=media-gfx/imagemagick-6.6.2.5 )"
46	+DEPEND="${RDEPEND}
47	+ virtual/pkgconfig"
48	+
49	+DOCS=( AUTHORS ChangeLog NEWS README )
50	+
51	+src_prepare() {
52	+ epatch "${WORKDIR}"/${PN}_${PV}-${_dpatch}.diff
53	+
54	+ epatch \
55	+ "${FILESDIR}"/${P}-{m4,libpng14,pkgconfig}.patch \
56	+ "${FILESDIR}"/${P}-swf-output.patch \
57	+ "${FILESDIR}"/${P}-GetOnePixel.patch \
58	+ "${FILESDIR}"/${P}-libpng-1.5.patch
59	+
60	+ # Fix building on PowerPC with Altivec
61	+ epatch "${FILESDIR}"/${P}-bool.patch
62	+
63	+ # Addresses bug #466078
64	+ epatch "${FILESDIR}"/${P}-CVE-2013-1953.patch
65	+
66	+ # bug #613992
67	+ epatch "${FILESDIR}"/${P}-CVE-2016-7392.patch
68	+
69	+ sed -i -e 's:AM_CONFIG_HEADER:AC_CONFIG_HEADERS:' configure.in \|\| die #468496
70	+
71	+ eautoreconf
72	+}
73	+
74	+src_configure() {
75	+ econf \
76	+ $(use_enable static-libs static) \
77	+ $(use_with imagemagick magick) \
78	+ --with-ming \
79	+ --with-pstoedit
80	+}
81	+
82	+src_install() {
83	+ default
84	+ prune_libtool_files --all
85	+}
86
87	diff --git a/media-gfx/autotrace/files/autotrace-0.31.1-CVE-2016-7392.patch b/media-gfx/autotrace/files/autotrace-0.31.1-CVE-2016-7392.patch
88	new file mode 100644
89	index 00000000000..e3bb0303cb8
90	--- /dev/null
91	+++ b/media-gfx/autotrace/files/autotrace-0.31.1-CVE-2016-7392.patch
92	@@ -0,0 +1,15 @@
93	+Patch from debian to fix CVE-2016-7392
94	+https://blogs.gentoo.org/ago/2016/09/10/autotrace-heap-based-buffer-overflow-in-pstoedit_suffix_table_init-output-pstoedit-c/
95	+
96	+--- a/output-pstoedit.c
97	++++ b/output-pstoedit.c
98	+@@ -84,7 +84,7 @@
99	+ dd_tmp = dd_start;
100	+ while (dd_tmp->symbolicname)
101	+ dd_tmp++;
102	+- XMALLOC(pstoedit_suffix_table, sizeof(char ) 2 * (dd_tmp - dd_start) + 1);
103	++ XMALLOC(pstoedit_suffix_table, sizeof(char ) (2 * (dd_tmp - dd_start) + 1));
104	+
105	+ #if defined (OUTPUT_PSTOEDIT_DEBUG) && defined(__GNUC__)
106	+ fprintf(stderr, "OUTPUT PSTOEDIT BACKEND DEBUG(%s)\n", __FUNCTION__);
107	+

Gentoo Archives: gentoo-commits