diff options
| author |   Agostino Sarubbo <ago@gentoo.org> | 2017-04-04 09:24:52 +0200 |
|---|---|---|
| committer | Agostino Sarubbo <ago@gentoo.org> | 2017-04-04 09:24:52 +0200 |
| commit | 2fcc7c830301a4ae876393e6ca0e1f74b7deca9f (patch) | |
| tree | c548bbc8da29830b4a13101a57c49b0736cd3dac /media-gfx | |
| parent | dev-ruby/parslet: add 1.8.0 (diff) | |
| download | gentoo-2fcc7c830301a4ae876393e6ca0e1f74b7deca9f.tar.gz gentoo-2fcc7c830301a4ae876393e6ca0e1f74b7deca9f.tar.bz2 gentoo-2fcc7c830301a4ae876393e6ca0e1f74b7deca9f.zip | |
media-gfx/autotrace: add a patch to fix CVE-2016-7392, wrt bug #613992
Package-Manager: Portage-2.3.3, Repoman-2.3.1
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
Diffstat (limited to 'media-gfx')
| -rw-r--r-- | media-gfx/autotrace/autotrace-0.31.1-r8.ebuild | 63 | ||||
| -rw-r--r-- | media-gfx/autotrace/files/autotrace-0.31.1-CVE-2016-7392.patch | 15 |
2 files changed, 78 insertions, 0 deletions
diff --git a/media-gfx/autotrace/autotrace-0.31.1-r8.ebuild b/media-gfx/autotrace/autotrace-0.31.1-r8.ebuild new file mode 100644 index 000000000000..685183f2c27e --- /dev/null +++ b/media-gfx/autotrace/autotrace-0.31.1-r8.ebuild @@ -0,0 +1,63 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 +inherit autotools eutils + +_dpatch=15 + +DESCRIPTION="A program for converting bitmaps to vector graphics" +HOMEPAGE="http://packages.qa.debian.org/a/autotrace.html http://autotrace.sourceforge.net/" +SRC_URI="mirror://debian/pool/main/a/${PN}/${PN}_${PV}.orig.tar.gz + mirror://debian/pool/main/a/${PN}/${PN}_${PV}-${_dpatch}.diff.gz" + +LICENSE="GPL-2 LGPL-2.1" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~amd64-fbsd ~x86-fbsd" +IUSE="+imagemagick static-libs" + +RDEPEND="media-libs/libexif:= + media-libs/libpng:0= + >=media-libs/ming-0.4.2:= + >=media-gfx/pstoedit-3.50:= + imagemagick? ( >=media-gfx/imagemagick-6.6.2.5 )" +DEPEND="${RDEPEND} + virtual/pkgconfig" + +DOCS=( AUTHORS ChangeLog NEWS README ) + +src_prepare() { + epatch "${WORKDIR}"/${PN}_${PV}-${_dpatch}.diff + + epatch \ + "${FILESDIR}"/${P}-{m4,libpng14,pkgconfig}.patch \ + "${FILESDIR}"/${P}-swf-output.patch \ + "${FILESDIR}"/${P}-GetOnePixel.patch \ + "${FILESDIR}"/${P}-libpng-1.5.patch + + # Fix building on PowerPC with Altivec + epatch "${FILESDIR}"/${P}-bool.patch + + # Addresses bug #466078 + epatch "${FILESDIR}"/${P}-CVE-2013-1953.patch + + # bug #613992 + epatch "${FILESDIR}"/${P}-CVE-2016-7392.patch + + sed -i -e 's:AM_CONFIG_HEADER:AC_CONFIG_HEADERS:' configure.in || die #468496 + + eautoreconf +} + +src_configure() { + econf \ + $(use_enable static-libs static) \ + $(use_with imagemagick magick) \ + --with-ming \ + --with-pstoedit +} + +src_install() { + default + prune_libtool_files --all +} diff --git a/media-gfx/autotrace/files/autotrace-0.31.1-CVE-2016-7392.patch b/media-gfx/autotrace/files/autotrace-0.31.1-CVE-2016-7392.patch new file mode 100644 index 000000000000..e3bb0303cb8f --- /dev/null +++ b/media-gfx/autotrace/files/autotrace-0.31.1-CVE-2016-7392.patch @@ -0,0 +1,15 @@ +Patch from debian to fix CVE-2016-7392 +https://blogs.gentoo.org/ago/2016/09/10/autotrace-heap-based-buffer-overflow-in-pstoedit_suffix_table_init-output-pstoedit-c/ + +--- a/output-pstoedit.c ++++ b/output-pstoedit.c +@@ -84,7 +84,7 @@ + dd_tmp = dd_start; + while (dd_tmp->symbolicname) + dd_tmp++; +- XMALLOC(pstoedit_suffix_table, sizeof(char *) * 2 * (dd_tmp - dd_start) + 1); ++ XMALLOC(pstoedit_suffix_table, sizeof(char *) * (2 * (dd_tmp - dd_start) + 1)); + + #if defined (OUTPUT_PSTOEDIT_DEBUG) && defined(__GNUC__) + fprintf(stderr, "OUTPUT PSTOEDIT BACKEND DEBUG(%s)\n", __FUNCTION__); + |