summaryrefslogtreecommitdiff
path: root/media-gfx/optipng
diff options
context:
space:
mode:
authorV3n3RiX <venerix@redcorelinux.org>2017-11-26 11:42:28 +0000
committerV3n3RiX <venerix@redcorelinux.org>2017-11-26 11:42:28 +0000
commit89c6c06b8c42107dd231687a1012354e7d3039fc (patch)
treedad94f4da8a6694f3cb99f7048be2f9cf5f78f97 /media-gfx/optipng
parent796cae72cf9ed18ba01256ac1f83a686a2a76036 (diff)
gentoo resync : 26.11.2017
Diffstat (limited to 'media-gfx/optipng')
-rw-r--r--media-gfx/optipng/Manifest12
-rw-r--r--media-gfx/optipng/files/optipng-0.7.6-cve-2017-1000229.patch25
-rw-r--r--media-gfx/optipng/optipng-0.7.6-r1.ebuild56
3 files changed, 87 insertions, 6 deletions
diff --git a/media-gfx/optipng/Manifest b/media-gfx/optipng/Manifest
index 5930b797b70c..3bbcc4f0e880 100644
--- a/media-gfx/optipng/Manifest
+++ b/media-gfx/optipng/Manifest
@@ -1,6 +1,6 @@
-AUX optipng-0.7.5-estonian.patch 1014 SHA256 b0794fda40086c1e0443351477c487f04103f7c571c082d93130b398cbcae014 SHA512 535e869c42df6181f0bd30287adb9175c18e8a9730c997a6466e64870b968d9575e6952889353be5ac4232b2087b004cde953e151da4c75b8048b3cdccb8f27d WHIRLPOOL b69f09ddecc477eeef4eeeef82bc2c825bf8950b155c55a0836de2e532ff3d0a7ab148d7e7283091cfb55cb3af3b41b5a8a9b54b8a5c2e36371dfefa6be7afa0
-DIST optipng-0.7.6.tar.gz 2202237 SHA256 4870631fcbd3825605f00a168b8debf44ea1cda8ef98a73e5411eee97199be80 SHA512 d31d7494c23413d87b601a706cc2faf82923156a818da66e0bfad11741aed065db8f1b0c088d2abd66899ac192408c05f594295ded2684c4549c5f03b140a184 WHIRLPOOL c2708d111d0e57e35658d540a1bb0bbdea8fa35501be359222970e81159a6691db02053a446c250e3dd393f17918cc748de80e9cf19a355dcd5da867716fb359
-EBUILD optipng-0.7.6.ebuild 1264 SHA256 c796916ae8d8484f756de2053130834ffc74d0c5605cd98e06b0fafd362a620d SHA512 acfe88a65ae266104b41044ccbd6961326a711e67797ebf176af972d08471b1e958bad2a1b46243e59ddb0f6eb10a95dcada7a76a6235970902f7ea277cf1429 WHIRLPOOL 3d8f8769c945c483e234a626425176e1761222d409308563d0acfc7d4b94c54934c3dc950b0a96d78c0cbf4f7f0a8ab951852ccbc85c8d39677a785d16e2198f
-MISC ChangeLog 4815 SHA256 168bf847edf590eaaeed3564c143a8ada3e56c512ea8c67e333d110eda957c75 SHA512 7270e8d96669b9c5b9a89dce7ebc236d0366aeba3b00d12a00d03fe148213b4a7f999f182bf41e4c485a33327fb217f457cf1f43714ccf5c6136ee06da9b0624 WHIRLPOOL f76d478e69f5da42203751241718f707b50ccdeee4b08fba47606a02ed36d62ae2382ec382d4d2c8f76d9b685ca72f101476b0ef1e9de14a8a90b4859ef3a979
-MISC ChangeLog-2015 11858 SHA256 b66893e52b6cab2a88692b801cc5922e70a996964ea984f104a9043d0908a0ad SHA512 4582d5944c12335dd3b92668c83cb5f7694d4086ecd01d72ab4198cadca8765fe6486cf7bda067915ba906220370faf948ea9ef052cae3884c796145a3f02b1e WHIRLPOOL e3296ea4f32499ac91ac6b6b8fd3fcf7f1ab0208aae2150c3f1114e07f7db0a9c97cc59b7b1c4ae806835a1499e6e33891f148f8e68b44427d3ecd870602a1fa
-MISC metadata.xml 326 SHA256 8bb649aedd41191bf8b9dbfcc37069da0e6a379cbc39893c00b25d2708866297 SHA512 57810d8957812cf02573aff451fb8248944bd100beaa06412deb4b5622161fca2ee466ad80050d68e94acf5e2e7963c6fa657416996c0503da6ac88f1f00efdb WHIRLPOOL ca572a0cc843aa70dda752b67ca2e29318bfc2b771d82cdfee9330c6a7bf7f9c6e4c3617a17c5fce9ae6d3bab8cb112763100ec0cd94585beaa92ef2d08f6e2c
+AUX optipng-0.7.5-estonian.patch 1014 BLAKE2B 3c973120185be858a89c02b1f452e47da5f51866ec9ad59653d2f27cea9ea2b7d318d33b00c3eb14b6e87e629f63062d63f2ffd523e62b9927b0b75e4d781af1 SHA512 535e869c42df6181f0bd30287adb9175c18e8a9730c997a6466e64870b968d9575e6952889353be5ac4232b2087b004cde953e151da4c75b8048b3cdccb8f27d
+AUX optipng-0.7.6-cve-2017-1000229.patch 903 BLAKE2B d193e4c62813e40b653699d17b478838633e43536caa6bca54a7b48ad4290af3aa452b37d3bacbb194bec11aeed47e84b60cab4fd71281d554e72309e376ceb4 SHA512 2bf259c59121e735a6c65137d5819c07057b3b1e43e14793cc4f739b607f6ea4e4788ddf1dee521bd8b623796c901f974e7c925f36ff13adec669dfc6fbf449e
+DIST optipng-0.7.6.tar.gz 2202237 BLAKE2B f113027ff12f2fc97bd4dc43b8e62f5af8f86e251b43c0f86ffbd59366b329d1fc2a58103aa349cb18fb0c9d2e5f051517439c02aeb44ee435c6fff0c75efb7a SHA512 d31d7494c23413d87b601a706cc2faf82923156a818da66e0bfad11741aed065db8f1b0c088d2abd66899ac192408c05f594295ded2684c4549c5f03b140a184
+EBUILD optipng-0.7.6-r1.ebuild 1336 BLAKE2B a54e08e74534f32e4f768593b9330275b5ca013790338ebf1a56b62b1ae7889d865051d83a61e077b0bd570adbd27dc39a8a57c08f7e8727048da11115659703 SHA512 8a169fe7d8e12bc8dc351a049e1a4d4a50ff9d53433b737c91ed0e26cd9b24ba59ea611002df6c38018572d69a177920ab6b8b1abcc22f9ef5b2d5ef36d15a7f
+EBUILD optipng-0.7.6.ebuild 1264 BLAKE2B 7300c5845c1e78740781546ff0f7389af8f76e373d690c82270bd0d391d80f9b690cc4f59b16fe380c4ce47ac6c2c04eaf6f28c1bd32eb2bb242a8fe785bef66 SHA512 acfe88a65ae266104b41044ccbd6961326a711e67797ebf176af972d08471b1e958bad2a1b46243e59ddb0f6eb10a95dcada7a76a6235970902f7ea277cf1429
+MISC metadata.xml 326 BLAKE2B aa1da3dfcfd0faa4d1bcc901659c15b3ce974eace4d7b1317c7fcfdac13939ca4e0ed9d58eb46e7921caefe63475fcffe3193ad138506c9e16b0d8d9abb73bb8 SHA512 57810d8957812cf02573aff451fb8248944bd100beaa06412deb4b5622161fca2ee466ad80050d68e94acf5e2e7963c6fa657416996c0503da6ac88f1f00efdb
diff --git a/media-gfx/optipng/files/optipng-0.7.6-cve-2017-1000229.patch b/media-gfx/optipng/files/optipng-0.7.6-cve-2017-1000229.patch
new file mode 100644
index 000000000000..19dc3ad0c57b
--- /dev/null
+++ b/media-gfx/optipng/files/optipng-0.7.6-cve-2017-1000229.patch
@@ -0,0 +1,25 @@
+From 77ac8e9fd9b2c1aeec3951e2bb50f7cc2c1e92d2 Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Sun, 19 Nov 2017 16:04:26 +0100
+Subject: [PATCH] Prevent integer overflow (bug #65, CVE-2017-1000229)
+
+---
+ src/minitiff/tiffread.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/minitiff/tiffread.c b/src/minitiff/tiffread.c
+index b4910ec..5f9b376 100644
+--- a/src/minitiff/tiffread.c
++++ b/src/minitiff/tiffread.c
+@@ -350,6 +350,8 @@ minitiff_read_info(struct minitiff_info *tiff_ptr, FILE *fp)
+ count = tiff_ptr->strip_offsets_count;
+ if (count == 0 || count > tiff_ptr->height)
+ goto err_invalid;
++ if (count > (size_t)-1 / sizeof(long))
++ goto err_memory;
+ tiff_ptr->strip_offsets = (long *)malloc(count * sizeof(long));
+ if (tiff_ptr->strip_offsets == NULL)
+ goto err_memory;
+--
+2.14.2
+
diff --git a/media-gfx/optipng/optipng-0.7.6-r1.ebuild b/media-gfx/optipng/optipng-0.7.6-r1.ebuild
new file mode 100644
index 000000000000..7cc031c42aab
--- /dev/null
+++ b/media-gfx/optipng/optipng-0.7.6-r1.ebuild
@@ -0,0 +1,56 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=4
+
+inherit eutils toolchain-funcs
+
+DESCRIPTION="Compress PNG files without affecting image quality"
+HOMEPAGE="http://optipng.sourceforge.net/"
+SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz"
+
+LICENSE="ZLIB"
+SLOT="0"
+KEYWORDS="~alpha amd64 ~arm ppc ppc64 ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos ~x86-solaris"
+IUSE=""
+
+RDEPEND="sys-libs/zlib
+ media-libs/libpng:0"
+DEPEND="${RDEPEND}
+ sys-apps/findutils"
+
+src_prepare() {
+ epatch "${FILESDIR}"/${PN}-0.7.5-estonian.patch
+ epatch "${FILESDIR}"/${PN}-0.7.6-cve-2017-1000229.patch # bug 637936
+
+ rm -R src/{libpng,zlib} || die
+ find . -type d -name build -exec rm -R {} + || die
+
+ # next release is almost a complete rewrite, so plug this compilation
+ # problem in anticipation of the much (c)leaner(?) rewrite
+ sed -i \
+ -e 's/^#ifdef AT_FDCWD/#if defined(AT_FDCWD) \&\& !(defined (__SVR4) \&\& defined (__sun))/' \
+ src/optipng/osys.c || die
+
+ tc-export CC AR RANLIB
+ export LD=$(tc-getCC)
+}
+
+src_configure() {
+ ./configure \
+ -with-system-libpng \
+ -with-system-zlib \
+ || die "configure failed"
+}
+
+src_compile() {
+ emake -C src/optipng
+}
+
+src_install() {
+ dodoc README.txt doc/*.txt
+ dohtml doc/*.html
+ doman src/${PN}/man/${PN}.1
+
+ dobin src/${PN}/${PN}
+}