diff options
| author |   Sebastian Pipping <sping@gentoo.org> | 2018-01-03 04:15:03 +0100 |
|---|---|---|
| committer | Sebastian Pipping <sping@gentoo.org> | 2018-01-03 04:15:03 +0100 |
| commit | c0f2d036a569a8a7d5dca3f17ab8c2f952b8cce6 (patch) | |
| tree | 5b53c322c85f1d301562396cebf3c912c3a251d2 /media-gfx | |
| parent | x11-misc/grub2-theme-preview: 1.3.2 (diff) | |
| download | gentoo-c0f2d036a569a8a7d5dca3f17ab8c2f952b8cce6.tar.gz gentoo-c0f2d036a569a8a7d5dca3f17ab8c2f952b8cce6.tar.bz2 gentoo-c0f2d036a569a8a7d5dca3f17ab8c2f952b8cce6.zip | |
media-gfx/gimp: CVE-2017-17784 to CVE-2017-17789
Package-Manager: Portage-2.3.16, Repoman-2.3.6
Diffstat (limited to 'media-gfx')
| -rw-r--r-- | media-gfx/gimp/files/gimp-2.8.22-cve-2017-17784.patch | 32 | ||||
| -rw-r--r-- | media-gfx/gimp/files/gimp-2.8.22-cve-2017-17785.patch | 161 | ||||
| -rw-r--r-- | media-gfx/gimp/files/gimp-2.8.22-cve-2017-17786-1.patch | 53 | ||||
| -rw-r--r-- | media-gfx/gimp/files/gimp-2.8.22-cve-2017-17786-2.patch | 31 | ||||
| -rw-r--r-- | media-gfx/gimp/files/gimp-2.8.22-cve-2017-17787.patch | 33 | ||||
| -rw-r--r-- | media-gfx/gimp/files/gimp-2.8.22-cve-2017-17788.patch | 29 | ||||
| -rw-r--r-- | media-gfx/gimp/files/gimp-2.8.22-cve-2017-17789.patch | 38 | ||||
| -rw-r--r-- | media-gfx/gimp/files/gimp-2.9.8-cve-2017-17784.patch | 30 | ||||
| -rw-r--r-- | media-gfx/gimp/gimp-2.8.22-r1.ebuild | 176 | ||||
| -rw-r--r-- | media-gfx/gimp/gimp-2.9.8-r1.ebuild | 205 |
10 files changed, 788 insertions, 0 deletions
diff --git a/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17784.patch b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17784.patch new file mode 100644 index 000000000000..c7df330409f8 --- /dev/null +++ b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17784.patch @@ -0,0 +1,32 @@ +From c57f9dcf1934a9ab0cd67650f2dea18cb0902270 Mon Sep 17 00:00:00 2001 +From: Jehan <jehan@girinstud.io> +Date: Thu, 21 Dec 2017 12:25:32 +0100 +Subject: Bug 790784 - (CVE-2017-17784) heap overread in gbr parser / + load_image. + +We were assuming the input name was well formed, hence was +nul-terminated. As any data coming from external input, this has to be +thorougly checked. +Similar to commit 06d24a79af94837d615d0024916bb95a01bf3c59 but adapted +to older gimp-2-8 code. +--- + plug-ins/common/file-gbr.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/plug-ins/common/file-gbr.c b/plug-ins/common/file-gbr.c +index b028100..d3f01d9 100644 +--- a/plug-ins/common/file-gbr.c ++++ b/plug-ins/common/file-gbr.c +@@ -443,7 +443,8 @@ load_image (const gchar *filename, + { + gchar *temp = g_new (gchar, bn_size); + +- if ((read (fd, temp, bn_size)) < bn_size) ++ if ((read (fd, temp, bn_size)) < bn_size || ++ temp[bn_size - 1] != '\0') + { + g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, + _("Error in GIMP brush file '%s'"), +-- +cgit v0.12 + diff --git a/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17785.patch b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17785.patch new file mode 100644 index 000000000000..1f77d36ec6ca --- /dev/null +++ b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17785.patch @@ -0,0 +1,161 @@ +From 1882bac996a20ab5c15c42b0c5e8f49033a1af54 Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann <tobias@stoeckmann.org> +Date: Sun, 29 Oct 2017 15:19:41 +0100 +Subject: Bug 739133 - (CVE-2017-17785) Heap overflow while parsing FLI files. + +It is possible to trigger a heap overflow while parsing FLI files. The +RLE decoder is vulnerable to out of boundary writes due to lack of +boundary checks. + +The variable "framebuf" points to a memory area which was allocated +with fli_header->width * fli_header->height bytes. The RLE decoder +therefore must never write beyond that limit. + +If an illegal frame is detected, the parser won't stop, which means +that the next valid sequence is properly parsed again. This should +allow GIMP to parse FLI files as good as possible even if they are +broken by an attacker or by accident. + +While at it, I changed the variable xc to be of type size_t, because +the multiplication of width and height could overflow a 16 bit type. + +Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> +(cherry picked from commit edb251a7ef1602d20a5afcbf23f24afb163de63b) +--- + plug-ins/file-fli/fli.c | 50 ++++++++++++++++++++++++++++++++++--------------- + 1 file changed, 35 insertions(+), 15 deletions(-) + +diff --git a/plug-ins/file-fli/fli.c b/plug-ins/file-fli/fli.c +index 313efeb..ffb651e 100644 +--- a/plug-ins/file-fli/fli.c ++++ b/plug-ins/file-fli/fli.c +@@ -25,6 +25,8 @@ + + #include "config.h" + ++#include <glib/gstdio.h> ++ + #include <string.h> + #include <stdio.h> + +@@ -461,23 +463,27 @@ void fli_read_brun(FILE *f, s_fli_header *fli_header, unsigned char *framebuf) + unsigned short yc; + unsigned char *pos; + for (yc=0; yc < fli_header->height; yc++) { +- unsigned short xc, pc, pcnt; ++ unsigned short pc, pcnt; ++ size_t n, xc; + pc=fli_read_char(f); + xc=0; + pos=framebuf+(fli_header->width * yc); ++ n=(size_t)fli_header->width * (fli_header->height-yc); + for (pcnt=pc; pcnt>0; pcnt--) { + unsigned short ps; + ps=fli_read_char(f); + if (ps & 0x80) { + unsigned short len; +- for (len=-(signed char)ps; len>0; len--) { ++ for (len=-(signed char)ps; len>0 && xc<n; len--) { + pos[xc++]=fli_read_char(f); + } + } else { + unsigned char val; ++ size_t len; ++ len=MIN(n-xc,ps); + val=fli_read_char(f); +- memset(&(pos[xc]), val, ps); +- xc+=ps; ++ memset(&(pos[xc]), val, len); ++ xc+=len; + } + } + } +@@ -564,25 +570,34 @@ void fli_read_lc(FILE *f, s_fli_header *fli_header, unsigned char *old_framebuf, + memcpy(framebuf, old_framebuf, fli_header->width * fli_header->height); + firstline = fli_read_short(f); + numline = fli_read_short(f); ++ if (numline > fli_header->height || fli_header->height-numline < firstline) ++ return; ++ + for (yc=0; yc < numline; yc++) { +- unsigned short xc, pc, pcnt; ++ unsigned short pc, pcnt; ++ size_t n, xc; + pc=fli_read_char(f); + xc=0; + pos=framebuf+(fli_header->width * (firstline+yc)); ++ n=(size_t)fli_header->width * (fli_header->height-firstline-yc); + for (pcnt=pc; pcnt>0; pcnt--) { + unsigned short ps,skip; + skip=fli_read_char(f); + ps=fli_read_char(f); +- xc+=skip; ++ xc+=MIN(n-xc,skip); + if (ps & 0x80) { + unsigned char val; ++ size_t len; + ps=-(signed char)ps; + val=fli_read_char(f); +- memset(&(pos[xc]), val, ps); +- xc+=ps; ++ len=MIN(n-xc,ps); ++ memset(&(pos[xc]), val, len); ++ xc+=len; + } else { +- fread(&(pos[xc]), ps, 1, f); +- xc+=ps; ++ size_t len; ++ len=MIN(n-xc,ps); ++ fread(&(pos[xc]), len, 1, f); ++ xc+=len; + } + } + } +@@ -689,7 +704,8 @@ void fli_read_lc_2(FILE *f, s_fli_header *fli_header, unsigned char *old_framebu + yc=0; + numline = fli_read_short(f); + for (lc=0; lc < numline; lc++) { +- unsigned short xc, pc, pcnt, lpf, lpn; ++ unsigned short pc, pcnt, lpf, lpn; ++ size_t n, xc; + pc=fli_read_short(f); + lpf=0; lpn=0; + while (pc & 0x8000) { +@@ -700,26 +716,30 @@ void fli_read_lc_2(FILE *f, s_fli_header *fli_header, unsigned char *old_framebu + } + pc=fli_read_short(f); + } ++ yc=MIN(yc, fli_header->height); + xc=0; + pos=framebuf+(fli_header->width * yc); ++ n=(size_t)fli_header->width * (fli_header->height-yc); + for (pcnt=pc; pcnt>0; pcnt--) { + unsigned short ps,skip; + skip=fli_read_char(f); + ps=fli_read_char(f); +- xc+=skip; ++ xc+=MIN(n-xc,skip); + if (ps & 0x80) { + unsigned char v1,v2; + ps=-(signed char)ps; + v1=fli_read_char(f); + v2=fli_read_char(f); +- while (ps>0) { ++ while (ps>0 && xc+1<n) { + pos[xc++]=v1; + pos[xc++]=v2; + ps--; + } + } else { +- fread(&(pos[xc]), ps, 2, f); +- xc+=ps << 1; ++ size_t len; ++ len=MIN((n-xc)/2,ps); ++ fread(&(pos[xc]), len, 2, f); ++ xc+=len << 1; + } + } + if (lpf) pos[xc]=lpn; +-- +cgit v0.12 + diff --git a/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17786-1.patch b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17786-1.patch new file mode 100644 index 000000000000..4047f7cb3c9f --- /dev/null +++ b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17786-1.patch @@ -0,0 +1,53 @@ +From ef9c821fff8b637a2178eab1c78cae6764c50e12 Mon Sep 17 00:00:00 2001 +From: Jehan <jehan@girinstud.io> +Date: Wed, 20 Dec 2017 13:02:38 +0100 +Subject: Bug 739134 - (CVE-2017-17786) Out of bounds read / heap overflow + in... +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +... TGA importer. + +Be more thorough on valid TGA RGB and RGBA images. +In particular current TGA plug-in can import RGBA as 32 bits (8 bits per +channel) and 16 bits (5 bits per color channel and 1 bit for alpha), and +RGB as 15 and 24 bits. +Maybe there exist more variants, but if they do exist, we simply don't +support them yet. + +Thanks to Hanno Böck for the report and a first patch attempt. + +(cherry picked from commit 674b62ad45b6579ec6d7923dc3cb1ef4e8b5498b) +--- + plug-ins/common/file-tga.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/plug-ins/common/file-tga.c b/plug-ins/common/file-tga.c +index aef9870..426acc2 100644 +--- a/plug-ins/common/file-tga.c ++++ b/plug-ins/common/file-tga.c +@@ -564,12 +564,16 @@ load_image (const gchar *filename, + } + break; + case TGA_TYPE_COLOR: +- if (info.bpp != 15 && info.bpp != 16 && +- info.bpp != 24 && info.bpp != 32) ++ if ((info.bpp != 15 && info.bpp != 16 && ++ info.bpp != 24 && info.bpp != 32) || ++ ((info.bpp == 15 || info.bpp == 24) && ++ info.alphaBits != 0) || ++ (info.bpp == 16 && info.alphaBits != 1) || ++ (info.bpp == 32 && info.alphaBits != 8)) + { +- g_message ("Unhandled sub-format in '%s' (type = %u, bpp = %u)", ++ g_message ("Unhandled sub-format in '%s' (type = %u, bpp = %u, alpha = %u)", + gimp_filename_to_utf8 (filename), +- info.imageType, info.bpp); ++ info.imageType, info.bpp, info.alphaBits); + return -1; + } + break; +-- +cgit v0.12 + diff --git a/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17786-2.patch b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17786-2.patch new file mode 100644 index 000000000000..7177dd3c1f11 --- /dev/null +++ b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17786-2.patch @@ -0,0 +1,31 @@ +From 22e2571c25425f225abdb11a566cc281fca6f366 Mon Sep 17 00:00:00 2001 +From: Jehan <jehan@girinstud.io> +Date: Wed, 20 Dec 2017 13:26:26 +0100 +Subject: plug-ins: TGA 16-bit RGB (without alpha bit) is also valid. + +According to some spec on the web, 16-bit RGB is also valid. In this +case, the last bit is simply ignored (at least that's how it is +implemented right now). + +(cherry picked from commit 8ea316667c8a3296bce2832b3986b58d0fdfc077) +--- + plug-ins/common/file-tga.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/plug-ins/common/file-tga.c b/plug-ins/common/file-tga.c +index 426acc2..eb14a1d 100644 +--- a/plug-ins/common/file-tga.c ++++ b/plug-ins/common/file-tga.c +@@ -568,7 +568,8 @@ load_image (const gchar *filename, + info.bpp != 24 && info.bpp != 32) || + ((info.bpp == 15 || info.bpp == 24) && + info.alphaBits != 0) || +- (info.bpp == 16 && info.alphaBits != 1) || ++ (info.bpp == 16 && info.alphaBits != 1 && ++ info.alphaBits != 0) || + (info.bpp == 32 && info.alphaBits != 8)) + { + g_message ("Unhandled sub-format in '%s' (type = %u, bpp = %u, alpha = %u)", +-- +cgit v0.12 + diff --git a/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17787.patch b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17787.patch new file mode 100644 index 000000000000..654726388ea6 --- /dev/null +++ b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17787.patch @@ -0,0 +1,33 @@ +From 87ba505fff85989af795f4ab6a047713f4d9381d Mon Sep 17 00:00:00 2001 +From: Jehan <jehan@girinstud.io> +Date: Thu, 21 Dec 2017 12:49:41 +0100 +Subject: Bug 790853 - (CVE-2017-17787) heap overread in psp importer. + +As any external data, we have to check that strings being read at fixed +length are properly nul-terminated. + +(cherry picked from commit eb2980683e6472aff35a3117587c4f814515c74d) +--- + plug-ins/common/file-psp.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c +index 4cbafe3..e350e4d 100644 +--- a/plug-ins/common/file-psp.c ++++ b/plug-ins/common/file-psp.c +@@ -890,6 +890,12 @@ read_creator_block (FILE *f, + g_free (string); + return -1; + } ++ if (string[length - 1] != '\0') ++ { ++ g_message ("Creator keyword data not nul-terminated"); ++ g_free (string); ++ return -1; ++ } + switch (keyword) + { + case PSP_CRTR_FLD_TITLE: +-- +cgit v0.12 + diff --git a/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17788.patch b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17788.patch new file mode 100644 index 000000000000..2bf16b85e607 --- /dev/null +++ b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17788.patch @@ -0,0 +1,29 @@ +From: Hanno Boeck <hanno@hboeck.de> +Date: Mon, 27 Nov 2017 00:37:29 +0100 +Subject: 790783 - buffer overread in XCF parser if version field... +Origin: https://git.gnome.org/browse/GIMP/commit/?id=702c4227e8b6169f781e4bb5ae4b5733f51ab126 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17788 +Bug-Debian: https://bugs.debian.org/885347 +Bug: https://bugzilla.gnome.org/show_bug.cgi?id=790783 + +...has no null terminator + +Check for the presence of '\0' before using atoi() on the version +string. Patch slightly modified (mitch). +[carnil: backport to gimp-2-8: affected code in xcf_load_invoker] +--- + app/xcf/xcf.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/app/xcf/xcf.c ++++ b/app/xcf/xcf.c +@@ -318,7 +318,8 @@ xcf_load_invoker (GimpProcedure *pr + { + info.file_version = 0; + } +- else if (id[9] == 'v') ++ else if (id[9] == 'v' && ++ id[13] == '\0') + { + info.file_version = atoi (id + 10); + } diff --git a/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17789.patch b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17789.patch new file mode 100644 index 000000000000..3d63694f6790 --- /dev/null +++ b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17789.patch @@ -0,0 +1,38 @@ +From 01898f10f87a094665a7fdcf7153990f4e511d3f Mon Sep 17 00:00:00 2001 +From: Jehan <jehan@girinstud.io> +Date: Wed, 20 Dec 2017 16:44:20 +0100 +Subject: Bug 790849 - (CVE-2017-17789) CVE-2017-17789 Heap buffer overflow... + +... in PSP importer. +Check if declared block length is valid (i.e. within the actual file) +before going further. +Consider the file as broken otherwise and fail loading it. + +(cherry picked from commit 28e95fbeb5720e6005a088fa811f5bf3c1af48b8) +--- + plug-ins/common/file-psp.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c +index ac0fff7..4cbafe3 100644 +--- a/plug-ins/common/file-psp.c ++++ b/plug-ins/common/file-psp.c +@@ -1771,6 +1771,15 @@ load_image (const gchar *filename, + { + block_start = ftell (f); + ++ if (block_start + block_total_len > st.st_size) ++ { ++ g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, ++ _("Could not open '%s' for reading: %s"), ++ gimp_filename_to_utf8 (filename), ++ _("invalid block size")); ++ goto error; ++ } ++ + if (id == PSP_IMAGE_BLOCK) + { + if (block_number != 0) +-- +cgit v0.12 + diff --git a/media-gfx/gimp/files/gimp-2.9.8-cve-2017-17784.patch b/media-gfx/gimp/files/gimp-2.9.8-cve-2017-17784.patch new file mode 100644 index 000000000000..e46703d3d3d4 --- /dev/null +++ b/media-gfx/gimp/files/gimp-2.9.8-cve-2017-17784.patch @@ -0,0 +1,30 @@ +From 06d24a79af94837d615d0024916bb95a01bf3c59 Mon Sep 17 00:00:00 2001 +From: Jehan <jehan@girinstud.io> +Date: Thu, 21 Dec 2017 12:15:34 +0100 +Subject: Bug 790784 - (CVE-2017-17784) heap overread in gbr parser / + load_image. + +We were assuming the input name was well formed, hence was +nul-terminated. As any data coming from external input, this has to be +thorougly checked. +--- + plug-ins/common/file-gbr.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/plug-ins/common/file-gbr.c b/plug-ins/common/file-gbr.c +index b8933e7..585e74a 100644 +--- a/plug-ins/common/file-gbr.c ++++ b/plug-ins/common/file-gbr.c +@@ -456,7 +456,8 @@ load_image (GFile *file, + + if (! g_input_stream_read_all (input, temp, size, + &bytes_read, NULL, error) || +- bytes_read != size) ++ bytes_read != size || ++ temp[size - 1] != '\0') + { + g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, + _("Error in GIMP brush file '%s'"), +-- +cgit v0.12 + diff --git a/media-gfx/gimp/gimp-2.8.22-r1.ebuild b/media-gfx/gimp/gimp-2.8.22-r1.ebuild new file mode 100644 index 000000000000..afa66f120198 --- /dev/null +++ b/media-gfx/gimp/gimp-2.8.22-r1.ebuild @@ -0,0 +1,176 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 +PYTHON_COMPAT=( python2_7 ) + +inherit versionator virtualx autotools eutils gnome2 fdo-mime multilib python-single-r1 + +DESCRIPTION="GNU Image Manipulation Program" +HOMEPAGE="https://www.gimp.org/" +SRC_URI="mirror://gimp/v$(get_version_component_range 1-2)/${P}.tar.bz2" +LICENSE="GPL-3 LGPL-3" +SLOT="2" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~x64-solaris ~x86-solaris" + +LANGS="am ar ast az be bg br ca ca@valencia cs csb da de dz el en_CA en_GB eo es et eu fa fi fr ga gl gu he hi hr hu id is it ja ka kk km kn ko lt lv mk ml ms my nb nds ne nl nn oc pa pl pt pt_BR ro ru rw si sk sl sr sr@latin sv ta te th tr tt uk vi xh yi zh_CN zh_HK zh_TW" +IUSE="alsa aalib altivec aqua bzip2 curl dbus debug doc exif gnome postscript jpeg jpeg2k lcms cpu_flags_x86_mmx mng pdf png python smp cpu_flags_x86_sse svg tiff udev wmf xpm" + +for lang in ${LANGS}; do + IUSE+=" linguas_${lang}" +done + +RDEPEND=">=dev-libs/glib-2.30.2:2 + >=dev-libs/atk-2.2.0 + >=x11-libs/gtk+-2.24.10:2 + >=x11-libs/gdk-pixbuf-2.24.1:2 + >=x11-libs/cairo-1.10.2 + >=x11-libs/pango-1.29.4 + xpm? ( x11-libs/libXpm ) + >=media-libs/freetype-2.1.7 + >=media-libs/fontconfig-2.2.0 + sys-libs/zlib + dev-libs/libxml2 + dev-libs/libxslt + x11-themes/hicolor-icon-theme + >=media-libs/babl-0.1.10 + >=media-libs/gegl-0.2.0:0 + aalib? ( media-libs/aalib ) + alsa? ( media-libs/alsa-lib ) + aqua? ( x11-libs/gtk-mac-integration ) + curl? ( net-misc/curl ) + dbus? ( dev-libs/dbus-glib ) + gnome? ( gnome-base/gvfs ) + jpeg? ( virtual/jpeg:0 ) + jpeg2k? ( media-libs/jasper:= ) + exif? ( >=media-libs/libexif-0.6.15 ) + lcms? ( >=media-libs/lcms-2.2:2 ) + mng? ( media-libs/libmng ) + pdf? ( >=app-text/poppler-0.12.4[cairo] ) + png? ( >=media-libs/libpng-1.2.37:0 ) + python? ( + ${PYTHON_DEPS} + >=dev-python/pygtk-2.10.4:2[${PYTHON_USEDEP}] + ) + tiff? ( >=media-libs/tiff-3.5.7:0 ) + svg? ( >=gnome-base/librsvg-2.36.0:2 ) + wmf? ( >=media-libs/libwmf-0.2.8 ) + x11-libs/libXcursor + sys-libs/zlib + bzip2? ( app-arch/bzip2 ) + postscript? ( app-text/ghostscript-gpl ) + udev? ( virtual/libgudev:= )" +DEPEND="${RDEPEND} + sys-apps/findutils + virtual/pkgconfig + >=dev-util/intltool-0.40.1 + >=sys-devel/gettext-0.19 + doc? ( >=dev-util/gtk-doc-1 ) + >=sys-devel/libtool-2.2 + >=sys-devel/automake-1.11 + dev-util/gtk-doc-am" # due to our call to eautoreconf below (bug #386453) + +DOCS="AUTHORS ChangeLog* HACKING NEWS README*" + +S="${WORKDIR}"/${P} + +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" + +pkg_setup() { + G2CONF="--enable-default-binary \ + --disable-silent-rules \ + $(use_with !aqua x) \ + $(use_with aalib aa) \ + $(use_with alsa) \ + $(use_enable altivec) \ + $(use_with bzip2) \ + $(use_with curl libcurl) \ + $(use_with dbus) \ + $(use_with gnome gvfs) \ + --without-webkit \ + $(use_with jpeg libjpeg) \ + $(use_with jpeg2k libjasper) \ + $(use_with exif libexif) \ + $(use_with lcms lcms lcms2) \ + $(use_with postscript gs) \ + $(use_enable cpu_flags_x86_mmx mmx) \ + $(use_with mng libmng) \ + $(use_with pdf poppler) \ + $(use_with png libpng) \ + $(use_enable python) \ + $(use_enable smp mp) \ + $(use_enable cpu_flags_x86_sse sse) \ + $(use_with svg librsvg) \ + $(use_with tiff libtiff) \ + $(use_with udev gudev) \ + $(use_with wmf) \ + --with-xmc \ + $(use_with xpm libxpm) \ + --without-xvfb-run" + + if use python; then + python-single-r1_pkg_setup + fi +} + +src_prepare() { + epatch "${FILESDIR}"/${P}-cve-2017-17784.patch # bug 641954 + epatch "${FILESDIR}"/${P}-cve-2017-17785.patch # bug 641954 + epatch "${FILESDIR}"/${P}-cve-2017-17786-1.patch # bug 641954 + epatch "${FILESDIR}"/${P}-cve-2017-17786-2.patch # bug 641954 + epatch "${FILESDIR}"/${P}-cve-2017-17787.patch # bug 641954 + epatch "${FILESDIR}"/${P}-cve-2017-17788.patch # bug 641954 + epatch "${FILESDIR}"/${P}-cve-2017-17789.patch # bug 641954 + + epatch "${FILESDIR}"/${PN}-2.8.14-blend-center.patch # bug 558878 + epatch "${FILESDIR}"/${PN}-2.7.4-no-deprecation.patch # bug 395695, comment 9 and 16 + epatch "${FILESDIR}"/${PN}-2.8.10-clang.patch # bug 449370 compile with clang + + sed -i -e 's/== "xquartz"/= "xquartz"/' configure.ac || die #494864 + eautoreconf # If you remove this: remove dev-util/gtk-doc-am from DEPEND, too + + gnome2_src_prepare +} + +_clean_up_locales() { + einfo "Cleaning up locales..." + for lang in ${LANGS}; do + use "linguas_${lang}" && { + einfo "- keeping ${lang}" + continue + } + rm -Rf "${ED}"/usr/share/locale/"${lang}" || die + done +} + +src_test() { + Xemake check +} + +src_install() { + gnome2_src_install + + if use python; then + python_optimize + fi + + # Workaround for bug #321111 to give GIMP the least + # precedence on PDF documents by default + mv "${ED}"/usr/share/applications/{,zzz-}gimp.desktop || die + + prune_libtool_files --all + + # Prevent dead symlink gimp-console.1 from downstream man page compression (bug #433527) + local gimp_app_version=$(get_version_component_range 1-2) + mv "${ED}"/usr/share/man/man1/gimp-console{-${gimp_app_version},}.1 || die + + _clean_up_locales +} + +pkg_postinst() { + gnome2_pkg_postinst +} + +pkg_postrm() { + gnome2_pkg_postrm +} diff --git a/media-gfx/gimp/gimp-2.9.8-r1.ebuild b/media-gfx/gimp/gimp-2.9.8-r1.ebuild new file mode 100644 index 000000000000..76986e47e6ef --- /dev/null +++ b/media-gfx/gimp/gimp-2.9.8-r1.ebuild @@ -0,0 +1,205 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +PYTHON_COMPAT=( python2_7 ) + +inherit versionator virtualx autotools eutils gnome2 multilib python-single-r1 + +DESCRIPTION="GNU Image Manipulation Program" +HOMEPAGE="https://www.gimp.org/" +SRC_URI="mirror://gimp/v$(get_version_component_range 1-2)/${P}.tar.bz2" +LICENSE="GPL-3 LGPL-3" +SLOT="2" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc64 ~x86" + +LANGS="am ar ast az be bg br ca ca@valencia cs csb da de dz el en_CA en_GB eo es et eu fa fi fr ga gl gu he hi hr hu id is it ja ka kk km kn ko lt lv mk ml ms my nb nds ne nl nn oc pa pl pt pt_BR ro ru rw si sk sl sr sr@latin sv ta te th tr tt uk vi xh yi zh_CN zh_HK zh_TW" +IUSE="alsa aalib altivec aqua debug doc openexr gnome postscript jpeg2k cpu_flags_x86_mmx mng pdf python smp cpu_flags_x86_sse udev vector-icons webp wmf xpm" + +for lang in ${LANGS}; do + IUSE+=" linguas_${lang}" +done + +RDEPEND=">=dev-libs/glib-2.40.0:2 + >=dev-libs/atk-2.2.0 + >=x11-libs/gtk+-2.24.10:2 + dev-util/gtk-update-icon-cache + >=x11-libs/gdk-pixbuf-2.31:2 + >=x11-libs/cairo-1.12.2 + >=x11-libs/pango-1.29.4 + xpm? ( x11-libs/libXpm ) + >=media-libs/freetype-2.1.7 + >=media-libs/harfbuzz-0.9.19 + >=media-libs/gexiv2-0.10.6 + >=media-libs/libmypaint-1.3.0[gegl] + >=media-libs/fontconfig-2.2.0 + sys-libs/zlib + dev-libs/libxml2 + dev-libs/libxslt + x11-themes/hicolor-icon-theme + >=media-libs/babl-0.1.38 + >=media-libs/gegl-0.3.24:0.3[cairo] + >=dev-libs/glib-2.43 + aalib? ( media-libs/aalib ) + alsa? ( media-libs/alsa-lib ) + aqua? ( x11-libs/gtk-mac-integration ) + gnome? ( gnome-base/gvfs ) + virtual/jpeg:0 + jpeg2k? ( media-libs/jasper:= ) + >=media-libs/lcms-2.8:2 + mng? ( media-libs/libmng ) + openexr? ( >=media-libs/openexr-1.6.1 ) + pdf? ( >=app-text/poppler-0.44[cairo] >=app-text/poppler-data-0.4.7 ) + >=media-libs/libpng-1.6.25:0 + python? ( + ${PYTHON_DEPS} + >=dev-python/pygtk-2.10.4:2[${PYTHON_USEDEP}] + >=dev-python/pycairo-1.0.2[${PYTHON_USEDEP}] + ) + >=media-libs/tiff-3.5.7:0 + >=gnome-base/librsvg-2.40.6:2 + webp? ( >=media-libs/libwebp-0.6.0 ) + wmf? ( >=media-libs/libwmf-0.2.8 ) + net-libs/glib-networking[ssl] + x11-libs/libXcursor + sys-libs/zlib + app-arch/bzip2 + >=app-arch/xz-utils-5.0.0 + postscript? ( app-text/ghostscript-gpl ) + udev? ( virtual/libgudev:= )" +DEPEND="${RDEPEND} + >=dev-lang/perl-5.10.0 + dev-libs/appstream-glib + sys-apps/findutils + virtual/pkgconfig + >=dev-util/intltool-0.40.1 + >=sys-devel/gettext-0.19 + doc? ( >=dev-util/gtk-doc-1 ) + >=sys-devel/libtool-2.2 + >=sys-devel/automake-1.11 + dev-util/gtk-doc-am" # due to our call to eautoreconf below (bug #386453) + +DOCS="AUTHORS ChangeLog* HACKING NEWS README*" + +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" + +pkg_setup() { + if use python; then + python-single-r1_pkg_setup + fi +} + +src_prepare() { + epatch "${FILESDIR}"/${P}-cve-2017-17784.patch # bug 641954 + epatch "${FILESDIR}"/${PN}-2.8.22-cve-2017-17785.patch # bug 641954 + epatch "${FILESDIR}"/${PN}-2.8.22-cve-2017-17786-1.patch # bug 641954 + epatch "${FILESDIR}"/${PN}-2.8.22-cve-2017-17786-2.patch # bug 641954 + epatch "${FILESDIR}"/${PN}-2.8.22-cve-2017-17787.patch # bug 641954 + # NOTE: CVE-2017-17788 already fixed upstream + epatch "${FILESDIR}"/${PN}-2.8.22-cve-2017-17789.patch # bug 641954 + + eapply_user + + sed -i -e 's/== "xquartz"/= "xquartz"/' configure.ac || die #494864 + sed 's:-DGIMP_DISABLE_DEPRECATED:-DGIMP_protect_DISABLE_DEPRECATED:g' -i configure.ac || die #615144 + eautoreconf # If you remove this: remove dev-util/gtk-doc-am from DEPEND, too + + gnome2_src_prepare + + sed 's:-DGIMP_protect_DISABLE_DEPRECATED:-DGIMP_DISABLE_DEPRECATED:g' -i configure || die #615144 + fgrep -q GIMP_DISABLE_DEPRECATED configure || die #615144, self-test +} + +src_configure() { + local myconf=( + GEGL=${EPREFIX}/usr/bin/gegl-0.3 + GDBUS_CODEGEN=${EPREFIX}/bin/false + + --enable-default-binary + --disable-silent-rules + + $(use_with !aqua x) + $(use_with aalib aa) + $(use_with alsa) + $(use_enable altivec) + --with-appdata-test + --without-webkit + $(use_with jpeg2k libjasper) + $(use_with postscript gs) + $(use_enable cpu_flags_x86_mmx mmx) + $(use_with mng libmng) + $(use_with openexr) + $(use_with webp) + $(use_with pdf poppler) + $(use_enable python) + $(use_enable smp mp) + $(use_enable cpu_flags_x86_sse sse) + $(use_with udev gudev) + $(use_with wmf) + --with-xmc + $(use_with xpm libxpm) + $(use_enable vector-icons) + --without-xvfb-run + ) + + gnome2_src_configure "${myconf[@]}" +} + +src_compile() { + # Bugs #569738 and #591214 + local nv + for nv in /dev/nvidia-uvm /dev/nvidiactl /dev/nvidia{0..9} ; do + # We do not check for existence as they may show up later + # https://bugs.gentoo.org/show_bug.cgi?id=569738#c21 + addwrite "${nv}" + done + addwrite /dev/dri/ # bug #574038 + addwrite /dev/ati/ # bug 589198 + addwrite /proc/mtrr # bug 589198 + + export XDG_DATA_DIRS=${EPREFIX}/usr/share # bug 587004 + gnome2_src_compile +} + +_clean_up_locales() { + einfo "Cleaning up locales..." + for lang in ${LANGS}; do + use "linguas_${lang}" && { + einfo "- keeping ${lang}" + continue + } + rm -Rf "${ED}"/usr/share/locale/"${lang}" || die + done +} + +src_test() { + virtx emake check +} + +src_install() { + gnome2_src_install + + if use python; then + python_optimize + fi + + # Workaround for bug #321111 to give GIMP the least + # precedence on PDF documents by default + mv "${ED}"/usr/share/applications/{,zzz-}gimp.desktop || die + + prune_libtool_files --all + + # Prevent dead symlink gimp-console.1 from downstream man page compression (bug #433527) + local gimp_app_version=$(get_version_component_range 1-2) + mv "${ED}"/usr/share/man/man1/gimp-console{-${gimp_app_version},}.1 || die + + _clean_up_locales +} + +pkg_postinst() { + gnome2_pkg_postinst +} + +pkg_postrm() { + gnome2_pkg_postrm +} |