From b6d1c95e6a0a3ea6ae4d8b397845120e23e0f67b Mon Sep 17 00:00:00 2001 From: Aaron Bauman Date: Sat, 2 Jul 2016 12:04:11 +0900 Subject: media-gfx/autotrace: add patch for CVE-2013-1953 per security bug #466078 --- media-gfx/autotrace/autotrace-0.31.1-r7.ebuild | 61 ++++++++++++++++++++++ .../files/autotrace-0.31.1-CVE-2013-1953.patch | 12 +++++ 2 files changed, 73 insertions(+) create mode 100644 media-gfx/autotrace/autotrace-0.31.1-r7.ebuild create mode 100644 media-gfx/autotrace/files/autotrace-0.31.1-CVE-2013-1953.patch (limited to 'media-gfx') diff --git a/media-gfx/autotrace/autotrace-0.31.1-r7.ebuild b/media-gfx/autotrace/autotrace-0.31.1-r7.ebuild new file mode 100644 index 000000000000..f24dea4ea3a2 --- /dev/null +++ b/media-gfx/autotrace/autotrace-0.31.1-r7.ebuild @@ -0,0 +1,61 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 +inherit autotools eutils + +_dpatch=15 + +DESCRIPTION="A program for converting bitmaps to vector graphics" +HOMEPAGE="http://packages.qa.debian.org/a/autotrace.html http://autotrace.sourceforge.net/" +SRC_URI="mirror://debian/pool/main/a/${PN}/${PN}_${PV}.orig.tar.gz + mirror://debian/pool/main/a/${PN}/${PN}_${PV}-${_dpatch}.diff.gz" + +LICENSE="GPL-2 LGPL-2.1" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~amd64-fbsd ~x86-fbsd" +IUSE="+imagemagick static-libs" + +RDEPEND="media-libs/libexif:= + media-libs/libpng:0= + >=media-libs/ming-0.4.2:= + >=media-gfx/pstoedit-3.50:= + imagemagick? ( >=media-gfx/imagemagick-6.6.2.5 )" +DEPEND="${RDEPEND} + virtual/pkgconfig" + +DOCS=( AUTHORS ChangeLog NEWS README ) + +src_prepare() { + epatch "${WORKDIR}"/${PN}_${PV}-${_dpatch}.diff + + epatch \ + "${FILESDIR}"/${P}-{m4,libpng14,pkgconfig}.patch \ + "${FILESDIR}"/${P}-swf-output.patch \ + "${FILESDIR}"/${P}-GetOnePixel.patch \ + "${FILESDIR}"/${P}-libpng-1.5.patch + + # Fix building on PowerPC with Altivec + epatch "${FILESDIR}"/${P}-bool.patch + + # Addresses bug #466078 + epatch "${FILESDIR}"/${P}-CVE-2013-1953.patch + + sed -i -e 's:AM_CONFIG_HEADER:AC_CONFIG_HEADERS:' configure.in || die #468496 + + eautoreconf +} + +src_configure() { + econf \ + $(use_enable static-libs static) \ + $(use_with imagemagick magick) \ + --with-ming \ + --with-pstoedit +} + +src_install() { + default + prune_libtool_files --all +} diff --git a/media-gfx/autotrace/files/autotrace-0.31.1-CVE-2013-1953.patch b/media-gfx/autotrace/files/autotrace-0.31.1-CVE-2013-1953.patch new file mode 100644 index 000000000000..38d7eaece81c --- /dev/null +++ b/media-gfx/autotrace/files/autotrace-0.31.1-CVE-2013-1953.patch @@ -0,0 +1,12 @@ +diff -up autotrace-0.31.1/input-bmp.c.orig autotrace-0.31.1/input-bmp.c +--- autotrace-0.31.1/input-bmp.c.orig 2002-10-10 22:44:08.000000000 +0200 ++++ autotrace-0.31.1/input-bmp.c 2013-06-28 10:24:58.336056959 +0200 +@@ -166,7 +166,7 @@ input_bmp_reader (at_string filename, + /* 36 */ + Maps = 4; + } +- else if (Bitmap_File_Head.biSize <= 64) /* Probably OS/2 2.x */ ++ else if (Bitmap_File_Head.biSize >= 40 && Bitmap_File_Head.biSize <= 64) /* Probably OS/2 2.x */ + { + if (!ReadOK (fd, buffer, Bitmap_File_Head.biSize - 4)) + { -- cgit v1.2.3-18-g5258