diff options
author | Repository QA checks <repo-qa-checks@gentoo.org> | 2017-11-21 20:01:51 +0000 |
---|---|---|
committer | Repository QA checks <repo-qa-checks@gentoo.org> | 2017-11-21 20:01:51 +0000 |
commit | 0def2cb94f253db777ae4f749f66e0c641d376e8 (patch) | |
tree | d1f7197b04d477d0b374f74461d4a5d428a9e4ad | |
parent | 2017-11-21 19:42:58 UTC (diff) | |
parent | media-gfx/optipng: CVE-2017-1000229 (diff) | |
download | gentoo-0def2cb94f253db777ae4f749f66e0c641d376e8.tar.gz gentoo-0def2cb94f253db777ae4f749f66e0c641d376e8.tar.bz2 gentoo-0def2cb94f253db777ae4f749f66e0c641d376e8.zip |
Merge updates from master
-rw-r--r-- | app-emacs/lua-mode/Manifest | 2 | ||||
-rw-r--r-- | media-gfx/optipng/files/optipng-0.7.6-cve-2017-1000229.patch | 25 | ||||
-rw-r--r-- | media-gfx/optipng/optipng-0.7.6-r1.ebuild | 56 | ||||
-rw-r--r-- | profiles/hardened/linux/musl/x86/use.mask | 3 |
4 files changed, 85 insertions, 1 deletions
diff --git a/app-emacs/lua-mode/Manifest b/app-emacs/lua-mode/Manifest index 99d224cdd884..469d4cfe6d59 100644 --- a/app-emacs/lua-mode/Manifest +++ b/app-emacs/lua-mode/Manifest @@ -1 +1 @@ -DIST lua-mode-20130419.tar.gz 26236 SHA256 75c1696421983fbb58946ea649d2917f0deefc8b4f1dbc16b819e0cd603e396a SHA512 1fecd953b5b08dad26345c6e0d2006f35f92082d7cd244e4d668808a2694271605f10eb15d7b62ab8fbdf029fa6bac8bcebe8c8d4ef782dbd63ebcce8abc8439 WHIRLPOOL 4477da3bfb707459c14cefbc55ca7303b1774627c143cfe1d2dc3e70a7843fd7f9d0090f4640b934482a39b020afaf09b4dfd0b8ef10fd46f71b3d2c799e6347 +DIST lua-mode-20130419.tar.gz 26242 BLAKE2B 25f75c70982ba2fb0077fb249501367f9dde3eee5ff7bb45c0d8d97857b6268c481652e06e5a92bd04d9b9fcac0fa3368dfbdc3efcbaefc34268aeb490ac6ad9 SHA512 e66ebe6c953e81b07a8f9d86264b1baa5e0b730a6d26b1acf7fb48ceb8cc0f008cdea0046d89e380fefefe0e0b189ef360280236befc79ade69e0622a2e7eb92 diff --git a/media-gfx/optipng/files/optipng-0.7.6-cve-2017-1000229.patch b/media-gfx/optipng/files/optipng-0.7.6-cve-2017-1000229.patch new file mode 100644 index 000000000000..19dc3ad0c57b --- /dev/null +++ b/media-gfx/optipng/files/optipng-0.7.6-cve-2017-1000229.patch @@ -0,0 +1,25 @@ +From 77ac8e9fd9b2c1aeec3951e2bb50f7cc2c1e92d2 Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping <sebastian@pipping.org> +Date: Sun, 19 Nov 2017 16:04:26 +0100 +Subject: [PATCH] Prevent integer overflow (bug #65, CVE-2017-1000229) + +--- + src/minitiff/tiffread.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/minitiff/tiffread.c b/src/minitiff/tiffread.c +index b4910ec..5f9b376 100644 +--- a/src/minitiff/tiffread.c ++++ b/src/minitiff/tiffread.c +@@ -350,6 +350,8 @@ minitiff_read_info(struct minitiff_info *tiff_ptr, FILE *fp) + count = tiff_ptr->strip_offsets_count; + if (count == 0 || count > tiff_ptr->height) + goto err_invalid; ++ if (count > (size_t)-1 / sizeof(long)) ++ goto err_memory; + tiff_ptr->strip_offsets = (long *)malloc(count * sizeof(long)); + if (tiff_ptr->strip_offsets == NULL) + goto err_memory; +-- +2.14.2 + diff --git a/media-gfx/optipng/optipng-0.7.6-r1.ebuild b/media-gfx/optipng/optipng-0.7.6-r1.ebuild new file mode 100644 index 000000000000..becde449ea44 --- /dev/null +++ b/media-gfx/optipng/optipng-0.7.6-r1.ebuild @@ -0,0 +1,56 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=4 + +inherit eutils toolchain-funcs + +DESCRIPTION="Compress PNG files without affecting image quality" +HOMEPAGE="http://optipng.sourceforge.net/" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" + +LICENSE="ZLIB" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos ~x86-solaris" +IUSE="" + +RDEPEND="sys-libs/zlib + media-libs/libpng:0" +DEPEND="${RDEPEND} + sys-apps/findutils" + +src_prepare() { + epatch "${FILESDIR}"/${PN}-0.7.5-estonian.patch + epatch "${FILESDIR}"/${PN}-0.7.6-cve-2017-1000229.patch # bug 637936 + + rm -R src/{libpng,zlib} || die + find . -type d -name build -exec rm -R {} + || die + + # next release is almost a complete rewrite, so plug this compilation + # problem in anticipation of the much (c)leaner(?) rewrite + sed -i \ + -e 's/^#ifdef AT_FDCWD/#if defined(AT_FDCWD) \&\& !(defined (__SVR4) \&\& defined (__sun))/' \ + src/optipng/osys.c || die + + tc-export CC AR RANLIB + export LD=$(tc-getCC) +} + +src_configure() { + ./configure \ + -with-system-libpng \ + -with-system-zlib \ + || die "configure failed" +} + +src_compile() { + emake -C src/optipng +} + +src_install() { + dodoc README.txt doc/*.txt + dohtml doc/*.html + doman src/${PN}/man/${PN}.1 + + dobin src/${PN}/${PN} +} diff --git a/profiles/hardened/linux/musl/x86/use.mask b/profiles/hardened/linux/musl/x86/use.mask index a70efb03255b..61e5564be9fc 100644 --- a/profiles/hardened/linux/musl/x86/use.mask +++ b/profiles/hardened/linux/musl/x86/use.mask @@ -5,6 +5,9 @@ -x86 -abi_x86_32 +# ssp is broken on x86 musl. This is critical for gcc-6. +ssp + # unmask all SIMD assembler flags -cpu_flags_x86_3dnow -cpu_flags_x86_3dnowext |