* [gentoo-commits] repo/gentoo:master commit in: media-gfx/autotrace/files/, media-gfx/autotrace/
@ 2016-07-02 3:06 Aaron Bauman
0 siblings, 0 replies; only message in thread
From: Aaron Bauman @ 2016-07-02 3:06 UTC (permalink / raw
To: gentoo-commits
commit: b6d1c95e6a0a3ea6ae4d8b397845120e23e0f67b
Author: Aaron Bauman <bman <AT> gentoo <DOT> org>
AuthorDate: Sat Jul 2 03:04:11 2016 +0000
Commit: Aaron Bauman <bman <AT> gentoo <DOT> org>
CommitDate: Sat Jul 2 03:04:11 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b6d1c95e
media-gfx/autotrace: add patch for CVE-2013-1953 per security bug #466078
media-gfx/autotrace/autotrace-0.31.1-r7.ebuild | 61 ++++++++++++++++++++++
.../files/autotrace-0.31.1-CVE-2013-1953.patch | 12 +++++
2 files changed, 73 insertions(+)
diff --git a/media-gfx/autotrace/autotrace-0.31.1-r7.ebuild b/media-gfx/autotrace/autotrace-0.31.1-r7.ebuild
new file mode 100644
index 0000000..f24dea4
--- /dev/null
+++ b/media-gfx/autotrace/autotrace-0.31.1-r7.ebuild
@@ -0,0 +1,61 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+inherit autotools eutils
+
+_dpatch=15
+
+DESCRIPTION="A program for converting bitmaps to vector graphics"
+HOMEPAGE="http://packages.qa.debian.org/a/autotrace.html http://autotrace.sourceforge.net/"
+SRC_URI="mirror://debian/pool/main/a/${PN}/${PN}_${PV}.orig.tar.gz
+ mirror://debian/pool/main/a/${PN}/${PN}_${PV}-${_dpatch}.diff.gz"
+
+LICENSE="GPL-2 LGPL-2.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~amd64-fbsd ~x86-fbsd"
+IUSE="+imagemagick static-libs"
+
+RDEPEND="media-libs/libexif:=
+ media-libs/libpng:0=
+ >=media-libs/ming-0.4.2:=
+ >=media-gfx/pstoedit-3.50:=
+ imagemagick? ( >=media-gfx/imagemagick-6.6.2.5 )"
+DEPEND="${RDEPEND}
+ virtual/pkgconfig"
+
+DOCS=( AUTHORS ChangeLog NEWS README )
+
+src_prepare() {
+ epatch "${WORKDIR}"/${PN}_${PV}-${_dpatch}.diff
+
+ epatch \
+ "${FILESDIR}"/${P}-{m4,libpng14,pkgconfig}.patch \
+ "${FILESDIR}"/${P}-swf-output.patch \
+ "${FILESDIR}"/${P}-GetOnePixel.patch \
+ "${FILESDIR}"/${P}-libpng-1.5.patch
+
+ # Fix building on PowerPC with Altivec
+ epatch "${FILESDIR}"/${P}-bool.patch
+
+ # Addresses bug #466078
+ epatch "${FILESDIR}"/${P}-CVE-2013-1953.patch
+
+ sed -i -e 's:AM_CONFIG_HEADER:AC_CONFIG_HEADERS:' configure.in || die #468496
+
+ eautoreconf
+}
+
+src_configure() {
+ econf \
+ $(use_enable static-libs static) \
+ $(use_with imagemagick magick) \
+ --with-ming \
+ --with-pstoedit
+}
+
+src_install() {
+ default
+ prune_libtool_files --all
+}
diff --git a/media-gfx/autotrace/files/autotrace-0.31.1-CVE-2013-1953.patch b/media-gfx/autotrace/files/autotrace-0.31.1-CVE-2013-1953.patch
new file mode 100644
index 0000000..38d7eae
--- /dev/null
+++ b/media-gfx/autotrace/files/autotrace-0.31.1-CVE-2013-1953.patch
@@ -0,0 +1,12 @@
+diff -up autotrace-0.31.1/input-bmp.c.orig autotrace-0.31.1/input-bmp.c
+--- autotrace-0.31.1/input-bmp.c.orig 2002-10-10 22:44:08.000000000 +0200
++++ autotrace-0.31.1/input-bmp.c 2013-06-28 10:24:58.336056959 +0200
+@@ -166,7 +166,7 @@ input_bmp_reader (at_string filename,
+ /* 36 */
+ Maps = 4;
+ }
+- else if (Bitmap_File_Head.biSize <= 64) /* Probably OS/2 2.x */
++ else if (Bitmap_File_Head.biSize >= 40 && Bitmap_File_Head.biSize <= 64) /* Probably OS/2 2.x */
+ {
+ if (!ReadOK (fd, buffer, Bitmap_File_Head.biSize - 4))
+ {
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2016-07-02 3:06 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-07-02 3:06 [gentoo-commits] repo/gentoo:master commit in: media-gfx/autotrace/files/, media-gfx/autotrace/ Aaron Bauman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox