From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id C886E1396D0 for ; Thu, 31 Aug 2017 12:37:51 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 254861FC066; Thu, 31 Aug 2017 12:37:51 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id E92BA1FC066 for ; Thu, 31 Aug 2017 12:37:50 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id B2FD333D3C7 for ; Thu, 31 Aug 2017 12:37:48 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 13FD48901 for ; Thu, 31 Aug 2017 12:37:47 +0000 (UTC) From: "Tim Harder" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Tim Harder" Message-ID: <1504182039.5e188d57a4d15b54693f00ab812279ea1b9544c7.radhermit@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: media-gfx/ufraw/, media-gfx/ufraw/files/ X-VCS-Repository: repo/gentoo X-VCS-Files: media-gfx/ufraw/Manifest media-gfx/ufraw/files/ufraw-0.21-CVE-2015-3885.patch media-gfx/ufraw/ufraw-0.21-r1.ebuild X-VCS-Directories: media-gfx/ufraw/files/ media-gfx/ufraw/ X-VCS-Committer: radhermit X-VCS-Committer-Name: Tim Harder X-VCS-Revision: 5e188d57a4d15b54693f00ab812279ea1b9544c7 X-VCS-Branch: master Date: Thu, 31 Aug 2017 12:37:47 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 6b91bb31-46e8-48af-a90f-62c9c1b7d0a8 X-Archives-Hash: 326772065d8985e61f032309a883c793 commit: 5e188d57a4d15b54693f00ab812279ea1b9544c7 Author: Tim Harder gentoo org> AuthorDate: Thu Aug 31 12:20:39 2017 +0000 Commit: Tim Harder gentoo org> CommitDate: Thu Aug 31 12:20:39 2017 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5e188d57 media-gfx/ufraw: remove old media-gfx/ufraw/Manifest | 1 - .../ufraw/files/ufraw-0.21-CVE-2015-3885.patch | 52 -------------- media-gfx/ufraw/ufraw-0.21-r1.ebuild | 80 ---------------------- 3 files changed, 133 deletions(-) diff --git a/media-gfx/ufraw/Manifest b/media-gfx/ufraw/Manifest index 751154ec8ef..de09e896d61 100644 --- a/media-gfx/ufraw/Manifest +++ b/media-gfx/ufraw/Manifest @@ -1,2 +1 @@ -DIST ufraw-0.21.tar.gz 1016298 SHA256 2a6a1bcc633bdc8e15615cf726befcd7f27ab00e7c2a518469a24e1a96964d87 SHA512 e1fbfcf7b6f15089d51626a3e2d3dc694aa79edfc0bdfe4a8be6f684d4a31a91c56502942174c0708de91413fe907acb5d2fa2ad9d1a5404eb66b14764909ae9 WHIRLPOOL 84e96894f9ecc9d3a81f96f7c58165e095553b9bab69343754c8a89ef18480f751745cb48e8846ea5db26d1077ace4104ef18d0c0546b2b54439819b81ee3a7c DIST ufraw-0.22.tar.gz 1103554 SHA256 f7abd28ce587db2a74b4c54149bd8a2523a7ddc09bedf4f923246ff0ae09a25e SHA512 a42eff5052c18afec90245cf97ceeade78e3f288186cf697ac4abf2e8290d4081db8ac4de3ae47b3774f30a6cb4cbda392099e6fd2125fe751abb40d9b065ad2 WHIRLPOOL 5cb53f83d2f2baccd0752a0898eb894b8e15ad234962f3e3cc4ae2166309cd68893dceef28d32018aa486da1a09c64df378a2569f764a42f8251f5a568c14e5f diff --git a/media-gfx/ufraw/files/ufraw-0.21-CVE-2015-3885.patch b/media-gfx/ufraw/files/ufraw-0.21-CVE-2015-3885.patch deleted file mode 100644 index c17c66c41ab..00000000000 --- a/media-gfx/ufraw/files/ufraw-0.21-CVE-2015-3885.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 6b4ff65c6fc1a88eaa7bfc1ee5a25413d171b5f7 Mon Sep 17 00:00:00 2001 -From: Nils Philippsen -Date: Thu, 21 May 2015 13:47:29 +0200 -Subject: [PATCH] patch: CVE-2015-3885 - -Squashed commit of the following: - -commit 8f2a2348638f74e059069d98a6329fcc656ae4b5 -Author: Nils Philippsen -Date: Tue May 19 11:36:57 2015 +0200 - - CVE-2015-3885: avoid overflowing array - - When reading raw image files containing lossless JPEG data, headers - could be manipulated to make the signed int variable 'len' negative - which specifies how much actual data follows. Interpreted as unsigned, - this could lead to reading file data past the 64k boundary of the array - used for storing it. To avoid that, make 'len' unsigned short, and bail - out early if its value would become invalid (i.e. <= 0). ---- - dcraw.cc | 8 +++++--- - 1 file changed, 5 insertions(+), 3 deletions(-) - -diff --git a/dcraw.cc b/dcraw.cc -index 75ea121..d9f96ff 100644 ---- a/dcraw.cc -+++ b/dcraw.cc -@@ -934,7 +934,8 @@ struct jhead { - - int CLASS ljpeg_start (struct jhead *jh, int info_only) - { -- int c, tag, len; -+ int c, tag; -+ ushort len; - uchar data[0x10000]; - const uchar *dp; - -@@ -945,8 +946,9 @@ int CLASS ljpeg_start (struct jhead *jh, int info_only) - do { - fread (data, 2, 2, ifp); - tag = data[0] << 8 | data[1]; -- len = (data[2] << 8 | data[3]) - 2; -- if (tag <= 0xff00) return 0; -+ len = (data[2] << 8 | data[3]); -+ if (tag <= 0xff00 || len <= 2) return 0; -+ len -= 2; - fread (data, 1, len, ifp); - switch (tag) { - case 0xffc3: --- -2.4.1 - diff --git a/media-gfx/ufraw/ufraw-0.21-r1.ebuild b/media-gfx/ufraw/ufraw-0.21-r1.ebuild deleted file mode 100644 index d5fd804c5dc..00000000000 --- a/media-gfx/ufraw/ufraw-0.21-r1.ebuild +++ /dev/null @@ -1,80 +0,0 @@ -# Copyright 1999-2017 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=5 -inherit autotools eutils fdo-mime gnome2-utils toolchain-funcs - -DESCRIPTION="RAW Image format viewer and GIMP plugin" -HOMEPAGE="http://ufraw.sourceforge.net/" -SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris" -IUSE="contrast fits gimp gnome gtk openmp timezone" - -REQUIRED_USE="gimp? ( gtk )" - -RDEPEND=" - dev-libs/glib:2= - >=media-gfx/exiv2-0.11:0= - media-libs/lcms:2= - >=media-libs/lensfun-0.2.5:= - media-libs/libpng:0= - media-libs/tiff:0= - virtual/jpeg:0= - fits? ( sci-libs/cfitsio:0= ) - gnome? ( >=gnome-base/gconf-2 ) - gtk? ( >=x11-libs/gtk+-2.6:2 - >=media-gfx/gtkimageview-1.5 ) - gimp? ( >=media-gfx/gimp-2 ) -" -DEPEND="${RDEPEND} - virtual/pkgconfig" - -src_prepare() { - epatch "${FILESDIR}"/${PN}-0.17-cfitsio-automagic.patch - epatch "${FILESDIR}"/${P}-CVE-2015-3885.patch - eautoreconf -} - -src_configure() { - econf \ - $(use_enable contrast) \ - $(use_with fits cfitsio) \ - $(use_with gimp) \ - $(use_enable gnome mime) \ - $(use_with gtk) \ - $(use_enable openmp) \ - $(use_enable timezone dst-correction) -} - -src_compile() { - emake AR="$(tc-getAR)" -} - -src_install() { - emake DESTDIR="${D}" schemasdir=/etc/gconf/schemas install - dodoc README TODO -} - -pkg_preinst() { - if use gnome; then - gnome2_gconf_savelist - fi -} - -pkg_postinst() { - if use gnome; then - fdo-mime_mime_database_update - fdo-mime_desktop_database_update - gnome2_gconf_install - fi -} - -pkg_postrm() { - if use gnome; then - fdo-mime_desktop_database_update - fdo-mime_mime_database_update - fi -}