From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1180224-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id CE5F71382C5
	for <garchives@archives.gentoo.org>; Wed, 17 Jun 2020 01:29:28 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id B26ADE09E4;
	Wed, 17 Jun 2020 01:29:26 +0000 (UTC)
Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 8A45FE09E4
	for <gentoo-commits@lists.gentoo.org>; Wed, 17 Jun 2020 01:29:26 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id F223034F05E
	for <gentoo-commits@lists.gentoo.org>; Wed, 17 Jun 2020 01:29:24 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 646081EF
	for <gentoo-commits@lists.gentoo.org>; Wed, 17 Jun 2020 01:29:22 +0000 (UTC)
From: "Thomas Deutschmann" <whissi@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Thomas Deutschmann" <whissi@gentoo.org>
Message-ID: <1592357186.ba6698e39be1eeb5fb0c06a89e8dcf239b5a19f2.whissi@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: media-gfx/graphicsmagick/files/, media-gfx/graphicsmagick/
X-VCS-Repository: repo/gentoo
X-VCS-Files: media-gfx/graphicsmagick/files/graphicsmagick-1.3.35-CVE-2020-12672.patch media-gfx/graphicsmagick/files/graphicsmagick-1.3.35-oss-fuzz-20045-20318-21956.patch media-gfx/graphicsmagick/files/graphicsmagick-1.3.35-oss-fuzz-23042.patch media-gfx/graphicsmagick/graphicsmagick-1.3.35-r1.ebuild
X-VCS-Directories: media-gfx/graphicsmagick/files/ media-gfx/graphicsmagick/
X-VCS-Committer: whissi
X-VCS-Committer-Name: Thomas Deutschmann
X-VCS-Revision: ba6698e39be1eeb5fb0c06a89e8dcf239b5a19f2
X-VCS-Branch: master
Date: Wed, 17 Jun 2020 01:29:22 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: f6877c99-59a1-49aa-825f-9b2067ac73db
X-Archives-Hash: 8297105a02bc5b774b18c49e5be6abe7

commit:     ba6698e39be1eeb5fb0c06a89e8dcf239b5a19f2
Author:     Sam James (sam_c) <sam <AT> cmpct <DOT> info>
AuthorDate: Mon Jun  8 07:40:04 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Jun 17 01:26:26 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ba6698e3

media-gfx/graphicsmagick: Security bump

Patches the following:

- CVE-2020-12672
* oss-fuzz
** 20045
** 20318
** 21956
** 23042

Bug: https://bugs.gentoo.org/721328
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Sam James (sam_c) <sam <AT> cmpct.info>
Closes: https://github.com/gentoo/gentoo/pull/16126
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 .../graphicsmagick-1.3.35-CVE-2020-12672.patch     |  67 ++++++++++
 ...smagick-1.3.35-oss-fuzz-20045-20318-21956.patch |  38 ++++++
 .../graphicsmagick-1.3.35-oss-fuzz-23042.patch     |  42 +++++++
 .../graphicsmagick/graphicsmagick-1.3.35-r1.ebuild | 135 +++++++++++++++++++++
 4 files changed, 282 insertions(+)

diff --git a/media-gfx/graphicsmagick/files/graphicsmagick-1.3.35-CVE-2020-12672.patch b/media-gfx/graphicsmagick/files/graphicsmagick-1.3.35-CVE-2020-12672.patch
new file mode 100644
index 00000000000..b314ea288e4
--- /dev/null
+++ b/media-gfx/graphicsmagick/files/graphicsmagick-1.3.35-CVE-2020-12672.patch
@@ -0,0 +1,67 @@
+diff -r 4917a4242fc0 -r 50395430a371 coders/png.c
+--- a/coders/png.c	Fri May 01 13:49:13 2020 -0500
++++ b/coders/png.c	Sat May 30 10:18:16 2020 -0500
+@@ -5304,7 +5304,7 @@
+               if (logging)
+                 (void) LogMagickEvent(CoderEvent,GetMagickModule(),
+                                       "MAGN chunk (%lu bytes): "
+-                                      "First_magnified_object_id=%u, Last_magnified_object_id=%u, "
++                                      "First_magnified_object_id=%u, Las t_magnified_object_id=%u, "
+                                       "MB=%u, ML=%u, MR=%u, MT=%u, MX=%u, MY=%u, "
+                                       "X_method=%u, Y_method=%u",
+                                       length,
+@@ -5679,6 +5679,8 @@
+           /*
+             If magnifying and a supported method is requested then
+             magnify the image.
++
++            http://www.libpng.org/pub/mng/spec/mng-1.0-20010209-pdg.html#mng-MAGN
+           */
+           if (((mng_info->magn_methx > 0) && (mng_info->magn_methx <= 5)) &&
+               ((mng_info->magn_methy > 0) && (mng_info->magn_methy <= 5)))
+@@ -5689,7 +5691,28 @@
+ 
+               if (logging)
+                 (void) LogMagickEvent(CoderEvent,GetMagickModule(),
+-                                      "  Processing MNG MAGN chunk");
++                                      "  Processing MNG MAGN chunk: MB=%u, ML=%u,"
++                                      " MR=%u, MT=%u, MX=%u, MY=%u,"
++                                      " X_method=%u, Y_method=%u",
++                                      mng_info->magn_mb,mng_info->magn_ml,
++                                      mng_info->magn_mr,mng_info->magn_mt,
++                                      mng_info->magn_mx,mng_info->magn_my,
++                                      mng_info->magn_methx,
++                                      mng_info->magn_methy);
++
++              /*
++                If the image width is 1, then X magnification is done
++                by simple pixel replication.
++              */
++              if (image->columns == 1)
++                  mng_info->magn_methx = 1;
++
++              /*
++                If the image height is 1, then Y magnification is done
++                by simple pixel replication.
++              */
++              if (image->rows == 1)
++                  mng_info->magn_methy = 1;
+ 
+               if (mng_info->magn_methx == 1)
+                 {
+@@ -5734,12 +5757,10 @@
+                   Image
+                     *large_image;
+ 
+-                  int
+-                    yy;
+-
+                   long
+                     m,
+-                    y;
++                    y,
++                    yy;
+ 
+                   register long
+                     x;
+

diff --git a/media-gfx/graphicsmagick/files/graphicsmagick-1.3.35-oss-fuzz-20045-20318-21956.patch b/media-gfx/graphicsmagick/files/graphicsmagick-1.3.35-oss-fuzz-20045-20318-21956.patch
new file mode 100644
index 00000000000..c7921dd2e69
--- /dev/null
+++ b/media-gfx/graphicsmagick/files/graphicsmagick-1.3.35-oss-fuzz-20045-20318-21956.patch
@@ -0,0 +1,38 @@
+diff -r 50395430a371 -r 83b4d2b4b873 coders/wpg.c
+--- a/coders/wpg.c	Sat May 30 10:18:16 2020 -0500
++++ b/coders/wpg.c	Sat May 30 17:33:51 2020 -0500
+@@ -403,7 +403,7 @@
+   x++; \
+   if((long) x>=ldblk) \
+   { \
+-    if(InsertRow(BImgBuff,y,image,bpp)==MagickFail) RetVal=-6; \
++    if(InsertRow(BImgBuff,y,image,bpp)==MagickFail) { RetVal=-6; goto unpack_wpg_raser_error; } \
+     x=0; \
+     y++; \
+     if(y>=image->rows) break; \
+@@ -537,6 +537,7 @@
+         }
+       }
+     }
++unpack_wpg_raser_error:;
+   MagickFreeMemory(BImgBuff);
+   return(RetVal);
+ }
+@@ -552,7 +553,7 @@
+   x++; \
+   if((long) x >= ldblk) \
+   { \
+-    if(InsertRow(BImgBuff,(long) y,image,bpp)==MagickFail) RetVal=-6; \
++    if(InsertRow(BImgBuff,(long) y,image,bpp)==MagickFail) { RetVal=-6; goto unpack_wpg2_error; } \
+     x=0; \
+     y++; \
+     XorMe = 0; \
+@@ -729,6 +730,7 @@
+             }
+         }
+     }
++unpack_wpg2_error:;
+   FreeUnpackWPG2RasterAllocs(BImgBuff,UpImgBuff);
+   return(RetVal);
+ }
+

diff --git a/media-gfx/graphicsmagick/files/graphicsmagick-1.3.35-oss-fuzz-23042.patch b/media-gfx/graphicsmagick/files/graphicsmagick-1.3.35-oss-fuzz-23042.patch
new file mode 100644
index 00000000000..197a230a340
--- /dev/null
+++ b/media-gfx/graphicsmagick/files/graphicsmagick-1.3.35-oss-fuzz-23042.patch
@@ -0,0 +1,42 @@
+diff -r 24ed4812e580 -r b0aa53a5f970 coders/wpg.c
+--- a/coders/wpg.c	Tue Jun 02 07:45:45 2020 -0500
++++ b/coders/wpg.c	Sat Jun 06 14:12:18 2020 -0500
+@@ -413,9 +413,12 @@
+ 
+ /** Call this function to ensure that all data matrix is filled with something. This function
+  * is used only to error recovery. */
+-static void ZeroFillMissingData(unsigned char *BImgBuff,unsigned long x, unsigned long y, Image *image,
+-                                int bpp, long ldblk)
++static MagickPassFail ZeroFillMissingData(unsigned char *BImgBuff,unsigned long x, unsigned long y, Image *image,
++                                          int bpp, long ldblk)
+ {
++  MagickPassFail
++    status = MagickPass;
++
+   while(y<image->rows && image->exception.severity!=UndefinedException)
+   {
+     if((long) x<ldblk) 
+@@ -427,9 +430,13 @@
+         x = 0;		/* Next pass will need to clear whole row */
+     }
+     if(InsertRow(BImgBuff,y,image,bpp) == MagickFail)
+-      break;
++      {
++        status = MagickFail;
++        break;
++      }
+     y++;
+   }
++  return status;
+ }
+ 
+ 
+@@ -528,7 +535,6 @@
+                 }
+               if(InsertRow(BImgBuff,y,image,bpp)==MagickFail)
+                 { 
+-                  ZeroFillMissingData(BImgBuff,x,y,image,bpp,ldblk);
+                   MagickFreeMemory(BImgBuff);
+                   return(-6);
+                 }
+

diff --git a/media-gfx/graphicsmagick/graphicsmagick-1.3.35-r1.ebuild b/media-gfx/graphicsmagick/graphicsmagick-1.3.35-r1.ebuild
new file mode 100644
index 00000000000..46738d53d25
--- /dev/null
+++ b/media-gfx/graphicsmagick/graphicsmagick-1.3.35-r1.ebuild
@@ -0,0 +1,135 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+inherit autotools toolchain-funcs
+
+MY_P=${P/graphicsm/GraphicsM}
+
+DESCRIPTION="Collection of tools and libraries for many image formats"
+HOMEPAGE="http://www.graphicsmagick.org/"
+LICENSE="MIT"
+SLOT="0/${PV%.*}"
+
+if [[ ${PV} == "9999" ]] ; then
+	inherit mercurial
+	EHG_REPO_URI="http://hg.code.sf.net/p/${PN}/code"
+else
+	SRC_URI="mirror://sourceforge/${PN}/${MY_P}.tar.xz"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos"
+fi
+
+IUSE="bzip2 +cxx debug fpx imagemagick jbig jpeg lcms lzma modules openmp
+	perl png postscript q16 q32 static-libs svg threads tiff truetype
+	webp wmf X zlib"
+
+RDEPEND="dev-libs/libltdl:0
+	bzip2? ( app-arch/bzip2 )
+	fpx? ( media-libs/libfpx )
+	imagemagick? ( !media-gfx/imagemagick )
+	jbig? ( media-libs/jbigkit )
+	jpeg? ( virtual/jpeg:0 )
+	lcms? ( media-libs/lcms:2 )
+	lzma? ( app-arch/xz-utils )
+	perl? ( dev-lang/perl:= )
+	png? ( media-libs/libpng:0= )
+	postscript? ( app-text/ghostscript-gpl )
+	svg? ( dev-libs/libxml2 )
+	tiff? ( media-libs/tiff:0 )
+	truetype? (
+		media-fonts/urw-fonts
+		>=media-libs/freetype-2
+		)
+	webp? ( media-libs/libwebp:= )
+	wmf? ( media-libs/libwmf )
+	X? (
+		x11-libs/libSM
+		x11-libs/libXext
+		)
+	zlib? ( sys-libs/zlib )"
+DEPEND="${RDEPEND}"
+
+S=${WORKDIR}/${MY_P}
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.3.19-flags.patch
+	"${FILESDIR}"/${PN}-1.3.19-perl.patch
+	"${FILESDIR}"/${P}-CVE-2020-12672.patch
+	"${FILESDIR}"/${P}-oss-fuzz-20045-20318-21956.patch
+	"${FILESDIR}"/${P}-oss-fuzz-23042.patch
+)
+
+src_prepare() {
+	default
+	eautoreconf
+}
+
+src_configure() {
+	local depth=8
+	use q16 && depth=16
+	use q32 && depth=32
+
+	local openmp=disable
+	if use openmp && tc-has-openmp; then
+		openmp=enable
+	fi
+
+	local myeconfargs=(
+		--${openmp}-openmp
+		--enable-largefile
+		--enable-shared
+		$(use_enable static-libs static)
+		$(use_enable debug prof)
+		$(use_enable debug gcov)
+		$(use_enable imagemagick magick-compat)
+		$(use_with threads)
+		$(use_with modules)
+		--with-quantum-depth=${depth}
+		--without-frozenpaths
+		$(use_with cxx magick-plus-plus)
+		$(use_with perl)
+		--with-perl-options=INSTALLDIRS=vendor
+		$(use_with bzip2 bzlib)
+		$(use_with postscript dps)
+		$(use_with fpx)
+		$(use_with jbig)
+		$(use_with webp)
+		$(use_with jpeg)
+		--without-jp2
+		$(use_with lcms lcms2)
+		$(use_with lzma)
+		$(use_with png)
+		$(use_with tiff)
+		$(use_with truetype ttf)
+		$(use_with wmf)
+		--with-fontpath="${EPREFIX}"/usr/share/fonts
+		--with-gs-font-dir="${EPREFIX}"/usr/share/fonts/urw-fonts
+		--with-windows-font-dir="${EPREFIX}"/usr/share/fonts/corefonts
+		$(use_with svg xml)
+		$(use_with zlib)
+		$(use_with X x)
+	)
+	econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+	default
+	use perl && emake perl-build
+}
+
+src_test() {
+	unset DISPLAY # some perl tests fail when DISPLAY is set
+	default
+}
+
+src_install() {
+	default
+
+	if use perl; then
+		emake -C PerlMagick DESTDIR="${D}" install
+		find "${ED}" -type f -name perllocal.pod -exec rm -f {} + || die
+		find "${ED}" -depth -mindepth 1 -type d -empty -exec rm -rf {} + || die
+	fi
+
+	find "${ED}" -name '*.la' -exec sed -i -e "/^dependency_libs/s:=.*:='':" {} + || die
+}