diff options
author | Johannes Huber <johu@gentoo.org> | 2015-01-20 21:40:26 +0000 |
---|---|---|
committer | Johannes Huber <johu@gentoo.org> | 2015-01-20 21:40:26 +0000 |
commit | 46961b748e12f662627668e4b13737fe65d1cf8e (patch) | |
tree | 30ad99675b32cc9a5fc6a7ca208a26d42f94488b /media-gfx/exiv2 | |
parent | Revision bumps backports upstream patch to fix CVE-2013-7252, bug #496768. (diff) | |
download | gentoo-2-46961b748e12f662627668e4b13737fe65d1cf8e.tar.gz gentoo-2-46961b748e12f662627668e4b13737fe65d1cf8e.tar.bz2 gentoo-2-46961b748e12f662627668e4b13737fe65d1cf8e.zip |
Revision bump adds patch from fedora to fix CVE-2014-9449, bug #534608. Thanks to Pacho Ramos <pacho@gentoo.org> for spotting the patch.
(Portage version: 2.2.15/cvs/Linux x86_64, signed Manifest commit with key F3CFD2BD)
Diffstat (limited to 'media-gfx/exiv2')
-rw-r--r-- | media-gfx/exiv2/ChangeLog | 11 | ||||
-rw-r--r-- | media-gfx/exiv2/exiv2-0.24-r1.ebuild | 136 | ||||
-rw-r--r-- | media-gfx/exiv2/files/exiv2-0.24-CVE-2014-9449.patch | 27 |
3 files changed, 172 insertions, 2 deletions
diff --git a/media-gfx/exiv2/ChangeLog b/media-gfx/exiv2/ChangeLog index 3cdde7e0fe65..57bc68737628 100644 --- a/media-gfx/exiv2/ChangeLog +++ b/media-gfx/exiv2/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for media-gfx/exiv2 -# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/media-gfx/exiv2/ChangeLog,v 1.129 2014/12/20 16:50:27 maekke Exp $ +# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/media-gfx/exiv2/ChangeLog,v 1.130 2015/01/20 21:40:26 johu Exp $ + +*exiv2-0.24-r1 (20 Jan 2015) + + 20 Jan 2015; Johannes Huber <johu@gentoo.org> +exiv2-0.24-r1.ebuild, + +files/exiv2-0.24-CVE-2014-9449.patch: + Revision bump adds patch from fedora to fix CVE-2014-9449, bug #534608. Thanks + to Pacho Ramos <pacho@gentoo.org> for spotting the patch. 20 Dec 2014; Markus Meier <maekke@gentoo.org> exiv2-0.24.ebuild: arm stable, bug #526042 diff --git a/media-gfx/exiv2/exiv2-0.24-r1.ebuild b/media-gfx/exiv2/exiv2-0.24-r1.ebuild new file mode 100644 index 000000000000..5e50ec0ab1c1 --- /dev/null +++ b/media-gfx/exiv2/exiv2-0.24-r1.ebuild @@ -0,0 +1,136 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/media-gfx/exiv2/exiv2-0.24-r1.ebuild,v 1.1 2015/01/20 21:40:26 johu Exp $ + +EAPI=5 +AUTOTOOLS_IN_SOURCE_BUILD=1 +PYTHON_COMPAT=( python{2_7,3_3,3_4} ) + +inherit eutils multilib toolchain-funcs python-any-r1 autotools-multilib + +DESCRIPTION="EXIF and IPTC metadata C++ library and command line utility" +HOMEPAGE="http://www.exiv2.org/" +SRC_URI="http://www.exiv2.org/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0/13" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris" +IUSE_LINGUAS="de es fi fr pl ru sk" +IUSE="contrib doc examples nls xmp zlib static-libs $(printf 'linguas_%s ' ${IUSE_LINGUAS})" + +RDEPEND=" + >=virtual/libiconv-0-r1[${MULTILIB_USEDEP}] + nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] ) + xmp? ( >=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}] ) + zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] ) +" + +DEPEND="${RDEPEND} + contrib? ( >=dev-libs/boost-1.44 ) + doc? ( + app-doc/doxygen + dev-libs/libxslt + virtual/pkgconfig + media-gfx/graphviz + ${PYTHON_DEPS} + ) + nls? ( sys-devel/gettext ) +" + +DOCS=( README doc/ChangeLog doc/cmd.txt ) + +PATCHES=( "${FILESDIR}/${P}-CVE-2014-9449.patch" ) + +pkg_setup() { + use doc && python-any-r1_pkg_setup +} + +src_prepare() { + # convert docs to UTF-8 + local i + for i in doc/cmd.txt; do + einfo "Converting "${i}" to UTF-8" + iconv -f LATIN1 -t UTF-8 "${i}" > "${i}~" && mv -f "${i}~" "${i}" || rm -f "${i}~" + done + + if use doc; then + einfo "Updating doxygen config" + doxygen 2>&1 >/dev/null -u config/Doxyfile + fi + + if use contrib; then + # create build environment for contrib + ln -snf ../../src contrib/organize/exiv2 + sed -i -e 's:/usr/local/include/.*:'"${EPREFIX}"'/usr/include:g' \ + -e 's:/usr/local/lib/lib:-l:g' -e 's:-gcc..-mt-._..\.a::g' \ + contrib/organize/boost.mk || die + fi + + epatch "${FILESDIR}/${PN}-0.24-python3.patch" + + # set locale to safe value for the sed commands (bug #382731) + sed -i -r "s,(\s+)sed\s,\1LC_ALL="C" sed ,g" src/Makefile || die + + autotools-multilib_src_prepare +} + +multilib_src_configure() { + local myeconfargs=( + $(use_enable nls) + $(use_enable xmp) + $(use_enable static-libs static) + ) + + # plain 'use_with' fails + use zlib || myeconfargs+=( --without-zlib ) + + # Bug #78720. amd64/gcc-3.4/-fvisibility* fail. + if [[ ${ABI} == amd64 && $(gcc-major-version) -lt 4 ]]; then + myeconfargs+=( --disable-visibility ) + fi + + autotools-utils_src_configure +} + +multilib_src_compile() { + # Needed for Solaris because /bin/sh is not a bash, bug #245647 + sed -i -e "s:/bin/sh:${EPREFIX}/bin/sh:" src/Makefile || die "sed failed" + emake + + if multilib_is_native_abi; then + if use contrib; then + emake -C contrib/organize \ + LDFLAGS="\$(BOOST_LIBS) -L../../src -lexiv2 ${LDFLAGS}" \ + CPPFLAGS="${CPPFLAGS} -I\$(BOOST_INC_DIR) -I. -DEXV_HAVE_STDINT_H" + fi + + if use doc; then + emake samples + emake doc + fi + fi +} + +multilib_src_install() { + autotools-utils_src_install + + if multilib_is_native_abi; then + if use contrib; then + emake DESTDIR="${D}" -C contrib/organize install + fi + + use doc && dohtml -r doc/html/. + fi +} + +multilib_src_install_all() { + einstalldocs + prune_libtool_files --all + + use xmp && dodoc doc/{COPYING-XMPSDK,README-XMP,cmdxmp.txt} + if use examples; then + insinto /usr/share/doc/${PF}/examples + docompress -x /usr/share/doc/${PF}/examples + doins samples/*.cpp + fi +} diff --git a/media-gfx/exiv2/files/exiv2-0.24-CVE-2014-9449.patch b/media-gfx/exiv2/files/exiv2-0.24-CVE-2014-9449.patch new file mode 100644 index 000000000000..cf1b46fbf69c --- /dev/null +++ b/media-gfx/exiv2/files/exiv2-0.24-CVE-2014-9449.patch @@ -0,0 +1,27 @@ +diff -up exiv2-0.24/src/riffvideo.cpp.CVE-2014-9449 exiv2-0.24/src/riffvideo.cpp +--- exiv2-0.24/src/riffvideo.cpp.CVE-2014-9449 2013-12-01 06:13:42.000000000 -0600 ++++ exiv2-0.24/src/riffvideo.cpp 2015-01-05 11:21:42.306728309 -0600 +@@ -856,7 +856,7 @@ namespace Exiv2 { + + void RiffVideo::infoTagsHandler() + { +- const long bufMinSize = 100; ++ const long bufMinSize = 10000; + DataBuf buf(bufMinSize); + buf.pData_[4] = '\0'; + io_->seek(-12, BasicIo::cur); +@@ -879,10 +879,14 @@ namespace Exiv2 { + if(infoSize >= 0) { + size -= infoSize; + io_->read(buf.pData_, infoSize); ++ if(infoSize < 4) ++ buf.pData_[infoSize] = '\0'; + } + + if(tv) + xmpData_[exvGettext(tv->label_)] = buf.pData_; ++ else ++ continue; + } + io_->seek(cur_pos + size_external, BasicIo::beg); + } // RiffVideo::infoTagsHandler |