Revision bump adds patch from fedora to fix CVE-2014-9449, bug #534608. Thanks to Pacho Ramos <pacho@gentoo.org> for spotting the patch.

(Portage version: 2.2.15/cvs/Linux x86_64, signed Manifest commit with key F3CFD2BD)
author: Johannes Huber <johu@gentoo.org> 2015-01-20 21:40:26 +0000
committer: Johannes Huber <johu@gentoo.org> 2015-01-20 21:40:26 +0000
commit: 46961b748e12f662627668e4b13737fe65d1cf8e (patch)
tree: 30ad99675b32cc9a5fc6a7ca208a26d42f94488b /media-gfx/exiv2
parent: Revision bumps backports upstream patch to fix CVE-2013-7252, bug #496768. (diff)
download: gentoo-2-46961b748e12f662627668e4b13737fe65d1cf8e.tar.gz
gentoo-2-46961b748e12f662627668e4b13737fe65d1cf8e.tar.bz2
gentoo-2-46961b748e12f662627668e4b13737fe65d1cf8e.zip
3 files changed, 172 insertions, 2 deletions
diff --git a/media-gfx/exiv2/ChangeLog b/media-gfx/exiv2/ChangeLog
index 3cdde7e0fe65..57bc68737628 100644
--- a/media-gfx/exiv2/ChangeLog
+++ b/media-gfx/exiv2/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for media-gfx/exiv2
-# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-gfx/exiv2/ChangeLog,v 1.129 2014/12/20 16:50:27 maekke Exp $
+# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/media-gfx/exiv2/ChangeLog,v 1.130 2015/01/20 21:40:26 johu Exp $
+
+*exiv2-0.24-r1 (20 Jan 2015)
+
+  20 Jan 2015; Johannes Huber <johu@gentoo.org> +exiv2-0.24-r1.ebuild,
+  +files/exiv2-0.24-CVE-2014-9449.patch:
+  Revision bump adds patch from fedora to fix CVE-2014-9449, bug #534608. Thanks
+  to Pacho Ramos <pacho@gentoo.org> for spotting the patch.
 
   20 Dec 2014; Markus Meier <maekke@gentoo.org> exiv2-0.24.ebuild:
   arm stable, bug #526042
diff --git a/media-gfx/exiv2/exiv2-0.24-r1.ebuild b/media-gfx/exiv2/exiv2-0.24-r1.ebuild
new file mode 100644
index 000000000000..5e50ec0ab1c1
--- /dev/null
+++ b/media-gfx/exiv2/exiv2-0.24-r1.ebuild
@@ -0,0 +1,136 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/media-gfx/exiv2/exiv2-0.24-r1.ebuild,v 1.1 2015/01/20 21:40:26 johu Exp $
+
+EAPI=5
+AUTOTOOLS_IN_SOURCE_BUILD=1
+PYTHON_COMPAT=( python{2_7,3_3,3_4} )
+
+inherit eutils multilib toolchain-funcs python-any-r1 autotools-multilib
+
+DESCRIPTION="EXIF and IPTC metadata C++ library and command line utility"
+HOMEPAGE="http://www.exiv2.org/"
+SRC_URI="http://www.exiv2.org/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0/13"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+IUSE_LINGUAS="de es fi fr pl ru sk"
+IUSE="contrib doc examples nls xmp zlib static-libs $(printf 'linguas_%s ' ${IUSE_LINGUAS})"
+
+RDEPEND="
+	>=virtual/libiconv-0-r1[${MULTILIB_USEDEP}]
+	nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )
+	xmp? ( >=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}] )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
+"
+
+DEPEND="${RDEPEND}
+	contrib? ( >=dev-libs/boost-1.44 )
+	doc? (
+		app-doc/doxygen
+		dev-libs/libxslt
+		virtual/pkgconfig
+		media-gfx/graphviz
+		${PYTHON_DEPS}
+	)
+	nls? ( sys-devel/gettext )
+"
+
+DOCS=( README doc/ChangeLog doc/cmd.txt )
+
+PATCHES=( "${FILESDIR}/${P}-CVE-2014-9449.patch" )
+
+pkg_setup() {
+	use doc && python-any-r1_pkg_setup
+}
+
+src_prepare() {
+	# convert docs to UTF-8
+	local i
+	for i in doc/cmd.txt; do
+		einfo "Converting "${i}" to UTF-8"
+		iconv -f LATIN1 -t UTF-8 "${i}" > "${i}~" && mv -f "${i}~" "${i}" || rm -f "${i}~"
+	done
+
+	if use doc; then
+		einfo "Updating doxygen config"
+		doxygen 2>&1 >/dev/null -u config/Doxyfile
+	fi
+
+	if use contrib; then
+		# create build environment for contrib
+		ln -snf ../../src contrib/organize/exiv2
+		sed -i -e 's:/usr/local/include/.*:'"${EPREFIX}"'/usr/include:g' \
+			-e 's:/usr/local/lib/lib:-l:g' -e 's:-gcc..-mt-._..\.a::g' \
+			contrib/organize/boost.mk || die
+	fi
+
+	epatch "${FILESDIR}/${PN}-0.24-python3.patch"
+
+	# set locale to safe value for the sed commands (bug #382731)
+	sed -i -r "s,(\s+)sed\s,\1LC_ALL="C" sed ,g" src/Makefile || die
+
+	autotools-multilib_src_prepare
+}
+
+multilib_src_configure() {
+	local myeconfargs=(
+		$(use_enable nls)
+		$(use_enable xmp)
+		$(use_enable static-libs static)
+	)
+
+	# plain 'use_with' fails
+	use zlib || myeconfargs+=( --without-zlib )
+
+	# Bug #78720. amd64/gcc-3.4/-fvisibility* fail.
+	if [[ ${ABI} == amd64 && $(gcc-major-version) -lt 4 ]]; then
+		myeconfargs+=( --disable-visibility )
+	fi
+
+	autotools-utils_src_configure
+}
+
+multilib_src_compile() {
+	# Needed for Solaris because /bin/sh is not a bash, bug #245647
+	sed -i -e "s:/bin/sh:${EPREFIX}/bin/sh:" src/Makefile || die "sed failed"
+	emake
+
+	if multilib_is_native_abi; then
+		if use contrib; then
+			emake -C contrib/organize \
+				LDFLAGS="\$(BOOST_LIBS) -L../../src -lexiv2 ${LDFLAGS}" \
+				CPPFLAGS="${CPPFLAGS} -I\$(BOOST_INC_DIR) -I. -DEXV_HAVE_STDINT_H"
+		fi
+
+		if use doc; then
+			emake samples
+			emake doc
+		fi
+	fi
+}
+
+multilib_src_install() {
+	autotools-utils_src_install
+
+	if multilib_is_native_abi; then
+		if use contrib; then
+			emake DESTDIR="${D}" -C contrib/organize install
+		fi
+
+		use doc && dohtml -r doc/html/.
+	fi
+}
+
+multilib_src_install_all() {
+	einstalldocs
+	prune_libtool_files --all
+
+	use xmp && dodoc doc/{COPYING-XMPSDK,README-XMP,cmdxmp.txt}
+	if use examples; then
+		insinto /usr/share/doc/${PF}/examples
+		docompress -x /usr/share/doc/${PF}/examples
+		doins samples/*.cpp
+	fi
+}
diff --git a/media-gfx/exiv2/files/exiv2-0.24-CVE-2014-9449.patch b/media-gfx/exiv2/files/exiv2-0.24-CVE-2014-9449.patch
new file mode 100644
index 000000000000..cf1b46fbf69c
--- /dev/null
+++ b/media-gfx/exiv2/files/exiv2-0.24-CVE-2014-9449.patch
@@ -0,0 +1,27 @@
+diff -up exiv2-0.24/src/riffvideo.cpp.CVE-2014-9449 exiv2-0.24/src/riffvideo.cpp
+--- exiv2-0.24/src/riffvideo.cpp.CVE-2014-9449	2013-12-01 06:13:42.000000000 -0600
++++ exiv2-0.24/src/riffvideo.cpp	2015-01-05 11:21:42.306728309 -0600
+@@ -856,7 +856,7 @@ namespace Exiv2 {
+ 
+     void RiffVideo::infoTagsHandler()
+     {
+-        const long bufMinSize = 100;
++        const long bufMinSize = 10000;
+         DataBuf buf(bufMinSize);
+         buf.pData_[4] = '\0';
+         io_->seek(-12, BasicIo::cur);
+@@ -879,10 +879,14 @@ namespace Exiv2 {
+             if(infoSize >= 0) {
+                 size -= infoSize;
+                 io_->read(buf.pData_, infoSize);
++                if(infoSize < 4)
++                    buf.pData_[infoSize] = '\0';
+             }
+ 
+             if(tv)
+                 xmpData_[exvGettext(tv->label_)] = buf.pData_;
++            else
++                continue;
+         }
+         io_->seek(cur_pos + size_external, BasicIo::beg);
+     } // RiffVideo::infoTagsHandler
author	Johannes Huber <johu@gentoo.org>	2015-01-20 21:40:26 +0000
committer	Johannes Huber <johu@gentoo.org>	2015-01-20 21:40:26 +0000
commit	46961b748e12f662627668e4b13737fe65d1cf8e (patch)
tree	30ad99675b32cc9a5fc6a7ca208a26d42f94488b /media-gfx/exiv2
parent	Revision bumps backports upstream patch to fix CVE-2013-7252, bug #496768. (diff)
download	gentoo-2-46961b748e12f662627668e4b13737fe65d1cf8e.tar.gz gentoo-2-46961b748e12f662627668e4b13737fe65d1cf8e.tar.bz2 gentoo-2-46961b748e12f662627668e4b13737fe65d1cf8e.zip