diff options
| author |   Peter Volkov <pva@gentoo.org> | 2009-04-05 20:08:08 +0000 |
|---|---|---|
| committer | Peter Volkov <pva@gentoo.org> | 2009-04-05 20:08:08 +0000 |
| commit | 8bd6e15741b11c16bde4730f288d0e8fd2017f6e (patch) | |
| tree | c3c44d3ad137f70d4cb91b8651768d5231081464 | |
| parent | disable automagic media-libs/lasi dep, create a new revision with lasi USE-fl... (diff) | |
| download | historical-8bd6e15741b11c16bde4730f288d0e8fd2017f6e.tar.gz historical-8bd6e15741b11c16bde4730f288d0e8fd2017f6e.tar.bz2 historical-8bd6e15741b11c16bde4730f288d0e8fd2017f6e.zip | |
Fixed multiple vulnerabilities, bug #264614, thank Robert Buchholz for report.
Package-Manager: portage-2.2_rc28/cvs/Linux i686
| -rw-r--r-- | app-text/ghostscript-gnu/ChangeLog | 10 | ||||
| -rw-r--r-- | app-text/ghostscript-gnu/Manifest | 4 | ||||
| -rw-r--r-- | app-text/ghostscript-gnu/files/ghostscript-gnu-8.62.0-CVE-misc.patch | 24 | ||||
| -rw-r--r-- | app-text/ghostscript-gnu/ghostscript-gnu-8.62.0-r1.ebuild | 94 |
4 files changed, 130 insertions, 2 deletions
diff --git a/app-text/ghostscript-gnu/ChangeLog b/app-text/ghostscript-gnu/ChangeLog index 061934eef8e6..3a106d81c2f7 100644 --- a/app-text/ghostscript-gnu/ChangeLog +++ b/app-text/ghostscript-gnu/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for app-text/ghostscript-gnu # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-text/ghostscript-gnu/ChangeLog,v 1.40 2009/03/20 15:29:11 ranger Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-text/ghostscript-gnu/ChangeLog,v 1.41 2009/04/05 20:08:06 pva Exp $ + +*ghostscript-gnu-8.62.0-r1 (05 Apr 2009) + + 05 Apr 2009; Peter Volkov <pva@gentoo.org> + +files/ghostscript-gnu-8.62.0-CVE-misc.patch, + +ghostscript-gnu-8.62.0-r1.ebuild: + Fixed multiple vulnerabilities, bug #264614, thank Robert Buchholz for + report. 20 Mar 2009; Brent Baude <ranger@gentoo.org> ghostscript-gnu-8.62.0.ebuild: diff --git a/app-text/ghostscript-gnu/Manifest b/app-text/ghostscript-gnu/Manifest index eeaa71638a75..172da753ed18 100644 --- a/app-text/ghostscript-gnu/Manifest +++ b/app-text/ghostscript-gnu/Manifest @@ -2,6 +2,7 @@ AUX ghostscript-8.60-CVE-2008-0411.diff 415 RMD160 a6f4911b6ca2078a59730eb7cc5c9 AUX ghostscript-CVE-2007-2721.patch 1670 RMD160 1085a62b8671976bb00cc100fe67d292ee1910f9 SHA1 7dd05d3b583087a406c8a44260da1005eb4bd9ea SHA256 a670d316af565be8342de52deb6e3e6fb5dbf5d429a94b2a0970ffa1f15db208 AUX ghostscript-esp-8.15.2-FAPIcidfmap.cjk 2902 RMD160 a248b8db74aefe41d548c3712dc6603975a09698 SHA1 8a63a7cbe94414343154594a709c886b3c0ab712 SHA256 3ec8e039c1cbb94043d2b79e7d3d84016595804f27d67bb251eba2c33611ccab AUX ghostscript-esp-8.15.2-cidfmap.cjk 2095 RMD160 8e1b461f58df3282768c20b988312ec37cf3bbdf SHA1 698a7b5c8958c49ea8e72ab131da1846a022ccd3 SHA256 1773c5e7f0f7088434d7a1cc8e27850225b57500cf9f8f2f6ea0f266daedaf5c +AUX ghostscript-gnu-8.62.0-CVE-misc.patch 857 RMD160 1a1a0123881a091aeb59db31c3f18bdd3aa260aa SHA1 5fbc1be3c94d4af2c14e41e4664c401c8ebf4380 SHA256 dbfbcb98ae4c9c13f87dcd12a9d30e1dc27ef79d2d566b7814c56e0aa01e9f8e AUX ghostscript-gnu-8.62.0-LDFLAGS-strip.patch 1832 RMD160 cbf89f57ab2a31bb96ad7ac3bacb8bf7bfe3c001 SHA1 d877f5b8707fb6e4427b49ebc2916adbe40f0ea8 SHA256 60aabd779d81d5a21dc433b6e7b1e57b21c9a6a02d342fe8d0f18288abbb6f7e DIST acro5-cmaps-2001.tar.gz 631653 RMD160 c723afc2207157a434988b46bcf0a458281c29a4 SHA1 fbc8715eae880f59e2251ae8fa99f79fbcfbd3e5 SHA256 80abec481fd4b5e59ac3d3f5790542dbfabe3c9269a6ac17064160d6dab38ee4 DIST adobe-cmaps-200406.tar.gz 5001983 RMD160 284b943b3476f6f7e2bc49842fd027c6f7f57552 SHA1 b846292af4541d907dd9041e397c2f1d8c72a056 SHA256 0f397255506cda4b20e362ab5e3f6cdacba09e0a0cca7f4d93afd980977c5689 @@ -9,6 +10,7 @@ DIST ghostscript-gnu-8.62.0-CVE-2009-0583.patch.bz2 5494 RMD160 18d764191de9fc64 DIST gnu-ghostscript-8.60.0.tar.bz2 8383504 RMD160 0c0c3d313712c27a0c84009fa4219d0841607fc5 SHA1 2684e78361c923d9d39a902f35194cdb064f75f8 SHA256 c61aa3e59927e6ae537b33eabc23527ce201234ad8d1a00d790e5e0f35ce1307 DIST gnu-ghostscript-8.62.0.tar.bz2 8473286 RMD160 4bed3ef1e0c87f9aae14ad00664cfc5560f58109 SHA1 fde8178beaef12ab2da31f0a403e9b5e158fb83b SHA256 e279ee07490abb9121d01f4c17ae5d954ab06b63f8d4782e1dacb7df33acfb7d EBUILD ghostscript-gnu-8.60.0-r2.ebuild 2722 RMD160 93d3efd4cba616e4eb44dc994d93a8802f8237da SHA1 56c60e4cebfe81f72db4c8b1ccf2668f22a237f4 SHA256 1d97f4c5052884e59e91463ee38e51bed30b3b6be90898ea991647caf6598127 +EBUILD ghostscript-gnu-8.62.0-r1.ebuild 2720 RMD160 1d62e3f12873122ac688ba9365c1c7107422c088 SHA1 ff166136f3b686700e53986d39008ffd3f318e0a SHA256 adaf1dc52441173e678bfa6cd1768710e9aa142020f0034969fdb21722ac5ec7 EBUILD ghostscript-gnu-8.62.0.ebuild 2669 RMD160 c2002ea58fb06f21e07f9790de624d30468df1f1 SHA1 71d46553fcb854282add0b347ed0406165e8a19f SHA256 9e77bd0c021f407a20f1faa84060e64f13dbc74b501ce7f48f16c23f2ff1e0a1 -MISC ChangeLog 7072 RMD160 130471b82447cdfc51d2a6056b191ed6b97b0776 SHA1 190399396f94dd318e762027daba91b45d3b8edc SHA256 3a5d06815415a3c19e9d44041d8a15f07f699da5470a78155db47589af81707c +MISC ChangeLog 7325 RMD160 e2be0163ef3bec4949a2c492e0092e2d545a583f SHA1 be5098f297895a3c1c49ace7183516688539f7af SHA256 98c7d84eecfed68233c7b2a75821c521ae5fbd71cfbf5598651c8941d5cdfae6 MISC metadata.xml 161 RMD160 1e5b1e42553c8869b93c4a5448e9a2a2ed9fe525 SHA1 209c6a46e4cdd891980115e42ba419e3799f8088 SHA256 7c85e6739a71f5bb23e8de36c88677d772946e61f7285892f7554e37bd2bca76 diff --git a/app-text/ghostscript-gnu/files/ghostscript-gnu-8.62.0-CVE-misc.patch b/app-text/ghostscript-gnu/files/ghostscript-gnu-8.62.0-CVE-misc.patch new file mode 100644 index 000000000000..d58ae9c85806 --- /dev/null +++ b/app-text/ghostscript-gnu/files/ghostscript-gnu-8.62.0-CVE-misc.patch @@ -0,0 +1,24 @@ +https://bugs.gentoo.org/show_bug.cgi?id=264614 + +--- src/scfd.c 2008/07/28 22:23:04 8895 ++++ src/scfd.c 2008/07/29 04:44:05 8896 +@@ -161,7 +161,7 @@ + /* makeup codes efficiently, since these are always a multiple of 64. */ + #define invert_data(rlen, black_byte, makeup_action, d)\ + if ( rlen > qbit )\ +- { *q++ ^= (1 << qbit) - 1;\ ++ { if (q >= ss->lbuf) *q++ ^= (1 << qbit) - 1; else q++;\ + rlen -= qbit;\ + switch ( rlen >> 3 )\ + {\ +--- src/gdevpdtb.c 2009-04-05 23:45:35.000000000 +0400 ++++ src/gdevpdtb.c 2009-04-05 23:45:46.000000000 +0400 +@@ -137,7 +137,7 @@ + &st_pdf_base_font, "pdf_base_font_alloc"); + const gs_font_name *pfname = &font->font_name; + gs_const_string font_name; +- char fnbuf[3 + sizeof(long) / 3 + 1]; /* .F#######\0 */ ++ char fnbuf[2*sizeof(long) + 3]; /* .F########\0 */ + int code; + + if (pbfont == 0) diff --git a/app-text/ghostscript-gnu/ghostscript-gnu-8.62.0-r1.ebuild b/app-text/ghostscript-gnu/ghostscript-gnu-8.62.0-r1.ebuild new file mode 100644 index 000000000000..31403bf0c49c --- /dev/null +++ b/app-text/ghostscript-gnu/ghostscript-gnu-8.62.0-r1.ebuild @@ -0,0 +1,94 @@ +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-text/ghostscript-gnu/ghostscript-gnu-8.62.0-r1.ebuild,v 1.1 2009/04/05 20:08:06 pva Exp $ + +inherit eutils versionator flag-o-matic + +DESCRIPTION="GNU Ghostscript - patched GPL Ghostscript" +HOMEPAGE="http://www.gnu.org/software/ghostscript/" + +MY_P=gnu-ghostscript-${PV} +PVM=$(get_version_component_range 1-2) +SRC_URI="cjk? ( ftp://ftp.gyve.org/pub/gs-cjk/adobe-cmaps-200406.tar.gz + ftp://ftp.gyve.org/pub/gs-cjk/acro5-cmaps-2001.tar.gz ) + mirror://gnu/ghostscript/${MY_P}.tar.bz2 + mirror://gentoo/ghostscript-gnu-8.62.0-CVE-2009-0583.patch.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" +IUSE="X cups cjk gtk jpeg2k" + +DEP=" + >=media-libs/jpeg-6b + >=media-libs/libpng-1.2.5 + >=sys-libs/zlib-1.1.4 + >=media-libs/tiff-3.7 + X? ( x11-libs/libXt x11-libs/libXext ) + gtk? ( >=x11-libs/gtk+-2.0 ) + cups? ( >=net-print/cups-1.1.20 ) + !app-text/ghostscript-esp + !app-text/ghostscript-gpl" + +RDEPEND="${DEP} + cjk? ( media-fonts/arphicfonts + media-fonts/kochi-substitute + media-fonts/baekmuk-fonts ) + media-fonts/gnu-gs-fonts-std" + +DEPEND="${DEP} + gtk? ( dev-util/pkgconfig )" + +S=${WORKDIR}/${MY_P} + +src_unpack() { + unpack ${A/adobe-cmaps-200406.tar.gz acro5-cmaps-2001.tar.gz} + if use cjk; then + cat "${FILESDIR}"/ghostscript-esp-8.15.2-cidfmap.cjk >> "${S}"/lib/cidfmap + cat "${FILESDIR}"/ghostscript-esp-8.15.2-FAPIcidfmap.cjk >> "${S}"/lib/FAPIcidfmap + cd "${S}"/Resource + unpack adobe-cmaps-200406.tar.gz + unpack acro5-cmaps-2001.tar.gz + fi + + cd "${S}" + + # search path fix + sed -i -e "s:\$\(gsdatadir\)/lib:/usr/share/ghostscript/${PVM}/$(get_libdir):" \ + -e 's:$(gsdir)/fonts:/usr/share/fonts/default/ghostscript/:' \ + -e "s:exdir=.*:exdir=/usr/share/doc/${PF}/examples:" \ + -e "s:docdir=.*:docdir=/usr/share/doc/${PF}/html:" \ + -e "s:GS_DOCDIR=.*:GS_DOCDIR=/usr/share/doc/${PF}/html:" \ + Makefile.in src/*.mak || die "sed failed" + + epatch "${WORKDIR}/${P}-CVE-2009-0583.patch" #261087 + epatch "${FILESDIR}/${P}-LDFLAGS-strip.patch" + epatch "${FILESDIR}/${P}-CVE-misc.patch" #264614 +} + +src_compile() { + econf $(use_with X x) \ + $(use_with jpeg2k jasper) \ + $(use_enable cups) \ + $(use_enable gtk) \ + --with-ijs \ + --with-jbig2dec \ + --disable-compile-inits \ + --enable-dynamic + + emake -j1 so all || die "emake failed" + + cd ijs || die + econf + emake || die "ijs emake failed" +} + +src_install() { + emake DESTDIR="${D}" install-so install || die "emake install failed" + + rm -fr "${D}"/usr/share/doc/${PF}/html/{README,PUBLIC} + dodoc doc/README + + cd "${S}"/ijs + emake DESTDIR="${D}" install || die "emake ijs install failed" +} |