Revision bump adds patch from fedora to fix CVE-2014-9449, bug #534608. Thanks to Pacho Ramos <pacho@gentoo.org> for spotting the patch.

Package-Manager: portage-2.2.15/cvs/Linux x86_64 Manifest-Sign-Key: 0xF3CFD2BD
author: Johannes Huber <johu@gentoo.org> 2015-01-20 21:40:33 +0000
committer: Johannes Huber <johu@gentoo.org> 2015-01-20 21:40:33 +0000
commit: a29b7b2e86fbb3ebb40a3840c263faa1e820c935 (patch)
tree: dc4a8c8be1083b0bf741f1764e4ae2eee71f0b3e /media-gfx/exiv2
parent: Revision bumps backports upstream patch to fix CVE-2013-7252, bug #496768. (diff)
download: historical-a29b7b2e86fbb3ebb40a3840c263faa1e820c935.tar.gz
historical-a29b7b2e86fbb3ebb40a3840c263faa1e820c935.tar.bz2
historical-a29b7b2e86fbb3ebb40a3840c263faa1e820c935.zip
4 files changed, 188 insertions, 6 deletions
diff --git a/media-gfx/exiv2/ChangeLog b/media-gfx/exiv2/ChangeLog
index 3cdde7e0fe65..57bc68737628 100644
--- a/media-gfx/exiv2/ChangeLog
+++ b/media-gfx/exiv2/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for media-gfx/exiv2
-# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-gfx/exiv2/ChangeLog,v 1.129 2014/12/20 16:50:27 maekke Exp $
+# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/media-gfx/exiv2/ChangeLog,v 1.130 2015/01/20 21:40:26 johu Exp $
+
+*exiv2-0.24-r1 (20 Jan 2015)
+
+  20 Jan 2015; Johannes Huber <johu@gentoo.org> +exiv2-0.24-r1.ebuild,
+  +files/exiv2-0.24-CVE-2014-9449.patch:
+  Revision bump adds patch from fedora to fix CVE-2014-9449, bug #534608. Thanks
+  to Pacho Ramos <pacho@gentoo.org> for spotting the patch.
 
   20 Dec 2014; Markus Meier <maekke@gentoo.org> exiv2-0.24.ebuild:
   arm stable, bug #526042
diff --git a/media-gfx/exiv2/Manifest b/media-gfx/exiv2/Manifest
index 295758ce0d8b..518563591bd2 100644
--- a/media-gfx/exiv2/Manifest
+++ b/media-gfx/exiv2/Manifest
@@ -2,18 +2,30 @@
 Hash: SHA256
 
 AUX exiv2-0.23-boost-fs-contrib.patch 9558 SHA256 1734a14392e6706305582b9099a9ff781e3327fb86d4d0ed6c0cb6fe60b38f85 SHA512 3abc6ae75940de6960afcfeb382754ab9f48cd4e311cdd2e00c644774c1141d2bc9ff191e145f7d37362e3364446a32f4fdcc142f0e80ff5bf8880ed18c5af26 WHIRLPOOL 7164392d53fa5d18671269cf0c6c69813527ab046c19cfba2a1a97e0430ac617f1330f1d75e197e48a84d1fcb10942b79252a96e417bd1dd61cdc9fbf04cc1d3
+AUX exiv2-0.24-CVE-2014-9449.patch 996 SHA256 3f51b8c92dbc61e0058ba4ce3e5bd613dc0aed6c7f145bb3c163cd43981aaa8c SHA512 e5ce775e1760508841ebcedd482e47eaaf82b3f18dfa774e579ce544d25ba990f476ed2fa351724a08c76d4e93f1278a56903eba5f2fec012831524108e7b5a4 WHIRLPOOL 6b87446cc01c9bd2da5bbf360c42f81606b962710245ee31bc1dc278ee67613c6ace1cba2237866216e6d44d479254d60f575ccd62e835caa2ee24e7f3ece28a
 AUX exiv2-0.24-python3.patch 939 SHA256 ea015f41c4d3a096cd97b9f0a3e1d8507a3d5e57faac5f2adbc993a577393489 SHA512 73ad4d44d61f428cc6bad8558848d15fe6d231a1e84dfecd6ecb634d191d8cd8e3a778d53376cc0896dc9014fc95726e8a3c1ba5f63e505167750b6a24aaa99b WHIRLPOOL c491dcd981e7940bab66830fee8676d9af8bff5905227de913c1f11d4e210fb6e1ab0d054ce9c4eacff4fe1b361f4e2b4e6d5accd1953bd0ecc967be477f9e1c
 DIST exiv2-0.23.tar.gz 3524381 SHA256 81fa50900be7ab16e24c6551252c21fc97abcfe855fd32c8f7ec55f398786b11 SHA512 5719a9129f0c991c2966fc9bb65021d501ff7ac193f0b1eaabed9044e7dcc331cb41a149a989fc20417ea07ee20e35a8c91e0063a81b9e2d6c3fae033fdaf39a WHIRLPOOL c80e8f7cc988a5aed117cb8d545dd126e1a9f188efc3c364debf2601d49e0d166709c2ab0f7d8dedc439621fc4766bce731ceb9deb0fde35ecae563bd424cde9
 DIST exiv2-0.24.tar.gz 4635028 SHA256 f4a443e6c7fb9d9f5e787732f76969a64c72c4c04af69b10ed57f949c2dfef8e SHA512 e2d5d076c09a36d88472485c9d9d99b5a50aea1ab59b1e5c9301b1ce9fe2b2af02acae2662c9ff56b4c749a224688387ba58334d31b74f04f3d2d3d3c0e387e9 WHIRLPOOL b5b7eb544975d8e14739b39fc294279b58369944172684c0f881348ebf47ef0f9ccd18e8bc41113d9da3a72f8d6c048641f547a7071a7ca6d93d1d30ea2d7aed
 EBUILD exiv2-0.23-r1.ebuild 2971 SHA256 54408b5d3ead00b89fdb2d35a1e64ed23b3c7a0027c2b288cb9b62f828b98792 SHA512 6ae58afa22b3d8dde7d8e0b94393e31fd054825dc80c288baf44e30fa8d4ae1bd44bf697934d79ec2ec544f0ec527301d7acd1b2fac20d8562d33a0c24561a7b WHIRLPOOL 49a2083b8e8926e70714ac291983b1adfb48196bc76087e427c13b7f093440378cb07682d9fac19159b089baaabd5893a8e21a5dad6deae29473962ad9a6d197
 EBUILD exiv2-0.23-r2.ebuild 3234 SHA256 7113c6ca0bfe85aa523eadd7eb615ac26189dea8a91028275c6b714259c81a6b SHA512 20b0affcf7e50683289706a8820c9c7dc1484b6e4f574b06ea256a21a549b93ed8b5c6575d92095c3b68b8177437a030f030344233f1c347ba6f9dab90a88098 WHIRLPOOL 75618fca6c031a15e210b45f411995b2ba33a7548fa74451d22275694a52bf71a965ab2cfff7c1f8e671894565556efa8f9bd2dfc174768e63e0d30c27602987
+EBUILD exiv2-0.24-r1.ebuild 3532 SHA256 03fe45583c20adaa199fe7111f4a4e83c94974e9611433f36a67e1d703a34009 SHA512 aa7ab6b091b46be3f66eae79831eecfb03628e6af8a7b43b37ad396272c2d386becc2548cc1cc9d8876e04c38ae60c36d3e5879a1fbebb804e5cc1de0ae64abc WHIRLPOOL e30deb51f1db1e9169d093a7b180c9209740bffe40138e17126fd5fd2205b74708a788cf1d3c6850177c15a5c1932360bbb9df1f09114768266dde60b0323731
 EBUILD exiv2-0.24.ebuild 3476 SHA256 187bf01a9a519a27427508ef94278a61a681288d67b4f50d54f25d1e5a172447 SHA512 afe3e16eada5dcec2403e382b7bd7beed7a95dc9946a7a1374fcab3ed4376da39ac9df160b8ef11bc23e3a9c493edc18ff5565347bcd32eb40b44ef45efc7f3f WHIRLPOOL e29aa38908e497aa872ade6176ef56240297503ed3e00c8fc3fd35c4bbf6d9c2509bb259e1bc678c813575c0dd9599ef4ced4c88cfe64027ced66948b25f5855
-MISC ChangeLog 16673 SHA256 bc68ac84d21c562183af40c9d174915d8af8bad4c5044551dbebbb1ed9e2fbe3 SHA512 d0255673d2e2c6c135a50abcc4d2f3df7ed292cb9114ff85bca92d2838b5792e38cf3a45fc4631e3b3ea399b0616fad970efa78f0d3145302e0f02f30d8fea8f WHIRLPOOL 94e58561c2c81d3cc5a55fa6fdfb54090d9756a9d30a1199f882414a065ddfbb038c830b3a2232cf29bf861a357b5038b733c294b58bbbf49ed43c2e89848a99
+MISC ChangeLog 16955 SHA256 a7a2057a863e4e360fb2e288b6ec8ec5dc06425d2be70cf538d838bbb6347639 SHA512 cbbe5bc16da6d4a645ae001fa535f447cdb967221edd25111830adf6f25a7824e4a9b637064af8f44f059b5988273bde26be846df1011cf4061635081ce9392e WHIRLPOOL ded809f46d2ac2a8096301174938e84537644d255f68ee7a9e8382e6040aac5e1b41c468fc5d8b06364f76f038a2efe8d52657bcceaa881e92c0f19b18e1391c
 MISC metadata.xml 419 SHA256 b23b53944ad27145ff517ae6e120a7788b6417358e340aaba5322897b697c810 SHA512 020bb5dd8b13580d300d7931e0d3acc9ef3d43881e06a3548dd887c05a4867493b9ee20464327d007841a5d793576008c464fed384d9dbe25a4ae6be0ccaf073 WHIRLPOOL 46b25df6e357034b8ddbe150cbd9c2da15f65866c4b8ce360d88941be536e39cde8c6189f7c18355dc15ef782ff96d3c7a387d92f28c01137d48aeb90509ae51
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
-iEYEAREIAAYFAlSVqNQACgkQkKaRLQcq0GKWagCfRlJWEBbIanVwukcEj6jcw8pU
-JJQAmwV35bRfn9hAINrikQ4wS1imMz+A
-=G74G
+iQIcBAEBCAAGBQJUvstOAAoJEGVpnaTzz9K96NIQAMcjrp37OymfdtyHrZ6tXOjv
+jWh/BLQm6OXBdOENG9EOdBacFihk+oXhf5XevNOLGABrn/2Ynes/WHjcNpgUsbq7
+q7MBTfrfqmEXe2iBk/1t1mlL0s1YVKBEIbP+iQg+Gvv9LF3+IasnBrPfFetcLAkQ
+n51qPxyAYE0yKjpomVIhhc233x8C8vK4biW1U63sXA3/qxsrxvZPdrjg4U6N6++g
+IBZHHOfPi3MiMN6+MlO+q7gVc2//Z1nuBichJ8f/VKcXrI3AOPYpyWYfafp+klFT
+U3p7sHe7w5qKjSP1rc0TaH6ZaoE5BLJ5C+A6AHBTi14t0d9tJ2wEFjUj5jP0bju0
+f0huU3E41O90E4Rq/eSqOhfOyG8yN4PE/LT9kPfc2Nd0SkKx7edoRBpV+RcuqIhW
+XClPILCNJDD4xln8K8wTRIPY2woUh2ihNLvCTS3URhXN8OitRFfF73Deu6/PH15C
+ctk6hxAwsnBMm6Rwa5EpefN+Ek6yyQHp9wJtDDYlYv0lHYBdxnlK0cgngS3Ydcrk
+HG9J+V4vDf1ARCUYCSA65r5c5TL+ol5QdICtkGxWQqS9BgBDt6CrTJM5E/fsJmq2
+GZw1eqkTbfMR74Unp82Cg//u3oJC9hwvsWRk3VIY/HIivCsc57zQS7TzkEhr3F43
+LCpHy7cMUOCQ6pw3nfuD
+=Rx7d
 -----END PGP SIGNATURE-----
diff --git a/media-gfx/exiv2/exiv2-0.24-r1.ebuild b/media-gfx/exiv2/exiv2-0.24-r1.ebuild
new file mode 100644
index 000000000000..5e50ec0ab1c1
--- /dev/null
+++ b/media-gfx/exiv2/exiv2-0.24-r1.ebuild
@@ -0,0 +1,136 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/media-gfx/exiv2/exiv2-0.24-r1.ebuild,v 1.1 2015/01/20 21:40:26 johu Exp $
+
+EAPI=5
+AUTOTOOLS_IN_SOURCE_BUILD=1
+PYTHON_COMPAT=( python{2_7,3_3,3_4} )
+
+inherit eutils multilib toolchain-funcs python-any-r1 autotools-multilib
+
+DESCRIPTION="EXIF and IPTC metadata C++ library and command line utility"
+HOMEPAGE="http://www.exiv2.org/"
+SRC_URI="http://www.exiv2.org/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0/13"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~x86-linux ~x64-solaris ~x86-solaris"
+IUSE_LINGUAS="de es fi fr pl ru sk"
+IUSE="contrib doc examples nls xmp zlib static-libs $(printf 'linguas_%s ' ${IUSE_LINGUAS})"
+
+RDEPEND="
+	>=virtual/libiconv-0-r1[${MULTILIB_USEDEP}]
+	nls? ( >=virtual/libintl-0-r1[${MULTILIB_USEDEP}] )
+	xmp? ( >=dev-libs/expat-2.1.0-r3[${MULTILIB_USEDEP}] )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
+"
+
+DEPEND="${RDEPEND}
+	contrib? ( >=dev-libs/boost-1.44 )
+	doc? (
+		app-doc/doxygen
+		dev-libs/libxslt
+		virtual/pkgconfig
+		media-gfx/graphviz
+		${PYTHON_DEPS}
+	)
+	nls? ( sys-devel/gettext )
+"
+
+DOCS=( README doc/ChangeLog doc/cmd.txt )
+
+PATCHES=( "${FILESDIR}/${P}-CVE-2014-9449.patch" )
+
+pkg_setup() {
+	use doc && python-any-r1_pkg_setup
+}
+
+src_prepare() {
+	# convert docs to UTF-8
+	local i
+	for i in doc/cmd.txt; do
+		einfo "Converting "${i}" to UTF-8"
+		iconv -f LATIN1 -t UTF-8 "${i}" > "${i}~" && mv -f "${i}~" "${i}" || rm -f "${i}~"
+	done
+
+	if use doc; then
+		einfo "Updating doxygen config"
+		doxygen 2>&1 >/dev/null -u config/Doxyfile
+	fi
+
+	if use contrib; then
+		# create build environment for contrib
+		ln -snf ../../src contrib/organize/exiv2
+		sed -i -e 's:/usr/local/include/.*:'"${EPREFIX}"'/usr/include:g' \
+			-e 's:/usr/local/lib/lib:-l:g' -e 's:-gcc..-mt-._..\.a::g' \
+			contrib/organize/boost.mk || die
+	fi
+
+	epatch "${FILESDIR}/${PN}-0.24-python3.patch"
+
+	# set locale to safe value for the sed commands (bug #382731)
+	sed -i -r "s,(\s+)sed\s,\1LC_ALL="C" sed ,g" src/Makefile || die
+
+	autotools-multilib_src_prepare
+}
+
+multilib_src_configure() {
+	local myeconfargs=(
+		$(use_enable nls)
+		$(use_enable xmp)
+		$(use_enable static-libs static)
+	)
+
+	# plain 'use_with' fails
+	use zlib || myeconfargs+=( --without-zlib )
+
+	# Bug #78720. amd64/gcc-3.4/-fvisibility* fail.
+	if [[ ${ABI} == amd64 && $(gcc-major-version) -lt 4 ]]; then
+		myeconfargs+=( --disable-visibility )
+	fi
+
+	autotools-utils_src_configure
+}
+
+multilib_src_compile() {
+	# Needed for Solaris because /bin/sh is not a bash, bug #245647
+	sed -i -e "s:/bin/sh:${EPREFIX}/bin/sh:" src/Makefile || die "sed failed"
+	emake
+
+	if multilib_is_native_abi; then
+		if use contrib; then
+			emake -C contrib/organize \
+				LDFLAGS="\$(BOOST_LIBS) -L../../src -lexiv2 ${LDFLAGS}" \
+				CPPFLAGS="${CPPFLAGS} -I\$(BOOST_INC_DIR) -I. -DEXV_HAVE_STDINT_H"
+		fi
+
+		if use doc; then
+			emake samples
+			emake doc
+		fi
+	fi
+}
+
+multilib_src_install() {
+	autotools-utils_src_install
+
+	if multilib_is_native_abi; then
+		if use contrib; then
+			emake DESTDIR="${D}" -C contrib/organize install
+		fi
+
+		use doc && dohtml -r doc/html/.
+	fi
+}
+
+multilib_src_install_all() {
+	einstalldocs
+	prune_libtool_files --all
+
+	use xmp && dodoc doc/{COPYING-XMPSDK,README-XMP,cmdxmp.txt}
+	if use examples; then
+		insinto /usr/share/doc/${PF}/examples
+		docompress -x /usr/share/doc/${PF}/examples
+		doins samples/*.cpp
+	fi
+}
diff --git a/media-gfx/exiv2/files/exiv2-0.24-CVE-2014-9449.patch b/media-gfx/exiv2/files/exiv2-0.24-CVE-2014-9449.patch
new file mode 100644
index 000000000000..cf1b46fbf69c
--- /dev/null
+++ b/media-gfx/exiv2/files/exiv2-0.24-CVE-2014-9449.patch
@@ -0,0 +1,27 @@
+diff -up exiv2-0.24/src/riffvideo.cpp.CVE-2014-9449 exiv2-0.24/src/riffvideo.cpp
+--- exiv2-0.24/src/riffvideo.cpp.CVE-2014-9449	2013-12-01 06:13:42.000000000 -0600
++++ exiv2-0.24/src/riffvideo.cpp	2015-01-05 11:21:42.306728309 -0600
+@@ -856,7 +856,7 @@ namespace Exiv2 {
+ 
+     void RiffVideo::infoTagsHandler()
+     {
+-        const long bufMinSize = 100;
++        const long bufMinSize = 10000;
+         DataBuf buf(bufMinSize);
+         buf.pData_[4] = '\0';
+         io_->seek(-12, BasicIo::cur);
+@@ -879,10 +879,14 @@ namespace Exiv2 {
+             if(infoSize >= 0) {
+                 size -= infoSize;
+                 io_->read(buf.pData_, infoSize);
++                if(infoSize < 4)
++                    buf.pData_[infoSize] = '\0';
+             }
+ 
+             if(tv)
+                 xmpData_[exvGettext(tv->label_)] = buf.pData_;
++            else
++                continue;
+         }
+         io_->seek(cur_pos + size_external, BasicIo::beg);
+     } // RiffVideo::infoTagsHandler
author	Johannes Huber <johu@gentoo.org>	2015-01-20 21:40:33 +0000
committer	Johannes Huber <johu@gentoo.org>	2015-01-20 21:40:33 +0000
commit	a29b7b2e86fbb3ebb40a3840c263faa1e820c935 (patch)
tree	dc4a8c8be1083b0bf741f1764e4ae2eee71f0b3e /media-gfx/exiv2
parent	Revision bumps backports upstream patch to fix CVE-2013-7252, bug #496768. (diff)
download	historical-a29b7b2e86fbb3ebb40a3840c263faa1e820c935.tar.gz historical-a29b7b2e86fbb3ebb40a3840c263faa1e820c935.tar.bz2 historical-a29b7b2e86fbb3ebb40a3840c263faa1e820c935.zip