diff options
| author |   Sebastian Pipping <sping@gentoo.org> | 2017-11-21 20:56:03 +0100 |
|---|---|---|
| committer | Sebastian Pipping <sping@gentoo.org> | 2017-11-21 20:57:53 +0100 |
| commit | f6e0b2dea97f6b8f437b32c0602d654dac8fb64c (patch) | |
| tree | 26cdbe21f91e5e378d5dc2a101518371d103f927 /media-gfx/optipng | |
| parent | app-emacs/lua-mode: Regenerate Manifest. (diff) | |
| download | gentoo-f6e0b2dea97f6b8f437b32c0602d654dac8fb64c.tar.gz gentoo-f6e0b2dea97f6b8f437b32c0602d654dac8fb64c.tar.bz2 gentoo-f6e0b2dea97f6b8f437b32c0602d654dac8fb64c.zip | |
media-gfx/optipng: CVE-2017-1000229
Package-Manager: Portage-2.3.10, Repoman-2.3.3
Diffstat (limited to 'media-gfx/optipng')
| -rw-r--r-- | media-gfx/optipng/files/optipng-0.7.6-cve-2017-1000229.patch | 25 | ||||
| -rw-r--r-- | media-gfx/optipng/optipng-0.7.6-r1.ebuild | 56 |
2 files changed, 81 insertions, 0 deletions
diff --git a/media-gfx/optipng/files/optipng-0.7.6-cve-2017-1000229.patch b/media-gfx/optipng/files/optipng-0.7.6-cve-2017-1000229.patch new file mode 100644 index 000000000000..19dc3ad0c57b --- /dev/null +++ b/media-gfx/optipng/files/optipng-0.7.6-cve-2017-1000229.patch @@ -0,0 +1,25 @@ +From 77ac8e9fd9b2c1aeec3951e2bb50f7cc2c1e92d2 Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping <sebastian@pipping.org> +Date: Sun, 19 Nov 2017 16:04:26 +0100 +Subject: [PATCH] Prevent integer overflow (bug #65, CVE-2017-1000229) + +--- + src/minitiff/tiffread.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/minitiff/tiffread.c b/src/minitiff/tiffread.c +index b4910ec..5f9b376 100644 +--- a/src/minitiff/tiffread.c ++++ b/src/minitiff/tiffread.c +@@ -350,6 +350,8 @@ minitiff_read_info(struct minitiff_info *tiff_ptr, FILE *fp) + count = tiff_ptr->strip_offsets_count; + if (count == 0 || count > tiff_ptr->height) + goto err_invalid; ++ if (count > (size_t)-1 / sizeof(long)) ++ goto err_memory; + tiff_ptr->strip_offsets = (long *)malloc(count * sizeof(long)); + if (tiff_ptr->strip_offsets == NULL) + goto err_memory; +-- +2.14.2 + diff --git a/media-gfx/optipng/optipng-0.7.6-r1.ebuild b/media-gfx/optipng/optipng-0.7.6-r1.ebuild new file mode 100644 index 000000000000..becde449ea44 --- /dev/null +++ b/media-gfx/optipng/optipng-0.7.6-r1.ebuild @@ -0,0 +1,56 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=4 + +inherit eutils toolchain-funcs + +DESCRIPTION="Compress PNG files without affecting image quality" +HOMEPAGE="http://optipng.sourceforge.net/" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" + +LICENSE="ZLIB" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos ~x86-solaris" +IUSE="" + +RDEPEND="sys-libs/zlib + media-libs/libpng:0" +DEPEND="${RDEPEND} + sys-apps/findutils" + +src_prepare() { + epatch "${FILESDIR}"/${PN}-0.7.5-estonian.patch + epatch "${FILESDIR}"/${PN}-0.7.6-cve-2017-1000229.patch # bug 637936 + + rm -R src/{libpng,zlib} || die + find . -type d -name build -exec rm -R {} + || die + + # next release is almost a complete rewrite, so plug this compilation + # problem in anticipation of the much (c)leaner(?) rewrite + sed -i \ + -e 's/^#ifdef AT_FDCWD/#if defined(AT_FDCWD) \&\& !(defined (__SVR4) \&\& defined (__sun))/' \ + src/optipng/osys.c || die + + tc-export CC AR RANLIB + export LD=$(tc-getCC) +} + +src_configure() { + ./configure \ + -with-system-libpng \ + -with-system-zlib \ + || die "configure failed" +} + +src_compile() { + emake -C src/optipng +} + +src_install() { + dodoc README.txt doc/*.txt + dohtml doc/*.html + doman src/${PN}/man/${PN}.1 + + dobin src/${PN}/${PN} +} |