Revbump adding the patch to fix CVE-2007-2721, see bug #196860.

Package-Manager: portage-2.1.3.19

5 files changed, 173 insertions, 5 deletions

diff --git a/app-text/ghostscript-gnu/ChangeLog b/app-text/ghostscript-gnu/ChangeLog
index d7949d77c8d6..5ddbf870e87f 100644
--- a/app-text/ghostscript-gnu/ChangeLog
+++ b/app-text/ghostscript-gnu/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for app-text/ghostscript-gnu
 # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-text/ghostscript-gnu/ChangeLog,v 1.33 2007/10/21 18:26:36 genstef Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-text/ghostscript-gnu/ChangeLog,v 1.34 2007/11/13 23:27:40 tgurr Exp $
+
+*ghostscript-gnu-8.60.0-r1 (13 Nov 2007)
+
+  13 Nov 2007; Timo Gurr <tgurr@gentoo.org>
+  +files/ghostscript-CVE-2007-2721.patch, +ghostscript-gnu-8.60.0-r1.ebuild:
+  Revbump adding the patch to fix CVE-2007-2721, see bug #196860.
 
 *ghostscript-gnu-8.60.0 (21 Oct 2007)
 
diff --git a/app-text/ghostscript-gnu/Manifest b/app-text/ghostscript-gnu/Manifest
index 615972761b82..504948087312 100644
--- a/app-text/ghostscript-gnu/Manifest
+++ b/app-text/ghostscript-gnu/Manifest
@@ -2,6 +2,10 @@ AUX gdevcups.patch 14468 RMD160 957e089ff3c85bec4412fa876570503eeedab167 SHA1 23
 MD5 8b3c391af1131b4fce97bef3659e57d3 files/gdevcups.patch 14468
 RMD160 957e089ff3c85bec4412fa876570503eeedab167 files/gdevcups.patch 14468
 SHA256 6759754addb447874b682f99058e3f620819814ae51ca24b97c2d70452f98869 files/gdevcups.patch 14468
+AUX ghostscript-CVE-2007-2721.patch 1697 RMD160 a419cc2e15a7e66d9931a795de5cbf024e9e775c SHA1 53eb5999ce28a9e3cbac50d24ac0bd1eee2380cc SHA256 86db9b8733ae21b2c764f8cb51c7aae11c0f8b496162b67e3093462fb66199a6
+MD5 7b0067973b82a40c4f06cc22b4c9f854 files/ghostscript-CVE-2007-2721.patch 1697
+RMD160 a419cc2e15a7e66d9931a795de5cbf024e9e775c files/ghostscript-CVE-2007-2721.patch 1697
+SHA256 86db9b8733ae21b2c764f8cb51c7aae11c0f8b496162b67e3093462fb66199a6 files/ghostscript-CVE-2007-2721.patch 1697
 AUX ghostscript-afpl-8.54-cups-destdir.diff 699 RMD160 290c2f81a51d1656f0f0907fb061170595938964 SHA1 8b5327ed8b7726cd103a13094a6aac9907fc226f SHA256 d739789264b0051a52764e68af298cd5da0edaa8e65fb909f022b0fc44fc5f56
 MD5 c75892c93d1df123f1a1c84fed8df9c6 files/ghostscript-afpl-8.54-cups-destdir.diff 699
 RMD160 290c2f81a51d1656f0f0907fb061170595938964 files/ghostscript-afpl-8.54-cups-destdir.diff 699
@@ -23,14 +27,18 @@ EBUILD ghostscript-gnu-8.55.ebuild 3587 RMD160 23799499e900ae0d93b88586113ab22be
 MD5 f71f0827e80f85f4d50968ff732d9f71 ghostscript-gnu-8.55.ebuild 3587
 RMD160 23799499e900ae0d93b88586113ab22befeb1b8f ghostscript-gnu-8.55.ebuild 3587
 SHA256 bd280a19729b27b297068a3b25db0aac7cf622ac1a1385645c4508cc895bc508 ghostscript-gnu-8.55.ebuild 3587
+EBUILD ghostscript-gnu-8.60.0-r1.ebuild 2678 RMD160 b690e9016513f0508257473e0337c3b1289ec6db SHA1 ac1bbae6530baf875788fcb3898972b95bf155f2 SHA256 7c9a8c03ba75596bc9b1fab0a5d7b3bffe9c7e26a4b499577de48192500bad13
+MD5 1199b6326839cce067b455ddf9498eac ghostscript-gnu-8.60.0-r1.ebuild 2678
+RMD160 b690e9016513f0508257473e0337c3b1289ec6db ghostscript-gnu-8.60.0-r1.ebuild 2678
+SHA256 7c9a8c03ba75596bc9b1fab0a5d7b3bffe9c7e26a4b499577de48192500bad13 ghostscript-gnu-8.60.0-r1.ebuild 2678
 EBUILD ghostscript-gnu-8.60.0.ebuild 2655 RMD160 66921adc627e98cec6187d6a8faea9d929d4e26b SHA1 06f31555a9ea99cc4e86de0a366d76675797cba7 SHA256 1fde5a798fec9b809f3ba6b963cb38b75d0ca61c07d6ce0b35e825be69a8dc1a
 MD5 8a62ba4c63033e5b65d1a634461733ac ghostscript-gnu-8.60.0.ebuild 2655
 RMD160 66921adc627e98cec6187d6a8faea9d929d4e26b ghostscript-gnu-8.60.0.ebuild 2655
 SHA256 1fde5a798fec9b809f3ba6b963cb38b75d0ca61c07d6ce0b35e825be69a8dc1a ghostscript-gnu-8.60.0.ebuild 2655
-MISC ChangeLog 5436 RMD160 2fcb6503681fc72119270837d193d275e6cc999a SHA1 82e1cf149623bd6f2f7985771bc97826dd56b896 SHA256 9ed633fb44382b458c4676587f1f0ad0d94b8cee135e4162538539126cb35c57
-MD5 77dd7dcd3d4fde3979c8cc136edcda8a ChangeLog 5436
-RMD160 2fcb6503681fc72119270837d193d275e6cc999a ChangeLog 5436
-SHA256 9ed633fb44382b458c4676587f1f0ad0d94b8cee135e4162538539126cb35c57 ChangeLog 5436
+MISC ChangeLog 5664 RMD160 41b626e9947749c254991469a4c998b9f260e645 SHA1 f34f028915522108a0e3c0d9682dc14df9d1c326 SHA256 158228a744c6dacce70fd7bc4bfb65806869a75d419ddc3d01da9fe3435aa3c6
+MD5 0d3103d34bf3476c691e30f85b146550 ChangeLog 5664
+RMD160 41b626e9947749c254991469a4c998b9f260e645 ChangeLog 5664
+SHA256 158228a744c6dacce70fd7bc4bfb65806869a75d419ddc3d01da9fe3435aa3c6 ChangeLog 5664
 MISC metadata.xml 161 RMD160 1e5b1e42553c8869b93c4a5448e9a2a2ed9fe525 SHA1 209c6a46e4cdd891980115e42ba419e3799f8088 SHA256 7c85e6739a71f5bb23e8de36c88677d772946e61f7285892f7554e37bd2bca76
 MD5 26b4b081d538c195dc39bcb2ec8e6f3a metadata.xml 161
 RMD160 1e5b1e42553c8869b93c4a5448e9a2a2ed9fe525 metadata.xml 161
@@ -41,3 +49,6 @@ SHA256 2b693f6aabf944f9be5d3745c92d9b9f4c20fea89c66d365f3c12ad7ce1b6e19 files/di
 MD5 cc3fcaa4cad20fa3e3850a42fd609948 files/digest-ghostscript-gnu-8.60.0 783
 RMD160 43445efdd32cfc1ace178b61fa0846a42bd1f841 files/digest-ghostscript-gnu-8.60.0 783
 SHA256 8c1e3203661a70f1c93c24ffd4facfc589291d8da894893b98b4572ed695d9d5 files/digest-ghostscript-gnu-8.60.0 783
+MD5 cc3fcaa4cad20fa3e3850a42fd609948 files/digest-ghostscript-gnu-8.60.0-r1 783
+RMD160 43445efdd32cfc1ace178b61fa0846a42bd1f841 files/digest-ghostscript-gnu-8.60.0-r1 783
+SHA256 8c1e3203661a70f1c93c24ffd4facfc589291d8da894893b98b4572ed695d9d5 files/digest-ghostscript-gnu-8.60.0-r1 783
diff --git a/app-text/ghostscript-gnu/files/digest-ghostscript-gnu-8.60.0-r1 b/app-text/ghostscript-gnu/files/digest-ghostscript-gnu-8.60.0-r1
new file mode 100644
index 000000000000..44ae56192760
--- /dev/null
+++ b/app-text/ghostscript-gnu/files/digest-ghostscript-gnu-8.60.0-r1
@@ -0,0 +1,9 @@
+MD5 2fbae60417d42779f6488ab897dcaaf6 acro5-cmaps-2001.tar.gz 631653
+RMD160 c723afc2207157a434988b46bcf0a458281c29a4 acro5-cmaps-2001.tar.gz 631653
+SHA256 80abec481fd4b5e59ac3d3f5790542dbfabe3c9269a6ac17064160d6dab38ee4 acro5-cmaps-2001.tar.gz 631653
+MD5 dfc93dd2aaaf2b86d2fd55f654c13261 adobe-cmaps-200406.tar.gz 5001983
+RMD160 284b943b3476f6f7e2bc49842fd027c6f7f57552 adobe-cmaps-200406.tar.gz 5001983
+SHA256 0f397255506cda4b20e362ab5e3f6cdacba09e0a0cca7f4d93afd980977c5689 adobe-cmaps-200406.tar.gz 5001983
+MD5 e04be1a195d658ef5d347a5eb30b0b8c gnu-ghostscript-8.60.0.tar.bz2 8383504
+RMD160 0c0c3d313712c27a0c84009fa4219d0841607fc5 gnu-ghostscript-8.60.0.tar.bz2 8383504
+SHA256 c61aa3e59927e6ae537b33eabc23527ce201234ad8d1a00d790e5e0f35ce1307 gnu-ghostscript-8.60.0.tar.bz2 8383504
diff --git a/app-text/ghostscript-gnu/files/ghostscript-CVE-2007-2721.patch b/app-text/ghostscript-gnu/files/ghostscript-CVE-2007-2721.patch
new file mode 100644
index 000000000000..799bf51ee63f
--- /dev/null
+++ b/app-text/ghostscript-gnu/files/ghostscript-CVE-2007-2721.patch
@@ -0,0 +1,47 @@
+--- /trunk/gs/jasper/src/libjasper/jp2/jp2_cod.c	2007/10/17 18:27:58	8297
++++ trunk/gs/jasper/src/libjasper/jp2/jp2_cod.c	2007/10/17 23:04:50	8298
+@@ -247,7 +247,7 @@
+ 	box = 0;
+ 	tmpstream = 0;
+ 
+-	if (!(box = jas_malloc(sizeof(jp2_box_t)))) {
++	if (!(box = jas_calloc(1, sizeof(jp2_box_t)))) {
+ 		goto error;
+ 	}
+ 	box->ops = &jp2_boxinfo_unk.ops;
+--- /trunk/gs/jasper/src/libjasper/jpc/jpc_cs.c	2007/10/17 18:27:58	8297
++++ trunk/gs/jasper/src/libjasper/jpc/jpc_cs.c	2007/10/17 23:04:50	8298
+@@ -991,7 +991,10 @@
+ 		compparms->numstepsizes = (len - n) / 2;
+ 		break;
+ 	}
+-if (compparms->numstepsizes > 0) {
++if (compparms->numstepsizes > 3 * JPC_MAXRLVLS + 1) {
++		jpc_qcx_destroycompparms(compparms);
++                return -1;
++        } else if (compparms->numstepsizes > 0) {
+ 	compparms->stepsizes = jas_malloc(compparms->numstepsizes *
+ 	  sizeof(uint_fast32_t));
+ 	assert(compparms->stepsizes);
+--- /trunk/gs/jasper/src/libjasper/jpc/jpc_dec.c	2007/10/17 18:27:58	8297
++++ trunk/gs/jasper/src/libjasper/jpc/jpc_dec.c	2007/10/17 23:04:50	8298
+@@ -1219,7 +1219,7 @@
+ 	dec->numhtiles = JPC_CEILDIV(dec->xend - dec->tilexoff, dec->tilewidth);
+ 	dec->numvtiles = JPC_CEILDIV(dec->yend - dec->tileyoff, dec->tileheight);
+ 	dec->numtiles = dec->numhtiles * dec->numvtiles;
+-	if (!(dec->tiles = jas_malloc(dec->numtiles * sizeof(jpc_dec_tile_t)))) {
++	if (!(dec->tiles = jas_calloc(dec->numtiles, sizeof(jpc_dec_tile_t)))) {
+ 		return -1;
+ 	}
+ 
+@@ -1243,7 +1243,7 @@
+ 		tile->pkthdrstreampos = 0;
+ 		tile->pptstab = 0;
+ 		tile->cp = 0;
+-		if (!(tile->tcomps = jas_malloc(dec->numcomps *
++		if (!(tile->tcomps = jas_calloc(dec->numcomps,
+ 		  sizeof(jpc_dec_tcomp_t)))) {
+ 			return -1;
+ 		}
+ 
+
diff --git a/app-text/ghostscript-gnu/ghostscript-gnu-8.60.0-r1.ebuild b/app-text/ghostscript-gnu/ghostscript-gnu-8.60.0-r1.ebuild
new file mode 100644
index 000000000000..e9a47d56bd57
--- /dev/null
+++ b/app-text/ghostscript-gnu/ghostscript-gnu-8.60.0-r1.ebuild
@@ -0,0 +1,95 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-text/ghostscript-gnu/ghostscript-gnu-8.60.0-r1.ebuild,v 1.1 2007/11/13 23:27:40 tgurr Exp $
+
+WANT_AUTOMAKE=1.9
+
+inherit autotools elisp-common eutils versionator flag-o-matic
+
+DESCRIPTION="GNU Ghostscript - patched GPL Ghostscript"
+HOMEPAGE="http://www.gnu.org/software/ghostscript/"
+
+MY_P=gnu-ghostscript-${PV}
+PVM=$(get_version_component_range 1-2)
+SRC_URI="cjk? ( ftp://ftp.gyve.org/pub/gs-cjk/adobe-cmaps-200406.tar.gz
+		ftp://ftp.gyve.org/pub/gs-cjk/acro5-cmaps-2001.tar.gz )
+	mirror://gnu/ghostscript/${MY_P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+IUSE="X cups cjk gtk jpeg2k"
+
+DEP="virtual/libc
+	>=media-libs/jpeg-6b
+	>=media-libs/libpng-1.2.5
+	>=sys-libs/zlib-1.1.4
+	>=media-libs/tiff-3.7
+	X? ( x11-libs/libXt x11-libs/libXext )
+	gtk? ( >=x11-libs/gtk+-2.0 )
+	cups? ( >=net-print/cups-1.1.20 )
+	!app-text/ghostscript-esp
+	!app-text/ghostscript-gpl"
+
+RDEPEND="${DEP}
+	cjk? ( media-fonts/arphicfonts
+		media-fonts/kochi-substitute
+		media-fonts/baekmuk-fonts )
+	media-fonts/gnu-gs-fonts-std"
+
+DEPEND="${DEP}
+	gtk? ( dev-util/pkgconfig )"
+
+S=${WORKDIR}/${MY_P}
+
+src_unpack() {
+	unpack ${A/adobe-cmaps-200406.tar.gz acro5-cmaps-2001.tar.gz}
+	if use cjk; then
+		cat "${FILESDIR}"/ghostscript-esp-8.15.2-cidfmap.cjk >> "${S}"/lib/cidfmap
+		cat "${FILESDIR}"/ghostscript-esp-8.15.2-FAPIcidfmap.cjk >> "${S}"/lib/FAPIcidfmap
+		cd "${S}"/Resource
+		unpack adobe-cmaps-200406.tar.gz
+		unpack acro5-cmaps-2001.tar.gz
+		cd "${WORKDIR}"
+	fi
+
+	cd "${S}"
+
+	epatch "${FILESDIR}"/ghostscript-CVE-2007-2721.patch
+
+	# search path fix
+	sed -i -e "s:\$\(gsdatadir\)/lib:/usr/share/ghostscript/${PVM}/$(get_libdir):" \
+		-e 's:$(gsdir)/fonts:/usr/share/fonts/default/ghostscript/:' \
+		-e "s:exdir=.*:exdir=/usr/share/doc/${PF}/examples:" \
+		-e "s:docdir=.*:docdir=/usr/share/doc/${PF}/html:" \
+		-e "s:GS_DOCDIR=.*:GS_DOCDIR=/usr/share/doc/${PF}/html:" \
+		Makefile.in src/*.mak || die "sed failed"
+}
+
+src_compile() {
+	econf $(use_with X x) \
+		$(use_with jpeg2k jasper) \
+		$(use_enable cups) \
+		$(use_enable gtk) \
+		--with-ijs \
+		--with-jbig2dec \
+		--disable-compile-inits \
+		--enable-dynamic \
+		|| die "econf failed"
+
+	emake -j1 so all || die "emake failed"
+
+	cd ijs
+	econf || die "ijs econf failed"
+	emake || die "ijs emake failed"
+}
+
+src_install() {
+	emake DESTDIR="${D}" install-so install || die "emake install failed"
+
+	rm -fr "${D}"/usr/share/doc/${PF}/html/{README,PUBLIC}
+	dodoc doc/README
+
+	cd "${S}"/ijs
+	emake DESTDIR="${D}" install || die "emake ijs install failed"
+}