diff options
| author |   Daniel Gryniewicz <dang@gentoo.org> | 2009-04-06 13:38:46 +0000 |
|---|---|---|
| committer | Daniel Gryniewicz <dang@gentoo.org> | 2009-04-06 13:38:46 +0000 |
| commit | 0fa9664c7baf5349f0d09fed35d74ce330a219c6 (patch) | |
| tree | 43424756886139453ff1d5af5d46b3621fc1567e /media-libs/lcms | |
| parent | alpha/ia64 stable (diff) | |
| download | historical-0fa9664c7baf5349f0d09fed35d74ce330a219c6.tar.gz historical-0fa9664c7baf5349f0d09fed35d74ce330a219c6.tar.bz2 historical-0fa9664c7baf5349f0d09fed35d74ce330a219c6.zip | |
Fix for CVE-2009-0793, bug #264604
Package-Manager: portage-2.1.6.11/cvs/Linux x86_64
Diffstat (limited to 'media-libs/lcms')
| -rw-r--r-- | media-libs/lcms/ChangeLog | 10 | ||||
| -rw-r--r-- | media-libs/lcms/Manifest | 14 | ||||
| -rw-r--r-- | media-libs/lcms/files/lcms-CVE-2009-0793.patch | 23 | ||||
| -rw-r--r-- | media-libs/lcms/lcms-1.18-r1.ebuild | 55 |
4 files changed, 100 insertions, 2 deletions
diff --git a/media-libs/lcms/ChangeLog b/media-libs/lcms/ChangeLog index eaba7de3d3ad..31bb8701e1cd 100644 --- a/media-libs/lcms/ChangeLog +++ b/media-libs/lcms/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for media-libs/lcms # Copyright 2002-2009 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/media-libs/lcms/ChangeLog,v 1.97 2009/04/06 13:01:09 armin76 Exp $ +# $Header: /var/cvsroot/gentoo-x86/media-libs/lcms/ChangeLog,v 1.98 2009/04/06 13:38:46 dang Exp $ + +*lcms-1.18-r1 (06 Apr 2009) + + 06 Apr 2009; Daniel Gryniewicz <dang@gentoo.org> + +files/lcms-CVE-2009-0793.patch, +lcms-1.18-r1.ebuild: + Bump to lcms-1.18-r1 + + Fix for CVE-2009-0793, bug #264604 06 Apr 2009; Raúl Porcel <armin76@gentoo.org> lcms-1.18.ebuild: arm/ia64/s390/sh stable wrt #260269 diff --git a/media-libs/lcms/Manifest b/media-libs/lcms/Manifest index 9990674ed10f..912f6ecb1da4 100644 --- a/media-libs/lcms/Manifest +++ b/media-libs/lcms/Manifest @@ -1,5 +1,9 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + AUX lcms-1.15-bsd.patch 340 RMD160 e4119079acc099cb80a77a292f3ecf012eefe2b8 SHA1 570e6ee2b2e036b1f0038f978d53cf82519c9c77 SHA256 570feeae39f50732468292088b8c9c8189b3074f0f9629897864a73eb2d759b7 AUX lcms-1.17-multilib.patch 1695 RMD160 a59505fb9b512408314339362dc79399a786f500 SHA1 cd43616031304ce31fe685fe452117d103e6bf5a SHA256 3cf451dff9470c0ee004445d919fbb1245dd05ad0ad206607e7cb0f96000a383 +AUX lcms-CVE-2009-0793.patch 971 RMD160 6f7b14dd2b97071cae7c1b70d3e28df32431a137 SHA1 41714817248f5475ac975f815bf8847bbba3b034 SHA256 da71dbd8af0b287923ed48112fd85b43b9cc8ef82f051f4f499edf4c95898de5 AUX lcms.i.diff 803 RMD160 7d749a249f961fe697025991a81f60079c7fdecf SHA1 96bd4272a8b1e7798a29e9f2b8564c11ad9417ff SHA256 f54fc81e6f5a474ac4cf3c699b39e0c73cba7f645beca5b69a20c4e8a0e47c50 DIST lcms-1.14.tar.gz 669519 RMD160 85f87baeff14a3c1502e7b4c7e8281aaa04e34c0 SHA1 7f98d09bc2acc46d7641034b88449142f78bf8ff SHA256 b19302d43ed5dadbb4ae3460b19250ec2ad616e6fcc132d4f4578195da5d77a9 DIST lcms-1.15.tar.gz 777834 RMD160 2cdb38039931cd35f550eabaa3421df6b9bfd0e4 SHA1 45cabf4d251c031b13fc56239a06f00992320a2e SHA256 930ef7de15eb028c1cdbfe3f1170aaa1d5b0b4d45a8fa496d944216e155122c2 @@ -10,6 +14,14 @@ EBUILD lcms-1.14-r1.ebuild 1313 RMD160 3b6dba5481328aa3c623971cfb8ed40b7d184e36 EBUILD lcms-1.15.ebuild 1248 RMD160 b8d9083e2e7da0e2cb9fd7cd2cd53aaa8dcf1344 SHA1 bf074a984d041193725888bb96747320574ce6b4 SHA256 50fd72913db60e07b1a5d8555f1a7b607f90119b152c2dcbd0719ec177accd78 EBUILD lcms-1.16.ebuild 1446 RMD160 4826b8d2388db77d3686bd8ead15a78ce8a56799 SHA1 e9c0e29161d3fcacdbe5097b7ea7198862d37b69 SHA256 d8aa88dc401bec2b1a50e8edff26559ef159658fb7abaf9798ea2f68c0a08c67 EBUILD lcms-1.17.ebuild 1491 RMD160 18b5db98239499f277227dc8a56272b0bfd29de3 SHA1 df7d4fae7980230ec0afa7a3b15f2bb3fc45f8c8 SHA256 7a9f2b30b68d5ac81cfb0cb46d739b140636a47c34940671e4e1475656555e96 +EBUILD lcms-1.18-r1.ebuild 1347 RMD160 b8d59e3aad554f258319164d6a5879d71686fddc SHA1 c7e32a55fd1b518a898b71630e91aebfee824ef4 SHA256 433877879936aecc23938acc538ecdca950f47005761dc643e47bef5c0c1bf8c EBUILD lcms-1.18.ebuild 1250 RMD160 33c52854f1d219d1bbfe2c84cf0413b37bb39dfe SHA1 7ef66f807b406d88799e56ca42c7d1d947c52fb3 SHA256 d67fead34124b4750a37e0753ca33beff042656393ae5941bfbafb10f3c42a97 -MISC ChangeLog 11514 RMD160 43c2ed9970cb2df84002c40554755295319fb223 SHA1 ebdd32e40b062b31de4866222012417b0a9ae996 SHA256 27e0ef5523cd4377f65c46c2aa32c6a4041eb7f1e0bcf10943c8b32bb7bd9b09 +MISC ChangeLog 11710 RMD160 c12d9b30b24a1e19a21af1dce6b07128eaf6ca37 SHA1 4d3411ec1b9479a510f67298eb443def9e5d6564 SHA256 7ba334827510c442e75131f751522a19a424f5a3d79afb0d7728a4b4646a8151 MISC metadata.xml 161 RMD160 1e5b1e42553c8869b93c4a5448e9a2a2ed9fe525 SHA1 209c6a46e4cdd891980115e42ba419e3799f8088 SHA256 7c85e6739a71f5bb23e8de36c88677d772946e61f7285892f7554e37bd2bca76 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.11 (GNU/Linux) + +iD8DBQFJ2gXxomPajV0RnrERAlcOAJ9i1lrmGOArd+HnummlFthlgiTqFACcDf/K +KhOG9wXO/AT84GTKQvNT7Nk= +=pOWG +-----END PGP SIGNATURE----- diff --git a/media-libs/lcms/files/lcms-CVE-2009-0793.patch b/media-libs/lcms/files/lcms-CVE-2009-0793.patch new file mode 100644 index 000000000000..6cdcc6adcab7 --- /dev/null +++ b/media-libs/lcms/files/lcms-CVE-2009-0793.patch @@ -0,0 +1,23 @@ +diff --exclude-from=/home/dang/.scripts/diffrc -up -ruN lcms-1.18.orig/src/cmsxform.c lcms-1.18/src/cmsxform.c +--- lcms-1.18.orig/src/cmsxform.c 2009-03-21 11:31:52.000000000 -0400 ++++ lcms-1.18/src/cmsxform.c 2009-04-06 09:24:26.000000000 -0400 +@@ -660,6 +660,9 @@ LPMATSHAPER cmsBuildGrayOutputMatrixShap + GrayTRC = cmsReadICCGamma(hProfile, icSigGrayTRCTag); + FromLstarToXYZ(GrayTRC, Shapes1); + ++ if (GrayTRC == NULL) ++ return NULL; ++ + // Reversing must be done after curve translation + + Shapes[0] = cmsReverseGamma(Shapes1[0]->nEntries, Shapes1[0]); +@@ -675,6 +678,9 @@ LPMATSHAPER cmsBuildGrayOutputMatrixShap + + GrayTRC = cmsReadICCGammaReversed(hProfile, icSigGrayTRCTag); // Y + ++ if (GrayTRC == NULL) ++ return NULL; ++ + Shapes[0] = cmsDupGamma(GrayTRC); + Shapes[1] = cmsDupGamma(GrayTRC); + Shapes[2] = cmsDupGamma(GrayTRC); diff --git a/media-libs/lcms/lcms-1.18-r1.ebuild b/media-libs/lcms/lcms-1.18-r1.ebuild new file mode 100644 index 000000000000..f6915fafa42b --- /dev/null +++ b/media-libs/lcms/lcms-1.18-r1.ebuild @@ -0,0 +1,55 @@ +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/media-libs/lcms/lcms-1.18-r1.ebuild,v 1.1 2009/04/06 13:38:46 dang Exp $ + +EAPI="2" + +inherit libtool eutils multilib + +DESCRIPTION="A lightweight, speed optimized color management engine" +HOMEPAGE="http://www.littlecms.com/" +SRC_URI="http://www.littlecms.com/${P}.tar.gz" + +LICENSE="MIT" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd" +IUSE="tiff jpeg zlib python" + +RDEPEND="tiff? ( media-libs/tiff ) + jpeg? ( media-libs/jpeg ) + zlib? ( sys-libs/zlib )" +DEPEND="${RDEPEND} + python? ( >=dev-lang/swig-1.3.31 )" + +src_prepare() { + # Fix for CVE-2009-0793, bug #264604 + epatch "${FILESDIR}"/${PN}-CVE-2009-0793.patch + + # run swig to regenerate lcms_wrap.cxx and lcms.py (bug #148728) + if use python; then + cd "${S}"/python + ./swig_lcms || die "swig_lcms failed" + fi +} + +src_configure() { + econf \ + --disable-dependency-tracking \ + $(use_with jpeg) \ + $(use_with python) \ + $(use_with tiff) \ + $(use_with zlib) +} + +src_install() { + emake \ + DESTDIR="${D}" \ + BINDIR="${D}"/usr/bin \ + libdir=/usr/$(get_libdir) \ + install || die "make install failed" + + insinto /usr/share/lcms/profiles + doins testbed/*.icm + + dodoc AUTHORS README* INSTALL NEWS doc/* +} |