commit: c833e82151f379f180b50c7dff58b8f989a9c1a9 Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> AuthorDate: Wed Aug 3 13:37:49 2016 +0000 Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> CommitDate: Wed Aug 3 13:38:12 2016 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c833e821
media-libs/tiff: Revbump for security bug #585274 Removing vulnerable gif2tiff (CVE-2016-5102) Upstream seems to no longer ship this tool with >=tiff-4.0.7 versions. Package-Manager: portage-2.3.0 Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org> .../tiff/files/tiff-4.0.6-gif2tiff_removal.patch | 37 +++++++++++ media-libs/tiff/tiff-4.0.6-r1.ebuild | 74 ++++++++++++++++++++++ 2 files changed, 111 insertions(+) diff --git a/media-libs/tiff/files/tiff-4.0.6-gif2tiff_removal.patch b/media-libs/tiff/files/tiff-4.0.6-gif2tiff_removal.patch new file mode 100644 index 0000000..9cf4ec5 --- /dev/null +++ b/media-libs/tiff/files/tiff-4.0.6-gif2tiff_removal.patch @@ -0,0 +1,37 @@ +# Removing vulnerable gif2tiff (CVE-2016-5102) +# Upstream seems to no longer ship this tool with >=tiff-4.0.7 versions. + +http://bugzilla.maptools.org/show_bug.cgi?id=2552 +https://bugzilla.redhat.com/show_bug.cgi?id=1343407 +https://bugs.gentoo.org/585274 + +--- tiff-4.0.6/man/Makefile.am ++++ tiff-4.0.6/man/Makefile.am +@@ -27,7 +27,6 @@ + bmp2tiff.1 \ + fax2ps.1 \ + fax2tiff.1 \ +- gif2tiff.1 \ + pal2rgb.1 \ + ppm2tiff.1 \ + ras2tiff.1 \ +--- tiff-4.0.6/tools/Makefile.am ++++ tiff-4.0.6/tools/Makefile.am +@@ -34,7 +34,6 @@ + bmp2tiff \ + fax2ps \ + fax2tiff \ +- gif2tiff \ + pal2rgb \ + ppm2tiff \ + ras2tiff \ +@@ -73,9 +72,6 @@ + fax2tiff_SOURCES = fax2tiff.c + fax2tiff_LDADD = $(LIBTIFF) $(LIBPORT) + +-gif2tiff_SOURCES = gif2tiff.c +-gif2tiff_LDADD = $(LIBTIFF) $(LIBPORT) +- + pal2rgb_SOURCES = pal2rgb.c + pal2rgb_LDADD = $(LIBTIFF) $(LIBPORT) + diff --git a/media-libs/tiff/tiff-4.0.6-r1.ebuild b/media-libs/tiff/tiff-4.0.6-r1.ebuild new file mode 100644 index 0000000..b652b05 --- /dev/null +++ b/media-libs/tiff/tiff-4.0.6-r1.ebuild @@ -0,0 +1,74 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=6 +inherit autotools eutils libtool multilib-minimal + +DESCRIPTION="Tag Image File Format (TIFF) library" +HOMEPAGE="http://www.remotesensing.org/libtiff/"; +SRC_URI="http://download.osgeo.org/libtiff/${P}.tar.gz + ftp://ftp.remotesensing.org/pub/libtiff/${P}.tar.gz"; + +LICENSE="libtiff" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~x64-solaris ~x86-solaris" +IUSE="+cxx jbig jpeg lzma static-libs test zlib" + +RDEPEND="jpeg? ( >=virtual/jpeg-0-r2:0=[${MULTILIB_USEDEP}] ) + jbig? ( >=media-libs/jbigkit-2.1:=[${MULTILIB_USEDEP}] ) + lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[${MULTILIB_USEDEP}] ) + zlib? ( >=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}] ) + abi_x86_32? ( + !<=app-emulation/emul-linux-x86-baselibs-20130224-r9 + !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] + )" +DEPEND="${RDEPEND}" + +REQUIRED_USE="test? ( jpeg )" #483132 + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/tiffconf.h +) + +PATCHES=( + "${FILESDIR}/${P}-gif2tiff_removal.patch" # 585274 +) + +src_prepare() { + default + eautoreconf +} + +multilib_src_configure() { + ECONF_SOURCE="${S}" econf \ + $(use_enable static-libs static) \ + $(use_enable zlib) \ + $(use_enable jpeg) \ + $(use_enable jbig) \ + $(use_enable lzma) \ + $(use_enable cxx) \ + --without-x + + # remove useless subdirs + if ! multilib_is_native_abi ; then + sed -i \ + -e 's/ tools//' \ + -e 's/ contrib//' \ + -e 's/ man//' \ + -e 's/ html//' \ + Makefile || die + fi +} + +multilib_src_test() { + if ! multilib_is_native_abi ; then + emake -C tools + fi + emake check +} + +multilib_src_install_all() { + prune_libtool_files --all + rm -f "${ED}"/usr/share/doc/${PF}/{COPYRIGHT,README*,RELEASE-DATE,TODO,VERSION} +}
