diff options
| author |   Timo Gurr <tgurr@gentoo.org> | 2007-11-13 23:27:40 +0000 |
|---|---|---|
| committer | Timo Gurr <tgurr@gentoo.org> | 2007-11-13 23:27:40 +0000 |
| commit | 13052836176c89d932edbd7f6e01665e4c89ff75 (patch) | |
| tree | 1a322bd506744bd0834a787f03e86da56c491a7b /app-text | |
| parent | Added setuptools dep and call to distutils_src_unpack (bug #199060), cleanup.... (diff) | |
| download | gentoo-2-13052836176c89d932edbd7f6e01665e4c89ff75.tar.gz gentoo-2-13052836176c89d932edbd7f6e01665e4c89ff75.tar.bz2 gentoo-2-13052836176c89d932edbd7f6e01665e4c89ff75.zip | |
Revbump adding the patch to fix CVE-2007-2721, see bug #196860.
(Portage version: 2.1.3.19)
Diffstat (limited to 'app-text')
4 files changed, 158 insertions, 1 deletions
diff --git a/app-text/ghostscript-gnu/ChangeLog b/app-text/ghostscript-gnu/ChangeLog index d7949d77c8d6..5ddbf870e87f 100644 --- a/app-text/ghostscript-gnu/ChangeLog +++ b/app-text/ghostscript-gnu/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for app-text/ghostscript-gnu # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-text/ghostscript-gnu/ChangeLog,v 1.33 2007/10/21 18:26:36 genstef Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-text/ghostscript-gnu/ChangeLog,v 1.34 2007/11/13 23:27:40 tgurr Exp $ + +*ghostscript-gnu-8.60.0-r1 (13 Nov 2007) + + 13 Nov 2007; Timo Gurr <tgurr@gentoo.org> + +files/ghostscript-CVE-2007-2721.patch, +ghostscript-gnu-8.60.0-r1.ebuild: + Revbump adding the patch to fix CVE-2007-2721, see bug #196860. *ghostscript-gnu-8.60.0 (21 Oct 2007) diff --git a/app-text/ghostscript-gnu/files/digest-ghostscript-gnu-8.60.0-r1 b/app-text/ghostscript-gnu/files/digest-ghostscript-gnu-8.60.0-r1 new file mode 100644 index 000000000000..44ae56192760 --- /dev/null +++ b/app-text/ghostscript-gnu/files/digest-ghostscript-gnu-8.60.0-r1 @@ -0,0 +1,9 @@ +MD5 2fbae60417d42779f6488ab897dcaaf6 acro5-cmaps-2001.tar.gz 631653 +RMD160 c723afc2207157a434988b46bcf0a458281c29a4 acro5-cmaps-2001.tar.gz 631653 +SHA256 80abec481fd4b5e59ac3d3f5790542dbfabe3c9269a6ac17064160d6dab38ee4 acro5-cmaps-2001.tar.gz 631653 +MD5 dfc93dd2aaaf2b86d2fd55f654c13261 adobe-cmaps-200406.tar.gz 5001983 +RMD160 284b943b3476f6f7e2bc49842fd027c6f7f57552 adobe-cmaps-200406.tar.gz 5001983 +SHA256 0f397255506cda4b20e362ab5e3f6cdacba09e0a0cca7f4d93afd980977c5689 adobe-cmaps-200406.tar.gz 5001983 +MD5 e04be1a195d658ef5d347a5eb30b0b8c gnu-ghostscript-8.60.0.tar.bz2 8383504 +RMD160 0c0c3d313712c27a0c84009fa4219d0841607fc5 gnu-ghostscript-8.60.0.tar.bz2 8383504 +SHA256 c61aa3e59927e6ae537b33eabc23527ce201234ad8d1a00d790e5e0f35ce1307 gnu-ghostscript-8.60.0.tar.bz2 8383504 diff --git a/app-text/ghostscript-gnu/files/ghostscript-CVE-2007-2721.patch b/app-text/ghostscript-gnu/files/ghostscript-CVE-2007-2721.patch new file mode 100644 index 000000000000..799bf51ee63f --- /dev/null +++ b/app-text/ghostscript-gnu/files/ghostscript-CVE-2007-2721.patch @@ -0,0 +1,47 @@ +--- /trunk/gs/jasper/src/libjasper/jp2/jp2_cod.c 2007/10/17 18:27:58 8297 ++++ trunk/gs/jasper/src/libjasper/jp2/jp2_cod.c 2007/10/17 23:04:50 8298 +@@ -247,7 +247,7 @@ + box = 0; + tmpstream = 0; + +- if (!(box = jas_malloc(sizeof(jp2_box_t)))) { ++ if (!(box = jas_calloc(1, sizeof(jp2_box_t)))) { + goto error; + } + box->ops = &jp2_boxinfo_unk.ops; +--- /trunk/gs/jasper/src/libjasper/jpc/jpc_cs.c 2007/10/17 18:27:58 8297 ++++ trunk/gs/jasper/src/libjasper/jpc/jpc_cs.c 2007/10/17 23:04:50 8298 +@@ -991,7 +991,10 @@ + compparms->numstepsizes = (len - n) / 2; + break; + } +-if (compparms->numstepsizes > 0) { ++if (compparms->numstepsizes > 3 * JPC_MAXRLVLS + 1) { ++ jpc_qcx_destroycompparms(compparms); ++ return -1; ++ } else if (compparms->numstepsizes > 0) { + compparms->stepsizes = jas_malloc(compparms->numstepsizes * + sizeof(uint_fast32_t)); + assert(compparms->stepsizes); +--- /trunk/gs/jasper/src/libjasper/jpc/jpc_dec.c 2007/10/17 18:27:58 8297 ++++ trunk/gs/jasper/src/libjasper/jpc/jpc_dec.c 2007/10/17 23:04:50 8298 +@@ -1219,7 +1219,7 @@ + dec->numhtiles = JPC_CEILDIV(dec->xend - dec->tilexoff, dec->tilewidth); + dec->numvtiles = JPC_CEILDIV(dec->yend - dec->tileyoff, dec->tileheight); + dec->numtiles = dec->numhtiles * dec->numvtiles; +- if (!(dec->tiles = jas_malloc(dec->numtiles * sizeof(jpc_dec_tile_t)))) { ++ if (!(dec->tiles = jas_calloc(dec->numtiles, sizeof(jpc_dec_tile_t)))) { + return -1; + } + +@@ -1243,7 +1243,7 @@ + tile->pkthdrstreampos = 0; + tile->pptstab = 0; + tile->cp = 0; +- if (!(tile->tcomps = jas_malloc(dec->numcomps * ++ if (!(tile->tcomps = jas_calloc(dec->numcomps, + sizeof(jpc_dec_tcomp_t)))) { + return -1; + } + + diff --git a/app-text/ghostscript-gnu/ghostscript-gnu-8.60.0-r1.ebuild b/app-text/ghostscript-gnu/ghostscript-gnu-8.60.0-r1.ebuild new file mode 100644 index 000000000000..e9a47d56bd57 --- /dev/null +++ b/app-text/ghostscript-gnu/ghostscript-gnu-8.60.0-r1.ebuild @@ -0,0 +1,95 @@ +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-text/ghostscript-gnu/ghostscript-gnu-8.60.0-r1.ebuild,v 1.1 2007/11/13 23:27:40 tgurr Exp $ + +WANT_AUTOMAKE=1.9 + +inherit autotools elisp-common eutils versionator flag-o-matic + +DESCRIPTION="GNU Ghostscript - patched GPL Ghostscript" +HOMEPAGE="http://www.gnu.org/software/ghostscript/" + +MY_P=gnu-ghostscript-${PV} +PVM=$(get_version_component_range 1-2) +SRC_URI="cjk? ( ftp://ftp.gyve.org/pub/gs-cjk/adobe-cmaps-200406.tar.gz + ftp://ftp.gyve.org/pub/gs-cjk/acro5-cmaps-2001.tar.gz ) + mirror://gnu/ghostscript/${MY_P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" +IUSE="X cups cjk gtk jpeg2k" + +DEP="virtual/libc + >=media-libs/jpeg-6b + >=media-libs/libpng-1.2.5 + >=sys-libs/zlib-1.1.4 + >=media-libs/tiff-3.7 + X? ( x11-libs/libXt x11-libs/libXext ) + gtk? ( >=x11-libs/gtk+-2.0 ) + cups? ( >=net-print/cups-1.1.20 ) + !app-text/ghostscript-esp + !app-text/ghostscript-gpl" + +RDEPEND="${DEP} + cjk? ( media-fonts/arphicfonts + media-fonts/kochi-substitute + media-fonts/baekmuk-fonts ) + media-fonts/gnu-gs-fonts-std" + +DEPEND="${DEP} + gtk? ( dev-util/pkgconfig )" + +S=${WORKDIR}/${MY_P} + +src_unpack() { + unpack ${A/adobe-cmaps-200406.tar.gz acro5-cmaps-2001.tar.gz} + if use cjk; then + cat "${FILESDIR}"/ghostscript-esp-8.15.2-cidfmap.cjk >> "${S}"/lib/cidfmap + cat "${FILESDIR}"/ghostscript-esp-8.15.2-FAPIcidfmap.cjk >> "${S}"/lib/FAPIcidfmap + cd "${S}"/Resource + unpack adobe-cmaps-200406.tar.gz + unpack acro5-cmaps-2001.tar.gz + cd "${WORKDIR}" + fi + + cd "${S}" + + epatch "${FILESDIR}"/ghostscript-CVE-2007-2721.patch + + # search path fix + sed -i -e "s:\$\(gsdatadir\)/lib:/usr/share/ghostscript/${PVM}/$(get_libdir):" \ + -e 's:$(gsdir)/fonts:/usr/share/fonts/default/ghostscript/:' \ + -e "s:exdir=.*:exdir=/usr/share/doc/${PF}/examples:" \ + -e "s:docdir=.*:docdir=/usr/share/doc/${PF}/html:" \ + -e "s:GS_DOCDIR=.*:GS_DOCDIR=/usr/share/doc/${PF}/html:" \ + Makefile.in src/*.mak || die "sed failed" +} + +src_compile() { + econf $(use_with X x) \ + $(use_with jpeg2k jasper) \ + $(use_enable cups) \ + $(use_enable gtk) \ + --with-ijs \ + --with-jbig2dec \ + --disable-compile-inits \ + --enable-dynamic \ + || die "econf failed" + + emake -j1 so all || die "emake failed" + + cd ijs + econf || die "ijs econf failed" + emake || die "ijs emake failed" +} + +src_install() { + emake DESTDIR="${D}" install-so install || die "emake install failed" + + rm -fr "${D}"/usr/share/doc/${PF}/html/{README,PUBLIC} + dodoc doc/README + + cd "${S}"/ijs + emake DESTDIR="${D}" install || die "emake ijs install failed" +} |