diff options
| author |   Pacho Ramos <pacho@gentoo.org> | 2012-12-01 08:45:01 +0000 |
|---|---|---|
| committer | Pacho Ramos <pacho@gentoo.org> | 2012-12-01 08:45:01 +0000 |
| commit | 185917eab3a117f0d658f1c0737fab56c46f711f (patch) | |
| tree | 4dc7bb913f84d21e678e84a041ba352b3707b67d /media-gfx/argyllcms | |
| parent | This has now a proxy maintainer, bug #431172#c5 (diff) | |
| download | historical-185917eab3a117f0d658f1c0737fab56c46f711f.tar.gz historical-185917eab3a117f0d658f1c0737fab56c46f711f.tar.bz2 historical-185917eab3a117f0d658f1c0737fab56c46f711f.zip | |
Fix CVE-2012-4405
Package-Manager: portage-2.1.11.32/cvs/Linux x86_64
Manifest-Sign-Key: 0xA188FBD4
Diffstat (limited to 'media-gfx/argyllcms')
| -rw-r--r-- | media-gfx/argyllcms/ChangeLog | 9 | ||||
| -rw-r--r-- | media-gfx/argyllcms/Manifest | 16 | ||||
| -rw-r--r-- | media-gfx/argyllcms/argyllcms-1.4.0-r1.ebuild | 89 | ||||
| -rw-r--r-- | media-gfx/argyllcms/files/argyllcms-1.4.0-CVE-2012-4405.patch | 18 |
4 files changed, 128 insertions, 4 deletions
diff --git a/media-gfx/argyllcms/ChangeLog b/media-gfx/argyllcms/ChangeLog index f0630ac6798e..f165d87fc821 100644 --- a/media-gfx/argyllcms/ChangeLog +++ b/media-gfx/argyllcms/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for media-gfx/argyllcms # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/media-gfx/argyllcms/ChangeLog,v 1.25 2012/10/13 11:00:14 pinkbyte Exp $ +# $Header: /var/cvsroot/gentoo-x86/media-gfx/argyllcms/ChangeLog,v 1.26 2012/12/01 08:44:55 pacho Exp $ + +*argyllcms-1.4.0-r1 (01 Dec 2012) + + 01 Dec 2012; Pacho Ramos <pacho@gentoo.org> +argyllcms-1.4.0-r1.ebuild, + +files/argyllcms-1.4.0-CVE-2012-4405.patch: + Fix CVE-2012-4405 13 Oct 2012; Sergey Popov <pinkbyte@gentoo.org> argyllcms-1.4.0.ebuild: Fix location for installing udev rules wrt bug #438114. Thanks to poncho for @@ -143,4 +149,3 @@ New application, see bug 125774. Thanks go to Guillaume Castagnino and all the previous authors of the ebuild (see bug 125774 for details), and to chiiph, ohnobinki, and hwoarang for reviewing on IRC. - diff --git a/media-gfx/argyllcms/Manifest b/media-gfx/argyllcms/Manifest index f3fd34d19eae..49bce9a0270e 100644 --- a/media-gfx/argyllcms/Manifest +++ b/media-gfx/argyllcms/Manifest @@ -1,5 +1,17 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +AUX argyllcms-1.4.0-CVE-2012-4405.patch 583 SHA256 1a161b912a192e6a0a2d16d74a1734b4b61c303b641a3b5c164dab60166be0be SHA512 30c121ce72608d2bf1dedc9fa1e7d13c7c46b756cdc348131f1199873082c37d4c48a3d927596bb6e7c788fe4afbf331d442a56208cf5acf16079a4d15bc8cb3 WHIRLPOOL e975d9e9e3af36478b19fff37bc862d91aeb904626854d2dfec4e7ea1cdad8e143884128058fa599779638ae4505085f4ff05a20bce0ed958652af8e13244147 AUX argyllcms-1.4.0-jpeg.patch 1111 SHA256 15403ab2480d43f8d2247d0ba6a535e1761c15e286d5eb144470f694b70194e3 SHA512 6f8f55f02f37118e3cec928c8b3d7bdef2b2049a05b217492b9606121f8596a4810f59d7c24ebd97215ad0bc06ab3ada968630772727bc1c02db2a00c3d8aed0 WHIRLPOOL 5a20a27e465a77c2e10303ace389f98bad519ca436c1b661cc96f9ad583547f29c63cb515c2fa7deab7eb056fdf773fbe39c2ba924bdeb02bb71764c6c40e5e5 -DIST Argyll_V1.4.0_src.zip 15242860 SHA256 d33134704d2964db69f9e61eb73188632fe2058cdf57aeaa56e64a264e02b1a8 +DIST Argyll_V1.4.0_src.zip 15242860 SHA256 d33134704d2964db69f9e61eb73188632fe2058cdf57aeaa56e64a264e02b1a8 SHA512 edb9ff1b0a965e79a26c0138afe16472fd18236b55b7262135d70bfc7405001a55d2ada4251111fcbaa0b6f73a3fa2faa2cfe07b3413c8a5ecea04c87e5646ae WHIRLPOOL 7b777f43c9a34966d3fee8ab67010d7253da4054e107749ffe67c4f834c3977a2889c3d0d5035b7e1d186d669c4ead69e2a912682631598630f12056d45acd6b +EBUILD argyllcms-1.4.0-r1.ebuild 2285 SHA256 0d849caac45e82b394120b20ab6157fd5cc7a819a06fe8d03e362834d5e9596f SHA512 f09abd10b0f18ce39f7b233b25d3a9aeddc2e3275f5e44958fce3c85c7c69817d87a5b0b258184c3a75061fc6bf67ca4dbca5bf10caaf6112ea04beeaa6d776d WHIRLPOOL e0ae40d49652f0fca721181662a9963faa58f0eb73667811922c5611b488e755c7e76a95ebca27731120ab696513744bc3fc1bf0f371b15a8ee65a5f370387c7 EBUILD argyllcms-1.4.0.ebuild 2401 SHA256 8815e2c62a4850acc2d0edf02abba0da4c580be04e45541af16e3a66a8eae993 SHA512 fc6dcb86f68cb170d90525807f2c7bf601887b7cb34c057e5fa8d79802a4c7f8bd8d2cecbf4f05a94bddfe0a35bc2de275a206f995b39ea7fca6e1e6b8eaf663 WHIRLPOOL 35b6f9acfc77b383eb5c0cc5641da49f8bb06cc884d6f5ffb6239e843be2a72883ffb3279f42b6ffafd34a047e2489e846b0ca3a8d8a6ceacb5a216f3ff04e73 -MISC ChangeLog 5017 SHA256 2e2ba455b7cfdbe002d9f630a57a95a95e35d15d861acce6abff8068a761e110 SHA512 b2394561d658e6778a7f9688e930930cf043cac445074e9f1056ec91c421092750ff123c70cc67c17c1ab50d39be045473ea56d2fceb98b09a4ce73a4062ed8f WHIRLPOOL 0639b45009ffc326438fba87aa35ead5ef7e939882f167f7b7c714681b9eacba854a7109f971a78217041bf6d1630a9904170090e33f99ec2b3e4a02f9c758f6 +MISC ChangeLog 5189 SHA256 36f7929934fee5fef592f522354780b469b0f7e79e78a5bcd09cc5f9a13dba4c SHA512 59d77f77c776b2c520f692909f1a014701d8117aad4ecf349f0c3dbe0a4e81566674bbbe51c7e1830c1687dab6cd3e7964796329a956489aaf070792b3e067d8 WHIRLPOOL cfa3037939927e67808ac33656ee186c55d7e4dce8391ddcb2689a37744be9f7bf46c1263b023da6b140cac6ef9b31b01c3b2df9335ba6630a0b890d4b10df8d MISC metadata.xml 214 SHA256 0e019c1dee563e5b23815be471ae1b65fcaf721a91ec48037446d41ca787d3e5 SHA512 701b8c51f43f8660d40700929c243a2dae9f19dcbc7b8eca877e20eadc1ae2e0c84f7c7d8c3cb576055c1a49a55e9c759ef469eeda67026ce252d341937f6691 WHIRLPOOL 977119e736e0795137df14faae681f7fa07ba8297a19ef4a7d7b93de7efceaed16f7103f179a762be41b8849c33c535b55d16d2fd0ea795df0525592752e0156 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.19 (GNU/Linux) + +iEYEAREIAAYFAlC5w4gACgkQCaWpQKGI+9RHIgCfe7a68uVg8LO/7KFfWYKOCabI +2oEAn1SXn95mdBlPH5c40v6x6PY+zeGt +=gc+k +-----END PGP SIGNATURE----- diff --git a/media-gfx/argyllcms/argyllcms-1.4.0-r1.ebuild b/media-gfx/argyllcms/argyllcms-1.4.0-r1.ebuild new file mode 100644 index 000000000000..078567e59ac4 --- /dev/null +++ b/media-gfx/argyllcms/argyllcms-1.4.0-r1.ebuild @@ -0,0 +1,89 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/media-gfx/argyllcms/argyllcms-1.4.0-r1.ebuild,v 1.1 2012/12/01 08:44:55 pacho Exp $ + +EAPI=5 + +inherit base toolchain-funcs + +MY_P="Argyll_V${PV}" +DESCRIPTION="Open source, ICC compatible color management system" +HOMEPAGE="http://www.argyllcms.com/" +SRC_URI="http://www.argyllcms.com/${MY_P}_src.zip" + +LICENSE="AGPL-3" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="doc" + +RDEPEND="media-libs/tiff + virtual/jpeg + sys-libs/zlib + x11-libs/libX11 + x11-libs/libXau + x11-libs/libXdmcp + x11-libs/libXext + x11-libs/libXinerama + x11-libs/libXrandr + x11-libs/libXxf86vm + x11-libs/libXScrnSaver" +DEPEND="${RDEPEND} + app-arch/unzip + dev-util/ftjam + virtual/pkgconfig" + +S="${WORKDIR}/${MY_P}" + +PATCHES=( "${FILESDIR}/${PN}-1.4.0-jpeg.patch" + "${FILESDIR}/${PN}-1.4.0-CVE-2012-4405.patch" ) + +src_compile() { + # Make it respect LDFLAGS + echo "LINKFLAGS += ${LDFLAGS} ;" >> Jamtop + + # Evil hack to get --as-needed working. The build system unfortunately lists all + # the shared libraries by default on the command line _before_ the object to be built... + echo "STDLIBS += -ldl -lrt -lX11 -lXext -lXxf86vm -lXinerama -lXrandr -lXau -lXdmcp -lXss -ltiff -ljpeg ;" >> Jamtop + + local jobnumber=$(echo "${MAKEOPTS}" | sed -ne "/-j/ { s/.*\(-j[[:space:]]*[0-9]\+\).*/\1/; p }") + [ ${jobnumber} ] || jobnumber=-j1 + + jam -q -fJambase ${jobnumber} || die +} + +src_install() { + jam -q -fJambase install || die + + rm bin/License.txt || die + + cd bin || die + local binname + for binname in * ; do + newbin ${binname} argyll-${binname} + done + cd .. || die + + if use doc; then + dohtml doc/* + fi + + dodoc log.txt Readme.txt ttbd.txt notes.txt + + insinto /usr/share/${PN}/ref + doins ref/* + + local udevdir=/lib/udev + has_version sys-fs/udev && udevdir="$($(tc-getPKG_CONFIG) --variable=udevdir udev)" + insinto "${udevdir}"/rules.d + doins libusb/55-Argyll.rules +} + +pkg_postinst() { + elog "If you have a Spyder2 you need to extract the firmware" + elog "from the CVSpyder.dll of the windows driver package" + elog "and store it as /usr/share/color/spyd2PLD.bin" + elog + elog "For further info on setting up instrument access read" + elog "http://www.argyllcms.com/doc/Installing_Linux.html" + elog +} diff --git a/media-gfx/argyllcms/files/argyllcms-1.4.0-CVE-2012-4405.patch b/media-gfx/argyllcms/files/argyllcms-1.4.0-CVE-2012-4405.patch new file mode 100644 index 000000000000..8808fe1ae8ac --- /dev/null +++ b/media-gfx/argyllcms/files/argyllcms-1.4.0-CVE-2012-4405.patch @@ -0,0 +1,18 @@ + +https://bugzilla.redhat.com/show_bug.cgi?id=854227 +https://bugzilla.redhat.com/attachment.cgi?id=609986 + +--- icc/icc.c 2012-04-19 09:36:49.000000000 +0200 ++++ icc/icc.c.oden 2012-09-12 12:35:49.252519528 +0200 +@@ -6065,6 +6065,11 @@ static int icmLut_read( + p->clutPoints = read_UInt8Number(bp+10); + + /* Sanity check */ ++ if (p->inputChan < 1) { ++ sprintf(icp->err,"icmLut_read: No input channels!"); ++ return icp->errc = 1; ++ } ++ + if (p->inputChan > MAX_CHAN) { + sprintf(icp->err,"icmLut_read: Can't handle > %d input channels\n",MAX_CHAN); + return icp->errc = 1; |