From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-894938-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 9AF6313832E
	for <garchives@archives.gentoo.org>; Wed,  3 Aug 2016 13:38:26 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id ADC63E0838;
	Wed,  3 Aug 2016 13:38:25 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 2C680E0838
	for <gentoo-commits@lists.gentoo.org>; Wed,  3 Aug 2016 13:38:25 +0000 (UTC)
Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id AE18E340B19
	for <gentoo-commits@lists.gentoo.org>; Wed,  3 Aug 2016 13:38:23 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 060247D3
	for <gentoo-commits@lists.gentoo.org>; Wed,  3 Aug 2016 13:38:16 +0000 (UTC)
From: "Lars Wendler" <polynomial-c@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Lars Wendler" <polynomial-c@gentoo.org>
Message-ID: <1470231492.c833e82151f379f180b50c7dff58b8f989a9c1a9.polynomial-c@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: media-libs/tiff/files/, media-libs/tiff/
X-VCS-Repository: repo/gentoo
X-VCS-Files: media-libs/tiff/files/tiff-4.0.6-gif2tiff_removal.patch media-libs/tiff/tiff-4.0.6-r1.ebuild
X-VCS-Directories: media-libs/tiff/ media-libs/tiff/files/
X-VCS-Committer: polynomial-c
X-VCS-Committer-Name: Lars Wendler
X-VCS-Revision: c833e82151f379f180b50c7dff58b8f989a9c1a9
X-VCS-Branch: master
Date: Wed,  3 Aug 2016 13:38:16 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: a1fa7e67-8a43-4c7a-a377-f1420f3b12b0
X-Archives-Hash: 4688adec5c01e3450cae31f521e9ddda

commit:     c833e82151f379f180b50c7dff58b8f989a9c1a9
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Aug  3 13:37:49 2016 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Aug  3 13:38:12 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c833e821

media-libs/tiff: Revbump for security bug #585274

Removing vulnerable gif2tiff (CVE-2016-5102)
Upstream seems to no longer ship this tool with >=tiff-4.0.7 versions.

Package-Manager: portage-2.3.0
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 .../tiff/files/tiff-4.0.6-gif2tiff_removal.patch   | 37 +++++++++++
 media-libs/tiff/tiff-4.0.6-r1.ebuild               | 74 ++++++++++++++++++++++
 2 files changed, 111 insertions(+)

diff --git a/media-libs/tiff/files/tiff-4.0.6-gif2tiff_removal.patch b/media-libs/tiff/files/tiff-4.0.6-gif2tiff_removal.patch
new file mode 100644
index 0000000..9cf4ec5
--- /dev/null
+++ b/media-libs/tiff/files/tiff-4.0.6-gif2tiff_removal.patch
@@ -0,0 +1,37 @@
+# Removing vulnerable gif2tiff (CVE-2016-5102)
+# Upstream seems to no longer ship this tool with >=tiff-4.0.7 versions.
+
+http://bugzilla.maptools.org/show_bug.cgi?id=2552
+https://bugzilla.redhat.com/show_bug.cgi?id=1343407
+https://bugs.gentoo.org/585274
+
+--- tiff-4.0.6/man/Makefile.am
++++ tiff-4.0.6/man/Makefile.am
+@@ -27,7 +27,6 @@
+ 	bmp2tiff.1 \
+ 	fax2ps.1 \
+ 	fax2tiff.1 \
+-	gif2tiff.1 \
+ 	pal2rgb.1 \
+ 	ppm2tiff.1 \
+ 	ras2tiff.1 \
+--- tiff-4.0.6/tools/Makefile.am
++++ tiff-4.0.6/tools/Makefile.am
+@@ -34,7 +34,6 @@
+ 	bmp2tiff \
+ 	fax2ps \
+ 	fax2tiff \
+-	gif2tiff \
+ 	pal2rgb \
+ 	ppm2tiff \
+ 	ras2tiff \
+@@ -73,9 +72,6 @@
+ fax2tiff_SOURCES = fax2tiff.c
+ fax2tiff_LDADD = $(LIBTIFF) $(LIBPORT)
+ 
+-gif2tiff_SOURCES = gif2tiff.c
+-gif2tiff_LDADD = $(LIBTIFF) $(LIBPORT)
+-
+ pal2rgb_SOURCES = pal2rgb.c
+ pal2rgb_LDADD = $(LIBTIFF) $(LIBPORT)
+ 

diff --git a/media-libs/tiff/tiff-4.0.6-r1.ebuild b/media-libs/tiff/tiff-4.0.6-r1.ebuild
new file mode 100644
index 0000000..b652b05
--- /dev/null
+++ b/media-libs/tiff/tiff-4.0.6-r1.ebuild
@@ -0,0 +1,74 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+inherit autotools eutils libtool multilib-minimal
+
+DESCRIPTION="Tag Image File Format (TIFF) library"
+HOMEPAGE="http://www.remotesensing.org/libtiff/"
+SRC_URI="http://download.osgeo.org/libtiff/${P}.tar.gz
+	ftp://ftp.remotesensing.org/pub/libtiff/${P}.tar.gz"
+
+LICENSE="libtiff"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="+cxx jbig jpeg lzma static-libs test zlib"
+
+RDEPEND="jpeg? ( >=virtual/jpeg-0-r2:0=[${MULTILIB_USEDEP}] )
+	jbig? ( >=media-libs/jbigkit-2.1:=[${MULTILIB_USEDEP}] )
+	lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[${MULTILIB_USEDEP}] )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}] )
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20130224-r9
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)"
+DEPEND="${RDEPEND}"
+
+REQUIRED_USE="test? ( jpeg )" #483132
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/tiffconf.h
+)
+
+PATCHES=(
+	"${FILESDIR}/${P}-gif2tiff_removal.patch" # 585274
+)
+
+src_prepare() {
+	default
+	eautoreconf
+}
+
+multilib_src_configure() {
+	ECONF_SOURCE="${S}" econf \
+		$(use_enable static-libs static) \
+		$(use_enable zlib) \
+		$(use_enable jpeg) \
+		$(use_enable jbig) \
+		$(use_enable lzma) \
+		$(use_enable cxx) \
+		--without-x
+
+	# remove useless subdirs
+	if ! multilib_is_native_abi ; then
+		sed -i \
+			-e 's/ tools//' \
+			-e 's/ contrib//' \
+			-e 's/ man//' \
+			-e 's/ html//' \
+			Makefile || die
+	fi
+}
+
+multilib_src_test() {
+	if ! multilib_is_native_abi ; then
+		emake -C tools
+	fi
+	emake check
+}
+
+multilib_src_install_all() {
+	prune_libtool_files --all
+	rm -f "${ED}"/usr/share/doc/${PF}/{COPYRIGHT,README*,RELEASE-DATE,TODO,VERSION}
+}