summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPacho Ramos <pacho@gentoo.org>2018-03-28 20:22:37 +0200
committerPacho Ramos <pacho@gentoo.org>2018-03-28 20:23:31 +0200
commit41d04b8d7079876adcf13bf3792a5c9701686ca6 (patch)
tree1dce810fa15f529661d5b5d87901ebdef86678cb /app-office/pinpoint
parentsys-apps/yarn: 1.5.1 version bump (diff)
downloadgentoo-41d04b8d7079876adcf13bf3792a5c9701686ca6.tar.gz
gentoo-41d04b8d7079876adcf13bf3792a5c9701686ca6.tar.bz2
gentoo-41d04b8d7079876adcf13bf3792a5c9701686ca6.zip
app-office/pinpoint: Fix CVE-2013-7447 (#574384)
Package-Manager: Portage-2.3.24, Repoman-2.3.6
Diffstat (limited to 'app-office/pinpoint')
-rw-r--r--app-office/pinpoint/files/pinpoint-0.1.8-CVE-2013-7447.patch33
-rw-r--r--app-office/pinpoint/pinpoint-0.1.8-r1.ebuild50
2 files changed, 83 insertions, 0 deletions
diff --git a/app-office/pinpoint/files/pinpoint-0.1.8-CVE-2013-7447.patch b/app-office/pinpoint/files/pinpoint-0.1.8-CVE-2013-7447.patch
new file mode 100644
index 000000000000..b9c39ad7206d
--- /dev/null
+++ b/app-office/pinpoint/files/pinpoint-0.1.8-CVE-2013-7447.patch
@@ -0,0 +1,33 @@
+From f90483245250456d6306b4fff2f68f445ef33864 Mon Sep 17 00:00:00 2001
+From: RyuzakiKK <aasonykk@gmail.com>
+Date: Sat, 5 Aug 2017 20:00:30 +0200
+Subject: [PATCH] Avoid integer overflow
+
+pinpoint is affected by a possible integer overflow, that was also
+found and patched upstream in gtk+
+https://git.gnome.org/browse/gtk+/commit/?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
+
+With g_malloc_m we can avoid the integer overflow.
+
+As pointed out by Pacho Ramos in
+https://bugzilla.gnome.org/show_bug.cgi?id=762029
+---
+ pp-cairo.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/pp-cairo.c b/pp-cairo.c
+index 8afb362..dc0a452 100644
+--- a/pp-cairo.c
++++ b/pp-cairo.c
+@@ -120,7 +120,7 @@ _cairo_new_surface_from_pixbuf (const GdkPixbuf *pixbuf)
+ format = CAIRO_FORMAT_ARGB32;
+
+ cairo_stride = cairo_format_stride_for_width (format, width);
+- cairo_pixels = g_malloc (height * cairo_stride);
++ cairo_pixels = g_malloc_n (height, cairo_stride);
+ surface = cairo_image_surface_create_for_data ((unsigned char *)cairo_pixels,
+ format,
+ width, height, cairo_stride);
+--
+2.13.4
+
diff --git a/app-office/pinpoint/pinpoint-0.1.8-r1.ebuild b/app-office/pinpoint/pinpoint-0.1.8-r1.ebuild
new file mode 100644
index 000000000000..7bf59666c4c6
--- /dev/null
+++ b/app-office/pinpoint/pinpoint-0.1.8-r1.ebuild
@@ -0,0 +1,50 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+inherit gnome2
+
+DESCRIPTION="A tool for making hackers do excellent presentations"
+HOMEPAGE="https://wiki.gnome.org/Apps/Pinpoint"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="+gstreamer +pdf"
+
+# rsvg is used for svg-in-pdf -- clubbing it under pdf for now
+RDEPEND="
+ >=media-libs/clutter-1.23.7:1.0
+ >=media-libs/clutter-gtk-1.6:1.0
+ >=dev-libs/glib-2.28:2
+ >=x11-libs/cairo-1.9.4
+ x11-libs/pango
+ x11-libs/gdk-pixbuf:2
+ gstreamer? ( media-libs/clutter-gst:3.0 )
+ pdf? ( gnome-base/librsvg:2 )
+"
+DEPEND="${RDEPEND}
+ virtual/pkgconfig
+"
+
+PATCHES=(
+ # Fix CVE-2013-7447, bug #574384, https://bugzilla.gnome.org/show_bug.cgi?id=762029
+ "${FILESDIR}"/${P}-CVE-2013-7447.patch
+)
+
+src_configure() {
+ # dax support is disabled because we don't have it in tree yet and it's
+ # experimental
+ gnome2_src_configure \
+ --disable-dax \
+ $(use_enable gstreamer cluttergst) \
+ $(use_enable pdf rsvg)
+}
+
+src_install() {
+ gnome2_src_install
+
+ docompress -x /usr/share/doc/${PF}/examples
+ insinto "/usr/share/doc/${PF}/examples"
+ doins introduction.pin bg.jpg bowls.jpg linus.jpg
+}