aboutsummaryrefslogtreecommitdiff
path: root/media/gfx/jhead
diff options
context:
space:
mode:
authorrhatto <rhatto@18ef50b8-d735-4ccd-97c1-689132df3dd9>2009-01-13 14:34:52 +0000
committerrhatto <rhatto@18ef50b8-d735-4ccd-97c1-689132df3dd9>2009-01-13 14:34:52 +0000
commitb67d2844ae6ce5b2407866d3eef4e272c5947de1 (patch)
treef27c9418527ca8fbcdad8bd2e7817a1a001fca7e /media/gfx/jhead
parent92ca76634ba31cf3b7c93934b519e6447028ba61 (diff)
downloadmkbuilds-b67d2844ae6ce5b2407866d3eef4e272c5947de1.tar.gz
mkbuilds-b67d2844ae6ce5b2407866d3eef4e272c5947de1.tar.bz2
jhead: adding patch to fix GLSA 200901-02
git-svn-id: svn+slack://slack.fluxo.info/var/svn/mkbuilds@359 18ef50b8-d735-4ccd-97c1-689132df3dd9
Diffstat (limited to 'media/gfx/jhead')
-rw-r--r--media/gfx/jhead/Manifest5
-rw-r--r--media/gfx/jhead/jhead-2.84.diff122
-rw-r--r--media/gfx/jhead/jhead.mkbuild2
3 files changed, 126 insertions, 3 deletions
diff --git a/media/gfx/jhead/Manifest b/media/gfx/jhead/Manifest
index a002276..eef1fd4 100644
--- a/media/gfx/jhead/Manifest
+++ b/media/gfx/jhead/Manifest
@@ -1,3 +1,4 @@
DIST jhead-2.84.tar.gz 64159 MD5 3e009f8e8a6a077d4a966d14b8797038 SHA1 63251c63a7d88e4f7b00f287ebc7b1095c2422f6 SHA256 c4811e7672703e09831bc931eac129a003a5949c43298ad8c6bba10e04797294 SHA512 11110fcc32a1463dda55bf4efa6f24122660312352e7cff3c78613cdd0f9d1651eee4dd06ea9569f79a9eb9a023a76bc7387ab80e0ec20546e50f4e63667b728 RMD160 018b75450d7a1e1c2018fd05b2c3c25f70cd8669
-MKBUILD jhead.mkbuild 2850 MD5 ec35eddec7605c6364eed96b1eba7ed9 SHA1 9f6bf28489b8aa101d58d513cfd0404ef2f3140d SHA256 70615d0bdbbee15f35808e0fccd4bc2f01a4f8e644ab8b015aa4012e7452190c SHA512 9d2f90f9bbabe3986dbc2f4d4e46f164c7a21ed2fb1da8adb4c773db71b4a1581864fe0cfb41a7ca44ac068719fa201b57feedab9a688db83d60e69fbdb4c8a6 RMD160 28116d69d734da5973b38c6d53d6a53801088d1b
-SLACKBUILD jhead.SlackBuild 6322 MD5 ee0e06362f301c5dafdfe4aff779b684 SHA1 fa8430525ab4f1feef7f7333c609e5d287702b65 SHA256 254d674c994ac9b72ececad63a7b2a955533ed359f332797db89a588ddbbceb8 SHA512 44fbdab621e65c7569be0e3a8134c845acf46e09c00af9ce09f0dec7fe9216343f699b1266526a939e0ed1c5832687830add211c788064a87f9f3346ca18c619 RMD160 ccd8463f0360af1f878e916fdf4dce847aec4666
+MKBUILD jhead.mkbuild 2850 MD5 330ae5992ddf62ce30c2dd525e550365 RMD160 ad3a9d82b58398aa133ab35a4bb5a981ad892d35 SHA1 d24735fc18f8660f541ee5538fa25e76a2b303cf SHA256 1018a09afbf5f132eb9a787e3346d0a2e5d2eb7e219cef451dc063f80d8357be SHA512 a572e2636035e8d4eff15fdc38439f00aa15c6b5d22749716728cc69885b2b2eee43bbb88fae39f30c15825dfb2aff18ecb7c128243f05ffcf2164d451dc26ff
+PATCH jhead-2.84.diff 4346 MD5 4d59c419285eb61c6d399c99c9d56bad RMD160 3312ba98eb1743d059cc96ced9ef58df8ecbfe38 SHA1 bf70d638464cf8df84c715e0933f708cc066b804 SHA256 dd7a611a9ac66687d7386e880d8319b9cc4a7175e3f5fec961b596ffc137d458 SHA512 6465eed64f02581926bc87d132cd5eedeebfc043add6f8f25b18c2d954d8c6a34f541fbea246f121f0be84a5d0217f00a7ff015c15fffa9bbff914e74ad232cd
+SLACKBUILD jhead.SlackBuild 7302 MD5 5fdaab5eca79a52cf9c9fbd2abc1bd9e RMD160 5a965b5e8ce77cee97c8da91b48e819c156b43ef SHA1 245838a86dce04f003c1192f22148942a7aeb7aa SHA256 3497f4174a90eab11a06937c25f40f281269c6d7d6d6eae60c11a94f8857418c SHA512 70d868b2aa29e20778d2789e15821475671777f0ec0397034a7e481e8ea5727b31887df6ea0115ff8008b42c32c19b4dabe4318cd8a9ede19f0358a22c9e5610
diff --git a/media/gfx/jhead/jhead-2.84.diff b/media/gfx/jhead/jhead-2.84.diff
new file mode 100644
index 0000000..4ed8ff5
--- /dev/null
+++ b/media/gfx/jhead/jhead-2.84.diff
@@ -0,0 +1,122 @@
+this patch fixes gentoo bug #243238 (CVE-2008-{4640,4641})
+
+diff -ru jhead-2.84.orig/jhead.c jhead-2.84/jhead.c
+--- jhead-2.84.orig/jhead.c 2008-10-04 18:10:35.000000000 +0200
++++ jhead-2.84/jhead.c 2008-11-28 18:51:52.000000000 +0100
+@@ -295,44 +295,88 @@
+
+
+ //--------------------------------------------------------------------------
++// Escape an argument such that it is interpreted literally by the shell
++// (returns the number of written characters)
++//--------------------------------------------------------------------------
++static int shellescape(char* to, const char* from)
++{
++ int i, j;
++ i = j = 0;
++
++ // Enclosing characters in double quotes preserves the literal value of
++ // all characters within the quotes, with the exception of $, `, and \.
++ to[j++] = '"';
++ while(from[i])
++ {
++#ifdef _WIN32
++ // Under WIN32, there isn't really anything dangerous you can do with
++ // escape characters, plus windows users aren't as sercurity paranoid.
++ // Hence, no need to do fancy escaping.
++ to[j++] = from[i++];
++#else
++ switch(from[i]) {
++ case '"':
++ case '$':
++ case '`':
++ case '\\':
++ to[j++] = '\\';
++ default:
++ to[j++] = from[i++];
++ }
++#endif
++ if (j >= PATH_MAX) ErrFatal("max path exceeded");
++ }
++ to[j++] = '"';
++ return j;
++}
++
++
++//--------------------------------------------------------------------------
+ // Apply the specified command to the JPEG file.
+ //--------------------------------------------------------------------------
+ static void DoCommand(const char * FileName, int ShowIt)
+ {
+ int a,e;
+- char ExecString[PATH_MAX*2];
+- char TempName[PATH_MAX+1];
++ char ExecString[PATH_MAX*3];
++ char TempName[PATH_MAX+10];
+ int TempUsed = FALSE;
+
+ e = 0;
+
+- // Make a temporary file in the destination directory by changing last char.
+- strcpy(TempName, FileName);
+- a = strlen(TempName)-1;
+- TempName[a] = (char)(TempName[a] == 't' ? 'z' : 't');
++ // Generate an unused temporary file name in the destination directory
++ // (a is the number of characters to copy from FileName)
++ a = strlen(FileName)-1;
++ while(a > 0 && FileName[a-1] != '/') a--;
++ memcpy(TempName, FileName, a);
++ strcpy(TempName+a, "XXXXXX");
++ mkstemp(TempName);
++ if(!TempName[0]) {
++ ErrFatal("Cannot find available temporary file name");
++ }
++
++
+
+ // Build the exec string. &i and &o in the exec string get replaced by input and output files.
+ for (a=0;;a++){
+ if (ApplyCommand[a] == '&'){
+ if (ApplyCommand[a+1] == 'i'){
+ // Input file.
+- e += sprintf(ExecString+e, "\"%s\"",FileName);
++ e += shellescape(ExecString+e, FileName);
+ a += 1;
+ continue;
+ }
+ if (ApplyCommand[a+1] == 'o'){
+ // Needs an output file distinct from the input file.
+- e += sprintf(ExecString+e, "\"%s\"",TempName);
++ e += shellescape(ExecString+e, TempName);
+ a += 1;
+ TempUsed = TRUE;
+- unlink(TempName);// Remove any pre-existing temp file
+ continue;
+ }
+ }
+ ExecString[e++] = ApplyCommand[a];
+ if (ApplyCommand[a] == 0) break;
+ }
+-
++ShowIt = 1;
+ if (ShowIt) printf("Cmd:%s\n",ExecString);
+
+ errno = 0;
+@@ -638,7 +682,7 @@
+ ErrFatal("Orientation screwup");
+ }
+
+- sprintf(RotateCommand, "jpegtran -%s -outfile &o &i", Argument);
++ sprintf(RotateCommand, "jpegtran -trim -%s -outfile &o &i", Argument);
+ ApplyCommand = RotateCommand;
+ DoCommand(FileName, FALSE);
+ ApplyCommand = NULL;
+@@ -657,7 +701,7 @@
+ strcpy(ThumbTempName_out, FileName);
+ strcat(ThumbTempName_out, ".tho");
+ SaveThumbnail(ThumbTempName_in);
+- sprintf(RotateCommand,"jpegtran -%s -outfile \"%s\" \"%s\"",
++ sprintf(RotateCommand,"jpegtran -trim -%s -outfile \"%s\" \"%s\"",
+ Argument, ThumbTempName_out, ThumbTempName_in);
+
+ if (system(RotateCommand) == 0){
diff --git a/media/gfx/jhead/jhead.mkbuild b/media/gfx/jhead/jhead.mkbuild
index 153ab57..d8cf43b 100644
--- a/media/gfx/jhead/jhead.mkbuild
+++ b/media/gfx/jhead/jhead.mkbuild
@@ -64,7 +64,7 @@ off: md5sum_download_and_check_1
off: gpg_signature_check
on: manifest_check
on: untar_source
-off: patch_source
+ on: patch_source
off: configure
on: make_package
on: install_package