app-office/pinpoint: Fix CVE-2013-7447 (#574384)

Package-Manager: Portage-2.3.24, Repoman-2.3.6

2 files changed, 83 insertions, 0 deletions

diff --git a/app-office/pinpoint/files/pinpoint-0.1.8-CVE-2013-7447.patch b/app-office/pinpoint/files/pinpoint-0.1.8-CVE-2013-7447.patch
new file mode 100644
index 000000000000..b9c39ad7206d
--- /dev/null
+++ b/app-office/pinpoint/files/pinpoint-0.1.8-CVE-2013-7447.patch
@@ -0,0 +1,33 @@
+From f90483245250456d6306b4fff2f68f445ef33864 Mon Sep 17 00:00:00 2001
+From: RyuzakiKK <aasonykk@gmail.com>
+Date: Sat, 5 Aug 2017 20:00:30 +0200
+Subject: [PATCH] Avoid integer overflow
+
+pinpoint is affected by a possible integer overflow, that was also
+found and patched upstream in gtk+
+https://git.gnome.org/browse/gtk+/commit/?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
+
+With g_malloc_m we can avoid the integer overflow.
+
+As pointed out by Pacho Ramos in
+https://bugzilla.gnome.org/show_bug.cgi?id=762029
+---
+ pp-cairo.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/pp-cairo.c b/pp-cairo.c
+index 8afb362..dc0a452 100644
+--- a/pp-cairo.c
++++ b/pp-cairo.c
+@@ -120,7 +120,7 @@ _cairo_new_surface_from_pixbuf (const GdkPixbuf *pixbuf)
+     format = CAIRO_FORMAT_ARGB32;
+ 
+   cairo_stride = cairo_format_stride_for_width (format, width);
+-  cairo_pixels = g_malloc (height * cairo_stride);
++  cairo_pixels = g_malloc_n (height, cairo_stride);
+   surface = cairo_image_surface_create_for_data ((unsigned char *)cairo_pixels,
+                                                  format,
+                                                  width, height, cairo_stride);
+-- 
+2.13.4
+
diff --git a/app-office/pinpoint/pinpoint-0.1.8-r1.ebuild b/app-office/pinpoint/pinpoint-0.1.8-r1.ebuild
new file mode 100644
index 000000000000..7bf59666c4c6
--- /dev/null
+++ b/app-office/pinpoint/pinpoint-0.1.8-r1.ebuild
@@ -0,0 +1,50 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+inherit gnome2
+
+DESCRIPTION="A tool for making hackers do excellent presentations"
+HOMEPAGE="https://wiki.gnome.org/Apps/Pinpoint"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="+gstreamer +pdf"
+
+# rsvg is used for svg-in-pdf -- clubbing it under pdf for now
+RDEPEND="
+	>=media-libs/clutter-1.23.7:1.0
+	>=media-libs/clutter-gtk-1.6:1.0
+	>=dev-libs/glib-2.28:2
+	>=x11-libs/cairo-1.9.4
+	x11-libs/pango
+	x11-libs/gdk-pixbuf:2
+	gstreamer? ( media-libs/clutter-gst:3.0 )
+	pdf? ( gnome-base/librsvg:2 )
+"
+DEPEND="${RDEPEND}
+	virtual/pkgconfig
+"
+
+PATCHES=(
+	# Fix CVE-2013-7447, bug #574384, https://bugzilla.gnome.org/show_bug.cgi?id=762029
+	"${FILESDIR}"/${P}-CVE-2013-7447.patch
+)
+
+src_configure() {
+	# dax support is disabled because we don't have it in tree yet and it's
+	# experimental
+	gnome2_src_configure \
+		--disable-dax \
+		$(use_enable gstreamer cluttergst) \
+		$(use_enable pdf rsvg)
+}
+
+src_install() {
+	gnome2_src_install
+
+	docompress -x /usr/share/doc/${PF}/examples
+	insinto "/usr/share/doc/${PF}/examples"
+	doins introduction.pin bg.jpg bowls.jpg linus.jpg
+}