media-libs/tiff: Revbump for security bug #585274

Removing vulnerable gif2tiff (CVE-2016-5102)
Upstream seems to no longer ship this tool with >=tiff-4.0.7 versions.

Package-Manager: portage-2.3.0
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

2 files changed, 111 insertions, 0 deletions

diff --git a/media-libs/tiff/files/tiff-4.0.6-gif2tiff_removal.patch b/media-libs/tiff/files/tiff-4.0.6-gif2tiff_removal.patch
new file mode 100644
index 000000000000..9cf4ec596bf9
--- /dev/null
+++ b/media-libs/tiff/files/tiff-4.0.6-gif2tiff_removal.patch
@@ -0,0 +1,37 @@
+# Removing vulnerable gif2tiff (CVE-2016-5102)
+# Upstream seems to no longer ship this tool with >=tiff-4.0.7 versions.
+
+http://bugzilla.maptools.org/show_bug.cgi?id=2552
+https://bugzilla.redhat.com/show_bug.cgi?id=1343407
+https://bugs.gentoo.org/585274
+
+--- tiff-4.0.6/man/Makefile.am
++++ tiff-4.0.6/man/Makefile.am
+@@ -27,7 +27,6 @@
+ 	bmp2tiff.1 \
+ 	fax2ps.1 \
+ 	fax2tiff.1 \
+-	gif2tiff.1 \
+ 	pal2rgb.1 \
+ 	ppm2tiff.1 \
+ 	ras2tiff.1 \
+--- tiff-4.0.6/tools/Makefile.am
++++ tiff-4.0.6/tools/Makefile.am
+@@ -34,7 +34,6 @@
+ 	bmp2tiff \
+ 	fax2ps \
+ 	fax2tiff \
+-	gif2tiff \
+ 	pal2rgb \
+ 	ppm2tiff \
+ 	ras2tiff \
+@@ -73,9 +72,6 @@
+ fax2tiff_SOURCES = fax2tiff.c
+ fax2tiff_LDADD = $(LIBTIFF) $(LIBPORT)
+ 
+-gif2tiff_SOURCES = gif2tiff.c
+-gif2tiff_LDADD = $(LIBTIFF) $(LIBPORT)
+-
+ pal2rgb_SOURCES = pal2rgb.c
+ pal2rgb_LDADD = $(LIBTIFF) $(LIBPORT)
+ 
diff --git a/media-libs/tiff/tiff-4.0.6-r1.ebuild b/media-libs/tiff/tiff-4.0.6-r1.ebuild
new file mode 100644
index 000000000000..b652b0555ad1
--- /dev/null
+++ b/media-libs/tiff/tiff-4.0.6-r1.ebuild
@@ -0,0 +1,74 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+inherit autotools eutils libtool multilib-minimal
+
+DESCRIPTION="Tag Image File Format (TIFF) library"
+HOMEPAGE="http://www.remotesensing.org/libtiff/"
+SRC_URI="http://download.osgeo.org/libtiff/${P}.tar.gz
+	ftp://ftp.remotesensing.org/pub/libtiff/${P}.tar.gz"
+
+LICENSE="libtiff"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="+cxx jbig jpeg lzma static-libs test zlib"
+
+RDEPEND="jpeg? ( >=virtual/jpeg-0-r2:0=[${MULTILIB_USEDEP}] )
+	jbig? ( >=media-libs/jbigkit-2.1:=[${MULTILIB_USEDEP}] )
+	lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[${MULTILIB_USEDEP}] )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}] )
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20130224-r9
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)"
+DEPEND="${RDEPEND}"
+
+REQUIRED_USE="test? ( jpeg )" #483132
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/tiffconf.h
+)
+
+PATCHES=(
+	"${FILESDIR}/${P}-gif2tiff_removal.patch" # 585274
+)
+
+src_prepare() {
+	default
+	eautoreconf
+}
+
+multilib_src_configure() {
+	ECONF_SOURCE="${S}" econf \
+		$(use_enable static-libs static) \
+		$(use_enable zlib) \
+		$(use_enable jpeg) \
+		$(use_enable jbig) \
+		$(use_enable lzma) \
+		$(use_enable cxx) \
+		--without-x
+
+	# remove useless subdirs
+	if ! multilib_is_native_abi ; then
+		sed -i \
+			-e 's/ tools//' \
+			-e 's/ contrib//' \
+			-e 's/ man//' \
+			-e 's/ html//' \
+			Makefile || die
+	fi
+}
+
+multilib_src_test() {
+	if ! multilib_is_native_abi ; then
+		emake -C tools
+	fi
+	emake check
+}
+
+multilib_src_install_all() {
+	prune_libtool_files --all
+	rm -f "${ED}"/usr/share/doc/${PF}/{COPYRIGHT,README*,RELEASE-DATE,TODO,VERSION}
+}