From 3cf7c3ef441822c889356fd1812ebf2944a59851 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Tue, 25 Aug 2020 10:45:55 +0100
Subject: gentoo resync : 25.08.2020

---
 media-libs/freeimage/Manifest                      |   2 +
 ...mage-3.18.0-CVE-2019-12211-CVE-2019-12213.patch | 193 +++++++++++++++++++++
 media-libs/freeimage/freeimage-3.18.0-r2.ebuild    | 119 +++++++++++++
 3 files changed, 314 insertions(+)
 create mode 100644 media-libs/freeimage/files/freeimage-3.18.0-CVE-2019-12211-CVE-2019-12213.patch
 create mode 100644 media-libs/freeimage/freeimage-3.18.0-r2.ebuild

(limited to 'media-libs/freeimage')

diff --git a/media-libs/freeimage/Manifest b/media-libs/freeimage/Manifest
index a8486986659b..e50cf0a1e8e3 100644
--- a/media-libs/freeimage/Manifest
+++ b/media-libs/freeimage/Manifest
@@ -1,3 +1,4 @@
+AUX freeimage-3.18.0-CVE-2019-12211-CVE-2019-12213.patch 6242 BLAKE2B 3deb724b2cd5c125a41885787e9165434047bc8710861fade7741c67c6fd6e7f21cafae07b36cbe81fc7a372cb2c470ca44b02f06ac8c0004473aaf00b39365e SHA512 eb658babe27289ce24cd23bbcac52de7a351cc52a9c62cb561925ea17b8e476b03c1e2202b042fac4a60fae805e1a422333db4203d2bcc20319789a689a38125
 AUX freeimage-3.18.0-disable-plugin-G3.patch 1553 BLAKE2B d122df83a8889cd599d12c65cee5678b3654266c2e128d1d8d963eed7743b62ba6da7c582acc389f874fd218e2f7857d718a562bd81c52cf23f31284fdc00dc4 SHA512 9a0adeaaa3bf839387dbbccc54e0e32e0af87af4c398edd4cc44f1c6d380228dc7c174a7715ac397c15d48b7b5337543aac05020e25b6680187e179e8738dccd
 AUX freeimage-3.18.0-libjpeg9.patch 520 BLAKE2B 4788a3c4c209568df7176ed7b2699f9c33efb8c2ff2dc51d1e6bc76329ade073bdd296d7e9aa2441a655e46407df31cc5dd84c0d1805ca75418bae9d4ca4ecfa SHA512 75fc7c4d257d4bd67202c5c91af23f3e990342490c4661ab2219b89c40626703d9ceb5f05dc8d2a912153fbe5b9e07f24566570597f84cec15fbe03cb7d4b69e
 AUX freeimage-3.18.0-raw.patch 432 BLAKE2B 96c89d051a849f5909bdb9b3f720d4146651504f972a1661b55caa6344eeac3dc64dda1beb027e43e9b2eb7ce5ac8193db424422e74ce957744d9e6d14086a7a SHA512 01e150205a62ee9eb240890a5c9b92160a74073a1fe43811ed8941aeda824ba3c87bf4a2e631cbe367a7391374e93d309d95a6b5ec31009e4e8f1c2fc6b10da1
@@ -7,4 +8,5 @@ AUX freeimage-3.18.0-unbundling.patch 20960 BLAKE2B 61ee63e7be0d5db7bf4a3bc053bb
 DIST FreeImage3180.pdf 1665541 BLAKE2B 5d40ee6fa0a1e73df0cc961edbd70a2835ef88fb540f123fd81f2bb826d4c949d2a60dfe3fc02406ce632a389935abac0d471c963c9803b8c2aece2b48afb003 SHA512 632f68b14f7a5916a1b95bbf86c268d0afe786a2537472301bb002254aa3195f046efb41f073133633211e985e90edbb99285ab6f42bc55501c756292a3c4c03
 DIST FreeImage3180.zip 7415716 BLAKE2B b695271f4e80eb304eccde66e38b5095eceae51fbe0dd97df69c55f364f8440d8c97139b8edc2f01c400f5c53a7336fdfab1e28aa3ea04f485901d5def443d25 SHA512 9d9cc7e2d57552c3115e277aeb036e0455204d389026b17a3f513da5be1fd595421655488bb1ec2f76faebed66049119ca55e26e2a6d37024b3fb7ef36ad4818
 EBUILD freeimage-3.18.0-r1.ebuild 2972 BLAKE2B be0c69f23fc61d60b0587e1acb9be99d6b59028f98c03da37825a19a0ad15a20271550f15a1ab2b55b6df6c2dffeb2a993896f6b4b63e2831a5e31fff1b54e96 SHA512 3d55e13976038b63109c39dcee4bdd34a8b78dd9db98a3b07b1f90095a5a875bd1b047230a03b7364a0b2669f896956ae130bca93f663270d940345ae283d8dd
+EBUILD freeimage-3.18.0-r2.ebuild 3038 BLAKE2B b7f954a18acbcdb728cb8bfdf734cb6ac294774412f4a98684e8007d01b817608f668a9b7697e4a99d1bdd77377502411fe70d28aa096176978de501e38ac946 SHA512 d7dd2c679c9890086f8ad29b7e1432b08f393a2ec6f34bf579764867f1d5624c5765bfd68ffc371c64341c5e35c7f5cb1bc1f50d591f683d81abe9153bd27484
 MISC metadata.xml 403 BLAKE2B e4d54e3da3203c09e5b281d7d9a5ee1c42f98d081751195edb3754809e9cfc9037b79f70da579f01485b4cda65fe4ddaa70f5522d6138af5b214cdbcbd412928 SHA512 08dffea02b8771a4728338c3cdfa0fd7f312d4570838bdfea4ec395c007cc36f3ef87432db5da44468c7b3834855e2de8ae13ddf9447cba9c88da4367c6cc10c
diff --git a/media-libs/freeimage/files/freeimage-3.18.0-CVE-2019-12211-CVE-2019-12213.patch b/media-libs/freeimage/files/freeimage-3.18.0-CVE-2019-12211-CVE-2019-12213.patch
new file mode 100644
index 000000000000..fc861854509c
--- /dev/null
+++ b/media-libs/freeimage/files/freeimage-3.18.0-CVE-2019-12211-CVE-2019-12213.patch
@@ -0,0 +1,193 @@
+commit 1826164f90d97b7207247ad268fd2622cd1c6717
+Author: drolon <drolon@f6e0daa0-2725-47c6-9c0b-5e6e9cdd0720>
+Date:   Mon Nov 11 05:45:27 2019 +0000
+
+    improved TIFF plugin when working with malicious images
+    
+    git-svn-id: https://svn.code.sf.net/p/freeimage/svn@1825 f6e0daa0-2725-47c6-9c0b-5e6e9cdd0720
+
+diff --git a/Source/FreeImage/PluginTIFF.cpp b/Source/FreeImage/PluginTIFF.cpp
+index f85c2201..a8053196 100644
+--- a/Source/FreeImage/PluginTIFF.cpp
++++ b/Source/FreeImage/PluginTIFF.cpp
+@@ -122,9 +122,14 @@ static void ReadThumbnail(FreeImageIO *io, fi_handle handle, void *data, TIFF *t
+ static int s_format_id;
+ 
+ typedef struct {
++	//! FreeImage IO functions
+     FreeImageIO *io;
++	//! FreeImage handle
+ 	fi_handle handle;
++	//! LibTIFF handle
+ 	TIFF *tif;
++	//! Count the number of thumbnails already read (used to avoid recursion on loading)
++	unsigned thumbnailCount;
+ } fi_TIFFIO;
+ 
+ // ----------------------------------------------------------
+@@ -184,10 +189,8 @@ Open a TIFF file descriptor for reading or writing
+ */
+ TIFF *
+ TIFFFdOpen(thandle_t handle, const char *name, const char *mode) {
+-	TIFF *tif;
+-	
+ 	// Open the file; the callback will set everything up
+-	tif = TIFFClientOpen(name, mode, handle,
++	TIFF *tif = TIFFClientOpen(name, mode, handle,
+ 	    _tiffReadProc, _tiffWriteProc, _tiffSeekProc, _tiffCloseProc,
+ 	    _tiffSizeProc, _tiffMapProc, _tiffUnmapProc);
+ 
+@@ -460,12 +463,10 @@ CreateImageType(BOOL header_only, FREE_IMAGE_TYPE fit, int width, int height, ui
+ 			}
+ 			
+ 		}
+-		else {
+-
+-			dib = FreeImage_AllocateHeader(header_only, width, height, MIN(bpp, 32), FI_RGBA_RED_MASK, FI_RGBA_GREEN_MASK, FI_RGBA_BLUE_MASK);
++		else if (bpp <= 32) {
++			dib = FreeImage_AllocateHeader(header_only, width, height, bpp, FI_RGBA_RED_MASK, FI_RGBA_GREEN_MASK, FI_RGBA_BLUE_MASK);
+ 		}
+ 
+-
+ 	} else {
+ 		// other bitmap types
+ 		
+@@ -1067,9 +1068,12 @@ static void * DLL_CALLCONV
+ Open(FreeImageIO *io, fi_handle handle, BOOL read) {
+ 	// wrapper for TIFF I/O
+ 	fi_TIFFIO *fio = (fi_TIFFIO*)malloc(sizeof(fi_TIFFIO));
+-	if(!fio) return NULL;
++	if (!fio) {
++		return NULL;
++	}
+ 	fio->io = io;
+ 	fio->handle = handle;
++	fio->thumbnailCount = 0;
+ 
+ 	if (read) {
+ 		fio->tif = TIFFFdOpen((thandle_t)fio, "", "r");
+@@ -1125,6 +1129,27 @@ check for uncommon bitspersample values (e.g. 10, 12, ...)
+ */
+ static BOOL 
+ IsValidBitsPerSample(uint16 photometric, uint16 bitspersample, uint16 samplesperpixel) {
++	// get the pixel depth in bits
++	const uint16 pixel_depth = bitspersample * samplesperpixel;
++
++	// check for a supported pixel depth
++	switch (pixel_depth) {
++		case 1:
++		case 4:
++		case 8:
++		case 16:
++		case 24:
++		case 32:
++		case 48:
++		case 64:
++		case 96:
++		case 128:
++			// OK, go on
++			break;
++		default:
++			// unsupported pixel depth
++			return FALSE;
++	}
+ 
+ 	switch(bitspersample) {
+ 		case 1:
+@@ -1165,6 +1190,8 @@ IsValidBitsPerSample(uint16 photometric, uint16 bitspersample, uint16 samplesper
+ 		default:
+ 			return FALSE;
+ 	}
++	
++	return FALSE;
+ }
+ 
+ static TIFFLoadMethod  
+@@ -1254,16 +1281,31 @@ Read embedded thumbnail
+ static void 
+ ReadThumbnail(FreeImageIO *io, fi_handle handle, void *data, TIFF *tiff, FIBITMAP *dib) {
+ 	FIBITMAP* thumbnail = NULL;
++
++	fi_TIFFIO *fio = (fi_TIFFIO*)data;
++
++	/*
++	Thumbnail loading can cause recursions because of the way 
++	functions TIFFLastDirectory and TIFFSetSubDirectory are working.
++	We use here a hack to count the number of times the ReadThumbnail function was called. 
++	We only allow one call, check for this
++	*/
++	if (fio->thumbnailCount > 0) {
++		return;
++	}
++	else {
++		// update the thumbnail count (used to avoid recursion)
++		fio->thumbnailCount++;
++	}
+ 	
+ 	// read exif thumbnail (IFD 1) ...
+ 	
+-	/*
+-	// this code can cause unwanted recursion causing an overflow, it is thus disabled until we have a better solution
+-	// do we really need to read a thumbnail from the Exif segment ? knowing that TIFF store the thumbnail in the subIFD ...
+-	// 
+ 	toff_t exif_offset = 0;
+ 	if(TIFFGetField(tiff, TIFFTAG_EXIFIFD, &exif_offset)) {
+ 		
++		// this code can cause unwanted recursion causing an overflow, because of the way TIFFLastDirectory work
++		// => this is checked using 
++
+ 		if(!TIFFLastDirectory(tiff)) {
+ 			// save current position
+ 			const long tell_pos = io->tell_proc(handle);
+@@ -1273,15 +1315,15 @@ ReadThumbnail(FreeImageIO *io, fi_handle handle, void *data, TIFF *tiff, FIBITMA
+ 			int page = 1;
+ 			int flags = TIFF_DEFAULT;
+ 			thumbnail = Load(io, handle, page, flags, data);
++
+ 			// store the thumbnail (remember to release it before return)
+ 			FreeImage_SetThumbnail(dib, thumbnail);
+-			
++		
+ 			// restore current position
+ 			io->seek_proc(handle, tell_pos, SEEK_SET);
+ 			TIFFSetDirectory(tiff, cur_dir);
+ 		}
+ 	}
+-	*/
+ 	
+ 	// ... or read the first subIFD
+ 	
+@@ -1297,12 +1339,15 @@ ReadThumbnail(FreeImageIO *io, fi_handle handle, void *data, TIFF *tiff, FIBITMA
+ 				// save current position
+ 				const long tell_pos = io->tell_proc(handle);
+ 				const uint16 cur_dir = TIFFCurrentDirectory(tiff);
++
++				// this code can cause unwanted recursion causing an overflow, because of the way TIFFSetSubDirectory work
+ 				
+ 				if(TIFFSetSubDirectory(tiff, subIFD_offsets[0])) {
+ 					// load the thumbnail
+ 					int page = -1; 
+ 					int flags = TIFF_DEFAULT;
+ 					thumbnail = Load(io, handle, page, flags, data);
++
+ 					// store the thumbnail (remember to release it before return)
+ 					FreeImage_SetThumbnail(dib, thumbnail);
+ 				}
+@@ -2058,7 +2103,7 @@ Load(FreeImageIO *io, fi_handle handle, int page, int flags, void *data) {
+ 				}
+ 
+ 				// calculate src line and dst pitch
+-				int dst_pitch = FreeImage_GetPitch(dib);
++				unsigned dst_pitch = FreeImage_GetPitch(dib);
+ 				uint32 tileRowSize = (uint32)TIFFTileRowSize(tif);
+ 				uint32 imageRowSize = (uint32)TIFFScanlineSize(tif);
+ 
+@@ -2088,7 +2133,7 @@ Load(FreeImageIO *io, fi_handle handle, int page, int flags, void *data) {
+ 						BYTE *src_bits = tileBuffer;
+ 						BYTE *dst_bits = bits + rowSize;
+ 						for(int k = 0; k < nrows; k++) {
+-							memcpy(dst_bits, src_bits, src_line);
++							memcpy(dst_bits, src_bits, MIN(dst_pitch, src_line));
+ 							src_bits += tileRowSize;
+ 							dst_bits -= dst_pitch;
+ 						}
diff --git a/media-libs/freeimage/freeimage-3.18.0-r2.ebuild b/media-libs/freeimage/freeimage-3.18.0-r2.ebuild
new file mode 100644
index 000000000000..3e551b4b3492
--- /dev/null
+++ b/media-libs/freeimage/freeimage-3.18.0-r2.ebuild
@@ -0,0 +1,119 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit eutils toolchain-funcs
+
+MY_PN=FreeImage
+MY_PV=${PV//.}
+MY_P=${MY_PN}${MY_PV}
+
+DESCRIPTION="Image library supporting many formats"
+HOMEPAGE="https://freeimage.sourceforge.io/"
+SRC_URI="mirror://sourceforge/${PN}/${MY_P}.zip
+	mirror://sourceforge/${PN}/${MY_P}.pdf"
+
+LICENSE="|| ( GPL-2 FIPL-1.0 )"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~x86 ~amd64-linux ~x86-linux"
+IUSE="jpeg jpeg2k mng openexr png raw static-libs tiff webp"
+
+# The tiff/ilmbase isn't a typo.  The TIFF plugin cheats and
+# uses code from it to handle 16bit<->float conversions.
+RDEPEND="
+	sys-libs/zlib
+	jpeg? ( virtual/jpeg:0 )
+	jpeg2k? ( media-libs/openjpeg:2= )
+	mng? ( media-libs/libmng:= )
+	openexr? ( media-libs/openexr:= )
+	png? ( media-libs/libpng:0= )
+	raw? ( media-libs/libraw:= )
+	tiff? (
+		media-libs/ilmbase:=
+		media-libs/tiff:0
+	)
+	webp? ( media-libs/libwebp:= )"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	app-arch/unzip
+	virtual/pkgconfig"
+
+S=${WORKDIR}/${MY_PN}
+
+DOCS=( "${DISTDIR}"/${MY_P}.pdf README.linux Whatsnew.txt )
+PATCHES=(
+	"${FILESDIR}"/${PN}-3.18.0-unbundling.patch
+	"${FILESDIR}"/${PN}-3.18.0-remove-jpeg-transform.patch
+	"${FILESDIR}"/${PN}-3.18.0-rename-jpeg_read_icc_profile.patch
+	"${FILESDIR}"/${PN}-3.18.0-disable-plugin-G3.patch
+	"${FILESDIR}"/${PN}-3.18.0-raw.patch
+	"${FILESDIR}"/${PN}-3.18.0-libjpeg9.patch
+	"${FILESDIR}"/${PN}-3.18.0-CVE-2019-12211-CVE-2019-12213.patch
+)
+
+src_prepare() {
+	pushd Source >/dev/null || die
+	cp LibJPEG/{transupp.c,transupp.h,jinclude.h} . || die
+	cp LibTIFF4/{tiffiop,tif_dir}.h . || die
+	rm -rf LibPNG LibMNG LibOpenJPEG ZLib OpenEXR LibRawLite LibTIFF4 LibJPEG LibWebP LibJXR || die
+	popd >/dev/null || die
+
+	edos2unix Makefile.{gnu,fip,srcs} fipMakefile.srcs */*.h */*/*.cpp
+	sed -i \
+		-e "s:/./:/:g" \
+		-e "s: ./: :g" \
+		-e 's: Source: \\\n\tSource:g' \
+		-e 's: Wrapper: \\\n\tWrapper:g' \
+		-e 's: Examples: \\\n\tExamples:g' \
+		-e 's: TestAPI: \\\n\tTestAPI:g' \
+		-e 's: -ISource: \\\n\t-ISource:g' \
+		-e 's: -IWrapper: \\\n\t-IWrapper:g' \
+		-e 's:INCLS:\nINCLS:g' \
+		Makefile.srcs fipMakefile.srcs || die
+	sed -i \
+		-e "/LibJPEG/d" \
+		-e "/LibJXR/d" \
+		-e "/LibPNG/d" \
+		-e "/LibTIFF/d" \
+		-e "/Source\/ZLib/d" \
+		-e "/LibOpenJPEG/d" \
+		-e "/OpenEXR/d" \
+		-e "/LibRawLite/d" \
+		-e "/LibMNG/d" \
+		-e "/LibWebP/d" \
+		-e "/LibJXR/d" \
+		Makefile.srcs fipMakefile.srcs || die
+
+	default
+}
+
+foreach_make() {
+	local m
+	for m in Makefile.{gnu,fip} ; do
+		emake -f ${m} \
+			USE_EXR=$(usex openexr) \
+			USE_JPEG=$(usex jpeg) \
+			USE_JPEG2K=$(usex jpeg2k) \
+			USE_MNG=$(usex mng) \
+			USE_PNG=$(usex png) \
+			USE_TIFF=$(usex tiff) \
+			USE_RAW=$(usex raw) \
+			USE_WEBP=$(usex webp) \
+			$(usex static-libs '' STATICLIB=) \
+			"$@"
+	done
+}
+
+src_compile() {
+	tc-export AR PKG_CONFIG
+	foreach_make \
+		CXX="$(tc-getCXX) -fPIC" \
+		CC="$(tc-getCC) -fPIC" \
+		${MY_PN}
+}
+
+src_install() {
+	foreach_make install DESTDIR="${ED}" INSTALLDIR="${ED}"/usr/$(get_libdir)
+	einstalldocs
+}
-- 
cgit v1.2.3