From dc7cbdfa65fd814b3b9aa3c56257da201109e807 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Fri, 5 Apr 2019 21:17:31 +0100 Subject: gentoo resync : 05.04.2019 --- media-libs/tiff/Manifest | 9 +- .../tiff/files/tiff-3.9.7-CVE-2012-4447.patch | 191 ---------------- .../tiff/files/tiff-3.9.7-CVE-2012-4564.patch | 77 ------- .../tiff/files/tiff-3.9.7-CVE-2012-5581.patch | 245 --------------------- .../tiff/files/tiff-3.9.7-printdir-width.patch | 36 --- .../tiff/files/tiff-3.9.7-tiffinfo-exif.patch | 59 ----- media-libs/tiff/tiff-3.9.7-r1.ebuild | 67 ------ media-libs/tiff/tiff-4.0.10.ebuild | 4 +- 8 files changed, 3 insertions(+), 685 deletions(-) delete mode 100644 media-libs/tiff/files/tiff-3.9.7-CVE-2012-4447.patch delete mode 100644 media-libs/tiff/files/tiff-3.9.7-CVE-2012-4564.patch delete mode 100644 media-libs/tiff/files/tiff-3.9.7-CVE-2012-5581.patch delete mode 100644 media-libs/tiff/files/tiff-3.9.7-printdir-width.patch delete mode 100644 media-libs/tiff/files/tiff-3.9.7-tiffinfo-exif.patch delete mode 100644 media-libs/tiff/tiff-3.9.7-r1.ebuild (limited to 'media-libs/tiff') diff --git a/media-libs/tiff/Manifest b/media-libs/tiff/Manifest index a52da9aa6fa3..5b4cb24c3543 100644 --- a/media-libs/tiff/Manifest +++ b/media-libs/tiff/Manifest @@ -1,18 +1,11 @@ -AUX tiff-3.9.7-CVE-2012-4447.patch 5706 BLAKE2B a72c6e4f643906273bd89689dcefa5696fe00536ad84329320bb8719bd37b07fa35e00c25e51998be6eeda2436ef93673dfbe6eda063f7d293df64e60c27c524 SHA512 defb8251401b7d65c2cd8f60df30d35551c1b1d0a1dcf514dd95da89572873177ea116e9373dd07cd260e00434235090e1d8864199d5fdfa84c445cb6905ddd6 -AUX tiff-3.9.7-CVE-2012-4564.patch 1987 BLAKE2B a56084760a03fc70e42d4ccff14b7f45d2c24f120515f7e23e8a5a6ada58f9325df1dfcc54327bb1324060aa91a4e497d83c74bbb62bc85daae5c6642aea14d5 SHA512 24ebe60ce6361561c15c8c5fb46b47942e58912de5efbf128374defc4382a7e800fae3dc0a9fe04876a5e2f61a109edc1c9533be2f8a15b4b0ed7215d7b08c9b -AUX tiff-3.9.7-CVE-2012-5581.patch 8156 BLAKE2B 39457d90041b04014970c8b0bb9275353eca34fef6660810537294348ff33103b735523f5b84f0de2b1003014ace561a2c3bb498ff771b5c4101fef6fd89adf6 SHA512 2e215edeb6f4f5d6e14753874a67d76cfec34b3f6ffc420e1c7ede2007a6b2f64c09505e879e83db1de87f28c82c806c4379b38bf7f8735bb2bae675543683f0 -AUX tiff-3.9.7-printdir-width.patch 1523 BLAKE2B a0bfeda833e604137529537bed29dcb50308e3f6493d2985390c4528a4ac38f432104d796ec3368462d331017db4393f58622d17e1f068811913df78e98c7444 SHA512 9bf2edcbda2ed5dba01839cf1bb34316801b4c5a2b6c71ed46f8777518cf1bc77084db94eaf1ebde84583fa2e1749a5fc5151e321b4d83975b13c3e9ebe96436 -AUX tiff-3.9.7-tiffinfo-exif.patch 1847 BLAKE2B c6e55e92ebe86558cfabec730d2f15836390fa1789d57ada01fb1c6037699898706a051dab415db35e1ac2d39902301c1639e944f177b4b098227279c98c00c5 SHA512 6f211dc864bfb314a1c7edb8855b68cfbbdbbde1ba9422c1c578acbb15e5769323eec366bef618a8100b0ccb8057b2997762ebbd0f943be10882411861ec72fb AUX tiff-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch 930 BLAKE2B 52d77fcdd773ce52232257da2c60f8b90417f102238df2039262e3afa7275908c74817ddd6958e430d7cfcff58d2d04ebd6ddd49f553f0f261883b67f557c599 SHA512 822ccc22304d23b4f50efe1f0fb7890fda8b9edf2075b8add814c0bac0a153fa0ed5d7ee5f47e23799b24f11678c8e0bf9c90ad59c5cc61fd9546b2dca4714a9 AUX tiff-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch 924 BLAKE2B 03160ce33639620b1deb918d358f559b8bc6296d28530b440d0d770438453c25aecc393b8cfcc582ed2d0ec1decd557a212c91f43f7923c9e94387e235680021 SHA512 43973cc5512eb8fe2e0beab1a98ff0d3bd999ed1adbf7c08c344b3442559cc2cdc99a9f2e9c1bb2bffa4be027945b12b120fa27ec6c8006367932039b8d8dd37 AUX tiff-4.0.9-CVE-2017-18013.patch 1531 BLAKE2B e0b825408ba684084153ebd19c13bc7124733ba9b84393534b57481aabb8f1de5529f0a31c997b6e4947be8f01970c711e1f23ce30919bcbcef489939a0ed31e SHA512 e0598c4702fbe22379182c78191305b3769b7cb7f927ad4372e220aad9567e43adee6baa164696852ce6fa4f1f307c666a4fc3fc2b942baca16cd2b8fe9998cb AUX tiff-4.0.9-CVE-2017-9935-fix-incorrect-type.patch 2443 BLAKE2B e18f4acec3dc8088eec5080272e6d759c0823cb1f8036d45bc5289cc22e8a487ff5d8761e0d2e49d4c450f407e859c00913988df9c45e51318b53c5fbec01483 SHA512 a489d4bdf5b3861fdf18107ff4a0224e2d458acf719af9d7eb6ef230285ceb5d37bc483c32800cc8180ccc69ffbc80d8887b8660265466ddd52a3447f1f44e61 AUX tiff-4.0.9-CVE-2017-9935.patch 6636 BLAKE2B b7660dee9e379aea59f7225024697ea35b820837502e9e19157391c569c6b85473c4da5163f2e6fa8934c68cc32cbc45d025a2c336d21d79f461723a68a6e49f SHA512 ca1beda6e1550ac8a4bdf2bdefaba38f5fc40d2e842709ed1a803aeef5c34cd466f93fc6e7bb8e7ffb7e21a702d54584b84615e7c3dc3a8d2d29ceeadaeca7f6 AUX tiff-4.0.9-CVE-2018-5784.patch 4251 BLAKE2B defd555ebc53e178439331cd04f3099c4ad77584efd0a4312802307ce90828e63513df738e992905af824f25d987d43e095d313d359c3de9eebba5bf4c843bf1 SHA512 ebff45d1ecc1fb783f806eb556ccb01316289e190786378309a51a0c4d10b53ae6c86a1310ea59bc79946e633163916700e17752d0a7add10c22b8824b000b7b -DIST tiff-3.9.7.tar.gz 1468097 BLAKE2B 303339acf9bb48558695b13fcc2b41acacbbf2ce6d2ec497067761895cb2de7674108e8ca2f35f845dcd2e45801777fe25d234af1c308acf59846c2f5617ab53 SHA512 ca89584a9ffa33b4986e4bc2165043cec239896f1f0ab73db00818d0442b570efaa6345b2ed422e884202324d359713df849bf14782bb0cf3b959655febddd77 DIST tiff-4.0.10.tar.gz 2402867 BLAKE2B 0305453f22150c31d00d2de756736f58c49a288e19b2a66bdd01319ce4688742f6eab4009eaf1817125d41f53a23de17eb6265a3ebae458ec24f5dbb3d49764e SHA512 d213e5db09fd56b8977b187c5a756f60d6e3e998be172550c2892dbdb4b2a8e8c750202bc863fe27d0d1c577ab9de1710d15e9f6ed665aadbfd857525a81eea8 DIST tiff-4.0.9.tar.gz 2305681 BLAKE2B 3de03408d2974b9f9f5f2444029cc3018ef43beb67e9fd21be68ee400cdcc6deca1247f055d880841a18b92284ce81f112682c8b5f083ddc61e5255d73a7de3f SHA512 04f3d5eefccf9c1a0393659fe27f3dddd31108c401ba0dc587bca152a1c1f6bc844ba41622ff5572da8cc278593eff8c402b44e7af0a0090e91d326c2d79f6cd -EBUILD tiff-3.9.7-r1.ebuild 1941 BLAKE2B 38e7fc7b06adec30d32dce66390c5174fa8ca514d8fdc12d6486ed3b8a78b95ea2efb3e083c959892ea65e46853b4c5b7236508c9812736ff0bebce26961d64f SHA512 659c879ae594501bb3a88dde00797d67fd004cbbefbb4403a2374876a6c909cb38f4a7d56256325c5d53fd7ed107849e7c2862f9de777ab6b6d996ec279fe997 -EBUILD tiff-4.0.10.ebuild 2324 BLAKE2B 798ebc306c03368078da1d24d28c61fe3d69376fbbaf95238ecc92b73cfa62c1db54900895bd83ae890be231322a91a9f238fc69b4cc85f0db3e1b8abb1f38b1 SHA512 2886e2136317e5576847297dff4fdee2f1b8ef459f9d0f4cb4ac168d09119b3c4b12c0aacd4fc4b7dd9078938abe36ec5890325d9d3534d0b78d2ac3be79c910 +EBUILD tiff-4.0.10.ebuild 2320 BLAKE2B 4d31a67539f9bc1c732db69bf57446f96ec13e573ac0531ce7fa3c7be39c28dee1fb9a275593d94f8ba11f6b5c3b4a0f5a82a47588b4542d4d1502aeb2149bc1 SHA512 a208da6710cbba1ff103b6399ee3f0186ac5e756e432fe7ac3c3333d1afa090620a9452d81b08de7b2eb052977cb313c043d9a2311e84b029a84f84ad3f1b978 EBUILD tiff-4.0.9-r4.ebuild 2354 BLAKE2B 272c6c559ca76d81689caefa8dbd66aa22b8e29fd2cf35ba0699abaf2e85fa1f542237c9eb3b85735921617b76790bdbaede55b0c113a7cc2d35b192d3821e85 SHA512 ee3c1ab75d4694bce0e9523394ed0bf9daca1de6bc276199d96b655192a59f72ddc4bbbc7981e26c6f44531da334bbaab94fb9fa72191d6c241e861b71e78e4b MISC metadata.xml 640 BLAKE2B faec0c1b8ddc13c849f3814532d7886a7b1fcc7aee14eb1ff26dc0265d51bd7516c779e2dba8e9dc8c1116f3be46db6dd06bfe46dd4b5dc3300f29b402bb666a SHA512 9445f36944e1018afcb83e3f5d9382d8e91d52924171786a40606ab46bfe0c0de744b40fc2adb58ece5d0168bca967d2bef73de05a81cd46615bd50502d08a29 diff --git a/media-libs/tiff/files/tiff-3.9.7-CVE-2012-4447.patch b/media-libs/tiff/files/tiff-3.9.7-CVE-2012-4447.patch deleted file mode 100644 index 6c28dc6ec9a8..000000000000 --- a/media-libs/tiff/files/tiff-3.9.7-CVE-2012-4447.patch +++ /dev/null @@ -1,191 +0,0 @@ -Upstream patch for CVE-2012-4447. This also covers an out-of-bounds-read -possibility in the same file, which wasn't given a separate CVE. - - -diff -Naur tiff-3.9.4.orig/libtiff/tif_pixarlog.c tiff-3.9.4/libtiff/tif_pixarlog.c ---- tiff-3.9.4.orig/libtiff/tif_pixarlog.c 2010-06-08 14:50:42.000000000 -0400 -+++ tiff-3.9.4/libtiff/tif_pixarlog.c 2012-12-10 15:50:14.421538317 -0500 -@@ -117,9 +117,9 @@ - if (n >= stride) { - mask = CODE_MASK; - if (stride == 3) { -- t0 = ToLinearF[cr = wp[0]]; -- t1 = ToLinearF[cg = wp[1]]; -- t2 = ToLinearF[cb = wp[2]]; -+ t0 = ToLinearF[cr = (wp[0] & mask)]; -+ t1 = ToLinearF[cg = (wp[1] & mask)]; -+ t2 = ToLinearF[cb = (wp[2] & mask)]; - op[0] = t0; - op[1] = t1; - op[2] = t2; -@@ -136,10 +136,10 @@ - op[2] = t2; - } - } else if (stride == 4) { -- t0 = ToLinearF[cr = wp[0]]; -- t1 = ToLinearF[cg = wp[1]]; -- t2 = ToLinearF[cb = wp[2]]; -- t3 = ToLinearF[ca = wp[3]]; -+ t0 = ToLinearF[cr = (wp[0] & mask)]; -+ t1 = ToLinearF[cg = (wp[1] & mask)]; -+ t2 = ToLinearF[cb = (wp[2] & mask)]; -+ t3 = ToLinearF[ca = (wp[3] & mask)]; - op[0] = t0; - op[1] = t1; - op[2] = t2; -@@ -183,9 +183,9 @@ - if (n >= stride) { - mask = CODE_MASK; - if (stride == 3) { -- t0 = ToLinearF[cr = wp[0]] * SCALE12; -- t1 = ToLinearF[cg = wp[1]] * SCALE12; -- t2 = ToLinearF[cb = wp[2]] * SCALE12; -+ t0 = ToLinearF[cr = (wp[0] & mask)] * SCALE12; -+ t1 = ToLinearF[cg = (wp[1] & mask)] * SCALE12; -+ t2 = ToLinearF[cb = (wp[2] & mask)] * SCALE12; - op[0] = CLAMP12(t0); - op[1] = CLAMP12(t1); - op[2] = CLAMP12(t2); -@@ -202,10 +202,10 @@ - op[2] = CLAMP12(t2); - } - } else if (stride == 4) { -- t0 = ToLinearF[cr = wp[0]] * SCALE12; -- t1 = ToLinearF[cg = wp[1]] * SCALE12; -- t2 = ToLinearF[cb = wp[2]] * SCALE12; -- t3 = ToLinearF[ca = wp[3]] * SCALE12; -+ t0 = ToLinearF[cr = (wp[0] & mask)] * SCALE12; -+ t1 = ToLinearF[cg = (wp[1] & mask)] * SCALE12; -+ t2 = ToLinearF[cb = (wp[2] & mask)] * SCALE12; -+ t3 = ToLinearF[ca = (wp[3] & mask)] * SCALE12; - op[0] = CLAMP12(t0); - op[1] = CLAMP12(t1); - op[2] = CLAMP12(t2); -@@ -247,9 +247,9 @@ - if (n >= stride) { - mask = CODE_MASK; - if (stride == 3) { -- op[0] = ToLinear16[cr = wp[0]]; -- op[1] = ToLinear16[cg = wp[1]]; -- op[2] = ToLinear16[cb = wp[2]]; -+ op[0] = ToLinear16[cr = (wp[0] & mask)]; -+ op[1] = ToLinear16[cg = (wp[1] & mask)]; -+ op[2] = ToLinear16[cb = (wp[2] & mask)]; - n -= 3; - while (n > 0) { - wp += 3; -@@ -260,10 +260,10 @@ - op[2] = ToLinear16[(cb += wp[2]) & mask]; - } - } else if (stride == 4) { -- op[0] = ToLinear16[cr = wp[0]]; -- op[1] = ToLinear16[cg = wp[1]]; -- op[2] = ToLinear16[cb = wp[2]]; -- op[3] = ToLinear16[ca = wp[3]]; -+ op[0] = ToLinear16[cr = (wp[0] & mask)]; -+ op[1] = ToLinear16[cg = (wp[1] & mask)]; -+ op[2] = ToLinear16[cb = (wp[2] & mask)]; -+ op[3] = ToLinear16[ca = (wp[3] & mask)]; - n -= 4; - while (n > 0) { - wp += 4; -@@ -342,9 +342,9 @@ - if (n >= stride) { - mask = CODE_MASK; - if (stride == 3) { -- op[0] = ToLinear8[cr = wp[0]]; -- op[1] = ToLinear8[cg = wp[1]]; -- op[2] = ToLinear8[cb = wp[2]]; -+ op[0] = ToLinear8[cr = (wp[0] & mask)]; -+ op[1] = ToLinear8[cg = (wp[1] & mask)]; -+ op[2] = ToLinear8[cb = (wp[2] & mask)]; - n -= 3; - while (n > 0) { - n -= 3; -@@ -355,10 +355,10 @@ - op[2] = ToLinear8[(cb += wp[2]) & mask]; - } - } else if (stride == 4) { -- op[0] = ToLinear8[cr = wp[0]]; -- op[1] = ToLinear8[cg = wp[1]]; -- op[2] = ToLinear8[cb = wp[2]]; -- op[3] = ToLinear8[ca = wp[3]]; -+ op[0] = ToLinear8[cr = (wp[0] & mask)]; -+ op[1] = ToLinear8[cg = (wp[1] & mask)]; -+ op[2] = ToLinear8[cb = (wp[2] & mask)]; -+ op[3] = ToLinear8[ca = (wp[3] & mask)]; - n -= 4; - while (n > 0) { - n -= 4; -@@ -393,9 +393,9 @@ - mask = CODE_MASK; - if (stride == 3) { - op[0] = 0; -- t1 = ToLinear8[cb = wp[2]]; -- t2 = ToLinear8[cg = wp[1]]; -- t3 = ToLinear8[cr = wp[0]]; -+ t1 = ToLinear8[cb = (wp[2] & mask)]; -+ t2 = ToLinear8[cg = (wp[1] & mask)]; -+ t3 = ToLinear8[cr = (wp[0] & mask)]; - op[1] = t1; - op[2] = t2; - op[3] = t3; -@@ -413,10 +413,10 @@ - op[3] = t3; - } - } else if (stride == 4) { -- t0 = ToLinear8[ca = wp[3]]; -- t1 = ToLinear8[cb = wp[2]]; -- t2 = ToLinear8[cg = wp[1]]; -- t3 = ToLinear8[cr = wp[0]]; -+ t0 = ToLinear8[ca = (wp[3] & mask)]; -+ t1 = ToLinear8[cb = (wp[2] & mask)]; -+ t2 = ToLinear8[cg = (wp[1] & mask)]; -+ t3 = ToLinear8[cr = (wp[0] & mask)]; - op[0] = t0; - op[1] = t1; - op[2] = t2; -@@ -630,10 +630,10 @@ - return guess; - } - --static uint32 --multiply(size_t m1, size_t m2) -+static tsize_t -+multiply(tsize_t m1, tsize_t m2) - { -- uint32 bytes = m1 * m2; -+ tsize_t bytes = m1 * m2; - - if (m1 && bytes / m1 != m2) - bytes = 0; -@@ -641,6 +641,20 @@ - return bytes; - } - -+static tsize_t -+add_ms(tsize_t m1, tsize_t m2) -+{ -+ tsize_t bytes = m1 + m2; -+ -+ /* if either input is zero, assume overflow already occurred */ -+ if (m1 == 0 || m2 == 0) -+ bytes = 0; -+ else if (bytes <= m1 || bytes <= m2) -+ bytes = 0; -+ -+ return bytes; -+} -+ - static int - PixarLogSetupDecode(TIFF* tif) - { -@@ -661,6 +675,8 @@ - td->td_samplesperpixel : 1); - tbuf_size = multiply(multiply(multiply(sp->stride, td->td_imagewidth), - td->td_rowsperstrip), sizeof(uint16)); -+ /* add one more stride in case input ends mid-stride */ -+ tbuf_size = add_ms(tbuf_size, sizeof(uint16) * sp->stride); - if (tbuf_size == 0) - return (0); - sp->tbuf = (uint16 *) _TIFFmalloc(tbuf_size); diff --git a/media-libs/tiff/files/tiff-3.9.7-CVE-2012-4564.patch b/media-libs/tiff/files/tiff-3.9.7-CVE-2012-4564.patch deleted file mode 100644 index 98a6e6c4409d..000000000000 --- a/media-libs/tiff/files/tiff-3.9.7-CVE-2012-4564.patch +++ /dev/null @@ -1,77 +0,0 @@ -Upstream patch for CVE-2012-4564. - - -diff -Naur tiff-3.9.4.orig/tools/ppm2tiff.c tiff-3.9.4/tools/ppm2tiff.c ---- tiff-3.9.4.orig/tools/ppm2tiff.c 2010-06-08 14:50:44.000000000 -0400 -+++ tiff-3.9.4/tools/ppm2tiff.c 2012-12-10 16:16:05.154045877 -0500 -@@ -68,6 +68,17 @@ - exit(-2); - } - -+static tsize_t -+multiply_ms(tsize_t m1, tsize_t m2) -+{ -+ tsize_t bytes = m1 * m2; -+ -+ if (m1 && bytes / m1 != m2) -+ bytes = 0; -+ -+ return bytes; -+} -+ - int - main(int argc, char* argv[]) - { -@@ -85,6 +96,7 @@ - int c; - extern int optind; - extern char* optarg; -+ tsize_t scanline_size; - - if (argc < 2) { - fprintf(stderr, "%s: Too few arguments\n", argv[0]); -@@ -217,7 +229,8 @@ - } - switch (bpp) { - case 1: -- linebytes = (spp * w + (8 - 1)) / 8; -+ /* if round-up overflows, result will be zero, OK */ -+ linebytes = (multiply_ms(spp, w) + (8 - 1)) / 8; - if (rowsperstrip == (uint32) -1) { - TIFFSetField(out, TIFFTAG_ROWSPERSTRIP, h); - } else { -@@ -226,15 +239,31 @@ - } - break; - case 8: -- linebytes = spp * w; -+ linebytes = multiply_ms(spp, w); - TIFFSetField(out, TIFFTAG_ROWSPERSTRIP, - TIFFDefaultStripSize(out, rowsperstrip)); - break; - } -- if (TIFFScanlineSize(out) > linebytes) -+ if (linebytes == 0) { -+ fprintf(stderr, "%s: scanline size overflow\n", infile); -+ (void) TIFFClose(out); -+ exit(-2); -+ } -+ scanline_size = TIFFScanlineSize(out); -+ if (scanline_size == 0) { -+ /* overflow - TIFFScanlineSize already printed a message */ -+ (void) TIFFClose(out); -+ exit(-2); -+ } -+ if (scanline_size < linebytes) - buf = (unsigned char *)_TIFFmalloc(linebytes); - else -- buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out)); -+ buf = (unsigned char *)_TIFFmalloc(scanline_size); -+ if (buf == NULL) { -+ fprintf(stderr, "%s: Not enough memory\n", infile); -+ (void) TIFFClose(out); -+ exit(-2); -+ } - if (resolution > 0) { - TIFFSetField(out, TIFFTAG_XRESOLUTION, resolution); - TIFFSetField(out, TIFFTAG_YRESOLUTION, resolution); diff --git a/media-libs/tiff/files/tiff-3.9.7-CVE-2012-5581.patch b/media-libs/tiff/files/tiff-3.9.7-CVE-2012-5581.patch deleted file mode 100644 index a6bdca137029..000000000000 --- a/media-libs/tiff/files/tiff-3.9.7-CVE-2012-5581.patch +++ /dev/null @@ -1,245 +0,0 @@ -Fix unsafe handling of DotRange and related tags. Back-port of upstream -patch for CVE-2012-5581. (Note: I have not pushed this into upstream CVS -for the 3.9 branch, because I'm not entirely convinced that it won't create -application compatibility issues --- tgl) - - -diff -Naur tiff-3.9.7.orig/libtiff/tif_dir.c tiff-3.9.7/libtiff/tif_dir.c ---- tiff-3.9.7.orig/libtiff/tif_dir.c 2012-09-22 10:48:09.000000000 -0400 -+++ tiff-3.9.7/libtiff/tif_dir.c 2012-12-13 13:39:20.448864070 -0500 -@@ -494,32 +494,28 @@ - goto end; - } - -- if ((fip->field_passcount -+ if (fip->field_tag == TIFFTAG_DOTRANGE -+ && strcmp(fip->field_name,"DotRange") == 0) { -+ /* TODO: This is an evil exception and should not have been -+ handled this way ... likely best if we move it into -+ the directory structure with an explicit field in -+ libtiff 4.1 and assign it a FIELD_ value */ -+ uint16 v[2]; -+ v[0] = (uint16)va_arg(ap, int); -+ v[1] = (uint16)va_arg(ap, int); -+ _TIFFmemcpy(tv->value, v, 4); -+ } -+ else if (fip->field_passcount - || fip->field_writecount == TIFF_VARIABLE - || fip->field_writecount == TIFF_VARIABLE2 - || fip->field_writecount == TIFF_SPP -- || tv->count > 1) -- && fip->field_tag != TIFFTAG_PAGENUMBER -- && fip->field_tag != TIFFTAG_HALFTONEHINTS -- && fip->field_tag != TIFFTAG_YCBCRSUBSAMPLING -- && fip->field_tag != TIFFTAG_DOTRANGE -- && fip->field_tag != TIFFTAG_WHITELEVEL) { -+ || tv->count > 1) { - _TIFFmemcpy(tv->value, va_arg(ap, void *), - tv->count * tv_size); - } else { -- /* -- * XXX: The following loop required to handle -- * TIFFTAG_PAGENUMBER, TIFFTAG_HALFTONEHINTS, -- * TIFFTAG_YCBCRSUBSAMPLING and TIFFTAG_DOTRANGE tags. -- * These tags are actually arrays and should be passed as -- * array pointers to TIFFSetField() function, but actually -- * passed as a list of separate values. This behaviour -- * must be changed in the future! -- */ -- int i; - char *val = (char *)tv->value; - -- for (i = 0; i < tv->count; i++, val += tv_size) { -+ assert( tv->count == 1 ); - switch (fip->field_type) { - case TIFF_BYTE: - case TIFF_UNDEFINED: -@@ -578,7 +574,6 @@ - status = 0; - break; - } -- } - } - } - } -@@ -869,24 +864,27 @@ - *va_arg(ap, uint16*) = (uint16)tv->count; - *va_arg(ap, void **) = tv->value; - ret_val = 1; -- } else { -- if ((fip->field_type == TIFF_ASCII -+ } else if (fip->field_tag == TIFFTAG_DOTRANGE -+ && strcmp(fip->field_name,"DotRange") == 0) { -+ /* TODO: This is an evil exception and should not have been -+ handled this way ... likely best if we move it into -+ the directory structure with an explicit field in -+ libtiff 4.1 and assign it a FIELD_ value */ -+ *va_arg(ap, uint16*) = ((uint16 *)tv->value)[0]; -+ *va_arg(ap, uint16*) = ((uint16 *)tv->value)[1]; -+ ret_val = 1; -+ } else { -+ if (fip->field_type == TIFF_ASCII - || fip->field_readcount == TIFF_VARIABLE - || fip->field_readcount == TIFF_VARIABLE2 - || fip->field_readcount == TIFF_SPP -- || tv->count > 1) -- && fip->field_tag != TIFFTAG_PAGENUMBER -- && fip->field_tag != TIFFTAG_HALFTONEHINTS -- && fip->field_tag != TIFFTAG_YCBCRSUBSAMPLING -- && fip->field_tag != TIFFTAG_DOTRANGE) { -+ || tv->count > 1) { - *va_arg(ap, void **) = tv->value; - ret_val = 1; - } else { -- int j; - char *val = (char *)tv->value; - -- for (j = 0; j < tv->count; -- j++, val += _TIFFDataSize(tv->info->field_type)) { -+ assert( tv->count == 1 ); - switch (fip->field_type) { - case TIFF_BYTE: - case TIFF_UNDEFINED: -@@ -936,7 +934,6 @@ - ret_val = 0; - break; - } -- } - } - } - break; -diff -Naur tiff-3.9.7.orig/libtiff/tif_print.c tiff-3.9.7/libtiff/tif_print.c ---- tiff-3.9.7.orig/libtiff/tif_print.c 2010-07-08 12:17:59.000000000 -0400 -+++ tiff-3.9.7/libtiff/tif_print.c 2012-12-13 13:42:12.773478278 -0500 -@@ -112,16 +112,22 @@ - } - - static int --_TIFFPrettyPrintField(TIFF* tif, FILE* fd, ttag_t tag, -+_TIFFPrettyPrintField(TIFF* tif, const TIFFFieldInfo *fip, FILE* fd, ttag_t tag, - uint32 value_count, void *raw_data) - { - TIFFDirectory *td = &tif->tif_dir; - -+ /* do not try to pretty print auto-defined fields */ -+ if (strncmp(fip->field_name,"Tag ", 4) == 0) { -+ return 0; -+ } -+ - switch (tag) - { - case TIFFTAG_INKSET: -- fprintf(fd, " Ink Set: "); -- switch (*((uint16*)raw_data)) { -+ if (value_count == 2 && fip->field_type == TIFF_SHORT) { -+ fprintf(fd, " Ink Set: "); -+ switch (*((uint16*)raw_data)) { - case INKSET_CMYK: - fprintf(fd, "CMYK\n"); - break; -@@ -130,11 +136,18 @@ - *((uint16*)raw_data), - *((uint16*)raw_data)); - break; -+ } -+ return 1; - } -- return 1; -+ return 0; -+ - case TIFFTAG_WHITEPOINT: -- fprintf(fd, " White Point: %g-%g\n", -- ((float *)raw_data)[0], ((float *)raw_data)[1]); return 1; -+ if (value_count == 2 && fip->field_type == TIFF_RATIONAL) { -+ fprintf(fd, " White Point: %g-%g\n", -+ ((float *)raw_data)[0], ((float *)raw_data)[1]); return 1; -+ } -+ return 0; -+ - case TIFFTAG_REFERENCEBLACKWHITE: - { - uint16 i; -@@ -174,10 +187,13 @@ - (unsigned long) value_count); - return 1; - case TIFFTAG_STONITS: -- fprintf(fd, -- " Sample to Nits conversion factor: %.4e\n", -- *((double*)raw_data)); -- return 1; -+ if (value_count == 1 && fip->field_type == TIFF_DOUBLE) { -+ fprintf(fd, -+ " Sample to Nits conversion factor: %.4e\n", -+ *((double*)raw_data)); -+ return 1; -+ } -+ return 0; - } - - return 0; -@@ -524,44 +540,28 @@ - value_count = td->td_samplesperpixel; - else - value_count = fip->field_readcount; -- if ((fip->field_type == TIFF_ASCII -+ if (fip->field_tag == TIFFTAG_DOTRANGE -+ && strcmp(fip->field_name,"DotRange") == 0) { -+ /* TODO: This is an evil exception and should not have been -+ handled this way ... likely best if we move it into -+ the directory structure with an explicit field in -+ libtiff 4.1 and assign it a FIELD_ value */ -+ static uint16 dotrange[2]; -+ raw_data = dotrange; -+ TIFFGetField(tif, tag, dotrange+0, dotrange+1); -+ } else if (fip->field_type == TIFF_ASCII - || fip->field_readcount == TIFF_VARIABLE - || fip->field_readcount == TIFF_VARIABLE2 - || fip->field_readcount == TIFF_SPP -- || value_count > 1) -- && fip->field_tag != TIFFTAG_PAGENUMBER -- && fip->field_tag != TIFFTAG_HALFTONEHINTS -- && fip->field_tag != TIFFTAG_YCBCRSUBSAMPLING -- && fip->field_tag != TIFFTAG_DOTRANGE) { -+ || value_count > 1) { - if(TIFFGetField(tif, tag, &raw_data) != 1) - continue; -- } else if (fip->field_tag != TIFFTAG_PAGENUMBER -- && fip->field_tag != TIFFTAG_HALFTONEHINTS -- && fip->field_tag != TIFFTAG_YCBCRSUBSAMPLING -- && fip->field_tag != TIFFTAG_DOTRANGE) { -- raw_data = _TIFFmalloc( -- _TIFFDataSize(fip->field_type) -- * value_count); -- mem_alloc = 1; -- if(TIFFGetField(tif, tag, raw_data) != 1) { -- _TIFFfree(raw_data); -- continue; -- } - } else { -- /* -- * XXX: Should be fixed and removed, see the -- * notes related to TIFFTAG_PAGENUMBER, -- * TIFFTAG_HALFTONEHINTS, -- * TIFFTAG_YCBCRSUBSAMPLING and -- * TIFFTAG_DOTRANGE tags in tif_dir.c. */ -- char *tmp; - raw_data = _TIFFmalloc( - _TIFFDataSize(fip->field_type) - * value_count); -- tmp = raw_data; - mem_alloc = 1; -- if(TIFFGetField(tif, tag, tmp, -- tmp + _TIFFDataSize(fip->field_type)) != 1) { -+ if(TIFFGetField(tif, tag, raw_data) != 1) { - _TIFFfree(raw_data); - continue; - } -@@ -574,7 +574,7 @@ - * _TIFFPrettyPrintField() fall down and print it as any other - * tag. - */ -- if (_TIFFPrettyPrintField(tif, fd, tag, value_count, raw_data)) { -+ if (_TIFFPrettyPrintField(tif, fip, fd, tag, value_count, raw_data)) { - if(mem_alloc) - _TIFFfree(raw_data); - continue; diff --git a/media-libs/tiff/files/tiff-3.9.7-printdir-width.patch b/media-libs/tiff/files/tiff-3.9.7-printdir-width.patch deleted file mode 100644 index 6ad7534ac6fe..000000000000 --- a/media-libs/tiff/files/tiff-3.9.7-printdir-width.patch +++ /dev/null @@ -1,36 +0,0 @@ -Make TIFFPrintDirectory cope with both TIFF_VARIABLE and TIFF_VARIABLE2 -conventions for field_passcount fields, ie, either 16- or 32-bit counts. -This patch is taken from upstream commits dated 2012-05-23 ("fix crash -with odd 16bit count types for some custom fields") and 2012-12-12 ("Fix -TIFF_VARIABLE/TIFF_VARIABLE2 confusion in TIFFPrintDirectory"). - -This doesn't qualify as a security issue in itself, mainly because -TIFFPrintDirectory is unlikely to be used in any security-exposed -scenarios; but we need to fix it so that our test case for CVE-2012-5581 -works on all platforms. - - -diff -Naur tiff-3.9.4.orig/libtiff/tif_print.c tiff-3.9.4/libtiff/tif_print.c ---- tiff-3.9.4.orig/libtiff/tif_print.c 2010-06-08 14:50:42.000000000 -0400 -+++ tiff-3.9.4/libtiff/tif_print.c 2012-12-13 12:17:33.726765771 -0500 -@@ -518,8 +518,19 @@ - continue; - - if(fip->field_passcount) { -- if(TIFFGetField(tif, tag, &value_count, &raw_data) != 1) -+ if (fip->field_readcount == TIFF_VARIABLE2 ) { -+ if(TIFFGetField(tif, tag, &value_count, &raw_data) != 1) -+ continue; -+ } else if (fip->field_readcount == TIFF_VARIABLE ) { -+ uint16 small_value_count; -+ if(TIFFGetField(tif, tag, &small_value_count, &raw_data) != 1) -+ continue; -+ value_count = small_value_count; -+ } else { -+ assert (fip->field_readcount == TIFF_VARIABLE -+ || fip->field_readcount == TIFF_VARIABLE2); - continue; -+ } - } else { - if (fip->field_readcount == TIFF_VARIABLE - || fip->field_readcount == TIFF_VARIABLE2) diff --git a/media-libs/tiff/files/tiff-3.9.7-tiffinfo-exif.patch b/media-libs/tiff/files/tiff-3.9.7-tiffinfo-exif.patch deleted file mode 100644 index a326e21e298b..000000000000 --- a/media-libs/tiff/files/tiff-3.9.7-tiffinfo-exif.patch +++ /dev/null @@ -1,59 +0,0 @@ -Teach "tiffinfo -D" to not try to print image data inside an EXIF subdirectory, -because there isn't any. Back-patched from an upstream 4.0.2 fix. - -This is not a security issue in itself (it crashes, but with a simple NULL -pointer dereference). However, our test case for CVE-2012-5581 tickles this -bug, so it seems easier to fix this than make a new test case. - - -diff -Naur tiff-3.9.4.orig/tools/tiffinfo.c tiff-3.9.4/tools/tiffinfo.c ---- tiff-3.9.4.orig/tools/tiffinfo.c 2010-06-08 14:50:44.000000000 -0400 -+++ tiff-3.9.4/tools/tiffinfo.c 2012-12-11 16:33:17.062228558 -0500 -@@ -49,7 +49,7 @@ - int stoponerr = 1; /* stop on first read error */ - - static void usage(void); --static void tiffinfo(TIFF*, uint16, long); -+static void tiffinfo(TIFF*, uint16, long, int); - - int - main(int argc, char* argv[]) -@@ -124,19 +124,20 @@ - if (tif != NULL) { - if (dirnum != -1) { - if (TIFFSetDirectory(tif, (tdir_t) dirnum)) -- tiffinfo(tif, order, flags); -+ tiffinfo(tif, order, flags, 1); - } else if (diroff != 0) { - if (TIFFSetSubDirectory(tif, diroff)) -- tiffinfo(tif, order, flags); -+ tiffinfo(tif, order, flags, 1); - } else { - do { - uint32 offset; - -- tiffinfo(tif, order, flags); -+ tiffinfo(tif, order, flags, 1); - if (TIFFGetField(tif, TIFFTAG_EXIFIFD, - &offset)) { -- if (TIFFReadEXIFDirectory(tif, offset)) -- tiffinfo(tif, order, flags); -+ if (TIFFReadEXIFDirectory(tif, offset)) { -+ tiffinfo(tif, order, flags, 0); -+ } - } - } while (TIFFReadDirectory(tif)); - } -@@ -426,10 +427,10 @@ - } - - static void --tiffinfo(TIFF* tif, uint16 order, long flags) -+tiffinfo(TIFF* tif, uint16 order, long flags, int is_image) - { - TIFFPrintDirectory(tif, stdout, flags); -- if (!readdata) -+ if (!readdata || !is_image) - return; - if (rawdata) { - if (order) { diff --git a/media-libs/tiff/tiff-3.9.7-r1.ebuild b/media-libs/tiff/tiff-3.9.7-r1.ebuild deleted file mode 100644 index 467c3bb64906..000000000000 --- a/media-libs/tiff/tiff-3.9.7-r1.ebuild +++ /dev/null @@ -1,67 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=5 - -# this ebuild is only for the libtiff.so.3 (+ 4) and libtiffxx.so.3 (+ 4) SONAME for ABI compat - -inherit eutils libtool multilib multilib-minimal - -DESCRIPTION="Library for manipulation of TIFF (Tag Image File Format) images" -HOMEPAGE="http://libtiff.maptools.org" -SRC_URI="ftp://ftp.remotesensing.org/pub/libtiff/${P}.tar.gz" - -LICENSE="libtiff" -SLOT="3" -KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 m68k ~mips ~ppc ~ppc64 s390 sh ~sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris" -IUSE="+cxx jbig jpeg zlib" - -RDEPEND="jpeg? ( >=virtual/jpeg-0-r2[${MULTILIB_USEDEP}] ) - jbig? ( >=media-libs/jbigkit-2.1[${MULTILIB_USEDEP}] ) - zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] ) - !media-libs/tiff-compat - !=media-libs/tiff-3*:0" -DEPEND="${RDEPEND}" - -src_prepare() { - epatch \ - "${FILESDIR}"/${P}-CVE-2012-{4447,4564,5581}.patch \ - "${FILESDIR}"/${P}-tiffinfo-exif.patch \ - "${FILESDIR}"/${P}-printdir-width.patch - - elibtoolize -} - -multilib_src_configure() { - ECONF_SOURCE="${S}" econf \ - --libdir=/libdir \ - --disable-static \ - $(use_enable cxx) \ - $(use_enable zlib) \ - $(use_enable jpeg) \ - $(use_enable jbig) \ - --without-x -} - -multilib_src_install() { - # Let `make install` and libtool handle insecure runpath(s) - dodir tmp - emake DESTDIR="${ED}/tmp" install - - # .so.3 (upstream) is used by sci-chemistry/icm - # .so.4 (Debian) is used by net-im/skype - exeinto /usr/$(get_libdir) - doexe "${ED}"/tmp/libdir/libtiff$(get_libname 3) - dosym libtiff$(get_libname 3) /usr/$(get_libdir)/libtiff$(get_libname 4) - if use cxx; then - doexe "${ED}"/tmp/libdir/libtiffxx$(get_libname 3) - dosym libtiffxx$(get_libname 3) /usr/$(get_libdir)/libtiffxx$(get_libname 4) - fi - - rm -rf "${ED}"/tmp -} - -multilib_src_install_all() { - # (avoid installing docs) - : -} diff --git a/media-libs/tiff/tiff-4.0.10.ebuild b/media-libs/tiff/tiff-4.0.10.ebuild index a41a3102657c..8373253c0284 100644 --- a/media-libs/tiff/tiff-4.0.10.ebuild +++ b/media-libs/tiff/tiff-4.0.10.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2018 Gentoo Authors +# Copyright 1999-2019 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -12,7 +12,7 @@ SRC_URI="http://download.osgeo.org/libtiff/${P}.tar.gz LICENSE="libtiff" SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x64-cygwin ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~x64-cygwin ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" IUSE="+cxx jbig jpeg lzma static-libs test webp zlib zstd" RDEPEND=" -- cgit v1.2.3