[gentoo-commits] repo/gentoo:master commit in: media-libs/tiff/, media-libs/tiff/files/

[Mike Frysinger]

commit:     afb651b9908c9fd2d24a8e347e152bc195b486bc
Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Tue May 29 01:02:58 2018 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue May 29 01:03:54 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=afb651b9

media-libs/tiff: add upstream fix for CVE-2017-18013 #645982

Bug: https://bugs.gentoo.org/645982

 .../tiff/files/tiff-4.0.9-CVE-2017-18013.patch     | 39 +++++++++++
 media-libs/tiff/tiff-4.0.9-r4.ebuild               | 81 ++++++++++++++++++++++
 2 files changed, 120 insertions(+)

diff --git a/media-libs/tiff/files/tiff-4.0.9-CVE-2017-18013.patch 
b/media-libs/tiff/files/tiff-4.0.9-CVE-2017-18013.patch
new file mode 100644
index 00000000000..2db890aef90
--- /dev/null
+++ b/media-libs/tiff/files/tiff-4.0.9-CVE-2017-18013.patch
@@ -0,0 +1,39 @@
+https://bugs.gentoo.org/645982
+https://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01
+
+From c6f41df7b581402dfba3c19a1e3df4454c551a01 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.roua...@spatialys.com>
+Date: Sun, 31 Dec 2017 15:09:41 +0100
+Subject: [PATCH] libtiff/tif_print.c: TIFFPrintDirectory(): fix null pointer
+ dereference on corrupted file. Fixes
+ http://bugzilla.maptools.org/show_bug.cgi?id=2770
+
+---
+ libtiff/tif_print.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/libtiff/tif_print.c b/libtiff/tif_print.c
+index 9959d353b1f9..8deceb2b054d 100644
+--- a/libtiff/tif_print.c
++++ b/libtiff/tif_print.c
+@@ -665,13 +665,13 @@ TIFFPrintDirectory(TIFF* tif, FILE* fd, long flags)
+ #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
+                       fprintf(fd, "    %3lu: [%8I64u, %8I64u]\n",
+                           (unsigned long) s,
+-                          (unsigned __int64) td->td_stripoffset[s],
+-                          (unsigned __int64) td->td_stripbytecount[s]);
++                          td->td_stripoffset ? (unsigned __int64) 
td->td_stripoffset[s] : 0,
++                          td->td_stripbytecount ? (unsigned __int64) 
td->td_stripbytecount[s] : 0);
+ #else
+                       fprintf(fd, "    %3lu: [%8llu, %8llu]\n",
+                           (unsigned long) s,
+-                          (unsigned long long) td->td_stripoffset[s],
+-                          (unsigned long long) td->td_stripbytecount[s]);
++                          td->td_stripoffset ? (unsigned long long) 
td->td_stripoffset[s] : 0,
++                          td->td_stripbytecount ? (unsigned long long) 
td->td_stripbytecount[s] : 0);
+ #endif
+       }
+ }
+-- 
+2.16.1
+

diff --git a/media-libs/tiff/tiff-4.0.9-r4.ebuild 
b/media-libs/tiff/tiff-4.0.9-r4.ebuild
new file mode 100644
index 00000000000..4787ecd348e
--- /dev/null
+++ b/media-libs/tiff/tiff-4.0.9-r4.ebuild
@@ -0,0 +1,81 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit autotools libtool ltprune multilib-minimal
+
+DESCRIPTION="Tag Image File Format (TIFF) library"
+HOMEPAGE="http://libtiff.maptools.org";
+SRC_URI="http://download.osgeo.org/libtiff/${P}.tar.gz
+       ftp://ftp.remotesensing.org/pub/libtiff/${P}.tar.gz";
+
+LICENSE="libtiff"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 
~sh ~sparc ~x86 ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux 
~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris 
~x64-solaris ~x86-solaris"
+IUSE="+cxx jbig jpeg lzma static-libs test zlib"
+
+RDEPEND="jpeg? ( >=virtual/jpeg-0-r2:0=[${MULTILIB_USEDEP}] )
+       jbig? ( >=media-libs/jbigkit-2.1:=[${MULTILIB_USEDEP}] )
+       lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[${MULTILIB_USEDEP}] )
+       zlib? ( >=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}"
+
+REQUIRED_USE="test? ( jpeg )" #483132
+
+PATCHES=(
+       
"${FILESDIR}"/${PN}-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
+       
"${FILESDIR}"/${PN}-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
+       "${FILESDIR}"/${P}-CVE-2017-9935.patch #624696
+       "${FILESDIR}"/${P}-CVE-2017-9935-fix-incorrect-type.patch #624696
+       "${FILESDIR}"/${P}-CVE-2017-18013.patch #645982
+       "${FILESDIR}"/${P}-CVE-2018-5784.patch #645730
+)
+
+MULTILIB_WRAPPED_HEADERS=(
+       /usr/include/tiffconf.h
+)
+
+src_prepare() {
+       default
+
+       # tiffcp-thumbnail.sh fails as thumbnail binary doesn't get built 
anymore since tiff-4.0.7
+       sed '/tiffcp-thumbnail\.sh/d' -i test/Makefile.am || die
+
+       eautoreconf
+}
+
+multilib_src_configure() {
+       local myeconfargs=(
+               --without-x
+               $(use_enable cxx)
+               $(use_enable jbig)
+               $(use_enable jpeg)
+               $(use_enable lzma)
+               $(use_enable static-libs static)
+               $(use_enable zlib)
+       )
+       ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
+
+       # remove useless subdirs
+       if ! multilib_is_native_abi ; then
+               sed -i \
+                       -e 's/ tools//' \
+                       -e 's/ contrib//' \
+                       -e 's/ man//' \
+                       -e 's/ html//' \
+                       Makefile || die
+       fi
+}
+
+multilib_src_test() {
+       if ! multilib_is_native_abi ; then
+               emake -C tools
+       fi
+       emake check
+}
+
+multilib_src_install_all() {
+       prune_libtool_files --all
+       rm -f 
"${ED%/}"/usr/share/doc/${PF}/{COPYRIGHT,README*,RELEASE-DATE,TODO,VERSION}
+}