[gentoo-commits] repo/gentoo:master commit in: media-libs/tiff/, media-libs/tiff/files/
commit: 53cfbff2eb33daf68de4a26712be94e2a7fa7c10
Author: Michael Vetter iodoru org>
AuthorDate: Wed Feb 22 15:28:54 2023 +
Commit: Sam James gentoo org>
CommitDate: Wed Feb 22 16:23:17 2023 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=53cfbff2
media-libs/tiff: Fix several CVEs
Fixes:
* CVE-2023-0795 https://gitlab.com/libtiff/libtiff/-/issues/493
* CVE-2023-0796 https://gitlab.com/libtiff/libtiff/-/issues/499
* CVE-2023-0797 https://gitlab.com/libtiff/libtiff/-/issues/495
* CVE-2023-0798 https://gitlab.com/libtiff/libtiff/-/issues/492
* CVE-2023-0799 https://gitlab.com/libtiff/libtiff/-/issues/494
* CVE-2023-0800 https://gitlab.com/libtiff/libtiff/-/issues/496
* CVE-2023-0801 https://gitlab.com/libtiff/libtiff/-/issues/498
* CVE-2023-0802 https://gitlab.com/libtiff/libtiff/-/issues/500
* CVE-2023-0803 https://gitlab.com/libtiff/libtiff/-/issues/501
* CVE-2023-0804 https://gitlab.com/libtiff/libtiff/-/issues/497
Bug: https://bugs.gentoo.org/895900
Signed-off-by: Michael Vetter iodoru.org>
Closes: https://github.com/gentoo/gentoo/pull/29721
Signed-off-by: Sam James gentoo.org>
...CVE-2023-0797-CVE-2023-0798-CVE-2023-0799.patch | 287 +
...CVE-2023-0802-CVE-2023-0803-CVE-2023-0804.patch | 131 ++
media-libs/tiff/tiff-4.5.0-r2.ebuild | 92 +++
3 files changed, 510 insertions(+)
diff --git
a/media-libs/tiff/files/tiff-4.5.0-CVE-2023-0795-CVE-2023-0796-CVE-2023-0797-CVE-2023-0798-CVE-2023-0799.patch
b/media-libs/tiff/files/tiff-4.5.0-CVE-2023-0795-CVE-2023-0796-CVE-2023-0797-CVE-2023-0798-CVE-2023-0799.patch
new file mode 100644
index ..70a9b8269ec5
--- /dev/null
+++
b/media-libs/tiff/files/tiff-4.5.0-CVE-2023-0795-CVE-2023-0796-CVE-2023-0797-CVE-2023-0798-CVE-2023-0799.patch
@@ -0,0 +1,287 @@
+Index: tiff-4.5.0/tools/tiffcrop.c
+===
+Upstream commits:
+https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68
+https://gitlab.com/libtiff/libtiff/-/commit/9c22495e5eeeae9e00a1596720c969656bb8d678
+From 9c22495e5eeeae9e00a1596720c969656bb8d678 Mon Sep 17 00:00:00 2001
+From: Su_Laus
+Date: Fri, 3 Feb 2023 15:31:31 +0100
+Subject: [PATCH] tiffcrop correctly update buffersize after rotateImage()
+ fix#520 rotateImage() set up a new buffer and calculates its size
+ individually. Therefore, seg_buffs[] size needs to be updated accordingly.
+ Before this fix, the seg_buffs buffer size was calculated with a different
+ formula than within rotateImage().
+
+Closes #520.
+---
+ tools/tiffcrop.c | 36
+ 1 file changed, 20 insertions(+), 16 deletions(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index 7db69883..f8b66188 100644
+--- a/tools/tiffcrop.c
b/tools/tiffcrop.c
+@@ -577,7 +577,7 @@ static int rotateContigSamples24bits(uint16_t, uint16_t,
uint16_t, uint32_t,
+ static int rotateContigSamples32bits(uint16_t, uint16_t, uint16_t, uint32_t,
+ uint32_t, uint32_t, uint8_t *, uint8_t
*);
+ static int rotateImage(uint16_t, struct image_data *, uint32_t *, uint32_t *,
+- unsigned char **);
++ unsigned char **, size_t *);
+ static int mirrorImage(uint16_t, uint16_t, uint16_t, uint32_t, uint32_t,
+unsigned char *);
+ static int invertImage(uint16_t, uint16_t, uint16_t, uint32_t, uint32_t,
+@@ -7243,7 +7243,7 @@ static int correct_orientation(struct image_data *image,
+ }
+
+ if (rotateImage(rotation, image, &image->width, &image->length,
+-work_buff_ptr))
++work_buff_ptr, NULL))
+ {
+ TIFFError("correct_orientation", "Unable to rotate image");
+ return (-1);
+@@ -8563,8 +8563,12 @@ static int processCropSelections(struct image_data
*image,
+ if (crop->crop_mode & CROP_ROTATE) /* rotate should be last as it can
+ reallocate the buffer */
+ {
++/* rotateImage() set up a new buffer and calculates its size
++ * individually. Therefore, seg_buffs size needs to be updated
++ * accordingly. */
++size_t rot_buf_size = 0;
+ if (rotateImage(crop->rotation, image, &crop->combined_width,
+-&crop->combined_length, &crop_buff))
++&crop->combined_length, &crop_buff,
&rot_buf_size))
+ {
+ TIFFError("processCropSelections",
+ "Failed to rotate composite regions by %" PRIu32
+@@ -8573,9 +8577,7 @@ static int processCropSelections(struct image_data
*image,
+ return (-1);
+ }
+ seg_buffs[0].buffer = crop_buff;
+-seg_buffs[0].size =
+-(((crop->combined_width * image->bps + 7) / 8) * image->spp) *
[gentoo-commits] repo/gentoo:master commit in: media-libs/tiff/, media-libs/tiff/files/
commit: 7ebadfbb4602052047e063e83e78cf398d2610c5
Author: Michael Vetter iodoru org>
AuthorDate: Wed Feb 22 15:28:54 2023 +
Commit: Sam James gentoo org>
CommitDate: Wed Feb 22 16:21:38 2023 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7ebadfbb
media-libs/tiff: Fix several CVEs
Fixes:
* CVE-2023-0795 https://gitlab.com/libtiff/libtiff/-/issues/493
* CVE-2023-0796 https://gitlab.com/libtiff/libtiff/-/issues/499
* CVE-2023-0797 https://gitlab.com/libtiff/libtiff/-/issues/495
* CVE-2023-0798 https://gitlab.com/libtiff/libtiff/-/issues/492
* CVE-2023-0799 https://gitlab.com/libtiff/libtiff/-/issues/494
* CVE-2023-0800 https://gitlab.com/libtiff/libtiff/-/issues/496
* CVE-2023-0801 https://gitlab.com/libtiff/libtiff/-/issues/498
* CVE-2023-0802 https://gitlab.com/libtiff/libtiff/-/issues/500
* CVE-2023-0803 https://gitlab.com/libtiff/libtiff/-/issues/501
* CVE-2023-0804 https://gitlab.com/libtiff/libtiff/-/issues/497
Bug: https://github.com/gentoo/gentoo/pull/29721
Signed-off-by: Michael Vetter iodoru.org>
Closes: https://github.com/gentoo/gentoo/pull/29721
Signed-off-by: Sam James gentoo.org>
...CVE-2023-0797-CVE-2023-0798-CVE-2023-0799.patch | 287 +
...CVE-2023-0802-CVE-2023-0803-CVE-2023-0804.patch | 131 ++
media-libs/tiff/tiff-4.5.0-r2.ebuild | 92 +++
3 files changed, 510 insertions(+)
diff --git
a/media-libs/tiff/files/tiff-4.5.0-CVE-2023-0795-CVE-2023-0796-CVE-2023-0797-CVE-2023-0798-CVE-2023-0799.patch
b/media-libs/tiff/files/tiff-4.5.0-CVE-2023-0795-CVE-2023-0796-CVE-2023-0797-CVE-2023-0798-CVE-2023-0799.patch
new file mode 100644
index ..70a9b8269ec5
--- /dev/null
+++
b/media-libs/tiff/files/tiff-4.5.0-CVE-2023-0795-CVE-2023-0796-CVE-2023-0797-CVE-2023-0798-CVE-2023-0799.patch
@@ -0,0 +1,287 @@
+Index: tiff-4.5.0/tools/tiffcrop.c
+===
+Upstream commits:
+https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68
+https://gitlab.com/libtiff/libtiff/-/commit/9c22495e5eeeae9e00a1596720c969656bb8d678
+From 9c22495e5eeeae9e00a1596720c969656bb8d678 Mon Sep 17 00:00:00 2001
+From: Su_Laus
+Date: Fri, 3 Feb 2023 15:31:31 +0100
+Subject: [PATCH] tiffcrop correctly update buffersize after rotateImage()
+ fix#520 rotateImage() set up a new buffer and calculates its size
+ individually. Therefore, seg_buffs[] size needs to be updated accordingly.
+ Before this fix, the seg_buffs buffer size was calculated with a different
+ formula than within rotateImage().
+
+Closes #520.
+---
+ tools/tiffcrop.c | 36
+ 1 file changed, 20 insertions(+), 16 deletions(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index 7db69883..f8b66188 100644
+--- a/tools/tiffcrop.c
b/tools/tiffcrop.c
+@@ -577,7 +577,7 @@ static int rotateContigSamples24bits(uint16_t, uint16_t,
uint16_t, uint32_t,
+ static int rotateContigSamples32bits(uint16_t, uint16_t, uint16_t, uint32_t,
+ uint32_t, uint32_t, uint8_t *, uint8_t
*);
+ static int rotateImage(uint16_t, struct image_data *, uint32_t *, uint32_t *,
+- unsigned char **);
++ unsigned char **, size_t *);
+ static int mirrorImage(uint16_t, uint16_t, uint16_t, uint32_t, uint32_t,
+unsigned char *);
+ static int invertImage(uint16_t, uint16_t, uint16_t, uint32_t, uint32_t,
+@@ -7243,7 +7243,7 @@ static int correct_orientation(struct image_data *image,
+ }
+
+ if (rotateImage(rotation, image, &image->width, &image->length,
+-work_buff_ptr))
++work_buff_ptr, NULL))
+ {
+ TIFFError("correct_orientation", "Unable to rotate image");
+ return (-1);
+@@ -8563,8 +8563,12 @@ static int processCropSelections(struct image_data
*image,
+ if (crop->crop_mode & CROP_ROTATE) /* rotate should be last as it can
+ reallocate the buffer */
+ {
++/* rotateImage() set up a new buffer and calculates its size
++ * individually. Therefore, seg_buffs size needs to be updated
++ * accordingly. */
++size_t rot_buf_size = 0;
+ if (rotateImage(crop->rotation, image, &crop->combined_width,
+-&crop->combined_length, &crop_buff))
++&crop->combined_length, &crop_buff,
&rot_buf_size))
+ {
+ TIFFError("processCropSelections",
+ "Failed to rotate composite regions by %" PRIu32
+@@ -8573,9 +8577,7 @@ static int processCropSelections(struct image_data
*image,
+ return (-1);
+ }
+ seg_buffs[0].buffer = crop_buff;
+-seg_buffs[0].size =
+-(((crop->combined_width * image->bps + 7) / 8) * i
[gentoo-commits] repo/gentoo:master commit in: media-libs/tiff/, media-libs/tiff/files/
commit: d63be024fb77b02effd31c92cd79e55013118447
Author: Sam James gentoo org>
AuthorDate: Sat Dec 10 04:09:36 2022 +
Commit: Sam James gentoo org>
CommitDate: Sat Dec 10 04:09:36 2022 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d63be024
media-libs/tiff: add 4.5.0_rc1 (unkeyworded)
Bug: https://bugs.gentoo.org/856478
Signed-off-by: Sam James gentoo.org>
media-libs/tiff/Manifest | 2 +
.../tiff-4.5.0_rc1-skip-tools-tests-multilib.patch | 52 +
media-libs/tiff/tiff-4.5.0_rc1.ebuild | 89 ++
3 files changed, 143 insertions(+)
diff --git a/media-libs/tiff/Manifest b/media-libs/tiff/Manifest
index acd45d9a7287..ddbf4132f425 100644
--- a/media-libs/tiff/Manifest
+++ b/media-libs/tiff/Manifest
@@ -1,2 +1,4 @@
DIST tiff-4.4.0.tar.xz 1929292 BLAKE2B
d05a2fb293557d1e7cdec116c65c8338d7714af7b6abd8dd3bb2b476d62e044adc7d6c298843649d63c6bc09f6ce4660ee23638f9beb716937ccf236c2829dcf
SHA512
c9611faadc9b1199f3aba9a43bfa160c77c11558d1fa358b42115ed78db73c8387531c0668cc9021842c58f1c02f8d84264d3600e1039dfe6f866822ad91cff9
DIST tiff-4.4.0.tar.xz.sig 310 BLAKE2B
00dc8ff9c232ec4cca8b294659e6379b9bb512b58cd3d2f9231e7c10111510ac56aff3c6fc133a47f9fafc27595e099297c25940414495d8ea7f5a75aa43e9d2
SHA512
4ffdcbf5a8ce4a3be543d0ad43101ddcdb6ef22c3da5768c86660a40cc0cab48032a65c5e7bb0667f43d55dad5aa09dc0df302e2f9dbc9f24b8ccac643a0408c
+DIST tiff-4.5.0rc1.tar.xz 2314664 BLAKE2B
da6bdd79348a9626d8523903b43388cc963a86d8527ffb58fd8fcc09b1aae5d7317ccfcc8cf6b2515267b3b559d327db256303e70039b12552ae87c120ee7beb
SHA512
244a98142f0d18eb5b531dceb265d2444021c628e886912dbfb33e1d23e5444e350b5487bd8f94e3fbafd993dcb5e490c6f78c1426601e903ad2bbe4bc41953c
+DIST tiff-4.5.0rc1.tar.xz.sig 310 BLAKE2B
b1b7ecb1f04e446cf7622df0ecff1482ca6175f4206350e9698488e2aaca64112ff41adcd8c5b817efbea947ffaec54258f87c9e932badc3c7493391960dc715
SHA512
8b2cc1d0c01d4f40f1c4c0827dbb12508d533f6c98e59cb9876a33b89fd4bbbfc8ccced3f27536d3bc00b5ae286e6b919b1468462396da38112dfc34c4ade3e0
diff --git
a/media-libs/tiff/files/tiff-4.5.0_rc1-skip-tools-tests-multilib.patch
b/media-libs/tiff/files/tiff-4.5.0_rc1-skip-tools-tests-multilib.patch
new file mode 100644
index ..831afd287226
--- /dev/null
+++ b/media-libs/tiff/files/tiff-4.5.0_rc1-skip-tools-tests-multilib.patch
@@ -0,0 +1,52 @@
+https://gitlab.com/libtiff/libtiff/-/merge_requests/334
+
+From e7605b93b12c2bf3c864910c23ac976045b5a05a Mon Sep 17 00:00:00 2001
+From: Sam James
+Date: Sat, 21 May 2022 01:01:35 +0100
+Subject: [PATCH 1/2] test (autotools): skip script tests if tools aren't built
+
+In Gentoo, we avoid building the tools for multilib (32-bit, x86) builds on
+amd64/x86_64 because we only need the library to keep binary applications
working.
+
+This causes a test failure in e.g. tiffcp-thumbnail.sh as the 'thumbnail'
+binary isn't built. Skip it if unavailable.
+
+Fixes: https://gitlab.com/libtiff/libtiff/-/issues/421
+--- a/test/Makefile.am
b/test/Makefile.am
+@@ -55,13 +55,14 @@ XFAIL_TESTS =
+ CLEANFILES = test_packbits.tif o-*
+
+ if HAVE_JPEG
++if TIFF_TOOLS
+ JPEG_DEPENDENT_CHECK_PROG=raw_decode
+ JPEG_DEPENDENT_TESTSCRIPTS=\
+ tiff2rgba-quad-tile.jpg.sh \
+ tiff2rgba-ojpeg_zackthecat_subsamp22_single_strip.sh \
+ tiff2rgba-ojpeg_chewey_subsamp21_multi_strip.sh \
+ tiff2rgba-ojpeg_single_strip_no_rowsperstrip.sh
+-
++endif
+ else
+ JPEG_DEPENDENT_CHECK_PROG=
+ JPEG_DEPENDENT_TESTSCRIPTS=
+@@ -76,6 +77,7 @@ check_PROGRAMS = \
+ endif
+
+ # Test scripts to execute
++if TIFF_TOOLS
+ TESTSCRIPTS = \
+ ppm2tiff_pbm.sh \
+ ppm2tiff_pgm.sh \
+@@ -156,6 +158,9 @@ TESTSCRIPTS = \
+ testfax4.sh \
+ testdeflatelaststripextradata.sh \
+ $(JPEG_DEPENDENT_TESTSCRIPTS)
++else
++TESTSCRIPTS=
++endif
+
+ # This list should contain the references files
+ # from the 'refs' subdirectory
+--
+GitLab
diff --git a/media-libs/tiff/tiff-4.5.0_rc1.ebuild
b/media-libs/tiff/tiff-4.5.0_rc1.ebuild
new file mode 100644
index ..fd1df52b1205
--- /dev/null
+++ b/media-libs/tiff/tiff-4.5.0_rc1.ebuild
@@ -0,0 +1,89 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+QA_PKGCONFIG_VERSION="$(ver_cut 1-3)"
+
+# Release signer can vary per version but not clear if others will be doing
+# them in future, so gone with Even Rouault for now as he does other geosci
+# stuff too like PROJ, GDAL. Previous release manager of TIFF was
+# GraphicsMagick maintainer Bob Friesenhahn. Please be careful when verifying
+# who made releases.
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/rouault.asc
+inherit autotools multilib-minimal verify-sig libtool flag-o-matic
+
+MY_P="${P/_rc/rc}"
+DESCRIPTION="Tag Image File Format (TIFF) library"
+HOMEPAGE="http://libtiff.maptools.org";
+SRC_URI="https://download.osgeo.org/libtiff/${MY_P}.tar.xz";
+SRC_URI+=" verify-sig? (
[gentoo-commits] repo/gentoo:master commit in: media-libs/tiff/, media-libs/tiff/files/
commit: 33944343462c9aa5a0a23b4a296074d0bc62c5c2
Author: Sam James gentoo org>
AuthorDate: Thu Dec 1 07:15:54 2022 +
Commit: Sam James gentoo org>
CommitDate: Thu Dec 1 07:16:56 2022 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=33944343
media-libs/tiff: backport fix for hylafaxplus regression
Closes: https://bugs.gentoo.org/883641
Signed-off-by: Sam James gentoo.org>
.../files/tiff-4.4.0-hylafaxplus-regression.patch | 34 +++
media-libs/tiff/tiff-4.4.0-r2.ebuild | 102 +
2 files changed, 136 insertions(+)
diff --git a/media-libs/tiff/files/tiff-4.4.0-hylafaxplus-regression.patch
b/media-libs/tiff/files/tiff-4.4.0-hylafaxplus-regression.patch
new file mode 100644
index ..c640f6e1b1a7
--- /dev/null
+++ b/media-libs/tiff/files/tiff-4.4.0-hylafaxplus-regression.patch
@@ -0,0 +1,34 @@
+https://bugs.gentoo.org/883641
+https://gitlab.com/libtiff/libtiff/-/issues/489
+https://gitlab.com/libtiff/libtiff/-/commit/72de8fd00be8a583a6b16cc0b700105020d249ba
+
+From 72de8fd00be8a583a6b16cc0b700105020d249ba Mon Sep 17 00:00:00 2001
+From: Even Rouault
+Date: Tue, 29 Nov 2022 14:57:27 +0100
+Subject: [PATCH] TIFFWriteRawStrip(): restore capabilities to append data in
+ the current strip (fixes #489)
+
+This fixes a regression of libtiff 4.4.0
+--- a/libtiff/tif_write.c
b/libtiff/tif_write.c
+@@ -341,10 +341,13 @@ TIFFWriteRawStrip(TIFF* tif, uint32_t strip, void* data,
tmsize_t cc)
+ return ((tmsize_t) -1);
+ }
+
+- tif->tif_curstrip = strip;
++if (tif->tif_curstrip != strip)
++{
++tif->tif_curstrip = strip;
+
+- /* this informs TIFFAppendToStrip() we have changed or reset strip */
+- tif->tif_curoff = 0;
++/* this informs TIFFAppendToStrip() we have changed or reset strip */
++tif->tif_curoff = 0;
++}
+
+ if (td->td_stripsperimage == 0) {
+ TIFFErrorExtR(tif, module,"Zero strips per image");
+--
+GitLab
+
+
diff --git a/media-libs/tiff/tiff-4.4.0-r2.ebuild
b/media-libs/tiff/tiff-4.4.0-r2.ebuild
new file mode 100644
index ..f485be1f583a
--- /dev/null
+++ b/media-libs/tiff/tiff-4.4.0-r2.ebuild
@@ -0,0 +1,102 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+QA_PKGCONFIG_VERSION="$(ver_cut 1-3)"
+
+# Release signer can vary per version but not clear if others will be doing
+# them in future, so gone with Even Rouault for now as he does other geosci
+# stuff too like PROJ, GDAL. Previous release manager of TIFF was
+# GraphicsMagick maintainer Bob Friesenhahn. Please be careful when verifying
+# who made releases.
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/rouault.asc
+inherit multilib-minimal verify-sig libtool flag-o-matic
+
+MY_P="${P/_rc/rc}"
+DESCRIPTION="Tag Image File Format (TIFF) library"
+HOMEPAGE="http://libtiff.maptools.org";
+SRC_URI="https://download.osgeo.org/libtiff/${MY_P}.tar.xz";
+SRC_URI+=" verify-sig? ( https://download.osgeo.org/libtiff/${MY_P}.tar.xz.sig
)"
+S="${WORKDIR}/${PN}-$(ver_cut 1-3)"
+
+LICENSE="libtiff"
+SLOT="0"
+if [[ ${PV} != *_rc* ]] ; then
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc
~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos
~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+fi
+IUSE="+cxx jbig jpeg lzma static-libs test webp zlib zstd"
+RESTRICT="!test? ( test )"
+
+# bug #483132
+REQUIRED_USE="test? ( jpeg )"
+
+RDEPEND="jbig? ( >=media-libs/jbigkit-2.1:=[${MULTILIB_USEDEP}] )
+ jpeg? ( media-libs/libjpeg-turbo:=[${MULTILIB_USEDEP}] )
+ lzma? ( >=app-arch/xz-utils-5.0.5-r1[${MULTILIB_USEDEP}] )
+ webp? ( media-libs/libwebp:=[${MULTILIB_USEDEP}] )
+ zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
+ zstd? ( >=app-arch/zstd-1.3.7-r1:=[${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}"
+BDEPEND="verify-sig? ( sec-keys/openpgp-keys-evenrouault )"
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/tiffconf.h
+)
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-4.4.0_rc1-skip-thumbnail-test.patch
+ "${FILESDIR}"/${P}-hylafaxplus-regression.patch
+)
+
+src_prepare() {
+ default
+
+ # Added to fix cross-compilation
+ elibtoolize
+}
+
+multilib_src_configure() {
+ append-lfs-flags
+
+ local myeconfargs=(
+ --without-x
+ --with-docdir="${EPREFIX}"/usr/share/doc/${PF}
+ $(use_enable cxx)
+ $(use_enable jbig)
+ $(use_enable jpeg)
+ $(use_enable lzma)
+ $(use_enable static-libs static)
+ $(use_enable webp)
+ $(use_enable zlib)
+ $(use_enable zstd)
+ )
+
+ ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
+
+ # Remove components (like tools) that are irrelevant for the multilib
+ # bui
[gentoo-commits] repo/gentoo:master commit in: media-libs/tiff/, media-libs/tiff/files/
commit: 36b1b60543df094492afcbdea67a49a9157635d1
Author: Mikle Kolyada gentoo org>
AuthorDate: Sun Nov 3 13:46:15 2019 +
Commit: Mikle Kolyada gentoo org>
CommitDate: Sun Nov 3 13:46:15 2019 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=36b1b605
media-libs/tiff: Drop insecure
Package-Manager: Portage-2.3.76, Repoman-2.3.16
Signed-off-by: Mikle Kolyada gentoo.org>
...ferOverflow-ChopUpSingleUncompressedStrip.patch | 33 -
...ferOverflow-ChopUpSingleUncompressedStrip.patch | 26 ---
media-libs/tiff/tiff-4.0.10-r1.ebuild | 86 --
media-libs/tiff/tiff-4.0.10.ebuild | 83 -
4 files changed, 228 deletions(-)
diff --git
a/media-libs/tiff/files/tiff-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
b/media-libs/tiff/files/tiff-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
deleted file mode 100644
index a45ee342f77..000
---
a/media-libs/tiff/files/tiff-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-https://codereview.chromium.org/2284063002
-https://crbug.com/618267
-https://pdfium.googlesource.com/pdfium/+/master/libtiff/
-
-Author: tracy_jiang
-Date: Mon Aug 29 13:42:56 2016 -0700
-
-Fix for #618267. Adding a method to determine if multiplication has
-overflow.
-
a/libtiff/tif_aux.c
-+++ b/libtiff/tif_aux.c
-@@ -69,7 +69,7 @@ _TIFFCheckRealloc(TIFF* tif, void* buffer,
- /*
-* XXX: Check for integer overflow.
-*/
-- if (nmemb && elem_size && bytes / elem_size == nmemb)
-+ if (nmemb && elem_size && !_TIFFIfMultiplicationOverflow(nmemb,
elem_size))
- cp = _TIFFrealloc(buffer, bytes);
-
- if (cp == NULL) {
a/libtiff/tiffiop.h
-+++ b/libtiff/tiffiop.h
-@@ -315,6 +315,9 @@ typedef size_t TIFFIOSize_t;
- #define _TIFF_off_t off_t
- #endif
-
-+#include
-+#define _TIFFIfMultiplicationOverflow(op1, op2) ((op1) > SSIZE_MAX / (op2))
-+
- #if defined(__cplusplus)
- extern "C" {
- #endif
diff --git
a/media-libs/tiff/files/tiff-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
b/media-libs/tiff/files/tiff-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
deleted file mode 100644
index 35f59b9bffd..000
---
a/media-libs/tiff/files/tiff-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-https://codereview.chromium.org/2405693002
-https://crbug.com/654169
-https://pdfium.googlesource.com/pdfium/+/master/libtiff/
-
-Author: stackexploit
-Date: Mon Oct 10 10:58:25 2016 -0700
-
-libtiff: Prevent a buffer overflow in function ChopUpSingleUncompressedStrip.
-
-The patch (https://codereview.chromium.org/2284063002) for Issue 618267
-was insufficient. The integer overflow still could be triggered and could
-lead to heap buffer overflow.
-
-This CL strengthens integer overflow check in function _TIFFCheckRealloc.
-
a/libtiff/tif_aux.c
-+++ b/libtiff/tif_aux.c
-@@ -69,7 +69,7 @@ _TIFFCheckRealloc(TIFF* tif, void* buffer,
- /*
-* XXX: Check for integer overflow.
-*/
-- if (nmemb && elem_size && !_TIFFIfMultiplicationOverflow(nmemb,
elem_size))
-+ if (nmemb > 0 && elem_size > 0 && !_TIFFIfMultiplicationOverflow(nmemb,
elem_size))
- cp = _TIFFrealloc(buffer, bytes);
-
- if (cp == NULL) {
diff --git a/media-libs/tiff/tiff-4.0.10-r1.ebuild
b/media-libs/tiff/tiff-4.0.10-r1.ebuild
deleted file mode 100644
index 3a79093c5f7..000
--- a/media-libs/tiff/tiff-4.0.10-r1.ebuild
+++ /dev/null
@@ -1,86 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit autotools libtool multilib-minimal
-
-DESCRIPTION="Tag Image File Format (TIFF) library"
-HOMEPAGE="http://libtiff.maptools.org";
-SRC_URI="https://download.osgeo.org/libtiff/${P}.tar.gz";
-
-LICENSE="libtiff"
-SLOT="0"
-KEYWORDS="alpha amd64 ~arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~riscv s390
~sh sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos
~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="+cxx jbig jpeg lzma static-libs test webp zlib zstd"
-
-RDEPEND="
- jbig? ( >=media-libs/jbigkit-2.1:=[${MULTILIB_USEDEP}] )
- jpeg? ( >=virtual/jpeg-0-r2:0=[${MULTILIB_USEDEP}] )
- lzma? ( >=app-arch/xz-utils-5.0.5-r1[${MULTILIB_USEDEP}] )
- webp? ( media-libs/libwebp:=[${MULTILIB_USEDEP}] )
- zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
- zstd? ( >=app-arch/zstd-1.3.7-r1:=[${MULTILIB_USEDEP}] )
-"
-DEPEND="${RDEPEND}"
-
-REQUIRED_USE="test? ( jpeg )" #483132
-
-PATCHES=(
-
"${FILESDIR}"/${PN}-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
-
"${FILESDIR}"/${PN}-4.0.7-pdfium-0008-HeapBufferO
[gentoo-commits] repo/gentoo:master commit in: media-libs/tiff/, media-libs/tiff/files/
commit: 6f50c6e9a116c3d950db0cd2e131893aca2f1cf2
Author: Mattias Nissler chromium org>
AuthorDate: Tue Sep 3 10:25:18 2019 +
Commit: Aaron Bauman gentoo org>
CommitDate: Tue Sep 3 19:45:36 2019 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6f50c6e9
media-libs/tiff: Pull in patch for CVE-2019-14973
Bug: https://bugs.gentoo.org/693394
Signed-off-by: Mattias Nissler chromium.org>
Closes: https://github.com/gentoo/gentoo/pull/12851
Signed-off-by: Aaron Bauman gentoo.org>
0.10-CVE-2019-14973-fix-integer-overflow.patch | 395 +
media-libs/tiff/tiff-4.0.10-r2.ebuild | 85 +
2 files changed, 480 insertions(+)
diff --git
a/media-libs/tiff/files/tiff-4.0.10-CVE-2019-14973-fix-integer-overflow.patch
b/media-libs/tiff/files/tiff-4.0.10-CVE-2019-14973-fix-integer-overflow.patch
new file mode 100644
index 000..cbcbfd9d7f0
--- /dev/null
+++
b/media-libs/tiff/files/tiff-4.0.10-CVE-2019-14973-fix-integer-overflow.patch
@@ -0,0 +1,395 @@
+From 6ebfcac47224d3b8661c501967d495135449883e Mon Sep 17 00:00:00 2001
+From: Even Rouault
+Date: Sat, 10 Aug 2019 18:25:03 +0200
+Subject: [PATCH] Fix integer overflow in _TIFFCheckMalloc() and other
+ implementation-defined behaviour (CVE-2019-14973)
+
+_TIFFCheckMalloc()/_TIFFCheckRealloc() used a unsafe way to detect overflow
+in the multiplication of nmemb and elem_size (which are of type tmsize_t, thus
+signed), which was especially easily triggered on 32-bit builds (with recent
+enough compilers that assume that signed multiplication cannot overflow, since
+this is undefined behaviour by the C standard). The original issue which lead
to
+this fix was trigged from tif_fax3.c
+
+There were also unsafe (implementation defied), and broken in practice on 64bit
+builds, ways of checking that a uint64 fits of a (signed) tmsize_t by doing
+(uint64)(tmsize_t)uint64_var != uint64_var comparisons. Those have no known
+at that time exploits, but are better to fix in a more bullet-proof way.
+Or similarly use of (int64)uint64_var <= 0.
+
+--- a/libtiff/tif_aux.c
b/libtiff/tif_aux.c
+@@ -57,18 +57,57 @@ _TIFFMultiply64(TIFF* tif, uint64 first, uint64 second,
const char* where)
+ return bytes;
+ }
+
++tmsize_t
++_TIFFMultiplySSize(TIFF* tif, tmsize_t first, tmsize_t second, const char*
where)
++{
++if( first <= 0 || second <= 0 )
++{
++if( tif != NULL && where != NULL )
++{
++TIFFErrorExt(tif->tif_clientdata, where,
++"Invalid argument to _TIFFMultiplySSize() in %s",
where);
++}
++return 0;
++}
++
++if( first > TIFF_TMSIZE_T_MAX / second )
++{
++if( tif != NULL && where != NULL )
++{
++TIFFErrorExt(tif->tif_clientdata, where,
++"Integer overflow in %s", where);
++}
++return 0;
++}
++return first * second;
++}
++
++tmsize_t _TIFFCastUInt64ToSSize(TIFF* tif, uint64 val, const char* module)
++{
++if( val > (uint64)TIFF_TMSIZE_T_MAX )
++{
++if( tif != NULL && module != NULL )
++{
++TIFFErrorExt(tif->tif_clientdata,module,"Integer overflow");
++}
++return 0;
++}
++return (tmsize_t)val;
++}
++
+ void*
+ _TIFFCheckRealloc(TIFF* tif, void* buffer,
+ tmsize_t nmemb, tmsize_t elem_size, const char* what)
+ {
+ void* cp = NULL;
+- tmsize_t bytes = nmemb * elem_size;
+-
++tmsize_t count = _TIFFMultiplySSize(tif, nmemb, elem_size, NULL);
+ /*
+- * XXX: Check for integer overflow.
++ * Check for integer overflow.
+*/
+- if (nmemb && elem_size && bytes / elem_size == nmemb)
+- cp = _TIFFrealloc(buffer, bytes);
++ if (count != 0)
++ {
++ cp = _TIFFrealloc(buffer, count);
++ }
+
+ if (cp == NULL) {
+ TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
+--- a/libtiff/tif_getimage.c
b/libtiff/tif_getimage.c
+@@ -755,9 +755,8 @@ gtTileSeparate(TIFFRGBAImage* img, uint32* raster, uint32
w, uint32 h)
+ uint32 leftmost_tw;
+
+ tilesize = TIFFTileSize(tif);
+- bufsize = TIFFSafeMultiply(tmsize_t,alpha?4:3,tilesize);
++ bufsize = _TIFFMultiplySSize(tif, alpha?4:3,tilesize, "gtTileSeparate");
+ if (bufsize == 0) {
+- TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer
overflow in %s", "gtTileSeparate");
+ return (0);
+ }
+
+@@ -1019,9 +1018,8 @@ gtStripSeparate(TIFFRGBAImage* img, uint32* raster,
uint32 w, uint32 h)
+ uint16 colorchannels;
+
+ stripsize = TIFFStripSize(tif);
+- bufsize = TIFFSafeMultiply(tmsize_t,alpha?4:3,stripsize);
++ bufsize = _TIFFMultiplySSize(tif,alpha?4:3,stripsize,
"gtStripSeparate");
+ if (bufsize == 0) {
+- TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer
overflow in %s", "gtStripSeparate"
[gentoo-commits] repo/gentoo:master commit in: media-libs/tiff/, media-libs/tiff/files/
commit: 1408d12740a4cd2a6d71fe5f52386d9d77128645
Author: Aaron Bauman gentoo org>
AuthorDate: Mon Aug 5 00:03:19 2019 +
Commit: Aaron Bauman gentoo org>
CommitDate: Mon Aug 5 00:12:00 2019 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1408d127
media-libs/tiff: revbump to address open security bugs
* This commit addresses 3 outstanding security issues reported by the
individuals listed below.
* This commit involved cherry-picking the patches and adding a revbump as
the original PR's renamed the original ebuild and kept stable keywords.
Bug: https://bugs.gentoo.org/639700
Bug: https://bugs.gentoo.org/690732
Closes: https://github.com/gentoo/gentoo/pull/12543
Closes: https://github.com/gentoo/gentoo/pull/11743
Reported-by: Benjamin Gordon chromium.org>
Reported-by: Allen Webb google.com>
Signed-off-by: Aaron Bauman gentoo.org>
...-2018-17000-tif_dirwrite-null-dereference.patch | 33 +
.../tiff-4.0.10-CVE-2019-6128-pal2rgb-leak.patch | 48
0.10-CVE-2019-7663-tiffcpIntegerOverflow.patch | 73 ++
media-libs/tiff/tiff-4.0.10-r1.ebuild | 86 ++
4 files changed, 240 insertions(+)
diff --git
a/media-libs/tiff/files/tiff-4.0.10-CVE-2018-17000-tif_dirwrite-null-dereference.patch
b/media-libs/tiff/files/tiff-4.0.10-CVE-2018-17000-tif_dirwrite-null-dereference.patch
new file mode 100644
index 000..321c6a428af
--- /dev/null
+++
b/media-libs/tiff/files/tiff-4.0.10-CVE-2018-17000-tif_dirwrite-null-dereference.patch
@@ -0,0 +1,33 @@
+https://crbug.com/901306
+
+commit 802d3cbf3043be5dce5317e140ccb1c17a6a2d39
+Author: Thomas Bernard
+Date: Tue Jan 29 11:21:47 2019 +0100
+
+TIFFWriteDirectoryTagTransferfunction() : fix NULL dereferencing
+
+http://bugzilla.maptools.org/show_bug.cgi?id=2833
+
+we must check the pointer is not NULL before memcmp() the memory
+
+diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
+index
c15a28dbd8fcb99b81fa5a1d44fcbcda881f42a7..ef30c869d30e210d90be16ce91f44087925fbad3
100644
+--- a/libtiff/tif_dirwrite.c
b/libtiff/tif_dirwrite.c
+@@ -1893,12 +1893,14 @@ TIFFWriteDirectoryTagTransferfunction(TIFF* tif,
uint32* ndir, TIFFDirEntry* dir
+ n=3;
+ if (n==3)
+ {
+- if
(!_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[2],m*sizeof(uint16)))
++ if (tif->tif_dir.td_transferfunction[2] == NULL ||
++
!_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[2],m*sizeof(uint16)))
+ n=2;
+ }
+ if (n==2)
+ {
+- if
(!_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[1],m*sizeof(uint16)))
++ if (tif->tif_dir.td_transferfunction[1] == NULL ||
++
!_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[1],m*sizeof(uint16)))
+ n=1;
+ }
+ if (n==0)
diff --git a/media-libs/tiff/files/tiff-4.0.10-CVE-2019-6128-pal2rgb-leak.patch
b/media-libs/tiff/files/tiff-4.0.10-CVE-2019-6128-pal2rgb-leak.patch
new file mode 100644
index 000..38d020fec24
--- /dev/null
+++ b/media-libs/tiff/files/tiff-4.0.10-CVE-2019-6128-pal2rgb-leak.patch
@@ -0,0 +1,48 @@
+https://crbug.com/923647
+
+commit ae0bed1fe530a82faf2e9ea1775109dbf301a971
+Merge: 933784a1 0c74a9f4
+Author: Even Rouault
+Date: Sat Feb 2 14:46:05 2019 +
+
+Merge branch 'master' into 'master'
+
+Fix for simple memory leak that was assigned CVE-2019-6128.
+
+See merge request libtiff/libtiff!50
+
+diff --git a/tools/pal2rgb.c b/tools/pal2rgb.c
+index
01d8502ecf7a8a7f015e49ca9378a1a741cbc06b..9492f1cf1212177bf7e97d307757d0977c898e90
100644
+--- a/tools/pal2rgb.c
b/tools/pal2rgb.c
+@@ -118,12 +118,14 @@ main(int argc, char* argv[])
+ shortv != PHOTOMETRIC_PALETTE) {
+ fprintf(stderr, "%s: Expecting a palette image.\n",
+ argv[optind]);
++ (void) TIFFClose(in);
+ return (-1);
+ }
+ if (!TIFFGetField(in, TIFFTAG_COLORMAP, &rmap, &gmap, &bmap)) {
+ fprintf(stderr,
+ "%s: No colormap (not a valid palette image).\n",
+ argv[optind]);
++ (void) TIFFClose(in);
+ return (-1);
+ }
+ bitspersample = 0;
+@@ -131,11 +133,14 @@ main(int argc, char* argv[])
+ if (bitspersample != 8) {
+ fprintf(stderr, "%s: Sorry, can only handle 8-bit images.\n",
+ argv[optind]);
++ (void) TIFFClose(in);
+ return (-1);
+ }
+ out = TIFFOpen(argv[optind+1], "w");
+- if (out == NULL)
++ if (out == NULL) {
++ (void) TIFFClose(in);
+ return (-2);
++ }
+ cpTags(in, out);
+ TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &i
[gentoo-commits] repo/gentoo:master commit in: media-libs/tiff/, media-libs/tiff/files/
commit: afb651b9908c9fd2d24a8e347e152bc195b486bc
Author: Mike Frysinger chromium org>
AuthorDate: Tue May 29 01:02:58 2018 +
Commit: Mike Frysinger gentoo org>
CommitDate: Tue May 29 01:03:54 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=afb651b9
media-libs/tiff: add upstream fix for CVE-2017-18013 #645982
Bug: https://bugs.gentoo.org/645982
.../tiff/files/tiff-4.0.9-CVE-2017-18013.patch | 39 +++
media-libs/tiff/tiff-4.0.9-r4.ebuild | 81 ++
2 files changed, 120 insertions(+)
diff --git a/media-libs/tiff/files/tiff-4.0.9-CVE-2017-18013.patch
b/media-libs/tiff/files/tiff-4.0.9-CVE-2017-18013.patch
new file mode 100644
index 000..2db890aef90
--- /dev/null
+++ b/media-libs/tiff/files/tiff-4.0.9-CVE-2017-18013.patch
@@ -0,0 +1,39 @@
+https://bugs.gentoo.org/645982
+https://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01
+
+From c6f41df7b581402dfba3c19a1e3df4454c551a01 Mon Sep 17 00:00:00 2001
+From: Even Rouault
+Date: Sun, 31 Dec 2017 15:09:41 +0100
+Subject: [PATCH] libtiff/tif_print.c: TIFFPrintDirectory(): fix null pointer
+ dereference on corrupted file. Fixes
+ http://bugzilla.maptools.org/show_bug.cgi?id=2770
+
+---
+ libtiff/tif_print.c | 8
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/libtiff/tif_print.c b/libtiff/tif_print.c
+index 9959d353b1f9..8deceb2b054d 100644
+--- a/libtiff/tif_print.c
b/libtiff/tif_print.c
+@@ -665,13 +665,13 @@ TIFFPrintDirectory(TIFF* tif, FILE* fd, long flags)
+ #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
+ fprintf(fd, "%3lu: [%8I64u, %8I64u]\n",
+ (unsigned long) s,
+- (unsigned __int64) td->td_stripoffset[s],
+- (unsigned __int64) td->td_stripbytecount[s]);
++ td->td_stripoffset ? (unsigned __int64)
td->td_stripoffset[s] : 0,
++ td->td_stripbytecount ? (unsigned __int64)
td->td_stripbytecount[s] : 0);
+ #else
+ fprintf(fd, "%3lu: [%8llu, %8llu]\n",
+ (unsigned long) s,
+- (unsigned long long) td->td_stripoffset[s],
+- (unsigned long long) td->td_stripbytecount[s]);
++ td->td_stripoffset ? (unsigned long long)
td->td_stripoffset[s] : 0,
++ td->td_stripbytecount ? (unsigned long long)
td->td_stripbytecount[s] : 0);
+ #endif
+ }
+ }
+--
+2.16.1
+
diff --git a/media-libs/tiff/tiff-4.0.9-r4.ebuild
b/media-libs/tiff/tiff-4.0.9-r4.ebuild
new file mode 100644
index 000..4787ecd348e
--- /dev/null
+++ b/media-libs/tiff/tiff-4.0.9-r4.ebuild
@@ -0,0 +1,81 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit autotools libtool ltprune multilib-minimal
+
+DESCRIPTION="Tag Image File Format (TIFF) library"
+HOMEPAGE="http://libtiff.maptools.org";
+SRC_URI="http://download.osgeo.org/libtiff/${P}.tar.gz
+ ftp://ftp.remotesensing.org/pub/libtiff/${P}.tar.gz";
+
+LICENSE="libtiff"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390
~sh ~sparc ~x86 ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux
~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris
~x64-solaris ~x86-solaris"
+IUSE="+cxx jbig jpeg lzma static-libs test zlib"
+
+RDEPEND="jpeg? ( >=virtual/jpeg-0-r2:0=[${MULTILIB_USEDEP}] )
+ jbig? ( >=media-libs/jbigkit-2.1:=[${MULTILIB_USEDEP}] )
+ lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[${MULTILIB_USEDEP}] )
+ zlib? ( >=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}"
+
+REQUIRED_USE="test? ( jpeg )" #483132
+
+PATCHES=(
+
"${FILESDIR}"/${PN}-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
+
"${FILESDIR}"/${PN}-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
+ "${FILESDIR}"/${P}-CVE-2017-9935.patch #624696
+ "${FILESDIR}"/${P}-CVE-2017-9935-fix-incorrect-type.patch #624696
+ "${FILESDIR}"/${P}-CVE-2017-18013.patch #645982
+ "${FILESDIR}"/${P}-CVE-2018-5784.patch #645730
+)
+
+MULTILIB_WRAPPED_HEADERS=(
+ /usr/include/tiffconf.h
+)
+
+src_prepare() {
+ default
+
+ # tiffcp-thumbnail.sh fails as thumbnail binary doesn't get built
anymore since tiff-4.0.7
+ sed '/tiffcp-thumbnail\.sh/d' -i test/Makefile.am || die
+
+ eautoreconf
+}
+
+multilib_src_configure() {
+ local myeconfargs=(
+ --without-x
+ $(use_enable cxx)
+ $(use_enable jbig)
+ $(use_enable jpeg)
+ $(use_enable lzma)
+ $(use_enable static-libs static)
+ $(use_enable zlib)
+ )
+ ECONF_SOURCE="${S}" econf
[gentoo-commits] repo/gentoo:master commit in: media-libs/tiff/, media-libs/tiff/files/
commit: b5f874c2b8cbbdb0eb013c1543ef3aaddbe67903
Author: Michael Vetter iodoru org>
AuthorDate: Tue Feb 20 14:18:53 2018 +
Commit: Lars Wendler gentoo org>
CommitDate: Tue Feb 20 14:29:48 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b5f874c2
media-libs/tiff: Fix CVE-2018-5784
Patch is upstream commit:
https://gitlab.com/libtiff/libtiff/commit/473851d211cf8805a161820337ca74cc9615d6ef
Bug: https://bugs.gentoo.org/645730
Package-Manager: Portage-2.3.19, Repoman-2.3.6
Closes: https://github.com/gentoo/gentoo/pull/7237
.../tiff/files/tiff-4.0.9-CVE-2018-5784.patch | 128 +
media-libs/tiff/tiff-4.0.9-r3.ebuild | 84 ++
2 files changed, 212 insertions(+)
diff --git a/media-libs/tiff/files/tiff-4.0.9-CVE-2018-5784.patch
b/media-libs/tiff/files/tiff-4.0.9-CVE-2018-5784.patch
new file mode 100644
index 000..56d0f4b0687
--- /dev/null
+++ b/media-libs/tiff/files/tiff-4.0.9-CVE-2018-5784.patch
@@ -0,0 +1,128 @@
+From 473851d211cf8805a161820337ca74cc9615d6ef Mon Sep 17 00:00:00 2001
+From: Nathan Baker
+Date: Tue, 6 Feb 2018 10:13:57 -0500
+Subject: [PATCH] Fix for bug 2772
+
+It is possible to craft a TIFF document where the IFD list is circular,
+leading to an infinite loop while traversing the chain. The libtiff
+directory reader has a failsafe that will break out of this loop after
+reading 65535 directory entries, but it will continue processing,
+consuming time and resources to process what is essentially a bogus TIFF
+document.
+
+This change fixes the above behavior by breaking out of processing when
+a TIFF document has >= 65535 directories and terminating with an error.
+---
+ contrib/addtiffo/tif_overview.c | 14 +-
+ tools/tiff2pdf.c| 10 ++
+ tools/tiffcrop.c| 13 +++--
+ 3 files changed, 34 insertions(+), 3 deletions(-)
+
+diff --git a/contrib/addtiffo/tif_overview.c b/contrib/addtiffo/tif_overview.c
+index c61ffbb..03b3573 100644
+--- a/contrib/addtiffo/tif_overview.c
b/contrib/addtiffo/tif_overview.c
+@@ -65,6 +65,8 @@
+ # define MAX(a,b) ((a>b) ? a : b)
+ #endif
+
++#define TIFF_DIR_MAX 65534
++
+ void TIFFBuildOverviews( TIFF *, int, int *, int, const char *,
+ int (*)(double,void*), void * );
+
+@@ -91,6 +93,7 @@ uint32 TIFF_WriteOverview( TIFF *hTIFF, uint32 nXSize,
uint32 nYSize,
+ {
+ toff_tnBaseDirOffset;
+ toff_tnOffset;
++tdir_tiNumDir;
+
+ (void) bUseSubIFDs;
+
+@@ -147,7 +150,16 @@ uint32 TIFF_WriteOverview( TIFF *hTIFF, uint32 nXSize,
uint32 nYSize,
+ return 0;
+
+ TIFFWriteDirectory( hTIFF );
+-TIFFSetDirectory( hTIFF, (tdir_t) (TIFFNumberOfDirectories(hTIFF)-1) );
++iNumDir = TIFFNumberOfDirectories(hTIFF);
++if( iNumDir > TIFF_DIR_MAX )
++{
++TIFFErrorExt( TIFFClientdata(hTIFF),
++ "TIFF_WriteOverview",
++ "File `%s' has too many directories.\n",
++ TIFFFileName(hTIFF) );
++exit(-1);
++}
++TIFFSetDirectory( hTIFF, (tdir_t) (iNumDir - 1) );
+
+ nOffset = TIFFCurrentDirOffset( hTIFF );
+
+diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c
+index 984ef65..832a247 100644
+--- a/tools/tiff2pdf.c
b/tools/tiff2pdf.c
+@@ -68,6 +68,8 @@ extern int getopt(int, char**, char*);
+
+ #define PS_UNIT_SIZE 72.0F
+
++#define TIFF_DIR_MAX65534
++
+ /* This type is of PDF color spaces. */
+ typedef enum {
+ T2P_CS_BILEVEL = 0x01, /* Bilevel, black and white */
+@@ -1051,6 +1053,14 @@ void t2p_read_tiff_init(T2P* t2p, TIFF* input){
+ uint16* tiff_transferfunction[3];
+
+ directorycount=TIFFNumberOfDirectories(input);
++ if(directorycount > TIFF_DIR_MAX) {
++ TIFFError(
++ TIFF2PDF_MODULE,
++ "TIFF contains too many directories, %s",
++ TIFFFileName(input));
++ t2p->t2p_error = T2P_ERR_ERROR;
++ return;
++ }
+ t2p->tiff_pages = (T2P_PAGE*)
_TIFFmalloc(TIFFSafeMultiply(tmsize_t,directorycount,sizeof(T2P_PAGE)));
+ if(t2p->tiff_pages==NULL){
+ TIFFError(
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index 91a38f6..e466dae 100644
+--- a/tools/tiffcrop.c
b/tools/tiffcrop.c
+@@ -215,6 +215,8 @@ extern int getopt(int argc, char * const argv[], const
char *optstring);
+ #define DUMP_TEXT 1
+ #define DUMP_RAW2
+
++#define TIFF_DIR_MAX 65534
++
+ /* Offsets into buffer for margins and fixed width and length segments */
+ struct offset {
+ uint32 tmargin;
+@@ -2232,7 +2234,7 @@ main(int argc, char* argv[])
+ pageNum = -1;
+ else
+ total_images = 0;
+- /* read multiple input files and write to output file(s) */
++ /* Read multiple input files and write to output file(s) */
+ while (optind < argc - 1)
+ {
+ in = TIFFOpen (argv[optind], "r");
+@@ -224
[gentoo-commits] repo/gentoo:master commit in: media-libs/tiff/, media-libs/tiff/files/
commit: 249ac401ff26eaed63135c2732186a1f98e13eb0 Author: Lars Wendler gentoo org> AuthorDate: Sun Nov 19 20:51:35 2017 + Commit: Lars Wendler gentoo org> CommitDate: Sun Nov 19 20:52:26 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=249ac401 media-libs/tiff: Removed old. Package-Manager: Portage-2.3.14, Repoman-2.3.6 media-libs/tiff/Manifest | 1 - .../tiff/files/tiff-4.0.7-CVE-2016-10266.patch | 46 .../tiff/files/tiff-4.0.7-CVE-2016-10267.patch | 53 .../tiff/files/tiff-4.0.7-CVE-2017-5225.patch | 74 -- media-libs/tiff/files/tiff-4.0.7-bug2130.patch | 112 - media-libs/tiff/files/tiff-4.0.7-bug2535.patch | 54 media-libs/tiff/files/tiff-4.0.7-bug2594.patch | 28 --- media-libs/tiff/files/tiff-4.0.7-bug2597.patch | 41 --- media-libs/tiff/files/tiff-4.0.7-bug2598.patch | 31 --- media-libs/tiff/files/tiff-4.0.7-bug2599.patch | 54 media-libs/tiff/files/tiff-4.0.7-bug2604.patch | 108 media-libs/tiff/files/tiff-4.0.7-bug2605.patch | 55 media-libs/tiff/files/tiff-4.0.7-bug2607.patch | 41 --- media-libs/tiff/files/tiff-4.0.7-bug2608.patch | 104 media-libs/tiff/files/tiff-4.0.7-bug2610.patch | 46 media-libs/tiff/files/tiff-4.0.7-bug2619.patch | 46 media-libs/tiff/files/tiff-4.0.7-bug2620.patch | 29 --- media-libs/tiff/files/tiff-4.0.7-bug2621.patch | 49 media-libs/tiff/files/tiff-4.0.7-bug2627.patch | 59 - media-libs/tiff/files/tiff-4.0.7-bug2631.patch | 34 --- .../tiff/files/tiff-4.0.7-bug2633-bug2634.patch| 41 --- media-libs/tiff/files/tiff-4.0.7-bug2635.patch | 33 --- media-libs/tiff/files/tiff-4.0.7-bug2638.patch | 29 --- media-libs/tiff/files/tiff-4.0.7-bug2639.patch | 58 - media-libs/tiff/files/tiff-4.0.7-bug2640.patch | 28 --- ...iff-4.0.7-bug2642-bug2643-bug2646-bug2647.patch | 278 - media-libs/tiff/files/tiff-4.0.7-bug2644.patch | 45 media-libs/tiff/files/tiff-4.0.7-bug2648.patch | 33 --- media-libs/tiff/files/tiff-4.0.7-bug2650-2.patch | 26 -- media-libs/tiff/files/tiff-4.0.7-bug2650.patch | 54 media-libs/tiff/files/tiff-4.0.7-bug2651.patch | 86 --- media-libs/tiff/files/tiff-4.0.7-bug2653.patch | 33 --- media-libs/tiff/files/tiff-4.0.7-bug2658.patch | 33 --- media-libs/tiff/files/tiff-4.0.7-bug2659-2.patch | 41 --- media-libs/tiff/files/tiff-4.0.7-bug2659.patch | 34 --- media-libs/tiff/files/tiff-4.0.7-bug2665.patch | 43 media-libs/tiff/files/tiff-4.0.7-fax2tiff.patch| 39 --- .../tiff/files/tiff-4.0.7-hylafax-hack.patch | 38 --- media-libs/tiff/tiff-4.0.7-r3.ebuild | 121 - media-libs/tiff/tiff-4.0.7.ebuild | 73 -- 40 files changed, 2231 deletions(-) diff --git a/media-libs/tiff/Manifest b/media-libs/tiff/Manifest index bee82d59f00..2b2df775d4e 100644 --- a/media-libs/tiff/Manifest +++ b/media-libs/tiff/Manifest @@ -1,4 +1,3 @@ DIST tiff-3.9.7.tar.gz 1468097 SHA256 f5d64dd4ce61c55f5e9f6dc3920fbe5a41e02c2e607da7117a35eb5c320cef6a SHA512 ca89584a9ffa33b4986e4bc2165043cec239896f1f0ab73db00818d0442b570efaa6345b2ed422e884202324d359713df849bf14782bb0cf3b959655febddd77 WHIRLPOOL c06b35da66c365c1fe7f0e6e06a400e139d3e2b5b280aa764015c2f0383a6191ffb3d335cdf2211b687bbb0caacf641be409148986a9813dfde5822a650a9b1c -DIST tiff-4.0.7.tar.gz 2076392 SHA256 9f43a2cfb9589e5cecaa66e16bf87f814c945f22df7ba600d63aac4632c4f019 SHA512 941357bdd5f947cdca41a1d31ae14b3fadc174ae5dce7b7981dbe58f61995f575ac2e97a7cc4fcc435184012017bec0920278263490464644f2cdfad9a6c5ddc WHIRLPOOL 3090a0d8a5ad3595c97888edab3c48379175cad993567d20be5f397b1c5c1d21012de55c5da5e664ee483d294fe9eb5f3464e14f564fb79c1357094ff67e313d DIST tiff-4.0.8.tar.gz 2065574 SHA256 59d7a5a8ccd92059913f246877db95a2918e6c04fb9d43fd74e5c3390dac2910 SHA512 5d010ec4ce37aca733f7ab7db9f432987b0cd21664bd9d99452a146833c40f0d1e7309d1870b0395e947964134d5cfeb1366181e761fe353ad585803ff3d6be6 WHIRLPOOL 13fce447c586fef080c6201f0f5b010bc8b0e096bc9b806ab3b80eb6a672c789f88b5fc34a51585aa7072bb8407ecc958d1d7824fad379f86968f051de2fa96d DIST tiff-4.0.9.tar.gz 2305681 SHA256 6e7bdeec2c310734e734d19aae3a71ebe37a4d842e0e23dbb1b8921c0026cfcd SHA512 04f3d5eefccf9c1a0393659fe27f331108c401ba0dc587bca152a1c1f6bc844ba41622ff5572da8cc278593eff8c402b44e7af0a0090e91d326c2d79f6cd WHIRLPOOL e67378d8d7c17d892e5f075d4e13aa299042a9f989fd6051b23d986518a11f2bbbcb13f491d87da6e6455aa28df2cce0fb65761237e256ac2e37889272f2ddf7 diff --git a/media-libs/tiff/files/tiff-4.0.7-CVE-2016-10266.patch b/media-libs/tiff/files/tiff-4.0.7-CVE-2016-10266.patch deleted file mode 100644 index 67e0ca41c99..000 --- a/media-libs/tiff/files/tiff-4.0.7-CVE-2016-10266.patch +++ /dev/null @@ -1,46 +0,0 @@ -http://bugzilla.maptools.org/show_bug.cgi?id=2596 - -From d752
[gentoo-commits] repo/gentoo:master commit in: media-libs/tiff/, media-libs/tiff/files/
commit: e85f99863e467882ba64febcec829ace775de1ea
Author: Lars Wendler gentoo org>
AuthorDate: Mon May 22 07:34:15 2017 +
Commit: Lars Wendler gentoo org>
CommitDate: Mon May 22 07:35:18 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e85f9986
media-libs/tiff: Removed old.
Package-Manager: Portage-2.3.6, Repoman-2.3.2
media-libs/tiff/Manifest | 1 -
.../tiff/files/tiff-4.0.6-gif2tiff_removal.patch | 47 -
media-libs/tiff/tiff-4.0.6-r1.ebuild | 73 -
media-libs/tiff/tiff-4.0.6.ebuild | 69 -
media-libs/tiff/tiff-4.0.7-r1.ebuild | 113 -
5 files changed, 303 deletions(-)
diff --git a/media-libs/tiff/Manifest b/media-libs/tiff/Manifest
index bbc633fbc04..882ad79ea91 100644
--- a/media-libs/tiff/Manifest
+++ b/media-libs/tiff/Manifest
@@ -1,4 +1,3 @@
DIST tiff-3.9.7.tar.gz 1468097 SHA256
f5d64dd4ce61c55f5e9f6dc3920fbe5a41e02c2e607da7117a35eb5c320cef6a SHA512
ca89584a9ffa33b4986e4bc2165043cec239896f1f0ab73db00818d0442b570efaa6345b2ed422e884202324d359713df849bf14782bb0cf3b959655febddd77
WHIRLPOOL
c06b35da66c365c1fe7f0e6e06a400e139d3e2b5b280aa764015c2f0383a6191ffb3d335cdf2211b687bbb0caacf641be409148986a9813dfde5822a650a9b1c
-DIST tiff-4.0.6.tar.gz 2192991 SHA256
4d57a50907b510e3049a4bba0d7888930fdfc16ce49f1bf693e5b6247370d68c SHA512
2c8dbb9f82a7722bfe8cb6fcfcf67472beb692f1b7dafaf322759e7016dad1bc58457c0f03db50aa5bd088fef2b37358fcbc1524e20e9e14a9620373fdf8
WHIRLPOOL
809e61a22f7d6dfdf81917a084678ec39ed3cff4e03184d61c67501946d3fab0645cb3fe800d9249771879ee91245085e123349f68340bb63bd18024db8e03a6
DIST tiff-4.0.7.tar.gz 2076392 SHA256
9f43a2cfb9589e5cecaa66e16bf87f814c945f22df7ba600d63aac4632c4f019 SHA512
941357bdd5f947cdca41a1d31ae14b3fadc174ae5dce7b7981dbe58f61995f575ac2e97a7cc4fcc435184012017bec0920278263490464644f2cdfad9a6c5ddc
WHIRLPOOL
3090a0d8a5ad3595c97888edab3c48379175cad993567d20be5f397b1c5c1d21012de55c5da5e664ee483d294fe9eb5f3464e14f564fb79c1357094ff67e313d
DIST tiff-4.0.8.tar.gz 2065574 SHA256
59d7a5a8ccd92059913f246877db95a2918e6c04fb9d43fd74e5c3390dac2910 SHA512
5d010ec4ce37aca733f7ab7db9f432987b0cd21664bd9d99452a146833c40f0d1e7309d1870b0395e947964134d5cfeb1366181e761fe353ad585803ff3d6be6
WHIRLPOOL
13fce447c586fef080c6201f0f5b010bc8b0e096bc9b806ab3b80eb6a672c789f88b5fc34a51585aa7072bb8407ecc958d1d7824fad379f86968f051de2fa96d
diff --git a/media-libs/tiff/files/tiff-4.0.6-gif2tiff_removal.patch
b/media-libs/tiff/files/tiff-4.0.6-gif2tiff_removal.patch
deleted file mode 100644
index ea5c2c32714..000
--- a/media-libs/tiff/files/tiff-4.0.6-gif2tiff_removal.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-# Removing vulnerable gif2tiff (CVE-2016-5102)
-# Upstream seems to no longer ship this tool with >=tiff-4.0.7 versions.
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2552
-https://bugzilla.redhat.com/show_bug.cgi?id=1343407
-https://bugs.gentoo.org/585274
-
tiff-4.0.6/man/Makefile.am
-+++ tiff-4.0.6/man/Makefile.am
-@@ -27,7 +27,6 @@
- bmp2tiff.1 \
- fax2ps.1 \
- fax2tiff.1 \
-- gif2tiff.1 \
- pal2rgb.1 \
- ppm2tiff.1 \
- ras2tiff.1 \
tiff-4.0.6/test/Makefile.am
-+++ tiff-4.0.6/test/Makefile.am
-@@ -68,7 +68,6 @@
- TESTSCRIPTS = \
- bmp2tiff_palette.sh \
- bmp2tiff_rgb.sh \
-- gif2tiff.sh \
- ppm2tiff_pbm.sh \
- ppm2tiff_pgm.sh \
- ppm2tiff_ppm.sh \
tiff-4.0.6/tools/Makefile.am
-+++ tiff-4.0.6/tools/Makefile.am
-@@ -34,7 +34,6 @@
- bmp2tiff \
- fax2ps \
- fax2tiff \
-- gif2tiff \
- pal2rgb \
- ppm2tiff \
- ras2tiff \
-@@ -73,9 +72,6 @@
- fax2tiff_SOURCES = fax2tiff.c
- fax2tiff_LDADD = $(LIBTIFF) $(LIBPORT)
-
--gif2tiff_SOURCES = gif2tiff.c
--gif2tiff_LDADD = $(LIBTIFF) $(LIBPORT)
--
- pal2rgb_SOURCES = pal2rgb.c
- pal2rgb_LDADD = $(LIBTIFF) $(LIBPORT)
-
diff --git a/media-libs/tiff/tiff-4.0.6-r1.ebuild
b/media-libs/tiff/tiff-4.0.6-r1.ebuild
deleted file mode 100644
index 7ae3d8b1033..000
--- a/media-libs/tiff/tiff-4.0.6-r1.ebuild
+++ /dev/null
@@ -1,73 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-inherit autotools eutils libtool multilib-minimal
-
-DESCRIPTION="Tag Image File Format (TIFF) library"
-HOMEPAGE="http://libtiff.maptools.org";
-SRC_URI="http://download.osgeo.org/libtiff/${P}.tar.gz
- ftp://ftp.remotesensing.org/pub/libtiff/${P}.tar.gz";
-
-LICENSE="libtiff"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390
~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux
~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris
~x64-solaris ~x86-solaris"
-IUSE="+cxx jbig jpeg lzma static-libs test zlib"
-
-RDEPEND="jpeg? ( >=virtual/jpeg-0-r2:0=[${MULTILIB_USEDEP}] )
- jbig? ( >=media-libs/jbigkit-2
[gentoo-commits] repo/gentoo:master commit in: media-libs/tiff/, media-libs/tiff/files/
commit: f383efc4136c911abc8542073a34f2cc6038ee3a
Author: Mike Frysinger gentoo org>
AuthorDate: Wed Apr 12 19:13:34 2017 +
Commit: Mike Frysinger gentoo org>
CommitDate: Wed Apr 12 19:25:37 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f383efc4
media-libs/tiff: update pdfium patches to be more portable
Put helper funcs in the private headers, and stick to older C standards.
...ferOverflow-ChopUpSingleUncompressedStrip.patch | 23 +++---
...-4.0.7-pdfium-0013-validate-refblackwhite.patch | 5 +++--
.../{tiff-4.0.7-r2.ebuild => tiff-4.0.7-r3.ebuild} | 0
3 files changed, 14 insertions(+), 14 deletions(-)
diff --git
a/media-libs/tiff/files/tiff-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
b/media-libs/tiff/files/tiff-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
index f573fd9deb3..a45ee342f77 100644
---
a/media-libs/tiff/files/tiff-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
+++
b/media-libs/tiff/files/tiff-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
@@ -19,16 +19,15 @@ overflow.
cp = _TIFFrealloc(buffer, bytes);
if (cp == NULL) {
a/libtiff/tiffio.h
-+++ b/libtiff/tiffio.h
-@@ -298,6 +298,10 @@ extern void _TIFFmemset(void* p, int v, tmsize_t c);
- extern void _TIFFmemcpy(void* d, const void* s, tmsize_t c);
- extern int _TIFFmemcmp(const void* p1, const void* p2, tmsize_t c);
- extern void _TIFFfree(void* p);
-+#include
-+static inline int _TIFFIfMultiplicationOverflow(tmsize_t op1, tmsize_t op2) {
-+ return op1 > SSIZE_MAX / op2;
-+}
+--- a/libtiff/tiffiop.h
b/libtiff/tiffiop.h
+@@ -315,6 +315,9 @@ typedef size_t TIFFIOSize_t;
+ #define _TIFF_off_t off_t
+ #endif
- /*
- ** Stuff, related to tag handling and creating custom tags.
++#include
++#define _TIFFIfMultiplicationOverflow(op1, op2) ((op1) > SSIZE_MAX / (op2))
++
+ #if defined(__cplusplus)
+ extern "C" {
+ #endif
diff --git
a/media-libs/tiff/files/tiff-4.0.7-pdfium-0013-validate-refblackwhite.patch
b/media-libs/tiff/files/tiff-4.0.7-pdfium-0013-validate-refblackwhite.patch
index 47a3db06431..d98ff9d0f25 100644
--- a/media-libs/tiff/files/tiff-4.0.7-pdfium-0013-validate-refblackwhite.patch
+++ b/media-libs/tiff/files/tiff-4.0.7-pdfium-0013-validate-refblackwhite.patch
@@ -24,11 +24,12 @@ them to the default provided by the TIFF spec v6.
#include
/*
-@@ -426,6 +426,14 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap)
+@@ -426,6 +426,15 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap)
case TIFFTAG_REFERENCEBLACKWHITE:
/* XXX should check for null range */
_TIFFsetFloatArray(&td->td_refblackwhite, va_arg(ap, float*),
6);
-+ for (int i = 0; i < 6; i++) {
++ int i;
++ for (i = 0; i < 6; i++) {
+ if (isnan(td->td_refblackwhite[i])) {
+ if (i % 2 == 0)
+ td->td_refblackwhite[i] = 0;
diff --git a/media-libs/tiff/tiff-4.0.7-r2.ebuild
b/media-libs/tiff/tiff-4.0.7-r3.ebuild
similarity index 100%
rename from media-libs/tiff/tiff-4.0.7-r2.ebuild
rename to media-libs/tiff/tiff-4.0.7-r3.ebuild
[gentoo-commits] repo/gentoo:master commit in: media-libs/tiff/, media-libs/tiff/files/
commit: 9108af32a69a8d05b8d03b3b9adb9e0a7a5783bb
Author: Mike Frysinger chromium org>
AuthorDate: Mon Apr 10 21:42:58 2017 +
Commit: Mike Frysinger gentoo org>
CommitDate: Mon Apr 10 21:45:14 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9108af32
media-libs/tiff: pull in pdfium security patches
0.7-pdfium-0005-Leak-TIFFFetchStripThing.patch | 20
...ferOverflow-ChopUpSingleUncompressedStrip.patch | 34 ++
...iff-4.0.7-pdfium-0007-uninitialized-value.patch | 26 +
...ferOverflow-ChopUpSingleUncompressedStrip.patch | 26 +
...-4.0.7-pdfium-0013-validate-refblackwhite.patch | 41 +++
7-pdfium-0017-safe_skews_in_gtTileContig.patch | 97 +
...ium-0018-fix-leak-in-PredictorSetupDecode.patch | 27 +
.../tiff-4.0.7-pdfium-0021-oom-TIFFFillStrip.patch | 29 +
media-libs/tiff/tiff-4.0.7-r2.ebuild | 121 +
9 files changed, 421 insertions(+)
diff --git
a/media-libs/tiff/files/tiff-4.0.7-pdfium-0005-Leak-TIFFFetchStripThing.patch
b/media-libs/tiff/files/tiff-4.0.7-pdfium-0005-Leak-TIFFFetchStripThing.patch
new file mode 100644
index 000..afb0151f963
--- /dev/null
+++
b/media-libs/tiff/files/tiff-4.0.7-pdfium-0005-Leak-TIFFFetchStripThing.patch
@@ -0,0 +1,20 @@
+https://codereview.chromium.org/2204793002
+https://crbug.com/633387
+https://pdfium.googlesource.com/pdfium/+/master/libtiff/
+
+Author: thestig
+Date: Mon Aug 1 19:36:27 2016 -0700
+
+Fix a memory leak in libtiff.
+
+--- a/libtiff/tif_dirread.c
b/libtiff/tif_dirread.c
+@@ -5372,6 +5372,8 @@ TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32
nstrips, uint64** lpp)
+ static const char module[] = "TIFFFetchStripThing";
+ enum TIFFReadDirEntryErr err;
+ uint64* data;
++ _TIFFfree(*lpp);
++ *lpp = 0;
+ err=TIFFReadDirEntryLong8Array(tif,dir,&data);
+ if (err!=TIFFReadDirEntryErrOk)
+ {
diff --git
a/media-libs/tiff/files/tiff-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
b/media-libs/tiff/files/tiff-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
new file mode 100644
index 000..f573fd9deb3
--- /dev/null
+++
b/media-libs/tiff/files/tiff-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
@@ -0,0 +1,34 @@
+https://codereview.chromium.org/2284063002
+https://crbug.com/618267
+https://pdfium.googlesource.com/pdfium/+/master/libtiff/
+
+Author: tracy_jiang
+Date: Mon Aug 29 13:42:56 2016 -0700
+
+Fix for #618267. Adding a method to determine if multiplication has
+overflow.
+
+--- a/libtiff/tif_aux.c
b/libtiff/tif_aux.c
+@@ -69,7 +69,7 @@ _TIFFCheckRealloc(TIFF* tif, void* buffer,
+ /*
+* XXX: Check for integer overflow.
+*/
+- if (nmemb && elem_size && bytes / elem_size == nmemb)
++ if (nmemb && elem_size && !_TIFFIfMultiplicationOverflow(nmemb,
elem_size))
+ cp = _TIFFrealloc(buffer, bytes);
+
+ if (cp == NULL) {
+--- a/libtiff/tiffio.h
b/libtiff/tiffio.h
+@@ -298,6 +298,10 @@ extern void _TIFFmemset(void* p, int v, tmsize_t c);
+ extern void _TIFFmemcpy(void* d, const void* s, tmsize_t c);
+ extern int _TIFFmemcmp(const void* p1, const void* p2, tmsize_t c);
+ extern void _TIFFfree(void* p);
++#include
++static inline int _TIFFIfMultiplicationOverflow(tmsize_t op1, tmsize_t op2) {
++ return op1 > SSIZE_MAX / op2;
++}
+
+ /*
+ ** Stuff, related to tag handling and creating custom tags.
diff --git
a/media-libs/tiff/files/tiff-4.0.7-pdfium-0007-uninitialized-value.patch
b/media-libs/tiff/files/tiff-4.0.7-pdfium-0007-uninitialized-value.patch
new file mode 100644
index 000..ab5627f5c16
--- /dev/null
+++ b/media-libs/tiff/files/tiff-4.0.7-pdfium-0007-uninitialized-value.patch
@@ -0,0 +1,26 @@
+https://codereview.chromium.org/2389993002
+https://crbug.com/651632
+https://pdfium.googlesource.com/pdfium/+/master/libtiff/
+
+Author: dsinclair
+Date: Mon Oct 3 13:59:57 2016 -0700
+
+Fix potentially uninitialized value.
+
+Depending on what ReadOK does it's possible for |dircount16| to be used without
+being initialized. The read code calls back into PDFium specific code which
then
+calls into the stream reading code.
+
+Initialize the value to be sure it is set.
+
+--- a/libtiff/tif_dirread.c
b/libtiff/tif_dirread.c
+@@ -4443,7 +4443,7 @@ TIFFFetchDirectory(TIFF* tif, uint64 diroff,
TIFFDirEntry** pdir,
+ static const char module[] = "TIFFFetchDirectory";
+
+ void* origdir;
+- uint16 dircount16;
++ uint16 dircount16 = 0;
+ uint32 dirsize;
+ TIFFDirEntry* dir;
+ uint8* ma;
diff --git
a/media-libs/tiff/files/tiff-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
b/media-libs/tiff/files/tiff-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
new file mode 100644
index 000..35f59b9bffd
--- /dev/
