gentoo resync : 29.05.2018

4 files changed, 124 insertions, 2 deletions

diff --git a/media-libs/tiff/Manifest b/media-libs/tiff/Manifest
index 7323d0969e3f..ceace0445309 100644
--- a/media-libs/tiff/Manifest
+++ b/media-libs/tiff/Manifest
@@ -11,6 +11,7 @@ AUX tiff-4.0.7-pdfium-0013-validate-refblackwhite.patch 1278 BLAKE2B d2e9406584c
 AUX tiff-4.0.7-pdfium-0017-safe_skews_in_gtTileContig.patch 2992 BLAKE2B f588838219ba3323a15b35d04b168180229ce1ad9c018c2104d2663905aaafc2aae001f188f6c6c722190d086b1fd1422ca5bfd2a55b45c7120dfe1792b4d728 SHA512 0fc1b6b8a57629730b10c0c30d915ce8a9575cac5e1daa91ae74be4e866e4c9cf49031897c001b3ade8182274d875988d40c1d4214b2a427d4676762ca7f2c4c
 AUX tiff-4.0.7-pdfium-0018-fix-leak-in-PredictorSetupDecode.patch 849 BLAKE2B b0087382944185e1b91e65ae5b1a8998d31c4285308a1d9a2db20064f92b8aea07341a4a93242678f7ff332bf21d091a902907f74d320d2739b151efff25bec1 SHA512 9da30e7223522dfb4d8a8bc8b5bd545615cfe60a509f8583d29817ecbb1ff28ca38a6e00ee845e9484d9bc02666f99b0144ea08e5083eef2035e99b1825f4bd3
 AUX tiff-4.0.7-pdfium-0021-oom-TIFFFillStrip.patch 1228 BLAKE2B ca3babb8a10c96ecfb72914651f8e737ec4d2a7a7fbdc4b9c153e2a7f540fa1a0b5907bad374ddbce53364caba0282d848b03992b793c14490740ecb786fe47c SHA512 4add933c6b7e2938affb03e00da0bb28789cd9998f5496f4b592ae14d35175f6ce8a4e83ee639ef42211a8683bddad5b4c8375a1ba0a331bc72a40c45e691162
+AUX tiff-4.0.9-CVE-2017-18013.patch 1531 BLAKE2B e0b825408ba684084153ebd19c13bc7124733ba9b84393534b57481aabb8f1de5529f0a31c997b6e4947be8f01970c711e1f23ce30919bcbcef489939a0ed31e SHA512 e0598c4702fbe22379182c78191305b3769b7cb7f927ad4372e220aad9567e43adee6baa164696852ce6fa4f1f307c666a4fc3fc2b942baca16cd2b8fe9998cb
 AUX tiff-4.0.9-CVE-2017-9935-fix-incorrect-type.patch 2443 BLAKE2B e18f4acec3dc8088eec5080272e6d759c0823cb1f8036d45bc5289cc22e8a487ff5d8761e0d2e49d4c450f407e859c00913988df9c45e51318b53c5fbec01483 SHA512 a489d4bdf5b3861fdf18107ff4a0224e2d458acf719af9d7eb6ef230285ceb5d37bc483c32800cc8180ccc69ffbc80d8887b8660265466ddd52a3447f1f44e61
 AUX tiff-4.0.9-CVE-2017-9935.patch 6636 BLAKE2B b7660dee9e379aea59f7225024697ea35b820837502e9e19157391c569c6b85473c4da5163f2e6fa8934c68cc32cbc45d025a2c336d21d79f461723a68a6e49f SHA512 ca1beda6e1550ac8a4bdf2bdefaba38f5fc40d2e842709ed1a803aeef5c34cd466f93fc6e7bb8e7ffb7e21a702d54584b84615e7c3dc3a8d2d29ceeadaeca7f6
 AUX tiff-4.0.9-CVE-2018-5784.patch 4251 BLAKE2B defd555ebc53e178439331cd04f3099c4ad77584efd0a4312802307ce90828e63513df738e992905af824f25d987d43e095d313d359c3de9eebba5bf4c843bf1 SHA512 ebff45d1ecc1fb783f806eb556ccb01316289e190786378309a51a0c4d10b53ae6c86a1310ea59bc79946e633163916700e17752d0a7add10c22b8824b000b7b
@@ -21,5 +22,6 @@ EBUILD tiff-3.9.7-r1.ebuild 1941 BLAKE2B 38e7fc7b06adec30d32dce66390c5174fa8ca51
 EBUILD tiff-4.0.8.ebuild 2485 BLAKE2B de7917ea6c510b4da138abc7c8c46c108d93385845f37922c0043e619ecce744212ce0da78d3cd32c7ab6d07c667037432ff5203271ac357019260b2b2426120 SHA512 6b36c1575467420df401fa1268a93d51ad7e58c0e2ea1f43f79a98fbaced66f8f8d248f6f38531e731b384e1c4ea4d36416ba1545724cea7ad6d99e8fbfe1235
 EBUILD tiff-4.0.9-r1.ebuild 2130 BLAKE2B 09892b7bd37c8dfc6660bcb4ef5369457bf8e0929a2863fd62bc2a02c235c893fbc1880f0267683b115381980cade0f8412ec3bb63c2cae247263f7a3677b23b SHA512 fb2797ff15a7b1d3eb1ebf6be90a76c219f8cfb088ec1608b45f696e797fe1a74669152e89cee385d2c38758a737e4f4eba574701f02c27f2a791b8b394f90bd
 EBUILD tiff-4.0.9-r2.ebuild 2229 BLAKE2B 53aa8befbe2c445bec2276190fd1c7282b46881b8a8ea14cc5b71e9df65de8199c8b4f9d155f6d47b8d727bc91b31be7ec975720c27e597c737fd6e6fc388d8d SHA512 789642b417be56603c2acd94c6e472780944022f138b19ad1f41d72381a876a9212107c5dc39c96fa650f8632055ffabafb6c543a26331f8f7e3c754e44a9001
-EBUILD tiff-4.0.9-r3.ebuild 2267 BLAKE2B 588724f8e3d3d68f76b12021f475b5c18fc7cf7be8d8a22e1222198e309ddfab20e0154c91432a52453731873ebb499a0ee2fa87d0d97b8210bf0b6291a46170 SHA512 a12480c422d4d76f9fd5c2c8459838a03f96540654655fee324e9da5bbdf89e1f7a11318b97e2c3036e146da02d2a12e5b9a433ac2306adf5fd158acdf106b09
+EBUILD tiff-4.0.9-r3.ebuild 2264 BLAKE2B ec6bd649cf31a2a4a2b9125d1cd2fa9c203be954f6ff7367c6e46422d4d846928a3a48bb1b6e19147dab3680b13160c352b2cc8e3e18bdd11dccd77b047e1540 SHA512 bad10c08475e1c1a2765df6d35846c99cfefa149ebf3b5d571859b639699c740dc07264a8758c4306e1901389dbe3c7e4822f91d9729ece741499e515cf6601a
+EBUILD tiff-4.0.9-r4.ebuild 2328 BLAKE2B 2fae57ca25b717b292681a13726acdd09618fb3057cc10dfa664d666d9f16332c5451bfab80d4cba977d45e4e4e044b6e60232ea61cc4950bb7e3099da451ebb SHA512 e98adfa48131f65620e802b3cd46a9e0fba3649e90a1fbd2bcdda3aec70a1a4336797f5fe3d069155dde3f0be977dc1d674fab79a9b100464cb0b5fdd291b47b
 MISC metadata.xml 565 BLAKE2B 3d487835599974795ba6007439bf1d08756ab1c5dbe191509832b302f3199e4ffc05be64df3e26b4d4a1c11d1292c48cbb59ffa6e412831d16d7415e076f1062 SHA512 289043206dbb512c97e4bb703b32549ac4a77f40e212548b80ea865052b80fed9d4562f9fc94638fda54da9bc3e0c19ba303c027e66e7b75c772aeec91aebe6f
diff --git a/media-libs/tiff/files/tiff-4.0.9-CVE-2017-18013.patch b/media-libs/tiff/files/tiff-4.0.9-CVE-2017-18013.patch
new file mode 100644
index 000000000000..2db890aef906
--- /dev/null
+++ b/media-libs/tiff/files/tiff-4.0.9-CVE-2017-18013.patch
@@ -0,0 +1,39 @@
+https://bugs.gentoo.org/645982
+https://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01
+
+From c6f41df7b581402dfba3c19a1e3df4454c551a01 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sun, 31 Dec 2017 15:09:41 +0100
+Subject: [PATCH] libtiff/tif_print.c: TIFFPrintDirectory(): fix null pointer
+ dereference on corrupted file. Fixes
+ http://bugzilla.maptools.org/show_bug.cgi?id=2770
+
+---
+ libtiff/tif_print.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/libtiff/tif_print.c b/libtiff/tif_print.c
+index 9959d353b1f9..8deceb2b054d 100644
+--- a/libtiff/tif_print.c
++++ b/libtiff/tif_print.c
+@@ -665,13 +665,13 @@ TIFFPrintDirectory(TIFF* tif, FILE* fd, long flags)
+ #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
+ 			fprintf(fd, "    %3lu: [%8I64u, %8I64u]\n",
+ 			    (unsigned long) s,
+-			    (unsigned __int64) td->td_stripoffset[s],
+-			    (unsigned __int64) td->td_stripbytecount[s]);
++			    td->td_stripoffset ? (unsigned __int64) td->td_stripoffset[s] : 0,
++			    td->td_stripbytecount ? (unsigned __int64) td->td_stripbytecount[s] : 0);
+ #else
+ 			fprintf(fd, "    %3lu: [%8llu, %8llu]\n",
+ 			    (unsigned long) s,
+-			    (unsigned long long) td->td_stripoffset[s],
+-			    (unsigned long long) td->td_stripbytecount[s]);
++			    td->td_stripoffset ? (unsigned long long) td->td_stripoffset[s] : 0,
++			    td->td_stripbytecount ? (unsigned long long) td->td_stripbytecount[s] : 0);
+ #endif
+ 	}
+ }
+-- 
+2.16.1
+
diff --git a/media-libs/tiff/tiff-4.0.9-r3.ebuild b/media-libs/tiff/tiff-4.0.9-r3.ebuild
index 922ac56426c6..4acf1197bc61 100644
--- a/media-libs/tiff/tiff-4.0.9-r3.ebuild
+++ b/media-libs/tiff/tiff-4.0.9-r3.ebuild
@@ -12,7 +12,7 @@ SRC_URI="http://download.osgeo.org/libtiff/${P}.tar.gz
 
 LICENSE="libtiff"
 SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="+cxx jbig jpeg lzma static-libs test zlib"
 
 RDEPEND="jpeg? ( >=virtual/jpeg-0-r2:0=[${MULTILIB_USEDEP}] )
diff --git a/media-libs/tiff/tiff-4.0.9-r4.ebuild b/media-libs/tiff/tiff-4.0.9-r4.ebuild
new file mode 100644
index 000000000000..4787ecd348eb
--- /dev/null
+++ b/media-libs/tiff/tiff-4.0.9-r4.ebuild
@@ -0,0 +1,81 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit autotools libtool ltprune multilib-minimal
+
+DESCRIPTION="Tag Image File Format (TIFF) library"
+HOMEPAGE="http://libtiff.maptools.org"
+SRC_URI="http://download.osgeo.org/libtiff/${P}.tar.gz
+	ftp://ftp.remotesensing.org/pub/libtiff/${P}.tar.gz"
+
+LICENSE="libtiff"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="+cxx jbig jpeg lzma static-libs test zlib"
+
+RDEPEND="jpeg? ( >=virtual/jpeg-0-r2:0=[${MULTILIB_USEDEP}] )
+	jbig? ( >=media-libs/jbigkit-2.1:=[${MULTILIB_USEDEP}] )
+	lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[${MULTILIB_USEDEP}] )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}"
+
+REQUIRED_USE="test? ( jpeg )" #483132
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
+	"${FILESDIR}"/${PN}-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
+	"${FILESDIR}"/${P}-CVE-2017-9935.patch #624696
+	"${FILESDIR}"/${P}-CVE-2017-9935-fix-incorrect-type.patch #624696
+	"${FILESDIR}"/${P}-CVE-2017-18013.patch #645982
+	"${FILESDIR}"/${P}-CVE-2018-5784.patch #645730
+)
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/tiffconf.h
+)
+
+src_prepare() {
+	default
+
+	# tiffcp-thumbnail.sh fails as thumbnail binary doesn't get built anymore since tiff-4.0.7
+	sed '/tiffcp-thumbnail\.sh/d' -i test/Makefile.am || die
+
+	eautoreconf
+}
+
+multilib_src_configure() {
+	local myeconfargs=(
+		--without-x
+		$(use_enable cxx)
+		$(use_enable jbig)
+		$(use_enable jpeg)
+		$(use_enable lzma)
+		$(use_enable static-libs static)
+		$(use_enable zlib)
+	)
+	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
+
+	# remove useless subdirs
+	if ! multilib_is_native_abi ; then
+		sed -i \
+			-e 's/ tools//' \
+			-e 's/ contrib//' \
+			-e 's/ man//' \
+			-e 's/ html//' \
+			Makefile || die
+	fi
+}
+
+multilib_src_test() {
+	if ! multilib_is_native_abi ; then
+		emake -C tools
+	fi
+	emake check
+}
+
+multilib_src_install_all() {
+	prune_libtool_files --all
+	rm -f "${ED%/}"/usr/share/doc/${PF}/{COPYRIGHT,README*,RELEASE-DATE,TODO,VERSION}
+}