gentoo auto-resync : 07:02:2023 - 09:24:06

3 files changed, 106 insertions, 0 deletions

diff --git a/media-libs/tiff/Manifest b/media-libs/tiff/Manifest
index 02adc1099cff..e24ca9e5c1f2 100644
--- a/media-libs/tiff/Manifest
+++ b/media-libs/tiff/Manifest
@@ -1,5 +1,7 @@
+AUX tiff-4.5.0-CVE-2022-48281.patch 496 BLAKE2B 08d90ff28e2e4338db3aa65b6fc0ee2e3f624edcc84c1a1190bed0444805b639060751808672df08070f285c6ae841299066747eb8b1a48e2a773b949916c534 SHA512 a6f30ed1179a4fa8c598833e16a60ed80bac96ef8f76048a430250aec9cdc30aa4652457f2ef4cb5dc23d167034b16f2d70856efe70d6210801f69830ca2a6a0
 AUX tiff-4.5.0_rc1-skip-tools-tests-multilib.patch 1477 BLAKE2B d6daf36a65fcd2afbec2fd5e5f3b75fa4547f32079c0709e98a48b0ba28d993346dfc597ef46b37db5242f2e28c7dd87a1616fe9324ca2d9659a97040bcd23db SHA512 0c7b69ddd772d73fde800e610ed533804392d0ea4ddefa409f52abcf174cc77cd1f4160a03076043d654533e98812d642d5166030d97b273ec80f5288bf3eda3
 DIST tiff-4.5.0.tar.xz 2320900 BLAKE2B c69801ba9d55b1ed27a92d31d8cd16937fe69299fbf5450efb4a6caa60245b72ddade110daae78f2198613640383623f76ec2265ba785375d0a85c7909b73fe9 SHA512 c6c866064c2dd5d1711c6ece7bafe5f011f5ce26c0aeaecbff79c05b5671f44150324bea95a0665cc43331883114de855ee1cd87ed733bff0f4d0814515b9f10
 DIST tiff-4.5.0.tar.xz.sig 310 BLAKE2B bbe7f9600061416227276424eb220714a1375d3e295cb0c5b7f76074324c1a2698a5029dde3e734331e9caf02d8a086273ded2ab09285857dbbfe3ad83506912 SHA512 8cef09755f4efe68db69591967e495852cf63c2d8113a877a2254f536d38c60b6dc864c07089249cd8109a8408672a297ae9e59d8233687bc2796dc158ccfb32
+EBUILD tiff-4.5.0-r1.ebuild 2708 BLAKE2B 4fd2681bfed4dae10cbafc85014b8b9167b52a033cfc3f70b65669d7794c70f90c0e2e0342c32d6bcf62f0d500514f198e0b313df60aa0cea38448c09130a1dd SHA512 8f9749eae6275f6c24de3908f11dbf04ce2b3437414a34647a5eba0ee026c37c8fdcbee532d150d2a32fd997f18658a03885e3ccb4acae17097f4f3ac5e358e4
 EBUILD tiff-4.5.0.ebuild 2652 BLAKE2B 88e1bf84ab026017b08f58e2086e2a9a13d06516f2e8981840494e5e3b1d4e532bf7d98b9347bcf4be3c37d68a425f52d125e546024e26712b383bb8c8f43bae SHA512 c97fcf9aa837999e3b9f15480c1bb1fe60c2688d3e7b06da4c8923cc0aa421089e7f5f9fa6d928920654e713d51b417f92e34dd10f246da383a071ca13566803
 MISC metadata.xml 615 BLAKE2B b76f8c2714111fe539c2d15b56361bc3b2bc7469b3cd74cf933a9dad4ac8577b7bb1a2bc010ceb3623640778d1dbc912433988e938db7df8f8fca67c51003c2c SHA512 81b22e0e2763fbcd573d2c1fee362785c15c7c33cc00d0f7ce89eb9f95f55e64aee78eefc51de6d7270aa966102b744f070620828becbbb03012cc22e3e99469
diff --git a/media-libs/tiff/files/tiff-4.5.0-CVE-2022-48281.patch b/media-libs/tiff/files/tiff-4.5.0-CVE-2022-48281.patch
new file mode 100644
index 000000000000..e38d17df9cc2
--- /dev/null
+++ b/media-libs/tiff/files/tiff-4.5.0-CVE-2022-48281.patch
@@ -0,0 +1,14 @@
+https://gitlab.com/libtiff/libtiff/-/issues/488
+https://bugs.gentoo.org/891839
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -8591,7 +8591,7 @@ static int processCropSelections(struct
+                     cropsize + NUM_BUFF_OVERSIZE_BYTES);
+             else
+             {
+-                prev_cropsize = seg_buffs[0].size;
++                prev_cropsize = seg_buffs[i].size;
+                 if (prev_cropsize < cropsize)
+                 {
+                     next_buff = _TIFFrealloc(
+
diff --git a/media-libs/tiff/tiff-4.5.0-r1.ebuild b/media-libs/tiff/tiff-4.5.0-r1.ebuild
new file mode 100644
index 000000000000..bbbf78771312
--- /dev/null
+++ b/media-libs/tiff/tiff-4.5.0-r1.ebuild
@@ -0,0 +1,90 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+QA_PKGCONFIG_VERSION="$(ver_cut 1-3)"
+
+# Release signer can vary per version but not clear if others will be doing
+# them in future, so gone with Even Rouault for now as he does other geosci
+# stuff too like PROJ, GDAL. Previous release manager of TIFF was
+# GraphicsMagick maintainer Bob Friesenhahn. Please be careful when verifying
+# who made releases.
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/rouault.asc
+inherit autotools multilib-minimal verify-sig flag-o-matic
+
+MY_P="${P/_rc/rc}"
+DESCRIPTION="Tag Image File Format (TIFF) library"
+HOMEPAGE="http://libtiff.maptools.org"
+SRC_URI="https://download.osgeo.org/libtiff/${MY_P}.tar.xz"
+SRC_URI+=" verify-sig? ( https://download.osgeo.org/libtiff/${MY_P}.tar.xz.sig )"
+S="${WORKDIR}/${PN}-$(ver_cut 1-3)"
+
+LICENSE="libtiff"
+SLOT="0/6"
+if [[ ${PV} != *_rc* ]] ; then
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+fi
+IUSE="+cxx jbig jpeg lzma static-libs test webp zlib zstd"
+RESTRICT="!test? ( test )"
+
+# bug #483132
+REQUIRED_USE="test? ( jpeg )"
+
+RDEPEND="jbig? ( >=media-libs/jbigkit-2.1:=[${MULTILIB_USEDEP}] )
+	jpeg? ( media-libs/libjpeg-turbo:=[${MULTILIB_USEDEP}] )
+	lzma? ( >=app-arch/xz-utils-5.0.5-r1[${MULTILIB_USEDEP}] )
+	webp? ( media-libs/libwebp:=[${MULTILIB_USEDEP}] )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
+	zstd? ( >=app-arch/zstd-1.3.7-r1:=[${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}"
+BDEPEND="verify-sig? ( sec-keys/openpgp-keys-evenrouault )"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/tiffconf.h
+)
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-4.5.0_rc1-skip-tools-tests-multilib.patch
+	"${FILESDIR}"/${PN}-4.5.0-CVE-2022-48281.patch
+)
+
+src_prepare() {
+	default
+
+	# Added to fix cross-compilation
+	#elibtoolize
+
+	# For skip-tools-tests-multilib.patch
+	eautoreconf
+}
+
+multilib_src_configure() {
+	append-lfs-flags
+
+	local myeconfargs=(
+		--disable-sphinx
+		--without-x
+		--with-docdir="${EPREFIX}"/usr/share/doc/${PF}
+		$(use_enable cxx)
+		$(use_enable jbig)
+		$(use_enable jpeg)
+		$(use_enable lzma)
+		$(use_enable static-libs static)
+		$(use_enable test tests)
+		$(use_enable webp)
+		$(use_enable zlib)
+		$(use_enable zstd)
+
+		$(multilib_native_enable docs)
+		$(multilib_native_enable contrib)
+		$(multilib_native_enable tools)
+	)
+
+	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
+}
+
+multilib_src_install_all() {
+	find "${ED}" -type f -name '*.la' -delete || die
+	rm "${ED}"/usr/share/doc/${PF}/{README*,RELEASE-DATE,TODO,VERSION} || die
+}