summaryrefslogtreecommitdiff
path: root/media-libs/tiff
diff options
context:
space:
mode:
authorV3n3RiX <venerix@redcorelinux.org>2019-04-05 21:17:31 +0100
committerV3n3RiX <venerix@redcorelinux.org>2019-04-05 21:17:31 +0100
commitdc7cbdfa65fd814b3b9aa3c56257da201109e807 (patch)
treec85d72f6f31f21f178069c9d41d41a7c1ff4b362 /media-libs/tiff
parent0706fc6986773f4e4d391deff4ad5143c464ea4e (diff)
gentoo resync : 05.04.2019
Diffstat (limited to 'media-libs/tiff')
-rw-r--r--media-libs/tiff/Manifest9
-rw-r--r--media-libs/tiff/files/tiff-3.9.7-CVE-2012-4447.patch191
-rw-r--r--media-libs/tiff/files/tiff-3.9.7-CVE-2012-4564.patch77
-rw-r--r--media-libs/tiff/files/tiff-3.9.7-CVE-2012-5581.patch245
-rw-r--r--media-libs/tiff/files/tiff-3.9.7-printdir-width.patch36
-rw-r--r--media-libs/tiff/files/tiff-3.9.7-tiffinfo-exif.patch59
-rw-r--r--media-libs/tiff/tiff-3.9.7-r1.ebuild67
-rw-r--r--media-libs/tiff/tiff-4.0.10.ebuild4
8 files changed, 3 insertions, 685 deletions
diff --git a/media-libs/tiff/Manifest b/media-libs/tiff/Manifest
index a52da9aa6fa3..5b4cb24c3543 100644
--- a/media-libs/tiff/Manifest
+++ b/media-libs/tiff/Manifest
@@ -1,18 +1,11 @@
-AUX tiff-3.9.7-CVE-2012-4447.patch 5706 BLAKE2B a72c6e4f643906273bd89689dcefa5696fe00536ad84329320bb8719bd37b07fa35e00c25e51998be6eeda2436ef93673dfbe6eda063f7d293df64e60c27c524 SHA512 defb8251401b7d65c2cd8f60df30d35551c1b1d0a1dcf514dd95da89572873177ea116e9373dd07cd260e00434235090e1d8864199d5fdfa84c445cb6905ddd6
-AUX tiff-3.9.7-CVE-2012-4564.patch 1987 BLAKE2B a56084760a03fc70e42d4ccff14b7f45d2c24f120515f7e23e8a5a6ada58f9325df1dfcc54327bb1324060aa91a4e497d83c74bbb62bc85daae5c6642aea14d5 SHA512 24ebe60ce6361561c15c8c5fb46b47942e58912de5efbf128374defc4382a7e800fae3dc0a9fe04876a5e2f61a109edc1c9533be2f8a15b4b0ed7215d7b08c9b
-AUX tiff-3.9.7-CVE-2012-5581.patch 8156 BLAKE2B 39457d90041b04014970c8b0bb9275353eca34fef6660810537294348ff33103b735523f5b84f0de2b1003014ace561a2c3bb498ff771b5c4101fef6fd89adf6 SHA512 2e215edeb6f4f5d6e14753874a67d76cfec34b3f6ffc420e1c7ede2007a6b2f64c09505e879e83db1de87f28c82c806c4379b38bf7f8735bb2bae675543683f0
-AUX tiff-3.9.7-printdir-width.patch 1523 BLAKE2B a0bfeda833e604137529537bed29dcb50308e3f6493d2985390c4528a4ac38f432104d796ec3368462d331017db4393f58622d17e1f068811913df78e98c7444 SHA512 9bf2edcbda2ed5dba01839cf1bb34316801b4c5a2b6c71ed46f8777518cf1bc77084db94eaf1ebde84583fa2e1749a5fc5151e321b4d83975b13c3e9ebe96436
-AUX tiff-3.9.7-tiffinfo-exif.patch 1847 BLAKE2B c6e55e92ebe86558cfabec730d2f15836390fa1789d57ada01fb1c6037699898706a051dab415db35e1ac2d39902301c1639e944f177b4b098227279c98c00c5 SHA512 6f211dc864bfb314a1c7edb8855b68cfbbdbbde1ba9422c1c578acbb15e5769323eec366bef618a8100b0ccb8057b2997762ebbd0f943be10882411861ec72fb
AUX tiff-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch 930 BLAKE2B 52d77fcdd773ce52232257da2c60f8b90417f102238df2039262e3afa7275908c74817ddd6958e430d7cfcff58d2d04ebd6ddd49f553f0f261883b67f557c599 SHA512 822ccc22304d23b4f50efe1f0fb7890fda8b9edf2075b8add814c0bac0a153fa0ed5d7ee5f47e23799b24f11678c8e0bf9c90ad59c5cc61fd9546b2dca4714a9
AUX tiff-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch 924 BLAKE2B 03160ce33639620b1deb918d358f559b8bc6296d28530b440d0d770438453c25aecc393b8cfcc582ed2d0ec1decd557a212c91f43f7923c9e94387e235680021 SHA512 43973cc5512eb8fe2e0beab1a98ff0d3bd999ed1adbf7c08c344b3442559cc2cdc99a9f2e9c1bb2bffa4be027945b12b120fa27ec6c8006367932039b8d8dd37
AUX tiff-4.0.9-CVE-2017-18013.patch 1531 BLAKE2B e0b825408ba684084153ebd19c13bc7124733ba9b84393534b57481aabb8f1de5529f0a31c997b6e4947be8f01970c711e1f23ce30919bcbcef489939a0ed31e SHA512 e0598c4702fbe22379182c78191305b3769b7cb7f927ad4372e220aad9567e43adee6baa164696852ce6fa4f1f307c666a4fc3fc2b942baca16cd2b8fe9998cb
AUX tiff-4.0.9-CVE-2017-9935-fix-incorrect-type.patch 2443 BLAKE2B e18f4acec3dc8088eec5080272e6d759c0823cb1f8036d45bc5289cc22e8a487ff5d8761e0d2e49d4c450f407e859c00913988df9c45e51318b53c5fbec01483 SHA512 a489d4bdf5b3861fdf18107ff4a0224e2d458acf719af9d7eb6ef230285ceb5d37bc483c32800cc8180ccc69ffbc80d8887b8660265466ddd52a3447f1f44e61
AUX tiff-4.0.9-CVE-2017-9935.patch 6636 BLAKE2B b7660dee9e379aea59f7225024697ea35b820837502e9e19157391c569c6b85473c4da5163f2e6fa8934c68cc32cbc45d025a2c336d21d79f461723a68a6e49f SHA512 ca1beda6e1550ac8a4bdf2bdefaba38f5fc40d2e842709ed1a803aeef5c34cd466f93fc6e7bb8e7ffb7e21a702d54584b84615e7c3dc3a8d2d29ceeadaeca7f6
AUX tiff-4.0.9-CVE-2018-5784.patch 4251 BLAKE2B defd555ebc53e178439331cd04f3099c4ad77584efd0a4312802307ce90828e63513df738e992905af824f25d987d43e095d313d359c3de9eebba5bf4c843bf1 SHA512 ebff45d1ecc1fb783f806eb556ccb01316289e190786378309a51a0c4d10b53ae6c86a1310ea59bc79946e633163916700e17752d0a7add10c22b8824b000b7b
-DIST tiff-3.9.7.tar.gz 1468097 BLAKE2B 303339acf9bb48558695b13fcc2b41acacbbf2ce6d2ec497067761895cb2de7674108e8ca2f35f845dcd2e45801777fe25d234af1c308acf59846c2f5617ab53 SHA512 ca89584a9ffa33b4986e4bc2165043cec239896f1f0ab73db00818d0442b570efaa6345b2ed422e884202324d359713df849bf14782bb0cf3b959655febddd77
DIST tiff-4.0.10.tar.gz 2402867 BLAKE2B 0305453f22150c31d00d2de756736f58c49a288e19b2a66bdd01319ce4688742f6eab4009eaf1817125d41f53a23de17eb6265a3ebae458ec24f5dbb3d49764e SHA512 d213e5db09fd56b8977b187c5a756f60d6e3e998be172550c2892dbdb4b2a8e8c750202bc863fe27d0d1c577ab9de1710d15e9f6ed665aadbfd857525a81eea8
DIST tiff-4.0.9.tar.gz 2305681 BLAKE2B 3de03408d2974b9f9f5f2444029cc3018ef43beb67e9fd21be68ee400cdcc6deca1247f055d880841a18b92284ce81f112682c8b5f083ddc61e5255d73a7de3f SHA512 04f3d5eefccf9c1a0393659fe27f3dddd31108c401ba0dc587bca152a1c1f6bc844ba41622ff5572da8cc278593eff8c402b44e7af0a0090e91d326c2d79f6cd
-EBUILD tiff-3.9.7-r1.ebuild 1941 BLAKE2B 38e7fc7b06adec30d32dce66390c5174fa8ca514d8fdc12d6486ed3b8a78b95ea2efb3e083c959892ea65e46853b4c5b7236508c9812736ff0bebce26961d64f SHA512 659c879ae594501bb3a88dde00797d67fd004cbbefbb4403a2374876a6c909cb38f4a7d56256325c5d53fd7ed107849e7c2862f9de777ab6b6d996ec279fe997
-EBUILD tiff-4.0.10.ebuild 2324 BLAKE2B 798ebc306c03368078da1d24d28c61fe3d69376fbbaf95238ecc92b73cfa62c1db54900895bd83ae890be231322a91a9f238fc69b4cc85f0db3e1b8abb1f38b1 SHA512 2886e2136317e5576847297dff4fdee2f1b8ef459f9d0f4cb4ac168d09119b3c4b12c0aacd4fc4b7dd9078938abe36ec5890325d9d3534d0b78d2ac3be79c910
+EBUILD tiff-4.0.10.ebuild 2320 BLAKE2B 4d31a67539f9bc1c732db69bf57446f96ec13e573ac0531ce7fa3c7be39c28dee1fb9a275593d94f8ba11f6b5c3b4a0f5a82a47588b4542d4d1502aeb2149bc1 SHA512 a208da6710cbba1ff103b6399ee3f0186ac5e756e432fe7ac3c3333d1afa090620a9452d81b08de7b2eb052977cb313c043d9a2311e84b029a84f84ad3f1b978
EBUILD tiff-4.0.9-r4.ebuild 2354 BLAKE2B 272c6c559ca76d81689caefa8dbd66aa22b8e29fd2cf35ba0699abaf2e85fa1f542237c9eb3b85735921617b76790bdbaede55b0c113a7cc2d35b192d3821e85 SHA512 ee3c1ab75d4694bce0e9523394ed0bf9daca1de6bc276199d96b655192a59f72ddc4bbbc7981e26c6f44531da334bbaab94fb9fa72191d6c241e861b71e78e4b
MISC metadata.xml 640 BLAKE2B faec0c1b8ddc13c849f3814532d7886a7b1fcc7aee14eb1ff26dc0265d51bd7516c779e2dba8e9dc8c1116f3be46db6dd06bfe46dd4b5dc3300f29b402bb666a SHA512 9445f36944e1018afcb83e3f5d9382d8e91d52924171786a40606ab46bfe0c0de744b40fc2adb58ece5d0168bca967d2bef73de05a81cd46615bd50502d08a29
diff --git a/media-libs/tiff/files/tiff-3.9.7-CVE-2012-4447.patch b/media-libs/tiff/files/tiff-3.9.7-CVE-2012-4447.patch
deleted file mode 100644
index 6c28dc6ec9a8..000000000000
--- a/media-libs/tiff/files/tiff-3.9.7-CVE-2012-4447.patch
+++ /dev/null
@@ -1,191 +0,0 @@
-Upstream patch for CVE-2012-4447. This also covers an out-of-bounds-read
-possibility in the same file, which wasn't given a separate CVE.
-
-
-diff -Naur tiff-3.9.4.orig/libtiff/tif_pixarlog.c tiff-3.9.4/libtiff/tif_pixarlog.c
---- tiff-3.9.4.orig/libtiff/tif_pixarlog.c 2010-06-08 14:50:42.000000000 -0400
-+++ tiff-3.9.4/libtiff/tif_pixarlog.c 2012-12-10 15:50:14.421538317 -0500
-@@ -117,9 +117,9 @@
- if (n >= stride) {
- mask = CODE_MASK;
- if (stride == 3) {
-- t0 = ToLinearF[cr = wp[0]];
-- t1 = ToLinearF[cg = wp[1]];
-- t2 = ToLinearF[cb = wp[2]];
-+ t0 = ToLinearF[cr = (wp[0] & mask)];
-+ t1 = ToLinearF[cg = (wp[1] & mask)];
-+ t2 = ToLinearF[cb = (wp[2] & mask)];
- op[0] = t0;
- op[1] = t1;
- op[2] = t2;
-@@ -136,10 +136,10 @@
- op[2] = t2;
- }
- } else if (stride == 4) {
-- t0 = ToLinearF[cr = wp[0]];
-- t1 = ToLinearF[cg = wp[1]];
-- t2 = ToLinearF[cb = wp[2]];
-- t3 = ToLinearF[ca = wp[3]];
-+ t0 = ToLinearF[cr = (wp[0] & mask)];
-+ t1 = ToLinearF[cg = (wp[1] & mask)];
-+ t2 = ToLinearF[cb = (wp[2] & mask)];
-+ t3 = ToLinearF[ca = (wp[3] & mask)];
- op[0] = t0;
- op[1] = t1;
- op[2] = t2;
-@@ -183,9 +183,9 @@
- if (n >= stride) {
- mask = CODE_MASK;
- if (stride == 3) {
-- t0 = ToLinearF[cr = wp[0]] * SCALE12;
-- t1 = ToLinearF[cg = wp[1]] * SCALE12;
-- t2 = ToLinearF[cb = wp[2]] * SCALE12;
-+ t0 = ToLinearF[cr = (wp[0] & mask)] * SCALE12;
-+ t1 = ToLinearF[cg = (wp[1] & mask)] * SCALE12;
-+ t2 = ToLinearF[cb = (wp[2] & mask)] * SCALE12;
- op[0] = CLAMP12(t0);
- op[1] = CLAMP12(t1);
- op[2] = CLAMP12(t2);
-@@ -202,10 +202,10 @@
- op[2] = CLAMP12(t2);
- }
- } else if (stride == 4) {
-- t0 = ToLinearF[cr = wp[0]] * SCALE12;
-- t1 = ToLinearF[cg = wp[1]] * SCALE12;
-- t2 = ToLinearF[cb = wp[2]] * SCALE12;
-- t3 = ToLinearF[ca = wp[3]] * SCALE12;
-+ t0 = ToLinearF[cr = (wp[0] & mask)] * SCALE12;
-+ t1 = ToLinearF[cg = (wp[1] & mask)] * SCALE12;
-+ t2 = ToLinearF[cb = (wp[2] & mask)] * SCALE12;
-+ t3 = ToLinearF[ca = (wp[3] & mask)] * SCALE12;
- op[0] = CLAMP12(t0);
- op[1] = CLAMP12(t1);
- op[2] = CLAMP12(t2);
-@@ -247,9 +247,9 @@
- if (n >= stride) {
- mask = CODE_MASK;
- if (stride == 3) {
-- op[0] = ToLinear16[cr = wp[0]];
-- op[1] = ToLinear16[cg = wp[1]];
-- op[2] = ToLinear16[cb = wp[2]];
-+ op[0] = ToLinear16[cr = (wp[0] & mask)];
-+ op[1] = ToLinear16[cg = (wp[1] & mask)];
-+ op[2] = ToLinear16[cb = (wp[2] & mask)];
- n -= 3;
- while (n > 0) {
- wp += 3;
-@@ -260,10 +260,10 @@
- op[2] = ToLinear16[(cb += wp[2]) & mask];
- }
- } else if (stride == 4) {
-- op[0] = ToLinear16[cr = wp[0]];
-- op[1] = ToLinear16[cg = wp[1]];
-- op[2] = ToLinear16[cb = wp[2]];
-- op[3] = ToLinear16[ca = wp[3]];
-+ op[0] = ToLinear16[cr = (wp[0] & mask)];
-+ op[1] = ToLinear16[cg = (wp[1] & mask)];
-+ op[2] = ToLinear16[cb = (wp[2] & mask)];
-+ op[3] = ToLinear16[ca = (wp[3] & mask)];
- n -= 4;
- while (n > 0) {
- wp += 4;
-@@ -342,9 +342,9 @@
- if (n >= stride) {
- mask = CODE_MASK;
- if (stride == 3) {
-- op[0] = ToLinear8[cr = wp[0]];
-- op[1] = ToLinear8[cg = wp[1]];
-- op[2] = ToLinear8[cb = wp[2]];
-+ op[0] = ToLinear8[cr = (wp[0] & mask)];
-+ op[1] = ToLinear8[cg = (wp[1] & mask)];
-+ op[2] = ToLinear8[cb = (wp[2] & mask)];
- n -= 3;
- while (n > 0) {
- n -= 3;
-@@ -355,10 +355,10 @@
- op[2] = ToLinear8[(cb += wp[2]) & mask];
- }
- } else if (stride == 4) {
-- op[0] = ToLinear8[cr = wp[0]];
-- op[1] = ToLinear8[cg = wp[1]];
-- op[2] = ToLinear8[cb = wp[2]];
-- op[3] = ToLinear8[ca = wp[3]];
-+ op[0] = ToLinear8[cr = (wp[0] & mask)];
-+ op[1] = ToLinear8[cg = (wp[1] & mask)];
-+ op[2] = ToLinear8[cb = (wp[2] & mask)];
-+ op[3] = ToLinear8[ca = (wp[3] & mask)];
- n -= 4;
- while (n > 0) {
- n -= 4;
-@@ -393,9 +393,9 @@
- mask = CODE_MASK;
- if (stride == 3) {
- op[0] = 0;
-- t1 = ToLinear8[cb = wp[2]];
-- t2 = ToLinear8[cg = wp[1]];
-- t3 = ToLinear8[cr = wp[0]];
-+ t1 = ToLinear8[cb = (wp[2] & mask)];
-+ t2 = ToLinear8[cg = (wp[1] & mask)];
-+ t3 = ToLinear8[cr = (wp[0] & mask)];
- op[1] = t1;
- op[2] = t2;
- op[3] = t3;
-@@ -413,10 +413,10 @@
- op[3] = t3;
- }
- } else if (stride == 4) {
-- t0 = ToLinear8[ca = wp[3]];
-- t1 = ToLinear8[cb = wp[2]];
-- t2 = ToLinear8[cg = wp[1]];
-- t3 = ToLinear8[cr = wp[0]];
-+ t0 = ToLinear8[ca = (wp[3] & mask)];
-+ t1 = ToLinear8[cb = (wp[2] & mask)];
-+ t2 = ToLinear8[cg = (wp[1] & mask)];
-+ t3 = ToLinear8[cr = (wp[0] & mask)];
- op[0] = t0;
- op[1] = t1;
- op[2] = t2;
-@@ -630,10 +630,10 @@
- return guess;
- }
-
--static uint32
--multiply(size_t m1, size_t m2)
-+static tsize_t
-+multiply(tsize_t m1, tsize_t m2)
- {
-- uint32 bytes = m1 * m2;
-+ tsize_t bytes = m1 * m2;
-
- if (m1 && bytes / m1 != m2)
- bytes = 0;
-@@ -641,6 +641,20 @@
- return bytes;
- }
-
-+static tsize_t
-+add_ms(tsize_t m1, tsize_t m2)
-+{
-+ tsize_t bytes = m1 + m2;
-+
-+ /* if either input is zero, assume overflow already occurred */
-+ if (m1 == 0 || m2 == 0)
-+ bytes = 0;
-+ else if (bytes <= m1 || bytes <= m2)
-+ bytes = 0;
-+
-+ return bytes;
-+}
-+
- static int
- PixarLogSetupDecode(TIFF* tif)
- {
-@@ -661,6 +675,8 @@
- td->td_samplesperpixel : 1);
- tbuf_size = multiply(multiply(multiply(sp->stride, td->td_imagewidth),
- td->td_rowsperstrip), sizeof(uint16));
-+ /* add one more stride in case input ends mid-stride */
-+ tbuf_size = add_ms(tbuf_size, sizeof(uint16) * sp->stride);
- if (tbuf_size == 0)
- return (0);
- sp->tbuf = (uint16 *) _TIFFmalloc(tbuf_size);
diff --git a/media-libs/tiff/files/tiff-3.9.7-CVE-2012-4564.patch b/media-libs/tiff/files/tiff-3.9.7-CVE-2012-4564.patch
deleted file mode 100644
index 98a6e6c4409d..000000000000
--- a/media-libs/tiff/files/tiff-3.9.7-CVE-2012-4564.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-Upstream patch for CVE-2012-4564.
-
-
-diff -Naur tiff-3.9.4.orig/tools/ppm2tiff.c tiff-3.9.4/tools/ppm2tiff.c
---- tiff-3.9.4.orig/tools/ppm2tiff.c 2010-06-08 14:50:44.000000000 -0400
-+++ tiff-3.9.4/tools/ppm2tiff.c 2012-12-10 16:16:05.154045877 -0500
-@@ -68,6 +68,17 @@
- exit(-2);
- }
-
-+static tsize_t
-+multiply_ms(tsize_t m1, tsize_t m2)
-+{
-+ tsize_t bytes = m1 * m2;
-+
-+ if (m1 && bytes / m1 != m2)
-+ bytes = 0;
-+
-+ return bytes;
-+}
-+
- int
- main(int argc, char* argv[])
- {
-@@ -85,6 +96,7 @@
- int c;
- extern int optind;
- extern char* optarg;
-+ tsize_t scanline_size;
-
- if (argc < 2) {
- fprintf(stderr, "%s: Too few arguments\n", argv[0]);
-@@ -217,7 +229,8 @@
- }
- switch (bpp) {
- case 1:
-- linebytes = (spp * w + (8 - 1)) / 8;
-+ /* if round-up overflows, result will be zero, OK */
-+ linebytes = (multiply_ms(spp, w) + (8 - 1)) / 8;
- if (rowsperstrip == (uint32) -1) {
- TIFFSetField(out, TIFFTAG_ROWSPERSTRIP, h);
- } else {
-@@ -226,15 +239,31 @@
- }
- break;
- case 8:
-- linebytes = spp * w;
-+ linebytes = multiply_ms(spp, w);
- TIFFSetField(out, TIFFTAG_ROWSPERSTRIP,
- TIFFDefaultStripSize(out, rowsperstrip));
- break;
- }
-- if (TIFFScanlineSize(out) > linebytes)
-+ if (linebytes == 0) {
-+ fprintf(stderr, "%s: scanline size overflow\n", infile);
-+ (void) TIFFClose(out);
-+ exit(-2);
-+ }
-+ scanline_size = TIFFScanlineSize(out);
-+ if (scanline_size == 0) {
-+ /* overflow - TIFFScanlineSize already printed a message */
-+ (void) TIFFClose(out);
-+ exit(-2);
-+ }
-+ if (scanline_size < linebytes)
- buf = (unsigned char *)_TIFFmalloc(linebytes);
- else
-- buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
-+ buf = (unsigned char *)_TIFFmalloc(scanline_size);
-+ if (buf == NULL) {
-+ fprintf(stderr, "%s: Not enough memory\n", infile);
-+ (void) TIFFClose(out);
-+ exit(-2);
-+ }
- if (resolution > 0) {
- TIFFSetField(out, TIFFTAG_XRESOLUTION, resolution);
- TIFFSetField(out, TIFFTAG_YRESOLUTION, resolution);
diff --git a/media-libs/tiff/files/tiff-3.9.7-CVE-2012-5581.patch b/media-libs/tiff/files/tiff-3.9.7-CVE-2012-5581.patch
deleted file mode 100644
index a6bdca137029..000000000000
--- a/media-libs/tiff/files/tiff-3.9.7-CVE-2012-5581.patch
+++ /dev/null
@@ -1,245 +0,0 @@
-Fix unsafe handling of DotRange and related tags. Back-port of upstream
-patch for CVE-2012-5581. (Note: I have not pushed this into upstream CVS
-for the 3.9 branch, because I'm not entirely convinced that it won't create
-application compatibility issues --- tgl)
-
-
-diff -Naur tiff-3.9.7.orig/libtiff/tif_dir.c tiff-3.9.7/libtiff/tif_dir.c
---- tiff-3.9.7.orig/libtiff/tif_dir.c 2012-09-22 10:48:09.000000000 -0400
-+++ tiff-3.9.7/libtiff/tif_dir.c 2012-12-13 13:39:20.448864070 -0500
-@@ -494,32 +494,28 @@
- goto end;
- }
-
-- if ((fip->field_passcount
-+ if (fip->field_tag == TIFFTAG_DOTRANGE
-+ && strcmp(fip->field_name,"DotRange") == 0) {
-+ /* TODO: This is an evil exception and should not have been
-+ handled this way ... likely best if we move it into
-+ the directory structure with an explicit field in
-+ libtiff 4.1 and assign it a FIELD_ value */
-+ uint16 v[2];
-+ v[0] = (uint16)va_arg(ap, int);
-+ v[1] = (uint16)va_arg(ap, int);
-+ _TIFFmemcpy(tv->value, v, 4);
-+ }
-+ else if (fip->field_passcount
- || fip->field_writecount == TIFF_VARIABLE
- || fip->field_writecount == TIFF_VARIABLE2
- || fip->field_writecount == TIFF_SPP
-- || tv->count > 1)
-- && fip->field_tag != TIFFTAG_PAGENUMBER
-- && fip->field_tag != TIFFTAG_HALFTONEHINTS
-- && fip->field_tag != TIFFTAG_YCBCRSUBSAMPLING
-- && fip->field_tag != TIFFTAG_DOTRANGE
-- && fip->field_tag != TIFFTAG_WHITELEVEL) {
-+ || tv->count > 1) {
- _TIFFmemcpy(tv->value, va_arg(ap, void *),
- tv->count * tv_size);
- } else {
-- /*
-- * XXX: The following loop required to handle
-- * TIFFTAG_PAGENUMBER, TIFFTAG_HALFTONEHINTS,
-- * TIFFTAG_YCBCRSUBSAMPLING and TIFFTAG_DOTRANGE tags.
-- * These tags are actually arrays and should be passed as
-- * array pointers to TIFFSetField() function, but actually
-- * passed as a list of separate values. This behaviour
-- * must be changed in the future!
-- */
-- int i;
- char *val = (char *)tv->value;
-
-- for (i = 0; i < tv->count; i++, val += tv_size) {
-+ assert( tv->count == 1 );
- switch (fip->field_type) {
- case TIFF_BYTE:
- case TIFF_UNDEFINED:
-@@ -578,7 +574,6 @@
- status = 0;
- break;
- }
-- }
- }
- }
- }
-@@ -869,24 +864,27 @@
- *va_arg(ap, uint16*) = (uint16)tv->count;
- *va_arg(ap, void **) = tv->value;
- ret_val = 1;
-- } else {
-- if ((fip->field_type == TIFF_ASCII
-+ } else if (fip->field_tag == TIFFTAG_DOTRANGE
-+ && strcmp(fip->field_name,"DotRange") == 0) {
-+ /* TODO: This is an evil exception and should not have been
-+ handled this way ... likely best if we move it into
-+ the directory structure with an explicit field in
-+ libtiff 4.1 and assign it a FIELD_ value */
-+ *va_arg(ap, uint16*) = ((uint16 *)tv->value)[0];
-+ *va_arg(ap, uint16*) = ((uint16 *)tv->value)[1];
-+ ret_val = 1;
-+ } else {
-+ if (fip->field_type == TIFF_ASCII
- || fip->field_readcount == TIFF_VARIABLE
- || fip->field_readcount == TIFF_VARIABLE2
- || fip->field_readcount == TIFF_SPP
-- || tv->count > 1)
-- && fip->field_tag != TIFFTAG_PAGENUMBER
-- && fip->field_tag != TIFFTAG_HALFTONEHINTS
-- && fip->field_tag != TIFFTAG_YCBCRSUBSAMPLING
-- && fip->field_tag != TIFFTAG_DOTRANGE) {
-+ || tv->count > 1) {
- *va_arg(ap, void **) = tv->value;
- ret_val = 1;
- } else {
-- int j;
- char *val = (char *)tv->value;
-
-- for (j = 0; j < tv->count;
-- j++, val += _TIFFDataSize(tv->info->field_type)) {
-+ assert( tv->count == 1 );
- switch (fip->field_type) {
- case TIFF_BYTE:
- case TIFF_UNDEFINED:
-@@ -936,7 +934,6 @@
- ret_val = 0;
- break;
- }
-- }
- }
- }
- break;
-diff -Naur tiff-3.9.7.orig/libtiff/tif_print.c tiff-3.9.7/libtiff/tif_print.c
---- tiff-3.9.7.orig/libtiff/tif_print.c 2010-07-08 12:17:59.000000000 -0400
-+++ tiff-3.9.7/libtiff/tif_print.c 2012-12-13 13:42:12.773478278 -0500
-@@ -112,16 +112,22 @@
- }
-
- static int
--_TIFFPrettyPrintField(TIFF* tif, FILE* fd, ttag_t tag,
-+_TIFFPrettyPrintField(TIFF* tif, const TIFFFieldInfo *fip, FILE* fd, ttag_t tag,
- uint32 value_count, void *raw_data)
- {
- TIFFDirectory *td = &tif->tif_dir;
-
-+ /* do not try to pretty print auto-defined fields */
-+ if (strncmp(fip->field_name,"Tag ", 4) == 0) {
-+ return 0;
-+ }
-+
- switch (tag)
- {
- case TIFFTAG_INKSET:
-- fprintf(fd, " Ink Set: ");
-- switch (*((uint16*)raw_data)) {
-+ if (value_count == 2 && fip->field_type == TIFF_SHORT) {
-+ fprintf(fd, " Ink Set: ");
-+ switch (*((uint16*)raw_data)) {
- case INKSET_CMYK:
- fprintf(fd, "CMYK\n");
- break;
-@@ -130,11 +136,18 @@
- *((uint16*)raw_data),
- *((uint16*)raw_data));
- break;
-+ }
-+ return 1;
- }
-- return 1;
-+ return 0;
-+
- case TIFFTAG_WHITEPOINT:
-- fprintf(fd, " White Point: %g-%g\n",
-- ((float *)raw_data)[0], ((float *)raw_data)[1]); return 1;
-+ if (value_count == 2 && fip->field_type == TIFF_RATIONAL) {
-+ fprintf(fd, " White Point: %g-%g\n",
-+ ((float *)raw_data)[0], ((float *)raw_data)[1]); return 1;
-+ }
-+ return 0;
-+
- case TIFFTAG_REFERENCEBLACKWHITE:
- {
- uint16 i;
-@@ -174,10 +187,13 @@
- (unsigned long) value_count);
- return 1;
- case TIFFTAG_STONITS:
-- fprintf(fd,
-- " Sample to Nits conversion factor: %.4e\n",
-- *((double*)raw_data));
-- return 1;
-+ if (value_count == 1 && fip->field_type == TIFF_DOUBLE) {
-+ fprintf(fd,
-+ " Sample to Nits conversion factor: %.4e\n",
-+ *((double*)raw_data));
-+ return 1;
-+ }
-+ return 0;
- }
-
- return 0;
-@@ -524,44 +540,28 @@
- value_count = td->td_samplesperpixel;
- else
- value_count = fip->field_readcount;
-- if ((fip->field_type == TIFF_ASCII
-+ if (fip->field_tag == TIFFTAG_DOTRANGE
-+ && strcmp(fip->field_name,"DotRange") == 0) {
-+ /* TODO: This is an evil exception and should not have been
-+ handled this way ... likely best if we move it into
-+ the directory structure with an explicit field in
-+ libtiff 4.1 and assign it a FIELD_ value */
-+ static uint16 dotrange[2];
-+ raw_data = dotrange;
-+ TIFFGetField(tif, tag, dotrange+0, dotrange+1);
-+ } else if (fip->field_type == TIFF_ASCII
- || fip->field_readcount == TIFF_VARIABLE
- || fip->field_readcount == TIFF_VARIABLE2
- || fip->field_readcount == TIFF_SPP
-- || value_count > 1)
-- && fip->field_tag != TIFFTAG_PAGENUMBER
-- && fip->field_tag != TIFFTAG_HALFTONEHINTS
-- && fip->field_tag != TIFFTAG_YCBCRSUBSAMPLING
-- && fip->field_tag != TIFFTAG_DOTRANGE) {
-+ || value_count > 1) {
- if(TIFFGetField(tif, tag, &raw_data) != 1)
- continue;
-- } else if (fip->field_tag != TIFFTAG_PAGENUMBER
-- && fip->field_tag != TIFFTAG_HALFTONEHINTS
-- && fip->field_tag != TIFFTAG_YCBCRSUBSAMPLING
-- && fip->field_tag != TIFFTAG_DOTRANGE) {
-- raw_data = _TIFFmalloc(
-- _TIFFDataSize(fip->field_type)
-- * value_count);
-- mem_alloc = 1;
-- if(TIFFGetField(tif, tag, raw_data) != 1) {
-- _TIFFfree(raw_data);
-- continue;
-- }
- } else {
-- /*
-- * XXX: Should be fixed and removed, see the
-- * notes related to TIFFTAG_PAGENUMBER,
-- * TIFFTAG_HALFTONEHINTS,
-- * TIFFTAG_YCBCRSUBSAMPLING and
-- * TIFFTAG_DOTRANGE tags in tif_dir.c. */
-- char *tmp;
- raw_data = _TIFFmalloc(
- _TIFFDataSize(fip->field_type)
- * value_count);
-- tmp = raw_data;
- mem_alloc = 1;
-- if(TIFFGetField(tif, tag, tmp,
-- tmp + _TIFFDataSize(fip->field_type)) != 1) {
-+ if(TIFFGetField(tif, tag, raw_data) != 1) {
- _TIFFfree(raw_data);
- continue;
- }
-@@ -574,7 +574,7 @@
- * _TIFFPrettyPrintField() fall down and print it as any other
- * tag.
- */
-- if (_TIFFPrettyPrintField(tif, fd, tag, value_count, raw_data)) {
-+ if (_TIFFPrettyPrintField(tif, fip, fd, tag, value_count, raw_data)) {
- if(mem_alloc)
- _TIFFfree(raw_data);
- continue;
diff --git a/media-libs/tiff/files/tiff-3.9.7-printdir-width.patch b/media-libs/tiff/files/tiff-3.9.7-printdir-width.patch
deleted file mode 100644
index 6ad7534ac6fe..000000000000
--- a/media-libs/tiff/files/tiff-3.9.7-printdir-width.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Make TIFFPrintDirectory cope with both TIFF_VARIABLE and TIFF_VARIABLE2
-conventions for field_passcount fields, ie, either 16- or 32-bit counts.
-This patch is taken from upstream commits dated 2012-05-23 ("fix crash
-with odd 16bit count types for some custom fields") and 2012-12-12 ("Fix
-TIFF_VARIABLE/TIFF_VARIABLE2 confusion in TIFFPrintDirectory").
-
-This doesn't qualify as a security issue in itself, mainly because
-TIFFPrintDirectory is unlikely to be used in any security-exposed
-scenarios; but we need to fix it so that our test case for CVE-2012-5581
-works on all platforms.
-
-
-diff -Naur tiff-3.9.4.orig/libtiff/tif_print.c tiff-3.9.4/libtiff/tif_print.c
---- tiff-3.9.4.orig/libtiff/tif_print.c 2010-06-08 14:50:42.000000000 -0400
-+++ tiff-3.9.4/libtiff/tif_print.c 2012-12-13 12:17:33.726765771 -0500
-@@ -518,8 +518,19 @@
- continue;
-
- if(fip->field_passcount) {
-- if(TIFFGetField(tif, tag, &value_count, &raw_data) != 1)
-+ if (fip->field_readcount == TIFF_VARIABLE2 ) {
-+ if(TIFFGetField(tif, tag, &value_count, &raw_data) != 1)
-+ continue;
-+ } else if (fip->field_readcount == TIFF_VARIABLE ) {
-+ uint16 small_value_count;
-+ if(TIFFGetField(tif, tag, &small_value_count, &raw_data) != 1)
-+ continue;
-+ value_count = small_value_count;
-+ } else {
-+ assert (fip->field_readcount == TIFF_VARIABLE
-+ || fip->field_readcount == TIFF_VARIABLE2);
- continue;
-+ }
- } else {
- if (fip->field_readcount == TIFF_VARIABLE
- || fip->field_readcount == TIFF_VARIABLE2)
diff --git a/media-libs/tiff/files/tiff-3.9.7-tiffinfo-exif.patch b/media-libs/tiff/files/tiff-3.9.7-tiffinfo-exif.patch
deleted file mode 100644
index a326e21e298b..000000000000
--- a/media-libs/tiff/files/tiff-3.9.7-tiffinfo-exif.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-Teach "tiffinfo -D" to not try to print image data inside an EXIF subdirectory,
-because there isn't any. Back-patched from an upstream 4.0.2 fix.
-
-This is not a security issue in itself (it crashes, but with a simple NULL
-pointer dereference). However, our test case for CVE-2012-5581 tickles this
-bug, so it seems easier to fix this than make a new test case.
-
-
-diff -Naur tiff-3.9.4.orig/tools/tiffinfo.c tiff-3.9.4/tools/tiffinfo.c
---- tiff-3.9.4.orig/tools/tiffinfo.c 2010-06-08 14:50:44.000000000 -0400
-+++ tiff-3.9.4/tools/tiffinfo.c 2012-12-11 16:33:17.062228558 -0500
-@@ -49,7 +49,7 @@
- int stoponerr = 1; /* stop on first read error */
-
- static void usage(void);
--static void tiffinfo(TIFF*, uint16, long);
-+static void tiffinfo(TIFF*, uint16, long, int);
-
- int
- main(int argc, char* argv[])
-@@ -124,19 +124,20 @@
- if (tif != NULL) {
- if (dirnum != -1) {
- if (TIFFSetDirectory(tif, (tdir_t) dirnum))
-- tiffinfo(tif, order, flags);
-+ tiffinfo(tif, order, flags, 1);
- } else if (diroff != 0) {
- if (TIFFSetSubDirectory(tif, diroff))
-- tiffinfo(tif, order, flags);
-+ tiffinfo(tif, order, flags, 1);
- } else {
- do {
- uint32 offset;
-
-- tiffinfo(tif, order, flags);
-+ tiffinfo(tif, order, flags, 1);
- if (TIFFGetField(tif, TIFFTAG_EXIFIFD,
- &offset)) {
-- if (TIFFReadEXIFDirectory(tif, offset))
-- tiffinfo(tif, order, flags);
-+ if (TIFFReadEXIFDirectory(tif, offset)) {
-+ tiffinfo(tif, order, flags, 0);
-+ }
- }
- } while (TIFFReadDirectory(tif));
- }
-@@ -426,10 +427,10 @@
- }
-
- static void
--tiffinfo(TIFF* tif, uint16 order, long flags)
-+tiffinfo(TIFF* tif, uint16 order, long flags, int is_image)
- {
- TIFFPrintDirectory(tif, stdout, flags);
-- if (!readdata)
-+ if (!readdata || !is_image)
- return;
- if (rawdata) {
- if (order) {
diff --git a/media-libs/tiff/tiff-3.9.7-r1.ebuild b/media-libs/tiff/tiff-3.9.7-r1.ebuild
deleted file mode 100644
index 467c3bb64906..000000000000
--- a/media-libs/tiff/tiff-3.9.7-r1.ebuild
+++ /dev/null
@@ -1,67 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=5
-
-# this ebuild is only for the libtiff.so.3 (+ 4) and libtiffxx.so.3 (+ 4) SONAME for ABI compat
-
-inherit eutils libtool multilib multilib-minimal
-
-DESCRIPTION="Library for manipulation of TIFF (Tag Image File Format) images"
-HOMEPAGE="http://libtiff.maptools.org"
-SRC_URI="ftp://ftp.remotesensing.org/pub/libtiff/${P}.tar.gz"
-
-LICENSE="libtiff"
-SLOT="3"
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 m68k ~mips ~ppc ~ppc64 s390 sh ~sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="+cxx jbig jpeg zlib"
-
-RDEPEND="jpeg? ( >=virtual/jpeg-0-r2[${MULTILIB_USEDEP}] )
- jbig? ( >=media-libs/jbigkit-2.1[${MULTILIB_USEDEP}] )
- zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
- !media-libs/tiff-compat
- !=media-libs/tiff-3*:0"
-DEPEND="${RDEPEND}"
-
-src_prepare() {
- epatch \
- "${FILESDIR}"/${P}-CVE-2012-{4447,4564,5581}.patch \
- "${FILESDIR}"/${P}-tiffinfo-exif.patch \
- "${FILESDIR}"/${P}-printdir-width.patch
-
- elibtoolize
-}
-
-multilib_src_configure() {
- ECONF_SOURCE="${S}" econf \
- --libdir=/libdir \
- --disable-static \
- $(use_enable cxx) \
- $(use_enable zlib) \
- $(use_enable jpeg) \
- $(use_enable jbig) \
- --without-x
-}
-
-multilib_src_install() {
- # Let `make install` and libtool handle insecure runpath(s)
- dodir tmp
- emake DESTDIR="${ED}/tmp" install
-
- # .so.3 (upstream) is used by sci-chemistry/icm
- # .so.4 (Debian) is used by net-im/skype
- exeinto /usr/$(get_libdir)
- doexe "${ED}"/tmp/libdir/libtiff$(get_libname 3)
- dosym libtiff$(get_libname 3) /usr/$(get_libdir)/libtiff$(get_libname 4)
- if use cxx; then
- doexe "${ED}"/tmp/libdir/libtiffxx$(get_libname 3)
- dosym libtiffxx$(get_libname 3) /usr/$(get_libdir)/libtiffxx$(get_libname 4)
- fi
-
- rm -rf "${ED}"/tmp
-}
-
-multilib_src_install_all() {
- # (avoid installing docs)
- :
-}
diff --git a/media-libs/tiff/tiff-4.0.10.ebuild b/media-libs/tiff/tiff-4.0.10.ebuild
index a41a3102657c..8373253c0284 100644
--- a/media-libs/tiff/tiff-4.0.10.ebuild
+++ b/media-libs/tiff/tiff-4.0.10.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2018 Gentoo Authors
+# Copyright 1999-2019 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
@@ -12,7 +12,7 @@ SRC_URI="http://download.osgeo.org/libtiff/${P}.tar.gz
LICENSE="libtiff"
SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x64-cygwin ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~x64-cygwin ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
IUSE="+cxx jbig jpeg lzma static-libs test webp zlib zstd"
RDEPEND="