diff options
Diffstat (limited to 'media-libs/tiff')
-rw-r--r-- | media-libs/tiff/Manifest | 2 | ||||
-rw-r--r-- | media-libs/tiff/files/tiff-4.0.9-CVE-2018-5784.patch | 128 | ||||
-rw-r--r-- | media-libs/tiff/tiff-4.0.9-r3.ebuild | 84 |
3 files changed, 214 insertions, 0 deletions
diff --git a/media-libs/tiff/Manifest b/media-libs/tiff/Manifest index 6001f8734365..885b49596b7c 100644 --- a/media-libs/tiff/Manifest +++ b/media-libs/tiff/Manifest @@ -13,6 +13,7 @@ AUX tiff-4.0.7-pdfium-0018-fix-leak-in-PredictorSetupDecode.patch 849 BLAKE2B b0 AUX tiff-4.0.7-pdfium-0021-oom-TIFFFillStrip.patch 1228 BLAKE2B ca3babb8a10c96ecfb72914651f8e737ec4d2a7a7fbdc4b9c153e2a7f540fa1a0b5907bad374ddbce53364caba0282d848b03992b793c14490740ecb786fe47c SHA512 4add933c6b7e2938affb03e00da0bb28789cd9998f5496f4b592ae14d35175f6ce8a4e83ee639ef42211a8683bddad5b4c8375a1ba0a331bc72a40c45e691162 AUX tiff-4.0.9-CVE-2017-9935-fix-incorrect-type.patch 2443 BLAKE2B e18f4acec3dc8088eec5080272e6d759c0823cb1f8036d45bc5289cc22e8a487ff5d8761e0d2e49d4c450f407e859c00913988df9c45e51318b53c5fbec01483 SHA512 a489d4bdf5b3861fdf18107ff4a0224e2d458acf719af9d7eb6ef230285ceb5d37bc483c32800cc8180ccc69ffbc80d8887b8660265466ddd52a3447f1f44e61 AUX tiff-4.0.9-CVE-2017-9935.patch 6636 BLAKE2B b7660dee9e379aea59f7225024697ea35b820837502e9e19157391c569c6b85473c4da5163f2e6fa8934c68cc32cbc45d025a2c336d21d79f461723a68a6e49f SHA512 ca1beda6e1550ac8a4bdf2bdefaba38f5fc40d2e842709ed1a803aeef5c34cd466f93fc6e7bb8e7ffb7e21a702d54584b84615e7c3dc3a8d2d29ceeadaeca7f6 +AUX tiff-4.0.9-CVE-2018-5784.patch 4251 BLAKE2B defd555ebc53e178439331cd04f3099c4ad77584efd0a4312802307ce90828e63513df738e992905af824f25d987d43e095d313d359c3de9eebba5bf4c843bf1 SHA512 ebff45d1ecc1fb783f806eb556ccb01316289e190786378309a51a0c4d10b53ae6c86a1310ea59bc79946e633163916700e17752d0a7add10c22b8824b000b7b DIST tiff-3.9.7.tar.gz 1468097 BLAKE2B 303339acf9bb48558695b13fcc2b41acacbbf2ce6d2ec497067761895cb2de7674108e8ca2f35f845dcd2e45801777fe25d234af1c308acf59846c2f5617ab53 SHA512 ca89584a9ffa33b4986e4bc2165043cec239896f1f0ab73db00818d0442b570efaa6345b2ed422e884202324d359713df849bf14782bb0cf3b959655febddd77 DIST tiff-4.0.8.tar.gz 2065574 BLAKE2B b9ece26d3549836d2cbbce1b90ce724a6eae51adae0abbd6193942ced8be965df63d1aa8e774b83d9ae689e5d08033705ef62b77276b40c34913cd535caa72b9 SHA512 5d010ec4ce37aca733f7ab7db9f432987b0cd21664bd9d99452a146833c40f0d1e7309d1870b0395e947964134d5cfeb1366181e761fe353ad585803ff3d6be6 DIST tiff-4.0.9.tar.gz 2305681 BLAKE2B 3de03408d2974b9f9f5f2444029cc3018ef43beb67e9fd21be68ee400cdcc6deca1247f055d880841a18b92284ce81f112682c8b5f083ddc61e5255d73a7de3f SHA512 04f3d5eefccf9c1a0393659fe27f3dddd31108c401ba0dc587bca152a1c1f6bc844ba41622ff5572da8cc278593eff8c402b44e7af0a0090e91d326c2d79f6cd @@ -20,4 +21,5 @@ EBUILD tiff-3.9.7-r1.ebuild 2072 BLAKE2B 1a1fbd60077b9d98c591041006443f2074d78d8 EBUILD tiff-4.0.8.ebuild 2615 BLAKE2B 7cbfe610a0a6120946bcfcbbbbfdcd3de00d3355478900efe4206e95db378d60772f2e553a55719557d087669af653c7b151da93efc0afe0a287bf5d512a1bb3 SHA512 100bda64fb5f70919467585eac5d717d4cf7dfb6059c9a87482c370a3013eb566b73ad01160c0a9b5cab48e6b442182edbbe70d593293ce8984650032981c339 EBUILD tiff-4.0.9-r1.ebuild 2260 BLAKE2B 4bf6af1f52b2990ffe3ec4a6169ee8ac774f3bdb52bdfe46450a6b724b4ca0ac04d4d7f849e390125403e0aa8555465b32ce5a824d8344403688321a6708f2de SHA512 1b47e588d6578cc2d6d3c0b1264f896854f2279ee8f9dd07b377ed4f78d680306eefa3cd462e27e460af18289d8734fa69128b55d5d0352a0199ba93a4377e09 EBUILD tiff-4.0.9-r2.ebuild 2359 BLAKE2B 65b2f2e66992a1d926aacd94439afc0f1fa48e568473fb750bacfa30048c618b1bb4e75555d18f434a13ec0736be7292e8c00921a6e7c605082fba7f8f2432f5 SHA512 5fea44e4882feffea242270d23a464348aa086dec354349f09ed4be0ae26664e8522fbec177820fe8e1c9d94764746a493fb0b7e38b249300bf316243a3625f7 +EBUILD tiff-4.0.9-r3.ebuild 2407 BLAKE2B a045242c1178ac10851ec399e861aa93034a5b3b101c8571320c2a1b624890f5c2466a3bb988fcbfb28fa0e49ce0bed49fe06ed265cb2a7b28c57af17825ded3 SHA512 cbaf975dc3c468a0d7b26133c73dbf3f568a435b3399416f616aee163012f6bd04f9a77796a4545c745fb666f45a41d26b7d5f8c4e1c85a24beb3c1ba00126d8 MISC metadata.xml 565 BLAKE2B 3d487835599974795ba6007439bf1d08756ab1c5dbe191509832b302f3199e4ffc05be64df3e26b4d4a1c11d1292c48cbb59ffa6e412831d16d7415e076f1062 SHA512 289043206dbb512c97e4bb703b32549ac4a77f40e212548b80ea865052b80fed9d4562f9fc94638fda54da9bc3e0c19ba303c027e66e7b75c772aeec91aebe6f diff --git a/media-libs/tiff/files/tiff-4.0.9-CVE-2018-5784.patch b/media-libs/tiff/files/tiff-4.0.9-CVE-2018-5784.patch new file mode 100644 index 000000000000..56d0f4b06876 --- /dev/null +++ b/media-libs/tiff/files/tiff-4.0.9-CVE-2018-5784.patch @@ -0,0 +1,128 @@ +From 473851d211cf8805a161820337ca74cc9615d6ef Mon Sep 17 00:00:00 2001 +From: Nathan Baker <nathanb@lenovo-chrome.com> +Date: Tue, 6 Feb 2018 10:13:57 -0500 +Subject: [PATCH] Fix for bug 2772 + +It is possible to craft a TIFF document where the IFD list is circular, +leading to an infinite loop while traversing the chain. The libtiff +directory reader has a failsafe that will break out of this loop after +reading 65535 directory entries, but it will continue processing, +consuming time and resources to process what is essentially a bogus TIFF +document. + +This change fixes the above behavior by breaking out of processing when +a TIFF document has >= 65535 directories and terminating with an error. +--- + contrib/addtiffo/tif_overview.c | 14 +++++++++++++- + tools/tiff2pdf.c | 10 ++++++++++ + tools/tiffcrop.c | 13 +++++++++++-- + 3 files changed, 34 insertions(+), 3 deletions(-) + +diff --git a/contrib/addtiffo/tif_overview.c b/contrib/addtiffo/tif_overview.c +index c61ffbb..03b3573 100644 +--- a/contrib/addtiffo/tif_overview.c ++++ b/contrib/addtiffo/tif_overview.c +@@ -65,6 +65,8 @@ + # define MAX(a,b) ((a>b) ? a : b) + #endif + ++#define TIFF_DIR_MAX 65534 ++ + void TIFFBuildOverviews( TIFF *, int, int *, int, const char *, + int (*)(double,void*), void * ); + +@@ -91,6 +93,7 @@ uint32 TIFF_WriteOverview( TIFF *hTIFF, uint32 nXSize, uint32 nYSize, + { + toff_t nBaseDirOffset; + toff_t nOffset; ++ tdir_t iNumDir; + + (void) bUseSubIFDs; + +@@ -147,7 +150,16 @@ uint32 TIFF_WriteOverview( TIFF *hTIFF, uint32 nXSize, uint32 nYSize, + return 0; + + TIFFWriteDirectory( hTIFF ); +- TIFFSetDirectory( hTIFF, (tdir_t) (TIFFNumberOfDirectories(hTIFF)-1) ); ++ iNumDir = TIFFNumberOfDirectories(hTIFF); ++ if( iNumDir > TIFF_DIR_MAX ) ++ { ++ TIFFErrorExt( TIFFClientdata(hTIFF), ++ "TIFF_WriteOverview", ++ "File `%s' has too many directories.\n", ++ TIFFFileName(hTIFF) ); ++ exit(-1); ++ } ++ TIFFSetDirectory( hTIFF, (tdir_t) (iNumDir - 1) ); + + nOffset = TIFFCurrentDirOffset( hTIFF ); + +diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c +index 984ef65..832a247 100644 +--- a/tools/tiff2pdf.c ++++ b/tools/tiff2pdf.c +@@ -68,6 +68,8 @@ extern int getopt(int, char**, char*); + + #define PS_UNIT_SIZE 72.0F + ++#define TIFF_DIR_MAX 65534 ++ + /* This type is of PDF color spaces. */ + typedef enum { + T2P_CS_BILEVEL = 0x01, /* Bilevel, black and white */ +@@ -1051,6 +1053,14 @@ void t2p_read_tiff_init(T2P* t2p, TIFF* input){ + uint16* tiff_transferfunction[3]; + + directorycount=TIFFNumberOfDirectories(input); ++ if(directorycount > TIFF_DIR_MAX) { ++ TIFFError( ++ TIFF2PDF_MODULE, ++ "TIFF contains too many directories, %s", ++ TIFFFileName(input)); ++ t2p->t2p_error = T2P_ERR_ERROR; ++ return; ++ } + t2p->tiff_pages = (T2P_PAGE*) _TIFFmalloc(TIFFSafeMultiply(tmsize_t,directorycount,sizeof(T2P_PAGE))); + if(t2p->tiff_pages==NULL){ + TIFFError( +diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c +index 91a38f6..e466dae 100644 +--- a/tools/tiffcrop.c ++++ b/tools/tiffcrop.c +@@ -215,6 +215,8 @@ extern int getopt(int argc, char * const argv[], const char *optstring); + #define DUMP_TEXT 1 + #define DUMP_RAW 2 + ++#define TIFF_DIR_MAX 65534 ++ + /* Offsets into buffer for margins and fixed width and length segments */ + struct offset { + uint32 tmargin; +@@ -2232,7 +2234,7 @@ main(int argc, char* argv[]) + pageNum = -1; + else + total_images = 0; +- /* read multiple input files and write to output file(s) */ ++ /* Read multiple input files and write to output file(s) */ + while (optind < argc - 1) + { + in = TIFFOpen (argv[optind], "r"); +@@ -2240,7 +2242,14 @@ main(int argc, char* argv[]) + return (-3); + + /* If only one input file is specified, we can use directory count */ +- total_images = TIFFNumberOfDirectories(in); ++ total_images = TIFFNumberOfDirectories(in); ++ if (total_images > TIFF_DIR_MAX) ++ { ++ TIFFError (TIFFFileName(in), "File contains too many directories"); ++ if (out != NULL) ++ (void) TIFFClose(out); ++ return (1); ++ } + if (image_count == 0) + { + dirnum = 0; +-- +libgit2 0.26.0 + diff --git a/media-libs/tiff/tiff-4.0.9-r3.ebuild b/media-libs/tiff/tiff-4.0.9-r3.ebuild new file mode 100644 index 000000000000..b8364e2b3cfc --- /dev/null +++ b/media-libs/tiff/tiff-4.0.9-r3.ebuild @@ -0,0 +1,84 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit autotools libtool ltprune multilib-minimal + +DESCRIPTION="Tag Image File Format (TIFF) library" +HOMEPAGE="http://libtiff.maptools.org" +SRC_URI="http://download.osgeo.org/libtiff/${P}.tar.gz + ftp://ftp.remotesensing.org/pub/libtiff/${P}.tar.gz" + +LICENSE="libtiff" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~x64-solaris ~x86-solaris" +IUSE="+cxx jbig jpeg lzma static-libs test zlib" + +RDEPEND="jpeg? ( >=virtual/jpeg-0-r2:0=[${MULTILIB_USEDEP}] ) + jbig? ( >=media-libs/jbigkit-2.1:=[${MULTILIB_USEDEP}] ) + lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[${MULTILIB_USEDEP}] ) + zlib? ( >=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}] ) + abi_x86_32? ( + !<=app-emulation/emul-linux-x86-baselibs-20130224-r9 + !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] + )" +DEPEND="${RDEPEND}" + +REQUIRED_USE="test? ( jpeg )" #483132 + +PATCHES=( + "${FILESDIR}"/${PN}-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch + "${FILESDIR}"/${PN}-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch + "${FILESDIR}"/${P}-CVE-2017-9935.patch #624696 + "${FILESDIR}"/${P}-CVE-2017-9935-fix-incorrect-type.patch #624696 + "${FILESDIR}"/${P}-CVE-2018-5784.patch #645730 +) + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/tiffconf.h +) + +src_prepare() { + default + + # tiffcp-thumbnail.sh fails as thumbnail binary doesn't get built anymore since tiff-4.0.7 + sed '/tiffcp-thumbnail\.sh/d' -i test/Makefile.am || die + + eautoreconf +} + +multilib_src_configure() { + local myeconfargs=( + --without-x + $(use_enable cxx) + $(use_enable jbig) + $(use_enable jpeg) + $(use_enable lzma) + $(use_enable static-libs static) + $(use_enable zlib) + ) + ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" + + # remove useless subdirs + if ! multilib_is_native_abi ; then + sed -i \ + -e 's/ tools//' \ + -e 's/ contrib//' \ + -e 's/ man//' \ + -e 's/ html//' \ + Makefile || die + fi +} + +multilib_src_test() { + if ! multilib_is_native_abi ; then + emake -C tools + fi + emake check +} + +multilib_src_install_all() { + prune_libtool_files --all + rm -f "${ED%/}"/usr/share/doc/${PF}/{COPYRIGHT,README*,RELEASE-DATE,TODO,VERSION} +} |