diff options
Diffstat (limited to 'media-libs/tiff')
| -rw-r--r-- | media-libs/tiff/Manifest | 10 | ||||
| -rw-r--r-- | media-libs/tiff/files/tiff-4.0.9-CVE-2017-18013.patch | 39 | ||||
| -rw-r--r-- | media-libs/tiff/files/tiff-4.0.9-CVE-2017-9935-fix-incorrect-type.patch | 58 | ||||
| -rw-r--r-- | media-libs/tiff/files/tiff-4.0.9-CVE-2017-9935.patch | 153 | ||||
| -rw-r--r-- | media-libs/tiff/files/tiff-4.0.9-CVE-2018-5784.patch | 128 | ||||
| -rw-r--r-- | media-libs/tiff/metadata.xml | 3 | ||||
| -rw-r--r-- | media-libs/tiff/tiff-4.0.10.ebuild | 2 | ||||
| -rw-r--r-- | media-libs/tiff/tiff-4.0.9-r4.ebuild | 83 |
8 files changed, 3 insertions, 473 deletions
diff --git a/media-libs/tiff/Manifest b/media-libs/tiff/Manifest index 5b4cb24c3543..2ef423f494cc 100644 --- a/media-libs/tiff/Manifest +++ b/media-libs/tiff/Manifest @@ -1,11 +1,5 @@ AUX tiff-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch 930 BLAKE2B 52d77fcdd773ce52232257da2c60f8b90417f102238df2039262e3afa7275908c74817ddd6958e430d7cfcff58d2d04ebd6ddd49f553f0f261883b67f557c599 SHA512 822ccc22304d23b4f50efe1f0fb7890fda8b9edf2075b8add814c0bac0a153fa0ed5d7ee5f47e23799b24f11678c8e0bf9c90ad59c5cc61fd9546b2dca4714a9 AUX tiff-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch 924 BLAKE2B 03160ce33639620b1deb918d358f559b8bc6296d28530b440d0d770438453c25aecc393b8cfcc582ed2d0ec1decd557a212c91f43f7923c9e94387e235680021 SHA512 43973cc5512eb8fe2e0beab1a98ff0d3bd999ed1adbf7c08c344b3442559cc2cdc99a9f2e9c1bb2bffa4be027945b12b120fa27ec6c8006367932039b8d8dd37 -AUX tiff-4.0.9-CVE-2017-18013.patch 1531 BLAKE2B e0b825408ba684084153ebd19c13bc7124733ba9b84393534b57481aabb8f1de5529f0a31c997b6e4947be8f01970c711e1f23ce30919bcbcef489939a0ed31e SHA512 e0598c4702fbe22379182c78191305b3769b7cb7f927ad4372e220aad9567e43adee6baa164696852ce6fa4f1f307c666a4fc3fc2b942baca16cd2b8fe9998cb -AUX tiff-4.0.9-CVE-2017-9935-fix-incorrect-type.patch 2443 BLAKE2B e18f4acec3dc8088eec5080272e6d759c0823cb1f8036d45bc5289cc22e8a487ff5d8761e0d2e49d4c450f407e859c00913988df9c45e51318b53c5fbec01483 SHA512 a489d4bdf5b3861fdf18107ff4a0224e2d458acf719af9d7eb6ef230285ceb5d37bc483c32800cc8180ccc69ffbc80d8887b8660265466ddd52a3447f1f44e61 -AUX tiff-4.0.9-CVE-2017-9935.patch 6636 BLAKE2B b7660dee9e379aea59f7225024697ea35b820837502e9e19157391c569c6b85473c4da5163f2e6fa8934c68cc32cbc45d025a2c336d21d79f461723a68a6e49f SHA512 ca1beda6e1550ac8a4bdf2bdefaba38f5fc40d2e842709ed1a803aeef5c34cd466f93fc6e7bb8e7ffb7e21a702d54584b84615e7c3dc3a8d2d29ceeadaeca7f6 -AUX tiff-4.0.9-CVE-2018-5784.patch 4251 BLAKE2B defd555ebc53e178439331cd04f3099c4ad77584efd0a4312802307ce90828e63513df738e992905af824f25d987d43e095d313d359c3de9eebba5bf4c843bf1 SHA512 ebff45d1ecc1fb783f806eb556ccb01316289e190786378309a51a0c4d10b53ae6c86a1310ea59bc79946e633163916700e17752d0a7add10c22b8824b000b7b DIST tiff-4.0.10.tar.gz 2402867 BLAKE2B 0305453f22150c31d00d2de756736f58c49a288e19b2a66bdd01319ce4688742f6eab4009eaf1817125d41f53a23de17eb6265a3ebae458ec24f5dbb3d49764e SHA512 d213e5db09fd56b8977b187c5a756f60d6e3e998be172550c2892dbdb4b2a8e8c750202bc863fe27d0d1c577ab9de1710d15e9f6ed665aadbfd857525a81eea8 -DIST tiff-4.0.9.tar.gz 2305681 BLAKE2B 3de03408d2974b9f9f5f2444029cc3018ef43beb67e9fd21be68ee400cdcc6deca1247f055d880841a18b92284ce81f112682c8b5f083ddc61e5255d73a7de3f SHA512 04f3d5eefccf9c1a0393659fe27f3dddd31108c401ba0dc587bca152a1c1f6bc844ba41622ff5572da8cc278593eff8c402b44e7af0a0090e91d326c2d79f6cd -EBUILD tiff-4.0.10.ebuild 2320 BLAKE2B 4d31a67539f9bc1c732db69bf57446f96ec13e573ac0531ce7fa3c7be39c28dee1fb9a275593d94f8ba11f6b5c3b4a0f5a82a47588b4542d4d1502aeb2149bc1 SHA512 a208da6710cbba1ff103b6399ee3f0186ac5e756e432fe7ac3c3333d1afa090620a9452d81b08de7b2eb052977cb313c043d9a2311e84b029a84f84ad3f1b978 -EBUILD tiff-4.0.9-r4.ebuild 2354 BLAKE2B 272c6c559ca76d81689caefa8dbd66aa22b8e29fd2cf35ba0699abaf2e85fa1f542237c9eb3b85735921617b76790bdbaede55b0c113a7cc2d35b192d3821e85 SHA512 ee3c1ab75d4694bce0e9523394ed0bf9daca1de6bc276199d96b655192a59f72ddc4bbbc7981e26c6f44531da334bbaab94fb9fa72191d6c241e861b71e78e4b -MISC metadata.xml 640 BLAKE2B faec0c1b8ddc13c849f3814532d7886a7b1fcc7aee14eb1ff26dc0265d51bd7516c779e2dba8e9dc8c1116f3be46db6dd06bfe46dd4b5dc3300f29b402bb666a SHA512 9445f36944e1018afcb83e3f5d9382d8e91d52924171786a40606ab46bfe0c0de744b40fc2adb58ece5d0168bca967d2bef73de05a81cd46615bd50502d08a29 +EBUILD tiff-4.0.10.ebuild 2323 BLAKE2B e8a1f0c734f360cbb4cde9a264be7c67d75d7e0121accb48da5c972a344b28042ab36c98a43c01b027261d0bc61849a8d9d40fd53cd0695f56696644cda49bef SHA512 ca55c5e5ff17c56489c4197b9b9d217283ab60247c4fd5d7248859b2f4d21140f7401b3868cd1b43f8705fa8be2772ba2f8dcba19db17c245575f0840b154314 +MISC metadata.xml 565 BLAKE2B 3d487835599974795ba6007439bf1d08756ab1c5dbe191509832b302f3199e4ffc05be64df3e26b4d4a1c11d1292c48cbb59ffa6e412831d16d7415e076f1062 SHA512 289043206dbb512c97e4bb703b32549ac4a77f40e212548b80ea865052b80fed9d4562f9fc94638fda54da9bc3e0c19ba303c027e66e7b75c772aeec91aebe6f diff --git a/media-libs/tiff/files/tiff-4.0.9-CVE-2017-18013.patch b/media-libs/tiff/files/tiff-4.0.9-CVE-2017-18013.patch deleted file mode 100644 index 2db890aef906..000000000000 --- a/media-libs/tiff/files/tiff-4.0.9-CVE-2017-18013.patch +++ /dev/null @@ -1,39 +0,0 @@ -https://bugs.gentoo.org/645982 -https://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01 - -From c6f41df7b581402dfba3c19a1e3df4454c551a01 Mon Sep 17 00:00:00 2001 -From: Even Rouault <even.rouault@spatialys.com> -Date: Sun, 31 Dec 2017 15:09:41 +0100 -Subject: [PATCH] libtiff/tif_print.c: TIFFPrintDirectory(): fix null pointer - dereference on corrupted file. Fixes - http://bugzilla.maptools.org/show_bug.cgi?id=2770 - ---- - libtiff/tif_print.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/libtiff/tif_print.c b/libtiff/tif_print.c -index 9959d353b1f9..8deceb2b054d 100644 ---- a/libtiff/tif_print.c -+++ b/libtiff/tif_print.c -@@ -665,13 +665,13 @@ TIFFPrintDirectory(TIFF* tif, FILE* fd, long flags) - #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) - fprintf(fd, " %3lu: [%8I64u, %8I64u]\n", - (unsigned long) s, -- (unsigned __int64) td->td_stripoffset[s], -- (unsigned __int64) td->td_stripbytecount[s]); -+ td->td_stripoffset ? (unsigned __int64) td->td_stripoffset[s] : 0, -+ td->td_stripbytecount ? (unsigned __int64) td->td_stripbytecount[s] : 0); - #else - fprintf(fd, " %3lu: [%8llu, %8llu]\n", - (unsigned long) s, -- (unsigned long long) td->td_stripoffset[s], -- (unsigned long long) td->td_stripbytecount[s]); -+ td->td_stripoffset ? (unsigned long long) td->td_stripoffset[s] : 0, -+ td->td_stripbytecount ? (unsigned long long) td->td_stripbytecount[s] : 0); - #endif - } - } --- -2.16.1 - diff --git a/media-libs/tiff/files/tiff-4.0.9-CVE-2017-9935-fix-incorrect-type.patch b/media-libs/tiff/files/tiff-4.0.9-CVE-2017-9935-fix-incorrect-type.patch deleted file mode 100644 index 101618ee7d57..000000000000 --- a/media-libs/tiff/files/tiff-4.0.9-CVE-2017-9935-fix-incorrect-type.patch +++ /dev/null @@ -1,58 +0,0 @@ -From d4f213636b6f950498a1386083199bd7f65676b9 Mon Sep 17 00:00:00 2001 -From: Brian May <brian@linuxpenguins.xyz> -Date: Thu, 7 Dec 2017 07:49:20 +1100 -Subject: [PATCH] tiff2pdf: Fix apparent incorrect type for transfer table - -The standard says the transfer table contains unsigned 16 bit values, -I have no idea why we refer to them as floats. ---- - tools/tiff2pdf.c | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c -index c3ec074..484776c 100644 ---- a/tools/tiff2pdf.c -+++ b/tools/tiff2pdf.c -@@ -237,7 +237,7 @@ typedef struct { - float tiff_whitechromaticities[2]; - float tiff_primarychromaticities[6]; - float tiff_referenceblackwhite[2]; -- float* tiff_transferfunction[3]; -+ uint16* tiff_transferfunction[3]; - int pdf_image_interpolate; /* 0 (default) : do not interpolate, - 1 : interpolate */ - uint16 tiff_transferfunctioncount; -@@ -1048,7 +1048,7 @@ void t2p_read_tiff_init(T2P* t2p, TIFF* input){ - uint16 paged=0; - uint16 xuint16=0; - uint16 tiff_transferfunctioncount=0; -- float* tiff_transferfunction[3]; -+ uint16* tiff_transferfunction[3]; - - directorycount=TIFFNumberOfDirectories(input); - t2p->tiff_pages = (T2P_PAGE*) _TIFFmalloc(TIFFSafeMultiply(tmsize_t,directorycount,sizeof(T2P_PAGE))); -@@ -1153,8 +1153,8 @@ void t2p_read_tiff_init(T2P* t2p, TIFF* input){ - &(tiff_transferfunction[1]), - &(tiff_transferfunction[2]))) { - -- if((tiff_transferfunction[1] != (float*) NULL) && -- (tiff_transferfunction[2] != (float*) NULL) -+ if((tiff_transferfunction[1] != (uint16*) NULL) && -+ (tiff_transferfunction[2] != (uint16*) NULL) - ) { - tiff_transferfunctioncount=3; - } else { -@@ -1851,8 +1851,8 @@ void t2p_read_tiff_data(T2P* t2p, TIFF* input){ - &(t2p->tiff_transferfunction[0]), - &(t2p->tiff_transferfunction[1]), - &(t2p->tiff_transferfunction[2]))) { -- if((t2p->tiff_transferfunction[1] != (float*) NULL) && -- (t2p->tiff_transferfunction[2] != (float*) NULL) -+ if((t2p->tiff_transferfunction[1] != (uint16*) NULL) && -+ (t2p->tiff_transferfunction[2] != (uint16*) NULL) - ) { - t2p->tiff_transferfunctioncount=3; - } else { --- -libgit2 0.26.0 - diff --git a/media-libs/tiff/files/tiff-4.0.9-CVE-2017-9935.patch b/media-libs/tiff/files/tiff-4.0.9-CVE-2017-9935.patch deleted file mode 100644 index 96a10aa9b373..000000000000 --- a/media-libs/tiff/files/tiff-4.0.9-CVE-2017-9935.patch +++ /dev/null @@ -1,153 +0,0 @@ -From 3dd8f6a357981a4090f126ab9025056c938b6940 Mon Sep 17 00:00:00 2001 -From: Brian May <brian@linuxpenguins.xyz> -Date: Thu, 7 Dec 2017 07:46:47 +1100 -Subject: [PATCH] tiff2pdf: Fix CVE-2017-9935 - -Fix for http://bugzilla.maptools.org/show_bug.cgi?id=2704 - -This vulnerability - at least for the supplied test case - is because we -assume that a tiff will only have one transfer function that is the same -for all pages. This is not required by the TIFF standards. - -We than read the transfer function for every page. Depending on the -transfer function, we allocate either 2 or 4 bytes to the XREF buffer. -We allocate this memory after we read in the transfer function for the -page. - -For the first exploit - POC1, this file has 3 pages. For the first page -we allocate 2 extra extra XREF entries. Then for the next page 2 more -entries. Then for the last page the transfer function changes and we -allocate 4 more entries. - -When we read the file into memory, we assume we have 4 bytes extra for -each and every page (as per the last transfer function we read). Which -is not correct, we only have 2 bytes extra for the first 2 pages. As a -result, we end up writing past the end of the buffer. - -There are also some related issues that this also fixes. For example, -TIFFGetField can return uninitalized pointer values, and the logic to -detect a N=3 vs N=1 transfer function seemed rather strange. - -It is also strange that we declare the transfer functions to be of type -float, when the standard says they are unsigned 16 bit values. This is -fixed in another patch. - -This patch will check to ensure that the N value for every transfer -function is the same for every page. If this changes, we abort with an -error. In theory, we should perhaps check that the transfer function -itself is identical for every page, however we don't do that due to the -confusion of the type of the data in the transfer function. ---- - libtiff/tif_dir.c | 3 +++ - tools/tiff2pdf.c | 65 +++++++++++++++++++++++++++++++++++++------------------ - 2 files changed, 47 insertions(+), 21 deletions(-) - -diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c -index 2ccaf448fc40..cbf2b6933a40 100644 ---- a/libtiff/tif_dir.c -+++ b/libtiff/tif_dir.c -@@ -1065,6 +1065,9 @@ _TIFFVGetField(TIFF* tif, uint32 tag, va_list ap) - if (td->td_samplesperpixel - td->td_extrasamples > 1) { - *va_arg(ap, uint16**) = td->td_transferfunction[1]; - *va_arg(ap, uint16**) = td->td_transferfunction[2]; -+ } else { -+ *va_arg(ap, uint16**) = NULL; -+ *va_arg(ap, uint16**) = NULL; - } - break; - case TIFFTAG_REFERENCEBLACKWHITE: -diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c -index d1a9b0959f84..c3ec07465e5a 100644 ---- a/tools/tiff2pdf.c -+++ b/tools/tiff2pdf.c -@@ -1047,6 +1047,8 @@ void t2p_read_tiff_init(T2P* t2p, TIFF* input){ - uint16 pagen=0; - uint16 paged=0; - uint16 xuint16=0; -+ uint16 tiff_transferfunctioncount=0; -+ float* tiff_transferfunction[3]; - - directorycount=TIFFNumberOfDirectories(input); - t2p->tiff_pages = (T2P_PAGE*) _TIFFmalloc(TIFFSafeMultiply(tmsize_t,directorycount,sizeof(T2P_PAGE))); -@@ -1147,26 +1149,48 @@ void t2p_read_tiff_init(T2P* t2p, TIFF* input){ - } - #endif - if (TIFFGetField(input, TIFFTAG_TRANSFERFUNCTION, -- &(t2p->tiff_transferfunction[0]), -- &(t2p->tiff_transferfunction[1]), -- &(t2p->tiff_transferfunction[2]))) { -- if((t2p->tiff_transferfunction[1] != (float*) NULL) && -- (t2p->tiff_transferfunction[2] != (float*) NULL) && -- (t2p->tiff_transferfunction[1] != -- t2p->tiff_transferfunction[0])) { -- t2p->tiff_transferfunctioncount = 3; -- t2p->tiff_pages[i].page_extra += 4; -- t2p->pdf_xrefcount += 4; -- } else { -- t2p->tiff_transferfunctioncount = 1; -- t2p->tiff_pages[i].page_extra += 2; -- t2p->pdf_xrefcount += 2; -- } -- if(t2p->pdf_minorversion < 2) -- t2p->pdf_minorversion = 2; -+ &(tiff_transferfunction[0]), -+ &(tiff_transferfunction[1]), -+ &(tiff_transferfunction[2]))) { -+ -+ if((tiff_transferfunction[1] != (float*) NULL) && -+ (tiff_transferfunction[2] != (float*) NULL) -+ ) { -+ tiff_transferfunctioncount=3; -+ } else { -+ tiff_transferfunctioncount=1; -+ } - } else { -- t2p->tiff_transferfunctioncount=0; -+ tiff_transferfunctioncount=0; - } -+ -+ if (i > 0){ -+ if (tiff_transferfunctioncount != t2p->tiff_transferfunctioncount){ -+ TIFFError( -+ TIFF2PDF_MODULE, -+ "Different transfer function on page %d", -+ i); -+ t2p->t2p_error = T2P_ERR_ERROR; -+ return; -+ } -+ } -+ -+ t2p->tiff_transferfunctioncount = tiff_transferfunctioncount; -+ t2p->tiff_transferfunction[0] = tiff_transferfunction[0]; -+ t2p->tiff_transferfunction[1] = tiff_transferfunction[1]; -+ t2p->tiff_transferfunction[2] = tiff_transferfunction[2]; -+ if(tiff_transferfunctioncount == 3){ -+ t2p->tiff_pages[i].page_extra += 4; -+ t2p->pdf_xrefcount += 4; -+ if(t2p->pdf_minorversion < 2) -+ t2p->pdf_minorversion = 2; -+ } else if (tiff_transferfunctioncount == 1){ -+ t2p->tiff_pages[i].page_extra += 2; -+ t2p->pdf_xrefcount += 2; -+ if(t2p->pdf_minorversion < 2) -+ t2p->pdf_minorversion = 2; -+ } -+ - if( TIFFGetField( - input, - TIFFTAG_ICCPROFILE, -@@ -1828,9 +1852,8 @@ void t2p_read_tiff_data(T2P* t2p, TIFF* input){ - &(t2p->tiff_transferfunction[1]), - &(t2p->tiff_transferfunction[2]))) { - if((t2p->tiff_transferfunction[1] != (float*) NULL) && -- (t2p->tiff_transferfunction[2] != (float*) NULL) && -- (t2p->tiff_transferfunction[1] != -- t2p->tiff_transferfunction[0])) { -+ (t2p->tiff_transferfunction[2] != (float*) NULL) -+ ) { - t2p->tiff_transferfunctioncount=3; - } else { - t2p->tiff_transferfunctioncount=1; --- -2.15.1 - diff --git a/media-libs/tiff/files/tiff-4.0.9-CVE-2018-5784.patch b/media-libs/tiff/files/tiff-4.0.9-CVE-2018-5784.patch deleted file mode 100644 index 56d0f4b06876..000000000000 --- a/media-libs/tiff/files/tiff-4.0.9-CVE-2018-5784.patch +++ /dev/null @@ -1,128 +0,0 @@ -From 473851d211cf8805a161820337ca74cc9615d6ef Mon Sep 17 00:00:00 2001 -From: Nathan Baker <nathanb@lenovo-chrome.com> -Date: Tue, 6 Feb 2018 10:13:57 -0500 -Subject: [PATCH] Fix for bug 2772 - -It is possible to craft a TIFF document where the IFD list is circular, -leading to an infinite loop while traversing the chain. The libtiff -directory reader has a failsafe that will break out of this loop after -reading 65535 directory entries, but it will continue processing, -consuming time and resources to process what is essentially a bogus TIFF -document. - -This change fixes the above behavior by breaking out of processing when -a TIFF document has >= 65535 directories and terminating with an error. ---- - contrib/addtiffo/tif_overview.c | 14 +++++++++++++- - tools/tiff2pdf.c | 10 ++++++++++ - tools/tiffcrop.c | 13 +++++++++++-- - 3 files changed, 34 insertions(+), 3 deletions(-) - -diff --git a/contrib/addtiffo/tif_overview.c b/contrib/addtiffo/tif_overview.c -index c61ffbb..03b3573 100644 ---- a/contrib/addtiffo/tif_overview.c -+++ b/contrib/addtiffo/tif_overview.c -@@ -65,6 +65,8 @@ - # define MAX(a,b) ((a>b) ? a : b) - #endif - -+#define TIFF_DIR_MAX 65534 -+ - void TIFFBuildOverviews( TIFF *, int, int *, int, const char *, - int (*)(double,void*), void * ); - -@@ -91,6 +93,7 @@ uint32 TIFF_WriteOverview( TIFF *hTIFF, uint32 nXSize, uint32 nYSize, - { - toff_t nBaseDirOffset; - toff_t nOffset; -+ tdir_t iNumDir; - - (void) bUseSubIFDs; - -@@ -147,7 +150,16 @@ uint32 TIFF_WriteOverview( TIFF *hTIFF, uint32 nXSize, uint32 nYSize, - return 0; - - TIFFWriteDirectory( hTIFF ); -- TIFFSetDirectory( hTIFF, (tdir_t) (TIFFNumberOfDirectories(hTIFF)-1) ); -+ iNumDir = TIFFNumberOfDirectories(hTIFF); -+ if( iNumDir > TIFF_DIR_MAX ) -+ { -+ TIFFErrorExt( TIFFClientdata(hTIFF), -+ "TIFF_WriteOverview", -+ "File `%s' has too many directories.\n", -+ TIFFFileName(hTIFF) ); -+ exit(-1); -+ } -+ TIFFSetDirectory( hTIFF, (tdir_t) (iNumDir - 1) ); - - nOffset = TIFFCurrentDirOffset( hTIFF ); - -diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c -index 984ef65..832a247 100644 ---- a/tools/tiff2pdf.c -+++ b/tools/tiff2pdf.c -@@ -68,6 +68,8 @@ extern int getopt(int, char**, char*); - - #define PS_UNIT_SIZE 72.0F - -+#define TIFF_DIR_MAX 65534 -+ - /* This type is of PDF color spaces. */ - typedef enum { - T2P_CS_BILEVEL = 0x01, /* Bilevel, black and white */ -@@ -1051,6 +1053,14 @@ void t2p_read_tiff_init(T2P* t2p, TIFF* input){ - uint16* tiff_transferfunction[3]; - - directorycount=TIFFNumberOfDirectories(input); -+ if(directorycount > TIFF_DIR_MAX) { -+ TIFFError( -+ TIFF2PDF_MODULE, -+ "TIFF contains too many directories, %s", -+ TIFFFileName(input)); -+ t2p->t2p_error = T2P_ERR_ERROR; -+ return; -+ } - t2p->tiff_pages = (T2P_PAGE*) _TIFFmalloc(TIFFSafeMultiply(tmsize_t,directorycount,sizeof(T2P_PAGE))); - if(t2p->tiff_pages==NULL){ - TIFFError( -diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c -index 91a38f6..e466dae 100644 ---- a/tools/tiffcrop.c -+++ b/tools/tiffcrop.c -@@ -215,6 +215,8 @@ extern int getopt(int argc, char * const argv[], const char *optstring); - #define DUMP_TEXT 1 - #define DUMP_RAW 2 - -+#define TIFF_DIR_MAX 65534 -+ - /* Offsets into buffer for margins and fixed width and length segments */ - struct offset { - uint32 tmargin; -@@ -2232,7 +2234,7 @@ main(int argc, char* argv[]) - pageNum = -1; - else - total_images = 0; -- /* read multiple input files and write to output file(s) */ -+ /* Read multiple input files and write to output file(s) */ - while (optind < argc - 1) - { - in = TIFFOpen (argv[optind], "r"); -@@ -2240,7 +2242,14 @@ main(int argc, char* argv[]) - return (-3); - - /* If only one input file is specified, we can use directory count */ -- total_images = TIFFNumberOfDirectories(in); -+ total_images = TIFFNumberOfDirectories(in); -+ if (total_images > TIFF_DIR_MAX) -+ { -+ TIFFError (TIFFFileName(in), "File contains too many directories"); -+ if (out != NULL) -+ (void) TIFFClose(out); -+ return (1); -+ } - if (image_count == 0) - { - dirnum = 0; --- -libgit2 0.26.0 - diff --git a/media-libs/tiff/metadata.xml b/media-libs/tiff/metadata.xml index 0c3044903a71..815534de05d9 100644 --- a/media-libs/tiff/metadata.xml +++ b/media-libs/tiff/metadata.xml @@ -5,9 +5,6 @@ <email>graphics@gentoo.org</email> <name>Gentoo Graphics Project</name> </maintainer> - <use> - <flag name="zstd">Enable zstd compression support.</flag> - </use> <longdescription> TIFF image library and tools, mostly for scanner and fax support, but also used by GIS and other imaging tools. diff --git a/media-libs/tiff/tiff-4.0.10.ebuild b/media-libs/tiff/tiff-4.0.10.ebuild index 8373253c0284..fdaa94cd70aa 100644 --- a/media-libs/tiff/tiff-4.0.10.ebuild +++ b/media-libs/tiff/tiff-4.0.10.ebuild @@ -12,7 +12,7 @@ SRC_URI="http://download.osgeo.org/libtiff/${P}.tar.gz LICENSE="libtiff" SLOT="0" -KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~x64-cygwin ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" IUSE="+cxx jbig jpeg lzma static-libs test webp zlib zstd" RDEPEND=" diff --git a/media-libs/tiff/tiff-4.0.9-r4.ebuild b/media-libs/tiff/tiff-4.0.9-r4.ebuild deleted file mode 100644 index 97a274e6ff3e..000000000000 --- a/media-libs/tiff/tiff-4.0.9-r4.ebuild +++ /dev/null @@ -1,83 +0,0 @@ -# Copyright 1999-2018 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit autotools libtool multilib-minimal - -DESCRIPTION="Tag Image File Format (TIFF) library" -HOMEPAGE="http://libtiff.maptools.org" -SRC_URI="http://download.osgeo.org/libtiff/${P}.tar.gz - ftp://ftp.remotesensing.org/pub/libtiff/${P}.tar.gz" - -LICENSE="libtiff" -SLOT="0" -KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~x64-solaris ~x86-solaris" -IUSE="+cxx jbig jpeg lzma static-libs test zlib" - -RDEPEND=" - jpeg? ( >=virtual/jpeg-0-r2:0=[${MULTILIB_USEDEP}] ) - jbig? ( >=media-libs/jbigkit-2.1:=[${MULTILIB_USEDEP}] ) - lzma? ( >=app-arch/xz-utils-5.0.5-r1[${MULTILIB_USEDEP}] ) - zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )" -DEPEND="${RDEPEND}" - -REQUIRED_USE="test? ( jpeg )" #483132 - -PATCHES=( - "${FILESDIR}"/${PN}-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch - "${FILESDIR}"/${PN}-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch - "${FILESDIR}"/${P}-CVE-2017-9935.patch #624696 - "${FILESDIR}"/${P}-CVE-2017-9935-fix-incorrect-type.patch #624696 - "${FILESDIR}"/${P}-CVE-2017-18013.patch #645982 - "${FILESDIR}"/${P}-CVE-2018-5784.patch #645730 -) - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/tiffconf.h -) - -src_prepare() { - default - - # tiffcp-thumbnail.sh fails as thumbnail binary doesn't get built anymore since tiff-4.0.7 - sed '/tiffcp-thumbnail\.sh/d' -i test/Makefile.am || die - - eautoreconf -} - -multilib_src_configure() { - local myeconfargs=( - --without-x - --with-docdir="${EPREFIX}"/usr/share/doc/${PF} - $(use_enable cxx) - $(use_enable jbig) - $(use_enable jpeg) - $(use_enable lzma) - $(use_enable static-libs static) - $(use_enable zlib) - ) - ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" - - # remove useless subdirs - if ! multilib_is_native_abi ; then - sed -i \ - -e 's/ tools//' \ - -e 's/ contrib//' \ - -e 's/ man//' \ - -e 's/ html//' \ - Makefile || die - fi -} - -multilib_src_test() { - if ! multilib_is_native_abi ; then - emake -C tools - fi - emake check -} - -multilib_src_install_all() { - find "${D}" -name '*.la' -delete || die - rm "${ED}"/usr/share/doc/${PF}/{COPYRIGHT,README*,RELEASE-DATE,TODO,VERSION} || die -} |