Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Lars Wendler <polynomial-c@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: media-libs/tiff/, media-libs/tiff/files/
Date: Sun, 19 Nov 2017 20:52:32
Message-Id: 1511124746.249ac401ff26eaed63135c2732186a1f98e13eb0.polynomial-c@gentoo
1 commit: 249ac401ff26eaed63135c2732186a1f98e13eb0
2 Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
3 AuthorDate: Sun Nov 19 20:51:35 2017 +0000
4 Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
5 CommitDate: Sun Nov 19 20:52:26 2017 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=249ac401
7
8 media-libs/tiff: Removed old.
9
10 Package-Manager: Portage-2.3.14, Repoman-2.3.6
11
12 media-libs/tiff/Manifest | 1 -
13 .../tiff/files/tiff-4.0.7-CVE-2016-10266.patch | 46 ----
14 .../tiff/files/tiff-4.0.7-CVE-2016-10267.patch | 53 ----
15 .../tiff/files/tiff-4.0.7-CVE-2017-5225.patch | 74 ------
16 media-libs/tiff/files/tiff-4.0.7-bug2130.patch | 112 ---------
17 media-libs/tiff/files/tiff-4.0.7-bug2535.patch | 54 ----
18 media-libs/tiff/files/tiff-4.0.7-bug2594.patch | 28 ---
19 media-libs/tiff/files/tiff-4.0.7-bug2597.patch | 41 ---
20 media-libs/tiff/files/tiff-4.0.7-bug2598.patch | 31 ---
21 media-libs/tiff/files/tiff-4.0.7-bug2599.patch | 54 ----
22 media-libs/tiff/files/tiff-4.0.7-bug2604.patch | 108 --------
23 media-libs/tiff/files/tiff-4.0.7-bug2605.patch | 55 ----
24 media-libs/tiff/files/tiff-4.0.7-bug2607.patch | 41 ---
25 media-libs/tiff/files/tiff-4.0.7-bug2608.patch | 104 --------
26 media-libs/tiff/files/tiff-4.0.7-bug2610.patch | 46 ----
27 media-libs/tiff/files/tiff-4.0.7-bug2619.patch | 46 ----
28 media-libs/tiff/files/tiff-4.0.7-bug2620.patch | 29 ---
29 media-libs/tiff/files/tiff-4.0.7-bug2621.patch | 49 ----
30 media-libs/tiff/files/tiff-4.0.7-bug2627.patch | 59 -----
31 media-libs/tiff/files/tiff-4.0.7-bug2631.patch | 34 ---
32 .../tiff/files/tiff-4.0.7-bug2633-bug2634.patch | 41 ---
33 media-libs/tiff/files/tiff-4.0.7-bug2635.patch | 33 ---
34 media-libs/tiff/files/tiff-4.0.7-bug2638.patch | 29 ---
35 media-libs/tiff/files/tiff-4.0.7-bug2639.patch | 58 -----
36 media-libs/tiff/files/tiff-4.0.7-bug2640.patch | 28 ---
37 ...iff-4.0.7-bug2642-bug2643-bug2646-bug2647.patch | 278 ---------------------
38 media-libs/tiff/files/tiff-4.0.7-bug2644.patch | 45 ----
39 media-libs/tiff/files/tiff-4.0.7-bug2648.patch | 33 ---
40 media-libs/tiff/files/tiff-4.0.7-bug2650-2.patch | 26 --
41 media-libs/tiff/files/tiff-4.0.7-bug2650.patch | 54 ----
42 media-libs/tiff/files/tiff-4.0.7-bug2651.patch | 86 -------
43 media-libs/tiff/files/tiff-4.0.7-bug2653.patch | 33 ---
44 media-libs/tiff/files/tiff-4.0.7-bug2658.patch | 33 ---
45 media-libs/tiff/files/tiff-4.0.7-bug2659-2.patch | 41 ---
46 media-libs/tiff/files/tiff-4.0.7-bug2659.patch | 34 ---
47 media-libs/tiff/files/tiff-4.0.7-bug2665.patch | 43 ----
48 media-libs/tiff/files/tiff-4.0.7-fax2tiff.patch | 39 ---
49 .../tiff/files/tiff-4.0.7-hylafax-hack.patch | 38 ---
50 media-libs/tiff/tiff-4.0.7-r3.ebuild | 121 ---------
51 media-libs/tiff/tiff-4.0.7.ebuild | 73 ------
52 40 files changed, 2231 deletions(-)
53
54 diff --git a/media-libs/tiff/Manifest b/media-libs/tiff/Manifest
55 index bee82d59f00..2b2df775d4e 100644
56 --- a/media-libs/tiff/Manifest
57 +++ b/media-libs/tiff/Manifest
58 @@ -1,4 +1,3 @@
59 DIST tiff-3.9.7.tar.gz 1468097 SHA256 f5d64dd4ce61c55f5e9f6dc3920fbe5a41e02c2e607da7117a35eb5c320cef6a SHA512 ca89584a9ffa33b4986e4bc2165043cec239896f1f0ab73db00818d0442b570efaa6345b2ed422e884202324d359713df849bf14782bb0cf3b959655febddd77 WHIRLPOOL c06b35da66c365c1fe7f0e6e06a400e139d3e2b5b280aa764015c2f0383a6191ffb3d335cdf2211b687bbb0caacf641be409148986a9813dfde5822a650a9b1c
60 -DIST tiff-4.0.7.tar.gz 2076392 SHA256 9f43a2cfb9589e5cecaa66e16bf87f814c945f22df7ba600d63aac4632c4f019 SHA512 941357bdd5f947cdca41a1d31ae14b3fadc174ae5dce7b7981dbe58f61995f575ac2e97a7cc4fcc435184012017bec0920278263490464644f2cdfad9a6c5ddc WHIRLPOOL 3090a0d8a5ad3595c97888edab3c48379175cad993567d20be5f397b1c5c1d21012de55c5da5e664ee483d294fe9eb5f3464e14f564fb79c1357094ff67e313d
61 DIST tiff-4.0.8.tar.gz 2065574 SHA256 59d7a5a8ccd92059913f246877db95a2918e6c04fb9d43fd74e5c3390dac2910 SHA512 5d010ec4ce37aca733f7ab7db9f432987b0cd21664bd9d99452a146833c40f0d1e7309d1870b0395e947964134d5cfeb1366181e761fe353ad585803ff3d6be6 WHIRLPOOL 13fce447c586fef080c6201f0f5b010bc8b0e096bc9b806ab3b80eb6a672c789f88b5fc34a51585aa7072bb8407ecc958d1d7824fad379f86968f051de2fa96d
62 DIST tiff-4.0.9.tar.gz 2305681 SHA256 6e7bdeec2c310734e734d19aae3a71ebe37a4d842e0e23dbb1b8921c0026cfcd SHA512 04f3d5eefccf9c1a0393659fe27f3dddd31108c401ba0dc587bca152a1c1f6bc844ba41622ff5572da8cc278593eff8c402b44e7af0a0090e91d326c2d79f6cd WHIRLPOOL e67378d8d7c17d892e5f075d4e13aa299042a9f989fd6051b23d986518a11f2bbbcb13f491d87da6e6455aa28df2cce0fb65761237e256ac2e37889272f2ddf7
63
64 diff --git a/media-libs/tiff/files/tiff-4.0.7-CVE-2016-10266.patch b/media-libs/tiff/files/tiff-4.0.7-CVE-2016-10266.patch
65 deleted file mode 100644
66 index 67e0ca41c99..00000000000
67 --- a/media-libs/tiff/files/tiff-4.0.7-CVE-2016-10266.patch
68 +++ /dev/null
69 @@ -1,46 +0,0 @@
70 -http://bugzilla.maptools.org/show_bug.cgi?id=2596
71 -
72 -From d7520d28685b96a28421ef01fb66cea8d1a96dfc Mon Sep 17 00:00:00 2001
73 -From: Even Rouault <even.rouault@×××××××××.com>
74 -Date: Fri, 2 Dec 2016 21:56:56 +0000
75 -Subject: [PATCH] * libtiff/tif_read.c, libtiff/tiffiop.h: fix uint32 overflow
76 - in TIFFReadEncodedStrip() that caused an integer division by zero. Reported
77 - by Agostino Sarubbo. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2596
78 -
79 ----
80 - ChangeLog | 7 +++++++
81 - libtiff/tif_read.c | 4 ++--
82 - libtiff/tiffiop.h | 6 +++++-
83 - 3 files changed, 14 insertions(+), 3 deletions(-)
84 -
85 -diff --git a/libtiff/tif_read.c b/libtiff/tif_read.c
86 -index 80035929f033..29a311db0cb7 100644
87 ---- a/libtiff/tif_read.c
88 -+++ b/libtiff/tif_read.c
89 -@@ -346,7 +346,7 @@ TIFFReadEncodedStrip(TIFF* tif, uint32 strip, void* buf, tmsize_t size)
90 - rowsperstrip=td->td_rowsperstrip;
91 - if (rowsperstrip>td->td_imagelength)
92 - rowsperstrip=td->td_imagelength;
93 -- stripsperplane=((td->td_imagelength+rowsperstrip-1)/rowsperstrip);
94 -+ stripsperplane= TIFFhowmany_32_maxuint_compat(td->td_imagelength, rowsperstrip);
95 - stripinplane=(strip%stripsperplane);
96 - plane=(uint16)(strip/stripsperplane);
97 - rows=td->td_imagelength-stripinplane*rowsperstrip;
98 -diff --git a/libtiff/tiffiop.h b/libtiff/tiffiop.h
99 -index 8bcd0c172c08..5294ee78ffaf 100644
100 ---- a/libtiff/tiffiop.h
101 -+++ b/libtiff/tiffiop.h
102 -@@ -250,6 +250,10 @@ struct tiff {
103 - #define TIFFhowmany_32(x, y) (((uint32)x < (0xffffffff - (uint32)(y-1))) ? \
104 - ((((uint32)(x))+(((uint32)(y))-1))/((uint32)(y))) : \
105 - 0U)
106 -+/* Variant of TIFFhowmany_32() that doesn't return 0 if x close to MAXUINT. */
107 -+/* Caution: TIFFhowmany_32_maxuint_compat(x,y)*y might overflow */
108 -+#define TIFFhowmany_32_maxuint_compat(x, y) \
109 -+ (((uint32)(x) / (uint32)(y)) + ((((uint32)(x) % (uint32)(y)) != 0) ? 1 : 0))
110 - #define TIFFhowmany8_32(x) (((x)&0x07)?((uint32)(x)>>3)+1:(uint32)(x)>>3)
111 - #define TIFFroundup_32(x, y) (TIFFhowmany_32(x,y)*(y))
112 - #define TIFFhowmany_64(x, y) ((((uint64)(x))+(((uint64)(y))-1))/((uint64)(y)))
113 ---
114 -2.12.0
115 -
116
117 diff --git a/media-libs/tiff/files/tiff-4.0.7-CVE-2016-10267.patch b/media-libs/tiff/files/tiff-4.0.7-CVE-2016-10267.patch
118 deleted file mode 100644
119 index 04d9729ff73..00000000000
120 --- a/media-libs/tiff/files/tiff-4.0.7-CVE-2016-10267.patch
121 +++ /dev/null
122 @@ -1,53 +0,0 @@
123 -http://bugzilla.maptools.org/show_bug.cgi?id=2611
124 -
125 -From bd06f6c97dff0b30de0f80227d782ea448c14b19 Mon Sep 17 00:00:00 2001
126 -From: Even Rouault <even.rouault@×××××××××.com>
127 -Date: Sat, 3 Dec 2016 11:15:18 +0000
128 -Subject: [PATCH] * libtiff/tif_ojpeg.c: make OJPEGDecode() early exit in case
129 - of failure in OJPEGPreDecode(). This will avoid a divide by zero, and
130 - potential other issues. Reported by Agostino Sarubbo. Fixes
131 - http://bugzilla.maptools.org/show_bug.cgi?id=2611
132 -
133 ----
134 - ChangeLog | 7 +++++++
135 - libtiff/tif_ojpeg.c | 10 +++++++++-
136 - 2 files changed, 16 insertions(+), 1 deletion(-)
137 -
138 -diff --git a/libtiff/tif_ojpeg.c b/libtiff/tif_ojpeg.c
139 -index 30a1812634e0..93839d8f3e11 100644
140 ---- a/libtiff/tif_ojpeg.c
141 -+++ b/libtiff/tif_ojpeg.c
142 -@@ -244,6 +244,7 @@ typedef enum {
143 -
144 - typedef struct {
145 - TIFF* tif;
146 -+ int decoder_ok;
147 - #ifndef LIBJPEG_ENCAP_EXTERNAL
148 - JMP_BUF exit_jmpbuf;
149 - #endif
150 -@@ -722,6 +723,7 @@ OJPEGPreDecode(TIFF* tif, uint16 s)
151 - }
152 - sp->write_curstrile++;
153 - }
154 -+ sp->decoder_ok = 1;
155 - return(1);
156 - }
157 -
158 -@@ -784,8 +786,14 @@ OJPEGPreDecodeSkipScanlines(TIFF* tif)
159 - static int
160 - OJPEGDecode(TIFF* tif, uint8* buf, tmsize_t cc, uint16 s)
161 - {
162 -+ static const char module[]="OJPEGDecode";
163 - OJPEGState* sp=(OJPEGState*)tif->tif_data;
164 - (void)s;
165 -+ if( !sp->decoder_ok )
166 -+ {
167 -+ TIFFErrorExt(tif->tif_clientdata,module,"Cannot decode: decoder not correctly initialized");
168 -+ return 0;
169 -+ }
170 - if (sp->libjpeg_jpeg_query_style==0)
171 - {
172 - if (OJPEGDecodeRaw(tif,buf,cc)==0)
173 ---
174 -2.12.0
175 -
176
177 diff --git a/media-libs/tiff/files/tiff-4.0.7-CVE-2017-5225.patch b/media-libs/tiff/files/tiff-4.0.7-CVE-2017-5225.patch
178 deleted file mode 100644
179 index 7f961474ba9..00000000000
180 --- a/media-libs/tiff/files/tiff-4.0.7-CVE-2017-5225.patch
181 +++ /dev/null
182 @@ -1,74 +0,0 @@
183 -https://bugs.gentoo.org/610330
184 -
185 -From 24bc05876f5a1a300a3c4eb0fa8e8cea6a256f9f Mon Sep 17 00:00:00 2001
186 -From: Even Rouault <even.rouault@×××××××××.com>
187 -Date: Wed, 11 Jan 2017 19:25:44 +0000
188 -Subject: [PATCH] * tools/tiffcp.c: error out cleanly in cpContig2SeparateByRow
189 - and cpSeparate2ContigByRow if BitsPerSample != 8 to avoid heap based
190 - overflow. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2656 and
191 - http://bugzilla.maptools.org/show_bug.cgi?id=2657
192 -
193 ----
194 - ChangeLog | 7 +++++++
195 - tools/tiffcp.c | 26 +++++++++++++++++++++++---
196 - 2 files changed, 30 insertions(+), 3 deletions(-)
197 -
198 -diff --git a/tools/tiffcp.c b/tools/tiffcp.c
199 -index 49c9d37125a6..489459a7f6a4 100644
200 ---- a/tools/tiffcp.c
201 -+++ b/tools/tiffcp.c
202 -@@ -591,7 +591,7 @@ static copyFunc pickCopyFunc(TIFF*, TIFF*, uint16, uint16);
203 - static int
204 - tiffcp(TIFF* in, TIFF* out)
205 - {
206 -- uint16 bitspersample, samplesperpixel = 1;
207 -+ uint16 bitspersample = 1, samplesperpixel = 1;
208 - uint16 input_compression, input_photometric = PHOTOMETRIC_MINISBLACK;
209 - copyFunc cf;
210 - uint32 width, length;
211 -@@ -1067,6 +1067,16 @@ DECLAREcpFunc(cpContig2SeparateByRow)
212 - register uint32 n;
213 - uint32 row;
214 - tsample_t s;
215 -+ uint16 bps = 0;
216 -+
217 -+ (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
218 -+ if( bps != 8 )
219 -+ {
220 -+ TIFFError(TIFFFileName(in),
221 -+ "Error, can only handle BitsPerSample=8 in %s",
222 -+ "cpContig2SeparateByRow");
223 -+ return 0;
224 -+ }
225 -
226 - inbuf = _TIFFmalloc(scanlinesizein);
227 - outbuf = _TIFFmalloc(scanlinesizeout);
228 -@@ -1120,6 +1130,16 @@ DECLAREcpFunc(cpSeparate2ContigByRow)
229 - register uint32 n;
230 - uint32 row;
231 - tsample_t s;
232 -+ uint16 bps = 0;
233 -+
234 -+ (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
235 -+ if( bps != 8 )
236 -+ {
237 -+ TIFFError(TIFFFileName(in),
238 -+ "Error, can only handle BitsPerSample=8 in %s",
239 -+ "cpSeparate2ContigByRow");
240 -+ return 0;
241 -+ }
242 -
243 - inbuf = _TIFFmalloc(scanlinesizein);
244 - outbuf = _TIFFmalloc(scanlinesizeout);
245 -@@ -1784,7 +1804,7 @@ pickCopyFunc(TIFF* in, TIFF* out, uint16 bitspersample, uint16 samplesperpixel)
246 - uint32 w, l, tw, tl;
247 - int bychunk;
248 -
249 -- (void) TIFFGetField(in, TIFFTAG_PLANARCONFIG, &shortv);
250 -+ (void) TIFFGetFieldDefaulted(in, TIFFTAG_PLANARCONFIG, &shortv);
251 - if (shortv != config && bitspersample != 8 && samplesperpixel > 1) {
252 - fprintf(stderr,
253 - "%s: Cannot handle different planar configuration w/ bits/sample != 8\n",
254 ---
255 -2.12.0
256 -
257
258 diff --git a/media-libs/tiff/files/tiff-4.0.7-bug2130.patch b/media-libs/tiff/files/tiff-4.0.7-bug2130.patch
259 deleted file mode 100644
260 index b565fecc029..00000000000
261 --- a/media-libs/tiff/files/tiff-4.0.7-bug2130.patch
262 +++ /dev/null
263 @@ -1,112 +0,0 @@
264 -From c2faaeaa7887c24c574297e8e2f36208df9dc229 Mon Sep 17 00:00:00 2001
265 -From: Even Rouault <even.rouault@×××××××××.com>
266 -Date: Wed, 11 Jan 2017 20:33:35 +0000
267 -Subject: [PATCH] * libtiff/tif_luv.c, tif_lzw.c, tif_packbits.c: return 0 in
268 - Encode functions instead of -1 when TIFFFlushData1() fails. Fixes
269 - http://bugzilla.maptools.org/show_bug.cgi?id=2130
270 -
271 ----
272 - ChangeLog | 6 ++++++
273 - libtiff/tif_luv.c | 12 ++++++------
274 - libtiff/tif_lzw.c | 8 +++++---
275 - libtiff/tif_packbits.c | 6 +++---
276 - 4 files changed, 20 insertions(+), 12 deletions(-)
277 -
278 -diff --git a/libtiff/tif_luv.c b/libtiff/tif_luv.c
279 -index f42ac0131fee..1f6d8ba3ea5a 100644
280 ---- a/libtiff/tif_luv.c
281 -+++ b/libtiff/tif_luv.c
282 -@@ -473,7 +473,7 @@ LogL16Encode(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
283 - tif->tif_rawcp = op;
284 - tif->tif_rawcc = tif->tif_rawdatasize - occ;
285 - if (!TIFFFlushData1(tif))
286 -- return (-1);
287 -+ return (0);
288 - op = tif->tif_rawcp;
289 - occ = tif->tif_rawdatasize - tif->tif_rawcc;
290 - }
291 -@@ -505,7 +505,7 @@ LogL16Encode(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
292 - tif->tif_rawcp = op;
293 - tif->tif_rawcc = tif->tif_rawdatasize - occ;
294 - if (!TIFFFlushData1(tif))
295 -- return (-1);
296 -+ return (0);
297 - op = tif->tif_rawcp;
298 - occ = tif->tif_rawdatasize - tif->tif_rawcc;
299 - }
300 -@@ -565,7 +565,7 @@ LogLuvEncode24(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
301 - tif->tif_rawcp = op;
302 - tif->tif_rawcc = tif->tif_rawdatasize - occ;
303 - if (!TIFFFlushData1(tif))
304 -- return (-1);
305 -+ return (0);
306 - op = tif->tif_rawcp;
307 - occ = tif->tif_rawdatasize - tif->tif_rawcc;
308 - }
309 -@@ -624,7 +624,7 @@ LogLuvEncode32(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
310 - tif->tif_rawcp = op;
311 - tif->tif_rawcc = tif->tif_rawdatasize - occ;
312 - if (!TIFFFlushData1(tif))
313 -- return (-1);
314 -+ return (0);
315 - op = tif->tif_rawcp;
316 - occ = tif->tif_rawdatasize - tif->tif_rawcc;
317 - }
318 -@@ -656,7 +656,7 @@ LogLuvEncode32(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
319 - tif->tif_rawcp = op;
320 - tif->tif_rawcc = tif->tif_rawdatasize - occ;
321 - if (!TIFFFlushData1(tif))
322 -- return (-1);
323 -+ return (0);
324 - op = tif->tif_rawcp;
325 - occ = tif->tif_rawdatasize - tif->tif_rawcc;
326 - }
327 -diff --git a/libtiff/tif_lzw.c b/libtiff/tif_lzw.c
328 -index 240e19c2e058..5ba35ec1305f 100644
329 ---- a/libtiff/tif_lzw.c
330 -+++ b/libtiff/tif_lzw.c
331 -@@ -969,7 +969,8 @@ LZWEncode(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
332 - */
333 - if (op > limit) {
334 - tif->tif_rawcc = (tmsize_t)(op - tif->tif_rawdata);
335 -- TIFFFlushData1(tif);
336 -+ if( !TIFFFlushData1(tif) )
337 -+ return 0;
338 - op = tif->tif_rawdata;
339 - }
340 - PutNextCode(op, ent);
341 -@@ -1054,7 +1055,8 @@ LZWPostEncode(TIFF* tif)
342 -
343 - if (op > sp->enc_rawlimit) {
344 - tif->tif_rawcc = (tmsize_t)(op - tif->tif_rawdata);
345 -- TIFFFlushData1(tif);
346 -+ if( !TIFFFlushData1(tif) )
347 -+ return 0;
348 - op = tif->tif_rawdata;
349 - }
350 - if (sp->enc_oldcode != (hcode_t) -1) {
351 -diff --git a/libtiff/tif_packbits.c b/libtiff/tif_packbits.c
352 -index d2a0165de9dd..0495e688a6be 100644
353 ---- a/libtiff/tif_packbits.c
354 -+++ b/libtiff/tif_packbits.c
355 -@@ -99,7 +99,7 @@ PackBitsEncode(TIFF* tif, uint8* buf, tmsize_t cc, uint16 s)
356 - slop = (long)(op - lastliteral);
357 - tif->tif_rawcc += (tmsize_t)(lastliteral - tif->tif_rawcp);
358 - if (!TIFFFlushData1(tif))
359 -- return (-1);
360 -+ return (0);
361 - op = tif->tif_rawcp;
362 - while (slop-- > 0)
363 - *op++ = *lastliteral++;
364 -@@ -107,7 +107,7 @@ PackBitsEncode(TIFF* tif, uint8* buf, tmsize_t cc, uint16 s)
365 - } else {
366 - tif->tif_rawcc += (tmsize_t)(op - tif->tif_rawcp);
367 - if (!TIFFFlushData1(tif))
368 -- return (-1);
369 -+ return (0);
370 - op = tif->tif_rawcp;
371 - }
372 - }
373 ---
374 -2.12.0
375 -
376
377 diff --git a/media-libs/tiff/files/tiff-4.0.7-bug2535.patch b/media-libs/tiff/files/tiff-4.0.7-bug2535.patch
378 deleted file mode 100644
379 index c44a8f05d20..00000000000
380 --- a/media-libs/tiff/files/tiff-4.0.7-bug2535.patch
381 +++ /dev/null
382 @@ -1,54 +0,0 @@
383 -From c4e376852d82936885833441169684267983691f Mon Sep 17 00:00:00 2001
384 -From: Even Rouault <even.rouault@×××××××××.com>
385 -Date: Wed, 11 Jan 2017 12:51:59 +0000
386 -Subject: [PATCH] * libtiff/tif_dirwrite.c: in
387 - TIFFWriteDirectoryTagCheckedRational, replace assertion by runtime check to
388 - error out if passed value is strictly negative. Fixes
389 - http://bugzilla.maptools.org/show_bug.cgi?id=2535
390 -
391 -* tools/tiffcrop.c: remove extraneous TIFFClose() in error code path, that
392 -caused double free.
393 -Related to http://bugzilla.maptools.org/show_bug.cgi?id=2535
394 ----
395 - ChangeLog | 11 +++++++++++
396 - libtiff/tif_dirwrite.c | 11 ++++++++---
397 - tools/tiffcrop.c | 3 +--
398 - 3 files changed, 20 insertions(+), 5 deletions(-)
399 -
400 -diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
401 -index d34f6f611d39..055324db078f 100644
402 ---- a/libtiff/tif_dirwrite.c
403 -+++ b/libtiff/tif_dirwrite.c
404 -@@ -2094,10 +2094,15 @@ TIFFWriteDirectoryTagCheckedSlong8Array(TIFF* tif, uint32* ndir, TIFFDirEntry* d
405 - static int
406 - TIFFWriteDirectoryTagCheckedRational(TIFF* tif, uint32* ndir, TIFFDirEntry* dir, uint16 tag, double value)
407 - {
408 -+ static const char module[] = "TIFFWriteDirectoryTagCheckedRational";
409 - uint32 m[2];
410 -- assert(value>=0.0);
411 - assert(sizeof(uint32)==4);
412 -- if (value<=0.0)
413 -+ if( value < 0 )
414 -+ {
415 -+ TIFFErrorExt(tif->tif_clientdata,module,"Negative value is illegal");
416 -+ return 0;
417 -+ }
418 -+ else if (value==0.0)
419 - {
420 - m[0]=0;
421 - m[1]=1;
422 -diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
423 -index 21dd08720d77..c69177e052d4 100644
424 ---- a/tools/tiffcrop.c
425 -+++ b/tools/tiffcrop.c
426 -@@ -7996,7 +7996,6 @@ writeCroppedImage(TIFF *in, TIFF *out, struct image_data *image,
427 - if (!TIFFWriteDirectory(out))
428 - {
429 - TIFFError("","Failed to write IFD for page number %d", pagenum);
430 -- TIFFClose(out);
431 - return (-1);
432 - }
433 -
434 ---
435 -2.12.0
436 -
437
438 diff --git a/media-libs/tiff/files/tiff-4.0.7-bug2594.patch b/media-libs/tiff/files/tiff-4.0.7-bug2594.patch
439 deleted file mode 100644
440 index b2bc26e9064..00000000000
441 --- a/media-libs/tiff/files/tiff-4.0.7-bug2594.patch
442 +++ /dev/null
443 @@ -1,28 +0,0 @@
444 -From a56820e2022e23610c1ea99fbf621d73d1e36348 Mon Sep 17 00:00:00 2001
445 -From: Even Rouault <even.rouault@×××××××××.com>
446 -Date: Sat, 3 Dec 2016 14:18:48 +0000
447 -Subject: [PATCH] * tools/tiffinfo.c: fix null pointer dereference in -r mode
448 - when the image has no StripByteCount tag. Reported by Agostino Sarubbo. Fixes
449 - http://bugzilla.maptools.org/show_bug.cgi?id=2594
450 -
451 ----
452 - ChangeLog | 7 +++++++
453 - tools/tiffinfo.c | 4 ++--
454 - 2 files changed, 9 insertions(+), 2 deletions(-)
455 -
456 -diff --git a/tools/tiffinfo.c b/tools/tiffinfo.c
457 -index b02c7d46bed0..4d58055de85c 100644
458 ---- a/tools/tiffinfo.c
459 -+++ b/tools/tiffinfo.c
460 -@@ -417,7 +417,7 @@ TIFFReadRawData(TIFF* tif, int bitrev)
461 - uint64* stripbc=NULL;
462 -
463 - TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &stripbc);
464 -- if (nstrips > 0) {
465 -+ if (stripbc != NULL && nstrips > 0) {
466 - uint32 bufsize = (uint32) stripbc[0];
467 - tdata_t buf = _TIFFmalloc(bufsize);
468 - tstrip_t s;
469 ---
470 -2.12.0
471 -
472
473 diff --git a/media-libs/tiff/files/tiff-4.0.7-bug2597.patch b/media-libs/tiff/files/tiff-4.0.7-bug2597.patch
474 deleted file mode 100644
475 index 9cd29cfab77..00000000000
476 --- a/media-libs/tiff/files/tiff-4.0.7-bug2597.patch
477 +++ /dev/null
478 @@ -1,41 +0,0 @@
479 -From 5ad5e64f8530a827482645986f5bb4e4613d0aa7 Mon Sep 17 00:00:00 2001
480 -From: Even Rouault <even.rouault@×××××××××.com>
481 -Date: Sat, 3 Dec 2016 14:42:40 +0000
482 -Subject: [PATCH] * tools/tiffcp.c: avoid potential division by zero is
483 - BitsPerSamples tag is missing. Reported by Agostino sarubbo. Fixes
484 - http://bugzilla.maptools.org/show_bug.cgi?id=2597
485 -
486 ----
487 - ChangeLog | 7 +++++++
488 - tools/tiffcp.c | 10 ++++++++--
489 - 2 files changed, 15 insertions(+), 2 deletions(-)
490 -
491 -diff --git a/tools/tiffcp.c b/tools/tiffcp.c
492 -index 6dfb9a91bfa9..c8e48c3c2bb3 100644
493 ---- a/tools/tiffcp.c
494 -+++ b/tools/tiffcp.c
495 -@@ -1378,7 +1378,7 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer)
496 - uint8* bufp = (uint8*) buf;
497 - uint32 tw, tl;
498 - uint32 row;
499 -- uint16 bps, bytes_per_sample;
500 -+ uint16 bps = 0, bytes_per_sample;
501 -
502 - tilebuf = _TIFFmalloc(tilesize);
503 - if (tilebuf == 0)
504 -@@ -1387,6 +1387,12 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer)
505 - (void) TIFFGetField(in, TIFFTAG_TILEWIDTH, &tw);
506 - (void) TIFFGetField(in, TIFFTAG_TILELENGTH, &tl);
507 - (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
508 -+ if( bps == 0 )
509 -+ {
510 -+ TIFFError(TIFFFileName(in), "Error, cannot read BitsPerSample");
511 -+ status = 0;
512 -+ goto done;
513 -+ }
514 - assert( bps % 8 == 0 );
515 - bytes_per_sample = bps/8;
516 -
517 ---
518 -2.12.0
519 -
520
521 diff --git a/media-libs/tiff/files/tiff-4.0.7-bug2598.patch b/media-libs/tiff/files/tiff-4.0.7-bug2598.patch
522 deleted file mode 100644
523 index c0a0d1a8db1..00000000000
524 --- a/media-libs/tiff/files/tiff-4.0.7-bug2598.patch
525 +++ /dev/null
526 @@ -1,31 +0,0 @@
527 -http://bugzilla.maptools.org/show_bug.cgi?id=2598
528 -
529 -From bc3d7392e43545c7c6375897458a7a3e8ee4d9d8 Mon Sep 17 00:00:00 2001
530 -From: Even Rouault <even.rouault@×××××××××.com>
531 -Date: Fri, 2 Dec 2016 22:13:32 +0000
532 -Subject: [PATCH] * tools/tiffcp.c: avoid uint32 underflow in cpDecodedStrips
533 - that can cause various issues, such as buffer overflows in the library.
534 - Reported by Agostino Sarubbo. Fixes
535 - http://bugzilla.maptools.org/show_bug.cgi?id=2598
536 -
537 ----
538 - ChangeLog | 7 +++++++
539 - tools/tiffcp.c | 4 ++--
540 - 2 files changed, 9 insertions(+), 2 deletions(-)
541 -
542 -diff --git a/tools/tiffcp.c b/tools/tiffcp.c
543 -index 338a3d113bf8..6dfb9a91bfa9 100644
544 ---- a/tools/tiffcp.c
545 -+++ b/tools/tiffcp.c
546 -@@ -985,7 +985,7 @@ DECLAREcpFunc(cpDecodedStrips)
547 - tstrip_t s, ns = TIFFNumberOfStrips(in);
548 - uint32 row = 0;
549 - _TIFFmemset(buf, 0, stripsize);
550 -- for (s = 0; s < ns; s++) {
551 -+ for (s = 0; s < ns && row < imagelength; s++) {
552 - tsize_t cc = (row + rowsperstrip > imagelength) ?
553 - TIFFVStripSize(in, imagelength - row) : stripsize;
554 - if (TIFFReadEncodedStrip(in, s, buf, cc) < 0
555 ---
556 -2.12.0
557 -
558
559 diff --git a/media-libs/tiff/files/tiff-4.0.7-bug2599.patch b/media-libs/tiff/files/tiff-4.0.7-bug2599.patch
560 deleted file mode 100644
561 index 929bb447bf7..00000000000
562 --- a/media-libs/tiff/files/tiff-4.0.7-bug2599.patch
563 +++ /dev/null
564 @@ -1,54 +0,0 @@
565 -From 9bbbe303c8e5db20d7f687ee1ca19c98fb852044 Mon Sep 17 00:00:00 2001
566 -From: Even Rouault <even.rouault@×××××××××.com>
567 -Date: Sat, 3 Dec 2016 15:30:31 +0000
568 -Subject: [PATCH] * tools/tif_dir.c: when TIFFGetField(, TIFFTAG_NUMBEROFINKS,
569 - ) is called, limit the return number of inks to SamplesPerPixel, so that code
570 - that parses ink names doesn't go past the end of the buffer. Reported by
571 - Agostino Sarubbo. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2599
572 -
573 -Reported by Agostino Sarubbo.
574 ----
575 - ChangeLog | 10 +++++++++-
576 - libtiff/tif_dir.c | 28 +++++++++++++++++++++++++++-
577 - 2 files changed, 36 insertions(+), 2 deletions(-)
578 -
579 -diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c
580 -index ad21655a6ee9..2574e748b3be 100644
581 ---- a/libtiff/tif_dir.c
582 -+++ b/libtiff/tif_dir.c
583 -@@ -854,6 +854,32 @@ _TIFFVGetField(TIFF* tif, uint32 tag, va_list ap)
584 - if( fip == NULL ) /* cannot happen since TIFFGetField() already checks it */
585 - return 0;
586 -
587 -+ if( tag == TIFFTAG_NUMBEROFINKS )
588 -+ {
589 -+ int i;
590 -+ for (i = 0; i < td->td_customValueCount; i++) {
591 -+ uint16 val;
592 -+ TIFFTagValue *tv = td->td_customValues + i;
593 -+ if (tv->info->field_tag != tag)
594 -+ continue;
595 -+ val = *(uint16 *)tv->value;
596 -+ /* Truncate to SamplesPerPixel, since the */
597 -+ /* setting code for INKNAMES assume that there are SamplesPerPixel */
598 -+ /* inknames. */
599 -+ /* Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2599 */
600 -+ if( val > td->td_samplesperpixel )
601 -+ {
602 -+ TIFFWarningExt(tif->tif_clientdata,"_TIFFVGetField",
603 -+ "Truncating NumberOfInks from %u to %u",
604 -+ val, td->td_samplesperpixel);
605 -+ val = td->td_samplesperpixel;
606 -+ }
607 -+ *va_arg(ap, uint16*) = val;
608 -+ return 1;
609 -+ }
610 -+ return 0;
611 -+ }
612 -+
613 - /*
614 - * We want to force the custom code to be used for custom
615 - * fields even if the tag happens to match a well known
616 ---
617 -2.12.0
618 -
619
620 diff --git a/media-libs/tiff/files/tiff-4.0.7-bug2604.patch b/media-libs/tiff/files/tiff-4.0.7-bug2604.patch
621 deleted file mode 100644
622 index cc3f4cf3ce9..00000000000
623 --- a/media-libs/tiff/files/tiff-4.0.7-bug2604.patch
624 +++ /dev/null
625 @@ -1,108 +0,0 @@
626 -From ebc6029128555df725e6ad77a983134350bfc831 Mon Sep 17 00:00:00 2001
627 -From: Even Rouault <even.rouault@×××××××××.com>
628 -Date: Fri, 2 Dec 2016 23:05:51 +0000
629 -Subject: [PATCH] * libtiff/tif_pixarlog.c, libtiff/tif_luv.c: fix heap-based
630 - buffer overflow on generation of PixarLog / LUV compressed files, with
631 - ColorMap, TransferFunction attached and nasty plays with bitspersample. The
632 - fix for LUV has not been tested, but suffers from the same kind of issue of
633 - PixarLog. Reported by Agostino Sarubbo. Fixes
634 - http://bugzilla.maptools.org/show_bug.cgi?id=2604
635 -
636 ----
637 - ChangeLog | 10 ++++++++++
638 - libtiff/tif_luv.c | 20 +++++++++++++++-----
639 - libtiff/tif_pixarlog.c | 19 ++++++++++++++++---
640 - 3 files changed, 41 insertions(+), 8 deletions(-)
641 -
642 -diff --git a/libtiff/tif_luv.c b/libtiff/tif_luv.c
643 -index ca08f30a76b6..f42ac0131fee 100644
644 ---- a/libtiff/tif_luv.c
645 -+++ b/libtiff/tif_luv.c
646 -@@ -158,6 +158,7 @@
647 - typedef struct logLuvState LogLuvState;
648 -
649 - struct logLuvState {
650 -+ int encoder_state; /* 1 if encoder correctly initialized */
651 - int user_datafmt; /* user data format */
652 - int encode_meth; /* encoding method */
653 - int pixel_size; /* bytes per pixel */
654 -@@ -1552,6 +1553,7 @@ LogLuvSetupEncode(TIFF* tif)
655 - td->td_photometric, "must be either LogLUV or LogL");
656 - break;
657 - }
658 -+ sp->encoder_state = 1;
659 - return (1);
660 - notsupported:
661 - TIFFErrorExt(tif->tif_clientdata, module,
662 -@@ -1563,19 +1565,27 @@ notsupported:
663 - static void
664 - LogLuvClose(TIFF* tif)
665 - {
666 -+ LogLuvState* sp = (LogLuvState*) tif->tif_data;
667 - TIFFDirectory *td = &tif->tif_dir;
668 -
669 -+ assert(sp != 0);
670 - /*
671 - * For consistency, we always want to write out the same
672 - * bitspersample and sampleformat for our TIFF file,
673 - * regardless of the data format being used by the application.
674 - * Since this routine is called after tags have been set but
675 - * before they have been recorded in the file, we reset them here.
676 -+ * Note: this is really a nasty approach. See PixarLogClose
677 - */
678 -- td->td_samplesperpixel =
679 -- (td->td_photometric == PHOTOMETRIC_LOGL) ? 1 : 3;
680 -- td->td_bitspersample = 16;
681 -- td->td_sampleformat = SAMPLEFORMAT_INT;
682 -+ if( sp->encoder_state )
683 -+ {
684 -+ /* See PixarLogClose. Might avoid issues with tags whose size depends
685 -+ * on those below, but not completely sure this is enough. */
686 -+ td->td_samplesperpixel =
687 -+ (td->td_photometric == PHOTOMETRIC_LOGL) ? 1 : 3;
688 -+ td->td_bitspersample = 16;
689 -+ td->td_sampleformat = SAMPLEFORMAT_INT;
690 -+ }
691 - }
692 -
693 - static void
694 -diff --git a/libtiff/tif_pixarlog.c b/libtiff/tif_pixarlog.c
695 -index f4af2bab7ce5..9836dce63450 100644
696 ---- a/libtiff/tif_pixarlog.c
697 -+++ b/libtiff/tif_pixarlog.c
698 -@@ -1233,8 +1233,10 @@ PixarLogPostEncode(TIFF* tif)
699 - static void
700 - PixarLogClose(TIFF* tif)
701 - {
702 -+ PixarLogState* sp = (PixarLogState*) tif->tif_data;
703 - TIFFDirectory *td = &tif->tif_dir;
704 -
705 -+ assert(sp != 0);
706 - /* In a really sneaky (and really incorrect, and untruthful, and
707 - * troublesome, and error-prone) maneuver that completely goes against
708 - * the spirit of TIFF, and breaks TIFF, on close, we covertly
709 -@@ -1243,8 +1245,19 @@ PixarLogClose(TIFF* tif)
710 - * readers that don't know about PixarLog, or how to set
711 - * the PIXARLOGDATFMT pseudo-tag.
712 - */
713 -- td->td_bitspersample = 8;
714 -- td->td_sampleformat = SAMPLEFORMAT_UINT;
715 -+
716 -+ if (sp->state&PLSTATE_INIT) {
717 -+ /* We test the state to avoid an issue such as in
718 -+ * http://bugzilla.maptools.org/show_bug.cgi?id=2604
719 -+ * What appends in that case is that the bitspersample is 1 and
720 -+ * a TransferFunction is set. The size of the TransferFunction
721 -+ * depends on 1<<bitspersample. So if we increase it, an access
722 -+ * out of the buffer will happen at directory flushing.
723 -+ * Another option would be to clear those targs.
724 -+ */
725 -+ td->td_bitspersample = 8;
726 -+ td->td_sampleformat = SAMPLEFORMAT_UINT;
727 -+ }
728 - }
729 -
730 - static void
731 ---
732 -2.12.0
733 -
734
735 diff --git a/media-libs/tiff/files/tiff-4.0.7-bug2605.patch b/media-libs/tiff/files/tiff-4.0.7-bug2605.patch
736 deleted file mode 100644
737 index 335e4348d3f..00000000000
738 --- a/media-libs/tiff/files/tiff-4.0.7-bug2605.patch
739 +++ /dev/null
740 @@ -1,55 +0,0 @@
741 -From cd4832257daf222833ae172b3923268fec5b71b9 Mon Sep 17 00:00:00 2001
742 -From: Even Rouault <even.rouault@×××××××××.com>
743 -Date: Sat, 3 Dec 2016 16:50:02 +0000
744 -Subject: [PATCH] * tools/tiffcp.c: replace assert( (bps % 8) == 0 ) by a non
745 - assert check. Reported by Agostino Sarubbo. Fixes
746 - http://bugzilla.maptools.org/show_bug.cgi?id=2605
747 -
748 ----
749 - ChangeLog | 6 ++++++
750 - tools/tiffcp.c | 17 +++++++++++++----
751 - 2 files changed, 19 insertions(+), 4 deletions(-)
752 -
753 -diff --git a/tools/tiffcp.c b/tools/tiffcp.c
754 -index 6d96bb89f555..49c9d37125a6 100644
755 ---- a/tools/tiffcp.c
756 -+++ b/tools/tiffcp.c
757 -@@ -45,7 +45,6 @@
758 - #include <string.h>
759 -
760 - #include <ctype.h>
761 --#include <assert.h>
762 -
763 - #ifdef HAVE_UNISTD_H
764 - # include <unistd.h>
765 -@@ -1393,7 +1392,12 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer)
766 - status = 0;
767 - goto done;
768 - }
769 -- assert( bps % 8 == 0 );
770 -+ if( (bps % 8) != 0 )
771 -+ {
772 -+ TIFFError(TIFFFileName(in), "Error, cannot handle BitsPerSample that is not a multiple of 8");
773 -+ status = 0;
774 -+ goto done;
775 -+ }
776 - bytes_per_sample = bps/8;
777 -
778 - for (row = 0; row < imagelength; row += tl) {
779 -@@ -1584,7 +1588,12 @@ DECLAREwriteFunc(writeBufferToSeparateTiles)
780 - _TIFFfree(obuf);
781 - return 0;
782 - }
783 -- assert( bps % 8 == 0 );
784 -+ if( (bps % 8) != 0 )
785 -+ {
786 -+ TIFFError(TIFFFileName(out), "Error, cannot handle BitsPerSample that is not a multiple of 8");
787 -+ _TIFFfree(obuf);
788 -+ return 0;
789 -+ }
790 - bytes_per_sample = bps/8;
791 -
792 - for (row = 0; row < imagelength; row += tl) {
793 ---
794 -2.12.0
795 -
796
797 diff --git a/media-libs/tiff/files/tiff-4.0.7-bug2607.patch b/media-libs/tiff/files/tiff-4.0.7-bug2607.patch
798 deleted file mode 100644
799 index 532259e91cb..00000000000
800 --- a/media-libs/tiff/files/tiff-4.0.7-bug2607.patch
801 +++ /dev/null
802 @@ -1,41 +0,0 @@
803 -From c99f44478d6f0491da5b98c8cea14f565a021e22 Mon Sep 17 00:00:00 2001
804 -From: Even Rouault <even.rouault@×××××××××.com>
805 -Date: Sat, 3 Dec 2016 15:44:15 +0000
806 -Subject: [PATCH] * tools/tiffcp.c: avoid potential division by zero is
807 - BitsPerSamples tag is missing. Reported by Agostino Sarubbo. Fixes
808 - http://bugzilla.maptools.org/show_bug.cgi?id=2607
809 -
810 ----
811 - ChangeLog | 7 +++++++
812 - tools/tiffcp.c | 10 ++++++++--
813 - 2 files changed, 15 insertions(+), 2 deletions(-)
814 -
815 -diff --git a/tools/tiffcp.c b/tools/tiffcp.c
816 -index c8e48c3c2bb3..142cbb0ecfc2 100644
817 ---- a/tools/tiffcp.c
818 -+++ b/tools/tiffcp.c
819 -@@ -1569,7 +1569,7 @@ DECLAREwriteFunc(writeBufferToSeparateTiles)
820 - uint8* bufp = (uint8*) buf;
821 - uint32 tl, tw;
822 - uint32 row;
823 -- uint16 bps, bytes_per_sample;
824 -+ uint16 bps = 0, bytes_per_sample;
825 -
826 - obuf = _TIFFmalloc(TIFFTileSize(out));
827 - if (obuf == NULL)
828 -@@ -1578,6 +1578,12 @@ DECLAREwriteFunc(writeBufferToSeparateTiles)
829 - (void) TIFFGetField(out, TIFFTAG_TILELENGTH, &tl);
830 - (void) TIFFGetField(out, TIFFTAG_TILEWIDTH, &tw);
831 - (void) TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps);
832 -+ if( bps == 0 )
833 -+ {
834 -+ TIFFError(TIFFFileName(out), "Error, cannot read BitsPerSample");
835 -+ _TIFFfree(obuf);
836 -+ return 0;
837 -+ }
838 - assert( bps % 8 == 0 );
839 - bytes_per_sample = bps/8;
840 -
841 ---
842 -2.12.0
843 -
844
845 diff --git a/media-libs/tiff/files/tiff-4.0.7-bug2608.patch b/media-libs/tiff/files/tiff-4.0.7-bug2608.patch
846 deleted file mode 100644
847 index afe2c25a293..00000000000
848 --- a/media-libs/tiff/files/tiff-4.0.7-bug2608.patch
849 +++ /dev/null
850 @@ -1,104 +0,0 @@
851 -From 92adbddc283782d71d81dbccf72ed2c279f90097 Mon Sep 17 00:00:00 2001
852 -From: Even Rouault <even.rouault@×××××××××.com>
853 -Date: Sat, 3 Dec 2016 11:02:15 +0000
854 -Subject: [PATCH] * libtiff/tif_dirread.c: modify
855 - ChopUpSingleUncompressedStrip() to instanciate compute ntrips as
856 - TIFFhowmany_32(td->td_imagelength, rowsperstrip), instead of a logic based on
857 - the total size of data. Which is faulty is the total size of data is not
858 - sufficient to fill the whole image, and thus results in reading outside of
859 - the StripByCounts/StripOffsets arrays when using TIFFReadScanline(). Reported
860 - by Agostino Sarubbo. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2608.
861 -
862 -* libtiff/tif_strip.c: revert the change in TIFFNumberOfStrips() done
863 -for http://bugzilla.maptools.org/show_bug.cgi?id=2587 / CVE-2016-9273 since
864 -the above change is a better fix that makes it unnecessary.
865 ----
866 - ChangeLog | 15 +++++++++++++++
867 - libtiff/tif_dirread.c | 24 +++++++++++-------------
868 - libtiff/tif_strip.c | 11 +----------
869 - 3 files changed, 27 insertions(+), 23 deletions(-)
870 -
871 -diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
872 -index 01070f2ecebd..f2905286c0d0 100644
873 ---- a/libtiff/tif_dirread.c
874 -+++ b/libtiff/tif_dirread.c
875 -@@ -5502,8 +5502,7 @@ ChopUpSingleUncompressedStrip(TIFF* tif)
876 - uint64 rowblockbytes;
877 - uint64 stripbytes;
878 - uint32 strip;
879 -- uint64 nstrips64;
880 -- uint32 nstrips32;
881 -+ uint32 nstrips;
882 - uint32 rowsperstrip;
883 - uint64* newcounts;
884 - uint64* newoffsets;
885 -@@ -5534,18 +5533,17 @@ ChopUpSingleUncompressedStrip(TIFF* tif)
886 - return;
887 -
888 - /*
889 -- * never increase the number of strips in an image
890 -+ * never increase the number of rows per strip
891 - */
892 - if (rowsperstrip >= td->td_rowsperstrip)
893 - return;
894 -- nstrips64 = TIFFhowmany_64(bytecount, stripbytes);
895 -- if ((nstrips64==0)||(nstrips64>0xFFFFFFFF)) /* something is wonky, do nothing. */
896 -- return;
897 -- nstrips32 = (uint32)nstrips64;
898 -+ nstrips = TIFFhowmany_32(td->td_imagelength, rowsperstrip);
899 -+ if( nstrips == 0 )
900 -+ return;
901 -
902 -- newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64),
903 -+ newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
904 - "for chopped \"StripByteCounts\" array");
905 -- newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64),
906 -+ newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
907 - "for chopped \"StripOffsets\" array");
908 - if (newcounts == NULL || newoffsets == NULL) {
909 - /*
910 -@@ -5562,18 +5560,18 @@ ChopUpSingleUncompressedStrip(TIFF* tif)
911 - * Fill the strip information arrays with new bytecounts and offsets
912 - * that reflect the broken-up format.
913 - */
914 -- for (strip = 0; strip < nstrips32; strip++) {
915 -+ for (strip = 0; strip < nstrips; strip++) {
916 - if (stripbytes > bytecount)
917 - stripbytes = bytecount;
918 - newcounts[strip] = stripbytes;
919 -- newoffsets[strip] = offset;
920 -+ newoffsets[strip] = stripbytes ? offset : 0;
921 - offset += stripbytes;
922 - bytecount -= stripbytes;
923 - }
924 - /*
925 - * Replace old single strip info with multi-strip info.
926 - */
927 -- td->td_stripsperimage = td->td_nstrips = nstrips32;
928 -+ td->td_stripsperimage = td->td_nstrips = nstrips;
929 - TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, rowsperstrip);
930 -
931 - _TIFFfree(td->td_stripbytecount);
932 -diff --git a/libtiff/tif_strip.c b/libtiff/tif_strip.c
933 -index b6098dd31241..6e9f2ef6ddf2 100644
934 ---- a/libtiff/tif_strip.c
935 -+++ b/libtiff/tif_strip.c
936 -@@ -63,15 +63,6 @@ TIFFNumberOfStrips(TIFF* tif)
937 - TIFFDirectory *td = &tif->tif_dir;
938 - uint32 nstrips;
939 -
940 -- /* If the value was already computed and store in td_nstrips, then return it,
941 -- since ChopUpSingleUncompressedStrip might have altered and resized the
942 -- since the td_stripbytecount and td_stripoffset arrays to the new value
943 -- after the initial affectation of td_nstrips = TIFFNumberOfStrips() in
944 -- tif_dirread.c ~line 3612.
945 -- See http://bugzilla.maptools.org/show_bug.cgi?id=2587 */
946 -- if( td->td_nstrips )
947 -- return td->td_nstrips;
948 --
949 - nstrips = (td->td_rowsperstrip == (uint32) -1 ? 1 :
950 - TIFFhowmany_32(td->td_imagelength, td->td_rowsperstrip));
951 - if (td->td_planarconfig == PLANARCONFIG_SEPARATE)
952 ---
953 -2.12.0
954 -
955
956 diff --git a/media-libs/tiff/files/tiff-4.0.7-bug2610.patch b/media-libs/tiff/files/tiff-4.0.7-bug2610.patch
957 deleted file mode 100644
958 index f76e83922d6..00000000000
959 --- a/media-libs/tiff/files/tiff-4.0.7-bug2610.patch
960 +++ /dev/null
961 @@ -1,46 +0,0 @@
962 -From ee00edfbe833647d59ad87cac82f1b4c0c902179 Mon Sep 17 00:00:00 2001
963 -From: Even Rouault <even.rouault@×××××××××.com>
964 -Date: Sat, 3 Dec 2016 16:40:01 +0000
965 -Subject: [PATCH] * tools/tiffcp.c: fix uint32 underflow/overflow that can
966 - cause heap-based buffer overflow. Reported by Agostino Sarubbo. Fixes
967 - http://bugzilla.maptools.org/show_bug.cgi?id=2610
968 -
969 ----
970 - ChangeLog | 7 +++++++
971 - tools/tiffcp.c | 8 ++++----
972 - 2 files changed, 11 insertions(+), 4 deletions(-)
973 -
974 -diff --git a/tools/tiffcp.c b/tools/tiffcp.c
975 -index 142cbb0ecfc2..6d96bb89f555 100644
976 ---- a/tools/tiffcp.c
977 -+++ b/tools/tiffcp.c
978 -@@ -1163,7 +1163,7 @@ bad:
979 -
980 - static void
981 - cpStripToTile(uint8* out, uint8* in,
982 -- uint32 rows, uint32 cols, int outskew, int inskew)
983 -+ uint32 rows, uint32 cols, int outskew, int64 inskew)
984 - {
985 - while (rows-- > 0) {
986 - uint32 j = cols;
987 -@@ -1320,7 +1320,7 @@ DECLAREreadFunc(readContigTilesIntoBuffer)
988 - tdata_t tilebuf;
989 - uint32 imagew = TIFFScanlineSize(in);
990 - uint32 tilew = TIFFTileRowSize(in);
991 -- int iskew = imagew - tilew;
992 -+ int64 iskew = (int64)imagew - (int64)tilew;
993 - uint8* bufp = (uint8*) buf;
994 - uint32 tw, tl;
995 - uint32 row;
996 -@@ -1348,7 +1348,7 @@ DECLAREreadFunc(readContigTilesIntoBuffer)
997 - status = 0;
998 - goto done;
999 - }
1000 -- if (colb + tilew > imagew) {
1001 -+ if (colb > iskew) {
1002 - uint32 width = imagew - colb;
1003 - uint32 oskew = tilew - width;
1004 - cpStripToTile(bufp + colb,
1005 ---
1006 -2.12.0
1007 -
1008
1009 diff --git a/media-libs/tiff/files/tiff-4.0.7-bug2619.patch b/media-libs/tiff/files/tiff-4.0.7-bug2619.patch
1010 deleted file mode 100644
1011 index 0e0053883a3..00000000000
1012 --- a/media-libs/tiff/files/tiff-4.0.7-bug2619.patch
1013 +++ /dev/null
1014 @@ -1,46 +0,0 @@
1015 -From cb840651f037c59895b67d44b46a34127bb082dd Mon Sep 17 00:00:00 2001
1016 -From: Even Rouault <even.rouault@×××××××××.com>
1017 -Date: Sat, 3 Dec 2016 13:00:03 +0000
1018 -Subject: [PATCH] * tools/tiffcrop.c: fix integer division by zero when
1019 - BitsPerSample is missing. Reported by Agostina Sarubo. Fixes
1020 - http://bugzilla.maptools.org/show_bug.cgi?id=2619
1021 -
1022 ----
1023 - ChangeLog | 6 ++++++
1024 - tools/tiffcrop.c | 8 ++++----
1025 - 2 files changed, 10 insertions(+), 4 deletions(-)
1026 -
1027 -diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
1028 -index 9122aab37530..21dd08720d77 100644
1029 ---- a/tools/tiffcrop.c
1030 -+++ b/tools/tiffcrop.c
1031 -@@ -1164,7 +1164,7 @@ writeBufferToSeparateStrips (TIFF* out, uint8* buf,
1032 - tdata_t obuf;
1033 -
1034 - (void) TIFFGetFieldDefaulted(out, TIFFTAG_ROWSPERSTRIP, &rowsperstrip);
1035 -- (void) TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps);
1036 -+ (void) TIFFGetFieldDefaulted(out, TIFFTAG_BITSPERSAMPLE, &bps);
1037 - bytes_per_sample = (bps + 7) / 8;
1038 - if( width == 0 ||
1039 - (uint32)bps * (uint32)spp > TIFF_UINT32_MAX / width ||
1040 -@@ -4760,7 +4760,7 @@ static int readSeparateStripsIntoBuffer (TIFF *in, uint8 *obuf, uint32 length,
1041 - int i, bytes_per_sample, bytes_per_pixel, shift_width, result = 1;
1042 - uint32 j;
1043 - int32 bytes_read = 0;
1044 -- uint16 bps, planar;
1045 -+ uint16 bps = 0, planar;
1046 - uint32 nstrips;
1047 - uint32 strips_per_sample;
1048 - uint32 src_rowsize, dst_rowsize, rows_processed, rps;
1049 -@@ -4780,7 +4780,7 @@ static int readSeparateStripsIntoBuffer (TIFF *in, uint8 *obuf, uint32 length,
1050 - }
1051 -
1052 - memset (srcbuffs, '\0', sizeof(srcbuffs));
1053 -- TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
1054 -+ TIFFGetFieldDefaulted(in, TIFFTAG_BITSPERSAMPLE, &bps);
1055 - TIFFGetFieldDefaulted(in, TIFFTAG_PLANARCONFIG, &planar);
1056 - TIFFGetFieldDefaulted(in, TIFFTAG_ROWSPERSTRIP, &rps);
1057 - if (rps > length)
1058 ---
1059 -2.12.0
1060 -
1061
1062 diff --git a/media-libs/tiff/files/tiff-4.0.7-bug2620.patch b/media-libs/tiff/files/tiff-4.0.7-bug2620.patch
1063 deleted file mode 100644
1064 index 1b37177c5f9..00000000000
1065 --- a/media-libs/tiff/files/tiff-4.0.7-bug2620.patch
1066 +++ /dev/null
1067 @@ -1,29 +0,0 @@
1068 -From 76c4b35f114bc9614700accd22cc4a0b4b6b92d3 Mon Sep 17 00:00:00 2001
1069 -From: Even Rouault <even.rouault@×××××××××.com>
1070 -Date: Sat, 3 Dec 2016 11:35:56 +0000
1071 -Subject: [PATCH] * tools/tiffcrop.c: fix readContigStripsIntoBuffer() in -i
1072 - (ignore) mode so that the output buffer is correctly incremented to avoid
1073 - write outside bounds. Reported by Agostino Sarubbo. Fixes
1074 - http://bugzilla.maptools.org/show_bug.cgi?id=2620
1075 -
1076 ----
1077 - ChangeLog | 7 +++++++
1078 - tools/tiffcrop.c | 4 ++--
1079 - 2 files changed, 9 insertions(+), 2 deletions(-)
1080 -
1081 -diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
1082 -index 722b132cee6d..bdcbd63ed70b 100644
1083 ---- a/tools/tiffcrop.c
1084 -+++ b/tools/tiffcrop.c
1085 -@@ -3698,7 +3698,7 @@ static int readContigStripsIntoBuffer (TIFF* in, uint8* buf)
1086 - (unsigned long) strip, (unsigned long)rows);
1087 - return 0;
1088 - }
1089 -- bufp += bytes_read;
1090 -+ bufp += stripsize;
1091 - }
1092 -
1093 - return 1;
1094 ---
1095 -2.12.0
1096 -
1097
1098 diff --git a/media-libs/tiff/files/tiff-4.0.7-bug2621.patch b/media-libs/tiff/files/tiff-4.0.7-bug2621.patch
1099 deleted file mode 100644
1100 index 7bb1d57e3e9..00000000000
1101 --- a/media-libs/tiff/files/tiff-4.0.7-bug2621.patch
1102 +++ /dev/null
1103 @@ -1,49 +0,0 @@
1104 -From d7045ed1501ec99c4e56174813bb1cb5c9a559ef Mon Sep 17 00:00:00 2001
1105 -From: Even Rouault <even.rouault@×××××××××.com>
1106 -Date: Sat, 3 Dec 2016 12:19:32 +0000
1107 -Subject: [PATCH] * tools/tiffcrop.c: add 3 extra bytes at end of strip buffer
1108 - in readSeparateStripsIntoBuffer() to avoid read outside of heap allocated
1109 - buffer. Reported by Agostina Sarubo. Fixes
1110 - http://bugzilla.maptools.org/show_bug.cgi?id=2621
1111 -
1112 ----
1113 - ChangeLog | 7 +++++++
1114 - tools/tiffcrop.c | 14 ++++++++++++--
1115 - 2 files changed, 19 insertions(+), 2 deletions(-)
1116 -
1117 -diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
1118 -index bdcbd63ed70b..9122aab37530 100644
1119 ---- a/tools/tiffcrop.c
1120 -+++ b/tools/tiffcrop.c
1121 -@@ -4815,10 +4815,17 @@ static int readSeparateStripsIntoBuffer (TIFF *in, uint8 *obuf, uint32 length,
1122 - nstrips = TIFFNumberOfStrips(in);
1123 - strips_per_sample = nstrips /spp;
1124 -
1125 -+ /* Add 3 padding bytes for combineSeparateSamples32bits */
1126 -+ if( (size_t) stripsize > 0xFFFFFFFFU - 3U )
1127 -+ {
1128 -+ TIFFError("readSeparateStripsIntoBuffer", "Integer overflow when calculating buffer size.");
1129 -+ exit(-1);
1130 -+ }
1131 -+
1132 - for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++)
1133 - {
1134 - srcbuffs[s] = NULL;
1135 -- buff = _TIFFmalloc(stripsize);
1136 -+ buff = _TIFFmalloc(stripsize + 3);
1137 - if (!buff)
1138 - {
1139 - TIFFError ("readSeparateStripsIntoBuffer",
1140 -@@ -4827,6 +4834,9 @@ static int readSeparateStripsIntoBuffer (TIFF *in, uint8 *obuf, uint32 length,
1141 - _TIFFfree (srcbuffs[i]);
1142 - return 0;
1143 - }
1144 -+ buff[stripsize] = 0;
1145 -+ buff[stripsize+1] = 0;
1146 -+ buff[stripsize+2] = 0;
1147 - srcbuffs[s] = buff;
1148 - }
1149 -
1150 ---
1151 -2.12.0
1152 -
1153
1154 diff --git a/media-libs/tiff/files/tiff-4.0.7-bug2627.patch b/media-libs/tiff/files/tiff-4.0.7-bug2627.patch
1155 deleted file mode 100644
1156 index 11a3f3cd3f5..00000000000
1157 --- a/media-libs/tiff/files/tiff-4.0.7-bug2627.patch
1158 +++ /dev/null
1159 @@ -1,59 +0,0 @@
1160 -From f88bfadb6d1fac1d0d081058216da659e1f5a628 Mon Sep 17 00:00:00 2001
1161 -From: Even Rouault <even.rouault@×××××××××.com>
1162 -Date: Sun, 18 Dec 2016 22:28:42 +0000
1163 -Subject: [PATCH] * libtiff/tif_getimage.c: fix potential memory leaks in error
1164 - code path of TIFFRGBAImageBegin(). Fixes
1165 - http://bugzilla.maptools.org/show_bug.cgi?id=2627
1166 -
1167 ----
1168 - ChangeLog | 6 ++++++
1169 - libtiff/tif_getimage.c | 21 +++++++++------------
1170 - 2 files changed, 15 insertions(+), 12 deletions(-)
1171 -
1172 -diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c
1173 -index c0eb6df0b09a..2ea838556732 100644
1174 ---- a/libtiff/tif_getimage.c
1175 -+++ b/libtiff/tif_getimage.c
1176 -@@ -283,6 +283,13 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int stop, char emsg[1024])
1177 - img->redcmap = NULL;
1178 - img->greencmap = NULL;
1179 - img->bluecmap = NULL;
1180 -+ img->Map = NULL;
1181 -+ img->BWmap = NULL;
1182 -+ img->PALmap = NULL;
1183 -+ img->ycbcr = NULL;
1184 -+ img->cielab = NULL;
1185 -+ img->UaToAa = NULL;
1186 -+ img->Bitdepth16To8 = NULL;
1187 - img->req_orientation = ORIENTATION_BOTLEFT; /* It is the default */
1188 -
1189 - img->tif = tif;
1190 -@@ -468,13 +475,6 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int stop, char emsg[1024])
1191 - photoTag, img->photometric);
1192 - goto fail_return;
1193 - }
1194 -- img->Map = NULL;
1195 -- img->BWmap = NULL;
1196 -- img->PALmap = NULL;
1197 -- img->ycbcr = NULL;
1198 -- img->cielab = NULL;
1199 -- img->UaToAa = NULL;
1200 -- img->Bitdepth16To8 = NULL;
1201 - TIFFGetField(tif, TIFFTAG_IMAGEWIDTH, &img->width);
1202 - TIFFGetField(tif, TIFFTAG_IMAGELENGTH, &img->height);
1203 - TIFFGetFieldDefaulted(tif, TIFFTAG_ORIENTATION, &img->orientation);
1204 -@@ -494,10 +494,7 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int stop, char emsg[1024])
1205 - return 1;
1206 -
1207 - fail_return:
1208 -- _TIFFfree( img->redcmap );
1209 -- _TIFFfree( img->greencmap );
1210 -- _TIFFfree( img->bluecmap );
1211 -- img->redcmap = img->greencmap = img->bluecmap = NULL;
1212 -+ TIFFRGBAImageEnd( img );
1213 - return 0;
1214 - }
1215 -
1216 ---
1217 -2.12.0
1218 -
1219
1220 diff --git a/media-libs/tiff/files/tiff-4.0.7-bug2631.patch b/media-libs/tiff/files/tiff-4.0.7-bug2631.patch
1221 deleted file mode 100644
1222 index 6e1011b072d..00000000000
1223 --- a/media-libs/tiff/files/tiff-4.0.7-bug2631.patch
1224 +++ /dev/null
1225 @@ -1,34 +0,0 @@
1226 -From 101253c74cde97203dab28c4f3bd0994cea5804c Mon Sep 17 00:00:00 2001
1227 -From: Even Rouault <even.rouault@×××××××××.com>
1228 -Date: Sat, 14 Jan 2017 13:12:33 +0000
1229 -Subject: [PATCH] * tools/raw2tiff.c: avoid integer division by zero. Fixes
1230 - http://bugzilla.maptools.org/show_bug.cgi?id=2631
1231 -
1232 ----
1233 - ChangeLog | 5 +++++
1234 - tools/raw2tiff.c | 10 ++++++++--
1235 - 2 files changed, 13 insertions(+), 2 deletions(-)
1236 -
1237 -diff --git a/tools/raw2tiff.c b/tools/raw2tiff.c
1238 -index 7298e80a95c9..083e9ee73f0f 100644
1239 ---- a/tools/raw2tiff.c
1240 -+++ b/tools/raw2tiff.c
1241 -@@ -408,8 +408,14 @@ guessSize(int fd, TIFFDataType dtype, _TIFF_off_t hdr_size, uint32 nbands,
1242 - } else if (*width == 0 && *length == 0) {
1243 - unsigned int fail = 0;
1244 - fprintf(stderr, "Image width and height are not specified.\n");
1245 -+ w = (uint32) sqrt(imagesize / longt);
1246 -+ if( w == 0 )
1247 -+ {
1248 -+ fprintf(stderr, "Too small image size.\n");
1249 -+ return -1;
1250 -+ }
1251 -
1252 -- for (w = (uint32) sqrt(imagesize / longt);
1253 -+ for (;
1254 - w < sqrt(imagesize * longt);
1255 - w++) {
1256 - if (imagesize % w == 0) {
1257 ---
1258 -2.12.0
1259 -
1260
1261 diff --git a/media-libs/tiff/files/tiff-4.0.7-bug2633-bug2634.patch b/media-libs/tiff/files/tiff-4.0.7-bug2633-bug2634.patch
1262 deleted file mode 100644
1263 index d68e86ebea2..00000000000
1264 --- a/media-libs/tiff/files/tiff-4.0.7-bug2633-bug2634.patch
1265 +++ /dev/null
1266 @@ -1,41 +0,0 @@
1267 -From 95a32fbbadf54e7527c7e3b66fd603503b29dde9 Mon Sep 17 00:00:00 2001
1268 -From: Even Rouault <even.rouault@×××××××××.com>
1269 -Date: Sat, 17 Dec 2016 19:45:28 +0000
1270 -Subject: [PATCH] * tools/tiff2ps.c: fix 2 heap-based buffer overflows (in
1271 - PSDataBW and PSDataColorContig). Reported by Agostino Sarubbo. Fixes
1272 - http://bugzilla.maptools.org/show_bug.cgi?id=2633 and
1273 - http://bugzilla.maptools.org/show_bug.cgi?id=2634.
1274 -
1275 ----
1276 - ChangeLog | 7 +++++++
1277 - tools/tiff2ps.c | 9 +++++++--
1278 - 2 files changed, 14 insertions(+), 2 deletions(-)
1279 -
1280 -diff --git a/tools/tiff2ps.c b/tools/tiff2ps.c
1281 -index 82a5d84b41f5..71df4309ee0c 100644
1282 ---- a/tools/tiff2ps.c
1283 -+++ b/tools/tiff2ps.c
1284 -@@ -2440,6 +2440,11 @@ PSDataColorContig(FILE* fd, TIFF* tif, uint32 w, uint32 h, int nc)
1285 - unsigned char *cp, c;
1286 -
1287 - (void) w;
1288 -+ if( es <= 0 )
1289 -+ {
1290 -+ TIFFError(filename, "Inconsistent value of es: %d", es);
1291 -+ return;
1292 -+ }
1293 - tf_buf = (unsigned char *) _TIFFmalloc(tf_bytesperrow);
1294 - if (tf_buf == NULL) {
1295 - TIFFError(filename, "No space for scanline buffer");
1296 -@@ -2692,7 +2697,7 @@ PSDataBW(FILE* fd, TIFF* tif, uint32 w, uint32 h)
1297 -
1298 - if (alpha) {
1299 - int adjust;
1300 -- while (cc-- > 0) {
1301 -+ while (cc-- > 1) {
1302 - DOBREAK(breaklen, 1, fd);
1303 - /*
1304 - * For images with alpha, matte against
1305 ---
1306 -2.12.0
1307 -
1308
1309 diff --git a/media-libs/tiff/files/tiff-4.0.7-bug2635.patch b/media-libs/tiff/files/tiff-4.0.7-bug2635.patch
1310 deleted file mode 100644
1311 index 8756115c905..00000000000
1312 --- a/media-libs/tiff/files/tiff-4.0.7-bug2635.patch
1313 +++ /dev/null
1314 @@ -1,33 +0,0 @@
1315 -From a7b470d67f2b98599b2c9cd9945db6eea735cc47 Mon Sep 17 00:00:00 2001
1316 -From: Even Rouault <even.rouault@×××××××××.com>
1317 -Date: Sun, 18 Dec 2016 10:37:59 +0000
1318 -Subject: [PATCH] * tools/tiff2pdf.c: prevent heap-based buffer overflow in -j
1319 - mode on a paletted image. Note: this fix errors out before the overflow
1320 - happens. There could probably be a better fix. Fixes
1321 - http://bugzilla.maptools.org/show_bug.cgi?id=2635
1322 -
1323 ----
1324 - ChangeLog | 7 +++++++
1325 - tools/tiff2pdf.c | 8 +++++++-
1326 - 2 files changed, 14 insertions(+), 1 deletion(-)
1327 -
1328 -diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c
1329 -index fe8a6ea7e101..afea414bebf6 100644
1330 ---- a/tools/tiff2pdf.c
1331 -+++ b/tools/tiff2pdf.c
1332 -@@ -3654,6 +3654,12 @@ tsize_t t2p_sample_realize_palette(T2P* t2p, unsigned char* buffer){
1333 - uint32 j=0;
1334 - sample_count=t2p->tiff_width*t2p->tiff_length;
1335 - component_count=t2p->tiff_samplesperpixel;
1336 -+ if( sample_count * component_count > t2p->tiff_datasize )
1337 -+ {
1338 -+ TIFFError(TIFF2PDF_MODULE, "Error: sample_count * component_count > t2p->tiff_datasize");
1339 -+ t2p->t2p_error = T2P_ERR_ERROR;
1340 -+ return 1;
1341 -+ }
1342 -
1343 - for(i=sample_count;i>0;i--){
1344 - palette_offset=buffer[i-1] * component_count;
1345 ---
1346 -2.12.0
1347 -
1348
1349 diff --git a/media-libs/tiff/files/tiff-4.0.7-bug2638.patch b/media-libs/tiff/files/tiff-4.0.7-bug2638.patch
1350 deleted file mode 100644
1351 index 15541576c58..00000000000
1352 --- a/media-libs/tiff/files/tiff-4.0.7-bug2638.patch
1353 +++ /dev/null
1354 @@ -1,29 +0,0 @@
1355 -From 9f5536843f2ae641542bb81a3023dbc581fac184 Mon Sep 17 00:00:00 2001
1356 -From: Even Rouault <even.rouault@×××××××××.com>
1357 -Date: Tue, 20 Dec 2016 17:13:26 +0000
1358 -Subject: [PATCH] * tools/tiff2pdf.c: fix wrong usage of memcpy() that can
1359 - trigger unspecified behaviour. Fixes
1360 - http://bugzilla.maptools.org/show_bug.cgi?id=2638
1361 -
1362 ----
1363 - ChangeLog | 6 ++++++
1364 - tools/tiff2pdf.c | 5 +++--
1365 - 2 files changed, 9 insertions(+), 2 deletions(-)
1366 -
1367 -diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c
1368 -index afea414bebf6..78ffa77d123a 100644
1369 ---- a/tools/tiff2pdf.c
1370 -+++ b/tools/tiff2pdf.c
1371 -@@ -3593,7 +3593,8 @@ void t2p_tile_collapse_left(
1372 -
1373 - edgescanwidth = (scanwidth * edgetilewidth + (tilewidth - 1))/ tilewidth;
1374 - for(i=0;i<tilelength;i++){
1375 -- _TIFFmemcpy(
1376 -+ /* We use memmove() since there can be overlaps in src and dst buffers for the first items */
1377 -+ memmove(
1378 - &(((char*)buffer)[edgescanwidth*i]),
1379 - &(((char*)buffer)[scanwidth*i]),
1380 - edgescanwidth);
1381 ---
1382 -2.12.0
1383 -
1384
1385 diff --git a/media-libs/tiff/files/tiff-4.0.7-bug2639.patch b/media-libs/tiff/files/tiff-4.0.7-bug2639.patch
1386 deleted file mode 100644
1387 index b894775dc70..00000000000
1388 --- a/media-libs/tiff/files/tiff-4.0.7-bug2639.patch
1389 +++ /dev/null
1390 @@ -1,58 +0,0 @@
1391 -From 6a61192a98665d870dcb835452cb9c5757ccd27c Mon Sep 17 00:00:00 2001
1392 -From: Even Rouault <even.rouault@×××××××××.com>
1393 -Date: Tue, 20 Dec 2016 17:24:35 +0000
1394 -Subject: [PATCH] * tools/tiff2pdf.c: avoid potential invalid memory read in
1395 - t2p_writeproc. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2639
1396 -
1397 ----
1398 - ChangeLog | 6 ++++++
1399 - tools/tiff2pdf.c | 20 +++++++++++---------
1400 - 2 files changed, 17 insertions(+), 9 deletions(-)
1401 -
1402 -diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c
1403 -index 78ffa77d123a..5348f1a765fe 100644
1404 ---- a/tools/tiff2pdf.c
1405 -+++ b/tools/tiff2pdf.c
1406 -@@ -2896,6 +2896,7 @@ tsize_t t2p_readwrite_pdf_image_tile(T2P* t2p, TIFF* input, TIFF* output, ttile_
1407 - }
1408 - if(TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt) != 0) {
1409 - if (count >= 4) {
1410 -+ int retTIFFReadRawTile;
1411 - /* Ignore EOI marker of JpegTables */
1412 - _TIFFmemcpy(buffer, jpt, count - 2);
1413 - bufferoffset += count - 2;
1414 -@@ -2903,22 +2904,23 @@ tsize_t t2p_readwrite_pdf_image_tile(T2P* t2p, TIFF* input, TIFF* output, ttile_
1415 - table_end[0] = buffer[bufferoffset-2];
1416 - table_end[1] = buffer[bufferoffset-1];
1417 - xuint32 = bufferoffset;
1418 -- bufferoffset -= 2;
1419 -- bufferoffset += TIFFReadRawTile(
1420 -+ bufferoffset -= 2;
1421 -+ retTIFFReadRawTile= TIFFReadRawTile(
1422 - input,
1423 - tile,
1424 - (tdata_t) &(((unsigned char*)buffer)[bufferoffset]),
1425 - -1);
1426 -+ if( retTIFFReadRawTile < 0 )
1427 -+ {
1428 -+ _TIFFfree(buffer);
1429 -+ t2p->t2p_error = T2P_ERR_ERROR;
1430 -+ return(0);
1431 -+ }
1432 -+ bufferoffset += retTIFFReadRawTile;
1433 - /* Overwrite SOI marker of image scan with previously */
1434 - /* saved end of JpegTables */
1435 - buffer[xuint32-2]=table_end[0];
1436 - buffer[xuint32-1]=table_end[1];
1437 -- } else {
1438 -- bufferoffset += TIFFReadRawTile(
1439 -- input,
1440 -- tile,
1441 -- (tdata_t) &(((unsigned char*)buffer)[bufferoffset]),
1442 -- -1);
1443 - }
1444 - }
1445 - t2pWriteFile(output, (tdata_t) buffer, bufferoffset);
1446 ---
1447 -2.12.0
1448 -
1449
1450 diff --git a/media-libs/tiff/files/tiff-4.0.7-bug2640.patch b/media-libs/tiff/files/tiff-4.0.7-bug2640.patch
1451 deleted file mode 100644
1452 index 2569f47a54b..00000000000
1453 --- a/media-libs/tiff/files/tiff-4.0.7-bug2640.patch
1454 +++ /dev/null
1455 @@ -1,28 +0,0 @@
1456 -From 548b62fae49637b621766c721884d59a55c9a2d8 Mon Sep 17 00:00:00 2001
1457 -From: Even Rouault <even.rouault@×××××××××.com>
1458 -Date: Tue, 20 Dec 2016 17:28:17 +0000
1459 -Subject: [PATCH] * tools/tiff2pdf.c: avoid potential heap-based overflow in
1460 - t2p_readwrite_pdf_image_tile(). Fixes
1461 - http://bugzilla.maptools.org/show_bug.cgi?id=2640
1462 -
1463 ----
1464 - ChangeLog | 6 ++++++
1465 - tools/tiff2pdf.c | 4 ++--
1466 - 2 files changed, 8 insertions(+), 2 deletions(-)
1467 -
1468 -diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c
1469 -index 5348f1a765fe..8e4e24ef9e82 100644
1470 ---- a/tools/tiff2pdf.c
1471 -+++ b/tools/tiff2pdf.c
1472 -@@ -2895,7 +2895,7 @@ tsize_t t2p_readwrite_pdf_image_tile(T2P* t2p, TIFF* input, TIFF* output, ttile_
1473 - return(0);
1474 - }
1475 - if(TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt) != 0) {
1476 -- if (count >= 4) {
1477 -+ if (count > 4) {
1478 - int retTIFFReadRawTile;
1479 - /* Ignore EOI marker of JpegTables */
1480 - _TIFFmemcpy(buffer, jpt, count - 2);
1481 ---
1482 -2.12.0
1483 -
1484
1485 diff --git a/media-libs/tiff/files/tiff-4.0.7-bug2642-bug2643-bug2646-bug2647.patch b/media-libs/tiff/files/tiff-4.0.7-bug2642-bug2643-bug2646-bug2647.patch
1486 deleted file mode 100644
1487 index 6f01774b9d5..00000000000
1488 --- a/media-libs/tiff/files/tiff-4.0.7-bug2642-bug2643-bug2646-bug2647.patch
1489 +++ /dev/null
1490 @@ -1,278 +0,0 @@
1491 -From f049eba476a1ed60adc6534452ccf0022c2d1908 Mon Sep 17 00:00:00 2001
1492 -From: Even Rouault <even.rouault@×××××××××.com>
1493 -Date: Wed, 11 Jan 2017 16:09:02 +0000
1494 -Subject: [PATCH] * libtiff/tif_dir.c, tif_dirread.c, tif_dirwrite.c: implement
1495 - various clampings of double to other data types to avoid undefined behaviour
1496 - if the output range isn't big enough to hold the input value. Fixes
1497 - http://bugzilla.maptools.org/show_bug.cgi?id=2643
1498 - http://bugzilla.maptools.org/show_bug.cgi?id=2642
1499 - http://bugzilla.maptools.org/show_bug.cgi?id=2646
1500 - http://bugzilla.maptools.org/show_bug.cgi?id=2647
1501 -
1502 ----
1503 - ChangeLog | 10 ++++++
1504 - libtiff/tif_dir.c | 20 ++++++++---
1505 - libtiff/tif_dirread.c | 12 +++++--
1506 - libtiff/tif_dirwrite.c | 92 ++++++++++++++++++++++++++++++++++++++++++++------
1507 - 4 files changed, 116 insertions(+), 18 deletions(-)
1508 -
1509 -diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c
1510 -index 2574e748b3be..36c7ae57641a 100644
1511 ---- a/libtiff/tif_dir.c
1512 -+++ b/libtiff/tif_dir.c
1513 -@@ -31,6 +31,7 @@
1514 - * (and also some miscellaneous stuff)
1515 - */
1516 - #include "tiffiop.h"
1517 -+#include <float.h>
1518 -
1519 - /*
1520 - * These are used in the backwards compatibility code...
1521 -@@ -154,6 +155,15 @@ bad:
1522 - return (0);
1523 - }
1524 -
1525 -+static float TIFFClampDoubleToFloat( double val )
1526 -+{
1527 -+ if( val > FLT_MAX )
1528 -+ return FLT_MAX;
1529 -+ if( val < -FLT_MAX )
1530 -+ return -FLT_MAX;
1531 -+ return (float)val;
1532 -+}
1533 -+
1534 - static int
1535 - _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap)
1536 - {
1537 -@@ -312,13 +322,13 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap)
1538 - dblval = va_arg(ap, double);
1539 - if( dblval < 0 )
1540 - goto badvaluedouble;
1541 -- td->td_xresolution = (float) dblval;
1542 -+ td->td_xresolution = TIFFClampDoubleToFloat( dblval );
1543 - break;
1544 - case TIFFTAG_YRESOLUTION:
1545 - dblval = va_arg(ap, double);
1546 - if( dblval < 0 )
1547 - goto badvaluedouble;
1548 -- td->td_yresolution = (float) dblval;
1549 -+ td->td_yresolution = TIFFClampDoubleToFloat( dblval );
1550 - break;
1551 - case TIFFTAG_PLANARCONFIG:
1552 - v = (uint16) va_arg(ap, uint16_vap);
1553 -@@ -327,10 +337,10 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap)
1554 - td->td_planarconfig = (uint16) v;
1555 - break;
1556 - case TIFFTAG_XPOSITION:
1557 -- td->td_xposition = (float) va_arg(ap, double);
1558 -+ td->td_xposition = TIFFClampDoubleToFloat( va_arg(ap, double) );
1559 - break;
1560 - case TIFFTAG_YPOSITION:
1561 -- td->td_yposition = (float) va_arg(ap, double);
1562 -+ td->td_yposition = TIFFClampDoubleToFloat( va_arg(ap, double) );
1563 - break;
1564 - case TIFFTAG_RESOLUTIONUNIT:
1565 - v = (uint16) va_arg(ap, uint16_vap);
1566 -diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
1567 -index eae3430612d0..f8628fd6d5d2 100644
1568 ---- a/libtiff/tif_dirread.c
1569 -+++ b/libtiff/tif_dirread.c
1570 -@@ -40,6 +40,7 @@
1571 - */
1572 -
1573 - #include "tiffiop.h"
1574 -+#include <float.h>
1575 -
1576 - #define IGNORE 0 /* tag placeholder used below */
1577 - #define FAILED_FII ((uint32) -1)
1578 -@@ -2406,7 +2407,14 @@ static enum TIFFReadDirEntryErr TIFFReadDirEntryFloatArray(TIFF* tif, TIFFDirEnt
1579 - ma=(double*)origdata;
1580 - mb=data;
1581 - for (n=0; n<count; n++)
1582 -- *mb++=(float)(*ma++);
1583 -+ {
1584 -+ double val = *ma++;
1585 -+ if( val > FLT_MAX )
1586 -+ val = FLT_MAX;
1587 -+ else if( val < -FLT_MAX )
1588 -+ val = -FLT_MAX;
1589 -+ *mb++=(float)val;
1590 -+ }
1591 - }
1592 - break;
1593 - }
1594 -diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
1595 -index 055324db078f..f7339685130d 100644
1596 ---- a/libtiff/tif_dirwrite.c
1597 -+++ b/libtiff/tif_dirwrite.c
1598 -@@ -30,6 +30,7 @@
1599 - * Directory Write Support Routines.
1600 - */
1601 - #include "tiffiop.h"
1602 -+#include <float.h>
1603 -
1604 - #ifdef HAVE_IEEEFP
1605 - #define TIFFCvtNativeToIEEEFloat(tif, n, fp)
1606 -@@ -939,6 +940,69 @@ bad:
1607 - return(0);
1608 - }
1609 -
1610 -+static float TIFFClampDoubleToFloat( double val )
1611 -+{
1612 -+ if( val > FLT_MAX )
1613 -+ return FLT_MAX;
1614 -+ if( val < -FLT_MAX )
1615 -+ return -FLT_MAX;
1616 -+ return (float)val;
1617 -+}
1618 -+
1619 -+static int8 TIFFClampDoubleToInt8( double val )
1620 -+{
1621 -+ if( val > 127 )
1622 -+ return 127;
1623 -+ if( val < -128 || val != val )
1624 -+ return -128;
1625 -+ return (int8)val;
1626 -+}
1627 -+
1628 -+static int16 TIFFClampDoubleToInt16( double val )
1629 -+{
1630 -+ if( val > 32767 )
1631 -+ return 32767;
1632 -+ if( val < -32768 || val != val )
1633 -+ return -32768;
1634 -+ return (int16)val;
1635 -+}
1636 -+
1637 -+static int32 TIFFClampDoubleToInt32( double val )
1638 -+{
1639 -+ if( val > 0x7FFFFFFF )
1640 -+ return 0x7FFFFFFF;
1641 -+ if( val < -0x7FFFFFFF-1 || val != val )
1642 -+ return -0x7FFFFFFF-1;
1643 -+ return (int32)val;
1644 -+}
1645 -+
1646 -+static uint8 TIFFClampDoubleToUInt8( double val )
1647 -+{
1648 -+ if( val < 0 )
1649 -+ return 0;
1650 -+ if( val > 255 || val != val )
1651 -+ return 255;
1652 -+ return (uint8)val;
1653 -+}
1654 -+
1655 -+static uint16 TIFFClampDoubleToUInt16( double val )
1656 -+{
1657 -+ if( val < 0 )
1658 -+ return 0;
1659 -+ if( val > 65535 || val != val )
1660 -+ return 65535;
1661 -+ return (uint16)val;
1662 -+}
1663 -+
1664 -+static uint32 TIFFClampDoubleToUInt32( double val )
1665 -+{
1666 -+ if( val < 0 )
1667 -+ return 0;
1668 -+ if( val > 0xFFFFFFFFU || val != val )
1669 -+ return 0xFFFFFFFFU;
1670 -+ return (uint32)val;
1671 -+}
1672 -+
1673 - static int
1674 - TIFFWriteDirectoryTagSampleformatArray(TIFF* tif, uint32* ndir, TIFFDirEntry* dir, uint16 tag, uint32 count, double* value)
1675 - {
1676 -@@ -959,7 +1023,7 @@ TIFFWriteDirectoryTagSampleformatArray(TIFF* tif, uint32* ndir, TIFFDirEntry* di
1677 - if (tif->tif_dir.td_bitspersample<=32)
1678 - {
1679 - for (i = 0; i < count; ++i)
1680 -- ((float*)conv)[i] = (float)value[i];
1681 -+ ((float*)conv)[i] = TIFFClampDoubleToFloat(value[i]);
1682 - ok = TIFFWriteDirectoryTagFloatArray(tif,ndir,dir,tag,count,(float*)conv);
1683 - }
1684 - else
1685 -@@ -971,19 +1035,19 @@ TIFFWriteDirectoryTagSampleformatArray(TIFF* tif, uint32* ndir, TIFFDirEntry* di
1686 - if (tif->tif_dir.td_bitspersample<=8)
1687 - {
1688 - for (i = 0; i < count; ++i)
1689 -- ((int8*)conv)[i] = (int8)value[i];
1690 -+ ((int8*)conv)[i] = TIFFClampDoubleToInt8(value[i]);
1691 - ok = TIFFWriteDirectoryTagSbyteArray(tif,ndir,dir,tag,count,(int8*)conv);
1692 - }
1693 - else if (tif->tif_dir.td_bitspersample<=16)
1694 - {
1695 - for (i = 0; i < count; ++i)
1696 -- ((int16*)conv)[i] = (int16)value[i];
1697 -+ ((int16*)conv)[i] = TIFFClampDoubleToInt16(value[i]);
1698 - ok = TIFFWriteDirectoryTagSshortArray(tif,ndir,dir,tag,count,(int16*)conv);
1699 - }
1700 - else
1701 - {
1702 - for (i = 0; i < count; ++i)
1703 -- ((int32*)conv)[i] = (int32)value[i];
1704 -+ ((int32*)conv)[i] = TIFFClampDoubleToInt32(value[i]);
1705 - ok = TIFFWriteDirectoryTagSlongArray(tif,ndir,dir,tag,count,(int32*)conv);
1706 - }
1707 - break;
1708 -@@ -991,19 +1055,19 @@ TIFFWriteDirectoryTagSampleformatArray(TIFF* tif, uint32* ndir, TIFFDirEntry* di
1709 - if (tif->tif_dir.td_bitspersample<=8)
1710 - {
1711 - for (i = 0; i < count; ++i)
1712 -- ((uint8*)conv)[i] = (uint8)value[i];
1713 -+ ((uint8*)conv)[i] = TIFFClampDoubleToUInt8(value[i]);
1714 - ok = TIFFWriteDirectoryTagByteArray(tif,ndir,dir,tag,count,(uint8*)conv);
1715 - }
1716 - else if (tif->tif_dir.td_bitspersample<=16)
1717 - {
1718 - for (i = 0; i < count; ++i)
1719 -- ((uint16*)conv)[i] = (uint16)value[i];
1720 -+ ((uint16*)conv)[i] = TIFFClampDoubleToUInt16(value[i]);
1721 - ok = TIFFWriteDirectoryTagShortArray(tif,ndir,dir,tag,count,(uint16*)conv);
1722 - }
1723 - else
1724 - {
1725 - for (i = 0; i < count; ++i)
1726 -- ((uint32*)conv)[i] = (uint32)value[i];
1727 -+ ((uint32*)conv)[i] = TIFFClampDoubleToUInt32(value[i]);
1728 - ok = TIFFWriteDirectoryTagLongArray(tif,ndir,dir,tag,count,(uint32*)conv);
1729 - }
1730 - break;
1731 -@@ -2102,12 +2166,17 @@ TIFFWriteDirectoryTagCheckedRational(TIFF* tif, uint32* ndir, TIFFDirEntry* dir,
1732 - TIFFErrorExt(tif->tif_clientdata,module,"Negative value is illegal");
1733 - return 0;
1734 - }
1735 -+ else if( value != value )
1736 -+ {
1737 -+ TIFFErrorExt(tif->tif_clientdata,module,"Not-a-number value is illegal");
1738 -+ return 0;
1739 -+ }
1740 - else if (value==0.0)
1741 - {
1742 - m[0]=0;
1743 - m[1]=1;
1744 - }
1745 -- else if (value==(double)(uint32)value)
1746 -+ else if (value <= 0xFFFFFFFFU && value==(double)(uint32)value)
1747 - {
1748 - m[0]=(uint32)value;
1749 - m[1]=1;
1750 -@@ -2148,12 +2217,13 @@ TIFFWriteDirectoryTagCheckedRationalArray(TIFF* tif, uint32* ndir, TIFFDirEntry*
1751 - }
1752 - for (na=value, nb=m, nc=0; nc<count; na++, nb+=2, nc++)
1753 - {
1754 -- if (*na<=0.0)
1755 -+ if (*na<=0.0 || *na != *na)
1756 - {
1757 - nb[0]=0;
1758 - nb[1]=1;
1759 - }
1760 -- else if (*na==(float)(uint32)(*na))
1761 -+ else if (*na >= 0 && *na <= (float)0xFFFFFFFFU &&
1762 -+ *na==(float)(uint32)(*na))
1763 - {
1764 - nb[0]=(uint32)(*na);
1765 - nb[1]=1;
1766 ---
1767 -2.12.0
1768 -
1769
1770 diff --git a/media-libs/tiff/files/tiff-4.0.7-bug2644.patch b/media-libs/tiff/files/tiff-4.0.7-bug2644.patch
1771 deleted file mode 100644
1772 index b4ec01a3217..00000000000
1773 --- a/media-libs/tiff/files/tiff-4.0.7-bug2644.patch
1774 +++ /dev/null
1775 @@ -1,45 +0,0 @@
1776 -From 699097af4e22e48fc78ae7ae02807ec37f0d31fe Mon Sep 17 00:00:00 2001
1777 -From: Even Rouault <even.rouault@×××××××××.com>
1778 -Date: Wed, 11 Jan 2017 13:28:01 +0000
1779 -Subject: [PATCH] * libtiff/tif_dirread.c: avoid division by floating point 0
1780 - in TIFFReadDirEntryCheckedRational() and TIFFReadDirEntryCheckedSrational(),
1781 - and return 0 in that case (instead of infinity as before presumably)
1782 - Apparently some sanitizers do not like those divisions by zero. Fixes
1783 - http://bugzilla.maptools.org/show_bug.cgi?id=2644
1784 -
1785 ----
1786 - ChangeLog | 8 ++++++++
1787 - libtiff/tif_dirread.c | 12 +++++++++---
1788 - 2 files changed, 17 insertions(+), 3 deletions(-)
1789 -
1790 -diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
1791 -index f2905286c0d0..eae3430612d0 100644
1792 ---- a/libtiff/tif_dirread.c
1793 -+++ b/libtiff/tif_dirread.c
1794 -@@ -2872,7 +2872,10 @@ static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedRational(TIFF* tif, TIFFD
1795 - m.l = direntry->tdir_offset.toff_long8;
1796 - if (tif->tif_flags&TIFF_SWAB)
1797 - TIFFSwabArrayOfLong(m.i,2);
1798 -- if (m.i[0]==0)
1799 -+ /* Not completely sure what we should do when m.i[1]==0, but some */
1800 -+ /* sanitizers do not like division by 0.0: */
1801 -+ /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */
1802 -+ if (m.i[0]==0 || m.i[1]==0)
1803 - *value=0.0;
1804 - else
1805 - *value=(double)m.i[0]/(double)m.i[1];
1806 -@@ -2900,7 +2903,10 @@ static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSrational(TIFF* tif, TIFF
1807 - m.l=direntry->tdir_offset.toff_long8;
1808 - if (tif->tif_flags&TIFF_SWAB)
1809 - TIFFSwabArrayOfLong(m.i,2);
1810 -- if ((int32)m.i[0]==0)
1811 -+ /* Not completely sure what we should do when m.i[1]==0, but some */
1812 -+ /* sanitizers do not like division by 0.0: */
1813 -+ /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */
1814 -+ if ((int32)m.i[0]==0 || m.i[1]==0)
1815 - *value=0.0;
1816 - else
1817 - *value=(double)((int32)m.i[0])/(double)m.i[1];
1818 ---
1819 -2.12.0
1820 -
1821
1822 diff --git a/media-libs/tiff/files/tiff-4.0.7-bug2648.patch b/media-libs/tiff/files/tiff-4.0.7-bug2648.patch
1823 deleted file mode 100644
1824 index a3e2f59dc27..00000000000
1825 --- a/media-libs/tiff/files/tiff-4.0.7-bug2648.patch
1826 +++ /dev/null
1827 @@ -1,33 +0,0 @@
1828 -From 569ffefa61f3237fa2221730621c869216c465a6 Mon Sep 17 00:00:00 2001
1829 -From: Even Rouault <even.rouault@×××××××××.com>
1830 -Date: Wed, 11 Jan 2017 16:13:50 +0000
1831 -Subject: [PATCH] * libtiff/tif_jpeg.c: validate BitsPerSample in
1832 - JPEGSetupEncode() to avoid undefined behaviour caused by invalid shift
1833 - exponent. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2648
1834 -
1835 ----
1836 - ChangeLog | 6 ++++++
1837 - libtiff/tif_jpeg.c | 9 ++++++++-
1838 - 2 files changed, 14 insertions(+), 1 deletion(-)
1839 -
1840 -diff --git a/libtiff/tif_jpeg.c b/libtiff/tif_jpeg.c
1841 -index 09ef4949f9ee..e45e2a4e17f8 100644
1842 ---- a/libtiff/tif_jpeg.c
1843 -+++ b/libtiff/tif_jpeg.c
1844 -@@ -1632,6 +1632,13 @@ JPEGSetupEncode(TIFF* tif)
1845 - "Invalig horizontal/vertical sampling value");
1846 - return (0);
1847 - }
1848 -+ if( td->td_bitspersample > 16 )
1849 -+ {
1850 -+ TIFFErrorExt(tif->tif_clientdata, module,
1851 -+ "BitsPerSample %d not allowed for JPEG",
1852 -+ td->td_bitspersample);
1853 -+ return (0);
1854 -+ }
1855 -
1856 - /*
1857 - * A ReferenceBlackWhite field *must* be present since the
1858 ---
1859 -2.12.0
1860 -
1861
1862 diff --git a/media-libs/tiff/files/tiff-4.0.7-bug2650-2.patch b/media-libs/tiff/files/tiff-4.0.7-bug2650-2.patch
1863 deleted file mode 100644
1864 index eba5b8f50ba..00000000000
1865 --- a/media-libs/tiff/files/tiff-4.0.7-bug2650-2.patch
1866 +++ /dev/null
1867 @@ -1,26 +0,0 @@
1868 -From 08e5d199b0a1c80fc81a1cc718e5d9d019517e37 Mon Sep 17 00:00:00 2001
1869 -From: Even Rouault <even.rouault@×××××××××.com>
1870 -Date: Wed, 11 Jan 2017 17:48:11 +0000
1871 -Subject: [PATCH] Initialize variable to fix MSVC warning (caused by previous
1872 - commit)
1873 -
1874 ----
1875 - libtiff/tif_read.c | 4 ++--
1876 - 1 file changed, 2 insertions(+), 2 deletions(-)
1877 -
1878 -diff --git a/libtiff/tif_read.c b/libtiff/tif_read.c
1879 -index 8c5af6a8f5f7..b2edb029a90c 100644
1880 ---- a/libtiff/tif_read.c
1881 -+++ b/libtiff/tif_read.c
1882 -@@ -420,7 +420,7 @@ TIFFReadRawStrip1(TIFF* tif, uint32 strip, void* buf, tmsize_t size,
1883 - return ((tmsize_t)(-1));
1884 - }
1885 - } else {
1886 -- tmsize_t ma;
1887 -+ tmsize_t ma = 0;
1888 - tmsize_t n;
1889 - if ((td->td_stripoffset[strip] > (uint64)TIFF_TMSIZE_T_MAX)||
1890 - ((ma=(tmsize_t)td->td_stripoffset[strip])>tif->tif_size))
1891 ---
1892 -2.12.0
1893 -
1894
1895 diff --git a/media-libs/tiff/files/tiff-4.0.7-bug2650.patch b/media-libs/tiff/files/tiff-4.0.7-bug2650.patch
1896 deleted file mode 100644
1897 index 2aac26987d5..00000000000
1898 --- a/media-libs/tiff/files/tiff-4.0.7-bug2650.patch
1899 +++ /dev/null
1900 @@ -1,54 +0,0 @@
1901 -From 5368b55d0f88a34ede3d21782d3142b2e11e6eb9 Mon Sep 17 00:00:00 2001
1902 -From: Even Rouault <even.rouault@×××××××××.com>
1903 -Date: Wed, 11 Jan 2017 16:33:34 +0000
1904 -Subject: [PATCH] * libtiff/tif_read.c: avoid potential undefined behaviour on
1905 - signed integer addition in TIFFReadRawStrip1() in isMapped() case. Fixes
1906 - http://bugzilla.maptools.org/show_bug.cgi?id=2650
1907 -
1908 ----
1909 - ChangeLog | 6 ++++++
1910 - libtiff/tif_read.c | 29 +++++++++++++++++++----------
1911 - 2 files changed, 25 insertions(+), 10 deletions(-)
1912 -
1913 -diff --git a/libtiff/tif_read.c b/libtiff/tif_read.c
1914 -index 29a311db0cb7..8c5af6a8f5f7 100644
1915 ---- a/libtiff/tif_read.c
1916 -+++ b/libtiff/tif_read.c
1917 -@@ -420,16 +420,25 @@ TIFFReadRawStrip1(TIFF* tif, uint32 strip, void* buf, tmsize_t size,
1918 - return ((tmsize_t)(-1));
1919 - }
1920 - } else {
1921 -- tmsize_t ma,mb;
1922 -+ tmsize_t ma;
1923 - tmsize_t n;
1924 -- ma=(tmsize_t)td->td_stripoffset[strip];
1925 -- mb=ma+size;
1926 -- if ((td->td_stripoffset[strip] > (uint64)TIFF_TMSIZE_T_MAX)||(ma>tif->tif_size))
1927 -- n=0;
1928 -- else if ((mb<ma)||(mb<size)||(mb>tif->tif_size))
1929 -- n=tif->tif_size-ma;
1930 -- else
1931 -- n=size;
1932 -+ if ((td->td_stripoffset[strip] > (uint64)TIFF_TMSIZE_T_MAX)||
1933 -+ ((ma=(tmsize_t)td->td_stripoffset[strip])>tif->tif_size))
1934 -+ {
1935 -+ n=0;
1936 -+ }
1937 -+ else if( ma > TIFF_TMSIZE_T_MAX - size )
1938 -+ {
1939 -+ n=0;
1940 -+ }
1941 -+ else
1942 -+ {
1943 -+ tmsize_t mb=ma+size;
1944 -+ if (mb>tif->tif_size)
1945 -+ n=tif->tif_size-ma;
1946 -+ else
1947 -+ n=size;
1948 -+ }
1949 - if (n!=size) {
1950 - #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
1951 - TIFFErrorExt(tif->tif_clientdata, module,
1952 ---
1953 -2.12.0
1954 -
1955
1956 diff --git a/media-libs/tiff/files/tiff-4.0.7-bug2651.patch b/media-libs/tiff/files/tiff-4.0.7-bug2651.patch
1957 deleted file mode 100644
1958 index 1b800189c59..00000000000
1959 --- a/media-libs/tiff/files/tiff-4.0.7-bug2651.patch
1960 +++ /dev/null
1961 @@ -1,86 +0,0 @@
1962 -From 669faf71833c4c2e72774b2e732ca4d28b149c83 Mon Sep 17 00:00:00 2001
1963 -From: Even Rouault <even.rouault@×××××××××.com>
1964 -Date: Wed, 11 Jan 2017 19:02:49 +0000
1965 -Subject: [PATCH] * libtiff/tiffiop.h, tif_unix.c, tif_win32.c, tif_vms.c: add
1966 - _TIFFcalloc()
1967 -
1968 -* libtiff/tif_read.c: TIFFReadBufferSetup(): use _TIFFcalloc() to zero
1969 -initialize tif_rawdata.
1970 -Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2651
1971 ----
1972 - ChangeLog | 8 ++++++++
1973 - libtiff/tif_read.c | 6 ++++--
1974 - libtiff/tif_unix.c | 10 +++++++++-
1975 - libtiff/tif_vms.c | 10 +++++++++-
1976 - libtiff/tif_win32.c | 10 +++++++++-
1977 - libtiff/tiffio.h | 3 ++-
1978 - 6 files changed, 41 insertions(+), 6 deletions(-)
1979 -
1980 -diff --git a/libtiff/tif_read.c b/libtiff/tif_read.c
1981 -index b2edb029a90c..6a8c7daf3dfa 100644
1982 ---- a/libtiff/tif_read.c
1983 -+++ b/libtiff/tif_read.c
1984 -@@ -985,7 +985,9 @@ TIFFReadBufferSetup(TIFF* tif, void* bp, tmsize_t size)
1985 - "Invalid buffer size");
1986 - return (0);
1987 - }
1988 -- tif->tif_rawdata = (uint8*) _TIFFmalloc(tif->tif_rawdatasize);
1989 -+ /* Initialize to zero to avoid uninitialized buffers in case of */
1990 -+ /* short reads (http://bugzilla.maptools.org/show_bug.cgi?id=2651) */
1991 -+ tif->tif_rawdata = (uint8*) _TIFFcalloc(1, tif->tif_rawdatasize);
1992 - tif->tif_flags |= TIFF_MYBUFFER;
1993 - }
1994 - if (tif->tif_rawdata == NULL) {
1995 -diff --git a/libtiff/tif_unix.c b/libtiff/tif_unix.c
1996 -index 81e9d6653c2a..80c437cfa37a 100644
1997 ---- a/libtiff/tif_unix.c
1998 -+++ b/libtiff/tif_unix.c
1999 -@@ -316,6 +316,14 @@ _TIFFmalloc(tmsize_t s)
2000 - return (malloc((size_t) s));
2001 - }
2002 -
2003 -+void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz)
2004 -+{
2005 -+ if( nmemb == 0 || siz == 0 )
2006 -+ return ((void *) NULL);
2007 -+
2008 -+ return calloc((size_t) nmemb, (size_t)siz);
2009 -+}
2010 -+
2011 - void
2012 - _TIFFfree(void* p)
2013 - {
2014 -diff --git a/libtiff/tif_win32.c b/libtiff/tif_win32.c
2015 -index 24b824f1bd56..090baed87135 100644
2016 ---- a/libtiff/tif_win32.c
2017 -+++ b/libtiff/tif_win32.c
2018 -@@ -360,6 +360,14 @@ _TIFFmalloc(tmsize_t s)
2019 - return (malloc((size_t) s));
2020 - }
2021 -
2022 -+void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz)
2023 -+{
2024 -+ if( nmemb == 0 || siz == 0 )
2025 -+ return ((void *) NULL);
2026 -+
2027 -+ return calloc((size_t) nmemb, (size_t)siz);
2028 -+}
2029 -+
2030 - void
2031 - _TIFFfree(void* p)
2032 - {
2033 -diff --git a/libtiff/tiffio.h b/libtiff/tiffio.h
2034 -index 6e508181dbce..ef61b5c06a03 100644
2035 ---- a/libtiff/tiffio.h
2036 -+++ b/libtiff/tiffio.h
2037 -@@ -293,6 +293,7 @@ extern TIFFCodec* TIFFGetConfiguredCODECs(void);
2038 - */
2039 -
2040 - extern void* _TIFFmalloc(tmsize_t s);
2041 -+extern void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz);
2042 - extern void* _TIFFrealloc(void* p, tmsize_t s);
2043 - extern void _TIFFmemset(void* p, int v, tmsize_t c);
2044 - extern void _TIFFmemcpy(void* d, const void* s, tmsize_t c);
2045 ---
2046 -2.12.0
2047 -
2048
2049 diff --git a/media-libs/tiff/files/tiff-4.0.7-bug2653.patch b/media-libs/tiff/files/tiff-4.0.7-bug2653.patch
2050 deleted file mode 100644
2051 index b65a94daeac..00000000000
2052 --- a/media-libs/tiff/files/tiff-4.0.7-bug2653.patch
2053 +++ /dev/null
2054 @@ -1,33 +0,0 @@
2055 -From 5083c41f3a6824f392adf3a6dce1548afded4211 Mon Sep 17 00:00:00 2001
2056 -From: Even Rouault <even.rouault@×××××××××.com>
2057 -Date: Wed, 11 Jan 2017 12:15:01 +0000
2058 -Subject: [PATCH] * libtiff/tif_jpeg.c: avoid integer division by zero in
2059 - JPEGSetupEncode() when horizontal or vertical sampling is set to 0. Fixes
2060 - http://bugzilla.maptools.org/show_bug.cgi?id=2653
2061 -
2062 ----
2063 - ChangeLog | 6 ++++++
2064 - libtiff/tif_jpeg.c | 9 ++++++++-
2065 - 2 files changed, 14 insertions(+), 1 deletion(-)
2066 -
2067 -diff --git a/libtiff/tif_jpeg.c b/libtiff/tif_jpeg.c
2068 -index dc4364c821a4..09ef4949f9ee 100644
2069 ---- a/libtiff/tif_jpeg.c
2070 -+++ b/libtiff/tif_jpeg.c
2071 -@@ -1626,6 +1626,13 @@ JPEGSetupEncode(TIFF* tif)
2072 - case PHOTOMETRIC_YCBCR:
2073 - sp->h_sampling = td->td_ycbcrsubsampling[0];
2074 - sp->v_sampling = td->td_ycbcrsubsampling[1];
2075 -+ if( sp->h_sampling == 0 || sp->v_sampling == 0 )
2076 -+ {
2077 -+ TIFFErrorExt(tif->tif_clientdata, module,
2078 -+ "Invalig horizontal/vertical sampling value");
2079 -+ return (0);
2080 -+ }
2081 -+
2082 - /*
2083 - * A ReferenceBlackWhite field *must* be present since the
2084 - * default value is inappropriate for YCbCr. Fill in the
2085 ---
2086 -2.12.0
2087 -
2088
2089 diff --git a/media-libs/tiff/files/tiff-4.0.7-bug2658.patch b/media-libs/tiff/files/tiff-4.0.7-bug2658.patch
2090 deleted file mode 100644
2091 index 9f2bb6a50ee..00000000000
2092 --- a/media-libs/tiff/files/tiff-4.0.7-bug2658.patch
2093 +++ /dev/null
2094 @@ -1,33 +0,0 @@
2095 -From 928f0b0b2881ac32b32d9e165e88e3c9aed0fb9c Mon Sep 17 00:00:00 2001
2096 -From: Even Rouault <even.rouault@×××××××××.com>
2097 -Date: Wed, 11 Jan 2017 16:38:26 +0000
2098 -Subject: [PATCH] =?UTF-8?q?*=20libtiff/tif=5Fgetimage.c:=20add=20explicit?=
2099 - =?UTF-8?q?=20uint32=20cast=20in=20putagreytile=20to=20avoid=20UndefinedBe?=
2100 - =?UTF-8?q?haviorSanitizer=20warning.=20Patch=20by=20Nicol=C3=A1s=20Pe?=
2101 - =?UTF-8?q?=C3=B1a.=20Fixes=20http://bugzilla.maptools.org/show=5Fbug.cgi?=
2102 - =?UTF-8?q?=3Fid=3D2658?=
2103 -MIME-Version: 1.0
2104 -Content-Type: text/plain; charset=UTF-8
2105 -Content-Transfer-Encoding: 8bit
2106 -
2107 ----
2108 - ChangeLog | 7 +++++++
2109 - libtiff/tif_getimage.c | 4 ++--
2110 - 2 files changed, 9 insertions(+), 2 deletions(-)
2111 -
2112 -diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c
2113 -index 2ea838556732..52a2402f7171 100644
2114 ---- a/libtiff/tif_getimage.c
2115 -+++ b/libtiff/tif_getimage.c
2116 -@@ -1302,7 +1302,7 @@ DECLAREContigPutFunc(putagreytile)
2117 - while (h-- > 0) {
2118 - for (x = w; x-- > 0;)
2119 - {
2120 -- *cp++ = BWmap[*pp][0] & (*(pp+1) << 24 | ~A1);
2121 -+ *cp++ = BWmap[*pp][0] & ((uint32)*(pp+1) << 24 | ~A1);
2122 - pp += samplesperpixel;
2123 - }
2124 - cp += toskew;
2125 ---
2126 -2.12.0
2127 -
2128
2129 diff --git a/media-libs/tiff/files/tiff-4.0.7-bug2659-2.patch b/media-libs/tiff/files/tiff-4.0.7-bug2659-2.patch
2130 deleted file mode 100644
2131 index 539536fe4ff..00000000000
2132 --- a/media-libs/tiff/files/tiff-4.0.7-bug2659-2.patch
2133 +++ /dev/null
2134 @@ -1,41 +0,0 @@
2135 -From 41236c5f744eaa691e23e55f5a5dd556a65e211e Mon Sep 17 00:00:00 2001
2136 -From: Even Rouault <even.rouault@×××××××××.com>
2137 -Date: Thu, 12 Jan 2017 19:23:20 +0000
2138 -Subject: [PATCH] * libtiff/tif_ojpeg.c: fix leak in
2139 - OJPEGReadHeaderInfoSecTablesQTable, OJPEGReadHeaderInfoSecTablesDcTable and
2140 - OJPEGReadHeaderInfoSecTablesAcTable
2141 -
2142 ----
2143 - ChangeLog | 3 ++-
2144 - libtiff/tif_ojpeg.c | 8 +++++++-
2145 - 2 files changed, 9 insertions(+), 2 deletions(-)
2146 -
2147 -diff --git a/libtiff/tif_ojpeg.c b/libtiff/tif_ojpeg.c
2148 -index ac70d1b14c4f..bd4cff5d8921 100644
2149 ---- a/libtiff/tif_ojpeg.c
2150 -+++ b/libtiff/tif_ojpeg.c
2151 -@@ -1790,7 +1790,10 @@ OJPEGReadHeaderInfoSecTablesQTable(TIFF* tif)
2152 - TIFFSeekFile(tif,sp->qtable_offset[m],SEEK_SET);
2153 - p=(uint32)TIFFReadFile(tif,&ob[sizeof(uint32)+5],64);
2154 - if (p!=64)
2155 -+ {
2156 -+ _TIFFfree(ob);
2157 - return(0);
2158 -+ }
2159 - sp->qtable[m]=ob;
2160 - sp->sof_tq[m]=m;
2161 - }
2162 -@@ -1854,7 +1857,10 @@ OJPEGReadHeaderInfoSecTablesDcTable(TIFF* tif)
2163 - rb[sizeof(uint32)+5+n]=o[n];
2164 - p=(uint32)TIFFReadFile(tif,&(rb[sizeof(uint32)+21]),q);
2165 - if (p!=q)
2166 -+ {
2167 -+ _TIFFfree(rb);
2168 - return(0);
2169 -+ }
2170 - sp->dctable[m]=rb;
2171 - sp->sos_tda[m]=(m<<4);
2172 - }
2173 ---
2174 -2.12.0
2175 -
2176
2177 diff --git a/media-libs/tiff/files/tiff-4.0.7-bug2659.patch b/media-libs/tiff/files/tiff-4.0.7-bug2659.patch
2178 deleted file mode 100644
2179 index 8afab46b888..00000000000
2180 --- a/media-libs/tiff/files/tiff-4.0.7-bug2659.patch
2181 +++ /dev/null
2182 @@ -1,34 +0,0 @@
2183 -From 7c501dbfb5315f31798f9123026210260cbe7432 Mon Sep 17 00:00:00 2001
2184 -From: Even Rouault <even.rouault@×××××××××.com>
2185 -Date: Thu, 12 Jan 2017 17:43:25 +0000
2186 -Subject: [PATCH] =?UTF-8?q?*=20libtiff/tif=5Fojpeg.c:=20fix=20leak=20in=20?=
2187 - =?UTF-8?q?OJPEGReadHeaderInfoSecTablesAcTable=20when=20read=20fails.=20Pa?=
2188 - =?UTF-8?q?tch=20by=20Nicol=C3=A1s=20Pe=C3=B1a.=20Fixes=20http://bugzilla.?=
2189 - =?UTF-8?q?maptools.org/show=5Fbug.cgi=3Fid=3D2659?=
2190 -MIME-Version: 1.0
2191 -Content-Type: text/plain; charset=UTF-8
2192 -Content-Transfer-Encoding: 8bit
2193 -
2194 ----
2195 - ChangeLog | 7 +++++++
2196 - libtiff/tif_ojpeg.c | 5 ++++-
2197 - 2 files changed, 11 insertions(+), 1 deletion(-)
2198 -
2199 -diff --git a/libtiff/tif_ojpeg.c b/libtiff/tif_ojpeg.c
2200 -index 93839d8f3e11..ac70d1b14c4f 100644
2201 ---- a/libtiff/tif_ojpeg.c
2202 -+++ b/libtiff/tif_ojpeg.c
2203 -@@ -1918,7 +1918,10 @@ OJPEGReadHeaderInfoSecTablesAcTable(TIFF* tif)
2204 - rb[sizeof(uint32)+5+n]=o[n];
2205 - p=(uint32)TIFFReadFile(tif,&(rb[sizeof(uint32)+21]),q);
2206 - if (p!=q)
2207 -+ {
2208 -+ _TIFFfree(rb);
2209 - return(0);
2210 -+ }
2211 - sp->actable[m]=rb;
2212 - sp->sos_tda[m]=(sp->sos_tda[m]|m);
2213 - }
2214 ---
2215 -2.12.0
2216 -
2217
2218 diff --git a/media-libs/tiff/files/tiff-4.0.7-bug2665.patch b/media-libs/tiff/files/tiff-4.0.7-bug2665.patch
2219 deleted file mode 100644
2220 index 020adca8e7a..00000000000
2221 --- a/media-libs/tiff/files/tiff-4.0.7-bug2665.patch
2222 +++ /dev/null
2223 @@ -1,43 +0,0 @@
2224 -From e345ce2ad81c85eb8e469b7b959067b2681957ca Mon Sep 17 00:00:00 2001
2225 -From: Even Rouault <even.rouault@×××××××××.com>
2226 -Date: Sat, 18 Feb 2017 20:30:26 +0000
2227 -Subject: [PATCH] =?UTF-8?q?*=20libtiff/tif=5Fpixarlog.c:=20fix=20memory=20?=
2228 - =?UTF-8?q?leak=20in=20error=20code=20path=20of=20PixarLogSetupDecode().?=
2229 - =?UTF-8?q?=20Patch=20by=20Nicol=C3=A1s=20Pe=C3=B1a.=20Fixes=20http://bugz?=
2230 - =?UTF-8?q?illa.maptools.org/show=5Fbug.cgi=3Fid=3D2665?=
2231 -MIME-Version: 1.0
2232 -Content-Type: text/plain; charset=UTF-8
2233 -Content-Transfer-Encoding: 8bit
2234 -
2235 ----
2236 - ChangeLog | 6 ++++++
2237 - libtiff/tif_pixarlog.c | 8 +++++++-
2238 - 2 files changed, 13 insertions(+), 1 deletion(-)
2239 -
2240 -diff --git a/libtiff/tif_pixarlog.c b/libtiff/tif_pixarlog.c
2241 -index 9836dce63450..972ee75e0324 100644
2242 ---- a/libtiff/tif_pixarlog.c
2243 -+++ b/libtiff/tif_pixarlog.c
2244 -@@ -699,6 +699,9 @@ PixarLogSetupDecode(TIFF* tif)
2245 - if (sp->user_datafmt == PIXARLOGDATAFMT_UNKNOWN)
2246 - sp->user_datafmt = PixarLogGuessDataFmt(td);
2247 - if (sp->user_datafmt == PIXARLOGDATAFMT_UNKNOWN) {
2248 -+ _TIFFfree(sp->tbuf);
2249 -+ sp->tbuf = NULL;
2250 -+ sp->tbuf_size = 0;
2251 - TIFFErrorExt(tif->tif_clientdata, module,
2252 - "PixarLog compression can't handle bits depth/data format combination (depth: %d)",
2253 - td->td_bitspersample);
2254 -@@ -706,6 +709,9 @@ PixarLogSetupDecode(TIFF* tif)
2255 - }
2256 -
2257 - if (inflateInit(&sp->stream) != Z_OK) {
2258 -+ _TIFFfree(sp->tbuf);
2259 -+ sp->tbuf = NULL;
2260 -+ sp->tbuf_size = 0;
2261 - TIFFErrorExt(tif->tif_clientdata, module, "%s", sp->stream.msg ? sp->stream.msg : "(null)");
2262 - return (0);
2263 - } else {
2264 ---
2265 -2.12.0
2266 -
2267
2268 diff --git a/media-libs/tiff/files/tiff-4.0.7-fax2tiff.patch b/media-libs/tiff/files/tiff-4.0.7-fax2tiff.patch
2269 deleted file mode 100644
2270 index f3476e98d6f..00000000000
2271 --- a/media-libs/tiff/files/tiff-4.0.7-fax2tiff.patch
2272 +++ /dev/null
2273 @@ -1,39 +0,0 @@
2274 -https://bugs.gentoo.org/598938
2275 -
2276 -From 82c53c6f19d8d7854b9b88aa16802f31b1cc258c Mon Sep 17 00:00:00 2001
2277 -From: Bob Friesenhahn <bfriesen@××××××××××××××××.us>
2278 -Date: Sun, 20 Nov 2016 18:04:52 +0000
2279 -Subject: [PATCH] =?UTF-8?q?*=20tools/fax2tiff.c=20(main):=20Applied=20patc?=
2280 - =?UTF-8?q?h=20by=20J=C3=B6rg=20Ahrens=20to=20fix=20passing=20client=20dat?=
2281 - =?UTF-8?q?a=20for=20Win32=20builds=20using=20tif=5Fwin32.c=20(USE=5FWIN32?=
2282 - =?UTF-8?q?=5FFILEIO=20defined)=20for=20file=20I/O.=20=20Patch=20was=20pro?=
2283 - =?UTF-8?q?vided=20via=20email=20on=20November=2020,=202016.?=
2284 -MIME-Version: 1.0
2285 -Content-Type: text/plain; charset=UTF-8
2286 -Content-Transfer-Encoding: 8bit
2287 -
2288 ----
2289 - ChangeLog | 7 +++++++
2290 - tools/fax2tiff.c | 5 +++--
2291 - 2 files changed, 10 insertions(+), 2 deletions(-)
2292 -
2293 -diff --git a/tools/fax2tiff.c b/tools/fax2tiff.c
2294 -index e00de5277bc2..01f85540ac9c 100644
2295 ---- a/tools/fax2tiff.c
2296 -+++ b/tools/fax2tiff.c
2297 -@@ -283,10 +283,11 @@ main(int argc, char* argv[])
2298 - }
2299 - #if defined(_WIN32) && defined(USE_WIN32_FILEIO)
2300 - client_data.fh = _get_osfhandle(fileno(in));
2301 -+ TIFFSetClientdata(faxTIFF, (thandle_t) client_data.fh);
2302 - #else
2303 - client_data.fd = fileno(in);
2304 -+ TIFFSetClientdata(faxTIFF, (thandle_t) client_data.fd);
2305 - #endif
2306 -- TIFFSetClientdata(faxTIFF, (thandle_t) &client_data);
2307 - TIFFSetFileName(faxTIFF, (const char*)argv[optind]);
2308 - TIFFSetField(out, TIFFTAG_IMAGEWIDTH, xsize);
2309 - TIFFSetField(out, TIFFTAG_BITSPERSAMPLE, 1);
2310 ---
2311 -2.12.0
2312 -
2313
2314 diff --git a/media-libs/tiff/files/tiff-4.0.7-hylafax-hack.patch b/media-libs/tiff/files/tiff-4.0.7-hylafax-hack.patch
2315 deleted file mode 100644
2316 index 69158200ac7..00000000000
2317 --- a/media-libs/tiff/files/tiff-4.0.7-hylafax-hack.patch
2318 +++ /dev/null
2319 @@ -1,38 +0,0 @@
2320 -https://bugs.gentoo.org/612172
2321 -
2322 -From 96bb01f5d834e0b01c0231768c43b8d309aede34 Mon Sep 17 00:00:00 2001
2323 -From: Even Rouault <even.rouault@×××××××××.com>
2324 -Date: Tue, 13 Dec 2016 18:15:48 +0000
2325 -Subject: [PATCH] * libtiff/tif_fax3.h: revert change done on 2016-01-09 that
2326 - made Param member of TIFFFaxTabEnt structure a uint16 to reduce size of the
2327 - binary. It happens that the Hylafax software uses the tables that follow this
2328 - typedef (TIFFFaxMainTable, TIFFFaxWhiteTable, TIFFFaxBlackTable), also they
2329 - are not in a public libtiff header. Raised by Lee Howard. Fixes
2330 - http://bugzilla.maptools.org/show_bug.cgi?id=2636
2331 -
2332 ----
2333 - ChangeLog | 10 ++++++++++
2334 - libtiff/tif_fax3.h | 6 ++++--
2335 - 2 files changed, 14 insertions(+), 2 deletions(-)
2336 -
2337 -diff --git a/libtiff/tif_fax3.h b/libtiff/tif_fax3.h
2338 -index e0b2ca6bfc9d..45ce43f1cf2e 100644
2339 ---- a/libtiff/tif_fax3.h
2340 -+++ b/libtiff/tif_fax3.h
2341 -@@ -81,10 +81,12 @@ extern void _TIFFFax3fillruns(unsigned char*, uint32*, uint32*, uint32);
2342 - #define S_MakeUp 11
2343 - #define S_EOL 12
2344 -
2345 -+/* WARNING: do not change the layout of this structure as the Halyfax software */
2346 -+/* really depends on it. See http://bugzilla.maptools.org/show_bug.cgi?id=2636 */
2347 - typedef struct { /* state table entry */
2348 - unsigned char State; /* see above */
2349 - unsigned char Width; /* width of code in bits */
2350 -- uint16 Param; /* unsigned 16-bit run length in bits */
2351 -+ uint32 Param; /* unsigned 32-bit run length in bits (holds on 16 bit actually, but cannot be changed. See above warning) */
2352 - } TIFFFaxTabEnt;
2353 -
2354 - extern const TIFFFaxTabEnt TIFFFaxMainTable[];
2355 ---
2356 -2.12.0
2357 -
2358
2359 diff --git a/media-libs/tiff/tiff-4.0.7-r3.ebuild b/media-libs/tiff/tiff-4.0.7-r3.ebuild
2360 deleted file mode 100644
2361 index b77d5196171..00000000000
2362 --- a/media-libs/tiff/tiff-4.0.7-r3.ebuild
2363 +++ /dev/null
2364 @@ -1,121 +0,0 @@
2365 -# Copyright 1999-2017 Gentoo Foundation
2366 -# Distributed under the terms of the GNU General Public License v2
2367 -
2368 -EAPI="6"
2369 -inherit autotools eutils libtool multilib-minimal
2370 -
2371 -DESCRIPTION="Tag Image File Format (TIFF) library"
2372 -HOMEPAGE="http://libtiff.maptools.org"
2373 -SRC_URI="http://download.osgeo.org/libtiff/${P}.tar.gz
2374 - ftp://ftp.remotesensing.org/pub/libtiff/${P}.tar.gz"
2375 -
2376 -LICENSE="libtiff"
2377 -SLOT="0"
2378 -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~x64-solaris ~x86-solaris"
2379 -IUSE="+cxx jbig jpeg lzma static-libs test zlib"
2380 -
2381 -RDEPEND="jpeg? ( >=virtual/jpeg-0-r2:0=[${MULTILIB_USEDEP}] )
2382 - jbig? ( >=media-libs/jbigkit-2.1:=[${MULTILIB_USEDEP}] )
2383 - lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[${MULTILIB_USEDEP}] )
2384 - zlib? ( >=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}] )
2385 - abi_x86_32? (
2386 - !<=app-emulation/emul-linux-x86-baselibs-20130224-r9
2387 - !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
2388 - )"
2389 -DEPEND="${RDEPEND}"
2390 -
2391 -REQUIRED_USE="test? ( jpeg )" #483132
2392 -
2393 -PATCHES=(
2394 - "${FILESDIR}"/${P}-fax2tiff.patch #598938
2395 - "${FILESDIR}"/${P}-CVE-2016-10266.patch
2396 - "${FILESDIR}"/${P}-bug2598.patch
2397 - "${FILESDIR}"/${P}-bug2604.patch
2398 - "${FILESDIR}"/${P}-bug2608.patch
2399 - "${FILESDIR}"/${P}-CVE-2016-10267.patch
2400 - "${FILESDIR}"/${P}-bug2620.patch
2401 - "${FILESDIR}"/${P}-bug2621.patch
2402 - "${FILESDIR}"/${P}-bug2619.patch
2403 - "${FILESDIR}"/${P}-bug2594.patch
2404 - "${FILESDIR}"/${P}-bug2597.patch
2405 - "${FILESDIR}"/${P}-bug2599.patch
2406 - "${FILESDIR}"/${P}-bug2607.patch
2407 - "${FILESDIR}"/${P}-bug2610.patch
2408 - "${FILESDIR}"/${P}-bug2605.patch
2409 - "${FILESDIR}"/${P}-hylafax-hack.patch #612172
2410 - "${FILESDIR}"/${P}-bug2633-bug2634.patch
2411 - "${FILESDIR}"/${P}-bug2635.patch
2412 - "${FILESDIR}"/${P}-bug2627.patch
2413 - "${FILESDIR}"/${P}-bug2638.patch
2414 - "${FILESDIR}"/${P}-bug2639.patch
2415 - "${FILESDIR}"/${P}-bug2640.patch
2416 - "${FILESDIR}"/${P}-bug2653.patch
2417 - "${FILESDIR}"/${P}-bug2535.patch
2418 - "${FILESDIR}"/${P}-bug2644.patch
2419 - "${FILESDIR}"/${P}-bug2642-bug2643-bug2646-bug2647.patch
2420 - "${FILESDIR}"/${P}-bug2648.patch
2421 - "${FILESDIR}"/${P}-bug2650.patch
2422 - "${FILESDIR}"/${P}-bug2658.patch
2423 - "${FILESDIR}"/${P}-bug2650-2.patch
2424 - "${FILESDIR}"/${P}-bug2651.patch
2425 - "${FILESDIR}"/${P}-CVE-2017-5225.patch #610330
2426 - "${FILESDIR}"/${P}-bug2130.patch
2427 - "${FILESDIR}"/${P}-bug2659.patch
2428 - "${FILESDIR}"/${P}-bug2659-2.patch
2429 - "${FILESDIR}"/${P}-bug2631.patch
2430 - "${FILESDIR}"/${P}-bug2665.patch
2431 - "${FILESDIR}"/${PN}-4.0.7-pdfium-0005-Leak-TIFFFetchStripThing.patch
2432 - "${FILESDIR}"/${PN}-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
2433 - "${FILESDIR}"/${PN}-4.0.7-pdfium-0007-uninitialized-value.patch
2434 - "${FILESDIR}"/${PN}-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
2435 - "${FILESDIR}"/${PN}-4.0.7-pdfium-0013-validate-refblackwhite.patch
2436 - "${FILESDIR}"/${PN}-4.0.7-pdfium-0017-safe_skews_in_gtTileContig.patch
2437 - "${FILESDIR}"/${PN}-4.0.7-pdfium-0018-fix-leak-in-PredictorSetupDecode.patch
2438 - "${FILESDIR}"/${PN}-4.0.7-pdfium-0021-oom-TIFFFillStrip.patch
2439 -)
2440 -
2441 -MULTILIB_WRAPPED_HEADERS=(
2442 - /usr/include/tiffconf.h
2443 -)
2444 -
2445 -src_prepare() {
2446 - default
2447 -
2448 - # tiffcp-thumbnail.sh fails as thumbnail binary doesn't get built anymore since tiff-4.0.7
2449 - sed '/tiffcp-thumbnail\.sh/d' -i test/Makefile.am || die
2450 -
2451 - eautoreconf
2452 -}
2453 -
2454 -multilib_src_configure() {
2455 - ECONF_SOURCE="${S}" econf \
2456 - $(use_enable static-libs static) \
2457 - $(use_enable zlib) \
2458 - $(use_enable jpeg) \
2459 - $(use_enable jbig) \
2460 - $(use_enable lzma) \
2461 - $(use_enable cxx) \
2462 - --without-x
2463 -
2464 - # remove useless subdirs
2465 - if ! multilib_is_native_abi ; then
2466 - sed -i \
2467 - -e 's/ tools//' \
2468 - -e 's/ contrib//' \
2469 - -e 's/ man//' \
2470 - -e 's/ html//' \
2471 - Makefile || die
2472 - fi
2473 -}
2474 -
2475 -multilib_src_test() {
2476 - if ! multilib_is_native_abi ; then
2477 - emake -C tools
2478 - fi
2479 - emake check
2480 -}
2481 -
2482 -multilib_src_install_all() {
2483 - prune_libtool_files --all
2484 - rm -f "${ED}"/usr/share/doc/${PF}/{COPYRIGHT,README*,RELEASE-DATE,TODO,VERSION}
2485 -}
2486
2487 diff --git a/media-libs/tiff/tiff-4.0.7.ebuild b/media-libs/tiff/tiff-4.0.7.ebuild
2488 deleted file mode 100644
2489 index 59be2b40a56..00000000000
2490 --- a/media-libs/tiff/tiff-4.0.7.ebuild
2491 +++ /dev/null
2492 @@ -1,73 +0,0 @@
2493 -# Copyright 1999-2017 Gentoo Foundation
2494 -# Distributed under the terms of the GNU General Public License v2
2495 -
2496 -EAPI=6
2497 -inherit autotools eutils libtool multilib-minimal
2498 -
2499 -DESCRIPTION="Tag Image File Format (TIFF) library"
2500 -HOMEPAGE="http://libtiff.maptools.org"
2501 -SRC_URI="http://download.osgeo.org/libtiff/${P}.tar.gz
2502 - ftp://ftp.remotesensing.org/pub/libtiff/${P}.tar.gz"
2503 -
2504 -LICENSE="libtiff"
2505 -SLOT="0"
2506 -KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~x64-solaris ~x86-solaris"
2507 -IUSE="+cxx jbig jpeg lzma static-libs test zlib"
2508 -
2509 -RDEPEND="jpeg? ( >=virtual/jpeg-0-r2:0=[${MULTILIB_USEDEP}] )
2510 - jbig? ( >=media-libs/jbigkit-2.1:=[${MULTILIB_USEDEP}] )
2511 - lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[${MULTILIB_USEDEP}] )
2512 - zlib? ( >=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}] )
2513 - abi_x86_32? (
2514 - !<=app-emulation/emul-linux-x86-baselibs-20130224-r9
2515 - !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
2516 - )"
2517 -DEPEND="${RDEPEND}"
2518 -
2519 -REQUIRED_USE="test? ( jpeg )" #483132
2520 -
2521 -MULTILIB_WRAPPED_HEADERS=(
2522 - /usr/include/tiffconf.h
2523 -)
2524 -
2525 -src_prepare() {
2526 - default
2527 -
2528 - # tiffcp-thumbnail.sh fails as thumbnail binary doesn't get built anymore since tiff-4.0.7
2529 - sed '/tiffcp-thumbnail\.sh/d' -i test/Makefile.am || die
2530 -
2531 - eautoreconf
2532 -}
2533 -
2534 -multilib_src_configure() {
2535 - ECONF_SOURCE="${S}" econf \
2536 - $(use_enable static-libs static) \
2537 - $(use_enable zlib) \
2538 - $(use_enable jpeg) \
2539 - $(use_enable jbig) \
2540 - $(use_enable lzma) \
2541 - $(use_enable cxx) \
2542 - --without-x
2543 -
2544 - # remove useless subdirs
2545 - if ! multilib_is_native_abi ; then
2546 - sed -i \
2547 - -e 's/ tools//' \
2548 - -e 's/ contrib//' \
2549 - -e 's/ man//' \
2550 - -e 's/ html//' \
2551 - Makefile || die
2552 - fi
2553 -}
2554 -
2555 -multilib_src_test() {
2556 - if ! multilib_is_native_abi ; then
2557 - emake -C tools
2558 - fi
2559 - emake check
2560 -}
2561 -
2562 -multilib_src_install_all() {
2563 - prune_libtool_files --all
2564 - rm -f "${ED}"/usr/share/doc/${PF}/{COPYRIGHT,README*,RELEASE-DATE,TODO,VERSION}
2565 -}
Report Message
Find on MARC Find on Google Groups