1 |
commit: 36b1b60543df094492afcbdea67a49a9157635d1 |
2 |
Author: Mikle Kolyada <zlogene <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Nov 3 13:46:15 2019 +0000 |
4 |
Commit: Mikle Kolyada <zlogene <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Nov 3 13:46:15 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=36b1b605 |
7 |
|
8 |
media-libs/tiff: Drop insecure |
9 |
|
10 |
Package-Manager: Portage-2.3.76, Repoman-2.3.16 |
11 |
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org> |
12 |
|
13 |
...ferOverflow-ChopUpSingleUncompressedStrip.patch | 33 --------- |
14 |
...ferOverflow-ChopUpSingleUncompressedStrip.patch | 26 ------- |
15 |
media-libs/tiff/tiff-4.0.10-r1.ebuild | 86 ---------------------- |
16 |
media-libs/tiff/tiff-4.0.10.ebuild | 83 --------------------- |
17 |
4 files changed, 228 deletions(-) |
18 |
|
19 |
diff --git a/media-libs/tiff/files/tiff-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch b/media-libs/tiff/files/tiff-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch |
20 |
deleted file mode 100644 |
21 |
index a45ee342f77..00000000000 |
22 |
--- a/media-libs/tiff/files/tiff-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch |
23 |
+++ /dev/null |
24 |
@@ -1,33 +0,0 @@ |
25 |
-https://codereview.chromium.org/2284063002 |
26 |
-https://crbug.com/618267 |
27 |
-https://pdfium.googlesource.com/pdfium/+/master/libtiff/ |
28 |
- |
29 |
-Author: tracy_jiang <tracy_jiang@×××××××××××××.com> |
30 |
-Date: Mon Aug 29 13:42:56 2016 -0700 |
31 |
- |
32 |
-Fix for #618267. Adding a method to determine if multiplication has |
33 |
-overflow. |
34 |
- |
35 |
---- a/libtiff/tif_aux.c |
36 |
-+++ b/libtiff/tif_aux.c |
37 |
-@@ -69,7 +69,7 @@ _TIFFCheckRealloc(TIFF* tif, void* buffer, |
38 |
- /* |
39 |
- * XXX: Check for integer overflow. |
40 |
- */ |
41 |
-- if (nmemb && elem_size && bytes / elem_size == nmemb) |
42 |
-+ if (nmemb && elem_size && !_TIFFIfMultiplicationOverflow(nmemb, elem_size)) |
43 |
- cp = _TIFFrealloc(buffer, bytes); |
44 |
- |
45 |
- if (cp == NULL) { |
46 |
---- a/libtiff/tiffiop.h |
47 |
-+++ b/libtiff/tiffiop.h |
48 |
-@@ -315,6 +315,9 @@ typedef size_t TIFFIOSize_t; |
49 |
- #define _TIFF_off_t off_t |
50 |
- #endif |
51 |
- |
52 |
-+#include <limits.h> |
53 |
-+#define _TIFFIfMultiplicationOverflow(op1, op2) ((op1) > SSIZE_MAX / (op2)) |
54 |
-+ |
55 |
- #if defined(__cplusplus) |
56 |
- extern "C" { |
57 |
- #endif |
58 |
|
59 |
diff --git a/media-libs/tiff/files/tiff-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch b/media-libs/tiff/files/tiff-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch |
60 |
deleted file mode 100644 |
61 |
index 35f59b9bffd..00000000000 |
62 |
--- a/media-libs/tiff/files/tiff-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch |
63 |
+++ /dev/null |
64 |
@@ -1,26 +0,0 @@ |
65 |
-https://codereview.chromium.org/2405693002 |
66 |
-https://crbug.com/654169 |
67 |
-https://pdfium.googlesource.com/pdfium/+/master/libtiff/ |
68 |
- |
69 |
-Author: stackexploit <stackexploit@×××××.com> |
70 |
-Date: Mon Oct 10 10:58:25 2016 -0700 |
71 |
- |
72 |
-libtiff: Prevent a buffer overflow in function ChopUpSingleUncompressedStrip. |
73 |
- |
74 |
-The patch (https://codereview.chromium.org/2284063002) for Issue 618267 |
75 |
-was insufficient. The integer overflow still could be triggered and could |
76 |
-lead to heap buffer overflow. |
77 |
- |
78 |
-This CL strengthens integer overflow check in function _TIFFCheckRealloc. |
79 |
- |
80 |
---- a/libtiff/tif_aux.c |
81 |
-+++ b/libtiff/tif_aux.c |
82 |
-@@ -69,7 +69,7 @@ _TIFFCheckRealloc(TIFF* tif, void* buffer, |
83 |
- /* |
84 |
- * XXX: Check for integer overflow. |
85 |
- */ |
86 |
-- if (nmemb && elem_size && !_TIFFIfMultiplicationOverflow(nmemb, elem_size)) |
87 |
-+ if (nmemb > 0 && elem_size > 0 && !_TIFFIfMultiplicationOverflow(nmemb, elem_size)) |
88 |
- cp = _TIFFrealloc(buffer, bytes); |
89 |
- |
90 |
- if (cp == NULL) { |
91 |
|
92 |
diff --git a/media-libs/tiff/tiff-4.0.10-r1.ebuild b/media-libs/tiff/tiff-4.0.10-r1.ebuild |
93 |
deleted file mode 100644 |
94 |
index 3a79093c5f7..00000000000 |
95 |
--- a/media-libs/tiff/tiff-4.0.10-r1.ebuild |
96 |
+++ /dev/null |
97 |
@@ -1,86 +0,0 @@ |
98 |
-# Copyright 1999-2019 Gentoo Authors |
99 |
-# Distributed under the terms of the GNU General Public License v2 |
100 |
- |
101 |
-EAPI=7 |
102 |
- |
103 |
-inherit autotools libtool multilib-minimal |
104 |
- |
105 |
-DESCRIPTION="Tag Image File Format (TIFF) library" |
106 |
-HOMEPAGE="http://libtiff.maptools.org" |
107 |
-SRC_URI="https://download.osgeo.org/libtiff/${P}.tar.gz" |
108 |
- |
109 |
-LICENSE="libtiff" |
110 |
-SLOT="0" |
111 |
-KEYWORDS="alpha amd64 ~arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~riscv s390 ~sh sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" |
112 |
-IUSE="+cxx jbig jpeg lzma static-libs test webp zlib zstd" |
113 |
- |
114 |
-RDEPEND=" |
115 |
- jbig? ( >=media-libs/jbigkit-2.1:=[${MULTILIB_USEDEP}] ) |
116 |
- jpeg? ( >=virtual/jpeg-0-r2:0=[${MULTILIB_USEDEP}] ) |
117 |
- lzma? ( >=app-arch/xz-utils-5.0.5-r1[${MULTILIB_USEDEP}] ) |
118 |
- webp? ( media-libs/libwebp:=[${MULTILIB_USEDEP}] ) |
119 |
- zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] ) |
120 |
- zstd? ( >=app-arch/zstd-1.3.7-r1:=[${MULTILIB_USEDEP}] ) |
121 |
-" |
122 |
-DEPEND="${RDEPEND}" |
123 |
- |
124 |
-REQUIRED_USE="test? ( jpeg )" #483132 |
125 |
- |
126 |
-PATCHES=( |
127 |
- "${FILESDIR}"/${PN}-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch |
128 |
- "${FILESDIR}"/${PN}-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch |
129 |
- "${FILESDIR}"/${PN}-4.0.10-CVE-2018-17000-tif_dirwrite-null-dereference.patch |
130 |
- "${FILESDIR}"/${PN}-4.0.10-CVE-2019-6128-pal2rgb-leak.patch |
131 |
- "${FILESDIR}"/${PN}-4.0.10-CVE-2019-7663-tiffcpIntegerOverflow.patch |
132 |
-) |
133 |
- |
134 |
-MULTILIB_WRAPPED_HEADERS=( |
135 |
- /usr/include/tiffconf.h |
136 |
-) |
137 |
- |
138 |
-src_prepare() { |
139 |
- default |
140 |
- |
141 |
- # tiffcp-thumbnail.sh fails as thumbnail binary doesn't get built anymore since tiff-4.0.7 |
142 |
- sed '/tiffcp-thumbnail\.sh/d' -i test/Makefile.am || die |
143 |
- |
144 |
- eautoreconf |
145 |
-} |
146 |
- |
147 |
-multilib_src_configure() { |
148 |
- local myeconfargs=( |
149 |
- --without-x |
150 |
- --with-docdir="${EPREFIX}"/usr/share/doc/${PF} |
151 |
- $(use_enable cxx) |
152 |
- $(use_enable jbig) |
153 |
- $(use_enable jpeg) |
154 |
- $(use_enable lzma) |
155 |
- $(use_enable static-libs static) |
156 |
- $(use_enable webp) |
157 |
- $(use_enable zlib) |
158 |
- $(use_enable zstd) |
159 |
- ) |
160 |
- ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" |
161 |
- |
162 |
- # remove useless subdirs |
163 |
- if ! multilib_is_native_abi ; then |
164 |
- sed -i \ |
165 |
- -e 's/ tools//' \ |
166 |
- -e 's/ contrib//' \ |
167 |
- -e 's/ man//' \ |
168 |
- -e 's/ html//' \ |
169 |
- Makefile || die |
170 |
- fi |
171 |
-} |
172 |
- |
173 |
-multilib_src_test() { |
174 |
- if ! multilib_is_native_abi ; then |
175 |
- emake -C tools |
176 |
- fi |
177 |
- emake check |
178 |
-} |
179 |
- |
180 |
-multilib_src_install_all() { |
181 |
- find "${ED}" -name '*.la' -delete || die |
182 |
- rm "${ED}"/usr/share/doc/${PF}/{COPYRIGHT,README*,RELEASE-DATE,TODO,VERSION} || die |
183 |
-} |
184 |
|
185 |
diff --git a/media-libs/tiff/tiff-4.0.10.ebuild b/media-libs/tiff/tiff-4.0.10.ebuild |
186 |
deleted file mode 100644 |
187 |
index afe7c58676b..00000000000 |
188 |
--- a/media-libs/tiff/tiff-4.0.10.ebuild |
189 |
+++ /dev/null |
190 |
@@ -1,83 +0,0 @@ |
191 |
-# Copyright 1999-2019 Gentoo Authors |
192 |
-# Distributed under the terms of the GNU General Public License v2 |
193 |
- |
194 |
-EAPI=7 |
195 |
- |
196 |
-inherit autotools libtool multilib-minimal |
197 |
- |
198 |
-DESCRIPTION="Tag Image File Format (TIFF) library" |
199 |
-HOMEPAGE="http://libtiff.maptools.org" |
200 |
-SRC_URI="https://download.osgeo.org/libtiff/${P}.tar.gz" |
201 |
- |
202 |
-LICENSE="libtiff" |
203 |
-SLOT="0" |
204 |
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 sh sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" |
205 |
-IUSE="+cxx jbig jpeg lzma static-libs test webp zlib zstd" |
206 |
- |
207 |
-RDEPEND=" |
208 |
- jbig? ( >=media-libs/jbigkit-2.1:=[${MULTILIB_USEDEP}] ) |
209 |
- jpeg? ( >=virtual/jpeg-0-r2:0=[${MULTILIB_USEDEP}] ) |
210 |
- lzma? ( >=app-arch/xz-utils-5.0.5-r1[${MULTILIB_USEDEP}] ) |
211 |
- webp? ( media-libs/libwebp:=[${MULTILIB_USEDEP}] ) |
212 |
- zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] ) |
213 |
- zstd? ( >=app-arch/zstd-1.3.7-r1:=[${MULTILIB_USEDEP}] ) |
214 |
-" |
215 |
-DEPEND="${RDEPEND}" |
216 |
- |
217 |
-REQUIRED_USE="test? ( jpeg )" #483132 |
218 |
- |
219 |
-PATCHES=( |
220 |
- "${FILESDIR}"/${PN}-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch |
221 |
- "${FILESDIR}"/${PN}-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch |
222 |
-) |
223 |
- |
224 |
-MULTILIB_WRAPPED_HEADERS=( |
225 |
- /usr/include/tiffconf.h |
226 |
-) |
227 |
- |
228 |
-src_prepare() { |
229 |
- default |
230 |
- |
231 |
- # tiffcp-thumbnail.sh fails as thumbnail binary doesn't get built anymore since tiff-4.0.7 |
232 |
- sed '/tiffcp-thumbnail\.sh/d' -i test/Makefile.am || die |
233 |
- |
234 |
- eautoreconf |
235 |
-} |
236 |
- |
237 |
-multilib_src_configure() { |
238 |
- local myeconfargs=( |
239 |
- --without-x |
240 |
- --with-docdir="${EPREFIX}"/usr/share/doc/${PF} |
241 |
- $(use_enable cxx) |
242 |
- $(use_enable jbig) |
243 |
- $(use_enable jpeg) |
244 |
- $(use_enable lzma) |
245 |
- $(use_enable static-libs static) |
246 |
- $(use_enable webp) |
247 |
- $(use_enable zlib) |
248 |
- $(use_enable zstd) |
249 |
- ) |
250 |
- ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" |
251 |
- |
252 |
- # remove useless subdirs |
253 |
- if ! multilib_is_native_abi ; then |
254 |
- sed -i \ |
255 |
- -e 's/ tools//' \ |
256 |
- -e 's/ contrib//' \ |
257 |
- -e 's/ man//' \ |
258 |
- -e 's/ html//' \ |
259 |
- Makefile || die |
260 |
- fi |
261 |
-} |
262 |
- |
263 |
-multilib_src_test() { |
264 |
- if ! multilib_is_native_abi ; then |
265 |
- emake -C tools |
266 |
- fi |
267 |
- emake check |
268 |
-} |
269 |
- |
270 |
-multilib_src_install_all() { |
271 |
- find "${ED}" -name '*.la' -delete || die |
272 |
- rm "${ED}"/usr/share/doc/${PF}/{COPYRIGHT,README*,RELEASE-DATE,TODO,VERSION} || die |
273 |
-} |