Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mikle Kolyada <zlogene@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: media-libs/tiff/, media-libs/tiff/files/
Date: Sun, 03 Nov 2019 13:46:36
Message-Id: 1572788775.36b1b60543df094492afcbdea67a49a9157635d1.zlogene@gentoo
1 commit: 36b1b60543df094492afcbdea67a49a9157635d1
2 Author: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
3 AuthorDate: Sun Nov 3 13:46:15 2019 +0000
4 Commit: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
5 CommitDate: Sun Nov 3 13:46:15 2019 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=36b1b605
7
8 media-libs/tiff: Drop insecure
9
10 Package-Manager: Portage-2.3.76, Repoman-2.3.16
11 Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
12
13 ...ferOverflow-ChopUpSingleUncompressedStrip.patch | 33 ---------
14 ...ferOverflow-ChopUpSingleUncompressedStrip.patch | 26 -------
15 media-libs/tiff/tiff-4.0.10-r1.ebuild | 86 ----------------------
16 media-libs/tiff/tiff-4.0.10.ebuild | 83 ---------------------
17 4 files changed, 228 deletions(-)
18
19 diff --git a/media-libs/tiff/files/tiff-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch b/media-libs/tiff/files/tiff-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
20 deleted file mode 100644
21 index a45ee342f77..00000000000
22 --- a/media-libs/tiff/files/tiff-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
23 +++ /dev/null
24 @@ -1,33 +0,0 @@
25 -https://codereview.chromium.org/2284063002
26 -https://crbug.com/618267
27 -https://pdfium.googlesource.com/pdfium/+/master/libtiff/
28 -
29 -Author: tracy_jiang <tracy_jiang@×××××××××××××.com>
30 -Date: Mon Aug 29 13:42:56 2016 -0700
31 -
32 -Fix for #618267. Adding a method to determine if multiplication has
33 -overflow.
34 -
35 ---- a/libtiff/tif_aux.c
36 -+++ b/libtiff/tif_aux.c
37 -@@ -69,7 +69,7 @@ _TIFFCheckRealloc(TIFF* tif, void* buffer,
38 - /*
39 - * XXX: Check for integer overflow.
40 - */
41 -- if (nmemb && elem_size && bytes / elem_size == nmemb)
42 -+ if (nmemb && elem_size && !_TIFFIfMultiplicationOverflow(nmemb, elem_size))
43 - cp = _TIFFrealloc(buffer, bytes);
44 -
45 - if (cp == NULL) {
46 ---- a/libtiff/tiffiop.h
47 -+++ b/libtiff/tiffiop.h
48 -@@ -315,6 +315,9 @@ typedef size_t TIFFIOSize_t;
49 - #define _TIFF_off_t off_t
50 - #endif
51 -
52 -+#include <limits.h>
53 -+#define _TIFFIfMultiplicationOverflow(op1, op2) ((op1) > SSIZE_MAX / (op2))
54 -+
55 - #if defined(__cplusplus)
56 - extern "C" {
57 - #endif
58
59 diff --git a/media-libs/tiff/files/tiff-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch b/media-libs/tiff/files/tiff-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
60 deleted file mode 100644
61 index 35f59b9bffd..00000000000
62 --- a/media-libs/tiff/files/tiff-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
63 +++ /dev/null
64 @@ -1,26 +0,0 @@
65 -https://codereview.chromium.org/2405693002
66 -https://crbug.com/654169
67 -https://pdfium.googlesource.com/pdfium/+/master/libtiff/
68 -
69 -Author: stackexploit <stackexploit@×××××.com>
70 -Date: Mon Oct 10 10:58:25 2016 -0700
71 -
72 -libtiff: Prevent a buffer overflow in function ChopUpSingleUncompressedStrip.
73 -
74 -The patch (https://codereview.chromium.org/2284063002) for Issue 618267
75 -was insufficient. The integer overflow still could be triggered and could
76 -lead to heap buffer overflow.
77 -
78 -This CL strengthens integer overflow check in function _TIFFCheckRealloc.
79 -
80 ---- a/libtiff/tif_aux.c
81 -+++ b/libtiff/tif_aux.c
82 -@@ -69,7 +69,7 @@ _TIFFCheckRealloc(TIFF* tif, void* buffer,
83 - /*
84 - * XXX: Check for integer overflow.
85 - */
86 -- if (nmemb && elem_size && !_TIFFIfMultiplicationOverflow(nmemb, elem_size))
87 -+ if (nmemb > 0 && elem_size > 0 && !_TIFFIfMultiplicationOverflow(nmemb, elem_size))
88 - cp = _TIFFrealloc(buffer, bytes);
89 -
90 - if (cp == NULL) {
91
92 diff --git a/media-libs/tiff/tiff-4.0.10-r1.ebuild b/media-libs/tiff/tiff-4.0.10-r1.ebuild
93 deleted file mode 100644
94 index 3a79093c5f7..00000000000
95 --- a/media-libs/tiff/tiff-4.0.10-r1.ebuild
96 +++ /dev/null
97 @@ -1,86 +0,0 @@
98 -# Copyright 1999-2019 Gentoo Authors
99 -# Distributed under the terms of the GNU General Public License v2
100 -
101 -EAPI=7
102 -
103 -inherit autotools libtool multilib-minimal
104 -
105 -DESCRIPTION="Tag Image File Format (TIFF) library"
106 -HOMEPAGE="http://libtiff.maptools.org"
107 -SRC_URI="https://download.osgeo.org/libtiff/${P}.tar.gz"
108 -
109 -LICENSE="libtiff"
110 -SLOT="0"
111 -KEYWORDS="alpha amd64 ~arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~riscv s390 ~sh sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
112 -IUSE="+cxx jbig jpeg lzma static-libs test webp zlib zstd"
113 -
114 -RDEPEND="
115 - jbig? ( >=media-libs/jbigkit-2.1:=[${MULTILIB_USEDEP}] )
116 - jpeg? ( >=virtual/jpeg-0-r2:0=[${MULTILIB_USEDEP}] )
117 - lzma? ( >=app-arch/xz-utils-5.0.5-r1[${MULTILIB_USEDEP}] )
118 - webp? ( media-libs/libwebp:=[${MULTILIB_USEDEP}] )
119 - zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
120 - zstd? ( >=app-arch/zstd-1.3.7-r1:=[${MULTILIB_USEDEP}] )
121 -"
122 -DEPEND="${RDEPEND}"
123 -
124 -REQUIRED_USE="test? ( jpeg )" #483132
125 -
126 -PATCHES=(
127 - "${FILESDIR}"/${PN}-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
128 - "${FILESDIR}"/${PN}-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
129 - "${FILESDIR}"/${PN}-4.0.10-CVE-2018-17000-tif_dirwrite-null-dereference.patch
130 - "${FILESDIR}"/${PN}-4.0.10-CVE-2019-6128-pal2rgb-leak.patch
131 - "${FILESDIR}"/${PN}-4.0.10-CVE-2019-7663-tiffcpIntegerOverflow.patch
132 -)
133 -
134 -MULTILIB_WRAPPED_HEADERS=(
135 - /usr/include/tiffconf.h
136 -)
137 -
138 -src_prepare() {
139 - default
140 -
141 - # tiffcp-thumbnail.sh fails as thumbnail binary doesn't get built anymore since tiff-4.0.7
142 - sed '/tiffcp-thumbnail\.sh/d' -i test/Makefile.am || die
143 -
144 - eautoreconf
145 -}
146 -
147 -multilib_src_configure() {
148 - local myeconfargs=(
149 - --without-x
150 - --with-docdir="${EPREFIX}"/usr/share/doc/${PF}
151 - $(use_enable cxx)
152 - $(use_enable jbig)
153 - $(use_enable jpeg)
154 - $(use_enable lzma)
155 - $(use_enable static-libs static)
156 - $(use_enable webp)
157 - $(use_enable zlib)
158 - $(use_enable zstd)
159 - )
160 - ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
161 -
162 - # remove useless subdirs
163 - if ! multilib_is_native_abi ; then
164 - sed -i \
165 - -e 's/ tools//' \
166 - -e 's/ contrib//' \
167 - -e 's/ man//' \
168 - -e 's/ html//' \
169 - Makefile || die
170 - fi
171 -}
172 -
173 -multilib_src_test() {
174 - if ! multilib_is_native_abi ; then
175 - emake -C tools
176 - fi
177 - emake check
178 -}
179 -
180 -multilib_src_install_all() {
181 - find "${ED}" -name '*.la' -delete || die
182 - rm "${ED}"/usr/share/doc/${PF}/{COPYRIGHT,README*,RELEASE-DATE,TODO,VERSION} || die
183 -}
184
185 diff --git a/media-libs/tiff/tiff-4.0.10.ebuild b/media-libs/tiff/tiff-4.0.10.ebuild
186 deleted file mode 100644
187 index afe7c58676b..00000000000
188 --- a/media-libs/tiff/tiff-4.0.10.ebuild
189 +++ /dev/null
190 @@ -1,83 +0,0 @@
191 -# Copyright 1999-2019 Gentoo Authors
192 -# Distributed under the terms of the GNU General Public License v2
193 -
194 -EAPI=7
195 -
196 -inherit autotools libtool multilib-minimal
197 -
198 -DESCRIPTION="Tag Image File Format (TIFF) library"
199 -HOMEPAGE="http://libtiff.maptools.org"
200 -SRC_URI="https://download.osgeo.org/libtiff/${P}.tar.gz"
201 -
202 -LICENSE="libtiff"
203 -SLOT="0"
204 -KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 sh sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
205 -IUSE="+cxx jbig jpeg lzma static-libs test webp zlib zstd"
206 -
207 -RDEPEND="
208 - jbig? ( >=media-libs/jbigkit-2.1:=[${MULTILIB_USEDEP}] )
209 - jpeg? ( >=virtual/jpeg-0-r2:0=[${MULTILIB_USEDEP}] )
210 - lzma? ( >=app-arch/xz-utils-5.0.5-r1[${MULTILIB_USEDEP}] )
211 - webp? ( media-libs/libwebp:=[${MULTILIB_USEDEP}] )
212 - zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
213 - zstd? ( >=app-arch/zstd-1.3.7-r1:=[${MULTILIB_USEDEP}] )
214 -"
215 -DEPEND="${RDEPEND}"
216 -
217 -REQUIRED_USE="test? ( jpeg )" #483132
218 -
219 -PATCHES=(
220 - "${FILESDIR}"/${PN}-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
221 - "${FILESDIR}"/${PN}-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
222 -)
223 -
224 -MULTILIB_WRAPPED_HEADERS=(
225 - /usr/include/tiffconf.h
226 -)
227 -
228 -src_prepare() {
229 - default
230 -
231 - # tiffcp-thumbnail.sh fails as thumbnail binary doesn't get built anymore since tiff-4.0.7
232 - sed '/tiffcp-thumbnail\.sh/d' -i test/Makefile.am || die
233 -
234 - eautoreconf
235 -}
236 -
237 -multilib_src_configure() {
238 - local myeconfargs=(
239 - --without-x
240 - --with-docdir="${EPREFIX}"/usr/share/doc/${PF}
241 - $(use_enable cxx)
242 - $(use_enable jbig)
243 - $(use_enable jpeg)
244 - $(use_enable lzma)
245 - $(use_enable static-libs static)
246 - $(use_enable webp)
247 - $(use_enable zlib)
248 - $(use_enable zstd)
249 - )
250 - ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
251 -
252 - # remove useless subdirs
253 - if ! multilib_is_native_abi ; then
254 - sed -i \
255 - -e 's/ tools//' \
256 - -e 's/ contrib//' \
257 - -e 's/ man//' \
258 - -e 's/ html//' \
259 - Makefile || die
260 - fi
261 -}
262 -
263 -multilib_src_test() {
264 - if ! multilib_is_native_abi ; then
265 - emake -C tools
266 - fi
267 - emake check
268 -}
269 -
270 -multilib_src_install_all() {
271 - find "${ED}" -name '*.la' -delete || die
272 - rm "${ED}"/usr/share/doc/${PF}/{COPYRIGHT,README*,RELEASE-DATE,TODO,VERSION} || die
273 -}
Report Message
Find on MARC Find on Google Groups