1 |
commit: 4e4c0bfa02e7fbf53df4c328d1b4af80ed974f5e |
2 |
Author: Michael Mair-Keimberger <m.mairkeimberger <AT> gmail <DOT> com> |
3 |
AuthorDate: Wed Mar 27 06:03:39 2019 +0000 |
4 |
Commit: Patrice Clement <monsieurp <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Mar 27 23:56:01 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4e4c0bfa |
7 |
|
8 |
media-libs/tiff: remove unused patches. |
9 |
|
10 |
Signed-off-by: Michael Mair-Keimberger <m.mairkeimberger <AT> gmail.com> |
11 |
Closes: https://github.com/gentoo/gentoo/pull/11513 |
12 |
Signed-off-by: Patrice Clement <monsieurp <AT> gentoo.org> |
13 |
|
14 |
.../tiff/files/tiff-3.9.7-CVE-2012-4447.patch | 191 ---------------- |
15 |
.../tiff/files/tiff-3.9.7-CVE-2012-4564.patch | 77 ------- |
16 |
.../tiff/files/tiff-3.9.7-CVE-2012-5581.patch | 245 --------------------- |
17 |
.../tiff/files/tiff-3.9.7-printdir-width.patch | 36 --- |
18 |
.../tiff/files/tiff-3.9.7-tiffinfo-exif.patch | 59 ----- |
19 |
5 files changed, 608 deletions(-) |
20 |
|
21 |
diff --git a/media-libs/tiff/files/tiff-3.9.7-CVE-2012-4447.patch b/media-libs/tiff/files/tiff-3.9.7-CVE-2012-4447.patch |
22 |
deleted file mode 100644 |
23 |
index 6c28dc6ec9a..00000000000 |
24 |
--- a/media-libs/tiff/files/tiff-3.9.7-CVE-2012-4447.patch |
25 |
+++ /dev/null |
26 |
@@ -1,191 +0,0 @@ |
27 |
-Upstream patch for CVE-2012-4447. This also covers an out-of-bounds-read |
28 |
-possibility in the same file, which wasn't given a separate CVE. |
29 |
- |
30 |
- |
31 |
-diff -Naur tiff-3.9.4.orig/libtiff/tif_pixarlog.c tiff-3.9.4/libtiff/tif_pixarlog.c |
32 |
---- tiff-3.9.4.orig/libtiff/tif_pixarlog.c 2010-06-08 14:50:42.000000000 -0400 |
33 |
-+++ tiff-3.9.4/libtiff/tif_pixarlog.c 2012-12-10 15:50:14.421538317 -0500 |
34 |
-@@ -117,9 +117,9 @@ |
35 |
- if (n >= stride) { |
36 |
- mask = CODE_MASK; |
37 |
- if (stride == 3) { |
38 |
-- t0 = ToLinearF[cr = wp[0]]; |
39 |
-- t1 = ToLinearF[cg = wp[1]]; |
40 |
-- t2 = ToLinearF[cb = wp[2]]; |
41 |
-+ t0 = ToLinearF[cr = (wp[0] & mask)]; |
42 |
-+ t1 = ToLinearF[cg = (wp[1] & mask)]; |
43 |
-+ t2 = ToLinearF[cb = (wp[2] & mask)]; |
44 |
- op[0] = t0; |
45 |
- op[1] = t1; |
46 |
- op[2] = t2; |
47 |
-@@ -136,10 +136,10 @@ |
48 |
- op[2] = t2; |
49 |
- } |
50 |
- } else if (stride == 4) { |
51 |
-- t0 = ToLinearF[cr = wp[0]]; |
52 |
-- t1 = ToLinearF[cg = wp[1]]; |
53 |
-- t2 = ToLinearF[cb = wp[2]]; |
54 |
-- t3 = ToLinearF[ca = wp[3]]; |
55 |
-+ t0 = ToLinearF[cr = (wp[0] & mask)]; |
56 |
-+ t1 = ToLinearF[cg = (wp[1] & mask)]; |
57 |
-+ t2 = ToLinearF[cb = (wp[2] & mask)]; |
58 |
-+ t3 = ToLinearF[ca = (wp[3] & mask)]; |
59 |
- op[0] = t0; |
60 |
- op[1] = t1; |
61 |
- op[2] = t2; |
62 |
-@@ -183,9 +183,9 @@ |
63 |
- if (n >= stride) { |
64 |
- mask = CODE_MASK; |
65 |
- if (stride == 3) { |
66 |
-- t0 = ToLinearF[cr = wp[0]] * SCALE12; |
67 |
-- t1 = ToLinearF[cg = wp[1]] * SCALE12; |
68 |
-- t2 = ToLinearF[cb = wp[2]] * SCALE12; |
69 |
-+ t0 = ToLinearF[cr = (wp[0] & mask)] * SCALE12; |
70 |
-+ t1 = ToLinearF[cg = (wp[1] & mask)] * SCALE12; |
71 |
-+ t2 = ToLinearF[cb = (wp[2] & mask)] * SCALE12; |
72 |
- op[0] = CLAMP12(t0); |
73 |
- op[1] = CLAMP12(t1); |
74 |
- op[2] = CLAMP12(t2); |
75 |
-@@ -202,10 +202,10 @@ |
76 |
- op[2] = CLAMP12(t2); |
77 |
- } |
78 |
- } else if (stride == 4) { |
79 |
-- t0 = ToLinearF[cr = wp[0]] * SCALE12; |
80 |
-- t1 = ToLinearF[cg = wp[1]] * SCALE12; |
81 |
-- t2 = ToLinearF[cb = wp[2]] * SCALE12; |
82 |
-- t3 = ToLinearF[ca = wp[3]] * SCALE12; |
83 |
-+ t0 = ToLinearF[cr = (wp[0] & mask)] * SCALE12; |
84 |
-+ t1 = ToLinearF[cg = (wp[1] & mask)] * SCALE12; |
85 |
-+ t2 = ToLinearF[cb = (wp[2] & mask)] * SCALE12; |
86 |
-+ t3 = ToLinearF[ca = (wp[3] & mask)] * SCALE12; |
87 |
- op[0] = CLAMP12(t0); |
88 |
- op[1] = CLAMP12(t1); |
89 |
- op[2] = CLAMP12(t2); |
90 |
-@@ -247,9 +247,9 @@ |
91 |
- if (n >= stride) { |
92 |
- mask = CODE_MASK; |
93 |
- if (stride == 3) { |
94 |
-- op[0] = ToLinear16[cr = wp[0]]; |
95 |
-- op[1] = ToLinear16[cg = wp[1]]; |
96 |
-- op[2] = ToLinear16[cb = wp[2]]; |
97 |
-+ op[0] = ToLinear16[cr = (wp[0] & mask)]; |
98 |
-+ op[1] = ToLinear16[cg = (wp[1] & mask)]; |
99 |
-+ op[2] = ToLinear16[cb = (wp[2] & mask)]; |
100 |
- n -= 3; |
101 |
- while (n > 0) { |
102 |
- wp += 3; |
103 |
-@@ -260,10 +260,10 @@ |
104 |
- op[2] = ToLinear16[(cb += wp[2]) & mask]; |
105 |
- } |
106 |
- } else if (stride == 4) { |
107 |
-- op[0] = ToLinear16[cr = wp[0]]; |
108 |
-- op[1] = ToLinear16[cg = wp[1]]; |
109 |
-- op[2] = ToLinear16[cb = wp[2]]; |
110 |
-- op[3] = ToLinear16[ca = wp[3]]; |
111 |
-+ op[0] = ToLinear16[cr = (wp[0] & mask)]; |
112 |
-+ op[1] = ToLinear16[cg = (wp[1] & mask)]; |
113 |
-+ op[2] = ToLinear16[cb = (wp[2] & mask)]; |
114 |
-+ op[3] = ToLinear16[ca = (wp[3] & mask)]; |
115 |
- n -= 4; |
116 |
- while (n > 0) { |
117 |
- wp += 4; |
118 |
-@@ -342,9 +342,9 @@ |
119 |
- if (n >= stride) { |
120 |
- mask = CODE_MASK; |
121 |
- if (stride == 3) { |
122 |
-- op[0] = ToLinear8[cr = wp[0]]; |
123 |
-- op[1] = ToLinear8[cg = wp[1]]; |
124 |
-- op[2] = ToLinear8[cb = wp[2]]; |
125 |
-+ op[0] = ToLinear8[cr = (wp[0] & mask)]; |
126 |
-+ op[1] = ToLinear8[cg = (wp[1] & mask)]; |
127 |
-+ op[2] = ToLinear8[cb = (wp[2] & mask)]; |
128 |
- n -= 3; |
129 |
- while (n > 0) { |
130 |
- n -= 3; |
131 |
-@@ -355,10 +355,10 @@ |
132 |
- op[2] = ToLinear8[(cb += wp[2]) & mask]; |
133 |
- } |
134 |
- } else if (stride == 4) { |
135 |
-- op[0] = ToLinear8[cr = wp[0]]; |
136 |
-- op[1] = ToLinear8[cg = wp[1]]; |
137 |
-- op[2] = ToLinear8[cb = wp[2]]; |
138 |
-- op[3] = ToLinear8[ca = wp[3]]; |
139 |
-+ op[0] = ToLinear8[cr = (wp[0] & mask)]; |
140 |
-+ op[1] = ToLinear8[cg = (wp[1] & mask)]; |
141 |
-+ op[2] = ToLinear8[cb = (wp[2] & mask)]; |
142 |
-+ op[3] = ToLinear8[ca = (wp[3] & mask)]; |
143 |
- n -= 4; |
144 |
- while (n > 0) { |
145 |
- n -= 4; |
146 |
-@@ -393,9 +393,9 @@ |
147 |
- mask = CODE_MASK; |
148 |
- if (stride == 3) { |
149 |
- op[0] = 0; |
150 |
-- t1 = ToLinear8[cb = wp[2]]; |
151 |
-- t2 = ToLinear8[cg = wp[1]]; |
152 |
-- t3 = ToLinear8[cr = wp[0]]; |
153 |
-+ t1 = ToLinear8[cb = (wp[2] & mask)]; |
154 |
-+ t2 = ToLinear8[cg = (wp[1] & mask)]; |
155 |
-+ t3 = ToLinear8[cr = (wp[0] & mask)]; |
156 |
- op[1] = t1; |
157 |
- op[2] = t2; |
158 |
- op[3] = t3; |
159 |
-@@ -413,10 +413,10 @@ |
160 |
- op[3] = t3; |
161 |
- } |
162 |
- } else if (stride == 4) { |
163 |
-- t0 = ToLinear8[ca = wp[3]]; |
164 |
-- t1 = ToLinear8[cb = wp[2]]; |
165 |
-- t2 = ToLinear8[cg = wp[1]]; |
166 |
-- t3 = ToLinear8[cr = wp[0]]; |
167 |
-+ t0 = ToLinear8[ca = (wp[3] & mask)]; |
168 |
-+ t1 = ToLinear8[cb = (wp[2] & mask)]; |
169 |
-+ t2 = ToLinear8[cg = (wp[1] & mask)]; |
170 |
-+ t3 = ToLinear8[cr = (wp[0] & mask)]; |
171 |
- op[0] = t0; |
172 |
- op[1] = t1; |
173 |
- op[2] = t2; |
174 |
-@@ -630,10 +630,10 @@ |
175 |
- return guess; |
176 |
- } |
177 |
- |
178 |
--static uint32 |
179 |
--multiply(size_t m1, size_t m2) |
180 |
-+static tsize_t |
181 |
-+multiply(tsize_t m1, tsize_t m2) |
182 |
- { |
183 |
-- uint32 bytes = m1 * m2; |
184 |
-+ tsize_t bytes = m1 * m2; |
185 |
- |
186 |
- if (m1 && bytes / m1 != m2) |
187 |
- bytes = 0; |
188 |
-@@ -641,6 +641,20 @@ |
189 |
- return bytes; |
190 |
- } |
191 |
- |
192 |
-+static tsize_t |
193 |
-+add_ms(tsize_t m1, tsize_t m2) |
194 |
-+{ |
195 |
-+ tsize_t bytes = m1 + m2; |
196 |
-+ |
197 |
-+ /* if either input is zero, assume overflow already occurred */ |
198 |
-+ if (m1 == 0 || m2 == 0) |
199 |
-+ bytes = 0; |
200 |
-+ else if (bytes <= m1 || bytes <= m2) |
201 |
-+ bytes = 0; |
202 |
-+ |
203 |
-+ return bytes; |
204 |
-+} |
205 |
-+ |
206 |
- static int |
207 |
- PixarLogSetupDecode(TIFF* tif) |
208 |
- { |
209 |
-@@ -661,6 +675,8 @@ |
210 |
- td->td_samplesperpixel : 1); |
211 |
- tbuf_size = multiply(multiply(multiply(sp->stride, td->td_imagewidth), |
212 |
- td->td_rowsperstrip), sizeof(uint16)); |
213 |
-+ /* add one more stride in case input ends mid-stride */ |
214 |
-+ tbuf_size = add_ms(tbuf_size, sizeof(uint16) * sp->stride); |
215 |
- if (tbuf_size == 0) |
216 |
- return (0); |
217 |
- sp->tbuf = (uint16 *) _TIFFmalloc(tbuf_size); |
218 |
|
219 |
diff --git a/media-libs/tiff/files/tiff-3.9.7-CVE-2012-4564.patch b/media-libs/tiff/files/tiff-3.9.7-CVE-2012-4564.patch |
220 |
deleted file mode 100644 |
221 |
index 98a6e6c4409..00000000000 |
222 |
--- a/media-libs/tiff/files/tiff-3.9.7-CVE-2012-4564.patch |
223 |
+++ /dev/null |
224 |
@@ -1,77 +0,0 @@ |
225 |
-Upstream patch for CVE-2012-4564. |
226 |
- |
227 |
- |
228 |
-diff -Naur tiff-3.9.4.orig/tools/ppm2tiff.c tiff-3.9.4/tools/ppm2tiff.c |
229 |
---- tiff-3.9.4.orig/tools/ppm2tiff.c 2010-06-08 14:50:44.000000000 -0400 |
230 |
-+++ tiff-3.9.4/tools/ppm2tiff.c 2012-12-10 16:16:05.154045877 -0500 |
231 |
-@@ -68,6 +68,17 @@ |
232 |
- exit(-2); |
233 |
- } |
234 |
- |
235 |
-+static tsize_t |
236 |
-+multiply_ms(tsize_t m1, tsize_t m2) |
237 |
-+{ |
238 |
-+ tsize_t bytes = m1 * m2; |
239 |
-+ |
240 |
-+ if (m1 && bytes / m1 != m2) |
241 |
-+ bytes = 0; |
242 |
-+ |
243 |
-+ return bytes; |
244 |
-+} |
245 |
-+ |
246 |
- int |
247 |
- main(int argc, char* argv[]) |
248 |
- { |
249 |
-@@ -85,6 +96,7 @@ |
250 |
- int c; |
251 |
- extern int optind; |
252 |
- extern char* optarg; |
253 |
-+ tsize_t scanline_size; |
254 |
- |
255 |
- if (argc < 2) { |
256 |
- fprintf(stderr, "%s: Too few arguments\n", argv[0]); |
257 |
-@@ -217,7 +229,8 @@ |
258 |
- } |
259 |
- switch (bpp) { |
260 |
- case 1: |
261 |
-- linebytes = (spp * w + (8 - 1)) / 8; |
262 |
-+ /* if round-up overflows, result will be zero, OK */ |
263 |
-+ linebytes = (multiply_ms(spp, w) + (8 - 1)) / 8; |
264 |
- if (rowsperstrip == (uint32) -1) { |
265 |
- TIFFSetField(out, TIFFTAG_ROWSPERSTRIP, h); |
266 |
- } else { |
267 |
-@@ -226,15 +239,31 @@ |
268 |
- } |
269 |
- break; |
270 |
- case 8: |
271 |
-- linebytes = spp * w; |
272 |
-+ linebytes = multiply_ms(spp, w); |
273 |
- TIFFSetField(out, TIFFTAG_ROWSPERSTRIP, |
274 |
- TIFFDefaultStripSize(out, rowsperstrip)); |
275 |
- break; |
276 |
- } |
277 |
-- if (TIFFScanlineSize(out) > linebytes) |
278 |
-+ if (linebytes == 0) { |
279 |
-+ fprintf(stderr, "%s: scanline size overflow\n", infile); |
280 |
-+ (void) TIFFClose(out); |
281 |
-+ exit(-2); |
282 |
-+ } |
283 |
-+ scanline_size = TIFFScanlineSize(out); |
284 |
-+ if (scanline_size == 0) { |
285 |
-+ /* overflow - TIFFScanlineSize already printed a message */ |
286 |
-+ (void) TIFFClose(out); |
287 |
-+ exit(-2); |
288 |
-+ } |
289 |
-+ if (scanline_size < linebytes) |
290 |
- buf = (unsigned char *)_TIFFmalloc(linebytes); |
291 |
- else |
292 |
-- buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out)); |
293 |
-+ buf = (unsigned char *)_TIFFmalloc(scanline_size); |
294 |
-+ if (buf == NULL) { |
295 |
-+ fprintf(stderr, "%s: Not enough memory\n", infile); |
296 |
-+ (void) TIFFClose(out); |
297 |
-+ exit(-2); |
298 |
-+ } |
299 |
- if (resolution > 0) { |
300 |
- TIFFSetField(out, TIFFTAG_XRESOLUTION, resolution); |
301 |
- TIFFSetField(out, TIFFTAG_YRESOLUTION, resolution); |
302 |
|
303 |
diff --git a/media-libs/tiff/files/tiff-3.9.7-CVE-2012-5581.patch b/media-libs/tiff/files/tiff-3.9.7-CVE-2012-5581.patch |
304 |
deleted file mode 100644 |
305 |
index a6bdca13702..00000000000 |
306 |
--- a/media-libs/tiff/files/tiff-3.9.7-CVE-2012-5581.patch |
307 |
+++ /dev/null |
308 |
@@ -1,245 +0,0 @@ |
309 |
-Fix unsafe handling of DotRange and related tags. Back-port of upstream |
310 |
-patch for CVE-2012-5581. (Note: I have not pushed this into upstream CVS |
311 |
-for the 3.9 branch, because I'm not entirely convinced that it won't create |
312 |
-application compatibility issues --- tgl) |
313 |
- |
314 |
- |
315 |
-diff -Naur tiff-3.9.7.orig/libtiff/tif_dir.c tiff-3.9.7/libtiff/tif_dir.c |
316 |
---- tiff-3.9.7.orig/libtiff/tif_dir.c 2012-09-22 10:48:09.000000000 -0400 |
317 |
-+++ tiff-3.9.7/libtiff/tif_dir.c 2012-12-13 13:39:20.448864070 -0500 |
318 |
-@@ -494,32 +494,28 @@ |
319 |
- goto end; |
320 |
- } |
321 |
- |
322 |
-- if ((fip->field_passcount |
323 |
-+ if (fip->field_tag == TIFFTAG_DOTRANGE |
324 |
-+ && strcmp(fip->field_name,"DotRange") == 0) { |
325 |
-+ /* TODO: This is an evil exception and should not have been |
326 |
-+ handled this way ... likely best if we move it into |
327 |
-+ the directory structure with an explicit field in |
328 |
-+ libtiff 4.1 and assign it a FIELD_ value */ |
329 |
-+ uint16 v[2]; |
330 |
-+ v[0] = (uint16)va_arg(ap, int); |
331 |
-+ v[1] = (uint16)va_arg(ap, int); |
332 |
-+ _TIFFmemcpy(tv->value, v, 4); |
333 |
-+ } |
334 |
-+ else if (fip->field_passcount |
335 |
- || fip->field_writecount == TIFF_VARIABLE |
336 |
- || fip->field_writecount == TIFF_VARIABLE2 |
337 |
- || fip->field_writecount == TIFF_SPP |
338 |
-- || tv->count > 1) |
339 |
-- && fip->field_tag != TIFFTAG_PAGENUMBER |
340 |
-- && fip->field_tag != TIFFTAG_HALFTONEHINTS |
341 |
-- && fip->field_tag != TIFFTAG_YCBCRSUBSAMPLING |
342 |
-- && fip->field_tag != TIFFTAG_DOTRANGE |
343 |
-- && fip->field_tag != TIFFTAG_WHITELEVEL) { |
344 |
-+ || tv->count > 1) { |
345 |
- _TIFFmemcpy(tv->value, va_arg(ap, void *), |
346 |
- tv->count * tv_size); |
347 |
- } else { |
348 |
-- /* |
349 |
-- * XXX: The following loop required to handle |
350 |
-- * TIFFTAG_PAGENUMBER, TIFFTAG_HALFTONEHINTS, |
351 |
-- * TIFFTAG_YCBCRSUBSAMPLING and TIFFTAG_DOTRANGE tags. |
352 |
-- * These tags are actually arrays and should be passed as |
353 |
-- * array pointers to TIFFSetField() function, but actually |
354 |
-- * passed as a list of separate values. This behaviour |
355 |
-- * must be changed in the future! |
356 |
-- */ |
357 |
-- int i; |
358 |
- char *val = (char *)tv->value; |
359 |
- |
360 |
-- for (i = 0; i < tv->count; i++, val += tv_size) { |
361 |
-+ assert( tv->count == 1 ); |
362 |
- switch (fip->field_type) { |
363 |
- case TIFF_BYTE: |
364 |
- case TIFF_UNDEFINED: |
365 |
-@@ -578,7 +574,6 @@ |
366 |
- status = 0; |
367 |
- break; |
368 |
- } |
369 |
-- } |
370 |
- } |
371 |
- } |
372 |
- } |
373 |
-@@ -869,24 +864,27 @@ |
374 |
- *va_arg(ap, uint16*) = (uint16)tv->count; |
375 |
- *va_arg(ap, void **) = tv->value; |
376 |
- ret_val = 1; |
377 |
-- } else { |
378 |
-- if ((fip->field_type == TIFF_ASCII |
379 |
-+ } else if (fip->field_tag == TIFFTAG_DOTRANGE |
380 |
-+ && strcmp(fip->field_name,"DotRange") == 0) { |
381 |
-+ /* TODO: This is an evil exception and should not have been |
382 |
-+ handled this way ... likely best if we move it into |
383 |
-+ the directory structure with an explicit field in |
384 |
-+ libtiff 4.1 and assign it a FIELD_ value */ |
385 |
-+ *va_arg(ap, uint16*) = ((uint16 *)tv->value)[0]; |
386 |
-+ *va_arg(ap, uint16*) = ((uint16 *)tv->value)[1]; |
387 |
-+ ret_val = 1; |
388 |
-+ } else { |
389 |
-+ if (fip->field_type == TIFF_ASCII |
390 |
- || fip->field_readcount == TIFF_VARIABLE |
391 |
- || fip->field_readcount == TIFF_VARIABLE2 |
392 |
- || fip->field_readcount == TIFF_SPP |
393 |
-- || tv->count > 1) |
394 |
-- && fip->field_tag != TIFFTAG_PAGENUMBER |
395 |
-- && fip->field_tag != TIFFTAG_HALFTONEHINTS |
396 |
-- && fip->field_tag != TIFFTAG_YCBCRSUBSAMPLING |
397 |
-- && fip->field_tag != TIFFTAG_DOTRANGE) { |
398 |
-+ || tv->count > 1) { |
399 |
- *va_arg(ap, void **) = tv->value; |
400 |
- ret_val = 1; |
401 |
- } else { |
402 |
-- int j; |
403 |
- char *val = (char *)tv->value; |
404 |
- |
405 |
-- for (j = 0; j < tv->count; |
406 |
-- j++, val += _TIFFDataSize(tv->info->field_type)) { |
407 |
-+ assert( tv->count == 1 ); |
408 |
- switch (fip->field_type) { |
409 |
- case TIFF_BYTE: |
410 |
- case TIFF_UNDEFINED: |
411 |
-@@ -936,7 +934,6 @@ |
412 |
- ret_val = 0; |
413 |
- break; |
414 |
- } |
415 |
-- } |
416 |
- } |
417 |
- } |
418 |
- break; |
419 |
-diff -Naur tiff-3.9.7.orig/libtiff/tif_print.c tiff-3.9.7/libtiff/tif_print.c |
420 |
---- tiff-3.9.7.orig/libtiff/tif_print.c 2010-07-08 12:17:59.000000000 -0400 |
421 |
-+++ tiff-3.9.7/libtiff/tif_print.c 2012-12-13 13:42:12.773478278 -0500 |
422 |
-@@ -112,16 +112,22 @@ |
423 |
- } |
424 |
- |
425 |
- static int |
426 |
--_TIFFPrettyPrintField(TIFF* tif, FILE* fd, ttag_t tag, |
427 |
-+_TIFFPrettyPrintField(TIFF* tif, const TIFFFieldInfo *fip, FILE* fd, ttag_t tag, |
428 |
- uint32 value_count, void *raw_data) |
429 |
- { |
430 |
- TIFFDirectory *td = &tif->tif_dir; |
431 |
- |
432 |
-+ /* do not try to pretty print auto-defined fields */ |
433 |
-+ if (strncmp(fip->field_name,"Tag ", 4) == 0) { |
434 |
-+ return 0; |
435 |
-+ } |
436 |
-+ |
437 |
- switch (tag) |
438 |
- { |
439 |
- case TIFFTAG_INKSET: |
440 |
-- fprintf(fd, " Ink Set: "); |
441 |
-- switch (*((uint16*)raw_data)) { |
442 |
-+ if (value_count == 2 && fip->field_type == TIFF_SHORT) { |
443 |
-+ fprintf(fd, " Ink Set: "); |
444 |
-+ switch (*((uint16*)raw_data)) { |
445 |
- case INKSET_CMYK: |
446 |
- fprintf(fd, "CMYK\n"); |
447 |
- break; |
448 |
-@@ -130,11 +136,18 @@ |
449 |
- *((uint16*)raw_data), |
450 |
- *((uint16*)raw_data)); |
451 |
- break; |
452 |
-+ } |
453 |
-+ return 1; |
454 |
- } |
455 |
-- return 1; |
456 |
-+ return 0; |
457 |
-+ |
458 |
- case TIFFTAG_WHITEPOINT: |
459 |
-- fprintf(fd, " White Point: %g-%g\n", |
460 |
-- ((float *)raw_data)[0], ((float *)raw_data)[1]); return 1; |
461 |
-+ if (value_count == 2 && fip->field_type == TIFF_RATIONAL) { |
462 |
-+ fprintf(fd, " White Point: %g-%g\n", |
463 |
-+ ((float *)raw_data)[0], ((float *)raw_data)[1]); return 1; |
464 |
-+ } |
465 |
-+ return 0; |
466 |
-+ |
467 |
- case TIFFTAG_REFERENCEBLACKWHITE: |
468 |
- { |
469 |
- uint16 i; |
470 |
-@@ -174,10 +187,13 @@ |
471 |
- (unsigned long) value_count); |
472 |
- return 1; |
473 |
- case TIFFTAG_STONITS: |
474 |
-- fprintf(fd, |
475 |
-- " Sample to Nits conversion factor: %.4e\n", |
476 |
-- *((double*)raw_data)); |
477 |
-- return 1; |
478 |
-+ if (value_count == 1 && fip->field_type == TIFF_DOUBLE) { |
479 |
-+ fprintf(fd, |
480 |
-+ " Sample to Nits conversion factor: %.4e\n", |
481 |
-+ *((double*)raw_data)); |
482 |
-+ return 1; |
483 |
-+ } |
484 |
-+ return 0; |
485 |
- } |
486 |
- |
487 |
- return 0; |
488 |
-@@ -524,44 +540,28 @@ |
489 |
- value_count = td->td_samplesperpixel; |
490 |
- else |
491 |
- value_count = fip->field_readcount; |
492 |
-- if ((fip->field_type == TIFF_ASCII |
493 |
-+ if (fip->field_tag == TIFFTAG_DOTRANGE |
494 |
-+ && strcmp(fip->field_name,"DotRange") == 0) { |
495 |
-+ /* TODO: This is an evil exception and should not have been |
496 |
-+ handled this way ... likely best if we move it into |
497 |
-+ the directory structure with an explicit field in |
498 |
-+ libtiff 4.1 and assign it a FIELD_ value */ |
499 |
-+ static uint16 dotrange[2]; |
500 |
-+ raw_data = dotrange; |
501 |
-+ TIFFGetField(tif, tag, dotrange+0, dotrange+1); |
502 |
-+ } else if (fip->field_type == TIFF_ASCII |
503 |
- || fip->field_readcount == TIFF_VARIABLE |
504 |
- || fip->field_readcount == TIFF_VARIABLE2 |
505 |
- || fip->field_readcount == TIFF_SPP |
506 |
-- || value_count > 1) |
507 |
-- && fip->field_tag != TIFFTAG_PAGENUMBER |
508 |
-- && fip->field_tag != TIFFTAG_HALFTONEHINTS |
509 |
-- && fip->field_tag != TIFFTAG_YCBCRSUBSAMPLING |
510 |
-- && fip->field_tag != TIFFTAG_DOTRANGE) { |
511 |
-+ || value_count > 1) { |
512 |
- if(TIFFGetField(tif, tag, &raw_data) != 1) |
513 |
- continue; |
514 |
-- } else if (fip->field_tag != TIFFTAG_PAGENUMBER |
515 |
-- && fip->field_tag != TIFFTAG_HALFTONEHINTS |
516 |
-- && fip->field_tag != TIFFTAG_YCBCRSUBSAMPLING |
517 |
-- && fip->field_tag != TIFFTAG_DOTRANGE) { |
518 |
-- raw_data = _TIFFmalloc( |
519 |
-- _TIFFDataSize(fip->field_type) |
520 |
-- * value_count); |
521 |
-- mem_alloc = 1; |
522 |
-- if(TIFFGetField(tif, tag, raw_data) != 1) { |
523 |
-- _TIFFfree(raw_data); |
524 |
-- continue; |
525 |
-- } |
526 |
- } else { |
527 |
-- /* |
528 |
-- * XXX: Should be fixed and removed, see the |
529 |
-- * notes related to TIFFTAG_PAGENUMBER, |
530 |
-- * TIFFTAG_HALFTONEHINTS, |
531 |
-- * TIFFTAG_YCBCRSUBSAMPLING and |
532 |
-- * TIFFTAG_DOTRANGE tags in tif_dir.c. */ |
533 |
-- char *tmp; |
534 |
- raw_data = _TIFFmalloc( |
535 |
- _TIFFDataSize(fip->field_type) |
536 |
- * value_count); |
537 |
-- tmp = raw_data; |
538 |
- mem_alloc = 1; |
539 |
-- if(TIFFGetField(tif, tag, tmp, |
540 |
-- tmp + _TIFFDataSize(fip->field_type)) != 1) { |
541 |
-+ if(TIFFGetField(tif, tag, raw_data) != 1) { |
542 |
- _TIFFfree(raw_data); |
543 |
- continue; |
544 |
- } |
545 |
-@@ -574,7 +574,7 @@ |
546 |
- * _TIFFPrettyPrintField() fall down and print it as any other |
547 |
- * tag. |
548 |
- */ |
549 |
-- if (_TIFFPrettyPrintField(tif, fd, tag, value_count, raw_data)) { |
550 |
-+ if (_TIFFPrettyPrintField(tif, fip, fd, tag, value_count, raw_data)) { |
551 |
- if(mem_alloc) |
552 |
- _TIFFfree(raw_data); |
553 |
- continue; |
554 |
|
555 |
diff --git a/media-libs/tiff/files/tiff-3.9.7-printdir-width.patch b/media-libs/tiff/files/tiff-3.9.7-printdir-width.patch |
556 |
deleted file mode 100644 |
557 |
index 6ad7534ac6f..00000000000 |
558 |
--- a/media-libs/tiff/files/tiff-3.9.7-printdir-width.patch |
559 |
+++ /dev/null |
560 |
@@ -1,36 +0,0 @@ |
561 |
-Make TIFFPrintDirectory cope with both TIFF_VARIABLE and TIFF_VARIABLE2 |
562 |
-conventions for field_passcount fields, ie, either 16- or 32-bit counts. |
563 |
-This patch is taken from upstream commits dated 2012-05-23 ("fix crash |
564 |
-with odd 16bit count types for some custom fields") and 2012-12-12 ("Fix |
565 |
-TIFF_VARIABLE/TIFF_VARIABLE2 confusion in TIFFPrintDirectory"). |
566 |
- |
567 |
-This doesn't qualify as a security issue in itself, mainly because |
568 |
-TIFFPrintDirectory is unlikely to be used in any security-exposed |
569 |
-scenarios; but we need to fix it so that our test case for CVE-2012-5581 |
570 |
-works on all platforms. |
571 |
- |
572 |
- |
573 |
-diff -Naur tiff-3.9.4.orig/libtiff/tif_print.c tiff-3.9.4/libtiff/tif_print.c |
574 |
---- tiff-3.9.4.orig/libtiff/tif_print.c 2010-06-08 14:50:42.000000000 -0400 |
575 |
-+++ tiff-3.9.4/libtiff/tif_print.c 2012-12-13 12:17:33.726765771 -0500 |
576 |
-@@ -518,8 +518,19 @@ |
577 |
- continue; |
578 |
- |
579 |
- if(fip->field_passcount) { |
580 |
-- if(TIFFGetField(tif, tag, &value_count, &raw_data) != 1) |
581 |
-+ if (fip->field_readcount == TIFF_VARIABLE2 ) { |
582 |
-+ if(TIFFGetField(tif, tag, &value_count, &raw_data) != 1) |
583 |
-+ continue; |
584 |
-+ } else if (fip->field_readcount == TIFF_VARIABLE ) { |
585 |
-+ uint16 small_value_count; |
586 |
-+ if(TIFFGetField(tif, tag, &small_value_count, &raw_data) != 1) |
587 |
-+ continue; |
588 |
-+ value_count = small_value_count; |
589 |
-+ } else { |
590 |
-+ assert (fip->field_readcount == TIFF_VARIABLE |
591 |
-+ || fip->field_readcount == TIFF_VARIABLE2); |
592 |
- continue; |
593 |
-+ } |
594 |
- } else { |
595 |
- if (fip->field_readcount == TIFF_VARIABLE |
596 |
- || fip->field_readcount == TIFF_VARIABLE2) |
597 |
|
598 |
diff --git a/media-libs/tiff/files/tiff-3.9.7-tiffinfo-exif.patch b/media-libs/tiff/files/tiff-3.9.7-tiffinfo-exif.patch |
599 |
deleted file mode 100644 |
600 |
index a326e21e298..00000000000 |
601 |
--- a/media-libs/tiff/files/tiff-3.9.7-tiffinfo-exif.patch |
602 |
+++ /dev/null |
603 |
@@ -1,59 +0,0 @@ |
604 |
-Teach "tiffinfo -D" to not try to print image data inside an EXIF subdirectory, |
605 |
-because there isn't any. Back-patched from an upstream 4.0.2 fix. |
606 |
- |
607 |
-This is not a security issue in itself (it crashes, but with a simple NULL |
608 |
-pointer dereference). However, our test case for CVE-2012-5581 tickles this |
609 |
-bug, so it seems easier to fix this than make a new test case. |
610 |
- |
611 |
- |
612 |
-diff -Naur tiff-3.9.4.orig/tools/tiffinfo.c tiff-3.9.4/tools/tiffinfo.c |
613 |
---- tiff-3.9.4.orig/tools/tiffinfo.c 2010-06-08 14:50:44.000000000 -0400 |
614 |
-+++ tiff-3.9.4/tools/tiffinfo.c 2012-12-11 16:33:17.062228558 -0500 |
615 |
-@@ -49,7 +49,7 @@ |
616 |
- int stoponerr = 1; /* stop on first read error */ |
617 |
- |
618 |
- static void usage(void); |
619 |
--static void tiffinfo(TIFF*, uint16, long); |
620 |
-+static void tiffinfo(TIFF*, uint16, long, int); |
621 |
- |
622 |
- int |
623 |
- main(int argc, char* argv[]) |
624 |
-@@ -124,19 +124,20 @@ |
625 |
- if (tif != NULL) { |
626 |
- if (dirnum != -1) { |
627 |
- if (TIFFSetDirectory(tif, (tdir_t) dirnum)) |
628 |
-- tiffinfo(tif, order, flags); |
629 |
-+ tiffinfo(tif, order, flags, 1); |
630 |
- } else if (diroff != 0) { |
631 |
- if (TIFFSetSubDirectory(tif, diroff)) |
632 |
-- tiffinfo(tif, order, flags); |
633 |
-+ tiffinfo(tif, order, flags, 1); |
634 |
- } else { |
635 |
- do { |
636 |
- uint32 offset; |
637 |
- |
638 |
-- tiffinfo(tif, order, flags); |
639 |
-+ tiffinfo(tif, order, flags, 1); |
640 |
- if (TIFFGetField(tif, TIFFTAG_EXIFIFD, |
641 |
- &offset)) { |
642 |
-- if (TIFFReadEXIFDirectory(tif, offset)) |
643 |
-- tiffinfo(tif, order, flags); |
644 |
-+ if (TIFFReadEXIFDirectory(tif, offset)) { |
645 |
-+ tiffinfo(tif, order, flags, 0); |
646 |
-+ } |
647 |
- } |
648 |
- } while (TIFFReadDirectory(tif)); |
649 |
- } |
650 |
-@@ -426,10 +427,10 @@ |
651 |
- } |
652 |
- |
653 |
- static void |
654 |
--tiffinfo(TIFF* tif, uint16 order, long flags) |
655 |
-+tiffinfo(TIFF* tif, uint16 order, long flags, int is_image) |
656 |
- { |
657 |
- TIFFPrintDirectory(tif, stdout, flags); |
658 |
-- if (!readdata) |
659 |
-+ if (!readdata || !is_image) |
660 |
- return; |
661 |
- if (rawdata) { |
662 |
- if (order) { |