Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Patrice Clement <monsieurp@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: media-libs/tiff/files/
Date: Wed, 27 Mar 2019 23:56:21
Message-Id: 1553730961.4e4c0bfa02e7fbf53df4c328d1b4af80ed974f5e.monsieurp@gentoo
1 commit: 4e4c0bfa02e7fbf53df4c328d1b4af80ed974f5e
2 Author: Michael Mair-Keimberger <m.mairkeimberger <AT> gmail <DOT> com>
3 AuthorDate: Wed Mar 27 06:03:39 2019 +0000
4 Commit: Patrice Clement <monsieurp <AT> gentoo <DOT> org>
5 CommitDate: Wed Mar 27 23:56:01 2019 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4e4c0bfa
7
8 media-libs/tiff: remove unused patches.
9
10 Signed-off-by: Michael Mair-Keimberger <m.mairkeimberger <AT> gmail.com>
11 Closes: https://github.com/gentoo/gentoo/pull/11513
12 Signed-off-by: Patrice Clement <monsieurp <AT> gentoo.org>
13
14 .../tiff/files/tiff-3.9.7-CVE-2012-4447.patch | 191 ----------------
15 .../tiff/files/tiff-3.9.7-CVE-2012-4564.patch | 77 -------
16 .../tiff/files/tiff-3.9.7-CVE-2012-5581.patch | 245 ---------------------
17 .../tiff/files/tiff-3.9.7-printdir-width.patch | 36 ---
18 .../tiff/files/tiff-3.9.7-tiffinfo-exif.patch | 59 -----
19 5 files changed, 608 deletions(-)
20
21 diff --git a/media-libs/tiff/files/tiff-3.9.7-CVE-2012-4447.patch b/media-libs/tiff/files/tiff-3.9.7-CVE-2012-4447.patch
22 deleted file mode 100644
23 index 6c28dc6ec9a..00000000000
24 --- a/media-libs/tiff/files/tiff-3.9.7-CVE-2012-4447.patch
25 +++ /dev/null
26 @@ -1,191 +0,0 @@
27 -Upstream patch for CVE-2012-4447. This also covers an out-of-bounds-read
28 -possibility in the same file, which wasn't given a separate CVE.
29 -
30 -
31 -diff -Naur tiff-3.9.4.orig/libtiff/tif_pixarlog.c tiff-3.9.4/libtiff/tif_pixarlog.c
32 ---- tiff-3.9.4.orig/libtiff/tif_pixarlog.c 2010-06-08 14:50:42.000000000 -0400
33 -+++ tiff-3.9.4/libtiff/tif_pixarlog.c 2012-12-10 15:50:14.421538317 -0500
34 -@@ -117,9 +117,9 @@
35 - if (n >= stride) {
36 - mask = CODE_MASK;
37 - if (stride == 3) {
38 -- t0 = ToLinearF[cr = wp[0]];
39 -- t1 = ToLinearF[cg = wp[1]];
40 -- t2 = ToLinearF[cb = wp[2]];
41 -+ t0 = ToLinearF[cr = (wp[0] & mask)];
42 -+ t1 = ToLinearF[cg = (wp[1] & mask)];
43 -+ t2 = ToLinearF[cb = (wp[2] & mask)];
44 - op[0] = t0;
45 - op[1] = t1;
46 - op[2] = t2;
47 -@@ -136,10 +136,10 @@
48 - op[2] = t2;
49 - }
50 - } else if (stride == 4) {
51 -- t0 = ToLinearF[cr = wp[0]];
52 -- t1 = ToLinearF[cg = wp[1]];
53 -- t2 = ToLinearF[cb = wp[2]];
54 -- t3 = ToLinearF[ca = wp[3]];
55 -+ t0 = ToLinearF[cr = (wp[0] & mask)];
56 -+ t1 = ToLinearF[cg = (wp[1] & mask)];
57 -+ t2 = ToLinearF[cb = (wp[2] & mask)];
58 -+ t3 = ToLinearF[ca = (wp[3] & mask)];
59 - op[0] = t0;
60 - op[1] = t1;
61 - op[2] = t2;
62 -@@ -183,9 +183,9 @@
63 - if (n >= stride) {
64 - mask = CODE_MASK;
65 - if (stride == 3) {
66 -- t0 = ToLinearF[cr = wp[0]] * SCALE12;
67 -- t1 = ToLinearF[cg = wp[1]] * SCALE12;
68 -- t2 = ToLinearF[cb = wp[2]] * SCALE12;
69 -+ t0 = ToLinearF[cr = (wp[0] & mask)] * SCALE12;
70 -+ t1 = ToLinearF[cg = (wp[1] & mask)] * SCALE12;
71 -+ t2 = ToLinearF[cb = (wp[2] & mask)] * SCALE12;
72 - op[0] = CLAMP12(t0);
73 - op[1] = CLAMP12(t1);
74 - op[2] = CLAMP12(t2);
75 -@@ -202,10 +202,10 @@
76 - op[2] = CLAMP12(t2);
77 - }
78 - } else if (stride == 4) {
79 -- t0 = ToLinearF[cr = wp[0]] * SCALE12;
80 -- t1 = ToLinearF[cg = wp[1]] * SCALE12;
81 -- t2 = ToLinearF[cb = wp[2]] * SCALE12;
82 -- t3 = ToLinearF[ca = wp[3]] * SCALE12;
83 -+ t0 = ToLinearF[cr = (wp[0] & mask)] * SCALE12;
84 -+ t1 = ToLinearF[cg = (wp[1] & mask)] * SCALE12;
85 -+ t2 = ToLinearF[cb = (wp[2] & mask)] * SCALE12;
86 -+ t3 = ToLinearF[ca = (wp[3] & mask)] * SCALE12;
87 - op[0] = CLAMP12(t0);
88 - op[1] = CLAMP12(t1);
89 - op[2] = CLAMP12(t2);
90 -@@ -247,9 +247,9 @@
91 - if (n >= stride) {
92 - mask = CODE_MASK;
93 - if (stride == 3) {
94 -- op[0] = ToLinear16[cr = wp[0]];
95 -- op[1] = ToLinear16[cg = wp[1]];
96 -- op[2] = ToLinear16[cb = wp[2]];
97 -+ op[0] = ToLinear16[cr = (wp[0] & mask)];
98 -+ op[1] = ToLinear16[cg = (wp[1] & mask)];
99 -+ op[2] = ToLinear16[cb = (wp[2] & mask)];
100 - n -= 3;
101 - while (n > 0) {
102 - wp += 3;
103 -@@ -260,10 +260,10 @@
104 - op[2] = ToLinear16[(cb += wp[2]) & mask];
105 - }
106 - } else if (stride == 4) {
107 -- op[0] = ToLinear16[cr = wp[0]];
108 -- op[1] = ToLinear16[cg = wp[1]];
109 -- op[2] = ToLinear16[cb = wp[2]];
110 -- op[3] = ToLinear16[ca = wp[3]];
111 -+ op[0] = ToLinear16[cr = (wp[0] & mask)];
112 -+ op[1] = ToLinear16[cg = (wp[1] & mask)];
113 -+ op[2] = ToLinear16[cb = (wp[2] & mask)];
114 -+ op[3] = ToLinear16[ca = (wp[3] & mask)];
115 - n -= 4;
116 - while (n > 0) {
117 - wp += 4;
118 -@@ -342,9 +342,9 @@
119 - if (n >= stride) {
120 - mask = CODE_MASK;
121 - if (stride == 3) {
122 -- op[0] = ToLinear8[cr = wp[0]];
123 -- op[1] = ToLinear8[cg = wp[1]];
124 -- op[2] = ToLinear8[cb = wp[2]];
125 -+ op[0] = ToLinear8[cr = (wp[0] & mask)];
126 -+ op[1] = ToLinear8[cg = (wp[1] & mask)];
127 -+ op[2] = ToLinear8[cb = (wp[2] & mask)];
128 - n -= 3;
129 - while (n > 0) {
130 - n -= 3;
131 -@@ -355,10 +355,10 @@
132 - op[2] = ToLinear8[(cb += wp[2]) & mask];
133 - }
134 - } else if (stride == 4) {
135 -- op[0] = ToLinear8[cr = wp[0]];
136 -- op[1] = ToLinear8[cg = wp[1]];
137 -- op[2] = ToLinear8[cb = wp[2]];
138 -- op[3] = ToLinear8[ca = wp[3]];
139 -+ op[0] = ToLinear8[cr = (wp[0] & mask)];
140 -+ op[1] = ToLinear8[cg = (wp[1] & mask)];
141 -+ op[2] = ToLinear8[cb = (wp[2] & mask)];
142 -+ op[3] = ToLinear8[ca = (wp[3] & mask)];
143 - n -= 4;
144 - while (n > 0) {
145 - n -= 4;
146 -@@ -393,9 +393,9 @@
147 - mask = CODE_MASK;
148 - if (stride == 3) {
149 - op[0] = 0;
150 -- t1 = ToLinear8[cb = wp[2]];
151 -- t2 = ToLinear8[cg = wp[1]];
152 -- t3 = ToLinear8[cr = wp[0]];
153 -+ t1 = ToLinear8[cb = (wp[2] & mask)];
154 -+ t2 = ToLinear8[cg = (wp[1] & mask)];
155 -+ t3 = ToLinear8[cr = (wp[0] & mask)];
156 - op[1] = t1;
157 - op[2] = t2;
158 - op[3] = t3;
159 -@@ -413,10 +413,10 @@
160 - op[3] = t3;
161 - }
162 - } else if (stride == 4) {
163 -- t0 = ToLinear8[ca = wp[3]];
164 -- t1 = ToLinear8[cb = wp[2]];
165 -- t2 = ToLinear8[cg = wp[1]];
166 -- t3 = ToLinear8[cr = wp[0]];
167 -+ t0 = ToLinear8[ca = (wp[3] & mask)];
168 -+ t1 = ToLinear8[cb = (wp[2] & mask)];
169 -+ t2 = ToLinear8[cg = (wp[1] & mask)];
170 -+ t3 = ToLinear8[cr = (wp[0] & mask)];
171 - op[0] = t0;
172 - op[1] = t1;
173 - op[2] = t2;
174 -@@ -630,10 +630,10 @@
175 - return guess;
176 - }
177 -
178 --static uint32
179 --multiply(size_t m1, size_t m2)
180 -+static tsize_t
181 -+multiply(tsize_t m1, tsize_t m2)
182 - {
183 -- uint32 bytes = m1 * m2;
184 -+ tsize_t bytes = m1 * m2;
185 -
186 - if (m1 && bytes / m1 != m2)
187 - bytes = 0;
188 -@@ -641,6 +641,20 @@
189 - return bytes;
190 - }
191 -
192 -+static tsize_t
193 -+add_ms(tsize_t m1, tsize_t m2)
194 -+{
195 -+ tsize_t bytes = m1 + m2;
196 -+
197 -+ /* if either input is zero, assume overflow already occurred */
198 -+ if (m1 == 0 || m2 == 0)
199 -+ bytes = 0;
200 -+ else if (bytes <= m1 || bytes <= m2)
201 -+ bytes = 0;
202 -+
203 -+ return bytes;
204 -+}
205 -+
206 - static int
207 - PixarLogSetupDecode(TIFF* tif)
208 - {
209 -@@ -661,6 +675,8 @@
210 - td->td_samplesperpixel : 1);
211 - tbuf_size = multiply(multiply(multiply(sp->stride, td->td_imagewidth),
212 - td->td_rowsperstrip), sizeof(uint16));
213 -+ /* add one more stride in case input ends mid-stride */
214 -+ tbuf_size = add_ms(tbuf_size, sizeof(uint16) * sp->stride);
215 - if (tbuf_size == 0)
216 - return (0);
217 - sp->tbuf = (uint16 *) _TIFFmalloc(tbuf_size);
218
219 diff --git a/media-libs/tiff/files/tiff-3.9.7-CVE-2012-4564.patch b/media-libs/tiff/files/tiff-3.9.7-CVE-2012-4564.patch
220 deleted file mode 100644
221 index 98a6e6c4409..00000000000
222 --- a/media-libs/tiff/files/tiff-3.9.7-CVE-2012-4564.patch
223 +++ /dev/null
224 @@ -1,77 +0,0 @@
225 -Upstream patch for CVE-2012-4564.
226 -
227 -
228 -diff -Naur tiff-3.9.4.orig/tools/ppm2tiff.c tiff-3.9.4/tools/ppm2tiff.c
229 ---- tiff-3.9.4.orig/tools/ppm2tiff.c 2010-06-08 14:50:44.000000000 -0400
230 -+++ tiff-3.9.4/tools/ppm2tiff.c 2012-12-10 16:16:05.154045877 -0500
231 -@@ -68,6 +68,17 @@
232 - exit(-2);
233 - }
234 -
235 -+static tsize_t
236 -+multiply_ms(tsize_t m1, tsize_t m2)
237 -+{
238 -+ tsize_t bytes = m1 * m2;
239 -+
240 -+ if (m1 && bytes / m1 != m2)
241 -+ bytes = 0;
242 -+
243 -+ return bytes;
244 -+}
245 -+
246 - int
247 - main(int argc, char* argv[])
248 - {
249 -@@ -85,6 +96,7 @@
250 - int c;
251 - extern int optind;
252 - extern char* optarg;
253 -+ tsize_t scanline_size;
254 -
255 - if (argc < 2) {
256 - fprintf(stderr, "%s: Too few arguments\n", argv[0]);
257 -@@ -217,7 +229,8 @@
258 - }
259 - switch (bpp) {
260 - case 1:
261 -- linebytes = (spp * w + (8 - 1)) / 8;
262 -+ /* if round-up overflows, result will be zero, OK */
263 -+ linebytes = (multiply_ms(spp, w) + (8 - 1)) / 8;
264 - if (rowsperstrip == (uint32) -1) {
265 - TIFFSetField(out, TIFFTAG_ROWSPERSTRIP, h);
266 - } else {
267 -@@ -226,15 +239,31 @@
268 - }
269 - break;
270 - case 8:
271 -- linebytes = spp * w;
272 -+ linebytes = multiply_ms(spp, w);
273 - TIFFSetField(out, TIFFTAG_ROWSPERSTRIP,
274 - TIFFDefaultStripSize(out, rowsperstrip));
275 - break;
276 - }
277 -- if (TIFFScanlineSize(out) > linebytes)
278 -+ if (linebytes == 0) {
279 -+ fprintf(stderr, "%s: scanline size overflow\n", infile);
280 -+ (void) TIFFClose(out);
281 -+ exit(-2);
282 -+ }
283 -+ scanline_size = TIFFScanlineSize(out);
284 -+ if (scanline_size == 0) {
285 -+ /* overflow - TIFFScanlineSize already printed a message */
286 -+ (void) TIFFClose(out);
287 -+ exit(-2);
288 -+ }
289 -+ if (scanline_size < linebytes)
290 - buf = (unsigned char *)_TIFFmalloc(linebytes);
291 - else
292 -- buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
293 -+ buf = (unsigned char *)_TIFFmalloc(scanline_size);
294 -+ if (buf == NULL) {
295 -+ fprintf(stderr, "%s: Not enough memory\n", infile);
296 -+ (void) TIFFClose(out);
297 -+ exit(-2);
298 -+ }
299 - if (resolution > 0) {
300 - TIFFSetField(out, TIFFTAG_XRESOLUTION, resolution);
301 - TIFFSetField(out, TIFFTAG_YRESOLUTION, resolution);
302
303 diff --git a/media-libs/tiff/files/tiff-3.9.7-CVE-2012-5581.patch b/media-libs/tiff/files/tiff-3.9.7-CVE-2012-5581.patch
304 deleted file mode 100644
305 index a6bdca13702..00000000000
306 --- a/media-libs/tiff/files/tiff-3.9.7-CVE-2012-5581.patch
307 +++ /dev/null
308 @@ -1,245 +0,0 @@
309 -Fix unsafe handling of DotRange and related tags. Back-port of upstream
310 -patch for CVE-2012-5581. (Note: I have not pushed this into upstream CVS
311 -for the 3.9 branch, because I'm not entirely convinced that it won't create
312 -application compatibility issues --- tgl)
313 -
314 -
315 -diff -Naur tiff-3.9.7.orig/libtiff/tif_dir.c tiff-3.9.7/libtiff/tif_dir.c
316 ---- tiff-3.9.7.orig/libtiff/tif_dir.c 2012-09-22 10:48:09.000000000 -0400
317 -+++ tiff-3.9.7/libtiff/tif_dir.c 2012-12-13 13:39:20.448864070 -0500
318 -@@ -494,32 +494,28 @@
319 - goto end;
320 - }
321 -
322 -- if ((fip->field_passcount
323 -+ if (fip->field_tag == TIFFTAG_DOTRANGE
324 -+ && strcmp(fip->field_name,"DotRange") == 0) {
325 -+ /* TODO: This is an evil exception and should not have been
326 -+ handled this way ... likely best if we move it into
327 -+ the directory structure with an explicit field in
328 -+ libtiff 4.1 and assign it a FIELD_ value */
329 -+ uint16 v[2];
330 -+ v[0] = (uint16)va_arg(ap, int);
331 -+ v[1] = (uint16)va_arg(ap, int);
332 -+ _TIFFmemcpy(tv->value, v, 4);
333 -+ }
334 -+ else if (fip->field_passcount
335 - || fip->field_writecount == TIFF_VARIABLE
336 - || fip->field_writecount == TIFF_VARIABLE2
337 - || fip->field_writecount == TIFF_SPP
338 -- || tv->count > 1)
339 -- && fip->field_tag != TIFFTAG_PAGENUMBER
340 -- && fip->field_tag != TIFFTAG_HALFTONEHINTS
341 -- && fip->field_tag != TIFFTAG_YCBCRSUBSAMPLING
342 -- && fip->field_tag != TIFFTAG_DOTRANGE
343 -- && fip->field_tag != TIFFTAG_WHITELEVEL) {
344 -+ || tv->count > 1) {
345 - _TIFFmemcpy(tv->value, va_arg(ap, void *),
346 - tv->count * tv_size);
347 - } else {
348 -- /*
349 -- * XXX: The following loop required to handle
350 -- * TIFFTAG_PAGENUMBER, TIFFTAG_HALFTONEHINTS,
351 -- * TIFFTAG_YCBCRSUBSAMPLING and TIFFTAG_DOTRANGE tags.
352 -- * These tags are actually arrays and should be passed as
353 -- * array pointers to TIFFSetField() function, but actually
354 -- * passed as a list of separate values. This behaviour
355 -- * must be changed in the future!
356 -- */
357 -- int i;
358 - char *val = (char *)tv->value;
359 -
360 -- for (i = 0; i < tv->count; i++, val += tv_size) {
361 -+ assert( tv->count == 1 );
362 - switch (fip->field_type) {
363 - case TIFF_BYTE:
364 - case TIFF_UNDEFINED:
365 -@@ -578,7 +574,6 @@
366 - status = 0;
367 - break;
368 - }
369 -- }
370 - }
371 - }
372 - }
373 -@@ -869,24 +864,27 @@
374 - *va_arg(ap, uint16*) = (uint16)tv->count;
375 - *va_arg(ap, void **) = tv->value;
376 - ret_val = 1;
377 -- } else {
378 -- if ((fip->field_type == TIFF_ASCII
379 -+ } else if (fip->field_tag == TIFFTAG_DOTRANGE
380 -+ && strcmp(fip->field_name,"DotRange") == 0) {
381 -+ /* TODO: This is an evil exception and should not have been
382 -+ handled this way ... likely best if we move it into
383 -+ the directory structure with an explicit field in
384 -+ libtiff 4.1 and assign it a FIELD_ value */
385 -+ *va_arg(ap, uint16*) = ((uint16 *)tv->value)[0];
386 -+ *va_arg(ap, uint16*) = ((uint16 *)tv->value)[1];
387 -+ ret_val = 1;
388 -+ } else {
389 -+ if (fip->field_type == TIFF_ASCII
390 - || fip->field_readcount == TIFF_VARIABLE
391 - || fip->field_readcount == TIFF_VARIABLE2
392 - || fip->field_readcount == TIFF_SPP
393 -- || tv->count > 1)
394 -- && fip->field_tag != TIFFTAG_PAGENUMBER
395 -- && fip->field_tag != TIFFTAG_HALFTONEHINTS
396 -- && fip->field_tag != TIFFTAG_YCBCRSUBSAMPLING
397 -- && fip->field_tag != TIFFTAG_DOTRANGE) {
398 -+ || tv->count > 1) {
399 - *va_arg(ap, void **) = tv->value;
400 - ret_val = 1;
401 - } else {
402 -- int j;
403 - char *val = (char *)tv->value;
404 -
405 -- for (j = 0; j < tv->count;
406 -- j++, val += _TIFFDataSize(tv->info->field_type)) {
407 -+ assert( tv->count == 1 );
408 - switch (fip->field_type) {
409 - case TIFF_BYTE:
410 - case TIFF_UNDEFINED:
411 -@@ -936,7 +934,6 @@
412 - ret_val = 0;
413 - break;
414 - }
415 -- }
416 - }
417 - }
418 - break;
419 -diff -Naur tiff-3.9.7.orig/libtiff/tif_print.c tiff-3.9.7/libtiff/tif_print.c
420 ---- tiff-3.9.7.orig/libtiff/tif_print.c 2010-07-08 12:17:59.000000000 -0400
421 -+++ tiff-3.9.7/libtiff/tif_print.c 2012-12-13 13:42:12.773478278 -0500
422 -@@ -112,16 +112,22 @@
423 - }
424 -
425 - static int
426 --_TIFFPrettyPrintField(TIFF* tif, FILE* fd, ttag_t tag,
427 -+_TIFFPrettyPrintField(TIFF* tif, const TIFFFieldInfo *fip, FILE* fd, ttag_t tag,
428 - uint32 value_count, void *raw_data)
429 - {
430 - TIFFDirectory *td = &tif->tif_dir;
431 -
432 -+ /* do not try to pretty print auto-defined fields */
433 -+ if (strncmp(fip->field_name,"Tag ", 4) == 0) {
434 -+ return 0;
435 -+ }
436 -+
437 - switch (tag)
438 - {
439 - case TIFFTAG_INKSET:
440 -- fprintf(fd, " Ink Set: ");
441 -- switch (*((uint16*)raw_data)) {
442 -+ if (value_count == 2 && fip->field_type == TIFF_SHORT) {
443 -+ fprintf(fd, " Ink Set: ");
444 -+ switch (*((uint16*)raw_data)) {
445 - case INKSET_CMYK:
446 - fprintf(fd, "CMYK\n");
447 - break;
448 -@@ -130,11 +136,18 @@
449 - *((uint16*)raw_data),
450 - *((uint16*)raw_data));
451 - break;
452 -+ }
453 -+ return 1;
454 - }
455 -- return 1;
456 -+ return 0;
457 -+
458 - case TIFFTAG_WHITEPOINT:
459 -- fprintf(fd, " White Point: %g-%g\n",
460 -- ((float *)raw_data)[0], ((float *)raw_data)[1]); return 1;
461 -+ if (value_count == 2 && fip->field_type == TIFF_RATIONAL) {
462 -+ fprintf(fd, " White Point: %g-%g\n",
463 -+ ((float *)raw_data)[0], ((float *)raw_data)[1]); return 1;
464 -+ }
465 -+ return 0;
466 -+
467 - case TIFFTAG_REFERENCEBLACKWHITE:
468 - {
469 - uint16 i;
470 -@@ -174,10 +187,13 @@
471 - (unsigned long) value_count);
472 - return 1;
473 - case TIFFTAG_STONITS:
474 -- fprintf(fd,
475 -- " Sample to Nits conversion factor: %.4e\n",
476 -- *((double*)raw_data));
477 -- return 1;
478 -+ if (value_count == 1 && fip->field_type == TIFF_DOUBLE) {
479 -+ fprintf(fd,
480 -+ " Sample to Nits conversion factor: %.4e\n",
481 -+ *((double*)raw_data));
482 -+ return 1;
483 -+ }
484 -+ return 0;
485 - }
486 -
487 - return 0;
488 -@@ -524,44 +540,28 @@
489 - value_count = td->td_samplesperpixel;
490 - else
491 - value_count = fip->field_readcount;
492 -- if ((fip->field_type == TIFF_ASCII
493 -+ if (fip->field_tag == TIFFTAG_DOTRANGE
494 -+ && strcmp(fip->field_name,"DotRange") == 0) {
495 -+ /* TODO: This is an evil exception and should not have been
496 -+ handled this way ... likely best if we move it into
497 -+ the directory structure with an explicit field in
498 -+ libtiff 4.1 and assign it a FIELD_ value */
499 -+ static uint16 dotrange[2];
500 -+ raw_data = dotrange;
501 -+ TIFFGetField(tif, tag, dotrange+0, dotrange+1);
502 -+ } else if (fip->field_type == TIFF_ASCII
503 - || fip->field_readcount == TIFF_VARIABLE
504 - || fip->field_readcount == TIFF_VARIABLE2
505 - || fip->field_readcount == TIFF_SPP
506 -- || value_count > 1)
507 -- && fip->field_tag != TIFFTAG_PAGENUMBER
508 -- && fip->field_tag != TIFFTAG_HALFTONEHINTS
509 -- && fip->field_tag != TIFFTAG_YCBCRSUBSAMPLING
510 -- && fip->field_tag != TIFFTAG_DOTRANGE) {
511 -+ || value_count > 1) {
512 - if(TIFFGetField(tif, tag, &raw_data) != 1)
513 - continue;
514 -- } else if (fip->field_tag != TIFFTAG_PAGENUMBER
515 -- && fip->field_tag != TIFFTAG_HALFTONEHINTS
516 -- && fip->field_tag != TIFFTAG_YCBCRSUBSAMPLING
517 -- && fip->field_tag != TIFFTAG_DOTRANGE) {
518 -- raw_data = _TIFFmalloc(
519 -- _TIFFDataSize(fip->field_type)
520 -- * value_count);
521 -- mem_alloc = 1;
522 -- if(TIFFGetField(tif, tag, raw_data) != 1) {
523 -- _TIFFfree(raw_data);
524 -- continue;
525 -- }
526 - } else {
527 -- /*
528 -- * XXX: Should be fixed and removed, see the
529 -- * notes related to TIFFTAG_PAGENUMBER,
530 -- * TIFFTAG_HALFTONEHINTS,
531 -- * TIFFTAG_YCBCRSUBSAMPLING and
532 -- * TIFFTAG_DOTRANGE tags in tif_dir.c. */
533 -- char *tmp;
534 - raw_data = _TIFFmalloc(
535 - _TIFFDataSize(fip->field_type)
536 - * value_count);
537 -- tmp = raw_data;
538 - mem_alloc = 1;
539 -- if(TIFFGetField(tif, tag, tmp,
540 -- tmp + _TIFFDataSize(fip->field_type)) != 1) {
541 -+ if(TIFFGetField(tif, tag, raw_data) != 1) {
542 - _TIFFfree(raw_data);
543 - continue;
544 - }
545 -@@ -574,7 +574,7 @@
546 - * _TIFFPrettyPrintField() fall down and print it as any other
547 - * tag.
548 - */
549 -- if (_TIFFPrettyPrintField(tif, fd, tag, value_count, raw_data)) {
550 -+ if (_TIFFPrettyPrintField(tif, fip, fd, tag, value_count, raw_data)) {
551 - if(mem_alloc)
552 - _TIFFfree(raw_data);
553 - continue;
554
555 diff --git a/media-libs/tiff/files/tiff-3.9.7-printdir-width.patch b/media-libs/tiff/files/tiff-3.9.7-printdir-width.patch
556 deleted file mode 100644
557 index 6ad7534ac6f..00000000000
558 --- a/media-libs/tiff/files/tiff-3.9.7-printdir-width.patch
559 +++ /dev/null
560 @@ -1,36 +0,0 @@
561 -Make TIFFPrintDirectory cope with both TIFF_VARIABLE and TIFF_VARIABLE2
562 -conventions for field_passcount fields, ie, either 16- or 32-bit counts.
563 -This patch is taken from upstream commits dated 2012-05-23 ("fix crash
564 -with odd 16bit count types for some custom fields") and 2012-12-12 ("Fix
565 -TIFF_VARIABLE/TIFF_VARIABLE2 confusion in TIFFPrintDirectory").
566 -
567 -This doesn't qualify as a security issue in itself, mainly because
568 -TIFFPrintDirectory is unlikely to be used in any security-exposed
569 -scenarios; but we need to fix it so that our test case for CVE-2012-5581
570 -works on all platforms.
571 -
572 -
573 -diff -Naur tiff-3.9.4.orig/libtiff/tif_print.c tiff-3.9.4/libtiff/tif_print.c
574 ---- tiff-3.9.4.orig/libtiff/tif_print.c 2010-06-08 14:50:42.000000000 -0400
575 -+++ tiff-3.9.4/libtiff/tif_print.c 2012-12-13 12:17:33.726765771 -0500
576 -@@ -518,8 +518,19 @@
577 - continue;
578 -
579 - if(fip->field_passcount) {
580 -- if(TIFFGetField(tif, tag, &value_count, &raw_data) != 1)
581 -+ if (fip->field_readcount == TIFF_VARIABLE2 ) {
582 -+ if(TIFFGetField(tif, tag, &value_count, &raw_data) != 1)
583 -+ continue;
584 -+ } else if (fip->field_readcount == TIFF_VARIABLE ) {
585 -+ uint16 small_value_count;
586 -+ if(TIFFGetField(tif, tag, &small_value_count, &raw_data) != 1)
587 -+ continue;
588 -+ value_count = small_value_count;
589 -+ } else {
590 -+ assert (fip->field_readcount == TIFF_VARIABLE
591 -+ || fip->field_readcount == TIFF_VARIABLE2);
592 - continue;
593 -+ }
594 - } else {
595 - if (fip->field_readcount == TIFF_VARIABLE
596 - || fip->field_readcount == TIFF_VARIABLE2)
597
598 diff --git a/media-libs/tiff/files/tiff-3.9.7-tiffinfo-exif.patch b/media-libs/tiff/files/tiff-3.9.7-tiffinfo-exif.patch
599 deleted file mode 100644
600 index a326e21e298..00000000000
601 --- a/media-libs/tiff/files/tiff-3.9.7-tiffinfo-exif.patch
602 +++ /dev/null
603 @@ -1,59 +0,0 @@
604 -Teach "tiffinfo -D" to not try to print image data inside an EXIF subdirectory,
605 -because there isn't any. Back-patched from an upstream 4.0.2 fix.
606 -
607 -This is not a security issue in itself (it crashes, but with a simple NULL
608 -pointer dereference). However, our test case for CVE-2012-5581 tickles this
609 -bug, so it seems easier to fix this than make a new test case.
610 -
611 -
612 -diff -Naur tiff-3.9.4.orig/tools/tiffinfo.c tiff-3.9.4/tools/tiffinfo.c
613 ---- tiff-3.9.4.orig/tools/tiffinfo.c 2010-06-08 14:50:44.000000000 -0400
614 -+++ tiff-3.9.4/tools/tiffinfo.c 2012-12-11 16:33:17.062228558 -0500
615 -@@ -49,7 +49,7 @@
616 - int stoponerr = 1; /* stop on first read error */
617 -
618 - static void usage(void);
619 --static void tiffinfo(TIFF*, uint16, long);
620 -+static void tiffinfo(TIFF*, uint16, long, int);
621 -
622 - int
623 - main(int argc, char* argv[])
624 -@@ -124,19 +124,20 @@
625 - if (tif != NULL) {
626 - if (dirnum != -1) {
627 - if (TIFFSetDirectory(tif, (tdir_t) dirnum))
628 -- tiffinfo(tif, order, flags);
629 -+ tiffinfo(tif, order, flags, 1);
630 - } else if (diroff != 0) {
631 - if (TIFFSetSubDirectory(tif, diroff))
632 -- tiffinfo(tif, order, flags);
633 -+ tiffinfo(tif, order, flags, 1);
634 - } else {
635 - do {
636 - uint32 offset;
637 -
638 -- tiffinfo(tif, order, flags);
639 -+ tiffinfo(tif, order, flags, 1);
640 - if (TIFFGetField(tif, TIFFTAG_EXIFIFD,
641 - &offset)) {
642 -- if (TIFFReadEXIFDirectory(tif, offset))
643 -- tiffinfo(tif, order, flags);
644 -+ if (TIFFReadEXIFDirectory(tif, offset)) {
645 -+ tiffinfo(tif, order, flags, 0);
646 -+ }
647 - }
648 - } while (TIFFReadDirectory(tif));
649 - }
650 -@@ -426,10 +427,10 @@
651 - }
652 -
653 - static void
654 --tiffinfo(TIFF* tif, uint16 order, long flags)
655 -+tiffinfo(TIFF* tif, uint16 order, long flags, int is_image)
656 - {
657 - TIFFPrintDirectory(tif, stdout, flags);
658 -- if (!readdata)
659 -+ if (!readdata || !is_image)
660 - return;
661 - if (rawdata) {
662 - if (order) {
Report Message
Find on MARC Find on Google Groups