[gentoo-commits] repo/gentoo:master commit in: media-libs/tiff/, media-libs/tiff/files/ - gentoo-commits

From:	Mike Frysinger <vapier@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: media-libs/tiff/, media-libs/tiff/files/
Date:	Tue, 29 May 2018 01:04:13
Message-Id:	`1527555834.afb651b9908c9fd2d24a8e347e152bc195b486bc.vapier@gentoo`

1

commit:     afb651b9908c9fd2d24a8e347e152bc195b486bc

2

Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>

3

AuthorDate: Tue May 29 01:02:58 2018 +0000

4

Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>

5

CommitDate: Tue May 29 01:03:54 2018 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=afb651b9

7

8

media-libs/tiff: add upstream fix for CVE-2017-18013 #645982

9

10

Bug: https://bugs.gentoo.org/645982

11

12

 .../tiff/files/tiff-4.0.9-CVE-2017-18013.patch     | 39 +++++++++++

13

 media-libs/tiff/tiff-4.0.9-r4.ebuild               | 81 ++++++++++++++++++++++

14

 2 files changed, 120 insertions(+)

15

16

diff --git a/media-libs/tiff/files/tiff-4.0.9-CVE-2017-18013.patch b/media-libs/tiff/files/tiff-4.0.9-CVE-2017-18013.patch

17

new file mode 100644

18

index 00000000000..2db890aef90

19

--- /dev/null

20

+++ b/media-libs/tiff/files/tiff-4.0.9-CVE-2017-18013.patch

21

@@ -0,0 +1,39 @@

22

+https://bugs.gentoo.org/645982

23

+https://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01

24

+

25

+From c6f41df7b581402dfba3c19a1e3df4454c551a01 Mon Sep 17 00:00:00 2001

26

+From: Even Rouault <even.rouault@×××××××××.com>

27

+Date: Sun, 31 Dec 2017 15:09:41 +0100

28

+Subject: [PATCH] libtiff/tif_print.c: TIFFPrintDirectory(): fix null pointer

29

+ dereference on corrupted file. Fixes

30

+ http://bugzilla.maptools.org/show_bug.cgi?id=2770

31

+

32

+---

33

+ libtiff/tif_print.c | 8 ++++----

34

+ 1 file changed, 4 insertions(+), 4 deletions(-)

35

+

36

+diff --git a/libtiff/tif_print.c b/libtiff/tif_print.c

37

+index 9959d353b1f9..8deceb2b054d 100644

38

+--- a/libtiff/tif_print.c

39

++++ b/libtiff/tif_print.c

40

+@@ -665,13 +665,13 @@ TIFFPrintDirectory(TIFF* tif, FILE* fd, long flags)

41

+ #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))

42

+ 			fprintf(fd, "    %3lu: [%8I64u, %8I64u]\n",

43

+ 			    (unsigned long) s,

44

+-			    (unsigned __int64) td->td_stripoffset[s],

45

+-			    (unsigned __int64) td->td_stripbytecount[s]);

46

++			    td->td_stripoffset ? (unsigned __int64) td->td_stripoffset[s] : 0,

47

++			    td->td_stripbytecount ? (unsigned __int64) td->td_stripbytecount[s] : 0);

48

+ #else

49

+ 			fprintf(fd, "    %3lu: [%8llu, %8llu]\n",

50

+ 			    (unsigned long) s,

51

+-			    (unsigned long long) td->td_stripoffset[s],

52

+-			    (unsigned long long) td->td_stripbytecount[s]);

53

++			    td->td_stripoffset ? (unsigned long long) td->td_stripoffset[s] : 0,

54

++			    td->td_stripbytecount ? (unsigned long long) td->td_stripbytecount[s] : 0);

55

+ #endif

56

+ 	}

57

+ }

58

+--

59

+2.16.1

60

+

61

62

diff --git a/media-libs/tiff/tiff-4.0.9-r4.ebuild b/media-libs/tiff/tiff-4.0.9-r4.ebuild

63

new file mode 100644

64

index 00000000000..4787ecd348e

65

--- /dev/null

66

+++ b/media-libs/tiff/tiff-4.0.9-r4.ebuild

67

@@ -0,0 +1,81 @@

68

+# Copyright 1999-2018 Gentoo Foundation

69

+# Distributed under the terms of the GNU General Public License v2

70

+

71

+EAPI="6"

72

+

73

+inherit autotools libtool ltprune multilib-minimal

74

+

75

+DESCRIPTION="Tag Image File Format (TIFF) library"

76

+HOMEPAGE="http://libtiff.maptools.org"

77

+SRC_URI="http://download.osgeo.org/libtiff/${P}.tar.gz

78

+	ftp://ftp.remotesensing.org/pub/libtiff/${P}.tar.gz"

79

+

80

+LICENSE="libtiff"

81

+SLOT="0"

82

+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~x64-solaris ~x86-solaris"

83

+IUSE="+cxx jbig jpeg lzma static-libs test zlib"

84

+

85

+RDEPEND="jpeg? ( >=virtual/jpeg-0-r2:0=[${MULTILIB_USEDEP}] )

86

+	jbig? ( >=media-libs/jbigkit-2.1:=[${MULTILIB_USEDEP}] )

87

+	lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[${MULTILIB_USEDEP}] )

88

+	zlib? ( >=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}] )"

89

+DEPEND="${RDEPEND}"

90

+

91

+REQUIRED_USE="test? ( jpeg )" #483132

92

+

93

+PATCHES=(

94

+	"${FILESDIR}"/${PN}-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch

95

+	"${FILESDIR}"/${PN}-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch

96

+	"${FILESDIR}"/${P}-CVE-2017-9935.patch #624696

97

+	"${FILESDIR}"/${P}-CVE-2017-9935-fix-incorrect-type.patch #624696

98

+	"${FILESDIR}"/${P}-CVE-2017-18013.patch #645982

99

+	"${FILESDIR}"/${P}-CVE-2018-5784.patch #645730

100

+)

101

+

102

+MULTILIB_WRAPPED_HEADERS=(

103

+	/usr/include/tiffconf.h

104

+)

105

+

106

+src_prepare() {

107

+	default

108

+

109

+	# tiffcp-thumbnail.sh fails as thumbnail binary doesn't get built anymore since tiff-4.0.7

110

+	sed '/tiffcp-thumbnail\.sh/d' -i test/Makefile.am || die

111

+

112

+	eautoreconf

113

+}

114

+

115

+multilib_src_configure() {

116

+	local myeconfargs=(

117

+		--without-x

118

+		$(use_enable cxx)

119

+		$(use_enable jbig)

120

+		$(use_enable jpeg)

121

+		$(use_enable lzma)

122

+		$(use_enable static-libs static)

123

+		$(use_enable zlib)

124

+	)

125

+	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"

126

+

127

+	# remove useless subdirs

128

+	if ! multilib_is_native_abi ; then

129

+		sed -i \

130

+			-e 's/ tools//' \

131

+			-e 's/ contrib//' \

132

+			-e 's/ man//' \

133

+			-e 's/ html//' \

134

+			Makefile || die

135

+	fi

136

+}

137

+

138

+multilib_src_test() {

139

+	if ! multilib_is_native_abi ; then

140

+		emake -C tools

141

+	fi

142

+	emake check

143

+}

144

+

145

+multilib_src_install_all() {

146

+	prune_libtool_files --all

147

+	rm -f "${ED%/}"/usr/share/doc/${PF}/{COPYRIGHT,README*,RELEASE-DATE,TODO,VERSION}

148

+}

1	commit: afb651b9908c9fd2d24a8e347e152bc195b486bc
2	Author: Mike Frysinger <vapier <AT> chromium <DOT> org>
3	AuthorDate: Tue May 29 01:02:58 2018 +0000
4	Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org>
5	CommitDate: Tue May 29 01:03:54 2018 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=afb651b9
7
8	media-libs/tiff: add upstream fix for CVE-2017-18013 #645982
9
10	Bug: https://bugs.gentoo.org/645982
11
12	.../tiff/files/tiff-4.0.9-CVE-2017-18013.patch \| 39 +++++++++++
13	media-libs/tiff/tiff-4.0.9-r4.ebuild \| 81 ++++++++++++++++++++++
14	2 files changed, 120 insertions(+)
15
16	diff --git a/media-libs/tiff/files/tiff-4.0.9-CVE-2017-18013.patch b/media-libs/tiff/files/tiff-4.0.9-CVE-2017-18013.patch
17	new file mode 100644
18	index 00000000000..2db890aef90
19	--- /dev/null
20	+++ b/media-libs/tiff/files/tiff-4.0.9-CVE-2017-18013.patch
21	@@ -0,0 +1,39 @@
22	+https://bugs.gentoo.org/645982
23	+https://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01
24	+
25	+From c6f41df7b581402dfba3c19a1e3df4454c551a01 Mon Sep 17 00:00:00 2001
26	+From: Even Rouault <even.rouault@×××××××××.com>
27	+Date: Sun, 31 Dec 2017 15:09:41 +0100
28	+Subject: [PATCH] libtiff/tif_print.c: TIFFPrintDirectory(): fix null pointer
29	+ dereference on corrupted file. Fixes
30	+ http://bugzilla.maptools.org/show_bug.cgi?id=2770
31	+
32	+---
33	+ libtiff/tif_print.c \| 8 ++++----
34	+ 1 file changed, 4 insertions(+), 4 deletions(-)
35	+
36	+diff --git a/libtiff/tif_print.c b/libtiff/tif_print.c
37	+index 9959d353b1f9..8deceb2b054d 100644
38	+--- a/libtiff/tif_print.c
39	++++ b/libtiff/tif_print.c
40	+@@ -665,13 +665,13 @@ TIFFPrintDirectory(TIFF* tif, FILE* fd, long flags)
41	+ #if defined(__WIN32__) && (defined(_MSC_VER) \|\| defined(__MINGW32__))
42	+ fprintf(fd, " %3lu: [%8I64u, %8I64u]\n",
43	+ (unsigned long) s,
44	+- (unsigned __int64) td->td_stripoffset[s],
45	+- (unsigned __int64) td->td_stripbytecount[s]);
46	++ td->td_stripoffset ? (unsigned __int64) td->td_stripoffset[s] : 0,
47	++ td->td_stripbytecount ? (unsigned __int64) td->td_stripbytecount[s] : 0);
48	+ #else
49	+ fprintf(fd, " %3lu: [%8llu, %8llu]\n",
50	+ (unsigned long) s,
51	+- (unsigned long long) td->td_stripoffset[s],
52	+- (unsigned long long) td->td_stripbytecount[s]);
53	++ td->td_stripoffset ? (unsigned long long) td->td_stripoffset[s] : 0,
54	++ td->td_stripbytecount ? (unsigned long long) td->td_stripbytecount[s] : 0);
55	+ #endif
56	+ }
57	+ }
58	+--
59	+2.16.1
60	+
61
62	diff --git a/media-libs/tiff/tiff-4.0.9-r4.ebuild b/media-libs/tiff/tiff-4.0.9-r4.ebuild
63	new file mode 100644
64	index 00000000000..4787ecd348e
65	--- /dev/null
66	+++ b/media-libs/tiff/tiff-4.0.9-r4.ebuild
67	@@ -0,0 +1,81 @@
68	+# Copyright 1999-2018 Gentoo Foundation
69	+# Distributed under the terms of the GNU General Public License v2
70	+
71	+EAPI="6"
72	+
73	+inherit autotools libtool ltprune multilib-minimal
74	+
75	+DESCRIPTION="Tag Image File Format (TIFF) library"
76	+HOMEPAGE="http://libtiff.maptools.org"
77	+SRC_URI="http://download.osgeo.org/libtiff/${P}.tar.gz
78	+ ftp://ftp.remotesensing.org/pub/libtiff/${P}.tar.gz"
79	+
80	+LICENSE="libtiff"
81	+SLOT="0"
82	+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~x64-solaris ~x86-solaris"
83	+IUSE="+cxx jbig jpeg lzma static-libs test zlib"
84	+
85	+RDEPEND="jpeg? ( >=virtual/jpeg-0-r2:0=[${MULTILIB_USEDEP}] )
86	+ jbig? ( >=media-libs/jbigkit-2.1:=[${MULTILIB_USEDEP}] )
87	+ lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[${MULTILIB_USEDEP}] )
88	+ zlib? ( >=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}] )"
89	+DEPEND="${RDEPEND}"
90	+
91	+REQUIRED_USE="test? ( jpeg )" #483132
92	+
93	+PATCHES=(
94	+ "${FILESDIR}"/${PN}-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
95	+ "${FILESDIR}"/${PN}-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
96	+ "${FILESDIR}"/${P}-CVE-2017-9935.patch #624696
97	+ "${FILESDIR}"/${P}-CVE-2017-9935-fix-incorrect-type.patch #624696
98	+ "${FILESDIR}"/${P}-CVE-2017-18013.patch #645982
99	+ "${FILESDIR}"/${P}-CVE-2018-5784.patch #645730
100	+)
101	+
102	+MULTILIB_WRAPPED_HEADERS=(
103	+ /usr/include/tiffconf.h
104	+)
105	+
106	+src_prepare() {
107	+ default
108	+
109	+ # tiffcp-thumbnail.sh fails as thumbnail binary doesn't get built anymore since tiff-4.0.7
110	+ sed '/tiffcp-thumbnail\.sh/d' -i test/Makefile.am \|\| die
111	+
112	+ eautoreconf
113	+}
114	+
115	+multilib_src_configure() {
116	+ local myeconfargs=(
117	+ --without-x
118	+ $(use_enable cxx)
119	+ $(use_enable jbig)
120	+ $(use_enable jpeg)
121	+ $(use_enable lzma)
122	+ $(use_enable static-libs static)
123	+ $(use_enable zlib)
124	+ )
125	+ ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
126	+
127	+ # remove useless subdirs
128	+ if ! multilib_is_native_abi ; then
129	+ sed -i \
130	+ -e 's/ tools//' \
131	+ -e 's/ contrib//' \
132	+ -e 's/ man//' \
133	+ -e 's/ html//' \
134	+ Makefile \|\| die
135	+ fi
136	+}
137	+
138	+multilib_src_test() {
139	+ if ! multilib_is_native_abi ; then
140	+ emake -C tools
141	+ fi
142	+ emake check
143	+}
144	+
145	+multilib_src_install_all() {
146	+ prune_libtool_files --all
147	+ rm -f "${ED%/}"/usr/share/doc/${PF}/{COPYRIGHT,README*,RELEASE-DATE,TODO,VERSION}
148	+}

Gentoo Archives: gentoo-commits