Two new version releases and 2 patches to stable (see ChangeLog).

(Portage version: 2.1.9.46/cvs/Linux x86_64, RepoMan options: --force)

3 files changed, 75 insertions, 13 deletions

diff --git a/media-libs/tiff/files/tiff-3.9.4-CVE-2011-0192.patch b/media-libs/tiff/files/tiff-3.9.4-CVE-2011-0192.patch
new file mode 100644
index 000000000000..dbeb8825db0a
--- /dev/null
+++ b/media-libs/tiff/files/tiff-3.9.4-CVE-2011-0192.patch
@@ -0,0 +1,13 @@
+Index: libtiff/tif_fax3.h
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_fax3.h,v
+retrieving revision 1.7
+retrieving revision 1.9
+diff -r1.7 -r1.9
+480a481,486
+> 	    if (b1 <= (int) (a0 + TabEnt->Param)) {			\
+> 		if (b1 < (int) (a0 + TabEnt->Param) || pa != thisrun) {	\
+> 		    unexpected("VL", a0);				\
+> 		    goto eol2d;						\
+> 		}							\
+> 	    }								\
diff --git a/media-libs/tiff/files/tiff-3.9.4-CVE-2011-1167.patch b/media-libs/tiff/files/tiff-3.9.4-CVE-2011-1167.patch
new file mode 100644
index 000000000000..5783a2b23a0c
--- /dev/null
+++ b/media-libs/tiff/files/tiff-3.9.4-CVE-2011-1167.patch
@@ -0,0 +1,62 @@
+Index: ChangeLog
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/ChangeLog,v
+retrieving revision 1.602.2.130
+diff -r1.602.2.130 ChangeLog
+0a1,7
+> 2011-03-12  Frank Warmerdam  <warmerdam@pobox.com>
+> 
+> 	* libtiff/tif_thunder.c: Correct potential buffer overflow with 
+> 	thunder encoded files with wrong bitspersample set.  The libtiff 
+> 	development team would like to thank Marin Barbella and TippingPoint's
+> 	Zero Day Initiative for reporting this vulnerability (ZDI-CAN-1004).
+> 
+Index: libtiff/tif_thunder.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_thunder.c,v
+retrieving revision 1.5.2.1
+diff -r1.5.2.1 tif_thunder.c
+27a28
+> #include <assert.h>
+58,62c59,65
+< #define	SETPIXEL(op, v) { \
+< 	lastpixel = (v) & 0xf; \
+< 	if (npixels++ & 1) \
+< 	    *op++ |= lastpixel; \
+< 	else \
+---
+> #define	SETPIXEL(op, v) {                     \
+> 	lastpixel = (v) & 0xf;                \
+>         if ( npixels < maxpixels )         \
+>         {                                     \
+> 	  if (npixels++ & 1)                  \
+> 	    *op++ |= lastpixel;               \
+> 	  else                                \
+63a67,84
+>         }                                     \
+> }
+> 
+> static int
+> ThunderSetupDecode(TIFF* tif)
+> {
+> 	static const char module[] = "ThunderSetupDecode";
+> 
+>         if( tif->tif_dir.td_bitspersample != 4 )
+>         {
+>                 TIFFErrorExt(tif->tif_clientdata, module,
+>                              "Wrong bitspersample value (%d), Thunder decoder only supports 4bits per sample.",
+>                              (int) tif->tif_dir.td_bitspersample );
+>                 return 0;
+>         }
+>         
+> 
+> 	return (1);
+145c166,167
+< 	return (1);
+---
+> 
+>         return (1);
+153a176
+>         tif->tif_setupdecode = ThunderSetupDecode;
+165a189
+> 
diff --git a/media-libs/tiff/files/tiff-4.0.0_beta6-cr2-bitspersample.patch b/media-libs/tiff/files/tiff-4.0.0_beta6-cr2-bitspersample.patch
deleted file mode 100644
index a1e45db195ca..000000000000
--- a/media-libs/tiff/files/tiff-4.0.0_beta6-cr2-bitspersample.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
-index 64c39fc..60bde82 100644
---- a/libtiff/tif_dirread.c
-+++ b/libtiff/tif_dirread.c
-@@ -2727,7 +2727,7 @@ static enum TIFFReadDirEntryErr TIFFReadDirEntryPersampleShort(TIFF* tif, TIFFDi
- 	uint16* m;
- 	uint16* na;
- 	uint16 nb;
--	if (direntry->tdir_count!=(uint64)tif->tif_dir.td_samplesperpixel)
-+	if (direntry->tdir_count<(uint64)tif->tif_dir.td_samplesperpixel)
- 		return(TIFFReadDirEntryErrCount);
- 	err=TIFFReadDirEntryShortArray(tif,direntry,&m);
- 	if (err!=TIFFReadDirEntryErrOk)