diff options
| author |   Mike Frysinger <vapier@chromium.org> | 2018-05-28 21:02:58 -0400 |
|---|---|---|
| committer |   Mike Frysinger <vapier@gentoo.org> | 2018-05-28 21:03:54 -0400 |
| commit | afb651b9908c9fd2d24a8e347e152bc195b486bc (patch) | |
| tree | d1f568e8709b85a3fd7fb0015df5461b49c5dfc4 /media-libs/tiff | |
| parent | media-libs/tiff: mark 4.0.9-r3 m68k/s390/sh stable (diff) | |
| download | gentoo-afb651b9908c9fd2d24a8e347e152bc195b486bc.tar.gz gentoo-afb651b9908c9fd2d24a8e347e152bc195b486bc.tar.bz2 gentoo-afb651b9908c9fd2d24a8e347e152bc195b486bc.zip | |
media-libs/tiff: add upstream fix for CVE-2017-18013 #645982
Bug: https://bugs.gentoo.org/645982
Diffstat (limited to 'media-libs/tiff')
| -rw-r--r-- | media-libs/tiff/files/tiff-4.0.9-CVE-2017-18013.patch | 39 | ||||
| -rw-r--r-- | media-libs/tiff/tiff-4.0.9-r4.ebuild | 81 |
2 files changed, 120 insertions, 0 deletions
diff --git a/media-libs/tiff/files/tiff-4.0.9-CVE-2017-18013.patch b/media-libs/tiff/files/tiff-4.0.9-CVE-2017-18013.patch new file mode 100644 index 000000000000..2db890aef906 --- /dev/null +++ b/media-libs/tiff/files/tiff-4.0.9-CVE-2017-18013.patch @@ -0,0 +1,39 @@ +https://bugs.gentoo.org/645982 +https://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01 + +From c6f41df7b581402dfba3c19a1e3df4454c551a01 Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Sun, 31 Dec 2017 15:09:41 +0100 +Subject: [PATCH] libtiff/tif_print.c: TIFFPrintDirectory(): fix null pointer + dereference on corrupted file. Fixes + http://bugzilla.maptools.org/show_bug.cgi?id=2770 + +--- + libtiff/tif_print.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/libtiff/tif_print.c b/libtiff/tif_print.c +index 9959d353b1f9..8deceb2b054d 100644 +--- a/libtiff/tif_print.c ++++ b/libtiff/tif_print.c +@@ -665,13 +665,13 @@ TIFFPrintDirectory(TIFF* tif, FILE* fd, long flags) + #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) + fprintf(fd, " %3lu: [%8I64u, %8I64u]\n", + (unsigned long) s, +- (unsigned __int64) td->td_stripoffset[s], +- (unsigned __int64) td->td_stripbytecount[s]); ++ td->td_stripoffset ? (unsigned __int64) td->td_stripoffset[s] : 0, ++ td->td_stripbytecount ? (unsigned __int64) td->td_stripbytecount[s] : 0); + #else + fprintf(fd, " %3lu: [%8llu, %8llu]\n", + (unsigned long) s, +- (unsigned long long) td->td_stripoffset[s], +- (unsigned long long) td->td_stripbytecount[s]); ++ td->td_stripoffset ? (unsigned long long) td->td_stripoffset[s] : 0, ++ td->td_stripbytecount ? (unsigned long long) td->td_stripbytecount[s] : 0); + #endif + } + } +-- +2.16.1 + diff --git a/media-libs/tiff/tiff-4.0.9-r4.ebuild b/media-libs/tiff/tiff-4.0.9-r4.ebuild new file mode 100644 index 000000000000..4787ecd348eb --- /dev/null +++ b/media-libs/tiff/tiff-4.0.9-r4.ebuild @@ -0,0 +1,81 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit autotools libtool ltprune multilib-minimal + +DESCRIPTION="Tag Image File Format (TIFF) library" +HOMEPAGE="http://libtiff.maptools.org" +SRC_URI="http://download.osgeo.org/libtiff/${P}.tar.gz + ftp://ftp.remotesensing.org/pub/libtiff/${P}.tar.gz" + +LICENSE="libtiff" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~x64-solaris ~x86-solaris" +IUSE="+cxx jbig jpeg lzma static-libs test zlib" + +RDEPEND="jpeg? ( >=virtual/jpeg-0-r2:0=[${MULTILIB_USEDEP}] ) + jbig? ( >=media-libs/jbigkit-2.1:=[${MULTILIB_USEDEP}] ) + lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[${MULTILIB_USEDEP}] ) + zlib? ( >=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}] )" +DEPEND="${RDEPEND}" + +REQUIRED_USE="test? ( jpeg )" #483132 + +PATCHES=( + "${FILESDIR}"/${PN}-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch + "${FILESDIR}"/${PN}-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch + "${FILESDIR}"/${P}-CVE-2017-9935.patch #624696 + "${FILESDIR}"/${P}-CVE-2017-9935-fix-incorrect-type.patch #624696 + "${FILESDIR}"/${P}-CVE-2017-18013.patch #645982 + "${FILESDIR}"/${P}-CVE-2018-5784.patch #645730 +) + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/tiffconf.h +) + +src_prepare() { + default + + # tiffcp-thumbnail.sh fails as thumbnail binary doesn't get built anymore since tiff-4.0.7 + sed '/tiffcp-thumbnail\.sh/d' -i test/Makefile.am || die + + eautoreconf +} + +multilib_src_configure() { + local myeconfargs=( + --without-x + $(use_enable cxx) + $(use_enable jbig) + $(use_enable jpeg) + $(use_enable lzma) + $(use_enable static-libs static) + $(use_enable zlib) + ) + ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" + + # remove useless subdirs + if ! multilib_is_native_abi ; then + sed -i \ + -e 's/ tools//' \ + -e 's/ contrib//' \ + -e 's/ man//' \ + -e 's/ html//' \ + Makefile || die + fi +} + +multilib_src_test() { + if ! multilib_is_native_abi ; then + emake -C tools + fi + emake check +} + +multilib_src_install_all() { + prune_libtool_files --all + rm -f "${ED%/}"/usr/share/doc/${PF}/{COPYRIGHT,README*,RELEASE-DATE,TODO,VERSION} +} |