[gentoo-commits] repo/gentoo:master commit in: media-libs/tiff/, media-libs/tiff/files/

["Mikle Kolyada" <zlogene@gentoo.org>]

commit:     36b1b60543df094492afcbdea67a49a9157635d1
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Sun Nov  3 13:46:15 2019 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Sun Nov  3 13:46:15 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=36b1b605

media-libs/tiff: Drop insecure

Package-Manager: Portage-2.3.76, Repoman-2.3.16
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>

 ...ferOverflow-ChopUpSingleUncompressedStrip.patch | 33 ---------
 ...ferOverflow-ChopUpSingleUncompressedStrip.patch | 26 -------
 media-libs/tiff/tiff-4.0.10-r1.ebuild              | 86 ----------------------
 media-libs/tiff/tiff-4.0.10.ebuild                 | 83 ---------------------
 4 files changed, 228 deletions(-)

diff --git a/media-libs/tiff/files/tiff-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch b/media-libs/tiff/files/tiff-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
deleted file mode 100644
index a45ee342f77..00000000000
--- a/media-libs/tiff/files/tiff-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-https://codereview.chromium.org/2284063002
-https://crbug.com/618267
-https://pdfium.googlesource.com/pdfium/+/master/libtiff/
-
-Author: tracy_jiang <tracy_jiang@foxitsoftware.com>
-Date:   Mon Aug 29 13:42:56 2016 -0700
-
-Fix for #618267. Adding a method to determine if multiplication has
-overflow.
-
---- a/libtiff/tif_aux.c
-+++ b/libtiff/tif_aux.c
-@@ -69,7 +69,7 @@ _TIFFCheckRealloc(TIFF* tif, void* buffer,
- 	/*
- 	 * XXX: Check for integer overflow.
- 	 */
--	if (nmemb && elem_size && bytes / elem_size == nmemb)
-+	if (nmemb && elem_size && !_TIFFIfMultiplicationOverflow(nmemb, elem_size))
- 		cp = _TIFFrealloc(buffer, bytes);
- 
- 	if (cp == NULL) {
---- a/libtiff/tiffiop.h
-+++ b/libtiff/tiffiop.h
-@@ -315,6 +315,9 @@ typedef size_t TIFFIOSize_t;
- #define _TIFF_off_t off_t
- #endif
- 
-+#include <limits.h>
-+#define _TIFFIfMultiplicationOverflow(op1, op2) ((op1) > SSIZE_MAX / (op2))
-+
- #if defined(__cplusplus)
- extern "C" {
- #endif

diff --git a/media-libs/tiff/files/tiff-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch b/media-libs/tiff/files/tiff-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
deleted file mode 100644
index 35f59b9bffd..00000000000
--- a/media-libs/tiff/files/tiff-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-https://codereview.chromium.org/2405693002
-https://crbug.com/654169
-https://pdfium.googlesource.com/pdfium/+/master/libtiff/
-
-Author: stackexploit <stackexploit@gmail.com>
-Date:   Mon Oct 10 10:58:25 2016 -0700
-
-libtiff: Prevent a buffer overflow in function ChopUpSingleUncompressedStrip.
-
-The patch (https://codereview.chromium.org/2284063002) for Issue 618267
-was insufficient. The integer overflow still could be triggered and could
-lead to heap buffer overflow.
-
-This CL strengthens integer overflow check in function _TIFFCheckRealloc.
-
---- a/libtiff/tif_aux.c
-+++ b/libtiff/tif_aux.c
-@@ -69,7 +69,7 @@ _TIFFCheckRealloc(TIFF* tif, void* buffer,
- 	/*
- 	 * XXX: Check for integer overflow.
- 	 */
--	if (nmemb && elem_size && !_TIFFIfMultiplicationOverflow(nmemb, elem_size))
-+	if (nmemb > 0 && elem_size > 0 && !_TIFFIfMultiplicationOverflow(nmemb, elem_size))
- 		cp = _TIFFrealloc(buffer, bytes);
- 
- 	if (cp == NULL) {

diff --git a/media-libs/tiff/tiff-4.0.10-r1.ebuild b/media-libs/tiff/tiff-4.0.10-r1.ebuild
deleted file mode 100644
index 3a79093c5f7..00000000000
--- a/media-libs/tiff/tiff-4.0.10-r1.ebuild
+++ /dev/null
@@ -1,86 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit autotools libtool multilib-minimal
-
-DESCRIPTION="Tag Image File Format (TIFF) library"
-HOMEPAGE="http://libtiff.maptools.org"
-SRC_URI="https://download.osgeo.org/libtiff/${P}.tar.gz"
-
-LICENSE="libtiff"
-SLOT="0"
-KEYWORDS="alpha amd64 ~arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~riscv s390 ~sh sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="+cxx jbig jpeg lzma static-libs test webp zlib zstd"
-
-RDEPEND="
-	jbig? ( >=media-libs/jbigkit-2.1:=[${MULTILIB_USEDEP}] )
-	jpeg? ( >=virtual/jpeg-0-r2:0=[${MULTILIB_USEDEP}] )
-	lzma? ( >=app-arch/xz-utils-5.0.5-r1[${MULTILIB_USEDEP}] )
-	webp? ( media-libs/libwebp:=[${MULTILIB_USEDEP}] )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
-	zstd? ( >=app-arch/zstd-1.3.7-r1:=[${MULTILIB_USEDEP}] )
-"
-DEPEND="${RDEPEND}"
-
-REQUIRED_USE="test? ( jpeg )" #483132
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
-	"${FILESDIR}"/${PN}-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
-	"${FILESDIR}"/${PN}-4.0.10-CVE-2018-17000-tif_dirwrite-null-dereference.patch
-	"${FILESDIR}"/${PN}-4.0.10-CVE-2019-6128-pal2rgb-leak.patch
-	"${FILESDIR}"/${PN}-4.0.10-CVE-2019-7663-tiffcpIntegerOverflow.patch
-)
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/tiffconf.h
-)
-
-src_prepare() {
-	default
-
-	# tiffcp-thumbnail.sh fails as thumbnail binary doesn't get built anymore since tiff-4.0.7
-	sed '/tiffcp-thumbnail\.sh/d' -i test/Makefile.am || die
-
-	eautoreconf
-}
-
-multilib_src_configure() {
-	local myeconfargs=(
-		--without-x
-		--with-docdir="${EPREFIX}"/usr/share/doc/${PF}
-		$(use_enable cxx)
-		$(use_enable jbig)
-		$(use_enable jpeg)
-		$(use_enable lzma)
-		$(use_enable static-libs static)
-		$(use_enable webp)
-		$(use_enable zlib)
-		$(use_enable zstd)
-	)
-	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
-
-	# remove useless subdirs
-	if ! multilib_is_native_abi ; then
-		sed -i \
-			-e 's/ tools//' \
-			-e 's/ contrib//' \
-			-e 's/ man//' \
-			-e 's/ html//' \
-			Makefile || die
-	fi
-}
-
-multilib_src_test() {
-	if ! multilib_is_native_abi ; then
-		emake -C tools
-	fi
-	emake check
-}
-
-multilib_src_install_all() {
-	find "${ED}" -name '*.la' -delete || die
-	rm "${ED}"/usr/share/doc/${PF}/{COPYRIGHT,README*,RELEASE-DATE,TODO,VERSION} || die
-}

diff --git a/media-libs/tiff/tiff-4.0.10.ebuild b/media-libs/tiff/tiff-4.0.10.ebuild
deleted file mode 100644
index afe7c58676b..00000000000
--- a/media-libs/tiff/tiff-4.0.10.ebuild
+++ /dev/null
@@ -1,83 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit autotools libtool multilib-minimal
-
-DESCRIPTION="Tag Image File Format (TIFF) library"
-HOMEPAGE="http://libtiff.maptools.org"
-SRC_URI="https://download.osgeo.org/libtiff/${P}.tar.gz"
-
-LICENSE="libtiff"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 sh sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="+cxx jbig jpeg lzma static-libs test webp zlib zstd"
-
-RDEPEND="
-	jbig? ( >=media-libs/jbigkit-2.1:=[${MULTILIB_USEDEP}] )
-	jpeg? ( >=virtual/jpeg-0-r2:0=[${MULTILIB_USEDEP}] )
-	lzma? ( >=app-arch/xz-utils-5.0.5-r1[${MULTILIB_USEDEP}] )
-	webp? ( media-libs/libwebp:=[${MULTILIB_USEDEP}] )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
-	zstd? ( >=app-arch/zstd-1.3.7-r1:=[${MULTILIB_USEDEP}] )
-"
-DEPEND="${RDEPEND}"
-
-REQUIRED_USE="test? ( jpeg )" #483132
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
-	"${FILESDIR}"/${PN}-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch
-)
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/tiffconf.h
-)
-
-src_prepare() {
-	default
-
-	# tiffcp-thumbnail.sh fails as thumbnail binary doesn't get built anymore since tiff-4.0.7
-	sed '/tiffcp-thumbnail\.sh/d' -i test/Makefile.am || die
-
-	eautoreconf
-}
-
-multilib_src_configure() {
-	local myeconfargs=(
-		--without-x
-		--with-docdir="${EPREFIX}"/usr/share/doc/${PF}
-		$(use_enable cxx)
-		$(use_enable jbig)
-		$(use_enable jpeg)
-		$(use_enable lzma)
-		$(use_enable static-libs static)
-		$(use_enable webp)
-		$(use_enable zlib)
-		$(use_enable zstd)
-	)
-	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
-
-	# remove useless subdirs
-	if ! multilib_is_native_abi ; then
-		sed -i \
-			-e 's/ tools//' \
-			-e 's/ contrib//' \
-			-e 's/ man//' \
-			-e 's/ html//' \
-			Makefile || die
-	fi
-}
-
-multilib_src_test() {
-	if ! multilib_is_native_abi ; then
-		emake -C tools
-	fi
-	emake check
-}
-
-multilib_src_install_all() {
-	find "${ED}" -name '*.la' -delete || die
-	rm "${ED}"/usr/share/doc/${PF}/{COPYRIGHT,README*,RELEASE-DATE,TODO,VERSION} || die
-}