From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id BE229138334 for ; Sun, 3 Nov 2019 13:46:36 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 10549E093B; Sun, 3 Nov 2019 13:46:36 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 9E99EE093B for ; Sun, 3 Nov 2019 13:46:35 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 76CDC34C77C for ; Sun, 3 Nov 2019 13:46:34 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 2AAD072F for ; Sun, 3 Nov 2019 13:46:33 +0000 (UTC) From: "Mikle Kolyada" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Mikle Kolyada" Message-ID: <1572788775.36b1b60543df094492afcbdea67a49a9157635d1.zlogene@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: media-libs/tiff/, media-libs/tiff/files/ X-VCS-Repository: repo/gentoo X-VCS-Files: media-libs/tiff/files/tiff-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch media-libs/tiff/files/tiff-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch media-libs/tiff/tiff-4.0.10-r1.ebuild media-libs/tiff/tiff-4.0.10.ebuild X-VCS-Directories: media-libs/tiff/files/ media-libs/tiff/ X-VCS-Committer: zlogene X-VCS-Committer-Name: Mikle Kolyada X-VCS-Revision: 36b1b60543df094492afcbdea67a49a9157635d1 X-VCS-Branch: master Date: Sun, 3 Nov 2019 13:46:33 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 3bb580c3-c54e-462b-b0ce-08168e229cb1 X-Archives-Hash: 506aafee5b451a6bba6b4f2499d281cd commit: 36b1b60543df094492afcbdea67a49a9157635d1 Author: Mikle Kolyada gentoo org> AuthorDate: Sun Nov 3 13:46:15 2019 +0000 Commit: Mikle Kolyada gentoo org> CommitDate: Sun Nov 3 13:46:15 2019 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=36b1b605 media-libs/tiff: Drop insecure Package-Manager: Portage-2.3.76, Repoman-2.3.16 Signed-off-by: Mikle Kolyada gentoo.org> ...ferOverflow-ChopUpSingleUncompressedStrip.patch | 33 --------- ...ferOverflow-ChopUpSingleUncompressedStrip.patch | 26 ------- media-libs/tiff/tiff-4.0.10-r1.ebuild | 86 ---------------------- media-libs/tiff/tiff-4.0.10.ebuild | 83 --------------------- 4 files changed, 228 deletions(-) diff --git a/media-libs/tiff/files/tiff-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch b/media-libs/tiff/files/tiff-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch deleted file mode 100644 index a45ee342f77..00000000000 --- a/media-libs/tiff/files/tiff-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch +++ /dev/null @@ -1,33 +0,0 @@ -https://codereview.chromium.org/2284063002 -https://crbug.com/618267 -https://pdfium.googlesource.com/pdfium/+/master/libtiff/ - -Author: tracy_jiang -Date: Mon Aug 29 13:42:56 2016 -0700 - -Fix for #618267. Adding a method to determine if multiplication has -overflow. - ---- a/libtiff/tif_aux.c -+++ b/libtiff/tif_aux.c -@@ -69,7 +69,7 @@ _TIFFCheckRealloc(TIFF* tif, void* buffer, - /* - * XXX: Check for integer overflow. - */ -- if (nmemb && elem_size && bytes / elem_size == nmemb) -+ if (nmemb && elem_size && !_TIFFIfMultiplicationOverflow(nmemb, elem_size)) - cp = _TIFFrealloc(buffer, bytes); - - if (cp == NULL) { ---- a/libtiff/tiffiop.h -+++ b/libtiff/tiffiop.h -@@ -315,6 +315,9 @@ typedef size_t TIFFIOSize_t; - #define _TIFF_off_t off_t - #endif - -+#include -+#define _TIFFIfMultiplicationOverflow(op1, op2) ((op1) > SSIZE_MAX / (op2)) -+ - #if defined(__cplusplus) - extern "C" { - #endif diff --git a/media-libs/tiff/files/tiff-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch b/media-libs/tiff/files/tiff-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch deleted file mode 100644 index 35f59b9bffd..00000000000 --- a/media-libs/tiff/files/tiff-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch +++ /dev/null @@ -1,26 +0,0 @@ -https://codereview.chromium.org/2405693002 -https://crbug.com/654169 -https://pdfium.googlesource.com/pdfium/+/master/libtiff/ - -Author: stackexploit -Date: Mon Oct 10 10:58:25 2016 -0700 - -libtiff: Prevent a buffer overflow in function ChopUpSingleUncompressedStrip. - -The patch (https://codereview.chromium.org/2284063002) for Issue 618267 -was insufficient. The integer overflow still could be triggered and could -lead to heap buffer overflow. - -This CL strengthens integer overflow check in function _TIFFCheckRealloc. - ---- a/libtiff/tif_aux.c -+++ b/libtiff/tif_aux.c -@@ -69,7 +69,7 @@ _TIFFCheckRealloc(TIFF* tif, void* buffer, - /* - * XXX: Check for integer overflow. - */ -- if (nmemb && elem_size && !_TIFFIfMultiplicationOverflow(nmemb, elem_size)) -+ if (nmemb > 0 && elem_size > 0 && !_TIFFIfMultiplicationOverflow(nmemb, elem_size)) - cp = _TIFFrealloc(buffer, bytes); - - if (cp == NULL) { diff --git a/media-libs/tiff/tiff-4.0.10-r1.ebuild b/media-libs/tiff/tiff-4.0.10-r1.ebuild deleted file mode 100644 index 3a79093c5f7..00000000000 --- a/media-libs/tiff/tiff-4.0.10-r1.ebuild +++ /dev/null @@ -1,86 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit autotools libtool multilib-minimal - -DESCRIPTION="Tag Image File Format (TIFF) library" -HOMEPAGE="http://libtiff.maptools.org" -SRC_URI="https://download.osgeo.org/libtiff/${P}.tar.gz" - -LICENSE="libtiff" -SLOT="0" -KEYWORDS="alpha amd64 ~arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~riscv s390 ~sh sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="+cxx jbig jpeg lzma static-libs test webp zlib zstd" - -RDEPEND=" - jbig? ( >=media-libs/jbigkit-2.1:=[${MULTILIB_USEDEP}] ) - jpeg? ( >=virtual/jpeg-0-r2:0=[${MULTILIB_USEDEP}] ) - lzma? ( >=app-arch/xz-utils-5.0.5-r1[${MULTILIB_USEDEP}] ) - webp? ( media-libs/libwebp:=[${MULTILIB_USEDEP}] ) - zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] ) - zstd? ( >=app-arch/zstd-1.3.7-r1:=[${MULTILIB_USEDEP}] ) -" -DEPEND="${RDEPEND}" - -REQUIRED_USE="test? ( jpeg )" #483132 - -PATCHES=( - "${FILESDIR}"/${PN}-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch - "${FILESDIR}"/${PN}-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch - "${FILESDIR}"/${PN}-4.0.10-CVE-2018-17000-tif_dirwrite-null-dereference.patch - "${FILESDIR}"/${PN}-4.0.10-CVE-2019-6128-pal2rgb-leak.patch - "${FILESDIR}"/${PN}-4.0.10-CVE-2019-7663-tiffcpIntegerOverflow.patch -) - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/tiffconf.h -) - -src_prepare() { - default - - # tiffcp-thumbnail.sh fails as thumbnail binary doesn't get built anymore since tiff-4.0.7 - sed '/tiffcp-thumbnail\.sh/d' -i test/Makefile.am || die - - eautoreconf -} - -multilib_src_configure() { - local myeconfargs=( - --without-x - --with-docdir="${EPREFIX}"/usr/share/doc/${PF} - $(use_enable cxx) - $(use_enable jbig) - $(use_enable jpeg) - $(use_enable lzma) - $(use_enable static-libs static) - $(use_enable webp) - $(use_enable zlib) - $(use_enable zstd) - ) - ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" - - # remove useless subdirs - if ! multilib_is_native_abi ; then - sed -i \ - -e 's/ tools//' \ - -e 's/ contrib//' \ - -e 's/ man//' \ - -e 's/ html//' \ - Makefile || die - fi -} - -multilib_src_test() { - if ! multilib_is_native_abi ; then - emake -C tools - fi - emake check -} - -multilib_src_install_all() { - find "${ED}" -name '*.la' -delete || die - rm "${ED}"/usr/share/doc/${PF}/{COPYRIGHT,README*,RELEASE-DATE,TODO,VERSION} || die -} diff --git a/media-libs/tiff/tiff-4.0.10.ebuild b/media-libs/tiff/tiff-4.0.10.ebuild deleted file mode 100644 index afe7c58676b..00000000000 --- a/media-libs/tiff/tiff-4.0.10.ebuild +++ /dev/null @@ -1,83 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit autotools libtool multilib-minimal - -DESCRIPTION="Tag Image File Format (TIFF) library" -HOMEPAGE="http://libtiff.maptools.org" -SRC_URI="https://download.osgeo.org/libtiff/${P}.tar.gz" - -LICENSE="libtiff" -SLOT="0" -KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 sh sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="+cxx jbig jpeg lzma static-libs test webp zlib zstd" - -RDEPEND=" - jbig? ( >=media-libs/jbigkit-2.1:=[${MULTILIB_USEDEP}] ) - jpeg? ( >=virtual/jpeg-0-r2:0=[${MULTILIB_USEDEP}] ) - lzma? ( >=app-arch/xz-utils-5.0.5-r1[${MULTILIB_USEDEP}] ) - webp? ( media-libs/libwebp:=[${MULTILIB_USEDEP}] ) - zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] ) - zstd? ( >=app-arch/zstd-1.3.7-r1:=[${MULTILIB_USEDEP}] ) -" -DEPEND="${RDEPEND}" - -REQUIRED_USE="test? ( jpeg )" #483132 - -PATCHES=( - "${FILESDIR}"/${PN}-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch - "${FILESDIR}"/${PN}-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch -) - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/tiffconf.h -) - -src_prepare() { - default - - # tiffcp-thumbnail.sh fails as thumbnail binary doesn't get built anymore since tiff-4.0.7 - sed '/tiffcp-thumbnail\.sh/d' -i test/Makefile.am || die - - eautoreconf -} - -multilib_src_configure() { - local myeconfargs=( - --without-x - --with-docdir="${EPREFIX}"/usr/share/doc/${PF} - $(use_enable cxx) - $(use_enable jbig) - $(use_enable jpeg) - $(use_enable lzma) - $(use_enable static-libs static) - $(use_enable webp) - $(use_enable zlib) - $(use_enable zstd) - ) - ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" - - # remove useless subdirs - if ! multilib_is_native_abi ; then - sed -i \ - -e 's/ tools//' \ - -e 's/ contrib//' \ - -e 's/ man//' \ - -e 's/ html//' \ - Makefile || die - fi -} - -multilib_src_test() { - if ! multilib_is_native_abi ; then - emake -C tools - fi - emake check -} - -multilib_src_install_all() { - find "${ED}" -name '*.la' -delete || die - rm "${ED}"/usr/share/doc/${PF}/{COPYRIGHT,README*,RELEASE-DATE,TODO,VERSION} || die -}