From: "Christoph Junghans" <kleiner_otti@gmx.de>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/sci:master commit in: media-libs/tiff/files/, media-libs/tiff/
Date: Fri, 6 May 2011 16:32:10 +0000 (UTC) [thread overview]
Message-ID: <f7f1ddc6922123c04073a0407fe42b3da07b8f3d.kleiner_otti@gentoo> (raw)
commit: f7f1ddc6922123c04073a0407fe42b3da07b8f3d
Author: Christoph Junghans <ottxor <AT> gentoo <DOT> org>
AuthorDate: Fri May 6 16:30:04 2011 +0000
Commit: Christoph Junghans <kleiner_otti <AT> gmx <DOT> de>
CommitDate: Fri May 6 16:30:04 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/sci.git;a=commit;h=f7f1ddc6
Version bump to avoid conflict with tree
(Portage version: 2.1.9.42/git/Linux i686, signed Manifest commit with key C2000586)
---
media-libs/tiff/ChangeLog | 11 ++++
.../tiff/files/tiff-3.9.4-CVE-2011-0192.patch | 13 ++++
.../tiff/files/tiff-3.9.4-CVE-2011-1167.patch | 62 ++++++++++++++++++++
.../{tiff-3.9.4-r1.ebuild => tiff-3.9.4-r2.ebuild} | 25 ++++++--
4 files changed, 105 insertions(+), 6 deletions(-)
diff --git a/media-libs/tiff/ChangeLog b/media-libs/tiff/ChangeLog
new file mode 100644
index 0000000..432cbf7
--- /dev/null
+++ b/media-libs/tiff/ChangeLog
@@ -0,0 +1,11 @@
+# ChangeLog for media-libs/tiff
+# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
+# $Header: $
+
+*tiff-3.9.4-r2 (06 May 2011)
+
+ 06 May 2011; Christoph Junghans <ottxor@gentoo.org> -tiff-3.9.4-r1.ebuild,
+ +tiff-3.9.4-r2.ebuild, +files/tiff-3.9.4-CVE-2011-0192.patch,
+ +files/tiff-3.9.4-CVE-2011-1167.patch:
+ Version bump to avoid conflict with tree
+
diff --git a/media-libs/tiff/files/tiff-3.9.4-CVE-2011-0192.patch b/media-libs/tiff/files/tiff-3.9.4-CVE-2011-0192.patch
new file mode 100644
index 0000000..dbeb882
--- /dev/null
+++ b/media-libs/tiff/files/tiff-3.9.4-CVE-2011-0192.patch
@@ -0,0 +1,13 @@
+Index: libtiff/tif_fax3.h
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_fax3.h,v
+retrieving revision 1.7
+retrieving revision 1.9
+diff -r1.7 -r1.9
+480a481,486
+> if (b1 <= (int) (a0 + TabEnt->Param)) { \
+> if (b1 < (int) (a0 + TabEnt->Param) || pa != thisrun) { \
+> unexpected("VL", a0); \
+> goto eol2d; \
+> } \
+> } \
diff --git a/media-libs/tiff/files/tiff-3.9.4-CVE-2011-1167.patch b/media-libs/tiff/files/tiff-3.9.4-CVE-2011-1167.patch
new file mode 100644
index 0000000..5783a2b
--- /dev/null
+++ b/media-libs/tiff/files/tiff-3.9.4-CVE-2011-1167.patch
@@ -0,0 +1,62 @@
+Index: ChangeLog
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/ChangeLog,v
+retrieving revision 1.602.2.130
+diff -r1.602.2.130 ChangeLog
+0a1,7
+> 2011-03-12 Frank Warmerdam <warmerdam@pobox.com>
+>
+> * libtiff/tif_thunder.c: Correct potential buffer overflow with
+> thunder encoded files with wrong bitspersample set. The libtiff
+> development team would like to thank Marin Barbella and TippingPoint's
+> Zero Day Initiative for reporting this vulnerability (ZDI-CAN-1004).
+>
+Index: libtiff/tif_thunder.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_thunder.c,v
+retrieving revision 1.5.2.1
+diff -r1.5.2.1 tif_thunder.c
+27a28
+> #include <assert.h>
+58,62c59,65
+< #define SETPIXEL(op, v) { \
+< lastpixel = (v) & 0xf; \
+< if (npixels++ & 1) \
+< *op++ |= lastpixel; \
+< else \
+---
+> #define SETPIXEL(op, v) { \
+> lastpixel = (v) & 0xf; \
+> if ( npixels < maxpixels ) \
+> { \
+> if (npixels++ & 1) \
+> *op++ |= lastpixel; \
+> else \
+63a67,84
+> } \
+> }
+>
+> static int
+> ThunderSetupDecode(TIFF* tif)
+> {
+> static const char module[] = "ThunderSetupDecode";
+>
+> if( tif->tif_dir.td_bitspersample != 4 )
+> {
+> TIFFErrorExt(tif->tif_clientdata, module,
+> "Wrong bitspersample value (%d), Thunder decoder only supports 4bits per sample.",
+> (int) tif->tif_dir.td_bitspersample );
+> return 0;
+> }
+>
+>
+> return (1);
+145c166,167
+< return (1);
+---
+>
+> return (1);
+153a176
+> tif->tif_setupdecode = ThunderSetupDecode;
+165a189
+>
diff --git a/media-libs/tiff/tiff-3.9.4-r1.ebuild b/media-libs/tiff/tiff-3.9.4-r2.ebuild
similarity index 64%
rename from media-libs/tiff/tiff-3.9.4-r1.ebuild
rename to media-libs/tiff/tiff-3.9.4-r2.ebuild
index 79e2a7b..1087aa6 100644
--- a/media-libs/tiff/tiff-3.9.4-r1.ebuild
+++ b/media-libs/tiff/tiff-3.9.4-r2.ebuild
@@ -1,9 +1,9 @@
-# Copyright 1999-2010 Gentoo Foundation
+# Copyright 1999-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/media-libs/tiff/tiff-3.9.4.ebuild,v 1.10 2010/07/23 20:43:04 ssuominen Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-libs/tiff/tiff-3.9.4-r1.ebuild,v 1.2 2011/04/23 16:38:13 nerdboy Exp $
EAPI=3
-inherit libtool
+inherit eutils libtool
# This is ebuild for libtiff.so.3 only for SONAME binary compatibility
@@ -16,14 +16,16 @@ SLOT="3"
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~x86-interix ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
IUSE="+cxx jbig jpeg static-libs zlib"
-DEPEND="
+RDEPEND="jpeg? ( virtual/jpeg )
!=media-libs/tiff-3*
- jpeg? ( virtual/jpeg )
jbig? ( media-libs/jbigkit )
zlib? ( sys-libs/zlib )"
-RDEPEND="${DEPEND}"
+
+DEPEND="${RDEPEND}"
src_prepare() {
+ epatch "${FILESDIR}"/${P}-CVE-2011-0192.patch
+ epatch "${FILESDIR}"/${P}-CVE-2011-1167.patch
elibtoolize
}
@@ -44,3 +46,14 @@ src_install() {
doexe libtiff/.libs/libtiff.so.3 || die
doexe libtiff/.libs/libtiffxx.so.3 || die
}
+
+pkg_postinst() {
+ if use jbig; then
+ echo
+ elog "JBIG support is intended for Hylafax fax compression, so we"
+ elog "really need more feedback in other areas (most testing has"
+ elog "been done with fax). Be sure to recompile anything linked"
+ elog "against tiff if you rebuild it with jbig support."
+ echo
+ fi
+}
next reply other threads:[~2011-05-06 16:32 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-06 16:32 Christoph Junghans [this message]
-- strict thread matches above, loose matches on Subject: below --
2011-05-09 12:01 [gentoo-commits] proj/sci:master commit in: media-libs/tiff/files/, media-libs/tiff/ Justin Lecher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f7f1ddc6922123c04073a0407fe42b3da07b8f3d.kleiner_otti@gentoo \
--to=kleiner_otti@gmx.de \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox