From 36b1b60543df094492afcbdea67a49a9157635d1 Mon Sep 17 00:00:00 2001 From: Mikle Kolyada Date: Sun, 3 Nov 2019 16:46:15 +0300 Subject: [PATCH] media-libs/tiff: Drop insecure Package-Manager: Portage-2.3.76, Repoman-2.3.16 Signed-off-by: Mikle Kolyada --- ...erflow-ChopUpSingleUncompressedStrip.patch | 33 ------- ...erflow-ChopUpSingleUncompressedStrip.patch | 26 ------ media-libs/tiff/tiff-4.0.10-r1.ebuild | 86 ------------------- media-libs/tiff/tiff-4.0.10.ebuild | 83 ------------------ 4 files changed, 228 deletions(-) delete mode 100644 media-libs/tiff/files/tiff-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch delete mode 100644 media-libs/tiff/files/tiff-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch delete mode 100644 media-libs/tiff/tiff-4.0.10-r1.ebuild delete mode 100644 media-libs/tiff/tiff-4.0.10.ebuild diff --git a/media-libs/tiff/files/tiff-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch b/media-libs/tiff/files/tiff-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch deleted file mode 100644 index a45ee342f779..000000000000 --- a/media-libs/tiff/files/tiff-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch +++ /dev/null @@ -1,33 +0,0 @@ -https://codereview.chromium.org/2284063002 -https://crbug.com/618267 -https://pdfium.googlesource.com/pdfium/+/master/libtiff/ - -Author: tracy_jiang -Date: Mon Aug 29 13:42:56 2016 -0700 - -Fix for #618267. Adding a method to determine if multiplication has -overflow. - ---- a/libtiff/tif_aux.c -+++ b/libtiff/tif_aux.c -@@ -69,7 +69,7 @@ _TIFFCheckRealloc(TIFF* tif, void* buffer, - /* - * XXX: Check for integer overflow. - */ -- if (nmemb && elem_size && bytes / elem_size == nmemb) -+ if (nmemb && elem_size && !_TIFFIfMultiplicationOverflow(nmemb, elem_size)) - cp = _TIFFrealloc(buffer, bytes); - - if (cp == NULL) { ---- a/libtiff/tiffiop.h -+++ b/libtiff/tiffiop.h -@@ -315,6 +315,9 @@ typedef size_t TIFFIOSize_t; - #define _TIFF_off_t off_t - #endif - -+#include -+#define _TIFFIfMultiplicationOverflow(op1, op2) ((op1) > SSIZE_MAX / (op2)) -+ - #if defined(__cplusplus) - extern "C" { - #endif diff --git a/media-libs/tiff/files/tiff-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch b/media-libs/tiff/files/tiff-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch deleted file mode 100644 index 35f59b9bffd9..000000000000 --- a/media-libs/tiff/files/tiff-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch +++ /dev/null @@ -1,26 +0,0 @@ -https://codereview.chromium.org/2405693002 -https://crbug.com/654169 -https://pdfium.googlesource.com/pdfium/+/master/libtiff/ - -Author: stackexploit -Date: Mon Oct 10 10:58:25 2016 -0700 - -libtiff: Prevent a buffer overflow in function ChopUpSingleUncompressedStrip. - -The patch (https://codereview.chromium.org/2284063002) for Issue 618267 -was insufficient. The integer overflow still could be triggered and could -lead to heap buffer overflow. - -This CL strengthens integer overflow check in function _TIFFCheckRealloc. - ---- a/libtiff/tif_aux.c -+++ b/libtiff/tif_aux.c -@@ -69,7 +69,7 @@ _TIFFCheckRealloc(TIFF* tif, void* buffer, - /* - * XXX: Check for integer overflow. - */ -- if (nmemb && elem_size && !_TIFFIfMultiplicationOverflow(nmemb, elem_size)) -+ if (nmemb > 0 && elem_size > 0 && !_TIFFIfMultiplicationOverflow(nmemb, elem_size)) - cp = _TIFFrealloc(buffer, bytes); - - if (cp == NULL) { diff --git a/media-libs/tiff/tiff-4.0.10-r1.ebuild b/media-libs/tiff/tiff-4.0.10-r1.ebuild deleted file mode 100644 index 3a79093c5f7f..000000000000 --- a/media-libs/tiff/tiff-4.0.10-r1.ebuild +++ /dev/null @@ -1,86 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit autotools libtool multilib-minimal - -DESCRIPTION="Tag Image File Format (TIFF) library" -HOMEPAGE="http://libtiff.maptools.org" -SRC_URI="https://download.osgeo.org/libtiff/${P}.tar.gz" - -LICENSE="libtiff" -SLOT="0" -KEYWORDS="alpha amd64 ~arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~riscv s390 ~sh sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="+cxx jbig jpeg lzma static-libs test webp zlib zstd" - -RDEPEND=" - jbig? ( >=media-libs/jbigkit-2.1:=[${MULTILIB_USEDEP}] ) - jpeg? ( >=virtual/jpeg-0-r2:0=[${MULTILIB_USEDEP}] ) - lzma? ( >=app-arch/xz-utils-5.0.5-r1[${MULTILIB_USEDEP}] ) - webp? ( media-libs/libwebp:=[${MULTILIB_USEDEP}] ) - zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] ) - zstd? ( >=app-arch/zstd-1.3.7-r1:=[${MULTILIB_USEDEP}] ) -" -DEPEND="${RDEPEND}" - -REQUIRED_USE="test? ( jpeg )" #483132 - -PATCHES=( - "${FILESDIR}"/${PN}-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch - "${FILESDIR}"/${PN}-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch - "${FILESDIR}"/${PN}-4.0.10-CVE-2018-17000-tif_dirwrite-null-dereference.patch - "${FILESDIR}"/${PN}-4.0.10-CVE-2019-6128-pal2rgb-leak.patch - "${FILESDIR}"/${PN}-4.0.10-CVE-2019-7663-tiffcpIntegerOverflow.patch -) - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/tiffconf.h -) - -src_prepare() { - default - - # tiffcp-thumbnail.sh fails as thumbnail binary doesn't get built anymore since tiff-4.0.7 - sed '/tiffcp-thumbnail\.sh/d' -i test/Makefile.am || die - - eautoreconf -} - -multilib_src_configure() { - local myeconfargs=( - --without-x - --with-docdir="${EPREFIX}"/usr/share/doc/${PF} - $(use_enable cxx) - $(use_enable jbig) - $(use_enable jpeg) - $(use_enable lzma) - $(use_enable static-libs static) - $(use_enable webp) - $(use_enable zlib) - $(use_enable zstd) - ) - ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" - - # remove useless subdirs - if ! multilib_is_native_abi ; then - sed -i \ - -e 's/ tools//' \ - -e 's/ contrib//' \ - -e 's/ man//' \ - -e 's/ html//' \ - Makefile || die - fi -} - -multilib_src_test() { - if ! multilib_is_native_abi ; then - emake -C tools - fi - emake check -} - -multilib_src_install_all() { - find "${ED}" -name '*.la' -delete || die - rm "${ED}"/usr/share/doc/${PF}/{COPYRIGHT,README*,RELEASE-DATE,TODO,VERSION} || die -} diff --git a/media-libs/tiff/tiff-4.0.10.ebuild b/media-libs/tiff/tiff-4.0.10.ebuild deleted file mode 100644 index afe7c58676b3..000000000000 --- a/media-libs/tiff/tiff-4.0.10.ebuild +++ /dev/null @@ -1,83 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit autotools libtool multilib-minimal - -DESCRIPTION="Tag Image File Format (TIFF) library" -HOMEPAGE="http://libtiff.maptools.org" -SRC_URI="https://download.osgeo.org/libtiff/${P}.tar.gz" - -LICENSE="libtiff" -SLOT="0" -KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 sh sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="+cxx jbig jpeg lzma static-libs test webp zlib zstd" - -RDEPEND=" - jbig? ( >=media-libs/jbigkit-2.1:=[${MULTILIB_USEDEP}] ) - jpeg? ( >=virtual/jpeg-0-r2:0=[${MULTILIB_USEDEP}] ) - lzma? ( >=app-arch/xz-utils-5.0.5-r1[${MULTILIB_USEDEP}] ) - webp? ( media-libs/libwebp:=[${MULTILIB_USEDEP}] ) - zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] ) - zstd? ( >=app-arch/zstd-1.3.7-r1:=[${MULTILIB_USEDEP}] ) -" -DEPEND="${RDEPEND}" - -REQUIRED_USE="test? ( jpeg )" #483132 - -PATCHES=( - "${FILESDIR}"/${PN}-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch - "${FILESDIR}"/${PN}-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch -) - -MULTILIB_WRAPPED_HEADERS=( - /usr/include/tiffconf.h -) - -src_prepare() { - default - - # tiffcp-thumbnail.sh fails as thumbnail binary doesn't get built anymore since tiff-4.0.7 - sed '/tiffcp-thumbnail\.sh/d' -i test/Makefile.am || die - - eautoreconf -} - -multilib_src_configure() { - local myeconfargs=( - --without-x - --with-docdir="${EPREFIX}"/usr/share/doc/${PF} - $(use_enable cxx) - $(use_enable jbig) - $(use_enable jpeg) - $(use_enable lzma) - $(use_enable static-libs static) - $(use_enable webp) - $(use_enable zlib) - $(use_enable zstd) - ) - ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" - - # remove useless subdirs - if ! multilib_is_native_abi ; then - sed -i \ - -e 's/ tools//' \ - -e 's/ contrib//' \ - -e 's/ man//' \ - -e 's/ html//' \ - Makefile || die - fi -} - -multilib_src_test() { - if ! multilib_is_native_abi ; then - emake -C tools - fi - emake check -} - -multilib_src_install_all() { - find "${ED}" -name '*.la' -delete || die - rm "${ED}"/usr/share/doc/${PF}/{COPYRIGHT,README*,RELEASE-DATE,TODO,VERSION} || die -} -- 2.26.2