From cf78f4ea0e6ce18167f5b041b53f7316a86b519e Mon Sep 17 00:00:00 2001 From: Samuli Suominen Date: Fri, 6 Apr 2012 17:39:21 +0000 Subject: Upstream patch for CVE-2012-1173 wrt #410931 by Agostino Sarubbo (Portage version: 2.2.0_alpha99/cvs/Linux x86_64) --- media-libs/tiff/ChangeLog | 10 +++- .../tiff/files/tiff-3.9.5-CVE-2012-1173.patch | 56 ++++++++++++++++++++++ .../tiff/files/tiff-4.0.1-CVE-2012-1173.patch | 55 +++++++++++++++++++++ media-libs/tiff/tiff-3.9.5-r2.ebuild | 52 ++++++++++++++++++++ media-libs/tiff/tiff-4.0.1-r1.ebuild | 47 ++++++++++++++++++ 5 files changed, 219 insertions(+), 1 deletion(-) create mode 100644 media-libs/tiff/files/tiff-3.9.5-CVE-2012-1173.patch create mode 100644 media-libs/tiff/files/tiff-4.0.1-CVE-2012-1173.patch create mode 100644 media-libs/tiff/tiff-3.9.5-r2.ebuild create mode 100644 media-libs/tiff/tiff-4.0.1-r1.ebuild (limited to 'media-libs') diff --git a/media-libs/tiff/ChangeLog b/media-libs/tiff/ChangeLog index a1709052fba6..15e891b6ac6f 100644 --- a/media-libs/tiff/ChangeLog +++ b/media-libs/tiff/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for media-libs/tiff # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/media-libs/tiff/ChangeLog,v 1.185 2012/03/02 17:21:27 ssuominen Exp $ +# $Header: /var/cvsroot/gentoo-x86/media-libs/tiff/ChangeLog,v 1.186 2012/04/06 17:39:21 ssuominen Exp $ + +*tiff-4.0.1-r1 (06 Apr 2012) +*tiff-3.9.5-r2 (06 Apr 2012) + + 06 Apr 2012; Samuli Suominen +tiff-3.9.5-r2.ebuild, + +files/tiff-3.9.5-CVE-2012-1173.patch, +tiff-4.0.1-r1.ebuild, + +files/tiff-4.0.1-CVE-2012-1173.patch: + Upstream patch for CVE-2012-1173 wrt #410931 by Agostino Sarubbo *tiff-4.0.1 (02 Mar 2012) diff --git a/media-libs/tiff/files/tiff-3.9.5-CVE-2012-1173.patch b/media-libs/tiff/files/tiff-3.9.5-CVE-2012-1173.patch new file mode 100644 index 000000000000..c1825a669897 --- /dev/null +++ b/media-libs/tiff/files/tiff-3.9.5-CVE-2012-1173.patch @@ -0,0 +1,56 @@ +Index: ChangeLog +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/ChangeLog,v +retrieving revision 1.602.2.141 +diff -r1.602.2.141 ChangeLog +0a1,6 +> 2012-03-30 Frank Warmerdam +> +> * tif_getimage.c: Fix size overflow (zdi-can-1221,CVE-2012-1173) +> care of Tom Lane @ Red Hat. +> +> +Index: libtiff/tif_getimage.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_getimage.c,v +retrieving revision 1.63.2.6 +diff -r1.63.2.6 tif_getimage.c +675a676 +> tsize_t bufsize; +682c683,688 +< buf = (unsigned char*) _TIFFmalloc((alpha?4:3)*tilesize); +--- +> bufsize = TIFFSafeMultiply(tsize_t,alpha?4:3,tilesize); +> if (bufsize == 0) { +> TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer overflow in %s", "gtTileSeparate"); +> return (0); +> } +> buf = (unsigned char*) _TIFFmalloc(bufsize); +687c693 +< _TIFFmemset(buf, 0, (alpha?4:3)*tilesize); +--- +> _TIFFmemset(buf, 0, bufsize); +882a889 +> tsize_t bufsize; +888c895,900 +< p0 = buf = (unsigned char *)_TIFFmalloc((alpha?4:3)*stripsize); +--- +> bufsize = TIFFSafeMultiply(tsize_t,alpha?4:3,stripsize); +> if (bufsize == 0) { +> TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer overflow in %s", "gtStripSeparate"); +> return (0); +> } +> p0 = buf = (unsigned char *)_TIFFmalloc(bufsize); +893c905 +< _TIFFmemset(buf, 0, (alpha?4:3)*stripsize); +--- +> _TIFFmemset(buf, 0, bufsize); +Index: libtiff/tiffiop.h +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tiffiop.h,v +retrieving revision 1.51.2.7 +diff -r1.51.2.7 tiffiop.h +249c249 +< #define TIFFSafeMultiply(t,v,m) ((((t)m != (t)0) && (((t)((v*m)/m)) == (t)v)) ? (t)(v*m) : (t)0) +--- +> #define TIFFSafeMultiply(t,v,m) ((((t)(m) != (t)0) && (((t)(((v)*(m))/(m))) == (t)(v))) ? (t)((v)*(m)) : (t)0) diff --git a/media-libs/tiff/files/tiff-4.0.1-CVE-2012-1173.patch b/media-libs/tiff/files/tiff-4.0.1-CVE-2012-1173.patch new file mode 100644 index 000000000000..ad474dcbc4f4 --- /dev/null +++ b/media-libs/tiff/files/tiff-4.0.1-CVE-2012-1173.patch @@ -0,0 +1,55 @@ +Index: ChangeLog +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/ChangeLog,v +retrieving revision 1.877 +diff -r1.877 ChangeLog +0a1,5 +> 2012-03-30 Frank Warmerdam +> +> * tif_getimage.c: Fix size overflow (zdi-can-1221,CVE-2012-1173) +> care of Tom Lane @ Red Hat. +> +Index: libtiff/tif_getimage.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_getimage.c,v +retrieving revision 1.78 +diff -r1.78 tif_getimage.c +694a695 +> tmsize_t bufsize; +702c703,708 +< buf = (unsigned char*) _TIFFmalloc((alpha?4:3)*tilesize); +--- +> bufsize = TIFFSafeMultiply(tmsize_t,alpha?4:3,tilesize); +> if (bufsize == 0) { +> TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer overflow in %s", "gtTileSeparate"); +> return (0); +> } +> buf = (unsigned char*) _TIFFmalloc(bufsize); +707c713 +< _TIFFmemset(buf, 0, (alpha?4:3)*tilesize); +--- +> _TIFFmemset(buf, 0, bufsize); +919a926 +> tmsize_t bufsize; +925c932,937 +< p0 = buf = (unsigned char *)_TIFFmalloc((alpha?4:3)*stripsize); +--- +> bufsize = TIFFSafeMultiply(tmsize_t,alpha?4:3,stripsize); +> if (bufsize == 0) { +> TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer overflow in %s", "gtStripSeparate"); +> return (0); +> } +> p0 = buf = (unsigned char *)_TIFFmalloc(bufsize); +930c942 +< _TIFFmemset(buf, 0, (alpha?4:3)*stripsize); +--- +> _TIFFmemset(buf, 0, bufsize); +Index: libtiff/tiffiop.h +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tiffiop.h,v +retrieving revision 1.82 +diff -r1.82 tiffiop.h +253c253 +< #define TIFFSafeMultiply(t,v,m) ((((t)m != (t)0) && (((t)((v*m)/m)) == (t)v)) ? (t)(v*m) : (t)0) +--- +> #define TIFFSafeMultiply(t,v,m) ((((t)(m) != (t)0) && (((t)(((v)*(m))/(m))) == (t)(v))) ? (t)((v)*(m)) : (t)0) diff --git a/media-libs/tiff/tiff-3.9.5-r2.ebuild b/media-libs/tiff/tiff-3.9.5-r2.ebuild new file mode 100644 index 000000000000..3c0e0d1be729 --- /dev/null +++ b/media-libs/tiff/tiff-3.9.5-r2.ebuild @@ -0,0 +1,52 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/media-libs/tiff/tiff-3.9.5-r2.ebuild,v 1.1 2012/04/06 17:39:21 ssuominen Exp $ + +# this ebuild is only for the libtiff.so.3 and libtiffxx.so.3 SONAME for ABI compat + +EAPI=4 +inherit eutils libtool multilib + +DESCRIPTION="Library for manipulation of TIFF (Tag Image File Format) images" +HOMEPAGE="http://www.remotesensing.org/libtiff/" +SRC_URI="ftp://ftp.remotesensing.org/pub/libtiff/${P}.tar.gz" + +LICENSE="as-is" +SLOT="3" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~x86-interix ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris" +IUSE="+cxx jbig jpeg zlib" + +RDEPEND="jpeg? ( virtual/jpeg ) + jbig? ( media-libs/jbigkit ) + zlib? ( sys-libs/zlib ) + !media-libs/tiff-compat + !=media-libs/tiff-3*:0" +DEPEND="${RDEPEND}" + +src_prepare() { + epatch "${FILESDIR}"/${P}-CVE-*.patch + elibtoolize +} + +src_configure() { + econf \ + --libdir=/libdir \ + --disable-static \ + $(use_enable cxx) \ + $(use_enable zlib) \ + $(use_enable jpeg) \ + $(use_enable jbig) \ + --without-x +} + +src_install() { + # Let `make install` and libtool handle insecure runpath(s) + dodir tmp + emake DESTDIR="${D}/tmp" install + + exeinto /usr/$(get_libdir) + doexe "${ED}"/tmp/libdir/libtiff$(get_libname 3) + use cxx && doexe "${ED}"/tmp/libdir/libtiffxx$(get_libname 3) + + rm -rf "${ED}"/tmp +} diff --git a/media-libs/tiff/tiff-4.0.1-r1.ebuild b/media-libs/tiff/tiff-4.0.1-r1.ebuild new file mode 100644 index 000000000000..ca442aaea956 --- /dev/null +++ b/media-libs/tiff/tiff-4.0.1-r1.ebuild @@ -0,0 +1,47 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/media-libs/tiff/tiff-4.0.1-r1.ebuild,v 1.1 2012/04/06 17:39:21 ssuominen Exp $ + +EAPI=4 +inherit eutils libtool + +DESCRIPTION="Tag Image File Format (TIFF) library" +HOMEPAGE="http://www.remotesensing.org/libtiff/" +SRC_URI="http://download.osgeo.org/libtiff/${P}.tar.gz + ftp://ftp.remotesensing.org/pub/libtiff/${P}.tar.gz" + +LICENSE="as-is" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~x86-interix ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~x64-solaris ~x86-solaris" +IUSE="+cxx jbig jpeg lzma static-libs zlib" + +RDEPEND="jpeg? ( virtual/jpeg ) + jbig? ( media-libs/jbigkit ) + lzma? ( app-arch/xz-utils ) + zlib? ( sys-libs/zlib )" +DEPEND="${RDEPEND}" + +src_prepare() { + epatch "${FILESDIR}"/${P}-CVE-*.patch + elibtoolize +} + +src_configure() { + econf \ + $(use_enable static-libs static) \ + $(use_enable zlib) \ + $(use_enable jpeg) \ + $(use_enable jbig) \ + $(use_enable lzma) \ + $(use_enable cxx) \ + --without-x \ + --with-docdir="${EPREFIX}"/usr/share/doc/${PF} +} + +src_install() { + default + + rm -f \ + "${ED}"/usr/lib*/libtiff*.la \ + "${ED}"/usr/share/doc/${PF}/{COPYRIGHT,README*,RELEASE-DATE,TODO,VERSION} +} -- cgit v1.2.3-65-gdbad