diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2012-07-23 12:08:13 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2012-07-23 12:08:13 +0000 |
| commit | e36e1736da3495a6eb3b8965f08a48f17927431c (patch) | |
| tree | 9f3e8d3eb7030580dc70225319b91c639e81ea14 | |
| parent | b66f36cabcb08c2c0c87b798b8a4eb6ba822e01a (diff) | |
| download | aports-e36e1736da3495a6eb3b8965f08a48f17927431c.tar.bz2 aports-e36e1736da3495a6eb3b8965f08a48f17927431c.tar.xz | |
main/tiff: upgrade to 3.9.6 and fix CVE-2012-2088
fixes #1249
(cherry picked from commit 802e64df68badda9cc8d71db7b4f9b63f8b48143)
Conflicts:
main/tiff/APKBUILD
(cherry picked from commit 2d46a057da94b8b5935f9852ad57e0496fc77f09)
Conflicts:
main/tiff/APKBUILD
| -rw-r--r-- | main/tiff/APKBUILD | 17 | ||||
| -rw-r--r-- | main/tiff/libtiff-negsize-3.9.patch | 161 |
2 files changed, 166 insertions, 12 deletions
diff --git a/main/tiff/APKBUILD b/main/tiff/APKBUILD index b0b5ad9462..6822a2f595 100644 --- a/main/tiff/APKBUILD +++ b/main/tiff/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Leonardo Arena <rnalrd@gmail.com> # Maintainer: Michael Mason <ms13sp@gmail.com> pkgname=tiff -pkgver=3.9.5 +pkgver=3.9.6 pkgrel=0 pkgdesc="Provides support for the Tag Image File Format or TIFF" url="http://www.libtiff.org/" @@ -11,26 +11,18 @@ depends_dev="zlib-dev jpeg-dev" makedepends="libtool autoconf automake $depends_dev" subpackages="$pkgname-doc $pkgname-dev" source="ftp://ftp.remotesensing.org/pub/libtiff/$pkgname-$pkgver.tar.gz + libtiff-negsize-3.9.patch " _builddir="$srcdir"/$pkgname-$pkgver prepare() { - local _failed= cd "$_builddir" - for i in $source; do case $i in - *.patch) msg $i; patch -p1 -i "$srcdir"/$i || _failed="$_failed $i";; + *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; esac done - - rm -f libtool.m4 - libtoolize --force --copy \ - && aclocal -I . -I m4 \ - && automake --add-missing --copy \ - && autoconf \ - && autoheader } build() { @@ -50,4 +42,5 @@ package() { rm -f "$pkgdir"/usr/lib/*.la } -md5sums="8fc7ce3b4e1d0cc8a319336967815084 tiff-3.9.5.tar.gz" +md5sums="6920f3bf628d791d49f268b83612ed23 tiff-3.9.6.tar.gz +a0742e7c81551c51438a8d6fa5d68676 libtiff-negsize-3.9.patch" diff --git a/main/tiff/libtiff-negsize-3.9.patch b/main/tiff/libtiff-negsize-3.9.patch new file mode 100644 index 0000000000..75a42fabc7 --- /dev/null +++ b/main/tiff/libtiff-negsize-3.9.patch @@ -0,0 +1,161 @@ +Index: libtiff/tif_strip.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_strip.c,v +retrieving revision 1.19.2.3 +diff -c -r1.19.2.3 tif_strip.c +*** ./libtiff/tif_strip.c 15 Dec 2010 00:50:30 -0000 1.19.2.3 +--- ./libtiff/tif_strip.c 17 Apr 2012 18:14:22 -0000 +*************** +*** 107,112 **** +--- 107,113 ---- + TIFFVStripSize(TIFF* tif, uint32 nrows) + { + TIFFDirectory *td = &tif->tif_dir; ++ uint32 stripsize; + + if (nrows == (uint32) -1) + nrows = td->td_imagelength; +*************** +*** 122,128 **** + * YCbCr data for the extended image. + */ + uint16 ycbcrsubsampling[2]; +! tsize_t w, scanline, samplingarea; + + TIFFGetFieldDefaulted(tif, TIFFTAG_YCBCRSUBSAMPLING, + ycbcrsubsampling + 0, +--- 123,129 ---- + * YCbCr data for the extended image. + */ + uint16 ycbcrsubsampling[2]; +! uint32 w, scanline, samplingarea; + + TIFFGetFieldDefaulted(tif, TIFFTAG_YCBCRSUBSAMPLING, + ycbcrsubsampling + 0, +*************** +*** 141,153 **** + nrows = TIFFroundup(nrows, ycbcrsubsampling[1]); + /* NB: don't need TIFFhowmany here 'cuz everything is rounded */ + scanline = multiply(tif, nrows, scanline, "TIFFVStripSize"); +! return ((tsize_t) + summarize(tif, scanline, + multiply(tif, 2, scanline / samplingarea, +! "TIFFVStripSize"), "TIFFVStripSize")); + } else +! return ((tsize_t) multiply(tif, nrows, TIFFScanlineSize(tif), +! "TIFFVStripSize")); + } + + +--- 142,160 ---- + nrows = TIFFroundup(nrows, ycbcrsubsampling[1]); + /* NB: don't need TIFFhowmany here 'cuz everything is rounded */ + scanline = multiply(tif, nrows, scanline, "TIFFVStripSize"); +! stripsize = + summarize(tif, scanline, + multiply(tif, 2, scanline / samplingarea, +! "TIFFVStripSize"), "TIFFVStripSize"); + } else +! stripsize = multiply(tif, nrows, TIFFScanlineSize(tif), +! "TIFFVStripSize"); +! /* Because tsize_t is signed, we might have conversion overflow */ +! if (((tsize_t) stripsize) < 0) { +! TIFFErrorExt(tif->tif_clientdata, tif->tif_name, "Integer overflow in %s", "TIFFVStripSize"); +! stripsize = 0; +! } +! return (tsize_t) stripsize; + } + + +Index: libtiff/tif_tile.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_tile.c,v +retrieving revision 1.12.2.1 +diff -c -r1.12.2.1 tif_tile.c +*** ./libtiff/tif_tile.c 8 Jun 2010 18:50:43 -0000 1.12.2.1 +--- ./libtiff/tif_tile.c 17 Apr 2012 18:14:22 -0000 +*************** +*** 174,180 **** + TIFFTileRowSize(TIFF* tif) + { + TIFFDirectory *td = &tif->tif_dir; +! tsize_t rowsize; + + if (td->td_tilelength == 0 || td->td_tilewidth == 0) + return ((tsize_t) 0); +--- 174,180 ---- + TIFFTileRowSize(TIFF* tif) + { + TIFFDirectory *td = &tif->tif_dir; +! uint32 rowsize; + + if (td->td_tilelength == 0 || td->td_tilewidth == 0) + return ((tsize_t) 0); +*************** +*** 193,199 **** + TIFFVTileSize(TIFF* tif, uint32 nrows) + { + TIFFDirectory *td = &tif->tif_dir; +! tsize_t tilesize; + + if (td->td_tilelength == 0 || td->td_tilewidth == 0 || + td->td_tiledepth == 0) +--- 193,199 ---- + TIFFVTileSize(TIFF* tif, uint32 nrows) + { + TIFFDirectory *td = &tif->tif_dir; +! uint32 tilesize; + + if (td->td_tilelength == 0 || td->td_tilewidth == 0 || + td->td_tiledepth == 0) +*************** +*** 209,220 **** + * horizontal/vertical subsampling area include + * YCbCr data for the extended image. + */ +! tsize_t w = + TIFFroundup(td->td_tilewidth, td->td_ycbcrsubsampling[0]); +! tsize_t rowsize = + TIFFhowmany8(multiply(tif, w, td->td_bitspersample, + "TIFFVTileSize")); +! tsize_t samplingarea = + td->td_ycbcrsubsampling[0]*td->td_ycbcrsubsampling[1]; + if (samplingarea == 0) { + TIFFErrorExt(tif->tif_clientdata, tif->tif_name, "Invalid YCbCr subsampling"); +--- 209,220 ---- + * horizontal/vertical subsampling area include + * YCbCr data for the extended image. + */ +! uint32 w = + TIFFroundup(td->td_tilewidth, td->td_ycbcrsubsampling[0]); +! uint32 rowsize = + TIFFhowmany8(multiply(tif, w, td->td_bitspersample, + "TIFFVTileSize")); +! uint32 samplingarea = + td->td_ycbcrsubsampling[0]*td->td_ycbcrsubsampling[1]; + if (samplingarea == 0) { + TIFFErrorExt(tif->tif_clientdata, tif->tif_name, "Invalid YCbCr subsampling"); +*************** +*** 230,237 **** + } else + tilesize = multiply(tif, nrows, TIFFTileRowSize(tif), + "TIFFVTileSize"); +! return ((tsize_t) +! multiply(tif, tilesize, td->td_tiledepth, "TIFFVTileSize")); + } + + /* +--- 230,242 ---- + } else + tilesize = multiply(tif, nrows, TIFFTileRowSize(tif), + "TIFFVTileSize"); +! tilesize = multiply(tif, tilesize, td->td_tiledepth, "TIFFVTileSize"); +! /* Because tsize_t is signed, we might have conversion overflow */ +! if (((tsize_t) tilesize) < 0) { +! TIFFErrorExt(tif->tif_clientdata, tif->tif_name, "Integer overflow in %s", "TIFFVTileSize"); +! tilesize = 0; +! } +! return (tsize_t) tilesize; + } + + /* |