aboutsummaryrefslogtreecommitdiffstats
path: root/main
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2012-12-06 20:37:32 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2012-12-10 15:57:36 +0000
commit0c3f503df0d78f144fed9d5d8099cf52ba0878a7 (patch)
tree9593bb995df6576a041f826f8ff76ac0e0d77c63 /main
parented02b36f83c15723447588a318576a3f9d65ff86 (diff)
downloadaports-0c3f503df0d78f144fed9d5d8099cf52ba0878a7.tar.bz2
aports-0c3f503df0d78f144fed9d5d8099cf52ba0878a7.tar.xz
main/tiff: upgrade to 3.9.7 and fix CVE-2012-4447,CVE-2012-4564
fixes #1505
Diffstat (limited to 'main')
-rw-r--r--main/tiff/APKBUILD14
-rw-r--r--main/tiff/CVE-2012-3401.patch11
-rw-r--r--main/tiff/CVE-2012-4447.patch13
-rw-r--r--main/tiff/CVE-2012-4564.patch30
-rw-r--r--main/tiff/libtiff-negsize-3.9.patch161
5 files changed, 50 insertions, 179 deletions
diff --git a/main/tiff/APKBUILD b/main/tiff/APKBUILD
index 4d0e0e111a..9138618baa 100644
--- a/main/tiff/APKBUILD
+++ b/main/tiff/APKBUILD
@@ -1,8 +1,8 @@
# Contributor: Leonardo Arena <rnalrd@gmail.com>
# Maintainer: Michael Mason <ms13sp@gmail.com>
pkgname=tiff
-pkgver=3.9.6
-pkgrel=1
+pkgver=3.9.7
+pkgrel=0
pkgdesc="Provides support for the Tag Image File Format or TIFF"
url="http://www.libtiff.org/"
arch="all"
@@ -12,8 +12,8 @@ depends_dev="zlib-dev jpeg-dev"
makedepends="libtool autoconf automake $depends_dev"
subpackages="$pkgname-doc $pkgname-dev $pkgname-tools"
source="ftp://ftp.remotesensing.org/pub/libtiff/$pkgname-$pkgver.tar.gz
- libtiff-negsize-3.9.patch
- CVE-2012-3401.patch
+ CVE-2012-4447.patch
+ CVE-2012-4564.patch
"
_builddir="$srcdir"/$pkgname-$pkgver
@@ -50,6 +50,6 @@ tools() {
mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
}
-md5sums="6920f3bf628d791d49f268b83612ed23 tiff-3.9.6.tar.gz
-a0742e7c81551c51438a8d6fa5d68676 libtiff-negsize-3.9.patch
-8c862de25b906d3fcefce2fb06c7b604 CVE-2012-3401.patch"
+md5sums="626102f448ba441d42e3212538ad67d2 tiff-3.9.7.tar.gz
+f85847db8d4cf8d9564f0f9af5bb060a CVE-2012-4447.patch
+e7b151b4a5acc8eb4b4428a98d6aa779 CVE-2012-4564.patch"
diff --git a/main/tiff/CVE-2012-3401.patch b/main/tiff/CVE-2012-3401.patch
deleted file mode 100644
index 847bd0d138..0000000000
--- a/main/tiff/CVE-2012-3401.patch
+++ /dev/null
@@ -1,11 +0,0 @@
-diff -Naur tiff-4.0.2.orig/tools/tiff2pdf.c tiff-4.0.2/tools/tiff2pdf.c
---- tiff-4.0.2.orig/tools/tiff2pdf.c 2012-06-15 17:51:54.000000000 -0400
-+++ tiff-4.0.2/tools/tiff2pdf.c 2012-07-05 13:34:36.569691068 -0400
-@@ -1066,6 +1066,7 @@
- "Can't set directory %u of input file %s",
- i,
- TIFFFileName(input));
-+ t2p->t2p_error = T2P_ERR_ERROR;
- return;
- }
- if(TIFFGetField(input, TIFFTAG_PAGENUMBER, &pagen, &paged)){
diff --git a/main/tiff/CVE-2012-4447.patch b/main/tiff/CVE-2012-4447.patch
new file mode 100644
index 0000000000..29271ee57c
--- /dev/null
+++ b/main/tiff/CVE-2012-4447.patch
@@ -0,0 +1,13 @@
+Index: tiff-3.9.4/libtiff/tif_pixarlog.c
+===================================================================
+--- tiff-3.9.4.orig/libtiff/tif_pixarlog.c 2010-06-08 14:50:42.000000000 -0400
++++ tiff-3.9.4/libtiff/tif_pixarlog.c 2012-10-05 16:51:49.201609547 -0400
+@@ -663,7 +663,7 @@
+ td->td_rowsperstrip), sizeof(uint16));
+ if (tbuf_size == 0)
+ return (0);
+- sp->tbuf = (uint16 *) _TIFFmalloc(tbuf_size);
++ sp->tbuf = (uint16 *) _TIFFmalloc(tbuf_size+sizeof(uint16)*sp->stride);
+ if (sp->tbuf == NULL)
+ return (0);
+ if (sp->user_datafmt == PIXARLOGDATAFMT_UNKNOWN)
diff --git a/main/tiff/CVE-2012-4564.patch b/main/tiff/CVE-2012-4564.patch
new file mode 100644
index 0000000000..9de7385cde
--- /dev/null
+++ b/main/tiff/CVE-2012-4564.patch
@@ -0,0 +1,30 @@
+diff -u -r1.16 ppm2tiff.c
+--- ./tools/ppm2tiff.c 10 Apr 2010 19:22:34 -0000 1.16
++++ ./tools/ppm2tiff.c 31 Oct 2012 06:25:13 -0000
+@@ -89,6 +89,7 @@
+ int c;
+ extern int optind;
+ extern char* optarg;
++ size_t scanline_size;
+
+ if (argc < 2) {
+ fprintf(stderr, "%s: Too few arguments\n", argv[0]);
+@@ -237,8 +238,16 @@
+ }
+ if (TIFFScanlineSize(out) > linebytes)
+ buf = (unsigned char *)_TIFFmalloc(linebytes);
+- else
+- buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
++ else {
++ scanline_size = TIFFScanlineSize(out);
++ if (scanline_size != 0)
++ buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
++ else {
++ fprintf(stderr, "%s: scanline size overflow\n",infile);
++ (void) TIFFClose(out);
++ exit(-2);
++ }
++ }
+ if (resolution > 0) {
+ TIFFSetField(out, TIFFTAG_XRESOLUTION, resolution);
+ TIFFSetField(out, TIFFTAG_YRESOLUTION, resolution);
diff --git a/main/tiff/libtiff-negsize-3.9.patch b/main/tiff/libtiff-negsize-3.9.patch
deleted file mode 100644
index 75a42fabc7..0000000000
--- a/main/tiff/libtiff-negsize-3.9.patch
+++ /dev/null
@@ -1,161 +0,0 @@
-Index: libtiff/tif_strip.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_strip.c,v
-retrieving revision 1.19.2.3
-diff -c -r1.19.2.3 tif_strip.c
-*** ./libtiff/tif_strip.c 15 Dec 2010 00:50:30 -0000 1.19.2.3
---- ./libtiff/tif_strip.c 17 Apr 2012 18:14:22 -0000
-***************
-*** 107,112 ****
---- 107,113 ----
- TIFFVStripSize(TIFF* tif, uint32 nrows)
- {
- TIFFDirectory *td = &tif->tif_dir;
-+ uint32 stripsize;
-
- if (nrows == (uint32) -1)
- nrows = td->td_imagelength;
-***************
-*** 122,128 ****
- * YCbCr data for the extended image.
- */
- uint16 ycbcrsubsampling[2];
-! tsize_t w, scanline, samplingarea;
-
- TIFFGetFieldDefaulted(tif, TIFFTAG_YCBCRSUBSAMPLING,
- ycbcrsubsampling + 0,
---- 123,129 ----
- * YCbCr data for the extended image.
- */
- uint16 ycbcrsubsampling[2];
-! uint32 w, scanline, samplingarea;
-
- TIFFGetFieldDefaulted(tif, TIFFTAG_YCBCRSUBSAMPLING,
- ycbcrsubsampling + 0,
-***************
-*** 141,153 ****
- nrows = TIFFroundup(nrows, ycbcrsubsampling[1]);
- /* NB: don't need TIFFhowmany here 'cuz everything is rounded */
- scanline = multiply(tif, nrows, scanline, "TIFFVStripSize");
-! return ((tsize_t)
- summarize(tif, scanline,
- multiply(tif, 2, scanline / samplingarea,
-! "TIFFVStripSize"), "TIFFVStripSize"));
- } else
-! return ((tsize_t) multiply(tif, nrows, TIFFScanlineSize(tif),
-! "TIFFVStripSize"));
- }
-
-
---- 142,160 ----
- nrows = TIFFroundup(nrows, ycbcrsubsampling[1]);
- /* NB: don't need TIFFhowmany here 'cuz everything is rounded */
- scanline = multiply(tif, nrows, scanline, "TIFFVStripSize");
-! stripsize =
- summarize(tif, scanline,
- multiply(tif, 2, scanline / samplingarea,
-! "TIFFVStripSize"), "TIFFVStripSize");
- } else
-! stripsize = multiply(tif, nrows, TIFFScanlineSize(tif),
-! "TIFFVStripSize");
-! /* Because tsize_t is signed, we might have conversion overflow */
-! if (((tsize_t) stripsize) < 0) {
-! TIFFErrorExt(tif->tif_clientdata, tif->tif_name, "Integer overflow in %s", "TIFFVStripSize");
-! stripsize = 0;
-! }
-! return (tsize_t) stripsize;
- }
-
-
-Index: libtiff/tif_tile.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_tile.c,v
-retrieving revision 1.12.2.1
-diff -c -r1.12.2.1 tif_tile.c
-*** ./libtiff/tif_tile.c 8 Jun 2010 18:50:43 -0000 1.12.2.1
---- ./libtiff/tif_tile.c 17 Apr 2012 18:14:22 -0000
-***************
-*** 174,180 ****
- TIFFTileRowSize(TIFF* tif)
- {
- TIFFDirectory *td = &tif->tif_dir;
-! tsize_t rowsize;
-
- if (td->td_tilelength == 0 || td->td_tilewidth == 0)
- return ((tsize_t) 0);
---- 174,180 ----
- TIFFTileRowSize(TIFF* tif)
- {
- TIFFDirectory *td = &tif->tif_dir;
-! uint32 rowsize;
-
- if (td->td_tilelength == 0 || td->td_tilewidth == 0)
- return ((tsize_t) 0);
-***************
-*** 193,199 ****
- TIFFVTileSize(TIFF* tif, uint32 nrows)
- {
- TIFFDirectory *td = &tif->tif_dir;
-! tsize_t tilesize;
-
- if (td->td_tilelength == 0 || td->td_tilewidth == 0 ||
- td->td_tiledepth == 0)
---- 193,199 ----
- TIFFVTileSize(TIFF* tif, uint32 nrows)
- {
- TIFFDirectory *td = &tif->tif_dir;
-! uint32 tilesize;
-
- if (td->td_tilelength == 0 || td->td_tilewidth == 0 ||
- td->td_tiledepth == 0)
-***************
-*** 209,220 ****
- * horizontal/vertical subsampling area include
- * YCbCr data for the extended image.
- */
-! tsize_t w =
- TIFFroundup(td->td_tilewidth, td->td_ycbcrsubsampling[0]);
-! tsize_t rowsize =
- TIFFhowmany8(multiply(tif, w, td->td_bitspersample,
- "TIFFVTileSize"));
-! tsize_t samplingarea =
- td->td_ycbcrsubsampling[0]*td->td_ycbcrsubsampling[1];
- if (samplingarea == 0) {
- TIFFErrorExt(tif->tif_clientdata, tif->tif_name, "Invalid YCbCr subsampling");
---- 209,220 ----
- * horizontal/vertical subsampling area include
- * YCbCr data for the extended image.
- */
-! uint32 w =
- TIFFroundup(td->td_tilewidth, td->td_ycbcrsubsampling[0]);
-! uint32 rowsize =
- TIFFhowmany8(multiply(tif, w, td->td_bitspersample,
- "TIFFVTileSize"));
-! uint32 samplingarea =
- td->td_ycbcrsubsampling[0]*td->td_ycbcrsubsampling[1];
- if (samplingarea == 0) {
- TIFFErrorExt(tif->tif_clientdata, tif->tif_name, "Invalid YCbCr subsampling");
-***************
-*** 230,237 ****
- } else
- tilesize = multiply(tif, nrows, TIFFTileRowSize(tif),
- "TIFFVTileSize");
-! return ((tsize_t)
-! multiply(tif, tilesize, td->td_tiledepth, "TIFFVTileSize"));
- }
-
- /*
---- 230,242 ----
- } else
- tilesize = multiply(tif, nrows, TIFFTileRowSize(tif),
- "TIFFVTileSize");
-! tilesize = multiply(tif, tilesize, td->td_tiledepth, "TIFFVTileSize");
-! /* Because tsize_t is signed, we might have conversion overflow */
-! if (((tsize_t) tilesize) < 0) {
-! TIFFErrorExt(tif->tif_clientdata, tif->tif_name, "Integer overflow in %s", "TIFFVTileSize");
-! tilesize = 0;
-! }
-! return (tsize_t) tilesize;
- }
-
- /*