diff options
author | Samuli Suominen <ssuominen@gentoo.org> | 2010-02-26 20:31:34 +0000 |
---|---|---|
committer | Samuli Suominen <ssuominen@gentoo.org> | 2010-02-26 20:31:34 +0000 |
commit | 405f7893035cbc5301b05a6f09f838f643bbe650 (patch) | |
tree | a38ee8750150c23756adfedf15299859190839e1 /media-libs/tiff | |
parent | Bump (diff) | |
download | gentoo-2-405f7893035cbc5301b05a6f09f838f643bbe650.tar.gz gentoo-2-405f7893035cbc5301b05a6f09f838f643bbe650.tar.bz2 gentoo-2-405f7893035cbc5301b05a6f09f838f643bbe650.zip |
Fix CVE-2009-2347 again wrt security #307001.
(Portage version: 2.2_rc63/cvs/Linux x86_64)
Diffstat (limited to 'media-libs/tiff')
-rw-r--r-- | media-libs/tiff/ChangeLog | 8 | ||||
-rw-r--r-- | media-libs/tiff/files/tiff-3.9.2-CVE-2009-2347.patch | 89 | ||||
-rw-r--r-- | media-libs/tiff/tiff-3.9.2-r1.ebuild | 53 |
3 files changed, 149 insertions, 1 deletions
diff --git a/media-libs/tiff/ChangeLog b/media-libs/tiff/ChangeLog index e99404cb2a91..96213b510a53 100644 --- a/media-libs/tiff/ChangeLog +++ b/media-libs/tiff/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for media-libs/tiff # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/media-libs/tiff/ChangeLog,v 1.144 2010/01/22 17:19:11 ssuominen Exp $ +# $Header: /var/cvsroot/gentoo-x86/media-libs/tiff/ChangeLog,v 1.145 2010/02/26 20:31:32 ssuominen Exp $ + +*tiff-3.9.2-r1 (26 Feb 2010) + + 26 Feb 2010; Samuli Suominen <ssuominen@gentoo.org> +tiff-3.9.2-r1.ebuild, + +files/tiff-3.9.2-CVE-2009-2347.patch: + Fix CVE-2009-2347 again wrt security #307001. 22 Jan 2010; Samuli Suominen <ssuominen@gentoo.org> tiff-3.9.2.ebuild: Require SLOT="0" of media-libs/jpeg for headers. diff --git a/media-libs/tiff/files/tiff-3.9.2-CVE-2009-2347.patch b/media-libs/tiff/files/tiff-3.9.2-CVE-2009-2347.patch new file mode 100644 index 000000000000..8d30334da380 --- /dev/null +++ b/media-libs/tiff/files/tiff-3.9.2-CVE-2009-2347.patch @@ -0,0 +1,89 @@ +http://bugs.gentoo.org/show_bug.cgi?id=307001 +http://bugzilla.maptools.org/show_bug.cgi?id=2079 + +--- tools/tiff2rgba.c ++++ tools/tiff2rgba.c +@@ -125,6 +125,17 @@ + return (0); + } + ++static tsize_t ++multiply(tsize_t m1, tsize_t m2) ++{ ++ tsize_t prod = m1 * m2; ++ ++ if (m1 && prod / m1 != m2) ++ prod = 0; /* overflow */ ++ ++ return prod; ++} ++ + static int + cvt_by_tile( TIFF *in, TIFF *out ) + +@@ -134,6 +145,7 @@ + uint32 tile_width, tile_height; + uint32 row, col; + uint32 *wrk_line; ++ tsize_t raster_size; + int ok = 1; + + TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &width); +@@ -151,7 +163,14 @@ + /* + * Allocate tile buffer + */ +- raster = (uint32*)_TIFFmalloc(tile_width * tile_height * sizeof (uint32)); ++ raster_size = multiply(multiply(tile_width, tile_height), sizeof (uint32)); ++ if (!raster_size) { ++ TIFFError(TIFFFileName(in), ++ "Can't allocate buffer for raster of size %lux%lu", ++ (unsigned long) tile_width, (unsigned long) tile_height); ++ return (0); ++ } ++ raster = (uint32*)_TIFFmalloc(raster_size); + if (raster == 0) { + TIFFError(TIFFFileName(in), "No space for raster buffer"); + return (0); +@@ -159,7 +178,7 @@ + + /* + * Allocate a scanline buffer for swapping during the vertical +- * mirroring pass. ++ * mirroring pass. (Request can't overflow given prior checks.) + */ + wrk_line = (uint32*)_TIFFmalloc(tile_width * sizeof (uint32)); + if (!wrk_line) { +@@ -236,6 +255,7 @@ + uint32 width, height; /* image width & height */ + uint32 row; + uint32 *wrk_line; ++ tsize_t raster_size; + int ok = 1; + + TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &width); +@@ -251,7 +271,14 @@ + /* + * Allocate strip buffer + */ +- raster = (uint32*)_TIFFmalloc(width * rowsperstrip * sizeof (uint32)); ++ raster_size = multiply(multiply(width, rowsperstrip), sizeof (uint32)); ++ if (!raster_size) { ++ TIFFError(TIFFFileName(in), ++ "Can't allocate buffer for raster of size %lux%lu", ++ (unsigned long) width, (unsigned long) rowsperstrip); ++ return (0); ++ } ++ raster = (uint32*)_TIFFmalloc(raster_size); + if (raster == 0) { + TIFFError(TIFFFileName(in), "No space for raster buffer"); + return (0); +@@ -259,7 +286,7 @@ + + /* + * Allocate a scanline buffer for swapping during the vertical +- * mirroring pass. ++ * mirroring pass. (Request can't overflow given prior checks.) + */ + wrk_line = (uint32*)_TIFFmalloc(width * sizeof (uint32)); + if (!wrk_line) { diff --git a/media-libs/tiff/tiff-3.9.2-r1.ebuild b/media-libs/tiff/tiff-3.9.2-r1.ebuild new file mode 100644 index 000000000000..bad4e457d06a --- /dev/null +++ b/media-libs/tiff/tiff-3.9.2-r1.ebuild @@ -0,0 +1,53 @@ +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/media-libs/tiff/tiff-3.9.2-r1.ebuild,v 1.1 2010/02/26 20:31:32 ssuominen Exp $ + +EAPI=2 +inherit eutils libtool + +DESCRIPTION="Library for manipulation of TIFF (Tag Image File Format) images" +HOMEPAGE="http://www.remotesensing.org/libtiff/" +SRC_URI="ftp://ftp.remotesensing.org/pub/libtiff/${P}.tar.gz" + +LICENSE="as-is" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~x86-interix ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris" +IUSE="jpeg jbig +cxx zlib" + +DEPEND="jpeg? ( >=media-libs/jpeg-6b:0 ) + jbig? ( media-libs/jbigkit ) + zlib? ( sys-libs/zlib )" + +src_prepare() { + epatch "${FILESDIR}"/${PN}-3.8.2-CVE-2009-2285.patch \ + "${FILESDIR}"/${P}-CVE-2009-2347.patch + elibtoolize +} + +src_configure() { + use prefix || EPREFIX= + econf \ + --disable-dependency-tracking \ + $(use_enable cxx) \ + $(use_enable zlib) \ + $(use_enable jpeg) \ + $(use_enable jbig) \ + --without-x \ + --with-docdir="${EPREFIX}"/usr/share/doc/${PF} +} + +src_install() { + emake DESTDIR="${D}" install || die + dodoc ChangeLog README TODO +} + +pkg_postinst() { + if use jbig; then + echo + elog "JBIG support is intended for Hylafax fax compression, so we" + elog "really need more feedback in other areas (most testing has" + elog "been done with fax). Be sure to recompile anything linked" + elog "against tiff if you rebuild it with jbig support." + echo + fi +} |