diff options
| author | Danny Rawlins <monster.romster@gmail.com> | 2015-01-27 21:00:53 +1100 |
|---|---|---|
| committer | Danny Rawlins <monster.romster@gmail.com> | 2015-01-27 21:00:53 +1100 |
| commit | 87b135f45716e8cc3fd5f00466bfc1be5c856408 (patch) | |
| tree | 04cf03c0d1a9b684c6f6c5d57fed7cbc5a2a81f8 /libtiff-32 | |
| parent | bf9bee7309e612ffe808f3440dfdf124638fc9cd (diff) | |
| download | compat-32-87b135f45716e8cc3fd5f00466bfc1be5c856408.tar.gz compat-32-87b135f45716e8cc3fd5f00466bfc1be5c856408.tar.xz | |
libtiff-32: 4.0.3 -> 4.0.4beta
Diffstat (limited to 'libtiff-32')
| -rw-r--r-- | libtiff-32/.footprint | 12 | ||||
| -rw-r--r-- | libtiff-32/.md5sum | 7 | ||||
| -rw-r--r-- | libtiff-32/Pkgfile | 27 | ||||
| -rw-r--r-- | libtiff-32/gif2tiff-buffer-overflow.patch | 18 | ||||
| -rw-r--r-- | libtiff-32/lzw-oob-write.patch | 18 | ||||
| -rw-r--r-- | libtiff-32/tiff-4.0.3-CVE-2013-1960.patch | 145 | ||||
| -rw-r--r-- | libtiff-32/tiff-4.0.3-CVE-2013-4243.patch | 37 | ||||
| -rw-r--r-- | libtiff-32/tiff2pdf_use-after-free.patch | 15 |
8 files changed, 18 insertions, 261 deletions
diff --git a/libtiff-32/.footprint b/libtiff-32/.footprint index 1e759880..d22efb1c 100644 --- a/libtiff-32/.footprint +++ b/libtiff-32/.footprint @@ -2,13 +2,13 @@ drwxr-xr-x root/root usr/ drwxr-xr-x root/root usr/lib32/ -rw-r--r-- root/root usr/lib32/libtiff.a -rwxr-xr-x root/root usr/lib32/libtiff.la -lrwxrwxrwx root/root usr/lib32/libtiff.so -> libtiff.so.5.2.0 -lrwxrwxrwx root/root usr/lib32/libtiff.so.5 -> libtiff.so.5.2.0 --rwxr-xr-x root/root usr/lib32/libtiff.so.5.2.0 +lrwxrwxrwx root/root usr/lib32/libtiff.so -> libtiff.so.5.2.1 +lrwxrwxrwx root/root usr/lib32/libtiff.so.5 -> libtiff.so.5.2.1 +-rwxr-xr-x root/root usr/lib32/libtiff.so.5.2.1 -rw-r--r-- root/root usr/lib32/libtiffxx.a -rwxr-xr-x root/root usr/lib32/libtiffxx.la -lrwxrwxrwx root/root usr/lib32/libtiffxx.so -> libtiffxx.so.5.2.0 -lrwxrwxrwx root/root usr/lib32/libtiffxx.so.5 -> libtiffxx.so.5.2.0 --rwxr-xr-x root/root usr/lib32/libtiffxx.so.5.2.0 +lrwxrwxrwx root/root usr/lib32/libtiffxx.so -> libtiffxx.so.5.2.1 +lrwxrwxrwx root/root usr/lib32/libtiffxx.so.5 -> libtiffxx.so.5.2.1 +-rwxr-xr-x root/root usr/lib32/libtiffxx.so.5.2.1 drwxr-xr-x root/root usr/lib32/pkgconfig/ -rw-r--r-- root/root usr/lib32/pkgconfig/libtiff-4.pc diff --git a/libtiff-32/.md5sum b/libtiff-32/.md5sum index a2bbf63b..ae6f2b3d 100644 --- a/libtiff-32/.md5sum +++ b/libtiff-32/.md5sum @@ -1,6 +1 @@ -6c1189a715708edc8ba926977b33895f gif2tiff-buffer-overflow.patch -2c0dabc854c95e7453fc56d2fd50a503 lzw-oob-write.patch -e9de577a81571ab8ffac84aac8c64381 tiff-4.0.3-CVE-2013-1960.patch -682ee6498fe06ffe0b44370164acf0b4 tiff-4.0.3-CVE-2013-4243.patch -051c1068e6a0627f461948c365290410 tiff-4.0.3.tar.gz -35aee7eea6949c2d26ffa52872991115 tiff2pdf_use-after-free.patch +49c93f9c06f16c1563a7a88802671aef tiff-4.0.4beta.tar.gz diff --git a/libtiff-32/Pkgfile b/libtiff-32/Pkgfile index 42bbd494..53810b3c 100644 --- a/libtiff-32/Pkgfile +++ b/libtiff-32/Pkgfile @@ -4,25 +4,20 @@ # Depends on: libjpeg-turbo-32 zlib-32 libtiff name=libtiff-32 -version=4.0.3 -release=2 -source=(http://download.osgeo.org/libtiff/tiff-$version.tar.gz - gif2tiff-buffer-overflow.patch - tiff2pdf_use-after-free.patch - lzw-oob-write.patch - tiff-4.0.3-CVE-2013-4243.patch - tiff-4.0.3-CVE-2013-1960.patch) +version=4.0.4beta +release=1 +source=(http://download.osgeo.org/libtiff/tiff-$version.tar.gz) build() { - cd tiff-$version - patch -d tools -p0 -i $SRC/tiff2pdf_use-after-free.patch - patch -d tools -p0 -i $SRC/gif2tiff-buffer-overflow.patch - patch -d tools -p0 -i $SRC/lzw-oob-write.patch - patch -p0 -i $SRC/tiff-4.0.3-CVE-2013-4243.patch - patch -p1 -i $SRC/tiff-4.0.3-CVE-2013-1960.patch + cd tiff-$version + + ./configure \ + --prefix=/usr \ + --libdir=/usr/lib32 \ + --mandir=/usr/man - ./configure --prefix=/usr --libdir=/usr/lib32 --mandir=/usr/man make make DESTDIR=$PKG install - rm -r $PKG/usr/{bin,include,share,man} + + rm -r $PKG/usr/{bin,include,share,man} } diff --git a/libtiff-32/gif2tiff-buffer-overflow.patch b/libtiff-32/gif2tiff-buffer-overflow.patch deleted file mode 100644 index 3c217182..00000000 --- a/libtiff-32/gif2tiff-buffer-overflow.patch +++ /dev/null @@ -1,18 +0,0 @@ -Index: gif2tiff.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/gif2tiff.c,v -retrieving revision 1.12 -diff -u -r1.12 gif2tiff.c ---- gif2tiff.c 15 Dec 2010 00:22:44 -0000 1.12 -+++ gif2tiff.c 13 Aug 2013 08:25:38 -0000 -@@ -333,6 +333,10 @@ - int status = 1; - - datasize = getc(infile); -+ -+ if (datasize > 12) -+ return 0; -+ - clear = 1 << datasize; - eoi = clear + 1; - avail = clear + 2; diff --git a/libtiff-32/lzw-oob-write.patch b/libtiff-32/lzw-oob-write.patch deleted file mode 100644 index 674afc6c..00000000 --- a/libtiff-32/lzw-oob-write.patch +++ /dev/null @@ -1,18 +0,0 @@ -Index: gif2tiff.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/gif2tiff.c,v -retrieving revision 1.12 -diff -u -r1.12 gif2tiff.c ---- gif2tiff.c 15 Dec 2010 00:22:44 -0000 1.12 -+++ gif2tiff.c 14 Aug 2013 04:28:07 -0000 -@@ -398,6 +398,10 @@ - } - - if (oldcode == -1) { -+ if (code >= clear) { -+ fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear); -+ return 0; -+ } - *(*fill)++ = suffix[code]; - firstchar = oldcode = code; - return 1; diff --git a/libtiff-32/tiff-4.0.3-CVE-2013-1960.patch b/libtiff-32/tiff-4.0.3-CVE-2013-1960.patch deleted file mode 100644 index 1c8dfb7b..00000000 --- a/libtiff-32/tiff-4.0.3-CVE-2013-1960.patch +++ /dev/null @@ -1,145 +0,0 @@ -diff -Naur tiff-4.0.3.orig/tools/tiff2pdf.c tiff-4.0.3/tools/tiff2pdf.c ---- tiff-4.0.3.orig/tools/tiff2pdf.c 2012-07-25 22:56:43.000000000 -0400 -+++ tiff-4.0.3/tools/tiff2pdf.c 2013-05-02 12:04:49.057090227 -0400 -@@ -3341,33 +3341,56 @@ - uint32 height){ - - tsize_t i=0; -- uint16 ri =0; -- uint16 v_samp=1; -- uint16 h_samp=1; -- int j=0; -- -- i++; -- -- while(i<(*striplength)){ -+ -+ while (i < *striplength) { -+ tsize_t datalen; -+ uint16 ri; -+ uint16 v_samp; -+ uint16 h_samp; -+ int j; -+ int ncomp; -+ -+ /* marker header: one or more FFs */ -+ if (strip[i] != 0xff) -+ return(0); -+ i++; -+ while (i < *striplength && strip[i] == 0xff) -+ i++; -+ if (i >= *striplength) -+ return(0); -+ /* SOI is the only pre-SOS marker without a length word */ -+ if (strip[i] == 0xd8) -+ datalen = 0; -+ else { -+ if ((*striplength - i) <= 2) -+ return(0); -+ datalen = (strip[i+1] << 8) | strip[i+2]; -+ if (datalen < 2 || datalen >= (*striplength - i)) -+ return(0); -+ } - switch( strip[i] ){ -- case 0xd8: -- /* SOI - start of image */ -+ case 0xd8: /* SOI - start of image */ - _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), 2); - *bufferoffset+=2; -- i+=2; - break; -- case 0xc0: -- case 0xc1: -- case 0xc3: -- case 0xc9: -- case 0xca: -+ case 0xc0: /* SOF0 */ -+ case 0xc1: /* SOF1 */ -+ case 0xc3: /* SOF3 */ -+ case 0xc9: /* SOF9 */ -+ case 0xca: /* SOF10 */ - if(no==0){ -- _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2); -- for(j=0;j<buffer[*bufferoffset+9];j++){ -- if( (buffer[*bufferoffset+11+(2*j)]>>4) > h_samp) -- h_samp = (buffer[*bufferoffset+11+(2*j)]>>4); -- if( (buffer[*bufferoffset+11+(2*j)] & 0x0f) > v_samp) -- v_samp = (buffer[*bufferoffset+11+(2*j)] & 0x0f); -+ _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2); -+ ncomp = buffer[*bufferoffset+9]; -+ if (ncomp < 1 || ncomp > 4) -+ return(0); -+ v_samp=1; -+ h_samp=1; -+ for(j=0;j<ncomp;j++){ -+ uint16 samp = buffer[*bufferoffset+11+(3*j)]; -+ if( (samp>>4) > h_samp) -+ h_samp = (samp>>4); -+ if( (samp & 0x0f) > v_samp) -+ v_samp = (samp & 0x0f); - } - v_samp*=8; - h_samp*=8; -@@ -3381,45 +3404,43 @@ - (unsigned char) ((height>>8) & 0xff); - buffer[*bufferoffset+6]= - (unsigned char) (height & 0xff); -- *bufferoffset+=strip[i+2]+2; -- i+=strip[i+2]+2; -- -+ *bufferoffset+=datalen+2; -+ /* insert a DRI marker */ - buffer[(*bufferoffset)++]=0xff; - buffer[(*bufferoffset)++]=0xdd; - buffer[(*bufferoffset)++]=0x00; - buffer[(*bufferoffset)++]=0x04; - buffer[(*bufferoffset)++]=(ri >> 8) & 0xff; - buffer[(*bufferoffset)++]= ri & 0xff; -- } else { -- i+=strip[i+2]+2; - } - break; -- case 0xc4: -- case 0xdb: -- _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2); -- *bufferoffset+=strip[i+2]+2; -- i+=strip[i+2]+2; -+ case 0xc4: /* DHT */ -+ case 0xdb: /* DQT */ -+ _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2); -+ *bufferoffset+=datalen+2; - break; -- case 0xda: -+ case 0xda: /* SOS */ - if(no==0){ -- _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2); -- *bufferoffset+=strip[i+2]+2; -- i+=strip[i+2]+2; -+ _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2); -+ *bufferoffset+=datalen+2; - } else { - buffer[(*bufferoffset)++]=0xff; - buffer[(*bufferoffset)++]= - (unsigned char)(0xd0 | ((no-1)%8)); -- i+=strip[i+2]+2; - } -- _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), (*striplength)-i-1); -- *bufferoffset+=(*striplength)-i-1; -+ i += datalen + 1; -+ /* copy remainder of strip */ -+ _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i]), *striplength - i); -+ *bufferoffset+= *striplength - i; - return(1); - default: -- i+=strip[i+2]+2; -+ /* ignore any other marker */ -+ break; - } -+ i += datalen + 1; - } -- - -+ /* failed to find SOS marker */ - return(0); - } - #endif diff --git a/libtiff-32/tiff-4.0.3-CVE-2013-4243.patch b/libtiff-32/tiff-4.0.3-CVE-2013-4243.patch deleted file mode 100644 index fdcfe6bd..00000000 --- a/libtiff-32/tiff-4.0.3-CVE-2013-4243.patch +++ /dev/null @@ -1,37 +0,0 @@ -Index: tools/gif2tiff.c -=================================================================== ---- tools/gif2tiff.c.orig -+++ tools/gif2tiff.c -@@ -280,6 +280,10 @@ readgifimage(char* mode) - fprintf(stderr, "no colormap present for image\n"); - return (0); - } -+ if (width == 0 || height == 0) { -+ fprintf(stderr, "Invalid value of width or height\n"); -+ return(0); -+ } - if ((raster = (unsigned char*) _TIFFmalloc(width*height+EXTRAFUDGE)) == NULL) { - fprintf(stderr, "not enough memory for image\n"); - return (0); -@@ -406,6 +410,10 @@ process(register int code, unsigned char - fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear); - return 0; - } -+ if (*fill >= raster + width*height) { -+ fprintf(stderr, "raster full before eoi code\n"); -+ return 0; -+ } - *(*fill)++ = suffix[code]; - firstchar = oldcode = code; - return 1; -@@ -436,6 +444,10 @@ process(register int code, unsigned char - } - oldcode = incode; - do { -+ if (*fill >= raster + width*height) { -+ fprintf(stderr, "raster full before eoi code\n"); -+ return 0; -+ } - *(*fill)++ = *--stackp; - } while (stackp > stack); - return 1; diff --git a/libtiff-32/tiff2pdf_use-after-free.patch b/libtiff-32/tiff2pdf_use-after-free.patch deleted file mode 100644 index 87673d91..00000000 --- a/libtiff-32/tiff2pdf_use-after-free.patch +++ /dev/null @@ -1,15 +0,0 @@ -Index: tiff2pdf.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v -retrieving revision 1.71 -diff -u -r1.71 tiff2pdf.c ---- tiff2pdf.c 2 May 2013 14:54:08 -0000 1.71 -+++ tiff2pdf.c 13 Aug 2013 04:45:40 -0000 -@@ -2462,6 +2462,7 @@ - TIFFFileName(input)); - t2p->t2p_error = T2P_ERR_ERROR; - _TIFFfree(buffer); -+ return(0); - } else { - buffer=samplebuffer; - t2p->tiff_datasize *= t2p->tiff_samplesperpixel; |