ports/opt (3.1): libtiff: cleanups

26 Jan 2015

commit 8e2b2d38525bf902c3916b596ab679ccd58265fd
Author: Fredrik Rinnestam <fredrik@crux.nu>
Date:   Mon Jan 26 21:07:25 2015 +0100

    libtiff: cleanups

diff --git a/libtiff/Pkgfile b/libtiff/Pkgfile
index 712554d..74a952b 100644
--- a/libtiff/Pkgfile
+++ b/libtiff/Pkgfile
@@ -6,17 +6,10 @@
 name=libtiff
 version=4.0.4beta
 release=1
-source=(http://download.osgeo.org/libtiff/tiff-$version.tar.gz \
-        gif2tiff-buffer-overflow.patch tiff2pdf_use-after-free.patch lzw-oob-write.patch \
-	tiff-4.0.3-CVE-2013-4243.patch tiff-4.0.3-CVE-2013-1960.patch )
+source=(http://download.osgeo.org/libtiff/tiff-$version.tar.gz) 
 
 build() {
     cd tiff-$version
-    #patch -d tools -p0 -i $SRC/tiff2pdf_use-after-free.patch
-    #patch -d tools -p0 -i $SRC/gif2tiff-buffer-overflow.patch
-    #patch -d tools -p0 -i $SRC/lzw-oob-write.patch
-    #patch -p0 -i $SRC/tiff-4.0.3-CVE-2013-4243.patch
-    #patch -p1 -i $SRC/tiff-4.0.3-CVE-2013-1960.patch
 
     ./configure --prefix=/usr --mandir=/usr/man
     make
diff --git a/libtiff/gif2tiff-buffer-overflow.patch b/libtiff/gif2tiff-buffer-overflow.patch
deleted file mode 100644
index 3c21718..0000000
--- a/libtiff/gif2tiff-buffer-overflow.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-Index: gif2tiff.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/tools/gif2tiff.c,v
-retrieving revision 1.12
-diff -u -r1.12 gif2tiff.c
---- gif2tiff.c	15 Dec 2010 00:22:44 -0000	1.12
-+++ gif2tiff.c	13 Aug 2013 08:25:38 -0000
-@@ -333,6 +333,10 @@
-     int status = 1;
- 
-     datasize = getc(infile);
-+
-+    if (datasize > 12)
-+        return 0;
-+
-     clear = 1 << datasize;
-     eoi = clear + 1;
-     avail = clear + 2;
diff --git a/libtiff/lzw-oob-write.patch b/libtiff/lzw-oob-write.patch
deleted file mode 100644
index 674afc6..0000000
--- a/libtiff/lzw-oob-write.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-Index: gif2tiff.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/tools/gif2tiff.c,v
-retrieving revision 1.12
-diff -u -r1.12 gif2tiff.c
---- gif2tiff.c	15 Dec 2010 00:22:44 -0000	1.12
-+++ gif2tiff.c	14 Aug 2013 04:28:07 -0000
-@@ -398,6 +398,10 @@
-     }
- 
-     if (oldcode == -1) {
-+        if (code >= clear) {
-+            fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear);
-+            return 0;
-+        }
- 	*(*fill)++ = suffix[code];
- 	firstchar = oldcode = code;
- 	return 1;
diff --git a/libtiff/tiff-4.0.3-CVE-2013-1960.patch b/libtiff/tiff-4.0.3-CVE-2013-1960.patch
deleted file mode 100644
index 1c8dfb7..0000000
--- a/libtiff/tiff-4.0.3-CVE-2013-1960.patch
+++ /dev/null
@@ -1,145 +0,0 @@
-diff -Naur tiff-4.0.3.orig/tools/tiff2pdf.c tiff-4.0.3/tools/tiff2pdf.c
---- tiff-4.0.3.orig/tools/tiff2pdf.c	2012-07-25 22:56:43.000000000 -0400
-+++ tiff-4.0.3/tools/tiff2pdf.c	2013-05-02 12:04:49.057090227 -0400
-@@ -3341,33 +3341,56 @@
- 	uint32 height){
- 
- 	tsize_t i=0;
--	uint16 ri =0;
--	uint16 v_samp=1;
--	uint16 h_samp=1;
--	int j=0;
--	
--	i++;
--	
--	while(i<(*striplength)){
-+
-+	while (i < *striplength) {
-+		tsize_t datalen;
-+		uint16 ri;
-+		uint16 v_samp;
-+		uint16 h_samp;
-+		int j;
-+		int ncomp;
-+
-+		/* marker header: one or more FFs */
-+		if (strip[i] != 0xff)
-+			return(0);
-+		i++;
-+		while (i < *striplength && strip[i] == 0xff)
-+			i++;
-+		if (i >= *striplength)
-+			return(0);
-+		/* SOI is the only pre-SOS marker without a length word */
-+		if (strip[i] == 0xd8)
-+			datalen = 0;
-+		else {
-+			if ((*striplength - i) <= 2)
-+				return(0);
-+			datalen = (strip[i+1] << 8) | strip[i+2];
-+			if (datalen < 2 || datalen >= (*striplength - i))
-+				return(0);
-+		}
- 		switch( strip[i] ){
--			case 0xd8:
--				/* SOI - start of image */
-+			case 0xd8:	/* SOI - start of image */
- 				_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), 2);
- 				*bufferoffset+=2;
--				i+=2;
- 				break;
--			case 0xc0:
--			case 0xc1:
--			case 0xc3:
--			case 0xc9:
--			case 0xca:
-+			case 0xc0:	/* SOF0 */
-+			case 0xc1:	/* SOF1 */
-+			case 0xc3:	/* SOF3 */
-+			case 0xc9:	/* SOF9 */
-+			case 0xca:	/* SOF10 */
- 				if(no==0){
--					_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2);
--					for(j=0;j<buffer[*bufferoffset+9];j++){
--						if( (buffer[*bufferoffset+11+(2*j)]>>4) > h_samp) 
--							h_samp = (buffer[*bufferoffset+11+(2*j)]>>4);
--						if( (buffer[*bufferoffset+11+(2*j)] & 0x0f) > v_samp) 
--							v_samp = (buffer[*bufferoffset+11+(2*j)] & 0x0f);
-+					_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2);
-+					ncomp = buffer[*bufferoffset+9];
-+					if (ncomp < 1 || ncomp > 4)
-+						return(0);
-+					v_samp=1;
-+					h_samp=1;
-+					for(j=0;j<ncomp;j++){
-+						uint16 samp = buffer[*bufferoffset+11+(3*j)];
-+						if( (samp>>4) > h_samp) 
-+							h_samp = (samp>>4);
-+						if( (samp & 0x0f) > v_samp) 
-+							v_samp = (samp & 0x0f);
- 					}
- 					v_samp*=8;
- 					h_samp*=8;
-@@ -3381,45 +3404,43 @@
-                                           (unsigned char) ((height>>8) & 0xff);
- 					buffer[*bufferoffset+6]=
-                                             (unsigned char) (height & 0xff);
--					*bufferoffset+=strip[i+2]+2;
--					i+=strip[i+2]+2;
--
-+					*bufferoffset+=datalen+2;
-+					/* insert a DRI marker */
- 					buffer[(*bufferoffset)++]=0xff;
- 					buffer[(*bufferoffset)++]=0xdd;
- 					buffer[(*bufferoffset)++]=0x00;
- 					buffer[(*bufferoffset)++]=0x04;
- 					buffer[(*bufferoffset)++]=(ri >> 8) & 0xff;
- 					buffer[(*bufferoffset)++]= ri & 0xff;
--				} else {
--					i+=strip[i+2]+2;
- 				}
- 				break;
--			case 0xc4:
--			case 0xdb:
--				_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2);
--				*bufferoffset+=strip[i+2]+2;
--				i+=strip[i+2]+2;
-+			case 0xc4: /* DHT */
-+			case 0xdb: /* DQT */
-+				_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2);
-+				*bufferoffset+=datalen+2;
- 				break;
--			case 0xda:
-+			case 0xda: /* SOS */
- 				if(no==0){
--					_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2);
--					*bufferoffset+=strip[i+2]+2;
--					i+=strip[i+2]+2;
-+					_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2);
-+					*bufferoffset+=datalen+2;
- 				} else {
- 					buffer[(*bufferoffset)++]=0xff;
- 					buffer[(*bufferoffset)++]=
-                                             (unsigned char)(0xd0 | ((no-1)%8));
--					i+=strip[i+2]+2;
- 				}
--				_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), (*striplength)-i-1);
--				*bufferoffset+=(*striplength)-i-1;
-+				i += datalen + 1;
-+				/* copy remainder of strip */
-+				_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i]), *striplength - i);
-+				*bufferoffset+= *striplength - i;
- 				return(1);
- 			default:
--				i+=strip[i+2]+2;
-+				/* ignore any other marker */
-+				break;
- 		}
-+		i += datalen + 1;
- 	}
--	
- 
-+	/* failed to find SOS marker */
- 	return(0);
- }
- #endif
diff --git a/libtiff/tiff-4.0.3-CVE-2013-4243.patch b/libtiff/tiff-4.0.3-CVE-2013-4243.patch
deleted file mode 100644
index fdcfe6b..0000000
--- a/libtiff/tiff-4.0.3-CVE-2013-4243.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-Index: tools/gif2tiff.c
-===================================================================
---- tools/gif2tiff.c.orig
-+++ tools/gif2tiff.c
-@@ -280,6 +280,10 @@ readgifimage(char* mode)
-         fprintf(stderr, "no colormap present for image\n");
-         return (0);
-     }
-+    if (width == 0 || height == 0) {
-+        fprintf(stderr, "Invalid value of width or height\n");
-+        return(0);
-+    }
-     if ((raster = (unsigned char*) _TIFFmalloc(width*height+EXTRAFUDGE)) == NULL) {
-         fprintf(stderr, "not enough memory for image\n");
-         return (0);
-@@ -406,6 +410,10 @@ process(register int code, unsigned char
-             fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear);
-             return 0;
-         }
-+        if (*fill >= raster + width*height) {
-+            fprintf(stderr, "raster full before eoi code\n");
-+            return 0;
-+        }
- 	*(*fill)++ = suffix[code];
- 	firstchar = oldcode = code;
- 	return 1;
-@@ -436,6 +444,10 @@ process(register int code, unsigned char
-     }
-     oldcode = incode;
-     do {
-+        if (*fill >= raster + width*height) {
-+            fprintf(stderr, "raster full before eoi code\n");
-+            return 0;
-+        }
- 	*(*fill)++ = *--stackp;
-     } while (stackp > stack);
-     return 1;
diff --git a/libtiff/tiff2pdf_use-after-free.patch b/libtiff/tiff2pdf_use-after-free.patch
deleted file mode 100644
index 87673d9..0000000
--- a/libtiff/tiff2pdf_use-after-free.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Index: tiff2pdf.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v
-retrieving revision 1.71
-diff -u -r1.71 tiff2pdf.c
---- tiff2pdf.c	2 May 2013 14:54:08 -0000	1.71
-+++ tiff2pdf.c	13 Aug 2013 04:45:40 -0000
-@@ -2462,6 +2462,7 @@
- 					TIFFFileName(input));
- 				t2p->t2p_error = T2P_ERR_ERROR;
- 			  _TIFFfree(buffer);
-+                          return(0);
- 			} else {
- 				buffer=samplebuffer;
- 				t2p->tiff_datasize *= t2p->tiff_samplesperpixel;

    

crux＠crux.nu

tags

participants (1)