main/tiff: upgrade to 3.9.6 and fix CVE-2012-2088

fixes #1249 (cherry picked from commit 802e64df) Conflicts: main/tiff/APKBUILD (cherry picked from commit 2d46a057) Conflicts: main/tiff/APKBUILD

main/tiff: upgrade to 3.9.6 and fix CVE-2012-2088
e36e1736 · Natanael Copa · b66f36ca · e36e1736 · e36e1736
Commit e36e1736 authored 12 years ago by Natanael Copa
--- a/main/tiff/APKBUILD
+++ b/main/tiff/APKBUILD
 # Contributor: Leonardo Arena <rnalrd@gmail.com>
 # Maintainer: Michael Mason <ms13sp@gmail.com>
 pkgname=tiff
-pkgver=3.9.5
+pkgver=3.9.6
 pkgrel=0
 pkgdesc="Provides support for the Tag Image File Format or TIFF"
 url="http://www.libtiff.org/"
@@ -11,26 +11,18 @@ depends_dev="zlib-dev jpeg-dev"
 makedepends="libtool autoconf automake $depends_dev"
 subpackages="$pkgname-doc $pkgname-dev"
 source="ftp://ftp.remotesensing.org/pub/libtiff/$pkgname-$pkgver.tar.gz
+	libtiff-negsize-3.9.patch
 	"
 	
 _builddir="$srcdir"/$pkgname-$pkgver

 prepare() {
-	local _failed=
 	cd "$_builddir"
-
 	for i in $source; do
 		case $i in
-		*.patch) msg $i; patch -p1 -i "$srcdir"/$i || _failed="$_failed $i";;
+		*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
 		esac
 	done
-
-	rm -f libtool.m4
-	libtoolize --force --copy \
-		&& aclocal -I . -I m4 \
-		&& automake --add-missing --copy \
-		&& autoconf \
-		&& autoheader
 }

 build() {
@@ -50,4 +42,5 @@ package() {
 	rm -f "$pkgdir"/usr/lib/*.la
 }

-md5sums="8fc7ce3b4e1d0cc8a319336967815084  tiff-3.9.5.tar.gz"
+md5sums="6920f3bf628d791d49f268b83612ed23  tiff-3.9.6.tar.gz
+a0742e7c81551c51438a8d6fa5d68676  libtiff-negsize-3.9.patch"
--- a/main/tiff/libtiff-negsize-3.9.patch
+++ b/main/tiff/libtiff-negsize-3.9.patch
+Index: libtiff/tif_strip.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_strip.c,v
+retrieving revision 1.19.2.3
+diff -c -r1.19.2.3 tif_strip.c
+*** ./libtiff/tif_strip.c	15 Dec 2010 00:50:30 -0000	1.19.2.3
+--- ./libtiff/tif_strip.c	17 Apr 2012 18:14:22 -0000
+***************
+*** 107,112 ****
+--- 107,113 ----
+  TIFFVStripSize(TIFF* tif, uint32 nrows)
+  {
+  	TIFFDirectory *td = &tif->tif_dir;
+ 	uint32 stripsize;
+  
+  	if (nrows == (uint32) -1)
+  		nrows = td->td_imagelength;
+***************
+*** 122,128 ****
+  		 * YCbCr data for the extended image.
+  		 */
+  		uint16 ycbcrsubsampling[2];
+! 		tsize_t w, scanline, samplingarea;
+  
+  		TIFFGetFieldDefaulted(tif, TIFFTAG_YCBCRSUBSAMPLING,
+  				      ycbcrsubsampling + 0,
+--- 123,129 ----
+  		 * YCbCr data for the extended image.
+  		 */
+  		uint16 ycbcrsubsampling[2];
+! 		uint32 w, scanline, samplingarea;
+  
+  		TIFFGetFieldDefaulted(tif, TIFFTAG_YCBCRSUBSAMPLING,
+  				      ycbcrsubsampling + 0,
+***************
+*** 141,153 ****
+  		nrows = TIFFroundup(nrows, ycbcrsubsampling[1]);
+  		/* NB: don't need TIFFhowmany here 'cuz everything is rounded */
+  		scanline = multiply(tif, nrows, scanline, "TIFFVStripSize");
+! 		return ((tsize_t)
+  		    summarize(tif, scanline,
+  			      multiply(tif, 2, scanline / samplingarea,
+! 				       "TIFFVStripSize"), "TIFFVStripSize"));
+  	} else
+! 		return ((tsize_t) multiply(tif, nrows, TIFFScanlineSize(tif),
+! 					   "TIFFVStripSize"));
+  }
+  
+  
+--- 142,160 ----
+  		nrows = TIFFroundup(nrows, ycbcrsubsampling[1]);
+  		/* NB: don't need TIFFhowmany here 'cuz everything is rounded */
+  		scanline = multiply(tif, nrows, scanline, "TIFFVStripSize");
+! 		stripsize =
+  		    summarize(tif, scanline,
+  			      multiply(tif, 2, scanline / samplingarea,
+! 				       "TIFFVStripSize"), "TIFFVStripSize");
+  	} else
+! 		stripsize = multiply(tif, nrows, TIFFScanlineSize(tif),
+! 				     "TIFFVStripSize");
+! 	/* Because tsize_t is signed, we might have conversion overflow */
+! 	if (((tsize_t) stripsize) < 0) {
+! 		TIFFErrorExt(tif->tif_clientdata, tif->tif_name, "Integer overflow in %s", "TIFFVStripSize");
+! 		stripsize = 0;
+! 	}
+! 	return (tsize_t) stripsize;
+  }
+  
+  
+Index: libtiff/tif_tile.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_tile.c,v
+retrieving revision 1.12.2.1
+diff -c -r1.12.2.1 tif_tile.c
+*** ./libtiff/tif_tile.c	8 Jun 2010 18:50:43 -0000	1.12.2.1
+--- ./libtiff/tif_tile.c	17 Apr 2012 18:14:22 -0000
+***************
+*** 174,180 ****
+  TIFFTileRowSize(TIFF* tif)
+  {
+  	TIFFDirectory *td = &tif->tif_dir;
+! 	tsize_t rowsize;
+  	
+  	if (td->td_tilelength == 0 || td->td_tilewidth == 0)
+  		return ((tsize_t) 0);
+--- 174,180 ----
+  TIFFTileRowSize(TIFF* tif)
+  {
+  	TIFFDirectory *td = &tif->tif_dir;
+! 	uint32 rowsize;
+  	
+  	if (td->td_tilelength == 0 || td->td_tilewidth == 0)
+  		return ((tsize_t) 0);
+***************
+*** 193,199 ****
+  TIFFVTileSize(TIFF* tif, uint32 nrows)
+  {
+  	TIFFDirectory *td = &tif->tif_dir;
+! 	tsize_t tilesize;
+  
+  	if (td->td_tilelength == 0 || td->td_tilewidth == 0 ||
+  	    td->td_tiledepth == 0)
+--- 193,199 ----
+  TIFFVTileSize(TIFF* tif, uint32 nrows)
+  {
+  	TIFFDirectory *td = &tif->tif_dir;
+! 	uint32 tilesize;
+  
+  	if (td->td_tilelength == 0 || td->td_tilewidth == 0 ||
+  	    td->td_tiledepth == 0)
+***************
+*** 209,220 ****
+  		 * horizontal/vertical subsampling area include
+  		 * YCbCr data for the extended image.
+  		 */
+! 		tsize_t w =
+  		    TIFFroundup(td->td_tilewidth, td->td_ycbcrsubsampling[0]);
+! 		tsize_t rowsize =
+  		    TIFFhowmany8(multiply(tif, w, td->td_bitspersample,
+  					  "TIFFVTileSize"));
+! 		tsize_t samplingarea =
+  		    td->td_ycbcrsubsampling[0]*td->td_ycbcrsubsampling[1];
+  		if (samplingarea == 0) {
+  			TIFFErrorExt(tif->tif_clientdata, tif->tif_name, "Invalid YCbCr subsampling");
+--- 209,220 ----
+  		 * horizontal/vertical subsampling area include
+  		 * YCbCr data for the extended image.
+  		 */
+! 		uint32 w =
+  		    TIFFroundup(td->td_tilewidth, td->td_ycbcrsubsampling[0]);
+! 		uint32 rowsize =
+  		    TIFFhowmany8(multiply(tif, w, td->td_bitspersample,
+  					  "TIFFVTileSize"));
+! 		uint32 samplingarea =
+  		    td->td_ycbcrsubsampling[0]*td->td_ycbcrsubsampling[1];
+  		if (samplingarea == 0) {
+  			TIFFErrorExt(tif->tif_clientdata, tif->tif_name, "Invalid YCbCr subsampling");
+***************
+*** 230,237 ****
+  	} else
+  		tilesize = multiply(tif, nrows, TIFFTileRowSize(tif),
+  				    "TIFFVTileSize");
+! 	return ((tsize_t)
+! 	    multiply(tif, tilesize, td->td_tiledepth, "TIFFVTileSize"));
+  }
+  
+  /*
+--- 230,242 ----
+  	} else
+  		tilesize = multiply(tif, nrows, TIFFTileRowSize(tif),
+  				    "TIFFVTileSize");
+! 	tilesize = multiply(tif, tilesize, td->td_tiledepth, "TIFFVTileSize");
+! 	/* Because tsize_t is signed, we might have conversion overflow */
+! 	if (((tsize_t) tilesize) < 0) {
+! 		TIFFErrorExt(tif->tif_clientdata, tif->tif_name, "Integer overflow in %s", "TIFFVTileSize");
+! 		tilesize = 0;
+! 	}
+! 	return (tsize_t) tilesize;
+  }
+  
+  /*