From 3ebfd6833615ebcbe71b643ae6b470fed1ea5452 Mon Sep 17 00:00:00 2001 From: Florian Fainelli Date: Thu, 27 Sep 2012 08:29:08 +0000 Subject: [PATCH] [package] tiff: update to 4.0.2 Fixes CVE-2012-3401 SVN-Revision: 33568 --- libs/tiff/Makefile | 4 +- libs/tiff/patches/001-CVE-2012-1173.patch | 69 ----------------------- 2 files changed, 2 insertions(+), 71 deletions(-) delete mode 100644 libs/tiff/patches/001-CVE-2012-1173.patch diff --git a/libs/tiff/Makefile b/libs/tiff/Makefile index d5ed3b1357..a6a92f69ad 100644 --- a/libs/tiff/Makefile +++ b/libs/tiff/Makefile @@ -9,12 +9,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=tiff -PKG_VERSION:=4.0.1 +PKG_VERSION:=4.0.2 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://download.osgeo.org/libtiff -PKG_MD5SUM:=fae149cc9da35c598d8be897826dfc63 +PKG_MD5SUM:=04a08fa1e07e696e820a0c3f32465a13 PKG_FIXUP:=libtool-ucxx PKG_REMOVE_FILES:=autogen.sh aclocal.m4 diff --git a/libs/tiff/patches/001-CVE-2012-1173.patch b/libs/tiff/patches/001-CVE-2012-1173.patch deleted file mode 100644 index 1c74a8b86c..0000000000 --- a/libs/tiff/patches/001-CVE-2012-1173.patch +++ /dev/null @@ -1,69 +0,0 @@ -diff -urN tiff-4.0.1/libtiff/tif_getimage.c tiff-4.0.1.new/libtiff/tif_getimage.c ---- tiff-4.0.1/libtiff/tif_getimage.c 2011-02-25 04:34:02.000000000 +0100 -+++ tiff-4.0.1.new/libtiff/tif_getimage.c 2012-04-20 13:27:50.109802168 +0200 -@@ -692,6 +692,7 @@ - unsigned char* p2; - unsigned char* pa; - tmsize_t tilesize; -+ tmsize_t bufsize; - int32 fromskew, toskew; - int alpha = img->alpha; - uint32 nrow; -@@ -699,12 +700,17 @@ - int colorchannels; - - tilesize = TIFFTileSize(tif); -- buf = (unsigned char*) _TIFFmalloc((alpha?4:3)*tilesize); -+ bufsize = TIFFSafeMultiply(tmsize_t,alpha?4:3,tilesize); -+ if (bufsize == 0) { -+ TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer overflow in %s", "gtTileSeparate"); -+ return (0); -+ } -+ buf = (unsigned char*) _TIFFmalloc(bufsize); - if (buf == 0) { - TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "%s", "No space for tile buffer"); - return (0); - } -- _TIFFmemset(buf, 0, (alpha?4:3)*tilesize); -+ _TIFFmemset(buf, 0, bufsize); - p0 = buf; - p1 = p0 + tilesize; - p2 = p1 + tilesize; -@@ -917,17 +923,23 @@ - uint32 rowsperstrip, offset_row; - uint32 imagewidth = img->width; - tmsize_t stripsize; -+ tmsize_t bufsize; - int32 fromskew, toskew; - int alpha = img->alpha; - int ret = 1, flip, colorchannels; - - stripsize = TIFFStripSize(tif); -- p0 = buf = (unsigned char *)_TIFFmalloc((alpha?4:3)*stripsize); -+ bufsize = TIFFSafeMultiply(tmsize_t,alpha?4:3,stripsize); -+ if (bufsize == 0) { -+ TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer overflow in %s", "gtStripSeparate"); -+ return (0); -+ } -+ p0 = buf = (unsigned char *)_TIFFmalloc(bufsize); - if (buf == 0) { - TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "No space for tile buffer"); - return (0); - } -- _TIFFmemset(buf, 0, (alpha?4:3)*stripsize); -+ _TIFFmemset(buf, 0, bufsize); - p1 = p0 + stripsize; - p2 = p1 + stripsize; - pa = (alpha?(p2+stripsize):NULL); -diff -urN tiff-4.0.1/libtiff/tiffiop.h tiff-4.0.1.new/libtiff/tiffiop.h ---- tiff-4.0.1/libtiff/tiffiop.h 2011-02-19 17:26:09.000000000 +0100 -+++ tiff-4.0.1.new/libtiff/tiffiop.h 2012-04-20 13:27:50.109802168 +0200 -@@ -250,7 +250,7 @@ - #define TIFFroundup_64(x, y) (TIFFhowmany_64(x,y)*(y)) - - /* Safe multiply which returns zero if there is an integer overflow */ --#define TIFFSafeMultiply(t,v,m) ((((t)m != (t)0) && (((t)((v*m)/m)) == (t)v)) ? (t)(v*m) : (t)0) -+#define TIFFSafeMultiply(t,v,m) ((((t)(m) != (t)0) && (((t)(((v)*(m))/(m))) == (t)(v))) ? (t)((v)*(m)) : (t)0) - - #define TIFFmax(A,B) ((A)>(B)?(A):(B)) - #define TIFFmin(A,B) ((A)<(B)?(A):(B)) -- 2.30.2