diff options
| author |   Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 13:49:04 -0700 |
|---|---|---|
| committer | Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 17:38:18 -0700 |
| commit | 56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch) | |
| tree | 3f91093cdb475e565ae857f1c5a7fd339e2d781e /media-libs/tiff | |
| download | gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2 gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip | |
proj/gentoo: Initial commit
This commit represents a new era for Gentoo:
Storing the gentoo-x86 tree in Git, as converted from CVS.
This commit is the start of the NEW history.
Any historical data is intended to be grafted onto this point.
Creation process:
1. Take final CVS checkout snapshot
2. Remove ALL ChangeLog* files
3. Transform all Manifests to thin
4. Remove empty Manifests
5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$
5.1. Do not touch files with -kb/-ko keyword flags.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests
X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project
X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration
X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn
X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts
X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration
X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging
X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed
Diffstat (limited to 'media-libs/tiff')
18 files changed, 1979 insertions, 0 deletions
diff --git a/media-libs/tiff/Manifest b/media-libs/tiff/Manifest new file mode 100644 index 000000000000..95d287afe209 --- /dev/null +++ b/media-libs/tiff/Manifest @@ -0,0 +1,2 @@ +DIST tiff-3.9.7.tar.gz 1468097 SHA256 f5d64dd4ce61c55f5e9f6dc3920fbe5a41e02c2e607da7117a35eb5c320cef6a SHA512 ca89584a9ffa33b4986e4bc2165043cec239896f1f0ab73db00818d0442b570efaa6345b2ed422e884202324d359713df849bf14782bb0cf3b959655febddd77 WHIRLPOOL c06b35da66c365c1fe7f0e6e06a400e139d3e2b5b280aa764015c2f0383a6191ffb3d335cdf2211b687bbb0caacf641be409148986a9813dfde5822a650a9b1c +DIST tiff-4.0.3.tar.gz 2051630 SHA256 ea1aebe282319537fb2d4d7805f478dd4e0e05c33d0928baba76a7c963684872 SHA512 d80e18b00e9e696a30b954c0d92e5f2f773fd9a7a0a944cf6cabb69c1798e671506580daa1cd2ebf493ae922000170c2491dfc6d4c0a9cd0b865684070595a73 WHIRLPOOL 762ace7c66dec7a6f350bc8c000a9e1f4b775e7b148b1d923eb3f7c015f47bda65a54bc0b5974ce665c7d836ec0b275c9307d1f18f3b6bee8b0949a6cceb319e diff --git a/media-libs/tiff/files/tiff-3.9.7-CVE-2012-4447.patch b/media-libs/tiff/files/tiff-3.9.7-CVE-2012-4447.patch new file mode 100644 index 000000000000..6c28dc6ec9a8 --- /dev/null +++ b/media-libs/tiff/files/tiff-3.9.7-CVE-2012-4447.patch @@ -0,0 +1,191 @@ +Upstream patch for CVE-2012-4447. This also covers an out-of-bounds-read +possibility in the same file, which wasn't given a separate CVE. + + +diff -Naur tiff-3.9.4.orig/libtiff/tif_pixarlog.c tiff-3.9.4/libtiff/tif_pixarlog.c +--- tiff-3.9.4.orig/libtiff/tif_pixarlog.c 2010-06-08 14:50:42.000000000 -0400 ++++ tiff-3.9.4/libtiff/tif_pixarlog.c 2012-12-10 15:50:14.421538317 -0500 +@@ -117,9 +117,9 @@ + if (n >= stride) { + mask = CODE_MASK; + if (stride == 3) { +- t0 = ToLinearF[cr = wp[0]]; +- t1 = ToLinearF[cg = wp[1]]; +- t2 = ToLinearF[cb = wp[2]]; ++ t0 = ToLinearF[cr = (wp[0] & mask)]; ++ t1 = ToLinearF[cg = (wp[1] & mask)]; ++ t2 = ToLinearF[cb = (wp[2] & mask)]; + op[0] = t0; + op[1] = t1; + op[2] = t2; +@@ -136,10 +136,10 @@ + op[2] = t2; + } + } else if (stride == 4) { +- t0 = ToLinearF[cr = wp[0]]; +- t1 = ToLinearF[cg = wp[1]]; +- t2 = ToLinearF[cb = wp[2]]; +- t3 = ToLinearF[ca = wp[3]]; ++ t0 = ToLinearF[cr = (wp[0] & mask)]; ++ t1 = ToLinearF[cg = (wp[1] & mask)]; ++ t2 = ToLinearF[cb = (wp[2] & mask)]; ++ t3 = ToLinearF[ca = (wp[3] & mask)]; + op[0] = t0; + op[1] = t1; + op[2] = t2; +@@ -183,9 +183,9 @@ + if (n >= stride) { + mask = CODE_MASK; + if (stride == 3) { +- t0 = ToLinearF[cr = wp[0]] * SCALE12; +- t1 = ToLinearF[cg = wp[1]] * SCALE12; +- t2 = ToLinearF[cb = wp[2]] * SCALE12; ++ t0 = ToLinearF[cr = (wp[0] & mask)] * SCALE12; ++ t1 = ToLinearF[cg = (wp[1] & mask)] * SCALE12; ++ t2 = ToLinearF[cb = (wp[2] & mask)] * SCALE12; + op[0] = CLAMP12(t0); + op[1] = CLAMP12(t1); + op[2] = CLAMP12(t2); +@@ -202,10 +202,10 @@ + op[2] = CLAMP12(t2); + } + } else if (stride == 4) { +- t0 = ToLinearF[cr = wp[0]] * SCALE12; +- t1 = ToLinearF[cg = wp[1]] * SCALE12; +- t2 = ToLinearF[cb = wp[2]] * SCALE12; +- t3 = ToLinearF[ca = wp[3]] * SCALE12; ++ t0 = ToLinearF[cr = (wp[0] & mask)] * SCALE12; ++ t1 = ToLinearF[cg = (wp[1] & mask)] * SCALE12; ++ t2 = ToLinearF[cb = (wp[2] & mask)] * SCALE12; ++ t3 = ToLinearF[ca = (wp[3] & mask)] * SCALE12; + op[0] = CLAMP12(t0); + op[1] = CLAMP12(t1); + op[2] = CLAMP12(t2); +@@ -247,9 +247,9 @@ + if (n >= stride) { + mask = CODE_MASK; + if (stride == 3) { +- op[0] = ToLinear16[cr = wp[0]]; +- op[1] = ToLinear16[cg = wp[1]]; +- op[2] = ToLinear16[cb = wp[2]]; ++ op[0] = ToLinear16[cr = (wp[0] & mask)]; ++ op[1] = ToLinear16[cg = (wp[1] & mask)]; ++ op[2] = ToLinear16[cb = (wp[2] & mask)]; + n -= 3; + while (n > 0) { + wp += 3; +@@ -260,10 +260,10 @@ + op[2] = ToLinear16[(cb += wp[2]) & mask]; + } + } else if (stride == 4) { +- op[0] = ToLinear16[cr = wp[0]]; +- op[1] = ToLinear16[cg = wp[1]]; +- op[2] = ToLinear16[cb = wp[2]]; +- op[3] = ToLinear16[ca = wp[3]]; ++ op[0] = ToLinear16[cr = (wp[0] & mask)]; ++ op[1] = ToLinear16[cg = (wp[1] & mask)]; ++ op[2] = ToLinear16[cb = (wp[2] & mask)]; ++ op[3] = ToLinear16[ca = (wp[3] & mask)]; + n -= 4; + while (n > 0) { + wp += 4; +@@ -342,9 +342,9 @@ + if (n >= stride) { + mask = CODE_MASK; + if (stride == 3) { +- op[0] = ToLinear8[cr = wp[0]]; +- op[1] = ToLinear8[cg = wp[1]]; +- op[2] = ToLinear8[cb = wp[2]]; ++ op[0] = ToLinear8[cr = (wp[0] & mask)]; ++ op[1] = ToLinear8[cg = (wp[1] & mask)]; ++ op[2] = ToLinear8[cb = (wp[2] & mask)]; + n -= 3; + while (n > 0) { + n -= 3; +@@ -355,10 +355,10 @@ + op[2] = ToLinear8[(cb += wp[2]) & mask]; + } + } else if (stride == 4) { +- op[0] = ToLinear8[cr = wp[0]]; +- op[1] = ToLinear8[cg = wp[1]]; +- op[2] = ToLinear8[cb = wp[2]]; +- op[3] = ToLinear8[ca = wp[3]]; ++ op[0] = ToLinear8[cr = (wp[0] & mask)]; ++ op[1] = ToLinear8[cg = (wp[1] & mask)]; ++ op[2] = ToLinear8[cb = (wp[2] & mask)]; ++ op[3] = ToLinear8[ca = (wp[3] & mask)]; + n -= 4; + while (n > 0) { + n -= 4; +@@ -393,9 +393,9 @@ + mask = CODE_MASK; + if (stride == 3) { + op[0] = 0; +- t1 = ToLinear8[cb = wp[2]]; +- t2 = ToLinear8[cg = wp[1]]; +- t3 = ToLinear8[cr = wp[0]]; ++ t1 = ToLinear8[cb = (wp[2] & mask)]; ++ t2 = ToLinear8[cg = (wp[1] & mask)]; ++ t3 = ToLinear8[cr = (wp[0] & mask)]; + op[1] = t1; + op[2] = t2; + op[3] = t3; +@@ -413,10 +413,10 @@ + op[3] = t3; + } + } else if (stride == 4) { +- t0 = ToLinear8[ca = wp[3]]; +- t1 = ToLinear8[cb = wp[2]]; +- t2 = ToLinear8[cg = wp[1]]; +- t3 = ToLinear8[cr = wp[0]]; ++ t0 = ToLinear8[ca = (wp[3] & mask)]; ++ t1 = ToLinear8[cb = (wp[2] & mask)]; ++ t2 = ToLinear8[cg = (wp[1] & mask)]; ++ t3 = ToLinear8[cr = (wp[0] & mask)]; + op[0] = t0; + op[1] = t1; + op[2] = t2; +@@ -630,10 +630,10 @@ + return guess; + } + +-static uint32 +-multiply(size_t m1, size_t m2) ++static tsize_t ++multiply(tsize_t m1, tsize_t m2) + { +- uint32 bytes = m1 * m2; ++ tsize_t bytes = m1 * m2; + + if (m1 && bytes / m1 != m2) + bytes = 0; +@@ -641,6 +641,20 @@ + return bytes; + } + ++static tsize_t ++add_ms(tsize_t m1, tsize_t m2) ++{ ++ tsize_t bytes = m1 + m2; ++ ++ /* if either input is zero, assume overflow already occurred */ ++ if (m1 == 0 || m2 == 0) ++ bytes = 0; ++ else if (bytes <= m1 || bytes <= m2) ++ bytes = 0; ++ ++ return bytes; ++} ++ + static int + PixarLogSetupDecode(TIFF* tif) + { +@@ -661,6 +675,8 @@ + td->td_samplesperpixel : 1); + tbuf_size = multiply(multiply(multiply(sp->stride, td->td_imagewidth), + td->td_rowsperstrip), sizeof(uint16)); ++ /* add one more stride in case input ends mid-stride */ ++ tbuf_size = add_ms(tbuf_size, sizeof(uint16) * sp->stride); + if (tbuf_size == 0) + return (0); + sp->tbuf = (uint16 *) _TIFFmalloc(tbuf_size); diff --git a/media-libs/tiff/files/tiff-3.9.7-CVE-2012-4564.patch b/media-libs/tiff/files/tiff-3.9.7-CVE-2012-4564.patch new file mode 100644 index 000000000000..98a6e6c4409d --- /dev/null +++ b/media-libs/tiff/files/tiff-3.9.7-CVE-2012-4564.patch @@ -0,0 +1,77 @@ +Upstream patch for CVE-2012-4564. + + +diff -Naur tiff-3.9.4.orig/tools/ppm2tiff.c tiff-3.9.4/tools/ppm2tiff.c +--- tiff-3.9.4.orig/tools/ppm2tiff.c 2010-06-08 14:50:44.000000000 -0400 ++++ tiff-3.9.4/tools/ppm2tiff.c 2012-12-10 16:16:05.154045877 -0500 +@@ -68,6 +68,17 @@ + exit(-2); + } + ++static tsize_t ++multiply_ms(tsize_t m1, tsize_t m2) ++{ ++ tsize_t bytes = m1 * m2; ++ ++ if (m1 && bytes / m1 != m2) ++ bytes = 0; ++ ++ return bytes; ++} ++ + int + main(int argc, char* argv[]) + { +@@ -85,6 +96,7 @@ + int c; + extern int optind; + extern char* optarg; ++ tsize_t scanline_size; + + if (argc < 2) { + fprintf(stderr, "%s: Too few arguments\n", argv[0]); +@@ -217,7 +229,8 @@ + } + switch (bpp) { + case 1: +- linebytes = (spp * w + (8 - 1)) / 8; ++ /* if round-up overflows, result will be zero, OK */ ++ linebytes = (multiply_ms(spp, w) + (8 - 1)) / 8; + if (rowsperstrip == (uint32) -1) { + TIFFSetField(out, TIFFTAG_ROWSPERSTRIP, h); + } else { +@@ -226,15 +239,31 @@ + } + break; + case 8: +- linebytes = spp * w; ++ linebytes = multiply_ms(spp, w); + TIFFSetField(out, TIFFTAG_ROWSPERSTRIP, + TIFFDefaultStripSize(out, rowsperstrip)); + break; + } +- if (TIFFScanlineSize(out) > linebytes) ++ if (linebytes == 0) { ++ fprintf(stderr, "%s: scanline size overflow\n", infile); ++ (void) TIFFClose(out); ++ exit(-2); ++ } ++ scanline_size = TIFFScanlineSize(out); ++ if (scanline_size == 0) { ++ /* overflow - TIFFScanlineSize already printed a message */ ++ (void) TIFFClose(out); ++ exit(-2); ++ } ++ if (scanline_size < linebytes) + buf = (unsigned char *)_TIFFmalloc(linebytes); + else +- buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out)); ++ buf = (unsigned char *)_TIFFmalloc(scanline_size); ++ if (buf == NULL) { ++ fprintf(stderr, "%s: Not enough memory\n", infile); ++ (void) TIFFClose(out); ++ exit(-2); ++ } + if (resolution > 0) { + TIFFSetField(out, TIFFTAG_XRESOLUTION, resolution); + TIFFSetField(out, TIFFTAG_YRESOLUTION, resolution); diff --git a/media-libs/tiff/files/tiff-3.9.7-CVE-2012-5581.patch b/media-libs/tiff/files/tiff-3.9.7-CVE-2012-5581.patch new file mode 100644 index 000000000000..a6bdca137029 --- /dev/null +++ b/media-libs/tiff/files/tiff-3.9.7-CVE-2012-5581.patch @@ -0,0 +1,245 @@ +Fix unsafe handling of DotRange and related tags. Back-port of upstream +patch for CVE-2012-5581. (Note: I have not pushed this into upstream CVS +for the 3.9 branch, because I'm not entirely convinced that it won't create +application compatibility issues --- tgl) + + +diff -Naur tiff-3.9.7.orig/libtiff/tif_dir.c tiff-3.9.7/libtiff/tif_dir.c +--- tiff-3.9.7.orig/libtiff/tif_dir.c 2012-09-22 10:48:09.000000000 -0400 ++++ tiff-3.9.7/libtiff/tif_dir.c 2012-12-13 13:39:20.448864070 -0500 +@@ -494,32 +494,28 @@ + goto end; + } + +- if ((fip->field_passcount ++ if (fip->field_tag == TIFFTAG_DOTRANGE ++ && strcmp(fip->field_name,"DotRange") == 0) { ++ /* TODO: This is an evil exception and should not have been ++ handled this way ... likely best if we move it into ++ the directory structure with an explicit field in ++ libtiff 4.1 and assign it a FIELD_ value */ ++ uint16 v[2]; ++ v[0] = (uint16)va_arg(ap, int); ++ v[1] = (uint16)va_arg(ap, int); ++ _TIFFmemcpy(tv->value, v, 4); ++ } ++ else if (fip->field_passcount + || fip->field_writecount == TIFF_VARIABLE + || fip->field_writecount == TIFF_VARIABLE2 + || fip->field_writecount == TIFF_SPP +- || tv->count > 1) +- && fip->field_tag != TIFFTAG_PAGENUMBER +- && fip->field_tag != TIFFTAG_HALFTONEHINTS +- && fip->field_tag != TIFFTAG_YCBCRSUBSAMPLING +- && fip->field_tag != TIFFTAG_DOTRANGE +- && fip->field_tag != TIFFTAG_WHITELEVEL) { ++ || tv->count > 1) { + _TIFFmemcpy(tv->value, va_arg(ap, void *), + tv->count * tv_size); + } else { +- /* +- * XXX: The following loop required to handle +- * TIFFTAG_PAGENUMBER, TIFFTAG_HALFTONEHINTS, +- * TIFFTAG_YCBCRSUBSAMPLING and TIFFTAG_DOTRANGE tags. +- * These tags are actually arrays and should be passed as +- * array pointers to TIFFSetField() function, but actually +- * passed as a list of separate values. This behaviour +- * must be changed in the future! +- */ +- int i; + char *val = (char *)tv->value; + +- for (i = 0; i < tv->count; i++, val += tv_size) { ++ assert( tv->count == 1 ); + switch (fip->field_type) { + case TIFF_BYTE: + case TIFF_UNDEFINED: +@@ -578,7 +574,6 @@ + status = 0; + break; + } +- } + } + } + } +@@ -869,24 +864,27 @@ + *va_arg(ap, uint16*) = (uint16)tv->count; + *va_arg(ap, void **) = tv->value; + ret_val = 1; +- } else { +- if ((fip->field_type == TIFF_ASCII ++ } else if (fip->field_tag == TIFFTAG_DOTRANGE ++ && strcmp(fip->field_name,"DotRange") == 0) { ++ /* TODO: This is an evil exception and should not have been ++ handled this way ... likely best if we move it into ++ the directory structure with an explicit field in ++ libtiff 4.1 and assign it a FIELD_ value */ ++ *va_arg(ap, uint16*) = ((uint16 *)tv->value)[0]; ++ *va_arg(ap, uint16*) = ((uint16 *)tv->value)[1]; ++ ret_val = 1; ++ } else { ++ if (fip->field_type == TIFF_ASCII + || fip->field_readcount == TIFF_VARIABLE + || fip->field_readcount == TIFF_VARIABLE2 + || fip->field_readcount == TIFF_SPP +- || tv->count > 1) +- && fip->field_tag != TIFFTAG_PAGENUMBER +- && fip->field_tag != TIFFTAG_HALFTONEHINTS +- && fip->field_tag != TIFFTAG_YCBCRSUBSAMPLING +- && fip->field_tag != TIFFTAG_DOTRANGE) { ++ || tv->count > 1) { + *va_arg(ap, void **) = tv->value; + ret_val = 1; + } else { +- int j; + char *val = (char *)tv->value; + +- for (j = 0; j < tv->count; +- j++, val += _TIFFDataSize(tv->info->field_type)) { ++ assert( tv->count == 1 ); + switch (fip->field_type) { + case TIFF_BYTE: + case TIFF_UNDEFINED: +@@ -936,7 +934,6 @@ + ret_val = 0; + break; + } +- } + } + } + break; +diff -Naur tiff-3.9.7.orig/libtiff/tif_print.c tiff-3.9.7/libtiff/tif_print.c +--- tiff-3.9.7.orig/libtiff/tif_print.c 2010-07-08 12:17:59.000000000 -0400 ++++ tiff-3.9.7/libtiff/tif_print.c 2012-12-13 13:42:12.773478278 -0500 +@@ -112,16 +112,22 @@ + } + + static int +-_TIFFPrettyPrintField(TIFF* tif, FILE* fd, ttag_t tag, ++_TIFFPrettyPrintField(TIFF* tif, const TIFFFieldInfo *fip, FILE* fd, ttag_t tag, + uint32 value_count, void *raw_data) + { + TIFFDirectory *td = &tif->tif_dir; + ++ /* do not try to pretty print auto-defined fields */ ++ if (strncmp(fip->field_name,"Tag ", 4) == 0) { ++ return 0; ++ } ++ + switch (tag) + { + case TIFFTAG_INKSET: +- fprintf(fd, " Ink Set: "); +- switch (*((uint16*)raw_data)) { ++ if (value_count == 2 && fip->field_type == TIFF_SHORT) { ++ fprintf(fd, " Ink Set: "); ++ switch (*((uint16*)raw_data)) { + case INKSET_CMYK: + fprintf(fd, "CMYK\n"); + break; +@@ -130,11 +136,18 @@ + *((uint16*)raw_data), + *((uint16*)raw_data)); + break; ++ } ++ return 1; + } +- return 1; ++ return 0; ++ + case TIFFTAG_WHITEPOINT: +- fprintf(fd, " White Point: %g-%g\n", +- ((float *)raw_data)[0], ((float *)raw_data)[1]); return 1; ++ if (value_count == 2 && fip->field_type == TIFF_RATIONAL) { ++ fprintf(fd, " White Point: %g-%g\n", ++ ((float *)raw_data)[0], ((float *)raw_data)[1]); return 1; ++ } ++ return 0; ++ + case TIFFTAG_REFERENCEBLACKWHITE: + { + uint16 i; +@@ -174,10 +187,13 @@ + (unsigned long) value_count); + return 1; + case TIFFTAG_STONITS: +- fprintf(fd, +- " Sample to Nits conversion factor: %.4e\n", +- *((double*)raw_data)); +- return 1; ++ if (value_count == 1 && fip->field_type == TIFF_DOUBLE) { ++ fprintf(fd, ++ " Sample to Nits conversion factor: %.4e\n", ++ *((double*)raw_data)); ++ return 1; ++ } ++ return 0; + } + + return 0; +@@ -524,44 +540,28 @@ + value_count = td->td_samplesperpixel; + else + value_count = fip->field_readcount; +- if ((fip->field_type == TIFF_ASCII ++ if (fip->field_tag == TIFFTAG_DOTRANGE ++ && strcmp(fip->field_name,"DotRange") == 0) { ++ /* TODO: This is an evil exception and should not have been ++ handled this way ... likely best if we move it into ++ the directory structure with an explicit field in ++ libtiff 4.1 and assign it a FIELD_ value */ ++ static uint16 dotrange[2]; ++ raw_data = dotrange; ++ TIFFGetField(tif, tag, dotrange+0, dotrange+1); ++ } else if (fip->field_type == TIFF_ASCII + || fip->field_readcount == TIFF_VARIABLE + || fip->field_readcount == TIFF_VARIABLE2 + || fip->field_readcount == TIFF_SPP +- || value_count > 1) +- && fip->field_tag != TIFFTAG_PAGENUMBER +- && fip->field_tag != TIFFTAG_HALFTONEHINTS +- && fip->field_tag != TIFFTAG_YCBCRSUBSAMPLING +- && fip->field_tag != TIFFTAG_DOTRANGE) { ++ || value_count > 1) { + if(TIFFGetField(tif, tag, &raw_data) != 1) + continue; +- } else if (fip->field_tag != TIFFTAG_PAGENUMBER +- && fip->field_tag != TIFFTAG_HALFTONEHINTS +- && fip->field_tag != TIFFTAG_YCBCRSUBSAMPLING +- && fip->field_tag != TIFFTAG_DOTRANGE) { +- raw_data = _TIFFmalloc( +- _TIFFDataSize(fip->field_type) +- * value_count); +- mem_alloc = 1; +- if(TIFFGetField(tif, tag, raw_data) != 1) { +- _TIFFfree(raw_data); +- continue; +- } + } else { +- /* +- * XXX: Should be fixed and removed, see the +- * notes related to TIFFTAG_PAGENUMBER, +- * TIFFTAG_HALFTONEHINTS, +- * TIFFTAG_YCBCRSUBSAMPLING and +- * TIFFTAG_DOTRANGE tags in tif_dir.c. */ +- char *tmp; + raw_data = _TIFFmalloc( + _TIFFDataSize(fip->field_type) + * value_count); +- tmp = raw_data; + mem_alloc = 1; +- if(TIFFGetField(tif, tag, tmp, +- tmp + _TIFFDataSize(fip->field_type)) != 1) { ++ if(TIFFGetField(tif, tag, raw_data) != 1) { + _TIFFfree(raw_data); + continue; + } +@@ -574,7 +574,7 @@ + * _TIFFPrettyPrintField() fall down and print it as any other + * tag. + */ +- if (_TIFFPrettyPrintField(tif, fd, tag, value_count, raw_data)) { ++ if (_TIFFPrettyPrintField(tif, fip, fd, tag, value_count, raw_data)) { + if(mem_alloc) + _TIFFfree(raw_data); + continue; diff --git a/media-libs/tiff/files/tiff-3.9.7-printdir-width.patch b/media-libs/tiff/files/tiff-3.9.7-printdir-width.patch new file mode 100644 index 000000000000..6ad7534ac6fe --- /dev/null +++ b/media-libs/tiff/files/tiff-3.9.7-printdir-width.patch @@ -0,0 +1,36 @@ +Make TIFFPrintDirectory cope with both TIFF_VARIABLE and TIFF_VARIABLE2 +conventions for field_passcount fields, ie, either 16- or 32-bit counts. +This patch is taken from upstream commits dated 2012-05-23 ("fix crash +with odd 16bit count types for some custom fields") and 2012-12-12 ("Fix +TIFF_VARIABLE/TIFF_VARIABLE2 confusion in TIFFPrintDirectory"). + +This doesn't qualify as a security issue in itself, mainly because +TIFFPrintDirectory is unlikely to be used in any security-exposed +scenarios; but we need to fix it so that our test case for CVE-2012-5581 +works on all platforms. + + +diff -Naur tiff-3.9.4.orig/libtiff/tif_print.c tiff-3.9.4/libtiff/tif_print.c +--- tiff-3.9.4.orig/libtiff/tif_print.c 2010-06-08 14:50:42.000000000 -0400 ++++ tiff-3.9.4/libtiff/tif_print.c 2012-12-13 12:17:33.726765771 -0500 +@@ -518,8 +518,19 @@ + continue; + + if(fip->field_passcount) { +- if(TIFFGetField(tif, tag, &value_count, &raw_data) != 1) ++ if (fip->field_readcount == TIFF_VARIABLE2 ) { ++ if(TIFFGetField(tif, tag, &value_count, &raw_data) != 1) ++ continue; ++ } else if (fip->field_readcount == TIFF_VARIABLE ) { ++ uint16 small_value_count; ++ if(TIFFGetField(tif, tag, &small_value_count, &raw_data) != 1) ++ continue; ++ value_count = small_value_count; ++ } else { ++ assert (fip->field_readcount == TIFF_VARIABLE ++ || fip->field_readcount == TIFF_VARIABLE2); + continue; ++ } + } else { + if (fip->field_readcount == TIFF_VARIABLE + || fip->field_readcount == TIFF_VARIABLE2) diff --git a/media-libs/tiff/files/tiff-3.9.7-tiffinfo-exif.patch b/media-libs/tiff/files/tiff-3.9.7-tiffinfo-exif.patch new file mode 100644 index 000000000000..a326e21e298b --- /dev/null +++ b/media-libs/tiff/files/tiff-3.9.7-tiffinfo-exif.patch @@ -0,0 +1,59 @@ +Teach "tiffinfo -D" to not try to print image data inside an EXIF subdirectory, +because there isn't any. Back-patched from an upstream 4.0.2 fix. + +This is not a security issue in itself (it crashes, but with a simple NULL +pointer dereference). However, our test case for CVE-2012-5581 tickles this +bug, so it seems easier to fix this than make a new test case. + + +diff -Naur tiff-3.9.4.orig/tools/tiffinfo.c tiff-3.9.4/tools/tiffinfo.c +--- tiff-3.9.4.orig/tools/tiffinfo.c 2010-06-08 14:50:44.000000000 -0400 ++++ tiff-3.9.4/tools/tiffinfo.c 2012-12-11 16:33:17.062228558 -0500 +@@ -49,7 +49,7 @@ + int stoponerr = 1; /* stop on first read error */ + + static void usage(void); +-static void tiffinfo(TIFF*, uint16, long); ++static void tiffinfo(TIFF*, uint16, long, int); + + int + main(int argc, char* argv[]) +@@ -124,19 +124,20 @@ + if (tif != NULL) { + if (dirnum != -1) { + if (TIFFSetDirectory(tif, (tdir_t) dirnum)) +- tiffinfo(tif, order, flags); ++ tiffinfo(tif, order, flags, 1); + } else if (diroff != 0) { + if (TIFFSetSubDirectory(tif, diroff)) +- tiffinfo(tif, order, flags); ++ tiffinfo(tif, order, flags, 1); + } else { + do { + uint32 offset; + +- tiffinfo(tif, order, flags); ++ tiffinfo(tif, order, flags, 1); + if (TIFFGetField(tif, TIFFTAG_EXIFIFD, + &offset)) { +- if (TIFFReadEXIFDirectory(tif, offset)) +- tiffinfo(tif, order, flags); ++ if (TIFFReadEXIFDirectory(tif, offset)) { ++ tiffinfo(tif, order, flags, 0); ++ } + } + } while (TIFFReadDirectory(tif)); + } +@@ -426,10 +427,10 @@ + } + + static void +-tiffinfo(TIFF* tif, uint16 order, long flags) ++tiffinfo(TIFF* tif, uint16 order, long flags, int is_image) + { + TIFFPrintDirectory(tif, stdout, flags); +- if (!readdata) ++ if (!readdata || !is_image) + return; + if (rawdata) { + if (order) { diff --git a/media-libs/tiff/files/tiff-4.0.3-CVE-2012-4447.patch b/media-libs/tiff/files/tiff-4.0.3-CVE-2012-4447.patch new file mode 100644 index 000000000000..ebf9a00e1b6d --- /dev/null +++ b/media-libs/tiff/files/tiff-4.0.3-CVE-2012-4447.patch @@ -0,0 +1,40 @@ +Upstream patch for CVE-2012-4447. + + +diff -Naur tiff-4.0.3.orig/libtiff/tif_pixarlog.c tiff-4.0.3/libtiff/tif_pixarlog.c +--- tiff-4.0.3.orig/libtiff/tif_pixarlog.c 2012-07-04 15:26:31.000000000 -0400 ++++ tiff-4.0.3/libtiff/tif_pixarlog.c 2012-12-12 16:43:18.931315699 -0500 +@@ -644,6 +644,20 @@ + return bytes; + } + ++static tmsize_t ++add_ms(tmsize_t m1, tmsize_t m2) ++{ ++ tmsize_t bytes = m1 + m2; ++ ++ /* if either input is zero, assume overflow already occurred */ ++ if (m1 == 0 || m2 == 0) ++ bytes = 0; ++ else if (bytes <= m1 || bytes <= m2) ++ bytes = 0; ++ ++ return bytes; ++} ++ + static int + PixarLogFixupTags(TIFF* tif) + { +@@ -671,9 +685,11 @@ + td->td_samplesperpixel : 1); + tbuf_size = multiply_ms(multiply_ms(multiply_ms(sp->stride, td->td_imagewidth), + td->td_rowsperstrip), sizeof(uint16)); ++ /* add one more stride in case input ends mid-stride */ ++ tbuf_size = add_ms(tbuf_size, sizeof(uint16) * sp->stride); + if (tbuf_size == 0) + return (0); /* TODO: this is an error return without error report through TIFFErrorExt */ +- sp->tbuf = (uint16 *) _TIFFmalloc(tbuf_size+sizeof(uint16)*sp->stride); ++ sp->tbuf = (uint16 *) _TIFFmalloc(tbuf_size); + if (sp->tbuf == NULL) + return (0); + if (sp->user_datafmt == PIXARLOGDATAFMT_UNKNOWN) diff --git a/media-libs/tiff/files/tiff-4.0.3-CVE-2012-4564.patch b/media-libs/tiff/files/tiff-4.0.3-CVE-2012-4564.patch new file mode 100644 index 000000000000..3d7946c7ec3f --- /dev/null +++ b/media-libs/tiff/files/tiff-4.0.3-CVE-2012-4564.patch @@ -0,0 +1,86 @@ +Upstream patch for CVE-2012-4564. + + +diff -Naur tiff-4.0.3.orig/tools/ppm2tiff.c tiff-4.0.3/tools/ppm2tiff.c +--- tiff-4.0.3.orig/tools/ppm2tiff.c 2010-04-10 15:22:34.000000000 -0400 ++++ tiff-4.0.3/tools/ppm2tiff.c 2012-12-12 16:43:18.932315708 -0500 +@@ -72,6 +72,17 @@ + exit(-2); + } + ++static tmsize_t ++multiply_ms(tmsize_t m1, tmsize_t m2) ++{ ++ tmsize_t bytes = m1 * m2; ++ ++ if (m1 && bytes / m1 != m2) ++ bytes = 0; ++ ++ return bytes; ++} ++ + int + main(int argc, char* argv[]) + { +@@ -79,7 +90,7 @@ + uint32 rowsperstrip = (uint32) -1; + double resolution = -1; + unsigned char *buf = NULL; +- tsize_t linebytes = 0; ++ tmsize_t linebytes = 0; + uint16 spp = 1; + uint16 bpp = 8; + TIFF *out; +@@ -89,6 +100,7 @@ + int c; + extern int optind; + extern char* optarg; ++ tmsize_t scanline_size; + + if (argc < 2) { + fprintf(stderr, "%s: Too few arguments\n", argv[0]); +@@ -221,7 +233,8 @@ + } + switch (bpp) { + case 1: +- linebytes = (spp * w + (8 - 1)) / 8; ++ /* if round-up overflows, result will be zero, OK */ ++ linebytes = (multiply_ms(spp, w) + (8 - 1)) / 8; + if (rowsperstrip == (uint32) -1) { + TIFFSetField(out, TIFFTAG_ROWSPERSTRIP, h); + } else { +@@ -230,15 +243,31 @@ + } + break; + case 8: +- linebytes = spp * w; ++ linebytes = multiply_ms(spp, w); + TIFFSetField(out, TIFFTAG_ROWSPERSTRIP, + TIFFDefaultStripSize(out, rowsperstrip)); + break; + } +- if (TIFFScanlineSize(out) > linebytes) ++ if (linebytes == 0) { ++ fprintf(stderr, "%s: scanline size overflow\n", infile); ++ (void) TIFFClose(out); ++ exit(-2); ++ } ++ scanline_size = TIFFScanlineSize(out); ++ if (scanline_size == 0) { ++ /* overflow - TIFFScanlineSize already printed a message */ ++ (void) TIFFClose(out); ++ exit(-2); ++ } ++ if (scanline_size < linebytes) + buf = (unsigned char *)_TIFFmalloc(linebytes); + else +- buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out)); ++ buf = (unsigned char *)_TIFFmalloc(scanline_size); ++ if (buf == NULL) { ++ fprintf(stderr, "%s: Not enough memory\n", infile); ++ (void) TIFFClose(out); ++ exit(-2); ++ } + if (resolution > 0) { + TIFFSetField(out, TIFFTAG_XRESOLUTION, resolution); + TIFFSetField(out, TIFFTAG_YRESOLUTION, resolution); diff --git a/media-libs/tiff/files/tiff-4.0.3-CVE-2013-1960.patch b/media-libs/tiff/files/tiff-4.0.3-CVE-2013-1960.patch new file mode 100644 index 000000000000..1c8dfb7bc65d --- /dev/null +++ b/media-libs/tiff/files/tiff-4.0.3-CVE-2013-1960.patch @@ -0,0 +1,145 @@ +diff -Naur tiff-4.0.3.orig/tools/tiff2pdf.c tiff-4.0.3/tools/tiff2pdf.c +--- tiff-4.0.3.orig/tools/tiff2pdf.c 2012-07-25 22:56:43.000000000 -0400 ++++ tiff-4.0.3/tools/tiff2pdf.c 2013-05-02 12:04:49.057090227 -0400 +@@ -3341,33 +3341,56 @@ + uint32 height){ + + tsize_t i=0; +- uint16 ri =0; +- uint16 v_samp=1; +- uint16 h_samp=1; +- int j=0; +- +- i++; +- +- while(i<(*striplength)){ ++ ++ while (i < *striplength) { ++ tsize_t datalen; ++ uint16 ri; ++ uint16 v_samp; ++ uint16 h_samp; ++ int j; ++ int ncomp; ++ ++ /* marker header: one or more FFs */ ++ if (strip[i] != 0xff) ++ return(0); ++ i++; ++ while (i < *striplength && strip[i] == 0xff) ++ i++; ++ if (i >= *striplength) ++ return(0); ++ /* SOI is the only pre-SOS marker without a length word */ ++ if (strip[i] == 0xd8) ++ datalen = 0; ++ else { ++ if ((*striplength - i) <= 2) ++ return(0); ++ datalen = (strip[i+1] << 8) | strip[i+2]; ++ if (datalen < 2 || datalen >= (*striplength - i)) ++ return(0); ++ } + switch( strip[i] ){ +- case 0xd8: +- /* SOI - start of image */ ++ case 0xd8: /* SOI - start of image */ + _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), 2); + *bufferoffset+=2; +- i+=2; + break; +- case 0xc0: +- case 0xc1: +- case 0xc3: +- case 0xc9: +- case 0xca: ++ case 0xc0: /* SOF0 */ ++ case 0xc1: /* SOF1 */ ++ case 0xc3: /* SOF3 */ ++ case 0xc9: /* SOF9 */ ++ case 0xca: /* SOF10 */ + if(no==0){ +- _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2); +- for(j=0;j<buffer[*bufferoffset+9];j++){ +- if( (buffer[*bufferoffset+11+(2*j)]>>4) > h_samp) +- h_samp = (buffer[*bufferoffset+11+(2*j)]>>4); +- if( (buffer[*bufferoffset+11+(2*j)] & 0x0f) > v_samp) +- v_samp = (buffer[*bufferoffset+11+(2*j)] & 0x0f); ++ _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2); ++ ncomp = buffer[*bufferoffset+9]; ++ if (ncomp < 1 || ncomp > 4) ++ return(0); ++ v_samp=1; ++ h_samp=1; ++ for(j=0;j<ncomp;j++){ ++ uint16 samp = buffer[*bufferoffset+11+(3*j)]; ++ if( (samp>>4) > h_samp) ++ h_samp = (samp>>4); ++ if( (samp & 0x0f) > v_samp) ++ v_samp = (samp & 0x0f); + } + v_samp*=8; + h_samp*=8; +@@ -3381,45 +3404,43 @@ + (unsigned char) ((height>>8) & 0xff); + buffer[*bufferoffset+6]= + (unsigned char) (height & 0xff); +- *bufferoffset+=strip[i+2]+2; +- i+=strip[i+2]+2; +- ++ *bufferoffset+=datalen+2; ++ /* insert a DRI marker */ + buffer[(*bufferoffset)++]=0xff; + buffer[(*bufferoffset)++]=0xdd; + buffer[(*bufferoffset)++]=0x00; + buffer[(*bufferoffset)++]=0x04; + buffer[(*bufferoffset)++]=(ri >> 8) & 0xff; + buffer[(*bufferoffset)++]= ri & 0xff; +- } else { +- i+=strip[i+2]+2; + } + break; +- case 0xc4: +- case 0xdb: +- _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2); +- *bufferoffset+=strip[i+2]+2; +- i+=strip[i+2]+2; ++ case 0xc4: /* DHT */ ++ case 0xdb: /* DQT */ ++ _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2); ++ *bufferoffset+=datalen+2; + break; +- case 0xda: ++ case 0xda: /* SOS */ + if(no==0){ +- _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2); +- *bufferoffset+=strip[i+2]+2; +- i+=strip[i+2]+2; ++ _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2); ++ *bufferoffset+=datalen+2; + } else { + buffer[(*bufferoffset)++]=0xff; + buffer[(*bufferoffset)++]= + (unsigned char)(0xd0 | ((no-1)%8)); +- i+=strip[i+2]+2; + } +- _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), (*striplength)-i-1); +- *bufferoffset+=(*striplength)-i-1; ++ i += datalen + 1; ++ /* copy remainder of strip */ ++ _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i]), *striplength - i); ++ *bufferoffset+= *striplength - i; + return(1); + default: +- i+=strip[i+2]+2; ++ /* ignore any other marker */ ++ break; + } ++ i += datalen + 1; + } +- + ++ /* failed to find SOS marker */ + return(0); + } + #endif diff --git a/media-libs/tiff/files/tiff-4.0.3-CVE-2013-1961.patch b/media-libs/tiff/files/tiff-4.0.3-CVE-2013-1961.patch new file mode 100644 index 000000000000..0ea9b52e3fff --- /dev/null +++ b/media-libs/tiff/files/tiff-4.0.3-CVE-2013-1961.patch @@ -0,0 +1,759 @@ +diff -Naur tiff-4.0.3.orig/contrib/dbs/xtiff/xtiff.c tiff-4.0.3/contrib/dbs/xtiff/xtiff.c +--- tiff-4.0.3.orig/contrib/dbs/xtiff/xtiff.c 2010-06-08 14:55:15.000000000 -0400 ++++ tiff-4.0.3/contrib/dbs/xtiff/xtiff.c 2013-05-02 12:02:42.782287939 -0400 +@@ -512,9 +512,9 @@ + Arg args[1]; + + if (tfMultiPage) +- sprintf(buffer, "%s - page %d", fileName, tfDirectory); ++ snprintf(buffer, sizeof(buffer), "%s - page %d", fileName, tfDirectory); + else +- strcpy(buffer, fileName); ++ snprintf(buffer, sizeof(buffer), "%s", fileName); + XtSetArg(args[0], XtNlabel, buffer); + XtSetValues(labelWidget, args, 1); + } +diff -Naur tiff-4.0.3.orig/libtiff/tif_codec.c tiff-4.0.3/libtiff/tif_codec.c +--- tiff-4.0.3.orig/libtiff/tif_codec.c 2010-12-14 09:18:28.000000000 -0500 ++++ tiff-4.0.3/libtiff/tif_codec.c 2013-05-02 12:02:42.783287946 -0400 +@@ -108,7 +108,8 @@ + const TIFFCodec* c = TIFFFindCODEC(tif->tif_dir.td_compression); + char compression_code[20]; + +- sprintf( compression_code, "%d", tif->tif_dir.td_compression ); ++ snprintf(compression_code, sizeof(compression_code), "%d", ++ tif->tif_dir.td_compression ); + TIFFErrorExt(tif->tif_clientdata, tif->tif_name, + "%s compression support is not configured", + c ? c->name : compression_code ); +diff -Naur tiff-4.0.3.orig/libtiff/tif_dirinfo.c tiff-4.0.3/libtiff/tif_dirinfo.c +--- tiff-4.0.3.orig/libtiff/tif_dirinfo.c 2012-08-19 12:56:34.000000000 -0400 ++++ tiff-4.0.3/libtiff/tif_dirinfo.c 2013-05-02 12:02:42.784287953 -0400 +@@ -711,7 +711,7 @@ + * note that this name is a special sign to TIFFClose() and + * _TIFFSetupFields() to free the field + */ +- sprintf(fld->field_name, "Tag %d", (int) tag); ++ snprintf(fld->field_name, 32, "Tag %d", (int) tag); + + return fld; + } +diff -Naur tiff-4.0.3.orig/tools/rgb2ycbcr.c tiff-4.0.3/tools/rgb2ycbcr.c +--- tiff-4.0.3.orig/tools/rgb2ycbcr.c 2011-05-31 13:03:16.000000000 -0400 ++++ tiff-4.0.3/tools/rgb2ycbcr.c 2013-05-02 12:02:42.785287961 -0400 +@@ -332,7 +332,8 @@ + TIFFSetField(out, TIFFTAG_PLANARCONFIG, PLANARCONFIG_CONTIG); + { char buf[2048]; + char *cp = strrchr(TIFFFileName(in), '/'); +- sprintf(buf, "YCbCr conversion of %s", cp ? cp+1 : TIFFFileName(in)); ++ snprintf(buf, sizeof(buf), "YCbCr conversion of %s", ++ cp ? cp+1 : TIFFFileName(in)); + TIFFSetField(out, TIFFTAG_IMAGEDESCRIPTION, buf); + } + TIFFSetField(out, TIFFTAG_SOFTWARE, TIFFGetVersion()); +diff -Naur tiff-4.0.3.orig/tools/tiff2bw.c tiff-4.0.3/tools/tiff2bw.c +--- tiff-4.0.3.orig/tools/tiff2bw.c 2010-07-08 12:10:24.000000000 -0400 ++++ tiff-4.0.3/tools/tiff2bw.c 2013-05-02 12:02:42.785287961 -0400 +@@ -205,7 +205,7 @@ + } + } + TIFFSetField(out, TIFFTAG_PHOTOMETRIC, PHOTOMETRIC_MINISBLACK); +- sprintf(thing, "B&W version of %s", argv[optind]); ++ snprintf(thing, sizeof(thing), "B&W version of %s", argv[optind]); + TIFFSetField(out, TIFFTAG_IMAGEDESCRIPTION, thing); + TIFFSetField(out, TIFFTAG_SOFTWARE, "tiff2bw"); + outbuf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out)); +diff -Naur tiff-4.0.3.orig/tools/tiff2pdf.c tiff-4.0.3/tools/tiff2pdf.c +--- tiff-4.0.3.orig/tools/tiff2pdf.c 2012-07-25 22:56:43.000000000 -0400 ++++ tiff-4.0.3/tools/tiff2pdf.c 2013-05-02 12:02:42.788287983 -0400 +@@ -3609,7 +3609,9 @@ + char buffer[16]; + int buflen=0; + +- buflen=sprintf(buffer, "%%PDF-%u.%u ", t2p->pdf_majorversion&0xff, t2p->pdf_minorversion&0xff); ++ buflen = snprintf(buffer, sizeof(buffer), "%%PDF-%u.%u ", ++ t2p->pdf_majorversion&0xff, ++ t2p->pdf_minorversion&0xff); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + written += t2pWriteFile(output, (tdata_t)"\n%\342\343\317\323\n", 7); + +@@ -3623,10 +3625,10 @@ + tsize_t t2p_write_pdf_obj_start(uint32 number, TIFF* output){ + + tsize_t written=0; +- char buffer[16]; ++ char buffer[32]; + int buflen=0; + +- buflen=sprintf(buffer, "%lu", (unsigned long)number); ++ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)number); + written += t2pWriteFile(output, (tdata_t) buffer, buflen ); + written += t2pWriteFile(output, (tdata_t) " 0 obj\n", 7); + +@@ -3665,13 +3667,13 @@ + written += t2pWriteFile(output, (tdata_t) "/", 1); + for (i=0;i<namelen;i++){ + if ( ((unsigned char)name[i]) < 0x21){ +- sprintf(buffer, "#%.2X", name[i]); ++ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]); + buffer[sizeof(buffer) - 1] = '\0'; + written += t2pWriteFile(output, (tdata_t) buffer, 3); + nextchar=1; + } + if ( ((unsigned char)name[i]) > 0x7E){ +- sprintf(buffer, "#%.2X", name[i]); ++ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]); + buffer[sizeof(buffer) - 1] = '\0'; + written += t2pWriteFile(output, (tdata_t) buffer, 3); + nextchar=1; +@@ -3679,57 +3681,57 @@ + if (nextchar==0){ + switch (name[i]){ + case 0x23: +- sprintf(buffer, "#%.2X", name[i]); ++ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]); + buffer[sizeof(buffer) - 1] = '\0'; + written += t2pWriteFile(output, (tdata_t) buffer, 3); + break; + case 0x25: +- sprintf(buffer, "#%.2X", name[i]); ++ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]); + buffer[sizeof(buffer) - 1] = '\0'; + written += t2pWriteFile(output, (tdata_t) buffer, 3); + break; + case 0x28: +- sprintf(buffer, "#%.2X", name[i]); ++ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]); + buffer[sizeof(buffer) - 1] = '\0'; + written += t2pWriteFile(output, (tdata_t) buffer, 3); + break; + case 0x29: +- sprintf(buffer, "#%.2X", name[i]); ++ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]); + buffer[sizeof(buffer) - 1] = '\0'; + written += t2pWriteFile(output, (tdata_t) buffer, 3); + break; + case 0x2F: +- sprintf(buffer, "#%.2X", name[i]); ++ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]); + buffer[sizeof(buffer) - 1] = '\0'; + written += t2pWriteFile(output, (tdata_t) buffer, 3); + break; + case 0x3C: +- sprintf(buffer, "#%.2X", name[i]); ++ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]); + buffer[sizeof(buffer) - 1] = '\0'; + written += t2pWriteFile(output, (tdata_t) buffer, 3); + break; + case 0x3E: +- sprintf(buffer, "#%.2X", name[i]); ++ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]); + buffer[sizeof(buffer) - 1] = '\0'; + written += t2pWriteFile(output, (tdata_t) buffer, 3); + break; + case 0x5B: +- sprintf(buffer, "#%.2X", name[i]); ++ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]); + buffer[sizeof(buffer) - 1] = '\0'; + written += t2pWriteFile(output, (tdata_t) buffer, 3); + break; + case 0x5D: +- sprintf(buffer, "#%.2X", name[i]); ++ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]); + buffer[sizeof(buffer) - 1] = '\0'; + written += t2pWriteFile(output, (tdata_t) buffer, 3); + break; + case 0x7B: +- sprintf(buffer, "#%.2X", name[i]); ++ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]); + buffer[sizeof(buffer) - 1] = '\0'; + written += t2pWriteFile(output, (tdata_t) buffer, 3); + break; + case 0x7D: +- sprintf(buffer, "#%.2X", name[i]); ++ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]); + buffer[sizeof(buffer) - 1] = '\0'; + written += t2pWriteFile(output, (tdata_t) buffer, 3); + break; +@@ -3844,14 +3846,14 @@ + tsize_t t2p_write_pdf_stream_dict(tsize_t len, uint32 number, TIFF* output){ + + tsize_t written=0; +- char buffer[16]; ++ char buffer[32]; + int buflen=0; + + written += t2pWriteFile(output, (tdata_t) "/Length ", 8); + if(len!=0){ + written += t2p_write_pdf_stream_length(len, output); + } else { +- buflen=sprintf(buffer, "%lu", (unsigned long)number); ++ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)number); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + written += t2pWriteFile(output, (tdata_t) " 0 R \n", 6); + } +@@ -3892,10 +3894,10 @@ + tsize_t t2p_write_pdf_stream_length(tsize_t len, TIFF* output){ + + tsize_t written=0; +- char buffer[16]; ++ char buffer[32]; + int buflen=0; + +- buflen=sprintf(buffer, "%lu", (unsigned long)len); ++ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)len); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + written += t2pWriteFile(output, (tdata_t) "\n", 1); + +@@ -3909,7 +3911,7 @@ + tsize_t t2p_write_pdf_catalog(T2P* t2p, TIFF* output) + { + tsize_t written = 0; +- char buffer[16]; ++ char buffer[32]; + int buflen = 0; + + written += t2pWriteFile(output, +@@ -3948,7 +3950,6 @@ + written += t2p_write_pdf_string(t2p->pdf_datetime, output); + } + written += t2pWriteFile(output, (tdata_t) "\n/Producer ", 11); +- _TIFFmemset((tdata_t)buffer, 0x00, sizeof(buffer)); + snprintf(buffer, sizeof(buffer), "libtiff / tiff2pdf - %d", TIFFLIB_VERSION); + written += t2p_write_pdf_string(buffer, output); + written += t2pWriteFile(output, (tdata_t) "\n", 1); +@@ -4089,7 +4090,7 @@ + { + tsize_t written=0; + tdir_t i=0; +- char buffer[16]; ++ char buffer[32]; + int buflen=0; + + int page=0; +@@ -4097,7 +4098,7 @@ + (tdata_t) "<< \n/Type /Pages \n/Kids [ ", 26); + page = t2p->pdf_pages+1; + for (i=0;i<t2p->tiff_pagecount;i++){ +- buflen=sprintf(buffer, "%d", page); ++ buflen=snprintf(buffer, sizeof(buffer), "%d", page); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + written += t2pWriteFile(output, (tdata_t) " 0 R ", 5); + if ( ((i+1)%8)==0 ) { +@@ -4112,8 +4113,7 @@ + } + } + written += t2pWriteFile(output, (tdata_t) "] \n/Count ", 10); +- _TIFFmemset(buffer, 0x00, 16); +- buflen=sprintf(buffer, "%d", t2p->tiff_pagecount); ++ buflen=snprintf(buffer, sizeof(buffer), "%d", t2p->tiff_pagecount); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + written += t2pWriteFile(output, (tdata_t) " \n>> \n", 6); + +@@ -4128,28 +4128,28 @@ + + unsigned int i=0; + tsize_t written=0; +- char buffer[16]; ++ char buffer[256]; + int buflen=0; + + written += t2pWriteFile(output, (tdata_t) "<<\n/Type /Page \n/Parent ", 24); +- buflen=sprintf(buffer, "%lu", (unsigned long)t2p->pdf_pages); ++ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->pdf_pages); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + written += t2pWriteFile(output, (tdata_t) " 0 R \n", 6); + written += t2pWriteFile(output, (tdata_t) "/MediaBox [", 11); +- buflen=sprintf(buffer, "%.4f",t2p->pdf_mediabox.x1); ++ buflen=snprintf(buffer, sizeof(buffer), "%.4f",t2p->pdf_mediabox.x1); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + written += t2pWriteFile(output, (tdata_t) " ", 1); +- buflen=sprintf(buffer, "%.4f",t2p->pdf_mediabox.y1); ++ buflen=snprintf(buffer, sizeof(buffer), "%.4f",t2p->pdf_mediabox.y1); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + written += t2pWriteFile(output, (tdata_t) " ", 1); +- buflen=sprintf(buffer, "%.4f",t2p->pdf_mediabox.x2); ++ buflen=snprintf(buffer, sizeof(buffer), "%.4f",t2p->pdf_mediabox.x2); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + written += t2pWriteFile(output, (tdata_t) " ", 1); +- buflen=sprintf(buffer, "%.4f",t2p->pdf_mediabox.y2); ++ buflen=snprintf(buffer, sizeof(buffer), "%.4f",t2p->pdf_mediabox.y2); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + written += t2pWriteFile(output, (tdata_t) "] \n", 3); + written += t2pWriteFile(output, (tdata_t) "/Contents ", 10); +- buflen=sprintf(buffer, "%lu", (unsigned long)(object + 1)); ++ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)(object + 1)); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + written += t2pWriteFile(output, (tdata_t) " 0 R \n", 6); + written += t2pWriteFile(output, (tdata_t) "/Resources << \n", 15); +@@ -4157,15 +4157,13 @@ + written += t2pWriteFile(output, (tdata_t) "/XObject <<\n", 12); + for(i=0;i<t2p->tiff_tiles[t2p->pdf_page].tiles_tilecount;i++){ + written += t2pWriteFile(output, (tdata_t) "/Im", 3); +- buflen = sprintf(buffer, "%u", t2p->pdf_page+1); ++ buflen = snprintf(buffer, sizeof(buffer), "%u", t2p->pdf_page+1); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + written += t2pWriteFile(output, (tdata_t) "_", 1); +- buflen = sprintf(buffer, "%u", i+1); ++ buflen = snprintf(buffer, sizeof(buffer), "%u", i+1); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + written += t2pWriteFile(output, (tdata_t) " ", 1); +- buflen = sprintf( +- buffer, +- "%lu", ++ buflen = snprintf(buffer, sizeof(buffer), "%lu", + (unsigned long)(object+3+(2*i)+t2p->tiff_pages[t2p->pdf_page].page_extra)); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + written += t2pWriteFile(output, (tdata_t) " 0 R ", 5); +@@ -4177,12 +4175,10 @@ + } else { + written += t2pWriteFile(output, (tdata_t) "/XObject <<\n", 12); + written += t2pWriteFile(output, (tdata_t) "/Im", 3); +- buflen = sprintf(buffer, "%u", t2p->pdf_page+1); ++ buflen = snprintf(buffer, sizeof(buffer), "%u", t2p->pdf_page+1); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + written += t2pWriteFile(output, (tdata_t) " ", 1); +- buflen = sprintf( +- buffer, +- "%lu", ++ buflen = snprintf(buffer, sizeof(buffer), "%lu", + (unsigned long)(object+3+(2*i)+t2p->tiff_pages[t2p->pdf_page].page_extra)); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + written += t2pWriteFile(output, (tdata_t) " 0 R ", 5); +@@ -4191,9 +4187,7 @@ + if(t2p->tiff_transferfunctioncount != 0) { + written += t2pWriteFile(output, (tdata_t) "/ExtGState <<", 13); + t2pWriteFile(output, (tdata_t) "/GS1 ", 5); +- buflen = sprintf( +- buffer, +- "%lu", ++ buflen = snprintf(buffer, sizeof(buffer), "%lu", + (unsigned long)(object + 3)); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + written += t2pWriteFile(output, (tdata_t) " 0 R ", 5); +@@ -4566,7 +4560,7 @@ + if(t2p->tiff_tiles[t2p->pdf_page].tiles_tilecount>0){ + for(i=0;i<t2p->tiff_tiles[t2p->pdf_page].tiles_tilecount; i++){ + box=t2p->tiff_tiles[t2p->pdf_page].tiles_tiles[i].tile_box; +- buflen=sprintf(buffer, ++ buflen=snprintf(buffer, sizeof(buffer), + "q %s %.4f %.4f %.4f %.4f %.4f %.4f cm /Im%d_%ld Do Q\n", + t2p->tiff_transferfunctioncount?"/GS1 gs ":"", + box.mat[0], +@@ -4581,7 +4575,7 @@ + } + } else { + box=t2p->pdf_imagebox; +- buflen=sprintf(buffer, ++ buflen=snprintf(buffer, sizeof(buffer), + "q %s %.4f %.4f %.4f %.4f %.4f %.4f cm /Im%d Do Q\n", + t2p->tiff_transferfunctioncount?"/GS1 gs ":"", + box.mat[0], +@@ -4606,59 +4600,48 @@ + TIFF* output){ + + tsize_t written=0; +- char buffer[16]; ++ char buffer[32]; + int buflen=0; + + written += t2p_write_pdf_stream_dict(0, t2p->pdf_xrefcount+1, output); + written += t2pWriteFile(output, + (tdata_t) "/Type /XObject \n/Subtype /Image \n/Name /Im", + 42); +- buflen=sprintf(buffer, "%u", t2p->pdf_page+1); ++ buflen=snprintf(buffer, sizeof(buffer), "%u", t2p->pdf_page+1); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + if(tile != 0){ + written += t2pWriteFile(output, (tdata_t) "_", 1); +- buflen=sprintf(buffer, "%lu", (unsigned long)tile); ++ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)tile); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + } + written += t2pWriteFile(output, (tdata_t) "\n/Width ", 8); +- _TIFFmemset((tdata_t)buffer, 0x00, 16); + if(tile==0){ +- buflen=sprintf(buffer, "%lu", (unsigned long)t2p->tiff_width); ++ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->tiff_width); + } else { + if(t2p_tile_is_right_edge(t2p->tiff_tiles[t2p->pdf_page], tile-1)!=0){ +- buflen=sprintf( +- buffer, +- "%lu", ++ buflen=snprintf(buffer, sizeof(buffer), "%lu", + (unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_edgetilewidth); + } else { +- buflen=sprintf( +- buffer, +- "%lu", ++ buflen=snprintf(buffer, sizeof(buffer), "%lu", + (unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_tilewidth); + } + } + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + written += t2pWriteFile(output, (tdata_t) "\n/Height ", 9); +- _TIFFmemset((tdata_t)buffer, 0x00, 16); + if(tile==0){ +- buflen=sprintf(buffer, "%lu", (unsigned long)t2p->tiff_length); ++ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->tiff_length); + } else { + if(t2p_tile_is_bottom_edge(t2p->tiff_tiles[t2p->pdf_page], tile-1)!=0){ +- buflen=sprintf( +- buffer, +- "%lu", ++ buflen=snprintf(buffer, sizeof(buffer), "%lu", + (unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_edgetilelength); + } else { +- buflen=sprintf( +- buffer, +- "%lu", ++ buflen=snprintf(buffer, sizeof(buffer), "%lu", + (unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_tilelength); + } + } + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + written += t2pWriteFile(output, (tdata_t) "\n/BitsPerComponent ", 19); +- _TIFFmemset((tdata_t)buffer, 0x00, 16); +- buflen=sprintf(buffer, "%u", t2p->tiff_bitspersample); ++ buflen=snprintf(buffer, sizeof(buffer), "%u", t2p->tiff_bitspersample); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + written += t2pWriteFile(output, (tdata_t) "\n/ColorSpace ", 13); + written += t2p_write_pdf_xobject_cs(t2p, output); +@@ -4702,11 +4685,10 @@ + t2p->pdf_colorspace ^= T2P_CS_PALETTE; + written += t2p_write_pdf_xobject_cs(t2p, output); + t2p->pdf_colorspace |= T2P_CS_PALETTE; +- buflen=sprintf(buffer, "%u", (0x0001 << t2p->tiff_bitspersample)-1 ); ++ buflen=snprintf(buffer, sizeof(buffer), "%u", (0x0001 << t2p->tiff_bitspersample)-1 ); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + written += t2pWriteFile(output, (tdata_t) " ", 1); +- _TIFFmemset(buffer, 0x00, 16); +- buflen=sprintf(buffer, "%lu", (unsigned long)t2p->pdf_palettecs ); ++ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->pdf_palettecs ); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + written += t2pWriteFile(output, (tdata_t) " 0 R ]\n", 7); + return(written); +@@ -4740,10 +4722,10 @@ + X_W /= Y_W; + Z_W /= Y_W; + Y_W = 1.0F; +- buflen=sprintf(buffer, "[%.4f %.4f %.4f] \n", X_W, Y_W, Z_W); ++ buflen=snprintf(buffer, sizeof(buffer), "[%.4f %.4f %.4f] \n", X_W, Y_W, Z_W); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + written += t2pWriteFile(output, (tdata_t) "/Range ", 7); +- buflen=sprintf(buffer, "[%d %d %d %d] \n", ++ buflen=snprintf(buffer, sizeof(buffer), "[%d %d %d %d] \n", + t2p->pdf_labrange[0], + t2p->pdf_labrange[1], + t2p->pdf_labrange[2], +@@ -4759,26 +4741,26 @@ + tsize_t t2p_write_pdf_transfer(T2P* t2p, TIFF* output){ + + tsize_t written=0; +- char buffer[16]; ++ char buffer[32]; + int buflen=0; + + written += t2pWriteFile(output, (tdata_t) "<< /Type /ExtGState \n/TR ", 25); + if(t2p->tiff_transferfunctioncount == 1){ +- buflen=sprintf(buffer, "%lu", ++ buflen=snprintf(buffer, sizeof(buffer), "%lu", + (unsigned long)(t2p->pdf_xrefcount + 1)); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + written += t2pWriteFile(output, (tdata_t) " 0 R ", 5); + } else { + written += t2pWriteFile(output, (tdata_t) "[ ", 2); +- buflen=sprintf(buffer, "%lu", ++ buflen=snprintf(buffer, sizeof(buffer), "%lu", + (unsigned long)(t2p->pdf_xrefcount + 1)); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + written += t2pWriteFile(output, (tdata_t) " 0 R ", 5); +- buflen=sprintf(buffer, "%lu", ++ buflen=snprintf(buffer, sizeof(buffer), "%lu", + (unsigned long)(t2p->pdf_xrefcount + 2)); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + written += t2pWriteFile(output, (tdata_t) " 0 R ", 5); +- buflen=sprintf(buffer, "%lu", ++ buflen=snprintf(buffer, sizeof(buffer), "%lu", + (unsigned long)(t2p->pdf_xrefcount + 3)); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + written += t2pWriteFile(output, (tdata_t) " 0 R ", 5); +@@ -4800,7 +4782,7 @@ + written += t2pWriteFile(output, (tdata_t) "/FunctionType 0 \n", 17); + written += t2pWriteFile(output, (tdata_t) "/Domain [0.0 1.0] \n", 19); + written += t2pWriteFile(output, (tdata_t) "/Range [0.0 1.0] \n", 18); +- buflen=sprintf(buffer, "/Size [%u] \n", (1<<t2p->tiff_bitspersample)); ++ buflen=snprintf(buffer, sizeof(buffer), "/Size [%u] \n", (1<<t2p->tiff_bitspersample)); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + written += t2pWriteFile(output, (tdata_t) "/BitsPerSample 16 \n", 19); + written += t2p_write_pdf_stream_dict(((tsize_t)1)<<(t2p->tiff_bitspersample+1), 0, output); +@@ -4827,7 +4809,7 @@ + tsize_t t2p_write_pdf_xobject_calcs(T2P* t2p, TIFF* output){ + + tsize_t written=0; +- char buffer[128]; ++ char buffer[256]; + int buflen=0; + + float X_W=0.0; +@@ -4895,16 +4877,16 @@ + written += t2pWriteFile(output, (tdata_t) "<< \n", 4); + if(t2p->pdf_colorspace & T2P_CS_CALGRAY){ + written += t2pWriteFile(output, (tdata_t) "/WhitePoint ", 12); +- buflen=sprintf(buffer, "[%.4f %.4f %.4f] \n", X_W, Y_W, Z_W); ++ buflen=snprintf(buffer, sizeof(buffer), "[%.4f %.4f %.4f] \n", X_W, Y_W, Z_W); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + written += t2pWriteFile(output, (tdata_t) "/Gamma 2.2 \n", 12); + } + if(t2p->pdf_colorspace & T2P_CS_CALRGB){ + written += t2pWriteFile(output, (tdata_t) "/WhitePoint ", 12); +- buflen=sprintf(buffer, "[%.4f %.4f %.4f] \n", X_W, Y_W, Z_W); ++ buflen=snprintf(buffer, sizeof(buffer), "[%.4f %.4f %.4f] \n", X_W, Y_W, Z_W); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + written += t2pWriteFile(output, (tdata_t) "/Matrix ", 8); +- buflen=sprintf(buffer, "[%.4f %.4f %.4f %.4f %.4f %.4f %.4f %.4f %.4f] \n", ++ buflen=snprintf(buffer, sizeof(buffer), "[%.4f %.4f %.4f %.4f %.4f %.4f %.4f %.4f %.4f] \n", + X_R, Y_R, Z_R, + X_G, Y_G, Z_G, + X_B, Y_B, Z_B); +@@ -4923,11 +4905,11 @@ + tsize_t t2p_write_pdf_xobject_icccs(T2P* t2p, TIFF* output){ + + tsize_t written=0; +- char buffer[16]; ++ char buffer[32]; + int buflen=0; + + written += t2pWriteFile(output, (tdata_t) "[/ICCBased ", 11); +- buflen=sprintf(buffer, "%lu", (unsigned long)t2p->pdf_icccs); ++ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->pdf_icccs); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + written += t2pWriteFile(output, (tdata_t) " 0 R] \n", 7); + +@@ -4937,11 +4919,11 @@ + tsize_t t2p_write_pdf_xobject_icccs_dict(T2P* t2p, TIFF* output){ + + tsize_t written=0; +- char buffer[16]; ++ char buffer[32]; + int buflen=0; + + written += t2pWriteFile(output, (tdata_t) "/N ", 3); +- buflen=sprintf(buffer, "%u \n", t2p->tiff_samplesperpixel); ++ buflen=snprintf(buffer, sizeof(buffer), "%u \n", t2p->tiff_samplesperpixel); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + written += t2pWriteFile(output, (tdata_t) "/Alternate ", 11); + t2p->pdf_colorspace ^= T2P_CS_ICCBASED; +@@ -5006,7 +4988,7 @@ + tsize_t t2p_write_pdf_xobject_stream_filter(ttile_t tile, T2P* t2p, TIFF* output){ + + tsize_t written=0; +- char buffer[16]; ++ char buffer[32]; + int buflen=0; + + if(t2p->pdf_compression==T2P_COMPRESS_NONE){ +@@ -5021,41 +5003,33 @@ + written += t2pWriteFile(output, (tdata_t) "<< /K -1 ", 9); + if(tile==0){ + written += t2pWriteFile(output, (tdata_t) "/Columns ", 9); +- buflen=sprintf(buffer, "%lu", ++ buflen=snprintf(buffer, sizeof(buffer), "%lu", + (unsigned long)t2p->tiff_width); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + written += t2pWriteFile(output, (tdata_t) " /Rows ", 7); +- buflen=sprintf(buffer, "%lu", ++ buflen=snprintf(buffer, sizeof(buffer), "%lu", + (unsigned long)t2p->tiff_length); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + } else { + if(t2p_tile_is_right_edge(t2p->tiff_tiles[t2p->pdf_page], tile-1)==0){ + written += t2pWriteFile(output, (tdata_t) "/Columns ", 9); +- buflen=sprintf( +- buffer, +- "%lu", ++ buflen=snprintf(buffer, sizeof(buffer), "%lu", + (unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_tilewidth); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + } else { + written += t2pWriteFile(output, (tdata_t) "/Columns ", 9); +- buflen=sprintf( +- buffer, +- "%lu", ++ buflen=snprintf(buffer, sizeof(buffer), "%lu", + (unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_edgetilewidth); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + } + if(t2p_tile_is_bottom_edge(t2p->tiff_tiles[t2p->pdf_page], tile-1)==0){ + written += t2pWriteFile(output, (tdata_t) " /Rows ", 7); +- buflen=sprintf( +- buffer, +- "%lu", ++ buflen=snprintf(buffer, sizeof(buffer), "%lu", + (unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_tilelength); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + } else { + written += t2pWriteFile(output, (tdata_t) " /Rows ", 7); +- buflen=sprintf( +- buffer, +- "%lu", ++ buflen=snprintf(buffer, sizeof(buffer), "%lu", + (unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_edgetilelength); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + } +@@ -5082,21 +5056,17 @@ + if(t2p->pdf_compressionquality%100){ + written += t2pWriteFile(output, (tdata_t) "/DecodeParms ", 13); + written += t2pWriteFile(output, (tdata_t) "<< /Predictor ", 14); +- _TIFFmemset(buffer, 0x00, 16); +- buflen=sprintf(buffer, "%u", t2p->pdf_compressionquality%100); ++ buflen=snprintf(buffer, sizeof(buffer), "%u", t2p->pdf_compressionquality%100); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + written += t2pWriteFile(output, (tdata_t) " /Columns ", 10); +- _TIFFmemset(buffer, 0x00, 16); +- buflen = sprintf(buffer, "%lu", ++ buflen = snprintf(buffer, sizeof(buffer), "%lu", + (unsigned long)t2p->tiff_width); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + written += t2pWriteFile(output, (tdata_t) " /Colors ", 9); +- _TIFFmemset(buffer, 0x00, 16); +- buflen=sprintf(buffer, "%u", t2p->tiff_samplesperpixel); ++ buflen=snprintf(buffer, sizeof(buffer), "%u", t2p->tiff_samplesperpixel); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + written += t2pWriteFile(output, (tdata_t) " /BitsPerComponent ", 19); +- _TIFFmemset(buffer, 0x00, 16); +- buflen=sprintf(buffer, "%u", t2p->tiff_bitspersample); ++ buflen=snprintf(buffer, sizeof(buffer), "%u", t2p->tiff_bitspersample); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + written += t2pWriteFile(output, (tdata_t) ">>\n", 3); + } +@@ -5116,16 +5086,16 @@ + tsize_t t2p_write_pdf_xreftable(T2P* t2p, TIFF* output){ + + tsize_t written=0; +- char buffer[21]; ++ char buffer[64]; + int buflen=0; + uint32 i=0; + + written += t2pWriteFile(output, (tdata_t) "xref\n0 ", 7); +- buflen=sprintf(buffer, "%lu", (unsigned long)(t2p->pdf_xrefcount + 1)); ++ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)(t2p->pdf_xrefcount + 1)); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); + written += t2pWriteFile(output, (tdata_t) " \n0000000000 65535 f \n", 22); + for (i=0;i<t2p->pdf_xrefcount;i++){ +- sprintf(buffer, "%.10lu 00000 n \n", ++ snprintf(buffer, sizeof(buffer), "%.10lu 00000 n \n", + (unsigned long)t2p->pdf_xrefoffsets[i]); + written += t2pWriteFile(output, (tdata_t) buffer, 20); + } +@@ -5149,17 +5119,14 @@ + snprintf(t2p->pdf_fileid + i, 9, "%.8X", rand()); + + written += t2pWriteFile(output, (tdata_t) "trailer\n<<\n/Size ", 17); +- buflen = sprintf(buffer, "%lu", (unsigned long)(t2p->pdf_xrefcount+1)); ++ buflen = snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)(t2p->pdf_xrefcount+1)); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); +- _TIFFmemset(buffer, 0x00, 32); + written += t2pWriteFile(output, (tdata_t) "\n/Root ", 7); +- buflen=sprintf(buffer, "%lu", (unsigned long)t2p->pdf_catalog); ++ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->pdf_catalog); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); +- _TIFFmemset(buffer, 0x00, 32); + written += t2pWriteFile(output, (tdata_t) " 0 R \n/Info ", 12); +- buflen=sprintf(buffer, "%lu", (unsigned long)t2p->pdf_info); ++ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->pdf_info); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); +- _TIFFmemset(buffer, 0x00, 32); + written += t2pWriteFile(output, (tdata_t) " 0 R \n/ID[<", 11); + written += t2pWriteFile(output, (tdata_t) t2p->pdf_fileid, + sizeof(t2p->pdf_fileid) - 1); +@@ -5167,9 +5134,8 @@ + written += t2pWriteFile(output, (tdata_t) t2p->pdf_fileid, + sizeof(t2p->pdf_fileid) - 1); + written += t2pWriteFile(output, (tdata_t) ">]\n>>\nstartxref\n", 16); +- buflen=sprintf(buffer, "%lu", (unsigned long)t2p->pdf_startxref); ++ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->pdf_startxref); + written += t2pWriteFile(output, (tdata_t) buffer, buflen); +- _TIFFmemset(buffer, 0x00, 32); + written += t2pWriteFile(output, (tdata_t) "\n%%EOF\n", 7); + + return(written); +diff -Naur tiff-4.0.3.orig/tools/tiff2ps.c tiff-4.0.3/tools/tiff2ps.c +--- tiff-4.0.3.orig/tools/tiff2ps.c 2011-05-31 13:10:18.000000000 -0400 ++++ tiff-4.0.3/tools/tiff2ps.c 2013-05-02 12:02:42.789287990 -0400 +@@ -1781,8 +1781,8 @@ + imageOp = "imagemask"; + + (void)strcpy(im_x, "0"); +- (void)sprintf(im_y, "%lu", (long) h); +- (void)sprintf(im_h, "%lu", (long) h); ++ (void)snprintf(im_y, sizeof(im_y), "%lu", (long) h); ++ (void)snprintf(im_h, sizeof(im_h), "%lu", (long) h); + tile_width = w; + tile_height = h; + if (TIFFIsTiled(tif)) { +@@ -1803,7 +1803,7 @@ + } + if (tile_height < h) { + fputs("/im_y 0 def\n", fd); +- (void)sprintf(im_y, "%lu im_y sub", (unsigned long) h); ++ (void)snprintf(im_y, sizeof(im_y), "%lu im_y sub", (unsigned long) h); + } + } else { + repeat_count = tf_numberstrips; +@@ -1815,7 +1815,7 @@ + fprintf(fd, "/im_h %lu def\n", + (unsigned long) tile_height); + (void)strcpy(im_h, "im_h"); +- (void)sprintf(im_y, "%lu im_y sub", (unsigned long) h); ++ (void)snprintf(im_y, sizeof(im_y), "%lu im_y sub", (unsigned long) h); + } + } + +diff -Naur tiff-4.0.3.orig/tools/tiffcrop.c tiff-4.0.3/tools/tiffcrop.c +--- tiff-4.0.3.orig/tools/tiffcrop.c 2010-12-14 09:18:28.000000000 -0500 ++++ tiff-4.0.3/tools/tiffcrop.c 2013-05-02 12:02:42.791288005 -0400 +@@ -2077,7 +2077,7 @@ + return 1; + } + +- sprintf (filenum, "-%03d%s", findex, export_ext); ++ snprintf(filenum, sizeof(filenum), "-%03d%s", findex, export_ext); + filenum[14] = '\0'; + strncat (exportname, filenum, 15); + } +@@ -2230,8 +2230,8 @@ + + /* dump.infilename is guaranteed to be NUL termimated and have 20 bytes + fewer than PATH_MAX */ +- memset (temp_filename, '\0', PATH_MAX + 1); +- sprintf (temp_filename, "%s-read-%03d.%s", dump.infilename, dump_images, ++ snprintf(temp_filename, sizeof(temp_filename), "%s-read-%03d.%s", ++ dump.infilename, dump_images, + (dump.format == DUMP_TEXT) ? "txt" : "raw"); + if ((dump.infile = fopen(temp_filename, dump.mode)) == NULL) + { +@@ -2249,8 +2249,8 @@ + + /* dump.outfilename is guaranteed to be NUL termimated and have 20 bytes + fewer than PATH_MAX */ +- memset (temp_filename, '\0', PATH_MAX + 1); +- sprintf (temp_filename, "%s-write-%03d.%s", dump.outfilename, dump_images, ++ snprintf(temp_filename, sizeof(temp_filename), "%s-write-%03d.%s", ++ dump.outfilename, dump_images, + (dump.format == DUMP_TEXT) ? "txt" : "raw"); + if ((dump.outfile = fopen(temp_filename, dump.mode)) == NULL) + { +diff -Naur tiff-4.0.3.orig/tools/tiffdither.c tiff-4.0.3/tools/tiffdither.c +--- tiff-4.0.3.orig/tools/tiffdither.c 2010-03-10 13:56:50.000000000 -0500 ++++ tiff-4.0.3/tools/tiffdither.c 2013-05-02 12:02:42.792288013 -0400 +@@ -260,7 +260,7 @@ + TIFFSetField(out, TIFFTAG_FILLORDER, fillorder); + else + CopyField(TIFFTAG_FILLORDER, shortv); +- sprintf(thing, "Dithered B&W version of %s", argv[optind]); ++ snprintf(thing, sizeof(thing), "Dithered B&W version of %s", argv[optind]); + TIFFSetField(out, TIFFTAG_IMAGEDESCRIPTION, thing); + CopyField(TIFFTAG_PHOTOMETRIC, shortv); + CopyField(TIFFTAG_ORIENTATION, shortv); diff --git a/media-libs/tiff/files/tiff-4.0.3-CVE-2013-4231.patch b/media-libs/tiff/files/tiff-4.0.3-CVE-2013-4231.patch new file mode 100644 index 000000000000..c4b344602e0b --- /dev/null +++ b/media-libs/tiff/files/tiff-4.0.3-CVE-2013-4231.patch @@ -0,0 +1,16 @@ +http://pkgs.fedoraproject.org/cgit/libtiff.git/plain/libtiff-CVE-2013-4231.patch +http://bugs.gentoo.org/480466 + +--- tools/gif2tiff.c ++++ tools/gif2tiff.c +@@ -333,6 +333,10 @@ readraster(void) + int status = 1; + + datasize = getc(infile); ++ ++ if (datasize > 12) ++ return 0; ++ + clear = 1 << datasize; + eoi = clear + 1; + avail = clear + 2; diff --git a/media-libs/tiff/files/tiff-4.0.3-CVE-2013-4232.patch b/media-libs/tiff/files/tiff-4.0.3-CVE-2013-4232.patch new file mode 100644 index 000000000000..98edff5d44d5 --- /dev/null +++ b/media-libs/tiff/files/tiff-4.0.3-CVE-2013-4232.patch @@ -0,0 +1,13 @@ +http://pkgs.fedoraproject.org/cgit/libtiff.git/plain/libtiff-CVE-2013-4232.patch +http://bugs.gentoo.org/480466 + +--- tools/tiff2pdf.c ++++ tools/tiff2pdf.c +@@ -2462,6 +2462,7 @@ tsize_t t2p_readwrite_pdf_image(T2P* t2p, TIFF* input, TIFF* output){ + TIFFFileName(input)); + t2p->t2p_error = T2P_ERR_ERROR; + _TIFFfree(buffer); ++ return(0); + } else { + buffer=samplebuffer; + t2p->tiff_datasize *= t2p->tiff_samplesperpixel; diff --git a/media-libs/tiff/files/tiff-4.0.3-CVE-2013-4244.patch b/media-libs/tiff/files/tiff-4.0.3-CVE-2013-4244.patch new file mode 100644 index 000000000000..792e076981a6 --- /dev/null +++ b/media-libs/tiff/files/tiff-4.0.3-CVE-2013-4244.patch @@ -0,0 +1,15 @@ +diff --git a/tools/gif2tiff.c b/tools/gif2tiff.c +index 375b152..2731273 100644 +--- a/tools/gif2tiff.c ++++ b/tools/gif2tiff.c +@@ -402,6 +402,10 @@ process(register int code, unsigned char** fill) + } + + if (oldcode == -1) { ++ if (code >= clear) { ++ fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear); ++ return 0; ++ } + *(*fill)++ = suffix[code]; + firstchar = oldcode = code; + return 1; diff --git a/media-libs/tiff/files/tiff-4.0.3-libjpeg-turbo.patch b/media-libs/tiff/files/tiff-4.0.3-libjpeg-turbo.patch new file mode 100644 index 000000000000..92cff7ea4e16 --- /dev/null +++ b/media-libs/tiff/files/tiff-4.0.3-libjpeg-turbo.patch @@ -0,0 +1,122 @@ +Back-port upstream patch to avoid assuming quite so much about what libjpeg +will return. Needed because libjpeg-turbo with the jpeg8 API broke the +expectations of the previous coding. + + +diff -Naur tiff-4.0.3.orig/test/raw_decode.c tiff-4.0.3/test/raw_decode.c +--- tiff-4.0.3.orig/test/raw_decode.c 2012-07-06 13:05:16.000000000 -0400 ++++ tiff-4.0.3/test/raw_decode.c 2012-12-19 13:04:37.609738276 -0500 +@@ -71,33 +71,54 @@ + return 1; + } + +-static int check_rgb_pixel( int pixel, int red, int green, int blue, unsigned char *buffer ) { ++static int check_rgb_pixel( int pixel, ++ int min_red, int max_red, ++ int min_green, int max_green, ++ int min_blue, int max_blue, ++ unsigned char *buffer ) { + unsigned char *rgb = buffer + 3 * pixel; + +- if( rgb[0] == red && rgb[1] == green && rgb[2] == blue ) { ++ if( rgb[0] >= min_red && rgb[0] <= max_red && ++ rgb[1] >= min_green && rgb[1] <= max_green && ++ rgb[2] >= min_blue && rgb[2] <= max_blue ) { + return 0; + } + + fprintf( stderr, "Pixel %d did not match expected results.\n", pixel ); +- fprintf( stderr, "Expect: %3d %3d %3d\n", red, green, blue ); +- fprintf( stderr, " Got: %3d %3d %3d\n", rgb[0], rgb[1], rgb[2] ); ++ fprintf( stderr, "Got R=%d (expected %d..%d), G=%d (expected %d..%d), B=%d (expected %d..%d)\n", ++ rgb[0], min_red, max_red, ++ rgb[1], min_green, max_green, ++ rgb[2], min_blue, max_blue ); + return 1; + } + +-static int check_rgba_pixel( int pixel, int red, int green, int blue, int alpha, uint32 *buffer ) { ++static int check_rgba_pixel( int pixel, ++ int min_red, int max_red, ++ int min_green, int max_green, ++ int min_blue, int max_blue, ++ int min_alpha, int max_alpha, ++ uint32 *buffer ) { + /* RGBA images are upside down - adjust for normal ordering */ + int adjusted_pixel = pixel % 128 + (127 - (pixel/128)) * 128; + uint32 rgba = buffer[adjusted_pixel]; + +- if( TIFFGetR(rgba) == (uint32) red && TIFFGetG(rgba) == (uint32) green && +- TIFFGetB(rgba) == (uint32) blue && TIFFGetA(rgba) == (uint32) alpha ) { ++ if( TIFFGetR(rgba) >= (uint32) min_red && ++ TIFFGetR(rgba) <= (uint32) max_red && ++ TIFFGetG(rgba) >= (uint32) min_green && ++ TIFFGetG(rgba) <= (uint32) max_green && ++ TIFFGetB(rgba) >= (uint32) min_blue && ++ TIFFGetB(rgba) <= (uint32) max_blue && ++ TIFFGetA(rgba) >= (uint32) min_alpha && ++ TIFFGetA(rgba) <= (uint32) max_alpha ) { + return 0; + } + + fprintf( stderr, "Pixel %d did not match expected results.\n", pixel ); +- fprintf( stderr, "Expect: %3d %3d %3d %3d\n", red, green, blue, alpha ); +- fprintf( stderr, " Got: %3d %3d %3d %3d\n", +- TIFFGetR(rgba), TIFFGetG(rgba), TIFFGetB(rgba), TIFFGetA(rgba) ); ++ fprintf( stderr, "Got R=%d (expected %d..%d), G=%d (expected %d..%d), B=%d (expected %d..%d), A=%d (expected %d..%d)\n", ++ TIFFGetR(rgba), min_red, max_red, ++ TIFFGetG(rgba), min_green, max_green, ++ TIFFGetB(rgba), min_blue, max_blue, ++ TIFFGetA(rgba), min_alpha, max_alpha ); + return 1; + } + +@@ -191,15 +212,17 @@ + return 1; + } + +-#if JPEG_LIB_VERSION >= 70 +- pixel_status |= check_rgb_pixel( 0, 18, 0, 41, buffer ); +- pixel_status |= check_rgb_pixel( 64, 0, 0, 0, buffer ); +- pixel_status |= check_rgb_pixel( 512, 5, 34, 196, buffer ); +-#else +- pixel_status |= check_rgb_pixel( 0, 15, 0, 18, buffer ); +- pixel_status |= check_rgb_pixel( 64, 0, 0, 2, buffer ); +- pixel_status |= check_rgb_pixel( 512, 6, 36, 182, buffer ); +-#endif ++ /* ++ * JPEG decoding is inherently inexact, so we can't test for exact ++ * pixel values. (Well, if we knew exactly which libjpeg version ++ * we were using, and with what settings, we could expect specific ++ * values ... but it's not worth the trouble to keep track of.) ++ * Hence, use ranges of expected values. The ranges may need to be ++ * widened over time as more versions of libjpeg appear. ++ */ ++ pixel_status |= check_rgb_pixel( 0, 15, 18, 0, 0, 18, 41, buffer ); ++ pixel_status |= check_rgb_pixel( 64, 0, 0, 0, 0, 0, 2, buffer ); ++ pixel_status |= check_rgb_pixel( 512, 5, 6, 34, 36, 182, 196, buffer ); + + free( buffer ); + +@@ -224,15 +247,12 @@ + * accomplish it from the YCbCr subsampled buffer ourselves in which + * case the results may be subtly different but similar. + */ +-#if JPEG_LIB_VERSION >= 70 +- pixel_status |= check_rgba_pixel( 0, 18, 0, 41, 255, rgba_buffer ); +- pixel_status |= check_rgba_pixel( 64, 0, 0, 0, 255, rgba_buffer ); +- pixel_status |= check_rgba_pixel( 512, 5, 34, 196, 255, rgba_buffer ); +-#else +- pixel_status |= check_rgba_pixel( 0, 15, 0, 18, 255, rgba_buffer ); +- pixel_status |= check_rgba_pixel( 64, 0, 0, 2, 255, rgba_buffer ); +- pixel_status |= check_rgba_pixel( 512, 6, 36, 182, 255, rgba_buffer ); +-#endif ++ pixel_status |= check_rgba_pixel( 0, 15, 18, 0, 0, 18, 41, 255, 255, ++ rgba_buffer ); ++ pixel_status |= check_rgba_pixel( 64, 0, 0, 0, 0, 0, 2, 255, 255, ++ rgba_buffer ); ++ pixel_status |= check_rgba_pixel( 512, 5, 6, 34, 36, 182, 196, 255, 255, ++ rgba_buffer ); + + free( rgba_buffer ); + TIFFClose(tif); diff --git a/media-libs/tiff/files/tiff-4.0.3-tiff2pdf-colors.patch b/media-libs/tiff/files/tiff-4.0.3-tiff2pdf-colors.patch new file mode 100644 index 000000000000..a503444b107c --- /dev/null +++ b/media-libs/tiff/files/tiff-4.0.3-tiff2pdf-colors.patch @@ -0,0 +1,15 @@ +http://bugs.gentoo.org/145055 + +http://build.opensuse.org/package/view_file?file=tiff-4.0.2-tiff2pdf-colors.patch&package=tiff&project=openSUSE%3AFactory + +--- tools/tiff2pdf.c ++++ tools/tiff2pdf.c +@@ -4991,7 +4991,7 @@ + + if(t2p->tiff_photometric != PHOTOMETRIC_YCBCR) { + written += t2pWriteFile(output, (tdata_t) "/DecodeParms ", 13); +- written += t2pWriteFile(output, (tdata_t) "<< /ColorTransform 0 >>\n", 24); ++ written += t2pWriteFile(output, (tdata_t) "<< /ColorTransform 1 >>\n", 24); + } + break; + #endif diff --git a/media-libs/tiff/metadata.xml b/media-libs/tiff/metadata.xml new file mode 100644 index 000000000000..fee1dc15ab8d --- /dev/null +++ b/media-libs/tiff/metadata.xml @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<herd>graphics</herd> +<longdescription>TIFF image library and tools, mostly for scanner and fax + support, but also used by GIS and other imaging tools.</longdescription> +</pkgmetadata> diff --git a/media-libs/tiff/tiff-3.9.7-r1.ebuild b/media-libs/tiff/tiff-3.9.7-r1.ebuild new file mode 100644 index 000000000000..4d32404e5da6 --- /dev/null +++ b/media-libs/tiff/tiff-3.9.7-r1.ebuild @@ -0,0 +1,72 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +# this ebuild is only for the libtiff.so.3 (+ 4) and libtiffxx.so.3 (+ 4) SONAME for ABI compat + +inherit eutils libtool multilib multilib-minimal + +DESCRIPTION="Library for manipulation of TIFF (Tag Image File Format) images" +HOMEPAGE="http://www.remotesensing.org/libtiff/" +SRC_URI="ftp://ftp.remotesensing.org/pub/libtiff/${P}.tar.gz" + +LICENSE="libtiff" +SLOT="3" +KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 m68k ~mips ~ppc ~ppc64 s390 sh ~sparc x86 ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~x86-interix ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris" +IUSE="+cxx jbig jpeg zlib" + +RDEPEND="jpeg? ( >=virtual/jpeg-0-r2[${MULTILIB_USEDEP}] ) + jbig? ( >=media-libs/jbigkit-2.1[${MULTILIB_USEDEP}] ) + zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] ) + !media-libs/tiff-compat + !=media-libs/tiff-3*:0 + abi_x86_32? ( + !<=app-emulation/emul-linux-x86-baselibs-20130224-r10 + !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] + )" +DEPEND="${RDEPEND}" + +src_prepare() { + epatch \ + "${FILESDIR}"/${P}-CVE-2012-{4447,4564,5581}.patch \ + "${FILESDIR}"/${P}-tiffinfo-exif.patch \ + "${FILESDIR}"/${P}-printdir-width.patch + + elibtoolize +} + +multilib_src_configure() { + ECONF_SOURCE="${S}" econf \ + --libdir=/libdir \ + --disable-static \ + $(use_enable cxx) \ + $(use_enable zlib) \ + $(use_enable jpeg) \ + $(use_enable jbig) \ + --without-x +} + +multilib_src_install() { + # Let `make install` and libtool handle insecure runpath(s) + dodir tmp + emake DESTDIR="${ED}/tmp" install + + # .so.3 (upstream) is used by sci-chemistry/icm + # .so.4 (Debian) is used by net-im/skype + exeinto /usr/$(get_libdir) + doexe "${ED}"/tmp/libdir/libtiff$(get_libname 3) + dosym libtiff$(get_libname 3) /usr/$(get_libdir)/libtiff$(get_libname 4) + if use cxx; then + doexe "${ED}"/tmp/libdir/libtiffxx$(get_libname 3) + dosym libtiffxx$(get_libname 3) /usr/$(get_libdir)/libtiffxx$(get_libname 4) + fi + + rm -rf "${ED}"/tmp +} + +multilib_src_install_all() { + # (avoid installing docs) + : +} diff --git a/media-libs/tiff/tiff-4.0.3-r6.ebuild b/media-libs/tiff/tiff-4.0.3-r6.ebuild new file mode 100644 index 000000000000..b893a65173da --- /dev/null +++ b/media-libs/tiff/tiff-4.0.3-r6.ebuild @@ -0,0 +1,79 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 +inherit eutils libtool multilib-minimal + +DESCRIPTION="Tag Image File Format (TIFF) library" +HOMEPAGE="http://www.remotesensing.org/libtiff/" +SRC_URI="http://download.osgeo.org/libtiff/${P}.tar.gz + ftp://ftp.remotesensing.org/pub/libtiff/${P}.tar.gz" + +LICENSE="libtiff" +SLOT="0" +KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~x64-solaris ~x86-solaris" +IUSE="+cxx jbig jpeg lzma static-libs test zlib" + +RDEPEND="jpeg? ( >=virtual/jpeg-0-r2:0=[${MULTILIB_USEDEP}] ) + jbig? ( >=media-libs/jbigkit-2.1:=[${MULTILIB_USEDEP}] ) + lzma? ( >=app-arch/xz-utils-5.0.5-r1:=[${MULTILIB_USEDEP}] ) + zlib? ( >=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}] ) + abi_x86_32? ( + !<=app-emulation/emul-linux-x86-baselibs-20130224-r9 + !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] + )" +DEPEND="${RDEPEND}" + +REQUIRED_USE="test? ( jpeg )" #483132 + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/tiffconf.h +) + +src_prepare() { + epatch "${FILESDIR}"/${PN}-4.0.3-tiff2pdf-colors.patch #145055 + epatch "${FILESDIR}"/${P}-CVE-2012-{4447,4564}.patch #440944 + epatch "${FILESDIR}"/${P}-CVE-2013-{1960,1961}.patch #468334 + epatch "${FILESDIR}"/${P}-CVE-2013-{4231,4232}.patch #480466 + epatch "${FILESDIR}"/${P}-CVE-2013-4244.patch #486590 + epatch "${FILESDIR}"/${P}-libjpeg-turbo.patch + + elibtoolize +} + +multilib_src_configure() { + ECONF_SOURCE="${S}" econf \ + $(use_enable static-libs static) \ + $(use_enable zlib) \ + $(use_enable jpeg) \ + $(use_enable jbig) \ + $(use_enable lzma) \ + $(use_enable cxx) \ + --without-x \ + --with-docdir="${EPREFIX}"/usr/share/doc/${PF} + + # remove useless subdirs + if ! multilib_is_native_abi ; then + sed -i \ + -e 's/ tools//' \ + -e 's/ contrib//' \ + -e 's/ man//' \ + -e 's/ html//' \ + Makefile || die + fi +} + +multilib_src_test() { + if ! multilib_is_native_abi ; then + cd tools + emake + cd "${BUILD_DIR}" + fi + emake check +} + +multilib_src_install_all() { + prune_libtool_files --all + rm -f "${ED}"/usr/share/doc/${PF}/{COPYRIGHT,README*,RELEASE-DATE,TODO,VERSION} +} |