Updated oldest version for CVE-2010-1411.

Package-Manager: portage-2.2_rc67/cvs/Linux x86_64

4 files changed, 47 insertions, 5 deletions

diff --git a/media-libs/tiff/ChangeLog b/media-libs/tiff/ChangeLog
index 400b3cfb7a89..09be24cbe798 100644
--- a/media-libs/tiff/ChangeLog
+++ b/media-libs/tiff/ChangeLog
@@ -1,6 +1,11 @@
 # ChangeLog for media-libs/tiff
 # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-libs/tiff/ChangeLog,v 1.159 2010/07/03 22:52:56 ssuominen Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-libs/tiff/ChangeLog,v 1.160 2010/07/18 21:18:15 nerdboy Exp $
+
+  18 Jul 2010; Steve Arnold <nerdboy@gentoo.org> tiff-3.9.2-r1.ebuild,
+  +files/tiff-3.9.2-CVE-2010-1411.patch:
+  Updated oldest version for CVE-2010-1411 (as long as it's still in the 
+  tree...)
 
   03 Jul 2010; Samuli Suominen <ssuominen@gentoo.org> tiff-3.9.4.ebuild:
   ppc64 stable wrt security #324885
diff --git a/media-libs/tiff/Manifest b/media-libs/tiff/Manifest
index a7706518eb90..e20d43084a49 100644
--- a/media-libs/tiff/Manifest
+++ b/media-libs/tiff/Manifest
@@ -1,10 +1,11 @@
 AUX tiff-3.8.2-CVE-2009-2285.patch 717 RMD160 6fca42b138383626becf1221ec8550935621f60b SHA1 f2daf5306efb6f0908f0046765a10bf30b2642c2 SHA256 bbe28b7dbc6f24619ad851a53d39149100069af6a5d1578b0cd9ade48d7b127b
 AUX tiff-3.9.2-CVE-2009-2347.patch 2571 RMD160 142c305b3a1cd9c0f27b482ced15104e82f43a19 SHA1 04c0bb3f6bcfa27e89f00f97c843b2f9d5220ce8 SHA256 27839133f0ddd51b7c5f53e85b7985f68284ab0da4ba589e629fe085be62074b
+AUX tiff-3.9.2-CVE-2010-1411.patch 898 RMD160 8b503834cdf4ade56b990152da4431cda36fe8d1 SHA1 e03812e4f19d22a0e4222a5d0f8d84be71949e18 SHA256 dd7a7e612df083ab2dd3980a1067a3af53c1f71781df7e9f3794d01698d36383
 DIST tiff-3.9.2.tar.gz 1419742 RMD160 22716e0bcee93a654a704900f3e19f41600f3d18 SHA1 5c054d31e350e53102221b7760c3700cf70b4327 SHA256 3cd566c19291ea3379115dd0d2ebcdefb6a7cf0511cc33e733ec3a500e10da69
 DIST tiff-3.9.4.tar.gz 1436968 RMD160 3e0a74b6294297c16fb983ad68056a1dfbbdb1de SHA1 a4e32d55afbbcabd0391a9c89995e8e8a19961de SHA256 67b76d075fb74f7cb32e7e4b217701674755fe6cee0f463b259a753fce691da6
 DIST tiff-4.0.0beta6.tar.gz 1968829 RMD160 deab0908742a309f1b2954f1d1b5e2aaaa3180d0 SHA1 20aabb4d92bd5980a382e8ca53a2e010c7580976 SHA256 de016175742bcdd0cd6f326dd2e7bbc7154437d7bb09976ad4789016065061e6
-EBUILD tiff-3.9.2-r1.ebuild 1604 RMD160 f97539a32f5163afbe916106dadc3f7a98deb0fe SHA1 e0b8bef40db8f5106d17c29897e4c75f086b40af SHA256 3b270c8e8717267ef155ff81aaabeab58c2f2c839c956ad0485862215a37fa28
+EBUILD tiff-3.9.2-r1.ebuild 1648 RMD160 d26f8618325e3d43289ba5bf119a6fe31de15035 SHA1 db42b78488f778674f48025cb6221f918c6bc8ed SHA256 0f203bb139cf38ee043f5f6a3ef7632802d0c097e57dfcdc388a64fb2e9b3e80
 EBUILD tiff-3.9.4.ebuild 1526 RMD160 f9e150ab25f819cfd6f19789bcca6b21319c2db7 SHA1 de217cd646ac717a493b74abbb34aa861fb33f5e SHA256 6c25df51529b5a0b1a9378537f3c32f0257b4bff6119726b1cc5cc2a817f0eb2
 EBUILD tiff-4.0.0_beta6.ebuild 1642 RMD160 63b88215a222718efe6a61a7d0c181dc8a6dfbd7 SHA1 fe6495402135a1af43a01029792e163cdc1a3d92 SHA256 89d42095c57293868147881f1ccbb66395f1866a4b5d16707f0f377bab6a3ec2
-MISC ChangeLog 21767 RMD160 cefd21d1e5c678bc851e195f0eee0b854b87ac3d SHA1 9b8799115668baef858ae42fb0a3b12d4405d886 SHA256 dac1bc95881ac72dc07470fa0b678900d786ec5bfd4f43fa11d171a66b944c81
+MISC ChangeLog 21963 RMD160 f78a2094172564c97db9a834ab4f2204f4883496 SHA1 e93d782d9d35149d905cf5c11dd60dbfd8036e4b SHA256 103fafa56f1864ecd7e4f73c102b7420f37e98380c1ec2e25a81b77d00519fa2
 MISC metadata.xml 448 RMD160 0419f91f1f20efdc94d3894f6a4fc6471f22d0a1 SHA1 d743d16f4afb124bbe57a45b217b92f71b515f20 SHA256 61b04082cf0ccec1f58146fab271f88e56009277edee28b3f297eafb0562f4c9
diff --git a/media-libs/tiff/files/tiff-3.9.2-CVE-2010-1411.patch b/media-libs/tiff/files/tiff-3.9.2-CVE-2010-1411.patch
new file mode 100644
index 000000000000..7de456578c76
--- /dev/null
+++ b/media-libs/tiff/files/tiff-3.9.2-CVE-2010-1411.patch
@@ -0,0 +1,35 @@
+--- libtiff/tif_fax3.c.orig	2010-05-13 19:36:08.995479161 +0200
++++ libtiff/tif_fax3.c	2010-05-13 19:48:04.215467428 +0200
+@@ -42,6 +42,7 @@
+ #define	G3CODES
+ #include "t4.h"
+ #include <stdio.h>
++#include <stdint.h>
+ 
+ /*
+  * Compression+decompression state blocks are
+@@ -493,9 +494,21 @@
+ 	    td->td_compression == COMPRESSION_CCITTFAX4
+ 	);
+ 
+-	nruns = needsRefLine ? 2*TIFFroundup(rowpixels,32) : rowpixels;
++	uint64_t val64 = rowpixels;
++	if (needsRefLine)
++	{
++	val64 = 2*TIFFroundup(rowpixels,32);
++	if (val64 > 0xffffffff)
++		return (0);
++	}
++	nruns = (val64 &0xffffffff);
+ 	nruns += 3;
+-	dsp->runs = (uint32*) _TIFFCheckMalloc(tif, 2*nruns, sizeof (uint32),
++	
++	val64 = 2*nruns+3;
++	if (val64 > 0xffffffff)
++		return (0);
++
++	dsp->runs = (uint32*) _TIFFCheckMalloc(tif, (val64 & 0xffffffff), sizeof (uint32),
+ 					  "for Group 3/4 run arrays");
+ 	if (dsp->runs == NULL)
+ 		return (0);
+
diff --git a/media-libs/tiff/tiff-3.9.2-r1.ebuild b/media-libs/tiff/tiff-3.9.2-r1.ebuild
index 4daa626b6203..eb238e22ad11 100644
--- a/media-libs/tiff/tiff-3.9.2-r1.ebuild
+++ b/media-libs/tiff/tiff-3.9.2-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2010 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/media-libs/tiff/tiff-3.9.2-r1.ebuild,v 1.7 2010/03/09 21:46:10 josejx Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-libs/tiff/tiff-3.9.2-r1.ebuild,v 1.8 2010/07/18 21:18:15 nerdboy Exp $
 
 EAPI=2
 inherit eutils libtool
@@ -20,7 +20,8 @@ DEPEND="jpeg? ( >=media-libs/jpeg-6b:0 )
 
 src_prepare() {
 	epatch "${FILESDIR}"/${PN}-3.8.2-CVE-2009-2285.patch \
-		"${FILESDIR}"/${P}-CVE-2009-2347.patch
+		"${FILESDIR}"/${P}-CVE-2009-2347.patch \
+		"${FILESDIR}"/${P}-CVE-2010-1411.patch
 	elibtoolize
 }