commit: 89993d3fc3cba6e559905b758f691b157b589fcf Author: Amy Liffey <amynka <AT> gentoo <DOT> org> AuthorDate: Sun Aug 12 18:33:12 2018 +0000 Commit: Amy Liffey <amynka <AT> gentoo <DOT> org> CommitDate: Sun Aug 12 19:15:39 2018 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=89993d3f
sci-libs/gdal: add security patches Bug: https://bugs.gentoo.org/621712 Bug: https://bugs.gentoo.org/621720 Bug: https://bugs.gentoo.org/623028 Package-Manager: Portage-2.3.40, Repoman-2.3.9 .../gdal/files/gdal-2.3.0-changeset_38658.patch | 80 ++++++++++++++++++++++ .../gdal/files/gdal-2.3.0-frmts-nitf38234.patch | 12 ++++ sci-libs/gdal/files/gdal-2.3.0-libtiff.patch | 12 ++++ .../{gdal-2.3.0-r1.ebuild => gdal-2.3.0-r2.ebuild} | 5 ++ 4 files changed, 109 insertions(+) diff --git a/sci-libs/gdal/files/gdal-2.3.0-changeset_38658.patch b/sci-libs/gdal/files/gdal-2.3.0-changeset_38658.patch new file mode 100644 index 00000000000..3f681836989 --- /dev/null +++ b/sci-libs/gdal/files/gdal-2.3.0-changeset_38658.patch @@ -0,0 +1,80 @@ +Index: /trunk/gdal/frmts/nitf/nitfrasterband.cpp +=================================================================== +--- a/frmts/nitf/nitfrasterband.cpp (revision 38657) ++++ b/frmts/nitf/nitfrasterband.cpp (revision 38658) +@@ -824,4 +826,20 @@ + pUnpackData[i+7] = ((pDataSrc[k+2]) & 0x7); + } ++ if( i < n ) ++ { ++ pUnpackData[i+0] = ((pDataSrc[k+0] >> 5)); ++ if( i + 1 < n ) ++ pUnpackData[i+1] = ((pDataSrc[k+0] >> 2) & 0x07); ++ if( i + 2 < n ) ++ pUnpackData[i+2] = ((pDataSrc[k+0] << 1) & 0x07) | (pDataSrc[k+1] >> 7); ++ if( i + 3 < n ) ++ pUnpackData[i+3] = ((pDataSrc[k+1] >> 4) & 0x07); ++ if( i + 4 < n ) ++ pUnpackData[i+4] = ((pDataSrc[k+1] >> 1) & 0x07); ++ if( i + 5 < n ) ++ pUnpackData[i+5] = ((pDataSrc[k+1] << 2) & 0x07) | (pDataSrc[k+2] >> 6); ++ if( i + 6 < n ) ++ pUnpackData[i+6] = ((pDataSrc[k+2] >> 3) & 0x07); ++ } + + memcpy(pData, pUnpackData, n); +@@ -842,4 +862,20 @@ + pUnpackData[i+7] = ((pDataSrc[k+4]) & 0x1f); + } ++ if( i < n ) ++ { ++ pUnpackData[i+0] = ((pDataSrc[k+0] >> 3)); ++ if( i + 1 < n ) ++ pUnpackData[i+1] = ((pDataSrc[k+0] << 2) & 0x1f) | (pDataSrc[k+1] >> 6); ++ if( i + 2 < n ) ++ pUnpackData[i+2] = ((pDataSrc[k+1] >> 1) & 0x1f); ++ if( i + 3 < n ) ++ pUnpackData[i+3] = ((pDataSrc[k+1] << 4) & 0x1f) | (pDataSrc[k+2] >> 4); ++ if( i + 4 < n ) ++ pUnpackData[i+4] = ((pDataSrc[k+2] << 1) & 0x1f) | (pDataSrc[k+3] >> 7); ++ if( i + 5 < n ) ++ pUnpackData[i+5] = ((pDataSrc[k+3] >> 2) & 0x1f); ++ if( i + 6 < n ) ++ pUnpackData[i+6] = ((pDataSrc[k+3] << 3) & 0x1f) | (pDataSrc[k+4] >> 5); ++ } + + memcpy(pData, pUnpackData, n); +@@ -856,4 +894,12 @@ + pUnpackData[i+3] = ((pDataSrc[k+2]) & 0x3f); + } ++ if( i < n ) ++ { ++ pUnpackData[i+0] = ((pDataSrc[k+0] >> 2)); ++ if( i + 1 < n ) ++ pUnpackData[i+1] = ((pDataSrc[k+0] << 4) & 0x3f) | (pDataSrc[k+1] >> 4); ++ if( i + 2 < n ) ++ pUnpackData[i+2] = ((pDataSrc[k+1] << 2) & 0x3f) | (pDataSrc[k+2] >> 6); ++ } + + memcpy(pData, pUnpackData, n); +@@ -873,4 +921,20 @@ + pUnpackData[i+6] = ((pDataSrc[k+5] << 1) & 0x7f) | (pDataSrc[k+6] >> 7); + pUnpackData[i+7] = ((pDataSrc[k+6]) & 0x7f); ++ } ++ if( i < n ) ++ { ++ pUnpackData[i+0] = ((pDataSrc[k+0] >> 1)); ++ if( i + 1 < n ) ++ pUnpackData[i+1] = ((pDataSrc[k+0] << 6) & 0x7f) | (pDataSrc[k+1] >> 2); ++ if( i + 2 < n ) ++ pUnpackData[i+2] = ((pDataSrc[k+1] << 5) & 0x7f) | (pDataSrc[k+2] >> 3) ; ++ if( i + 3 < n ) ++ pUnpackData[i+3] = ((pDataSrc[k+2] << 4) & 0x7f) | (pDataSrc[k+3] >> 4); ++ if( i + 4 < n ) ++ pUnpackData[i+4] = ((pDataSrc[k+3] << 3) & 0x7f) | (pDataSrc[k+4] >> 5); ++ if( i + 5 < n ) ++ pUnpackData[i+5] = ((pDataSrc[k+4] << 2) & 0x7f) | (pDataSrc[k+5] >> 6); ++ if( i + 6 < n ) ++ pUnpackData[i+6] = ((pDataSrc[k+5] << 1) & 0x7f) | (pDataSrc[k+6] >> 7); + } + diff --git a/sci-libs/gdal/files/gdal-2.3.0-frmts-nitf38234.patch b/sci-libs/gdal/files/gdal-2.3.0-frmts-nitf38234.patch new file mode 100644 index 00000000000..783752e0efa --- /dev/null +++ b/sci-libs/gdal/files/gdal-2.3.0-frmts-nitf38234.patch @@ -0,0 +1,12 @@ +Index: trunk/gdal/frmts/nitf/nitffile.c +=================================================================== +--- a/frmts/nitf/nitffile.c (revision 38085) ++++ b/frmts/nitf/nitffile.c (revision 38234) +@@ -350,5 +350,6 @@ + if (nOffset != -1) + nOffset = NITFCollectSegmentInfo( psFile, nHeaderLen, nOffset, "RE", 4, 7, &nNextData); +- else ++ ++ if( nOffset < 0 ) + { + NITFClose(psFile); diff --git a/sci-libs/gdal/files/gdal-2.3.0-libtiff.patch b/sci-libs/gdal/files/gdal-2.3.0-libtiff.patch new file mode 100644 index 00000000000..5964165e3e6 --- /dev/null +++ b/sci-libs/gdal/files/gdal-2.3.0-libtiff.patch @@ -0,0 +1,12 @@ +--- ./frmts/gtiff/libtiff/tif_read.c.old 2018-08-11 09:12:42.378891934 +0100 ++++ ./frmts/gtiff/libtiff/tif_read.c 2018-08-11 09:15:37.330882891 +0100 +@@ -296,7 +296,8 @@ + } + else + { +- return 1; ++ tif->tif_rawcc = tif->tif_rawdataloaded; ++ return 1; + } + } + diff --git a/sci-libs/gdal/gdal-2.3.0-r1.ebuild b/sci-libs/gdal/gdal-2.3.0-r2.ebuild similarity index 97% rename from sci-libs/gdal/gdal-2.3.0-r1.ebuild rename to sci-libs/gdal/gdal-2.3.0-r2.ebuild index 436c68a468d..3762e5d262c 100644 --- a/sci-libs/gdal/gdal-2.3.0-r1.ebuild +++ b/sci-libs/gdal/gdal-2.3.0-r2.ebuild @@ -82,6 +82,10 @@ PATCHES=( "${FILESDIR}/${PN}-2.2.3-bashcomp-path.patch" # bug 641866 "${FILESDIR}/${PN}-2.2.3-goocast.patch" # bug 656252 "${FILESDIR}/${PN}-2.3.0-curl.patch" # bug 659840 + # Security bugs + "${FILESDIR}/${P}-libtiff.patch" # bug 621712 + "${FILESDIR}/${P}-frmts-nitf38234.patch" # bug 621720 + "${FILESDIR}/${P}-changeset_38658.patch" # bug 623028 ) src_prepare() { @@ -305,6 +309,7 @@ src_install() { fi doman "${S}"/man/man*/* + find "${ED}" -name '*.la' -delete || die } pkg_postinst() {
