Commit 91a15d7b authored by Jérome Perrin's avatar Jérome Perrin

Merge remote-tracking branch 'origin/master' into zope4py2

parents aa92afab b3b4beb2
......@@ -55,6 +55,7 @@ md5sum = 3f489aa48ad2aa1f967dc5e293bbd06f
[yasm]
recipe = slapos.recipe.cmmi
shared = true
url = http://www.tortall.net/projects/yasm/releases/yasm-1.1.0.tar.gz
[libvpx]
......
[buildout]
extends =
../freetype/buildout.cfg
../glib/buildout.cfg
../libpng/buildout.cfg
../pcre/buildout.cfg
../xorg/buildout.cfg
../gtk-2/buildout.cfg
parts =
fluxbox
[fluxbox]
recipe = slapos.recipe.cmmi
url = https://netcologne.dl.sourceforge.net/project/fluxbox/fluxbox/1.3.7/fluxbox-1.3.7.tar.bz2
md6sum = c4701822d8a09d426ebf26e7e97c552a
configure-options =
--enable-x
--enable-xext
--enable-xrender
--enable-xdmcp
--enable-freetype2
--enable-xinerama
--enable-fribidi
--enable-debug
environment =
PATH=${freetype:location}/bin:${pkgconfig:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${libXext:location}/lib/pkgconfig:${libxcb:location}/lib/pkgconfig:${libXdmcp:location}/lib/pkgconfig:${libX11:location}/lib/pkgconfig:${libX11:pkg_config_depends}:${libXrandr:pkg_config_depends}:${libXrandr:location}/lib/pkgconfig:${xorgproto:pkg_config_depends}:${xorgproto:location}/share/pkgconfig:${fribidi:location}/lib/pkgconfig
LDFLAGS=-L${libX11:location}/lib -Wl,-rpath=${libX11:location}/lib -Wl,-rpath=${libXrandr:location}/lib -L${libXext:location}/lib -Wl,-rpath=${libXext:location}/lib -L${xextproto:location}/lib -L${libXrender:location}/lib -Wl,-rpath=${libXrender:location}/lib -Wl,-rpath=${freetype:location}/lib -L${libXdmcp:location}/lib -L${libXinerama:location}/lib -Wl,-rpath=${libXinerama:location}/lib -L${fribidi:location}/lib -Wl,-rpath=${fribidi:location}/lib -L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib -L${bzip2:location}/lib -Wl,-rpath=${bzip2:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${libpng:location}/lib -Wl,-rpath=${libpng:location}/lib
CPPFLAGS=-I${xextproto:location}/include -I${libX11:location}/include -I${libXrandr:location}/include -I${xorgproto:location}/include -I${xproto:location}/include -I${kbproto:location}/include -I${libXrender:location}/include -I${renderext:location}/include -I${libXext:location}/include -I${libXdmcp:location}/include -I${libXinerama:location}/include -I${fribidi:location}/include -I${libpng:location}/include
X11_CFLAGS=-I${libX11:location}/include
X11_LIBS=-L${libX11:location}/lib -lX11
FREETYPE2_CFLAGS=-I${freetype:location}/include
FREETYPE2_LIBS=-L${freetype:location}/lib -lfreetype
XRENDER_LIBS=-L${libXrender:location}/lib -lXrender
XRENDER_CFLAGS=-I${libXrender:location}/include
XINERAMA_CFLAGS=-I${libXinerama:location}/include
XINERAMA_LIBS=-L${libXinerama:location}/lib -lXinerama
[wmctrl]
recipe = slapos.recipe.cmmi
#url = http://tripie.sweb.cz/utils/wmctrl/dist/wmctrl-1.07.tar.gz
# latest version wmctrl 1.07 was not maintenaned for years, it fails to list windows
url = https://github.com/saravanabalagi/wmctrl/archive/7ecfd2adaa2726a0c974b30bd6df2a65094032dd.tar.gz
md5sum = 6337ecc72cf7bd393f319fc822294105
configure-options =
--with-x
--x-includes=${libX11:location}/include
--x-libraries=${libX11:location}/lib
environment =
PATH=${glib:location}/bin:${pkgconfig:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${libX11:location}/lib/pkgconfig:${libX11:pkg_config_depends}:${libICE:location}/lib/pkgconfig:${xproto:location}/lib/pkgconfig:${libxmu:location}/lib/pkgconfig:${glib:location}/lib/pkgconfig:${pcre:location}/lib/pkgconfig
LDFLAGS=-Wl,-rpath=${libX11:location}/lib -Wl,-rpath=${libICE:location}/lib -L${libxmu:location}/lib -Wl,-rpath=${libxmu:location}/lib -L${libSM:location}/lib -Wl,-rpath=${libSM:location}/lib -L${glib:location}/lib -Wl,-rpath=${glib:location}/lib -L${libICE:location}/lib -lglib-2.0
CPPFLAGS=-I${xproto:location}/include -I${libxmu:location}/include -I${libSM:location}/include -I${glib:location}/include/glib-2.0 -I${glib:location}/lib/glib-2.0/include
......@@ -13,6 +13,7 @@ extends =
[at-spi2-core]
recipe = slapos.recipe.cmmi
shared = true
url =http://ftp.gnome.org/pub/gnome/core/3.22/3.22.2/sources/at-spi2-core-2.22.0.tar.xz
md5sum = 3da5fe62a653e49dad1c47f9a46fee56
configure-options =
......@@ -25,6 +26,7 @@ environment =
[at-spi2-atk]
recipe = slapos.recipe.cmmi
shared = true
url =http://ftp.gnome.org/pub/gnome/core/3.22/3.22.2/sources/at-spi2-atk-2.22.0.tar.xz
md5sum = aa62aed21b8e03dc44ab81ae49d893ca
environment =
......@@ -33,6 +35,7 @@ environment =
[gtk-3]
recipe = slapos.recipe.cmmi
shared = true
url = http://ftp.gnome.org/pub/gnome/core/3.22/3.22.2/sources/gtk+-3.22.3.tar.xz
md5sum = f0e6492896a2ca244501142319adaa95
pkg_config_depends = ${at-spi2-atk:location}/lib/pkgconfig:${at-spi2-core:location}/lib/pkgconfig:${dbus:location}/lib/pkgconfig:${glib:location}/lib/pkgconfig:${libepoxy:location}/lib/pkgconfig:${pango:location}/lib/pkgconfig:${pango:pkg_config_depends}:${atk:location}/lib/pkgconfig:${gdk-pixbuf:location}/lib/pkgconfig:${libXi:pkg_config_depends}:${libXi:location}/lib/pkgconfig:${pcre:location}/lib/pkgconfig:${libX11:location}/lib/pkgconfig:${libX11:pkg_config_depends}:${libX11:location}/lib/pkgconfig:${xorgproto:location}/lib/pkgconfig:${libXext:location}/lib/pkgconfig:${xextproto:location}/lib/pkgconfig:${libXrender:location}/lib/pkgconfig:${renderproto:location}/lib/pkgconfig:${xproto:location}/lib/pkgconfig:${kbproto:location}/lib/pkgconfig:${xcbproto:location}/lib/pkgconfig:${libxcb:location}/lib/pkgconfig:${xorg-libpthread-stubs:location}/lib/pkgconfig:${libXau:location}/lib/pkgconfig:${libXinerama:location}/lib/pkgconfig:${libXrandr:pkg_config_depends}:${libXrandr:location}/lib/pkgconfig:${xfixes:location}/lib/pkgconfig:${libXcomposite:location}/lib/pkgconfig:${xdamage:location}/lib/pkgconfig:${xproto:location}/lib/pkgconfig:${libX11:location}/lib/pkgconfig:${xextproto:location}/lib/pkgconfig:${fixesproto:location}/lib/pkgconfig:${xorg-util-macros:location}/share/pkgconfig:${kbproto:location}/lib/pkgconfig:${libxcb:location}/lib/pkgconfig:${xorg-libpthread-stubs:location}/lib/pkgconfig:${libXau:location}/lib/pkgconfig:${compositeproto:location}/lib/pkgconfig:${fixesproto:location}/lib/pkgconfig:${kbproto:location}/lib/pkgconfig:${libX11:location}/lib/pkgconfig:${libXau:location}/lib/pkgconfig:${libxcb:location}/lib/pkgconfig:${xextproto:location}/lib/pkgconfig:${xfixes:location}/lib/pkgconfig:${xorg-libpthread-stubs:location}/lib/pkgconfig:${xorg-util-macros:location}/share/pkgconfig:${xproto:location}/lib/pkgconfig:${damageproto:location}/lib/pkgconfig:${xfixes:location}/lib/pkgconfig:${fixesproto:location}/lib/pkgconfig:${xextproto:location}/lib/pkgconfig:${libX11:location}/lib/pkgconfig:${xproto:location}/lib/pkgconfig:${kbproto:location}/lib/pkgconfig:${libxcb:location}/lib/pkgconfig:${xorg-libpthread-stubs:location}/lib/pkgconfig:${libXau:location}/lib/pkgconfig
......
......@@ -7,7 +7,7 @@ parts =
[gzip]
recipe = slapos.recipe.cmmi
shared = true
url = https://ftp.gnu.org/pub/gnu/gzip/gzip-1.11.tar.xz
md5sum = d1e93996dba00cab0caa7903cd01d454
url = https://ftp.gnu.org/pub/gnu/gzip/gzip-1.12.tar.xz
md5sum = 9608e4ac5f061b2a6479dc44e917a5db
environment =
PATH=${xz-utils:location}/bin:%(PATH)s
[buildout]
extends =
../bison/buildout.cfg
parts =
kerberos
[kerberos]
recipe = slapos.recipe.cmmi
shared = true
url = http://web.mit.edu/kerberos/dist/krb5/1.19/krb5-1.19.2.tar.gz
md5sum = eb51b7724111e1a458a8c9a261d45a31
configure-command = src/configure
configure-options =
--prefix=@@LOCATION@@
--with-ldap=no
--without-readline
--without-tcl
--without-keyutils
environment =
PATH=${bison:location}/bin:%(PATH)s
......@@ -7,6 +7,7 @@ extends =
[libepoxy]
recipe = slapos.recipe.cmmi
shared = true
url = https://github.com/anholt/libepoxy/releases/download/v1.4/libepoxy-1.4.0.tar.xz
md5sum = d8d8cbf2beb64975d424fcc5167a2a38
environment =
......
[buildout]
extends =
../ffmpeg/buildout.cfg
../cmake/buildout.cfg
parts =
libjpeg
......@@ -9,3 +13,34 @@ url = http://www.ijg.org/files/jpegsrc.v9d.tar.gz
md5sum = 693a4e10906e66467ca21f045547fe15
configure-options =
--disable-static
[libjpeg-turbo2]
recipe = slapos.recipe.cmmi
shared = true
url = https://freefr.dl.sourceforge.net/project/libjpeg-turbo/${:version}/libjpeg-turbo-${:version}.tar.gz
version = 2.1.2
md5sum = e181bd78884dd5392a869209bfa41d4a
configure-command = cmake
configure-options =
-Bbuild
-DCMAKE_BUILD_TYPE=Release
-DCMAKE_INSTALL_PREFIX=@@LOCATION@@
-DENABLE_STATIC=0
-G"Unix Makefiles"
make-options = -C build
environment =
PATH=${cmake:location}/bin:%(PATH)s
[libjpeg-turbo]
recipe = slapos.recipe.cmmi
shared = true
url = https://freefr.dl.sourceforge.net/project/libjpeg-turbo/${:version}/libjpeg-turbo-${:version}.tar.gz
version = 1.5.2
md5sum = 6b4923e297a7eaa255f08511017a8818
configure-options =
--disable-static
--with-gnu-ld
--with-jpeg7
--with-jpeg8
environment =
PATH=${yasm:location}/bin:%(PATH)s
......@@ -11,15 +11,18 @@ parts =
[libtiff]
recipe = slapos.recipe.cmmi
shared = true
url = http://download.osgeo.org/libtiff/tiff-4.0.8.tar.gz
md5sum = 2a7d1c1318416ddf36d5f6fa4600069b
url = http://download.osgeo.org/libtiff/tiff-4.2.0.tar.gz
md5sum = 2bbf6db1ddc4a59c89d6986b368fc063
configure-options =
--disable-static
--without-x
--disable-libdeflate
--disable-lzma
--disable-zstd
--disable-webp
patch-options = -p1
patches =
${:_profile_base_location_}/debian_4.0.8-2+deb9u5.patch#dc9c9cb7f4f9a00100f908e640895185
${:_profile_base_location_}/debian_4.2.0-1+deb11u1.patch#2ded3a01abc353bad4aa1a1f128d6d1a
environment =
CPPFLAGS=-I${libjpeg:location}/include -I${jbigkit:location}/include -I${zlib:location}/include
LDFLAGS=-L${libjpeg:location}/lib -Wl,-rpath=${libjpeg:location}/lib -L${jbigkit:location}/lib -Wl,-rpath=${jbigkit:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
......
diff -pur tiff-4.0.4/tools/tiffsplit.c tiff-4.0.4_patch/tools/tiffsplit.c
--- tiff-4.0.4/tools/tiffsplit.c 2015-05-28 15:10:26.000000000 +0200
+++ tiff-4.0.4_patch/tools/tiffsplit.c 2016-02-12 19:15:30.532005041 +0100
@@ -179,8 +179,9 @@ tiffcp(TIFF* in, TIFF* out)
TIFFSetField(out, TIFFTAG_JPEGTABLES, count, table);
}
}
+ uint32 count = 0;
CopyField(TIFFTAG_PHOTOMETRIC, shortv);
- CopyField(TIFFTAG_PREDICTOR, shortv);
+ CopyField2(TIFFTAG_PREDICTOR, count, shortv);
CopyField(TIFFTAG_THRESHHOLDING, shortv);
CopyField(TIFFTAG_FILLORDER, shortv);
CopyField(TIFFTAG_ORIENTATION, shortv);
@@ -188,7 +189,7 @@ tiffcp(TIFF* in, TIFF* out)
CopyField(TIFFTAG_MAXSAMPLEVALUE, shortv);
CopyField(TIFFTAG_XRESOLUTION, floatv);
CopyField(TIFFTAG_YRESOLUTION, floatv);
- CopyField(TIFFTAG_GROUP3OPTIONS, longv);
+ CopyField2(TIFFTAG_GROUP3OPTIONS, count, longv);
CopyField(TIFFTAG_GROUP4OPTIONS, longv);
CopyField(TIFFTAG_RESOLUTIONUNIT, shortv);
CopyField(TIFFTAG_PLANARCONFIG, shortv);
From 02669064e927074819ce1ed39aba0fccaa167717 Mon Sep 17 00:00:00 2001
From: erouault <erouault>
Date: Mon, 29 May 2017 10:12:54 +0000
Subject: [PATCH] * libtiff/tif_color.c: TIFFYCbCrToRGBInit(): stricter
clamping to avoid int32 overflow in TIFFYCbCrtoRGB(). Fixes
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1844 Credit to OSS Fuzz
---
ChangeLog | 7 +++++++
libtiff/tif_color.c | 6 +++---
2 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index ee8d9d08..61116596 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2017-05-29 Even Rouault <even.rouault at spatialys.com>
+
+ * libtiff/tif_color.c: TIFFYCbCrToRGBInit(): stricter clamping to avoid
+ int32 overflow in TIFFYCbCrtoRGB().
+ Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1844
+ Credit to OSS Fuzz
+
2017-05-21 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>
* configure.ac: libtiff 4.0.8 released.
diff --git a/libtiff/tif_color.c b/libtiff/tif_color.c
index 055ed3b2..10a5e66e 100644
--- a/libtiff/tif_color.c
+++ b/libtiff/tif_color.c
@@ -275,10 +275,10 @@ TIFFYCbCrToRGBInit(TIFFYCbCrToRGB* ycbcr, float *luma, float *refBlackWhite)
for (i = 0, x = -128; i < 256; i++, x++) {
int32 Cr = (int32)CLAMPw(Code2V(x, refBlackWhite[4] - 128.0F,
refBlackWhite[5] - 128.0F, 127),
- -128.0F * 64, 128.0F * 64);
+ -128.0F * 32, 128.0F * 32);
int32 Cb = (int32)CLAMPw(Code2V(x, refBlackWhite[2] - 128.0F,
refBlackWhite[3] - 128.0F, 127),
- -128.0F * 64, 128.0F * 64);
+ -128.0F * 32, 128.0F * 32);
ycbcr->Cr_r_tab[i] = (int32)((D1*Cr + ONE_HALF)>>SHIFT);
ycbcr->Cb_b_tab[i] = (int32)((D3*Cb + ONE_HALF)>>SHIFT);
@@ -286,7 +286,7 @@ TIFFYCbCrToRGBInit(TIFFYCbCrToRGB* ycbcr, float *luma, float *refBlackWhite)
ycbcr->Cb_g_tab[i] = D4*Cb + ONE_HALF;
ycbcr->Y_tab[i] =
(int32)CLAMPw(Code2V(x + 128, refBlackWhite[0], refBlackWhite[1], 255),
- -128.0F * 64, 128.0F * 64);
+ -128.0F * 32, 128.0F * 32);
}
}
From 468988860e0dae62ebbf991627c74bcbb4bd256f Mon Sep 17 00:00:00 2001
From: erouault <erouault>
Date: Mon, 29 May 2017 11:29:06 +0000
Subject: [PATCH] * libtiff/tif_getimage.c: initYCbCrConversion(): stricter
validation for refBlackWhite coefficients values. To avoid invalid
float->int32 conversion (when refBlackWhite[0] == 2147483648.f) Fixes
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1907 Credit to OSS Fuzz
---
ChangeLog | 8 ++++++++
libtiff/tif_getimage.c | 2 +-
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index a2ddaac2..04881ba7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,13 @@
2017-05-29 Even Rouault <even.rouault at spatialys.com>
+ * libtiff/tif_getimage.c: initYCbCrConversion(): stricter validation for
+ refBlackWhite coefficients values. To avoid invalid float->int32 conversion
+ (when refBlackWhite[0] == 2147483648.f)
+ Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1907
+ Credit to OSS Fuzz
+
+2017-05-29 Even Rouault <even.rouault at spatialys.com>
+
* libtiff/tif_color.c: TIFFYCbCrToRGBInit(): stricter clamping to avoid
int32 overflow in TIFFYCbCrtoRGB().
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1844
diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c
index dc373abc..a209a7a7 100644
--- a/libtiff/tif_getimage.c
+++ b/libtiff/tif_getimage.c
@@ -2241,7 +2241,7 @@ DECLARESepPutFunc(putseparate8bitYCbCr11tile)
static int isInRefBlackWhiteRange(float f)
{
- return f >= (float)(-0x7FFFFFFF + 128) && f <= (float)0x7FFFFFFF;
+ return f > (float)(-0x7FFFFFFF + 128) && f < (float)0x7FFFFFFF;
}
static int
commit 40448d58fbfad52d2dde5bd18daa30b17fe35fcd
Author: erouault <erouault>
Date: Thu Jun 1 12:44:04 2017 +0000
* libtiff/tif_dirinfo.c, tif_dirread.c: add _TIFFCheckFieldIsValidForCodec(),
and use it in TIFFReadDirectory() so as to ignore fields whose tag is a
codec-specified tag but this codec is not enabled. This avoids TIFFGetField()
to behave differently depending on whether the codec is enabled or not, and
thus can avoid stack based buffer overflows in a number of TIFF utilities
such as tiffsplit, tiffcmp, thumbnail, etc.
Patch derived from 0063-Handle-properly-CODEC-specific-tags.patch
(http://bugzilla.maptools.org/show_bug.cgi?id=2580) by Raphaël Hertzog.
Fixes:
http://bugzilla.maptools.org/show_bug.cgi?id=2580
http://bugzilla.maptools.org/show_bug.cgi?id=2693
http://bugzilla.maptools.org/show_bug.cgi?id=2625 (CVE-2016-10095)
http://bugzilla.maptools.org/show_bug.cgi?id=2564 (CVE-2015-7554)
http://bugzilla.maptools.org/show_bug.cgi?id=2561 (CVE-2016-5318)
http://bugzilla.maptools.org/show_bug.cgi?id=2499 (CVE-2014-8128)
http://bugzilla.maptools.org/show_bug.cgi?id=2441
http://bugzilla.maptools.org/show_bug.cgi?id=2433
diff --git a/ChangeLog b/ChangeLog
index 04881ba7..ebd1a3c0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,23 @@
+2017-06-01 Even Rouault <even.rouault at spatialys.com>
+
+ * libtiff/tif_dirinfo.c, tif_dirread.c: add _TIFFCheckFieldIsValidForCodec(),
+ and use it in TIFFReadDirectory() so as to ignore fields whose tag is a
+ codec-specified tag but this codec is not enabled. This avoids TIFFGetField()
+ to behave differently depending on whether the codec is enabled or not, and
+ thus can avoid stack based buffer overflows in a number of TIFF utilities
+ such as tiffsplit, tiffcmp, thumbnail, etc.
+ Patch derived from 0063-Handle-properly-CODEC-specific-tags.patch
+ (http://bugzilla.maptools.org/show_bug.cgi?id=2580) by Raphaël Hertzog.
+ Fixes:
+ http://bugzilla.maptools.org/show_bug.cgi?id=2580
+ http://bugzilla.maptools.org/show_bug.cgi?id=2693
+ http://bugzilla.maptools.org/show_bug.cgi?id=2625 (CVE-2016-10095)
+ http://bugzilla.maptools.org/show_bug.cgi?id=2564 (CVE-2015-7554)
+ http://bugzilla.maptools.org/show_bug.cgi?id=2561 (CVE-2016-5318)
+ http://bugzilla.maptools.org/show_bug.cgi?id=2499 (CVE-2014-8128)
+ http://bugzilla.maptools.org/show_bug.cgi?id=2441
+ http://bugzilla.maptools.org/show_bug.cgi?id=2433
+
2017-05-29 Even Rouault <even.rouault at spatialys.com>
* libtiff/tif_getimage.c: initYCbCrConversion(): stricter validation for
diff --git a/libtiff/tif_dir.h b/libtiff/tif_dir.h
index 6af5f3dc..5a380767 100644
--- a/libtiff/tif_dir.h
+++ b/libtiff/tif_dir.h
@@ -1,4 +1,4 @@
-/* $Id: tif_dir.h,v 1.54 2011-02-18 20:53:05 fwarmerdam Exp $ */
+/* $Id: tif_dir.h,v 1.55 2017-06-01 12:44:04 erouault Exp $ */
/*
* Copyright (c) 1988-1997 Sam Leffler
@@ -291,6 +291,7 @@ struct _TIFFField {
extern int _TIFFMergeFields(TIFF*, const TIFFField[], uint32);
extern const TIFFField* _TIFFFindOrRegisterField(TIFF *, uint32, TIFFDataType);
extern TIFFField* _TIFFCreateAnonField(TIFF *, uint32, TIFFDataType);
+extern int _TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag);
#if defined(__cplusplus)
}
diff --git a/libtiff/tif_dirinfo.c b/libtiff/tif_dirinfo.c
index 23ad0020..4904f540 100644
--- a/libtiff/tif_dirinfo.c
+++ b/libtiff/tif_dirinfo.c
@@ -1,4 +1,4 @@
-/* $Id: tif_dirinfo.c,v 1.126 2016-11-18 02:52:13 bfriesen Exp $ */
+/* $Id: tif_dirinfo.c,v 1.127 2017-06-01 12:44:04 erouault Exp $ */
/*
* Copyright (c) 1988-1997 Sam Leffler
@@ -956,6 +956,109 @@ TIFFMergeFieldInfo(TIFF* tif, const TIFFFieldInfo info[], uint32 n)
return 0;
}
+int
+_TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag)
+{
+ /* Filter out non-codec specific tags */
+ switch (tag) {
+ /* Shared tags */
+ case TIFFTAG_PREDICTOR:
+ /* JPEG tags */
+ case TIFFTAG_JPEGTABLES:
+ /* OJPEG tags */
+ case TIFFTAG_JPEGIFOFFSET:
+ case TIFFTAG_JPEGIFBYTECOUNT:
+ case TIFFTAG_JPEGQTABLES:
+ case TIFFTAG_JPEGDCTABLES:
+ case TIFFTAG_JPEGACTABLES:
+ case TIFFTAG_JPEGPROC:
+ case TIFFTAG_JPEGRESTARTINTERVAL:
+ /* CCITT* */
+ case TIFFTAG_BADFAXLINES:
+ case TIFFTAG_CLEANFAXDATA:
+ case TIFFTAG_CONSECUTIVEBADFAXLINES:
+ case TIFFTAG_GROUP3OPTIONS:
+ case TIFFTAG_GROUP4OPTIONS:
+ break;
+ default:
+ return 1;
+ }
+ /* Check if codec specific tags are allowed for the current
+ * compression scheme (codec) */
+ switch (tif->tif_dir.td_compression) {
+ case COMPRESSION_LZW:
+ if (tag == TIFFTAG_PREDICTOR)
+ return 1;
+ break;
+ case COMPRESSION_PACKBITS:
+ /* No codec-specific tags */
+ break;
+ case COMPRESSION_THUNDERSCAN:
+ /* No codec-specific tags */
+ break;
+ case COMPRESSION_NEXT:
+ /* No codec-specific tags */
+ break;
+ case COMPRESSION_JPEG:
+ if (tag == TIFFTAG_JPEGTABLES)
+ return 1;
+ break;
+ case COMPRESSION_OJPEG:
+ switch (tag) {
+ case TIFFTAG_JPEGIFOFFSET:
+ case TIFFTAG_JPEGIFBYTECOUNT:
+ case TIFFTAG_JPEGQTABLES:
+ case TIFFTAG_JPEGDCTABLES:
+ case TIFFTAG_JPEGACTABLES:
+ case TIFFTAG_JPEGPROC:
+ case TIFFTAG_JPEGRESTARTINTERVAL:
+ return 1;
+ }
+ break;
+ case COMPRESSION_CCITTRLE:
+ case COMPRESSION_CCITTRLEW:
+ case COMPRESSION_CCITTFAX3:
+ case COMPRESSION_CCITTFAX4:
+ switch (tag) {
+ case TIFFTAG_BADFAXLINES:
+ case TIFFTAG_CLEANFAXDATA:
+ case TIFFTAG_CONSECUTIVEBADFAXLINES:
+ return 1;
+ case TIFFTAG_GROUP3OPTIONS:
+ if (tif->tif_dir.td_compression == COMPRESSION_CCITTFAX3)
+ return 1;
+ break;
+ case TIFFTAG_GROUP4OPTIONS:
+ if (tif->tif_dir.td_compression == COMPRESSION_CCITTFAX4)
+ return 1;
+ break;
+ }
+ break;
+ case COMPRESSION_JBIG:
+ /* No codec-specific tags */
+ break;
+ case COMPRESSION_DEFLATE:
+ case COMPRESSION_ADOBE_DEFLATE:
+ if (tag == TIFFTAG_PREDICTOR)
+ return 1;
+ break;
+ case COMPRESSION_PIXARLOG:
+ if (tag == TIFFTAG_PREDICTOR)
+ return 1;
+ break;
+ case COMPRESSION_SGILOG:
+ case COMPRESSION_SGILOG24:
+ /* No codec-specific tags */
+ break;
+ case COMPRESSION_LZMA:
+ if (tag == TIFFTAG_PREDICTOR)
+ return 1;
+ break;
+
+ }
+ return 0;
+}
+
/* vim: set ts=8 sts=8 sw=8 noet: */
/*
diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
index 772ebaf7..acde78b5 100644
--- a/libtiff/tif_dirread.c
+++ b/libtiff/tif_dirread.c
@@ -1,4 +1,4 @@
-/* $Id: tif_dirread.c,v 1.208 2017-04-27 15:46:22 erouault Exp $ */
+/* $Id: tif_dirread.c,v 1.209 2017-06-01 12:44:04 erouault Exp $ */
/*
* Copyright (c) 1988-1997 Sam Leffler
@@ -3580,6 +3580,10 @@ TIFFReadDirectory(TIFF* tif)
goto bad;
dp->tdir_tag=IGNORE;
break;
+ default:
+ if( !_TIFFCheckFieldIsValidForCodec(tif, dp->tdir_tag) )
+ dp->tdir_tag=IGNORE;
+ break;
}
}
}
From fe8d7165956b88df4837034a9161dc5fd20cf67a Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Mon, 26 Jun 2017 15:19:59 +0000
Subject: [PATCH] * libtiff/tif_jbig.c: fix memory leak in error code path of
JBIGDecode() Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2706 Reported
by team OWL337
* libtiff/tif_jpeg.c: error out at decoding time if anticipated libjpeg
---
ChangeLog | 8 +++++++-
libtiff/tif_jbig.c | 1 +
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index bc5096e7..ecd70534 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2017-06-26 Even Rouault <even.rouault at spatialys.com>
+
+ * libtiff/tif_jbig.c: fix memory leak in error code path of JBIGDecode()
+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2706
+ Reported by team OWL337
+
2017-06-01 Even Rouault <even.rouault at spatialys.com>
* libtiff/tif_dirinfo.c, tif_dirread.c: add _TIFFCheckFieldIsValidForCodec(),
diff --git a/libtiff/tif_jbig.c b/libtiff/tif_jbig.c
index 5f5f75e2..c75f31d9 100644
--- a/libtiff/tif_jbig.c
+++ b/libtiff/tif_jbig.c
@@ -94,6 +94,7 @@ static int JBIGDecode(TIFF* tif, uint8* buffer, tmsize_t size, uint16 s)
jbg_strerror(decodeStatus)
#endif
);
+ jbg_dec_free(&decoder);
return 0;
}
From 1077fad562e03d1cad591dd10163dd80ad63ab0e Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Fri, 30 Jun 2017 13:11:18 +0000
Subject: [PATCH] * libtiff/tif_read.c, tiffiop.h: add a
_TIFFReadEncodedStripAndAllocBuffer() function, variant of
TIFFReadEncodedStrip() that allocates the decoded buffer only after a first
successful TIFFFillStrip(). This avoids excessive memory allocation on
corrupted files. * libtiff/tif_getimage.c: use
_TIFFReadEncodedStripAndAllocBuffer(). Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2708 and
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2433 . Credit to OSS
Fuzz
---
ChangeLog | 11 +++++++
libtiff/tif_getimage.c | 59 ++++++++++++++++++++++----------------
libtiff/tif_read.c | 78 +++++++++++++++++++++++++++++++++++++++++++-------
libtiff/tiffiop.h | 5 ++++
4 files changed, 118 insertions(+), 35 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index c969f9e2..6f085e09 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2017-06-30 Even Rouault <even.rouault at spatialys.com>
+
+ * libtiff/tif_read.c, tiffiop.h: add a _TIFFReadEncodedStripAndAllocBuffer()
+ function, variant of TIFFReadEncodedStrip() that allocates the
+ decoded buffer only after a first successful TIFFFillStrip(). This avoids
+ excessive memory allocation on corrupted files.
+ * libtiff/tif_getimage.c: use _TIFFReadEncodedStripAndAllocBuffer().
+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2708 and
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2433 .
+ Credit to OSS Fuzz
+
2017-06-26 Even Rouault <even.rouault at spatialys.com>
* libtiff/tif_jbig.c: fix memory leak in error code path of JBIGDecode()
diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c
index cee8e930..cc6e8f30 100644
--- a/libtiff/tif_getimage.c
+++ b/libtiff/tif_getimage.c
@@ -905,26 +905,22 @@ gtStripContig(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h)
tileContigRoutine put = img->put.contig;
uint32 row, y, nrow, nrowsub, rowstoread;
tmsize_t pos;
- unsigned char* buf;
+ unsigned char* buf = NULL;
uint32 rowsperstrip;
uint16 subsamplinghor,subsamplingver;
uint32 imagewidth = img->width;
tmsize_t scanline;
int32 fromskew, toskew;
int ret = 1, flip;
+ tmsize_t maxstripsize;
TIFFGetFieldDefaulted(tif, TIFFTAG_YCBCRSUBSAMPLING, &subsamplinghor, &subsamplingver);
if( subsamplingver == 0 ) {
TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Invalid vertical YCbCr subsampling");
return (0);
}
-
- buf = (unsigned char*) _TIFFmalloc(TIFFStripSize(tif));
- if (buf == 0) {
- TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "No space for strip buffer");
- return (0);
- }
- _TIFFmemset(buf, 0, TIFFStripSize(tif));
+
+ maxstripsize = TIFFStripSize(tif);
flip = setorientation(img);
if (flip & FLIP_VERTICALLY) {
@@ -946,11 +942,12 @@ gtStripContig(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h)
nrowsub = nrow;
if ((nrowsub%subsamplingver)!=0)
nrowsub+=subsamplingver-nrowsub%subsamplingver;
- if (TIFFReadEncodedStrip(tif,
+ if (_TIFFReadEncodedStripAndAllocBuffer(tif,
TIFFComputeStrip(tif,row+img->row_offset, 0),
- buf,
+ (void**)(&buf),
+ maxstripsize,
((row + img->row_offset)%rowsperstrip + nrowsub) * scanline)==(tmsize_t)(-1)
- && img->stoponerr)
+ && (buf == NULL || img->stoponerr))
{
ret = 0;
break;
@@ -994,8 +991,8 @@ gtStripSeparate(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h)
{
TIFF* tif = img->tif;
tileSeparateRoutine put = img->put.separate;
- unsigned char *buf;
- unsigned char *p0, *p1, *p2, *pa;
+ unsigned char *buf = NULL;
+ unsigned char *p0 = NULL, *p1 = NULL, *p2 = NULL, *pa = NULL;
uint32 row, y, nrow, rowstoread;
tmsize_t pos;
tmsize_t scanline;
@@ -1014,15 +1011,6 @@ gtStripSeparate(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h)
TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer overflow in %s", "gtStripSeparate");
return (0);
}
- p0 = buf = (unsigned char *)_TIFFmalloc(bufsize);
- if (buf == 0) {
- TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "No space for tile buffer");
- return (0);
- }
- _TIFFmemset(buf, 0, bufsize);
- p1 = p0 + stripsize;
- p2 = p1 + stripsize;
- pa = (alpha?(p2+stripsize):NULL);
flip = setorientation(img);
if (flip & FLIP_VERTICALLY) {
@@ -1040,7 +1028,6 @@ gtStripSeparate(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h)
case PHOTOMETRIC_MINISBLACK:
case PHOTOMETRIC_PALETTE:
colorchannels = 1;
- p2 = p1 = p0;
break;
default:
@@ -1056,7 +1043,31 @@ gtStripSeparate(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h)
rowstoread = rowsperstrip - (row + img->row_offset) % rowsperstrip;
nrow = (row + rowstoread > h ? h - row : rowstoread);
offset_row = row + img->row_offset;
- if (TIFFReadEncodedStrip(tif, TIFFComputeStrip(tif, offset_row, 0),
+ if( buf == NULL )
+ {
+ if (_TIFFReadEncodedStripAndAllocBuffer(
+ tif, TIFFComputeStrip(tif, offset_row, 0),
+ (void**) &buf, bufsize,
+ ((row + img->row_offset)%rowsperstrip + nrow) * scanline)==(tmsize_t)(-1)
+ && (buf == NULL || img->stoponerr))
+ {
+ ret = 0;
+ break;
+ }
+ p0 = buf;
+ if( colorchannels == 1 )
+ {
+ p2 = p1 = p0;
+ pa = (alpha?(p0+3*stripsize):NULL);
+ }
+ else
+ {
+ p1 = p0 + stripsize;
+ p2 = p1 + stripsize;
+ pa = (alpha?(p2+stripsize):NULL);
+ }
+ }
+ else if (TIFFReadEncodedStrip(tif, TIFFComputeStrip(tif, offset_row, 0),
p0, ((row + img->row_offset)%rowsperstrip + nrow) * scanline)==(tmsize_t)(-1)
&& img->stoponerr)
{
diff --git a/libtiff/tif_read.c b/libtiff/tif_read.c
index fc0072e7..047305ab 100644
--- a/libtiff/tif_read.c
+++ b/libtiff/tif_read.c
@@ -442,18 +442,17 @@ TIFFReadScanline(TIFF* tif, void* buf, uint32 row, uint16 sample)
}
/*
- * Read a strip of data and decompress the specified
- * amount into the user-supplied buffer.
+ * Calculate the strip size according to the number of
+ * rows in the strip (check for truncated last strip on any
+ * of the separations).
*/
-tmsize_t
-TIFFReadEncodedStrip(TIFF* tif, uint32 strip, void* buf, tmsize_t size)
+static tmsize_t TIFFReadEncodedStripGetStripSize(TIFF* tif, uint32 strip, uint16* pplane)
{
static const char module[] = "TIFFReadEncodedStrip";
TIFFDirectory *td = &tif->tif_dir;
uint32 rowsperstrip;
uint32 stripsperplane;
uint32 stripinplane;
- uint16 plane;
uint32 rows;
tmsize_t stripsize;
if (!TIFFCheckRead(tif,0))
@@ -465,23 +464,37 @@ TIFFReadEncodedStrip(TIFF* tif, uint32 strip, void* buf, tmsize_t size)
(unsigned long)td->td_nstrips);
return((tmsize_t)(-1));
}
- /*
- * Calculate the strip size according to the number of
- * rows in the strip (check for truncated last strip on any
- * of the separations).
- */
+
rowsperstrip=td->td_rowsperstrip;
if (rowsperstrip>td->td_imagelength)
rowsperstrip=td->td_imagelength;
stripsperplane= TIFFhowmany_32_maxuint_compat(td->td_imagelength, rowsperstrip);
stripinplane=(strip%stripsperplane);
- plane=(uint16)(strip/stripsperplane);
+ if( pplane ) *pplane=(uint16)(strip/stripsperplane);
rows=td->td_imagelength-stripinplane*rowsperstrip;
if (rows>rowsperstrip)
rows=rowsperstrip;
stripsize=TIFFVStripSize(tif,rows);
if (stripsize==0)
return((tmsize_t)(-1));
+ return stripsize;
+}
+
+/*
+ * Read a strip of data and decompress the specified
+ * amount into the user-supplied buffer.
+ */
+tmsize_t
+TIFFReadEncodedStrip(TIFF* tif, uint32 strip, void* buf, tmsize_t size)
+{
+ static const char module[] = "TIFFReadEncodedStrip";
+ TIFFDirectory *td = &tif->tif_dir;
+ tmsize_t stripsize;
+ uint16 plane;
+
+ stripsize=TIFFReadEncodedStripGetStripSize(tif, strip, &plane);
+ if (stripsize==((tmsize_t)(-1)))
+ return((tmsize_t)(-1));
/* shortcut to avoid an extra memcpy() */
if( td->td_compression == COMPRESSION_NONE &&
@@ -510,6 +523,49 @@ TIFFReadEncodedStrip(TIFF* tif, uint32 strip, void* buf, tmsize_t size)
return(stripsize);
}
+/* Variant of TIFFReadEncodedStrip() that does
+ * * if *buf == NULL, *buf = _TIFFmalloc(bufsizetoalloc) only after TIFFFillStrip() has
+ * suceeded. This avoid excessive memory allocation in case of truncated
+ * file.
+ * * calls regular TIFFReadEncodedStrip() if *buf != NULL
+ */
+tmsize_t
+_TIFFReadEncodedStripAndAllocBuffer(TIFF* tif, uint32 strip,
+ void **buf, tmsize_t bufsizetoalloc,
+ tmsize_t size_to_read)
+{
+ tmsize_t this_stripsize;
+ uint16 plane;
+
+ if( *buf != NULL )
+ {
+ return TIFFReadEncodedStrip(tif, strip, *buf, size_to_read);
+ }
+
+ this_stripsize=TIFFReadEncodedStripGetStripSize(tif, strip, &plane);
+ if (this_stripsize==((tmsize_t)(-1)))
+ return((tmsize_t)(-1));
+
+ if ((size_to_read!=(tmsize_t)(-1))&&(size_to_read<this_stripsize))
+ this_stripsize=size_to_read;
+ if (!TIFFFillStrip(tif,strip))
+ return((tmsize_t)(-1));
+
+ *buf = _TIFFmalloc(bufsizetoalloc);
+ if (*buf == NULL) {
+ TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "No space for strip buffer");
+ return((tmsize_t)(-1));
+ }
+ _TIFFmemset(*buf, 0, bufsizetoalloc);
+
+ if ((*tif->tif_decodestrip)(tif,*buf,this_stripsize,plane)<=0)
+ return((tmsize_t)(-1));
+ (*tif->tif_postdecode)(tif,*buf,this_stripsize);
+ return(this_stripsize);
+
+
+}
+
static tmsize_t
TIFFReadRawStrip1(TIFF* tif, uint32 strip, void* buf, tmsize_t size,
const char* module)
diff --git a/libtiff/tiffiop.h b/libtiff/tiffiop.h
index 846ade03..7f0b90f7 100644
--- a/libtiff/tiffiop.h
+++ b/libtiff/tiffiop.h
@@ -365,6 +365,11 @@ extern void* _TIFFCheckRealloc(TIFF*, void*, tmsize_t, tmsize_t, const char*);
extern double _TIFFUInt64ToDouble(uint64);
extern float _TIFFUInt64ToFloat(uint64);
+extern tmsize_t
+_TIFFReadEncodedStripAndAllocBuffer(TIFF* tif, uint32 strip,
+ void **buf, tmsize_t bufsizetoalloc,
+ tmsize_t size_to_read);
+
extern int TIFFInitDumpMode(TIFF*, int);
#ifdef PACKBITS_SUPPORT
extern int TIFFInitPackBits(TIFF*, int);
From 6173a57d39e04d68b139f8c1aa499a24dbe74ba1 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Fri, 30 Jun 2017 17:29:44 +0000
Subject: [PATCH] * libtiff/tif_dirwrite.c: in
TIFFWriteDirectoryTagCheckedXXXX() functions associated with LONG8/SLONG8
data type, replace assertion that the file is BigTIFF, by a non-fatal error.
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2712 Reported by team
OWL337
---
ChangeLog | 8 ++++++++
libtiff/tif_dirwrite.c | 20 ++++++++++++++++----
2 files changed, 24 insertions(+), 4 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 6f085e09..77a64385 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,13 @@
2017-06-30 Even Rouault <even.rouault at spatialys.com>
+ * libtiff/tif_dirwrite.c: in TIFFWriteDirectoryTagCheckedXXXX()
+ functions associated with LONG8/SLONG8 data type, replace assertion that
+ the file is BigTIFF, by a non-fatal error.
+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2712
+ Reported by team OWL337
+
+2017-06-30 Even Rouault <even.rouault at spatialys.com>
+
* libtiff/tif_read.c, tiffiop.h: add a _TIFFReadEncodedStripAndAllocBuffer()
function, variant of TIFFReadEncodedStrip() that allocates the
decoded buffer only after a first successful TIFFFillStrip(). This avoids
diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
index 2967da58..8d6686ba 100644
--- a/libtiff/tif_dirwrite.c
+++ b/libtiff/tif_dirwrite.c
@@ -2111,7 +2111,10 @@ TIFFWriteDirectoryTagCheckedLong8(TIFF* tif, uint32* ndir, TIFFDirEntry* dir, ui
{
uint64 m;
assert(sizeof(uint64)==8);
- assert(tif->tif_flags&TIFF_BIGTIFF);
+ if( !(tif->tif_flags&TIFF_BIGTIFF) ) {
+ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","LONG8 not allowed for ClassicTIFF");
+ return(0);
+ }
m=value;
if (tif->tif_flags&TIFF_SWAB)
TIFFSwabLong8(&m);
@@ -2124,7 +2127,10 @@ TIFFWriteDirectoryTagCheckedLong8Array(TIFF* tif, uint32* ndir, TIFFDirEntry* di
{
assert(count<0x20000000);
assert(sizeof(uint64)==8);
- assert(tif->tif_flags&TIFF_BIGTIFF);
+ if( !(tif->tif_flags&TIFF_BIGTIFF) ) {
+ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","LONG8 not allowed for ClassicTIFF");
+ return(0);
+ }
if (tif->tif_flags&TIFF_SWAB)
TIFFSwabArrayOfLong8(value,count);
return(TIFFWriteDirectoryTagData(tif,ndir,dir,tag,TIFF_LONG8,count,count*8,value));
@@ -2136,7 +2142,10 @@ TIFFWriteDirectoryTagCheckedSlong8(TIFF* tif, uint32* ndir, TIFFDirEntry* dir, u
{
int64 m;
assert(sizeof(int64)==8);
- assert(tif->tif_flags&TIFF_BIGTIFF);
+ if( !(tif->tif_flags&TIFF_BIGTIFF) ) {
+ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","SLONG8 not allowed for ClassicTIFF");
+ return(0);
+ }
m=value;
if (tif->tif_flags&TIFF_SWAB)
TIFFSwabLong8((uint64*)(&m));
@@ -2149,7 +2158,10 @@ TIFFWriteDirectoryTagCheckedSlong8Array(TIFF* tif, uint32* ndir, TIFFDirEntry* d
{
assert(count<0x20000000);
assert(sizeof(int64)==8);
- assert(tif->tif_flags&TIFF_BIGTIFF);
+ if( !(tif->tif_flags&TIFF_BIGTIFF) ) {
+ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","SLONG8 not allowed for ClassicTIFF");
+ return(0);
+ }
if (tif->tif_flags&TIFF_SWAB)
TIFFSwabArrayOfLong8((uint64*)value,count);
return(TIFFWriteDirectoryTagData(tif,ndir,dir,tag,TIFF_SLONG8,count,count*8,value));
From 69bfeec247899776b1b396651adb47436e5f1556 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Sat, 15 Jul 2017 11:13:46 +0000
Subject: [PATCH] * tools/tiff2pdf.c: prevent heap buffer overflow write in
"Raw" mode on PlanarConfig=Contig input images. Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2715 Reported by team OWL337
---
ChangeLog | 7 +++++++
tools/tiff2pdf.c | 7 ++++++-
2 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index b4771234..1b5490f3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2017-07-15 Even Rouault <even.rouault at spatialys.com>
+
+ * tools/tiff2pdf.c: prevent heap buffer overflow write in "Raw"
+ mode on PlanarConfig=Contig input images.
+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2715
+ Reported by team OWL337
+
2017-06-30 Even Rouault <even.rouault at spatialys.com>
* libtiff/tif_dirwrite.c: in TIFFWriteDirectoryTagCheckedXXXX()
diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c
index db196e04..cd1e2358 100644
--- a/tools/tiff2pdf.c
+++ b/tools/tiff2pdf.c
@@ -1737,7 +1737,12 @@ void t2p_read_tiff_data(T2P* t2p, TIFF* input){
return;
t2p->pdf_transcode = T2P_TRANSCODE_ENCODE;
- if(t2p->pdf_nopassthrough==0){
+ /* It seems that T2P_TRANSCODE_RAW mode doesn't support separate->contig */
+ /* conversion. At least t2p_read_tiff_size and t2p_read_tiff_size_tile */
+ /* do not take into account the number of samples, and thus */
+ /* that can cause heap buffer overflows such as in */
+ /* http://bugzilla.maptools.org/show_bug.cgi?id=2715 */
+ if(t2p->pdf_nopassthrough==0 && t2p->tiff_planar!=PLANARCONFIG_SEPARATE){
#ifdef CCITT_SUPPORT
if(t2p->tiff_compression==COMPRESSION_CCITTFAX4
){
From dc02f9050311a90b3c0655147cee09bfa7081cfc Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Sat, 15 Jul 2017 13:23:09 +0000
Subject: [PATCH] * libtiff/tif_read.c: add protection against excessive memory
allocation attempts in TIFFReadDirEntryArray() on short files. Effective for
mmap'ed case. And non-mmap'ed case, but restricted to 64bit builds. Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2675
---
ChangeLog | 8 +++++
libtiff/tif_dirread.c | 89 ++++++++++++++++++++++++++++++++++++++++++++++++---
2 files changed, 92 insertions(+), 5 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 932ddee5..e8a2be5b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,13 @@
2017-07-15 Even Rouault <even.rouault at spatialys.com>
+ * libtiff/tif_read.c: add protection against excessive memory
+ allocation attempts in TIFFReadDirEntryArray() on short files.
+ Effective for mmap'ed case. And non-mmap'ed case, but restricted
+ to 64bit builds.
+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2675
+
+2017-07-15 Even Rouault <even.rouault at spatialys.com>
+
* tools/tiff2pdf.c: prevent heap buffer overflow write in "Raw"
mode on PlanarConfig=Contig input images.
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2715
diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
index 99ca5200..411d1a45 100644
--- a/libtiff/tif_dirread.c
+++ b/libtiff/tif_dirread.c
@@ -765,6 +765,65 @@ static enum TIFFReadDirEntryErr TIFFRead
}
}
+#define INITIAL_THRESHOLD (1024 * 1024)
+#define THRESHOLD_MULTIPLIER 10
+#define MAX_THRESHOLD (THRESHOLD_MULTIPLIER * THRESHOLD_MULTIPLIER * THRESHOLD_MULTIPLIER * INITIAL_THRESHOLD)
+
+static enum TIFFReadDirEntryErr TIFFReadDirEntryDataAndRealloc(
+ TIFF* tif, uint64 offset, tmsize_t size, void** pdest)
+{
+#if SIZEOF_VOIDP == 8 || SIZEOF_SIZE_T == 8
+ tmsize_t threshold = INITIAL_THRESHOLD;
+#endif
+ tmsize_t already_read = 0;
+
+ assert( !isMapped(tif) );
+
+ if (!SeekOK(tif,offset))
+ return(TIFFReadDirEntryErrIo);
+
+ /* On 64 bit processes, read first a maximum of 1 MB, then 10 MB, etc */
+ /* so as to avoid allocating too much memory in case the file is too */
+ /* short. We could ask for the file size, but this might be */
+ /* expensive with some I/O layers (think of reading a gzipped file) */
+ /* Restrict to 64 bit processes, so as to avoid reallocs() */
+ /* on 32 bit processes where virtual memory is scarce. */
+ while( already_read < size )
+ {
+ void* new_dest;
+ tmsize_t bytes_read;
+ tmsize_t to_read = size - already_read;
+#if SIZEOF_VOIDP == 8 || SIZEOF_SIZE_T == 8
+ if( to_read >= threshold && threshold < MAX_THRESHOLD )
+ {
+ to_read = threshold;
+ threshold *= THRESHOLD_MULTIPLIER;
+ }
+#endif
+
+ new_dest = (uint8*) _TIFFrealloc(
+ *pdest, already_read + to_read);
+ if( new_dest == NULL )
+ {
+ TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
+ "Failed to allocate memory for %s "
+ "(%ld elements of %ld bytes each)",
+ "TIFFReadDirEntryArray",
+ (long) 1, (long) already_read + to_read);
+ return TIFFReadDirEntryErrAlloc;
+ }
+ *pdest = new_dest;
+
+ bytes_read = TIFFReadFile(tif,
+ (char*)*pdest + already_read, to_read);
+ already_read += bytes_read;
+ if (bytes_read != to_read) {
+ return TIFFReadDirEntryErrIo;
+ }
+ }
+ return TIFFReadDirEntryErrOk;
+}
+
static enum TIFFReadDirEntryErr TIFFReadDirEntryArray(TIFF* tif, TIFFDirEntry* direntry, uint32* count, uint32 desttypesize, void** value)
{
int typesize;
@@ -791,9 +851,22 @@ static enum TIFFReadDirEntryErr TIFFReadDirEntryArrayWithLimit(
*count=(uint32)direntry->tdir_count;
datasize=(*count)*typesize;
assert((tmsize_t)datasize>0);
- data=_TIFFCheckMalloc(tif, *count, typesize, "ReadDirEntryArray");
- if (data==0)
- return(TIFFReadDirEntryErrAlloc);
+
+ if( isMapped(tif) && datasize > tif->tif_size )
+ return TIFFReadDirEntryErrIo;
+
+ if( !isMapped(tif) &&
+ (((tif->tif_flags&TIFF_BIGTIFF) && datasize > 8) ||
+ (!(tif->tif_flags&TIFF_BIGTIFF) && datasize > 4)) )
+ {
+ data = NULL;
+ }
+ else
+ {
+ data=_TIFFCheckMalloc(tif, *count, typesize, "ReadDirEntryArray");
+ if (data==0)
+ return(TIFFReadDirEntryErrAlloc);
+ }
if (!(tif->tif_flags&TIFF_BIGTIFF))
{
if (datasize<=4)
@@ -804,7 +877,10 @@ static enum TIFFReadDirEntryErr TIFFReadDirEntryArrayWithLimit(
uint32 offset = direntry->tdir_offset.toff_long;
if (tif->tif_flags&TIFF_SWAB)
TIFFSwabLong(&offset);
- err=TIFFReadDirEntryData(tif,(uint64)offset,(tmsize_t)datasize,data);
+ if( isMapped(tif) )
+ err=TIFFReadDirEntryData(tif,(uint64)offset,(tmsize_t)datasize,data);
+ else
+ err=TIFFReadDirEntryDataAndRealloc(tif,(uint64)offset,(tmsize_t)datasize,&data);
if (err!=TIFFReadDirEntryErrOk)
{
_TIFFfree(data);
@@ -822,7 +898,10 @@ static enum TIFFReadDirEntryErr TIFFReadDirEntryArrayWithLimit(
uint64 offset = direntry->tdir_offset.toff_long8;
if (tif->tif_flags&TIFF_SWAB)
TIFFSwabLong8(&offset);
- err=TIFFReadDirEntryData(tif,offset,(tmsize_t)datasize,data);
+ if( isMapped(tif) )
+ err=TIFFReadDirEntryData(tif,(uint64)offset,(tmsize_t)datasize,data);
+ else
+ err=TIFFReadDirEntryDataAndRealloc(tif,(uint64)offset,(tmsize_t)datasize,&data);
if (err!=TIFFReadDirEntryErrOk)
{
_TIFFfree(data);
From f91ca83a21a6a583050e5a5755ce1441b2bf1d7e Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Wed, 23 Aug 2017 13:21:41 +0000
Subject: [PATCH] * libtiff/tif_dirwrite.c: replace assertion related to not
finding the SubIFD tag by runtime check. Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2727 Reported by team OWL337
---
ChangeLog | 7 +++++++
libtiff/tif_dirwrite.c | 7 ++++++-
2 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index 3da2b704..87554768 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2017-08-23 Even Rouault <even.rouault at spatialys.com>
+
+ * libtiff/tif_dirwrite.c: replace assertion related to not finding the
+ SubIFD tag by runtime check.
+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2727
+ Reported by team OWL337
+
2017-07-15 Even Rouault <even.rouault at spatialys.com>
* libtiff/tif_read.c: add protection against excessive memory
diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
index 38edb3fb..a85f0627 100644
--- a/libtiff/tif_dirwrite.c
+++ b/libtiff/tif_dirwrite.c
@@ -821,7 +821,12 @@ TIFFWriteDirectorySec(TIFF* tif, int isimage, int imagedone, uint64* pdiroff)
TIFFDirEntry* nb;
for (na=0, nb=dir; ; na++, nb++)
{
- assert(na<ndir);
+ if( na == ndir )
+ {
+ TIFFErrorExt(tif->tif_clientdata,module,
+ "Cannot find SubIFD tag");
+ goto bad;
+ }
if (nb->tdir_tag==TIFFTAG_SUBIFD)
break;
}
From b6af137bf9ef852f1a48a50a5afb88f9e9da01cc Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Wed, 23 Aug 2017 13:33:42 +0000
Subject: [PATCH] * libtiff/tif_dirwrite.c: replace assertion to tag value not
fitting on uint32 when selecting the value of SubIFD tag by runtime check (in
TIFFWriteDirectoryTagSubifd()). Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2728 Reported by team OWL337
SubIFD tag by runtime check (in TIFFWriteDirectorySec())
---
ChangeLog | 10 +++++++++-
libtiff/tif_dirwrite.c | 9 ++++++++-
2 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 87554768..58d5e0cc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,7 +1,15 @@
+2017-08-23 Even Rouault <even.rouault at spatialys.com>
+
+ * libtiff/tif_dirwrite.c: replace assertion to tag value not fitting
+ on uint32 when selecting the value of SubIFD tag by runtime check
+ (in TIFFWriteDirectoryTagSubifd()).
+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2728
+ Reported by team OWL337
+
2017-08-23 Even Rouault <even.rouault at spatialys.com>
* libtiff/tif_dirwrite.c: replace assertion related to not finding the
- SubIFD tag by runtime check.
+ SubIFD tag by runtime check (in TIFFWriteDirectorySec())
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2727
Reported by team OWL337
diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
index a85f0627..cad0a498 100644
--- a/libtiff/tif_dirwrite.c
+++ b/libtiff/tif_dirwrite.c
@@ -1949,7 +1949,14 @@ TIFFWriteDirectoryTagSubifd(TIFF* tif, uint32* ndir, TIFFDirEntry* dir)
for (p=0; p < tif->tif_dir.td_nsubifd; p++)
{
assert(pa != 0);
- assert(*pa <= 0xFFFFFFFFUL);
+
+ /* Could happen if an classicTIFF has a SubIFD of type LONG8 (which is illegal) */
+ if( *pa > 0xFFFFFFFFUL)
+ {
+ TIFFErrorExt(tif->tif_clientdata,module,"Illegal value for SubIFD tag");
+ _TIFFfree(o);
+ return(0);
+ }
*pb++=(uint32)(*pa++);
}
n=TIFFWriteDirectoryTagCheckedIfdArray(tif,ndir,dir,TIFFTAG_SUBIFD,tif->tif_dir.td_nsubifd,o);
From c6f41df7b581402dfba3c19a1e3df4454c551a01 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Sun, 31 Dec 2017 15:09:41 +0100
Subject: [PATCH] libtiff/tif_print.c: TIFFPrintDirectory(): fix null pointer dereference on corrupted file. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2770
---
libtiff/tif_print.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/libtiff/tif_print.c b/libtiff/tif_print.c
index 9959d35..8deceb2 100644
--- a/libtiff/tif_print.c
+++ b/libtiff/tif_print.c
@@ -667,13 +667,13 @@ TIFFPrintDirectory(TIFF* tif, FILE* fd, long flags)
#if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
fprintf(fd, " %3lu: [%8I64u, %8I64u]\n",
(unsigned long) s,
- (unsigned __int64) td->td_stripoffset[s],
- (unsigned __int64) td->td_stripbytecount[s]);
+ td->td_stripoffset ? (unsigned __int64) td->td_stripoffset[s] : 0,
+ td->td_stripbytecount ? (unsigned __int64) td->td_stripbytecount[s] : 0);
#else
fprintf(fd, " %3lu: [%8llu, %8llu]\n",
(unsigned long) s,
- (unsigned long long) td->td_stripoffset[s],
- (unsigned long long) td->td_stripbytecount[s]);
+ td->td_stripoffset ? (unsigned long long) td->td_stripoffset[s] : 0,
+ td->td_stripbytecount ? (unsigned long long) td->td_stripbytecount[s] : 0);
#endif
}
}
--
libgit2 0.26.0
diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c
index 2ccaf44..cbf2b69 100644
--- a/libtiff/tif_dir.c
+++ b/libtiff/tif_dir.c
@@ -1065,6 +1065,9 @@ _TIFFVGetField(TIFF* tif, uint32 tag, va_list ap)
if (td->td_samplesperpixel - td->td_extrasamples > 1) {
*va_arg(ap, uint16**) = td->td_transferfunction[1];
*va_arg(ap, uint16**) = td->td_transferfunction[2];
+ } else {
+ *va_arg(ap, uint16**) = NULL;
+ *va_arg(ap, uint16**) = NULL;
}
break;
case TIFFTAG_REFERENCEBLACKWHITE:
diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c
index d1a9b09..484776c 100644
--- a/tools/tiff2pdf.c
+++ b/tools/tiff2pdf.c
@@ -237,7 +237,7 @@ typedef struct {
float tiff_whitechromaticities[2];
float tiff_primarychromaticities[6];
float tiff_referenceblackwhite[2];
- float* tiff_transferfunction[3];
+ uint16* tiff_transferfunction[3];
int pdf_image_interpolate; /* 0 (default) : do not interpolate,
1 : interpolate */
uint16 tiff_transferfunctioncount;
@@ -1047,6 +1047,8 @@ void t2p_read_tiff_init(T2P* t2p, TIFF* input){
uint16 pagen=0;
uint16 paged=0;
uint16 xuint16=0;
+ uint16 tiff_transferfunctioncount=0;
+ uint16* tiff_transferfunction[3];
directorycount=TIFFNumberOfDirectories(input);
t2p->tiff_pages = (T2P_PAGE*) _TIFFmalloc(TIFFSafeMultiply(tmsize_t,directorycount,sizeof(T2P_PAGE)));
@@ -1147,26 +1149,48 @@ void t2p_read_tiff_init(T2P* t2p, TIFF* input){
}
#endif
if (TIFFGetField(input, TIFFTAG_TRANSFERFUNCTION,
- &(t2p->tiff_transferfunction[0]),
- &(t2p->tiff_transferfunction[1]),
- &(t2p->tiff_transferfunction[2]))) {
- if((t2p->tiff_transferfunction[1] != (float*) NULL) &&
- (t2p->tiff_transferfunction[2] != (float*) NULL) &&
- (t2p->tiff_transferfunction[1] !=
- t2p->tiff_transferfunction[0])) {
- t2p->tiff_transferfunctioncount = 3;
- t2p->tiff_pages[i].page_extra += 4;
- t2p->pdf_xrefcount += 4;
- } else {
- t2p->tiff_transferfunctioncount = 1;
- t2p->tiff_pages[i].page_extra += 2;
- t2p->pdf_xrefcount += 2;
- }
- if(t2p->pdf_minorversion < 2)
- t2p->pdf_minorversion = 2;
+ &(tiff_transferfunction[0]),
+ &(tiff_transferfunction[1]),
+ &(tiff_transferfunction[2]))) {
+
+ if((tiff_transferfunction[1] != (uint16*) NULL) &&
+ (tiff_transferfunction[2] != (uint16*) NULL)
+ ) {
+ tiff_transferfunctioncount=3;
+ } else {
+ tiff_transferfunctioncount=1;
+ }
} else {
- t2p->tiff_transferfunctioncount=0;
+ tiff_transferfunctioncount=0;
}
+
+ if (i > 0){
+ if (tiff_transferfunctioncount != t2p->tiff_transferfunctioncount){
+ TIFFError(
+ TIFF2PDF_MODULE,
+ "Different transfer function on page %d",
+ i);
+ t2p->t2p_error = T2P_ERR_ERROR;
+ return;
+ }
+ }
+
+ t2p->tiff_transferfunctioncount = tiff_transferfunctioncount;
+ t2p->tiff_transferfunction[0] = tiff_transferfunction[0];
+ t2p->tiff_transferfunction[1] = tiff_transferfunction[1];
+ t2p->tiff_transferfunction[2] = tiff_transferfunction[2];
+ if(tiff_transferfunctioncount == 3){
+ t2p->tiff_pages[i].page_extra += 4;
+ t2p->pdf_xrefcount += 4;
+ if(t2p->pdf_minorversion < 2)
+ t2p->pdf_minorversion = 2;
+ } else if (tiff_transferfunctioncount == 1){
+ t2p->tiff_pages[i].page_extra += 2;
+ t2p->pdf_xrefcount += 2;
+ if(t2p->pdf_minorversion < 2)
+ t2p->pdf_minorversion = 2;
+ }
+
if( TIFFGetField(
input,
TIFFTAG_ICCPROFILE,
@@ -1827,10 +1851,9 @@ void t2p_read_tiff_data(T2P* t2p, TIFF* input){
&(t2p->tiff_transferfunction[0]),
&(t2p->tiff_transferfunction[1]),
&(t2p->tiff_transferfunction[2]))) {
- if((t2p->tiff_transferfunction[1] != (float*) NULL) &&
- (t2p->tiff_transferfunction[2] != (float*) NULL) &&
- (t2p->tiff_transferfunction[1] !=
- t2p->tiff_transferfunction[0])) {
+ if((t2p->tiff_transferfunction[1] != (uint16*) NULL) &&
+ (t2p->tiff_transferfunction[2] != (uint16*) NULL)
+ ) {
t2p->tiff_transferfunctioncount=3;
} else {
t2p->tiff_transferfunctioncount=1;
From 3719385a3fac5cfb20b487619a5f08abbf967cf8 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Sun, 11 Mar 2018 11:14:01 +0100
Subject: [PATCH] ChopUpSingleUncompressedStrip: avoid memory exhaustion (CVE-2017-11613)
In ChopUpSingleUncompressedStrip(), if the computed number of strips is big
enough and we are in read only mode, validate that the file size is consistent
with that number of strips to avoid useless attempts at allocating a lot of
memory for the td_stripbytecount and td_stripoffset arrays.
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2724
---
libtiff/tif_dirread.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
index 3fc0c8e..1a3259c 100644
--- a/libtiff/tif_dirread.c
+++ b/libtiff/tif_dirread.c
@@ -5653,6 +5653,17 @@ ChopUpSingleUncompressedStrip(TIFF* tif)
if( nstrips == 0 )
return;
+ /* If we are going to allocate a lot of memory, make sure that the */
+ /* file is as big as needed */
+ if( tif->tif_mode == O_RDONLY &&
+ nstrips > 1000000 &&
+ (tif->tif_dir.td_stripoffset[0] >= TIFFGetFileSize(tif) ||
+ tif->tif_dir.td_stripbytecount[0] >
+ TIFFGetFileSize(tif) - tif->tif_dir.td_stripoffset[0]) )
+ {
+ return;
+ }
+
newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
"for chopped \"StripByteCounts\" array");
newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
--
libgit2 0.27.0
From 7a092f8af2568d61993a8cc2e7a35a998d7d37be Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Sat, 17 Mar 2018 09:36:29 +0100
Subject: [PATCH] ChopUpSingleUncompressedStrip: avoid memory exhaustion (CVE-2017-11613)
Rework fix done in 3719385a3fac5cfb20b487619a5f08abbf967cf8 to work in more
cases like https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6979.
Credit to OSS Fuzz
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2724
---
libtiff/tif_dirread.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
index 1a3259c..6baa7b3 100644
--- a/libtiff/tif_dirread.c
+++ b/libtiff/tif_dirread.c
@@ -5657,9 +5657,8 @@ ChopUpSingleUncompressedStrip(TIFF* tif)
/* file is as big as needed */
if( tif->tif_mode == O_RDONLY &&
nstrips > 1000000 &&
- (tif->tif_dir.td_stripoffset[0] >= TIFFGetFileSize(tif) ||
- tif->tif_dir.td_stripbytecount[0] >
- TIFFGetFileSize(tif) - tif->tif_dir.td_stripoffset[0]) )
+ (offset >= TIFFGetFileSize(tif) ||
+ stripbytes > (TIFFGetFileSize(tif) - offset) / (nstrips - 1)) )
{
return;
}
--
libgit2 0.27.0
From be4c85b16e8801a16eec25e80eb9f3dd6a96731b Mon Sep 17 00:00:00 2001
From: Hugo Lefeuvre <hle@debian.org>
Date: Sun, 8 Apr 2018 14:07:08 -0400
Subject: [PATCH] Fix NULL pointer dereference in TIFFPrintDirectory
The TIFFPrintDirectory function relies on the following assumptions,
supposed to be guaranteed by the specification:
(a) A Transfer Function field is only present if the TIFF file has
photometric type < 3.
(b) If SamplesPerPixel > Color Channels, then the ExtraSamples field
has count SamplesPerPixel - (Color Channels) and contains
information about supplementary channels.
While respect of (a) and (b) are essential for the well functioning of
TIFFPrintDirectory, no checks are realized neither by the callee nor
by TIFFPrintDirectory itself. Hence, following scenarios might happen
and trigger the NULL pointer dereference:
(1) TIFF File of photometric type 4 or more has illegal Transfer
Function field.
(2) TIFF File has photometric type 3 or less and defines a
SamplesPerPixel field such that SamplesPerPixel > Color Channels
without defining all extra samples in the ExtraSamples fields.
In this patch, we address both issues with respect of the following
principles:
(A) In the case of (1), the defined transfer table should be printed
safely even if it isn't 'legal'. This allows us to avoid expensive
checks in TIFFPrintDirectory. Also, it is quite possible that
an alternative photometric type would be developed (not part of the
standard) and would allow definition of Transfer Table. We want
libtiff to be able to handle this scenario out of the box.
(B) In the case of (2), the transfer table should be printed at its
right size, that is if TIFF file has photometric type Palette
then the transfer table should have one row and not three, even
if two extra samples are declared.
In order to fulfill (A) we simply add a new 'i < 3' end condition to
the broken TIFFPrintDirectory loop. This makes sure that in any case
where (b) would be respected but not (a), everything stays fine.
(B) is fulfilled by the loop condition
'i < td->td_samplesperpixel - td->td_extrasamples'. This is enough as
long as (b) is respected.
Naturally, we also make sure (b) is respected. This is done in the
TIFFReadDirectory function by making sure any non-color channel is
counted in ExtraSamples.
This commit addresses CVE-2018-7456.
---
libtiff/tif_dirread.c | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
libtiff/tif_print.c | 2 +-
2 files changed, 63 insertions(+), 1 deletion(-)
diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
index 6baa7b3..af5b84a 100644
--- a/libtiff/tif_dirread.c
+++ b/libtiff/tif_dirread.c
@@ -166,6 +166,7 @@ static int TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32 nstrips, uin
static int TIFFFetchSubjectDistance(TIFF*, TIFFDirEntry*);
static void ChopUpSingleUncompressedStrip(TIFF*);
static uint64 TIFFReadUInt64(const uint8 *value);
+static int _TIFFGetMaxColorChannels(uint16 photometric);
static int _TIFFFillStrilesInternal( TIFF *tif, int loadStripByteCount );
@@ -3484,6 +3485,35 @@ static void TIFFReadDirEntryOutputErr(TIFF* tif, enum TIFFReadDirEntryErr err, c
}
/*
+ * Return the maximum number of color channels specified for a given photometric
+ * type. 0 is returned if photometric type isn't supported or no default value
+ * is defined by the specification.
+ */
+static int _TIFFGetMaxColorChannels( uint16 photometric )
+{
+ switch (photometric) {
+ case PHOTOMETRIC_PALETTE:
+ case PHOTOMETRIC_MINISWHITE:
+ case PHOTOMETRIC_MINISBLACK:
+ return 1;
+ case PHOTOMETRIC_YCBCR:
+ case PHOTOMETRIC_RGB:
+ case PHOTOMETRIC_CIELAB:
+ return 3;
+ case PHOTOMETRIC_SEPARATED:
+ case PHOTOMETRIC_MASK:
+ return 4;
+ case PHOTOMETRIC_LOGL:
+ case PHOTOMETRIC_LOGLUV:
+ case PHOTOMETRIC_CFA:
+ case PHOTOMETRIC_ITULAB:
+ case PHOTOMETRIC_ICCLAB:
+ default:
+ return 0;
+ }
+}
+
+/*
* Read the next TIFF directory from a file and convert it to the internal
* format. We read directories sequentially.
*/
@@ -3499,6 +3529,7 @@ TIFFReadDirectory(TIFF* tif)
uint32 fii=FAILED_FII;
toff_t nextdiroff;
int bitspersample_read = FALSE;
+ int color_channels;
tif->tif_diroff=tif->tif_nextdiroff;
if (!TIFFCheckDirOffset(tif,tif->tif_nextdiroff))
@@ -4003,6 +4034,37 @@ TIFFReadDirectory(TIFF* tif)
}
}
}
+
+ /*
+ * Make sure all non-color channels are extrasamples.
+ * If it's not the case, define them as such.
+ */
+ color_channels = _TIFFGetMaxColorChannels(tif->tif_dir.td_photometric);
+ if (color_channels && tif->tif_dir.td_samplesperpixel - tif->tif_dir.td_extrasamples > color_channels) {
+ uint16 old_extrasamples;
+ uint16 *new_sampleinfo;
+
+ TIFFWarningExt(tif->tif_clientdata,module, "Sum of Photometric type-related "
+ "color channels and ExtraSamples doesn't match SamplesPerPixel. "
+ "Defining non-color channels as ExtraSamples.");
+
+ old_extrasamples = tif->tif_dir.td_extrasamples;
+ tif->tif_dir.td_extrasamples = (tif->tif_dir.td_samplesperpixel - color_channels);
+
+ // sampleinfo should contain information relative to these new extra samples
+ new_sampleinfo = (uint16*) _TIFFcalloc(tif->tif_dir.td_extrasamples, sizeof(uint16));
+ if (!new_sampleinfo) {
+ TIFFErrorExt(tif->tif_clientdata, module, "Failed to allocate memory for "
+ "temporary new sampleinfo array (%d 16 bit elements)",
+ tif->tif_dir.td_extrasamples);
+ goto bad;
+ }
+
+ memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16));
+ _TIFFsetShortArray(&tif->tif_dir.td_sampleinfo, new_sampleinfo, tif->tif_dir.td_extrasamples);
+ _TIFFfree(new_sampleinfo);
+ }
+
/*
* Verify Palette image has a Colormap.
*/
diff --git a/libtiff/tif_print.c b/libtiff/tif_print.c
index 8deceb2..1d86adb 100644
--- a/libtiff/tif_print.c
+++ b/libtiff/tif_print.c
@@ -546,7 +546,7 @@ TIFFPrintDirectory(TIFF* tif, FILE* fd, long flags)
uint16 i;
fprintf(fd, " %2ld: %5u",
l, td->td_transferfunction[0][l]);
- for (i = 1; i < td->td_samplesperpixel; i++)
+ for (i = 1; i < td->td_samplesperpixel - td->td_extrasamples && i < 3; i++)
fprintf(fd, " %5u",
td->td_transferfunction[i][l]);
fputc('\n', fd);
--
libgit2 0.27.0
From 9171da596c88e6a2dadcab4a3a89dddd6e1b4655 Mon Sep 17 00:00:00 2001
From: Nathan Baker <elitebadger@gmail.com>
Date: Thu, 25 Jan 2018 21:28:15 +0000
Subject: [PATCH] Add workaround to pal2rgb buffer overflow.
---
tools/pal2rgb.c | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/tools/pal2rgb.c b/tools/pal2rgb.c
index 0423598..01fcf94 100644
--- a/tools/pal2rgb.c
+++ b/tools/pal2rgb.c
@@ -184,8 +184,21 @@ main(int argc, char* argv[])
{ unsigned char *ibuf, *obuf;
register unsigned char* pp;
register uint32 x;
- ibuf = (unsigned char*)_TIFFmalloc(TIFFScanlineSize(in));
- obuf = (unsigned char*)_TIFFmalloc(TIFFScanlineSize(out));
+ tmsize_t tss_in = TIFFScanlineSize(in);
+ tmsize_t tss_out = TIFFScanlineSize(out);
+ if (tss_out / tss_in < 3) {
+ /*
+ * BUG 2750: The following code does not know about chroma
+ * subsampling of JPEG data. It assumes that the output buffer is 3x
+ * the length of the input buffer due to exploding the palette into
+ * RGB tuples. If this assumption is incorrect, it could lead to a
+ * buffer overflow. Go ahead and fail now to prevent that.
+ */
+ fprintf(stderr, "Could not determine correct image size for output. Exiting.\n");
+ return -1;
+ }
+ ibuf = (unsigned char*)_TIFFmalloc(tss_in);
+ obuf = (unsigned char*)_TIFFmalloc(tss_out);
switch (config) {
case PLANARCONFIG_CONTIG:
for (row = 0; row < imagelength; row++) {
--
libgit2 0.27.0
From 681748ec2f5ce88da5f9fa6831e1653e46af8a66 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Sun, 14 Oct 2018 16:38:29 +0200
Subject: [PATCH] JBIG: fix potential out-of-bounds write in JBIGDecode()
JBIGDecode doesn't check if the user provided buffer is large enough
to store the JBIG decoded image, which can potentially cause out-of-bounds
write in the buffer.
This issue was reported and analyzed by Thomas Dullien.
Also fixes a (harmless) potential use of uninitialized memory when
tif->tif_rawsize > tif->tif_rawcc
And in case libtiff is compiled with CHUNKY_STRIP_READ_SUPPORT, make sure
that whole strip data is provided to JBIGDecode()
Index: tiff-4.0.8/libtiff/tif_jbig.c
===================================================================
--- tiff-4.0.8.orig/libtiff/tif_jbig.c 2018-10-25 15:35:44.812533616 +0200
+++ tiff-4.0.8/libtiff/tif_jbig.c 2018-10-25 15:35:44.804533616 +0200
@@ -53,17 +53,18 @@
struct jbg_dec_state decoder;
int decodeStatus = 0;
unsigned char* pImage = NULL;
- (void) size, (void) s;
+ unsigned long decodedSize;
+ (void) s;
if (isFillOrder(tif, tif->tif_dir.td_fillorder))
{
- TIFFReverseBits(tif->tif_rawdata, tif->tif_rawdatasize);
+ TIFFReverseBits(tif->tif_rawcp, tif->tif_rawcc);
}
jbg_dec_init(&decoder);
#if defined(HAVE_JBG_NEWLEN)
- jbg_newlen(tif->tif_rawdata, (size_t)tif->tif_rawdatasize);
+ jbg_newlen(tif->tif_rawcp, (size_t)tif->tif_rawcc);
/*
* I do not check the return status of jbg_newlen because even if this
* function fails it does not necessarily mean that decoding the image
@@ -76,8 +77,8 @@
*/
#endif /* HAVE_JBG_NEWLEN */
- decodeStatus = jbg_dec_in(&decoder, (unsigned char*)tif->tif_rawdata,
- (size_t)tif->tif_rawdatasize, NULL);
+ decodeStatus = jbg_dec_in(&decoder, (unsigned char*)tif->tif_rawcp,
+ (size_t)tif->tif_rawcc, NULL);
if (JBG_EOK != decodeStatus)
{
/*
@@ -98,9 +99,28 @@
return 0;
}
+ decodedSize = jbg_dec_getsize(&decoder);
+ if( (tmsize_t)decodedSize < size )
+ {
+ TIFFWarningExt(tif->tif_clientdata, "JBIG",
+ "Only decoded %lu bytes, whereas %lu requested",
+ decodedSize, (unsigned long)size);
+ }
+ else if( (tmsize_t)decodedSize > size )
+ {
+ TIFFErrorExt(tif->tif_clientdata, "JBIG",
+ "Decoded %lu bytes, whereas %lu were requested",
+ decodedSize, (unsigned long)size);
+ jbg_dec_free(&decoder);
+ return 0;
+ }
pImage = jbg_dec_getimage(&decoder, 0);
- _TIFFmemcpy(buffer, pImage, jbg_dec_getsize(&decoder));
+ _TIFFmemcpy(buffer, pImage, decodedSize);
jbg_dec_free(&decoder);
+
+ tif->tif_rawcp += tif->tif_rawcc;
+ tif->tif_rawcc = 0;
+
return 1;
}
Index: tiff-4.0.8/libtiff/tif_read.c
===================================================================
--- tiff-4.0.8.orig/libtiff/tif_read.c 2018-10-25 15:30:38.184542808 +0200
+++ tiff-4.0.8/libtiff/tif_read.c 2018-10-25 15:36:32.076532199 +0200
@@ -329,6 +329,12 @@
return 0;
whole_strip = tif->tif_dir.td_stripbytecount[strip] < 10
|| isMapped(tif);
+ if( td->td_compression == COMPRESSION_JBIG )
+ {
+ /* Ideally plugins should have a way to declare they don't support
+ * chunk strip */
+ whole_strip = 1;
+ }
#else
whole_strip = 1;
#endif
From 473851d211cf8805a161820337ca74cc9615d6ef Mon Sep 17 00:00:00 2001
From: Nathan Baker <nathanb@lenovo-chrome.com>
Date: Tue, 6 Feb 2018 10:13:57 -0500
Subject: [PATCH] Fix for bug 2772
It is possible to craft a TIFF document where the IFD list is circular,
leading to an infinite loop while traversing the chain. The libtiff
directory reader has a failsafe that will break out of this loop after
reading 65535 directory entries, but it will continue processing,
consuming time and resources to process what is essentially a bogus TIFF
document.
This change fixes the above behavior by breaking out of processing when
a TIFF document has >= 65535 directories and terminating with an error.
---
contrib/addtiffo/tif_overview.c | 14 +++++++++++++-
tools/tiff2pdf.c | 10 ++++++++++
tools/tiffcrop.c | 13 +++++++++++--
3 files changed, 34 insertions(+), 3 deletions(-)
Index: tiff-4.0.8/contrib/addtiffo/tif_overview.c
===================================================================
--- tiff-4.0.8.orig/contrib/addtiffo/tif_overview.c 2018-10-28 12:17:34.733012009 +0100
+++ tiff-4.0.8/contrib/addtiffo/tif_overview.c 2018-10-28 12:17:34.721012009 +0100
@@ -65,6 +65,8 @@
# define MAX(a,b) ((a>b) ? a : b)
#endif
+#define TIFF_DIR_MAX 65534
+
void TIFFBuildOverviews( TIFF *, int, int *, int, const char *,
int (*)(double,void*), void * );
@@ -91,6 +93,7 @@
{
toff_t nBaseDirOffset;
toff_t nOffset;
+ tdir_t iNumDir;
(void) bUseSubIFDs;
@@ -147,7 +150,16 @@
return 0;
TIFFWriteDirectory( hTIFF );
- TIFFSetDirectory( hTIFF, (tdir_t) (TIFFNumberOfDirectories(hTIFF)-1) );
+ iNumDir = TIFFNumberOfDirectories(hTIFF);
+ if( iNumDir > TIFF_DIR_MAX )
+ {
+ TIFFErrorExt( TIFFClientdata(hTIFF),
+ "TIFF_WriteOverview",
+ "File `%s' has too many directories.\n",
+ TIFFFileName(hTIFF) );
+ exit(-1);
+ }
+ TIFFSetDirectory( hTIFF, (tdir_t) (iNumDir - 1) );
nOffset = TIFFCurrentDirOffset( hTIFF );
Index: tiff-4.0.8/tools/tiff2pdf.c
===================================================================
--- tiff-4.0.8.orig/tools/tiff2pdf.c 2018-10-28 12:17:34.733012009 +0100
+++ tiff-4.0.8/tools/tiff2pdf.c 2018-10-28 12:19:07.665009223 +0100
@@ -68,6 +68,8 @@
#define PS_UNIT_SIZE 72.0F
+#define TIFF_DIR_MAX 65534
+
/* This type is of PDF color spaces. */
typedef enum {
T2P_CS_BILEVEL = 0x01, /* Bilevel, black and white */
@@ -1051,6 +1053,14 @@
uint16* tiff_transferfunction[3];
directorycount=TIFFNumberOfDirectories(input);
+ if(directorycount > TIFF_DIR_MAX) {
+ TIFFError(
+ TIFF2PDF_MODULE,
+ "TIFF contains too many directories, %s",
+ TIFFFileName(input));
+ t2p->t2p_error = T2P_ERR_ERROR;
+ return;
+ }
t2p->tiff_pages = (T2P_PAGE*) _TIFFmalloc(TIFFSafeMultiply(tmsize_t,directorycount,sizeof(T2P_PAGE)));
if(t2p->tiff_pages==NULL){
TIFFError(
Index: tiff-4.0.8/tools/tiffcrop.c
===================================================================
--- tiff-4.0.8.orig/tools/tiffcrop.c 2018-10-28 12:17:34.733012009 +0100
+++ tiff-4.0.8/tools/tiffcrop.c 2018-10-28 12:17:34.725012009 +0100
@@ -217,6 +217,8 @@
#define DUMP_TEXT 1
#define DUMP_RAW 2
+#define TIFF_DIR_MAX 65534
+
/* Offsets into buffer for margins and fixed width and length segments */
struct offset {
uint32 tmargin;
@@ -2233,7 +2235,7 @@
pageNum = -1;
else
total_images = 0;
- /* read multiple input files and write to output file(s) */
+ /* Read multiple input files and write to output file(s) */
while (optind < argc - 1)
{
in = TIFFOpen (argv[optind], "r");
@@ -2241,7 +2243,14 @@
return (-3);
/* If only one input file is specified, we can use directory count */
- total_images = TIFFNumberOfDirectories(in);
+ total_images = TIFFNumberOfDirectories(in);
+ if (total_images > TIFF_DIR_MAX)
+ {
+ TIFFError (TIFFFileName(in), "File contains too many directories");
+ if (out != NULL)
+ (void) TIFFClose(out);
+ return (1);
+ }
if (image_count == 0)
{
dirnum = 0;
From 58a898cb4459055bb488ca815c23b880c242a27d Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Sat, 12 May 2018 15:32:31 +0200
Subject: [PATCH] LZWDecodeCompat(): fix potential index-out-of-bounds write. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2780 / CVE-2018-8905
The fix consists in using the similar code LZWDecode() to validate we
don't write outside of the output buffer.
libtiff/tif_lzw.c | 17 ++++++++++++-----
1 file changed, 12 insertions(+), 5 deletions(-)
Index: tiff-4.0.8/libtiff/tif_lzw.c
===================================================================
--- tiff-4.0.8.orig/libtiff/tif_lzw.c 2018-10-28 12:59:52.864935922 +0100
+++ tiff-4.0.8/libtiff/tif_lzw.c 2018-10-28 13:01:50.136932407 +0100
@@ -603,6 +603,7 @@
char *tp;
unsigned char *bp;
int code, nbits;
+ int len;
long nextbits, nextdata, nbitsmask;
code_t *codep, *free_entp, *maxcodep, *oldcodep;
@@ -751,13 +752,18 @@
} while (--occ);
break;
}
- assert(occ >= codep->length);
- op += codep->length;
- occ -= codep->length;
- tp = op;
+ len = codep->length;
+ tp = op + len;
do {
- *--tp = codep->value;
- } while( (codep = codep->next) != NULL );
+ int t;
+ --tp;
+ t = codep->value;
+ codep = codep->next;
+ *tp = (char)t;
+ } while (codep && tp > op);
+ assert(occ >= len);
+ op += len;
+ occ -= len;
} else {
*op++ = (char)code;
occ--;
From f1b94e8a3ba49febdd3361c0214a1d1149251577 Mon Sep 17 00:00:00 2001
From: Young_X <YangX92@hotmail.com>
Date: Sat, 8 Sep 2018 14:36:12 +0800
Subject: [PATCH] only read/write TIFFTAG_GROUP3OPTIONS or
TIFFTAG_GROUP4OPTIONS if compression is COMPRESSION_CCITTFAX3 or
COMPRESSION_CCITTFAX4
---
tools/pal2rgb.c | 18 +++++++++++++++++-
tools/tiff2bw.c | 18 +++++++++++++++++-
2 files changed, 34 insertions(+), 2 deletions(-)
diff --git a/tools/pal2rgb.c b/tools/pal2rgb.c
index 01fcf941..01d8502e 100644
--- a/tools/pal2rgb.c
+++ b/tools/pal2rgb.c
@@ -402,7 +402,23 @@ cpTags(TIFF* in, TIFF* out)
{
struct cpTag *p;
for (p = tags; p < &tags[NTAGS]; p++)
- cpTag(in, out, p->tag, p->count, p->type);
+ {
+ if( p->tag == TIFFTAG_GROUP3OPTIONS )
+ {
+ uint16 compression;
+ if( !TIFFGetField(in, TIFFTAG_COMPRESSION, &compression) ||
+ compression != COMPRESSION_CCITTFAX3 )
+ continue;
+ }
+ if( p->tag == TIFFTAG_GROUP4OPTIONS )
+ {
+ uint16 compression;
+ if( !TIFFGetField(in, TIFFTAG_COMPRESSION, &compression) ||
+ compression != COMPRESSION_CCITTFAX4 )
+ continue;
+ }
+ cpTag(in, out, p->tag, p->count, p->type);
+ }
}
#undef NTAGS
diff --git a/tools/tiff2bw.c b/tools/tiff2bw.c
index 05faba87..5bef3142 100644
--- a/tools/tiff2bw.c
+++ b/tools/tiff2bw.c
@@ -450,7 +450,23 @@ cpTags(TIFF* in, TIFF* out)
{
struct cpTag *p;
for (p = tags; p < &tags[NTAGS]; p++)
- cpTag(in, out, p->tag, p->count, p->type);
+ {
+ if( p->tag == TIFFTAG_GROUP3OPTIONS )
+ {
+ uint16 compression;
+ if( !TIFFGetField(in, TIFFTAG_COMPRESSION, &compression) ||
+ compression != COMPRESSION_CCITTFAX3 )
+ continue;
+ }
+ if( p->tag == TIFFTAG_GROUP4OPTIONS )
+ {
+ uint16 compression;
+ if( !TIFFGetField(in, TIFFTAG_COMPRESSION, &compression) ||
+ compression != COMPRESSION_CCITTFAX4 )
+ continue;
+ }
+ cpTag(in, out, p->tag, p->count, p->type);
+ }
}
#undef NTAGS
--
2.18.1
From de144fd228e4be8aa484c3caf3d814b6fa88c6d9 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Sat, 12 May 2018 14:24:15 +0200
Subject: [PATCH] TIFFWriteDirectorySec: avoid assertion. Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2795. CVE-2018-10963
---
libtiff/tif_dirwrite.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
index 2430de6d..c15a28db 100644
--- a/libtiff/tif_dirwrite.c
+++ b/libtiff/tif_dirwrite.c
@@ -695,8 +695,11 @@ TIFFWriteDirectorySec(TIFF* tif, int isimage, int imagedone, uint64* pdiroff)
}
break;
default:
- assert(0); /* we should never get here */
- break;
+ TIFFErrorExt(tif->tif_clientdata,module,
+ "Cannot write tag %d (%s)",
+ TIFFFieldTag(o),
+ o->field_name ? o->field_name : "unknown");
+ goto bad;
}
}
}
--
2.18.1
diff --git a/tools/tiffcp.c b/tools/tiffcp.c
index 2f406e2d7065d31e2fccee0c08871cdab1d07fb7..8c81aa4f2d3adb332d00b317c887842f9c9f2b52 100644
--- a/tools/tiffcp.c
+++ b/tools/tiffcp.c
@@ -43,6 +43,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <limits.h>
#include <ctype.h>
@@ -1391,7 +1392,7 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer)
int status = 1;
uint32 imagew = TIFFRasterScanlineSize(in);
uint32 tilew = TIFFTileRowSize(in);
- int iskew = imagew - tilew*spp;
+ int iskew;
tsize_t tilesize = TIFFTileSize(in);
tdata_t tilebuf;
uint8* bufp = (uint8*) buf;
@@ -1399,6 +1400,12 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer)
uint32 row;
uint16 bps = 0, bytes_per_sample;
+ if (spp > (INT_MAX / tilew))
+ {
+ TIFFError(TIFFFileName(in), "Error, cannot handle that much samples per tile row (Tile Width * Samples/Pixel)");
+ return 0;
+ }
+ iskew = imagew - tilew*spp;
tilebuf = _TIFFmalloc(tilesize);
if (tilebuf == 0)
return 0;
diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
index c15a28dbd8fcb99b81fa5a1d44fcbcda881f42a7..ef30c869d30e210d90be16ce91f44087925fbad3 100644
--- a/libtiff/tif_dirwrite.c
+++ b/libtiff/tif_dirwrite.c
@@ -1895,12 +1895,14 @@ TIFFWriteDirectoryTagTransferfunction(TIFF* tif, uint32* ndir, TIFFDirEntry* dir
n=3;
if (n==3)
{
- if (!_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[2],m*sizeof(uint16)))
+ if (tif->tif_dir.td_transferfunction[2] == NULL ||
+ !_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[2],m*sizeof(uint16)))
n=2;
}
if (n==2)
{
- if (!_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[1],m*sizeof(uint16)))
+ if (tif->tif_dir.td_transferfunction[1] == NULL ||
+ !_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[1],m*sizeof(uint16)))
n=1;
}
if (n==0)
diff --git a/tools/ppm2tiff.c b/tools/ppm2tiff.c
index af6e41243bb4edbc229af473222964b2dac2e75c..c2d59257b9e7847719281e3ec8559a0359767b12 100644
--- a/tools/ppm2tiff.c
+++ b/tools/ppm2tiff.c
@@ -72,15 +72,16 @@ BadPPM(char* file)
exit(-2);
}
+
+#define TIFF_SIZE_T_MAX ((size_t) ~ ((size_t)0))
+#define TIFF_TMSIZE_T_MAX (tmsize_t)(TIFF_SIZE_T_MAX >> 1)
+
static tmsize_t
multiply_ms(tmsize_t m1, tmsize_t m2)
{
- tmsize_t bytes = m1 * m2;
-
- if (m1 && bytes / m1 != m2)
- bytes = 0;
-
- return bytes;
+ if( m1 == 0 || m2 > TIFF_TMSIZE_T_MAX / m1 )
+ return 0;
+ return m1 * m2;
}
int
diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c
index 6f0b48798bdeee91729c10e1fbcf9786234be5f3..078fbcec20677f19f7f967a4834011fe60df1df3 100644
--- a/libtiff/tif_dir.c
+++ b/libtiff/tif_dir.c
@@ -287,6 +287,18 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap)
_TIFFfree(td->td_smaxsamplevalue);
td->td_smaxsamplevalue = NULL;
}
+ /* Test if 3 transfer functions instead of just one are now needed
+ See http://bugzilla.maptools.org/show_bug.cgi?id=2820 */
+ if( td->td_transferfunction[0] != NULL && (v - td->td_extrasamples > 1) &&
+ !(td->td_samplesperpixel - td->td_extrasamples > 1))
+ {
+ TIFFWarningExt(tif->tif_clientdata,module,
+ "SamplesPerPixel tag value is changing, "
+ "but TransferFunction was read with a different value. Cancelling it");
+ TIFFClrFieldBit(tif,FIELD_TRANSFERFUNCTION);
+ _TIFFfree(td->td_transferfunction[0]);
+ td->td_transferfunction[0] = NULL;
+ }
}
td->td_samplesperpixel = (uint16) v;
break;
@@ -363,6 +375,16 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap)
_TIFFsetShortArray(&td->td_colormap[2], va_arg(ap, uint16*), v32);
break;
case TIFFTAG_EXTRASAMPLES:
+ if ( td->td_transferfunction[0] != NULL && (td->td_samplesperpixel - v > 1) &&
+ !(td->td_samplesperpixel - td->td_extrasamples > 1))
+ {
+ TIFFWarningExt(tif->tif_clientdata,module,
+ "ExtraSamples tag value is changing, "
+ "but TransferFunction was read with a different value. Cancelling it");
+ TIFFClrFieldBit(tif,FIELD_TRANSFERFUNCTION);
+ _TIFFfree(td->td_transferfunction[0]);
+ td->td_transferfunction[0] = NULL;
+ }
if (!setExtraSamples(td, ap, &v))
goto badvalue;
break;
diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c
index 078fbcec20677f19f7f967a4834011fe60df1df3..028ea54a256b4123ac320138aaedd1b356c2132f 100644
--- a/libtiff/tif_dir.c
+++ b/libtiff/tif_dir.c
@@ -90,13 +90,15 @@ setDoubleArrayOneValue(double** vpp, double value, size_t nmemb)
* Install extra samples information.
*/
static int
-setExtraSamples(TIFFDirectory* td, va_list ap, uint32* v)
+setExtraSamples(TIFF* tif, va_list ap, uint32* v)
{
/* XXX: Unassociated alpha data == 999 is a known Corel Draw bug, see below */
#define EXTRASAMPLE_COREL_UNASSALPHA 999
uint16* va;
uint32 i;
+ TIFFDirectory* td = &tif->tif_dir;
+ static const char module[] = "setExtraSamples";
*v = (uint16) va_arg(ap, uint16_vap);
if ((uint16) *v > td->td_samplesperpixel)
@@ -118,6 +120,18 @@ setExtraSamples(TIFFDirectory* td, va_list ap, uint32* v)
return 0;
}
}
+
+ if ( td->td_transferfunction[0] != NULL && (td->td_samplesperpixel - *v > 1) &&
+ !(td->td_samplesperpixel - td->td_extrasamples > 1))
+ {
+ TIFFWarningExt(tif->tif_clientdata,module,
+ "ExtraSamples tag value is changing, "
+ "but TransferFunction was read with a different value. Cancelling it");
+ TIFFClrFieldBit(tif,FIELD_TRANSFERFUNCTION);
+ _TIFFfree(td->td_transferfunction[0]);
+ td->td_transferfunction[0] = NULL;
+ }
+
td->td_extrasamples = (uint16) *v;
_TIFFsetShortArray(&td->td_sampleinfo, va, td->td_extrasamples);
return 1;
@@ -375,17 +389,7 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap)
_TIFFsetShortArray(&td->td_colormap[2], va_arg(ap, uint16*), v32);
break;
case TIFFTAG_EXTRASAMPLES:
- if ( td->td_transferfunction[0] != NULL && (td->td_samplesperpixel - v > 1) &&
- !(td->td_samplesperpixel - td->td_extrasamples > 1))
- {
- TIFFWarningExt(tif->tif_clientdata,module,
- "ExtraSamples tag value is changing, "
- "but TransferFunction was read with a different value. Cancelling it");
- TIFFClrFieldBit(tif,FIELD_TRANSFERFUNCTION);
- _TIFFfree(td->td_transferfunction[0]);
- td->td_transferfunction[0] = NULL;
- }
- if (!setExtraSamples(td, ap, &v))
+ if (!setExtraSamples(tif, ap, &v))
goto badvalue;
break;
case TIFFTAG_MATTEING:
diff --git a/libtiff/tif_aux.c b/libtiff/tif_aux.c
index 90d30214c6f50d60b5a896d644942cb04ff6e8ea..3e9bda43d5f8b20274ad306499bb85c5a06c73e9 100644
--- a/libtiff/tif_aux.c
+++ b/libtiff/tif_aux.c
@@ -59,18 +59,57 @@ _TIFFMultiply64(TIFF* tif, uint64 first, uint64 second, const char* where)
return bytes;
}
+tmsize_t
+_TIFFMultiplySSize(TIFF* tif, tmsize_t first, tmsize_t second, const char* where)
+{
+ if( first <= 0 || second <= 0 )
+ {
+ if( tif != NULL && where != NULL )
+ {
+ TIFFErrorExt(tif->tif_clientdata, where,
+ "Invalid argument to _TIFFMultiplySSize() in %s", where);
+ }
+ return 0;
+ }
+
+ if( first > TIFF_TMSIZE_T_MAX / second )
+ {
+ if( tif != NULL && where != NULL )
+ {
+ TIFFErrorExt(tif->tif_clientdata, where,
+ "Integer overflow in %s", where);
+ }
+ return 0;
+ }
+ return first * second;
+}
+
+tmsize_t _TIFFCastUInt64ToSSize(TIFF* tif, uint64 val, const char* module)
+{
+ if( val > (uint64)TIFF_TMSIZE_T_MAX )
+ {
+ if( tif != NULL && module != NULL )
+ {
+ TIFFErrorExt(tif->tif_clientdata,module,"Integer overflow");
+ }
+ return 0;
+ }
+ return (tmsize_t)val;
+}
+
void*
_TIFFCheckRealloc(TIFF* tif, void* buffer,
tmsize_t nmemb, tmsize_t elem_size, const char* what)
{
void* cp = NULL;
- tmsize_t bytes = nmemb * elem_size;
-
+ tmsize_t count = _TIFFMultiplySSize(tif, nmemb, elem_size, NULL);
/*
- * XXX: Check for integer overflow.
+ * Check for integer overflow.
*/
- if (nmemb && elem_size && bytes / elem_size == nmemb)
- cp = _TIFFrealloc(buffer, bytes);
+ if (count != 0)
+ {
+ cp = _TIFFrealloc(buffer, count);
+ }
if (cp == NULL) {
TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c
index 599bf12798044f0ff49405de30300fe68f1d17e3..c88b5fa67dc640e1849f9b33bfbc887d0a66d15d 100644
--- a/libtiff/tif_getimage.c
+++ b/libtiff/tif_getimage.c
@@ -755,9 +755,8 @@ gtTileSeparate(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h)
uint32 leftmost_tw;
tilesize = TIFFTileSize(tif);
- bufsize = TIFFSafeMultiply(tmsize_t,alpha?4:3,tilesize);
+ bufsize = _TIFFMultiplySSize(tif, alpha?4:3,tilesize, "gtTileSeparate");
if (bufsize == 0) {
- TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer overflow in %s", "gtTileSeparate");
return (0);
}
buf = (unsigned char*) _TIFFmalloc(bufsize);
@@ -1006,9 +1005,8 @@ gtStripSeparate(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h)
uint16 colorchannels;
stripsize = TIFFStripSize(tif);
- bufsize = TIFFSafeMultiply(tmsize_t,alpha?4:3,stripsize);
+ bufsize = _TIFFMultiplySSize(tif,alpha?4:3,stripsize, "gtStripSeparate");
if (bufsize == 0) {
- TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer overflow in %s", "gtStripSeparate");
return (0);
}
diff --git a/libtiff/tif_luv.c b/libtiff/tif_luv.c
index 6a63eadcab341f1c70cd1d34c27713da8ca0dd76..6fe485884ceb73e48985bc02d620ae7ac3a7eed0 100644
--- a/libtiff/tif_luv.c
+++ b/libtiff/tif_luv.c
@@ -1264,16 +1264,10 @@ LogL16GuessDataFmt(TIFFDirectory *td)
return (SGILOGDATAFMT_UNKNOWN);
}
-
-#define TIFF_SIZE_T_MAX ((size_t) ~ ((size_t)0))
-#define TIFF_TMSIZE_T_MAX (tmsize_t)(TIFF_SIZE_T_MAX >> 1)
-
static tmsize_t
multiply_ms(tmsize_t m1, tmsize_t m2)
{
- if( m1 == 0 || m2 > TIFF_TMSIZE_T_MAX / m1 )
- return 0;
- return m1 * m2;
+ return _TIFFMultiplySSize(NULL, m1, m2, NULL);
}
static int
diff --git a/libtiff/tif_pixarlog.c b/libtiff/tif_pixarlog.c
index b1e48d99c9246191253f86083b7046a316ec5171..a2149c852bc425c08677081d20d6eff81755cb95 100644
--- a/libtiff/tif_pixarlog.c
+++ b/libtiff/tif_pixarlog.c
@@ -636,15 +636,10 @@ PixarLogGuessDataFmt(TIFFDirectory *td)
return guess;
}
-#define TIFF_SIZE_T_MAX ((size_t) ~ ((size_t)0))
-#define TIFF_TMSIZE_T_MAX (tmsize_t)(TIFF_SIZE_T_MAX >> 1)
-
static tmsize_t
multiply_ms(tmsize_t m1, tmsize_t m2)
{
- if( m1 == 0 || m2 > TIFF_TMSIZE_T_MAX / m1 )
- return 0;
- return m1 * m2;
+ return _TIFFMultiplySSize(NULL, m1, m2, NULL);
}
static tmsize_t
diff --git a/libtiff/tif_read.c b/libtiff/tif_read.c
index 1f5362a7a4269821ada45eb31ec597d65508c592..c436b0d5ecc2f580d542d5d0bd58cf513b7896c7 100644
--- a/libtiff/tif_read.c
+++ b/libtiff/tif_read.c
@@ -31,9 +31,6 @@
#include "tiffiop.h"
#include <stdio.h>
-#define TIFF_SIZE_T_MAX ((size_t) ~ ((size_t)0))
-#define TIFF_TMSIZE_T_MAX (tmsize_t)(TIFF_SIZE_T_MAX >> 1)
-
int TIFFFillStrip(TIFF* tif, uint32 strip);
int TIFFFillTile(TIFF* tif, uint32 tile);
static int TIFFStartStrip(TIFF* tif, uint32 strip);
@@ -51,6 +48,8 @@ TIFFReadRawTile1(TIFF* tif, uint32 tile, void* buf, tmsize_t size, const char* m
#define THRESHOLD_MULTIPLIER 10
#define MAX_THRESHOLD (THRESHOLD_MULTIPLIER * THRESHOLD_MULTIPLIER * THRESHOLD_MULTIPLIER * INITIAL_THRESHOLD)
+#define TIFF_INT64_MAX ((((int64)0x7FFFFFFF) << 32) | 0xFFFFFFFF)
+
/* Read 'size' bytes in tif_rawdata buffer starting at offset 'rawdata_offset'
* Returns 1 in case of success, 0 otherwise. */
static int TIFFReadAndRealloc( TIFF* tif, tmsize_t size,
@@ -716,23 +716,8 @@ TIFFReadRawStrip(TIFF* tif, uint32 strip, void* buf, tmsize_t size)
return ((tmsize_t)(-1));
}
bytecount = td->td_stripbytecount[strip];
- if ((int64)bytecount <= 0) {
-#if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
- TIFFErrorExt(tif->tif_clientdata, module,
- "%I64u: Invalid strip byte count, strip %lu",
- (unsigned __int64) bytecount,
- (unsigned long) strip);
-#else
- TIFFErrorExt(tif->tif_clientdata, module,
- "%llu: Invalid strip byte count, strip %lu",
- (unsigned long long) bytecount,
- (unsigned long) strip);
-#endif
- return ((tmsize_t)(-1));
- }
- bytecountm = (tmsize_t)bytecount;
- if ((uint64)bytecountm!=bytecount) {
- TIFFErrorExt(tif->tif_clientdata, module, "Integer overflow");
+ bytecountm = _TIFFCastUInt64ToSSize(tif, bytecount, module);
+ if (bytecountm == 0) {
return ((tmsize_t)(-1));
}
if (size != (tmsize_t)(-1) && size < bytecountm)
@@ -756,7 +756,7 @@ TIFFFillStrip(TIFF* tif, uint32 strip)
if ((tif->tif_flags&TIFF_NOREADRAW)==0)
{
uint64 bytecount = td->td_stripbytecount[strip];
- if ((int64)bytecount <= 0) {
+ if( bytecount == 0 || bytecount > (uint64)TIFF_INT64_MAX ) {
#if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
TIFFErrorExt(tif->tif_clientdata, module,
"Invalid strip byte count %I64u, strip %lu",
@@ -783,7 +783,7 @@ TIFFFillStrip(TIFF* tif, uint32 strip)
(bytecount - 4096) / 10 > (uint64)stripsize )
{
uint64 newbytecount = (uint64)stripsize * 10 + 4096;
- if( (int64)newbytecount >= 0 )
+ if( newbytecount == 0 || newbytecount > (uint64)TIFF_INT64_MAX )
{
#if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
TIFFWarningExt(tif->tif_clientdata, module,
@@ -1104,10 +1104,8 @@ TIFFReadRawTile(TIFF* tif, uint32 tile,
bytecount64 = td->td_stripbytecount[tile];
if (size != (tmsize_t)(-1) && (uint64)size < bytecount64)
bytecount64 = (uint64)size;
- bytecountm = (tmsize_t)bytecount64;
- if ((uint64)bytecountm!=bytecount64)
- {
- TIFFErrorExt(tif->tif_clientdata,module,"Integer overflow");
+ bytecountm = _TIFFCastUInt64ToSSize(tif, bytecount64, module);
+ if( bytecountm == 0 ) {
return ((tmsize_t)(-1));
}
return (TIFFReadRawTile1(tif, tile, buf, bytecountm, module));
@@ -1129,7 +1129,7 @@ TIFFFillTile(TIFF* tif, uint32 tile)
if ((tif->tif_flags&TIFF_NOREADRAW)==0)
{
uint64 bytecount = td->td_stripbytecount[tile];
- if ((int64)bytecount <= 0) {
+ if( bytecount == 0 || bytecount > (uint64)TIFF_INT64_MAX ) {
#if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
TIFFErrorExt(tif->tif_clientdata, module,
"%I64u: Invalid tile byte count, tile %lu",
@@ -1143,6 +1143,39 @@ TIFFFillTile(TIFF* tif, uint32 tile)
#endif
return (0);
}
+
+ /* To avoid excessive memory allocations: */
+ /* Byte count should normally not be larger than a number of */
+ /* times the uncompressed size plus some margin */
+ if( bytecount > 1024 * 1024 )
+ {
+ /* 10 and 4096 are just values that could be adjusted. */
+ /* Hopefully they are safe enough for all codecs */
+ tmsize_t stripsize = TIFFTileSize(tif);
+ if( stripsize != 0 &&
+ (bytecount - 4096) / 10 > (uint64)stripsize )
+ {
+ uint64 newbytecount = (uint64)stripsize * 10 + 4096;
+ if( newbytecount == 0 || newbytecount > (uint64)TIFF_INT64_MAX )
+ {
+#if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
+ TIFFWarningExt(tif->tif_clientdata, module,
+ "Too large tile byte count %I64u, tile %lu. Limiting to %I64u",
+ (unsigned __int64) bytecount,
+ (unsigned long) tile,
+ (unsigned __int64) newbytecount);
+#else
+ TIFFErrorExt(tif->tif_clientdata, module,
+ "Too large tile byte count %llu, tile %lu. Limiting to %llu",
+ (unsigned long long) bytecount,
+ (unsigned long) tile,
+ (unsigned long long) newbytecount);
+#endif
+ bytecount = newbytecount;
+ }
+ }
+ }
+
if (isMapped(tif) &&
(isFillOrder(tif, td->td_fillorder)
|| (tif->tif_flags & TIFF_NOBITREV))) {
diff --git a/libtiff/tif_strip.c b/libtiff/tif_strip.c
index 2f3cd883b4106f7b43ee0dcec6c47a560cf3d135..c08c60a7928d1b27a4d66b385acd46faea992603 100644
--- a/libtiff/tif_strip.c
+++ b/libtiff/tif_strip.c
@@ -131,15 +131,8 @@ TIFFVStripSize(TIFF* tif, uint32 nrows)
{
static const char module[] = "TIFFVStripSize";
uint64 m;
- tmsize_t n;
m=TIFFVStripSize64(tif,nrows);
- n=(tmsize_t)m;
- if ((uint64)n!=m)
- {
- TIFFErrorExt(tif->tif_clientdata,module,"Integer overflow");
- n=0;
- }
- return(n);
+ return _TIFFCastUInt64ToSSize(tif, m, module);
}
/*
@@ -213,15 +206,8 @@ TIFFStripSize(TIFF* tif)
{
static const char module[] = "TIFFStripSize";
uint64 m;
- tmsize_t n;
m=TIFFStripSize64(tif);
- n=(tmsize_t)m;
- if ((uint64)n!=m)
- {
- TIFFErrorExt(tif->tif_clientdata,module,"Integer overflow");
- n=0;
- }
- return(n);
+ return _TIFFCastUInt64ToSSize(tif, m, module);
}
/*
@@ -332,14 +318,8 @@ TIFFScanlineSize(TIFF* tif)
{
static const char module[] = "TIFFScanlineSize";
uint64 m;
- tmsize_t n;
m=TIFFScanlineSize64(tif);
- n=(tmsize_t)m;
- if ((uint64)n!=m) {
- TIFFErrorExt(tif->tif_clientdata,module,"Integer arithmetic overflow");
- n=0;
- }
- return(n);
+ return _TIFFCastUInt64ToSSize(tif, m, module);
}
/*
@@ -368,15 +348,8 @@ TIFFRasterScanlineSize(TIFF* tif)
{
static const char module[] = "TIFFRasterScanlineSize";
uint64 m;
- tmsize_t n;
m=TIFFRasterScanlineSize64(tif);
- n=(tmsize_t)m;
- if ((uint64)n!=m)
- {
- TIFFErrorExt(tif->tif_clientdata,module,"Integer arithmetic overflow");
- n=0;
- }
- return(n);
+ return _TIFFCastUInt64ToSSize(tif, m, module);
}
/* vim: set ts=8 sts=8 sw=8 noet: */
diff --git a/libtiff/tif_tile.c b/libtiff/tif_tile.c
index 58fe9354a387c7fa9b9d0333b54e4d4d163d4777..661cc771548bc15d5de572b4f04bb9d91c20bc40 100644
--- a/libtiff/tif_tile.c
+++ b/libtiff/tif_tile.c
@@ -183,15 +183,8 @@ TIFFTileRowSize(TIFF* tif)
{
static const char module[] = "TIFFTileRowSize";
uint64 m;
- tmsize_t n;
m=TIFFTileRowSize64(tif);
- n=(tmsize_t)m;
- if ((uint64)n!=m)
- {
- TIFFErrorExt(tif->tif_clientdata,module,"Integer overflow");
- n=0;
- }
- return(n);
+ return _TIFFCastUInt64ToSSize(tif, m, module);
}
/*
@@ -250,15 +243,8 @@ TIFFVTileSize(TIFF* tif, uint32 nrows)
{
static const char module[] = "TIFFVTileSize";
uint64 m;
- tmsize_t n;
m=TIFFVTileSize64(tif,nrows);
- n=(tmsize_t)m;
- if ((uint64)n!=m)
- {
- TIFFErrorExt(tif->tif_clientdata,module,"Integer overflow");
- n=0;
- }
- return(n);
+ return _TIFFCastUInt64ToSSize(tif, m, module);
}
/*
@@ -274,15 +260,8 @@ TIFFTileSize(TIFF* tif)
{
static const char module[] = "TIFFTileSize";
uint64 m;
- tmsize_t n;
m=TIFFTileSize64(tif);
- n=(tmsize_t)m;
- if ((uint64)n!=m)
- {
- TIFFErrorExt(tif->tif_clientdata,module,"Integer overflow");
- n=0;
- }
- return(n);
+ return _TIFFCastUInt64ToSSize(tif, m, module);
}
/*
diff --git a/libtiff/tiffiop.h b/libtiff/tiffiop.h
index dd6fb095aff046bd7b9a68532dcf3e00ad5ac02d..60ccc87b319050b08dd94a74f9a1aaaef66cdb54 100644
--- a/libtiff/tiffiop.h
+++ b/libtiff/tiffiop.h
@@ -78,6 +78,9 @@ extern int snprintf(char* str, size_t size, const char* format, ...);
#define FALSE 0
#endif
+#define TIFF_SIZE_T_MAX ((size_t) ~ ((size_t)0))
+#define TIFF_TMSIZE_T_MAX (tmsize_t)(TIFF_SIZE_T_MAX >> 1)
+
typedef struct client_info {
struct client_info *next;
void *data;
@@ -260,7 +263,7 @@ struct tiff {
#define TIFFhowmany8_64(x) (((x)&0x07)?((uint64)(x)>>3)+1:(uint64)(x)>>3)
#define TIFFroundup_64(x, y) (TIFFhowmany_64(x,y)*(y))
-/* Safe multiply which returns zero if there is an integer overflow */
+/* Safe multiply which returns zero if there is an *unsigned* integer overflow. This macro is not safe for *signed* integer types */
#define TIFFSafeMultiply(t,v,m) ((((t)(m) != (t)0) && (((t)(((v)*(m))/(m))) == (t)(v))) ? (t)((v)*(m)) : (t)0)
#define TIFFmax(A,B) ((A)>(B)?(A):(B))
@@ -359,6 +362,8 @@ extern TIFFErrorHandlerExt _TIFFerrorHandlerExt;
extern uint32 _TIFFMultiply32(TIFF*, uint32, uint32, const char*);
extern uint64 _TIFFMultiply64(TIFF*, uint64, uint64, const char*);
+extern tmsize_t _TIFFMultiplySSize(TIFF*, tmsize_t, tmsize_t, const char*);
+extern tmsize_t _TIFFCastUInt64ToSSize(TIFF*, uint64, const char*);
extern void* _TIFFCheckMalloc(TIFF*, tmsize_t, tmsize_t, const char*);
extern void* _TIFFCheckRealloc(TIFF*, void*, tmsize_t, tmsize_t, const char*);
diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c
index c88b5fa67dc640e1849f9b33bfbc887d0a66d15d..4da785d3a1fc237cc95ab93a2eb0969556457b13 100644
--- a/libtiff/tif_getimage.c
+++ b/libtiff/tif_getimage.c
@@ -936,16 +936,23 @@ gtStripContig(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h)
fromskew = (w < imagewidth ? imagewidth - w : 0);
for (row = 0; row < h; row += nrow)
{
+ uint32 temp;
rowstoread = rowsperstrip - (row + img->row_offset) % rowsperstrip;
nrow = (row + rowstoread > h ? h - row : rowstoread);
nrowsub = nrow;
if ((nrowsub%subsamplingver)!=0)
nrowsub+=subsamplingver-nrowsub%subsamplingver;
+ temp = (row + img->row_offset)%rowsperstrip + nrowsub;
+ if( scanline > 0 && temp > (size_t)(TIFF_TMSIZE_T_MAX / scanline) )
+ {
+ TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer overflow in gtStripContig");
+ return 0;
+ }
if (_TIFFReadEncodedStripAndAllocBuffer(tif,
TIFFComputeStrip(tif,row+img->row_offset, 0),
(void**)(&buf),
maxstripsize,
- ((row + img->row_offset)%rowsperstrip + nrowsub) * scanline)==(tmsize_t)(-1)
+ temp * scanline)==(tmsize_t)(-1)
&& (buf == NULL || img->stoponerr))
{
ret = 0;
@@ -1038,15 +1045,22 @@ gtStripSeparate(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h)
fromskew = (w < imagewidth ? imagewidth - w : 0);
for (row = 0; row < h; row += nrow)
{
+ uint32 temp;
rowstoread = rowsperstrip - (row + img->row_offset) % rowsperstrip;
nrow = (row + rowstoread > h ? h - row : rowstoread);
offset_row = row + img->row_offset;
+ temp = (row + img->row_offset)%rowsperstrip + nrow;
+ if( scanline > 0 && temp > (size_t)(TIFF_TMSIZE_T_MAX / scanline) )
+ {
+ TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer overflow in gtStripSeparate");
+ return 0;
+ }
if( buf == NULL )
{
if (_TIFFReadEncodedStripAndAllocBuffer(
tif, TIFFComputeStrip(tif, offset_row, 0),
(void**) &buf, bufsize,
- ((row + img->row_offset)%rowsperstrip + nrow) * scanline)==(tmsize_t)(-1)
+ temp * scanline)==(tmsize_t)(-1)
&& (buf == NULL || img->stoponerr))
{
ret = 0;
@@ -1066,7 +1080,7 @@ gtStripSeparate(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h)
}
}
else if (TIFFReadEncodedStrip(tif, TIFFComputeStrip(tif, offset_row, 0),
- p0, ((row + img->row_offset)%rowsperstrip + nrow) * scanline)==(tmsize_t)(-1)
+ p0, temp * scanline)==(tmsize_t)(-1)
&& img->stoponerr)
{
ret = 0;
@@ -1074,7 +1088,7 @@ gtStripSeparate(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h)
}
if (colorchannels > 1
&& TIFFReadEncodedStrip(tif, TIFFComputeStrip(tif, offset_row, 1),
- p1, ((row + img->row_offset)%rowsperstrip + nrow) * scanline) == (tmsize_t)(-1)
+ p1, temp * scanline) == (tmsize_t)(-1)
&& img->stoponerr)
{
ret = 0;
@@ -1082,7 +1096,7 @@ gtStripSeparate(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h)
}
if (colorchannels > 1
&& TIFFReadEncodedStrip(tif, TIFFComputeStrip(tif, offset_row, 2),
- p2, ((row + img->row_offset)%rowsperstrip + nrow) * scanline) == (tmsize_t)(-1)
+ p2, temp * scanline) == (tmsize_t)(-1)
&& img->stoponerr)
{
ret = 0;
@@ -1091,7 +1105,7 @@ gtStripSeparate(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h)
if (alpha)
{
if (TIFFReadEncodedStrip(tif, TIFFComputeStrip(tif, offset_row, colorchannels),
- pa, ((row + img->row_offset)%rowsperstrip + nrow) * scanline)==(tmsize_t)(-1)
+ pa, temp * scanline)==(tmsize_t)(-1)
&& img->stoponerr)
{
ret = 0;
Description: fix TIFFReadRawStrip man page typo
Change TIFFReadEncodedStrip to TIFFReadRawStrip as needed.
Author: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Bug-Debian: https://bugs.debian.org/672858
Last-Update: 2018-11-19
---
--- tiff-4.0.10.orig/html/man/TIFFReadRawStrip.3tiff.html
+++ tiff-4.0.10/html/man/TIFFReadRawStrip.3tiff.html
@@ -71,7 +71,7 @@ typically be at least as large as the nu
<td width="8%"></td>
<td width="91%">
<p>The actual number of bytes of data that were placed in
-<i>buf</i> is returned; <i>TIFFReadEncodedStrip</i> returns
+<i>buf</i> is returned; <i>TIFFReadRawStrip</i> returns
&minus;1 if an error was encountered.</p>
</td>
</table>
--- tiff-4.0.10.orig/man/TIFFReadRawStrip.3tiff
+++ tiff-4.0.10/man/TIFFReadRawStrip.3tiff
@@ -46,7 +46,7 @@ large as the number returned by
The actual number of bytes of data that were placed in
.I buf
is returned;
-.IR TIFFReadEncodedStrip
+.IR TIFFReadRawStrip
returns \-1 if an error was encountered.
.SH DIAGNOSTICS
All error messages are directed to the
From eecb0712f4c3a5b449f70c57988260a667ddbdef Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Sun, 6 Feb 2022 13:08:38 +0100
Subject: [PATCH] TIFFFetchStripThing(): avoid calling memcpy() with a null
source pointer and size of zero (fixes #362)
---
libtiff/tif_dirread.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
Index: tiff-4.2.0/libtiff/tif_dirread.c
===================================================================
--- tiff-4.2.0.orig/libtiff/tif_dirread.c 2022-02-22 23:56:43.727328819 +0100
+++ tiff-4.2.0/libtiff/tif_dirread.c 2022-02-22 23:56:43.727328819 +0100
@@ -5765,8 +5765,9 @@
_TIFFfree(data);
return(0);
}
- _TIFFmemcpy(resizeddata,data,(uint32)dir->tdir_count*sizeof(uint64));
- _TIFFmemset(resizeddata+(uint32)dir->tdir_count,0,(nstrips-(uint32)dir->tdir_count)*sizeof(uint64));
+ if( dir->tdir_count )
+ _TIFFmemcpy(resizeddata,data, (uint32)dir->tdir_count * sizeof(uint64));
+ _TIFFmemset(resizeddata+(uint32)dir->tdir_count, 0, (nstrips - (uint32)dir->tdir_count) * sizeof(uint64));
_TIFFfree(data);
data=resizeddata;
}
From 561599c99f987dc32ae110370cfdd7df7975586b Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Sat, 5 Feb 2022 20:36:41 +0100
Subject: [PATCH] TIFFReadDirectory(): avoid calling memcpy() with a null
source pointer and size of zero (fixes #362)
---
libtiff/tif_dirread.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Index: tiff-4.2.0/libtiff/tif_dirread.c
===================================================================
--- tiff-4.2.0.orig/libtiff/tif_dirread.c 2022-02-22 23:56:49.919326843 +0100
+++ tiff-4.2.0/libtiff/tif_dirread.c 2022-02-22 23:56:49.915326845 +0100
@@ -4173,7 +4173,8 @@
goto bad;
}
- memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16));
+ if (old_extrasamples > 0)
+ memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16));
_TIFFsetShortArray(&tif->tif_dir.td_sampleinfo, new_sampleinfo, tif->tif_dir.td_extrasamples);
_TIFFfree(new_sampleinfo);
}
From 03047a26952a82daaa0792957ce211e0aa51bc64 Mon Sep 17 00:00:00 2001
From: 4ugustus <wangdw.augustus@qq.com>
Date: Tue, 25 Jan 2022 16:25:28 +0000
Subject: [PATCH] tiffset: fix global-buffer-overflow for ASCII tags where
count is required (fixes #355)
---
tools/tiffset.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
Index: tiff-4.2.0/tools/tiffset.c
===================================================================
--- tiff-4.2.0.orig/tools/tiffset.c 2022-02-22 23:56:54.187325478 +0100
+++ tiff-4.2.0/tools/tiffset.c 2022-02-22 23:56:54.183325479 +0100
@@ -32,6 +32,7 @@
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
+#include <stdint.h>
#include "tiffio.h"
@@ -148,9 +149,19 @@
arg_index++;
if (TIFFFieldDataType(fip) == TIFF_ASCII) {
- if (TIFFSetField(tiff, TIFFFieldTag(fip), argv[arg_index]) != 1)
- fprintf( stderr, "Failed to set %s=%s\n",
- TIFFFieldName(fip), argv[arg_index] );
+ if(TIFFFieldPassCount( fip )) {
+ size_t len;
+ len = strlen(argv[arg_index]) + 1;
+ if (len > UINT16_MAX || TIFFSetField(tiff, TIFFFieldTag(fip),
+ (uint16)len, argv[arg_index]) != 1)
+ fprintf( stderr, "Failed to set %s=%s\n",
+ TIFFFieldName(fip), argv[arg_index] );
+ } else {
+ if (TIFFSetField(tiff, TIFFFieldTag(fip),
+ argv[arg_index]) != 1)
+ fprintf( stderr, "Failed to set %s=%s\n",
+ TIFFFieldName(fip), argv[arg_index] );
+ }
} else if (TIFFFieldWriteCount(fip) > 0
|| TIFFFieldWriteCount(fip) == TIFF_VARIABLE) {
int ret = 1;
From a1c933dabd0e1c54a412f3f84ae0aa58115c6067 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Thu, 24 Feb 2022 22:26:02 +0100
Subject: [PATCH] tif_jbig.c: fix crash when reading a file with multiple IFD
in memory-mapped mode and when bit reversal is needed (fixes #385)
---
libtiff/tif_jbig.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/libtiff/tif_jbig.c b/libtiff/tif_jbig.c
index 74086338..8bfa4cef 100644
--- a/libtiff/tif_jbig.c
+++ b/libtiff/tif_jbig.c
@@ -209,6 +209,16 @@ int TIFFInitJBIG(TIFF* tif, int scheme)
*/
tif->tif_flags |= TIFF_NOBITREV;
tif->tif_flags &= ~TIFF_MAPPED;
+ /* We may have read from a previous IFD and thus set TIFF_BUFFERMMAP and
+ * cleared TIFF_MYBUFFER. It is necessary to restore them to their initial
+ * value to be consistent with the state of a non-memory mapped file.
+ */
+ if (tif->tif_flags&TIFF_BUFFERMMAP) {
+ tif->tif_rawdata = NULL;
+ tif->tif_rawdatasize = 0;
+ tif->tif_flags &= ~TIFF_BUFFERMMAP;
+ tif->tif_flags |= TIFF_MYBUFFER;
+ }
/* Setup the function pointers for encode, decode, and cleanup. */
tif->tif_setupdecode = JBIGSetupDecode;
--
GitLab
From a95b799f65064e4ba2e2dfc206808f86faf93e85 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Thu, 17 Feb 2022 15:28:43 +0100
Subject: [PATCH] TIFFFetchNormalTag(): avoid calling memcpy() with a null
source pointer and size of zero (fixes #383)
---
libtiff/tif_dirread.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
index 50ebf8ac..2ec44a4f 100644
--- a/libtiff/tif_dirread.c
+++ b/libtiff/tif_dirread.c
@@ -5080,7 +5080,10 @@ TIFFFetchNormalTag(TIFF* tif, TIFFDirEntry* dp, int recover)
_TIFFfree(data);
return(0);
}
- _TIFFmemcpy(o,data,(uint32)dp->tdir_count);
+ if (dp->tdir_count > 0 )
+ {
+ _TIFFmemcpy(o,data,(uint32)dp->tdir_count);
+ }
o[(uint32)dp->tdir_count]=0;
if (data!=0)
_TIFFfree(data);
--
GitLab
From 40b00cfb32256d377608b4d4cd30fac338d0a0bc Mon Sep 17 00:00:00 2001
From: Augustus <wangdw.augustus@qq.com>
Date: Mon, 7 Mar 2022 18:21:49 +0800
Subject: [PATCH] add checks for return value of limitMalloc (#392)
---
tools/tiffcrop.c | 33 +++++++++++++++++++++------------
1 file changed, 21 insertions(+), 12 deletions(-)
diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
index f2e5474a..9b8acc7e 100644
--- a/tools/tiffcrop.c
+++ b/tools/tiffcrop.c
@@ -7385,7 +7385,11 @@ createImageSection(uint32_t sectsize, unsigned char **sect_buff_ptr)
if (!sect_buff)
{
sect_buff = (unsigned char *)limitMalloc(sectsize);
- *sect_buff_ptr = sect_buff;
+ if (!sect_buff)
+ {
+ TIFFError("createImageSection", "Unable to allocate/reallocate section buffer");
+ return (-1);
+ }
_TIFFmemset(sect_buff, 0, sectsize);
}
else
@@ -7401,15 +7405,15 @@ createImageSection(uint32_t sectsize, unsigned char **sect_buff_ptr)
else
sect_buff = new_buff;
+ if (!sect_buff)
+ {
+ TIFFError("createImageSection", "Unable to allocate/reallocate section buffer");
+ return (-1);
+ }
_TIFFmemset(sect_buff, 0, sectsize);
}
}
- if (!sect_buff)
- {
- TIFFError("createImageSection", "Unable to allocate/reallocate section buffer");
- return (-1);
- }
prev_sectsize = sectsize;
*sect_buff_ptr = sect_buff;
@@ -7676,7 +7680,11 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop,
if (!crop_buff)
{
crop_buff = (unsigned char *)limitMalloc(cropsize);
- *crop_buff_ptr = crop_buff;
+ if (!crop_buff)
+ {
+ TIFFError("createCroppedImage", "Unable to allocate/reallocate crop buffer");
+ return (-1);
+ }
_TIFFmemset(crop_buff, 0, cropsize);
prev_cropsize = cropsize;
}
@@ -7692,15 +7700,15 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop,
}
else
crop_buff = new_buff;
+ if (!crop_buff)
+ {
+ TIFFError("createCroppedImage", "Unable to allocate/reallocate crop buffer");
+ return (-1);
+ }
_TIFFmemset(crop_buff, 0, cropsize);
}
}
- if (!crop_buff)
- {
- TIFFError("createCroppedImage", "Unable to allocate/reallocate crop buffer");
- return (-1);
- }
*crop_buff_ptr = crop_buff;
if (crop->crop_mode & CROP_INVERT)
@@ -9259,3 +9267,4 @@ invertImage(uint16_t photometric, uint16_t spp, uint16_t bps, uint32_t width, ui
* fill-column: 78
* End:
*/
+
--
GitLab
From 32ea0722ee68f503b7a3f9b2d557acb293fc8cde Mon Sep 17 00:00:00 2001
From: 4ugustus <wangdw.augustus@qq.com>
Date: Tue, 8 Mar 2022 16:22:04 +0000
Subject: [PATCH] fix the FPE in tiffcrop (#393)
---
libtiff/tif_dir.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c
index 57055ca9..59b346ca 100644
--- a/libtiff/tif_dir.c
+++ b/libtiff/tif_dir.c
@@ -335,13 +335,13 @@ _TIFFVSetField(TIFF* tif, uint32_t tag, va_list ap)
break;
case TIFFTAG_XRESOLUTION:
dblval = va_arg(ap, double);
- if( dblval < 0 )
+ if( dblval != dblval || dblval < 0 )
goto badvaluedouble;
td->td_xresolution = _TIFFClampDoubleToFloat( dblval );
break;
case TIFFTAG_YRESOLUTION:
dblval = va_arg(ap, double);
- if( dblval < 0 )
+ if( dblval != dblval || dblval < 0 )
goto badvaluedouble;
td->td_yresolution = _TIFFClampDoubleToFloat( dblval );
break;
--
GitLab
From 232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c Mon Sep 17 00:00:00 2001
From: Su Laus <sulau@freenet.de>
Date: Tue, 8 Mar 2022 17:02:44 +0000
Subject: [PATCH] tiffcrop: fix issue #380 and #382 heap buffer overflow in
extractImageSection
---
tools/tiffcrop.c | 92 +++++++++++++++++++-----------------------------
1 file changed, 36 insertions(+), 56 deletions(-)
diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
index f2e5474a..e62bcc71 100644
--- a/tools/tiffcrop.c
+++ b/tools/tiffcrop.c
@@ -105,8 +105,8 @@
* of messages to monitor progess without enabling dump logs.
*/
-static char tiffcrop_version_id[] = "2.4";
-static char tiffcrop_rev_date[] = "12-13-2010";
+static char tiffcrop_version_id[] = "2.4.1";
+static char tiffcrop_rev_date[] = "03-03-2010";
#include "tif_config.h"
#include "tiffiop.h"
@@ -6718,10 +6718,10 @@ extractImageSection(struct image_data *image, struct pageseg *section,
#ifdef DEVELMODE
uint32 img_length;
#endif
- uint32 j, shift1, shift2, trailing_bits;
+ uint32 j, shift1, trailing_bits;
uint32 row, first_row, last_row, first_col, last_col;
uint32 src_offset, dst_offset, row_offset, col_offset;
- uint32 offset1, offset2, full_bytes;
+ uint32 offset1, full_bytes;
uint32 sect_width;
#ifdef DEVELMODE
uint32 sect_length;
@@ -6731,7 +6731,6 @@ extractImageSection(struct image_data *image, struct pageseg *section,
#ifdef DEVELMODE
int k;
unsigned char bitset;
- static char *bitarray = NULL;
#endif
img_width = image->width;
@@ -6749,17 +6748,12 @@ extractImageSection(struct image_data *image, struct pageseg *section,
dst_offset = 0;
#ifdef DEVELMODE
- if (bitarray == NULL)
- {
- if ((bitarray = (char *)malloc(img_width)) == NULL)
- {
- TIFFError ("", "DEBUG: Unable to allocate debugging bitarray");
- return (-1);
- }
- }
+ char bitarray[39];
#endif
- /* rows, columns, width, length are expressed in pixels */
+ /* rows, columns, width, length are expressed in pixels
+ * first_row, last_row, .. are index into image array starting at 0 to width-1,
+ * last_col shall be also extracted. */
first_row = section->y1;
last_row = section->y2;
first_col = section->x1;
@@ -6769,9 +6763,14 @@ extractImageSection(struct image_data *image, struct pageseg *section,
#ifdef DEVELMODE
sect_length = last_row - first_row + 1;
#endif
- img_rowsize = ((img_width * bps + 7) / 8) * spp;
- full_bytes = (sect_width * spp * bps) / 8; /* number of COMPLETE bytes per row in section */
- trailing_bits = (sect_width * bps) % 8;
+ /* The read function loadImage() used copy separate plane data into a buffer as interleaved
+ * samples rather than separate planes so the same logic works to extract regions
+ * regardless of the way the data are organized in the input file.
+ * Furthermore, bytes and bits are arranged in buffer according to COMPRESSION=1 and FILLORDER=1
+ */
+ img_rowsize = (((img_width * spp * bps) + 7) / 8); /* row size in full bytes of source image */
+ full_bytes = (sect_width * spp * bps) / 8; /* number of COMPLETE bytes per row in section */
+ trailing_bits = (sect_width * spp * bps) % 8; /* trailing bits within the last byte of destination buffer */
#ifdef DEVELMODE
TIFFError ("", "First row: %d, last row: %d, First col: %d, last col: %d\n",
@@ -6784,10 +6783,9 @@ extractImageSection(struct image_data *image, struct pageseg *section,
if ((bps % 8) == 0)
{
- col_offset = first_col * spp * bps / 8;
+ col_offset = (first_col * spp * bps) / 8;
for (row = first_row; row <= last_row; row++)
{
- /* row_offset = row * img_width * spp * bps / 8; */
row_offset = row * img_rowsize;
src_offset = row_offset + col_offset;
@@ -6800,14 +6798,12 @@ extractImageSection(struct image_data *image, struct pageseg *section,
}
else
{ /* bps != 8 */
- shift1 = spp * ((first_col * bps) % 8);
- shift2 = spp * ((last_col * bps) % 8);
+ shift1 = ((first_col * spp * bps) % 8); /* shift1 = bits to skip in the first byte of source buffer*/
for (row = first_row; row <= last_row; row++)
{
/* pull out the first byte */
row_offset = row * img_rowsize;
- offset1 = row_offset + (first_col * bps / 8);
- offset2 = row_offset + (last_col * bps / 8);
+ offset1 = row_offset + ((first_col * spp * bps) / 8); /* offset1 = offset into source of byte with first bits to be extracted */
#ifdef DEVELMODE
for (j = 0, k = 7; j < 8; j++, k--)
@@ -6819,12 +6815,12 @@ extractImageSection(struct image_data *image, struct pageseg *section,
sprintf(&bitarray[9], " ");
for (j = 10, k = 7; j < 18; j++, k--)
{
- bitset = *(src_buff + offset2) & (((unsigned char)1 << k)) ? 1 : 0;
+ bitset = *(src_buff + offset1 + full_bytes) & (((unsigned char)1 << k)) ? 1 : 0;
sprintf(&bitarray[j], (bitset) ? "1" : "0");
}
bitarray[18] = '\0';
- TIFFError ("", "Row: %3d Offset1: %d, Shift1: %d, Offset2: %d, Shift2: %d\n",
- row, offset1, shift1, offset2, shift2);
+ TIFFError ("", "Row: %3d Offset1: %"PRIu32", Shift1: %"PRIu32", Offset2: %"PRIu32", Trailing_bits: %"PRIu32"\n",
+ row, offset1, shift1, offset1+full_bytes, trailing_bits);
#endif
bytebuff1 = bytebuff2 = 0;
@@ -6848,11 +6844,12 @@ extractImageSection(struct image_data *image, struct pageseg *section,
if (trailing_bits != 0)
{
- bytebuff2 = src_buff[offset2] & ((unsigned char)255 << (7 - shift2));
+ /* Only copy higher bits of samples and mask lower bits of not wanted column samples to zero */
+ bytebuff2 = src_buff[offset1 + full_bytes] & ((unsigned char)255 << (8 - trailing_bits));
sect_buff[dst_offset] = bytebuff2;
#ifdef DEVELMODE
TIFFError ("", " Trailing bits src offset: %8d, Dst offset: %8d\n",
- offset2, dst_offset);
+ offset1 + full_bytes, dst_offset);
for (j = 30, k = 7; j < 38; j++, k--)
{
bitset = *(sect_buff + dst_offset) & (((unsigned char)1 << k)) ? 1 : 0;
@@ -6871,8 +6868,10 @@ extractImageSection(struct image_data *image, struct pageseg *section,
#endif
for (j = 0; j <= full_bytes; j++)
{
- bytebuff1 = src_buff[offset1 + j] & ((unsigned char)255 >> shift1);
- bytebuff2 = src_buff[offset1 + j + 1] & ((unsigned char)255 << (7 - shift1));
+ /* Skip the first shift1 bits and shift the source up by shift1 bits before save to destination.*/
+ /* Attention: src_buff size needs to be some bytes larger than image size, because could read behind image here. */
+ bytebuff1 = src_buff[offset1 + j] & ((unsigned char)255 >> shift1);
+ bytebuff2 = src_buff[offset1 + j + 1] & ((unsigned char)255 << (8 - shift1));
sect_buff[dst_offset + j] = (bytebuff1 << shift1) | (bytebuff2 >> (8 - shift1));
}
#ifdef DEVELMODE
@@ -6888,36 +6887,17 @@ extractImageSection(struct image_data *image, struct pageseg *section,
#endif
dst_offset += full_bytes;
+ /* Copy the trailing_bits for the last byte in the destination buffer.
+ Could come from one ore two bytes of the source buffer. */
if (trailing_bits != 0)
{
#ifdef DEVELMODE
- TIFFError ("", " Trailing bits src offset: %8d, Dst offset: %8d\n", offset1 + full_bytes, dst_offset);
-#endif
- if (shift2 > shift1)
- {
- bytebuff1 = src_buff[offset1 + full_bytes] & ((unsigned char)255 << (7 - shift2));
- bytebuff2 = bytebuff1 & ((unsigned char)255 << shift1);
- sect_buff[dst_offset] = bytebuff2;
-#ifdef DEVELMODE
- TIFFError ("", " Shift2 > Shift1\n");
+ TIFFError("", " Trailing bits %4"PRIu32" src offset: %8"PRIu32", Dst offset: %8"PRIu32"\n", trailing_bits, offset1 + full_bytes, dst_offset);
#endif
+ /* More than necessary bits are already copied into last destination buffer,
+ * only masking of last byte in destination buffer is necessary.*/
+ sect_buff[dst_offset] &= ((uint8_t)0xFF << (8 - trailing_bits));
}
- else
- {
- if (shift2 < shift1)
- {
- bytebuff2 = ((unsigned char)255 << (shift1 - shift2 - 1));
- sect_buff[dst_offset] &= bytebuff2;
-#ifdef DEVELMODE
- TIFFError ("", " Shift2 < Shift1\n");
-#endif
- }
-#ifdef DEVELMODE
- else
- TIFFError ("", " Shift2 == Shift1\n");
-#endif
- }
- }
#ifdef DEVELMODE
sprintf(&bitarray[28], " ");
sprintf(&bitarray[29], " ");
@@ -7070,7 +7050,7 @@ writeImageSections(TIFF *in, TIFF *out, struct image_data *image,
width = sections[i].x2 - sections[i].x1 + 1;
length = sections[i].y2 - sections[i].y1 + 1;
sectsize = (uint32)
- ceil((width * image->bps + 7) / (double)8) * image->spp * length;
+ ceil((width * image->bps * image->spp + 7) / (double)8) * length;
/* allocate a buffer if we don't have one already */
if (createImageSection(sectsize, sect_buff_ptr))
{
--
GitLab
From 88d79a45a31c74cba98c697892fed5f7db8b963a Mon Sep 17 00:00:00 2001
From: 4ugustus <wangdw.augustus@qq.com>
Date: Thu, 10 Mar 2022 08:48:00 +0000
Subject: [PATCH] fix heap buffer overflow in tiffcp (#278)
---
tools/tiffcp.c | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
diff --git a/tools/tiffcp.c b/tools/tiffcp.c
index 224583e0..aa32b118 100644
--- a/tools/tiffcp.c
+++ b/tools/tiffcp.c
@@ -1576,12 +1576,27 @@ DECLAREwriteFunc(writeBufferToSeparateSt
tdata_t obuf;
tstrip_t strip = 0;
tsample_t s;
+ uint16 bps = 0, bytes_per_sample;
obuf = limitMalloc(stripsize);
if (obuf == NULL)
return (0);
_TIFFmemset(obuf, 0, stripsize);
(void) TIFFGetFieldDefaulted(out, TIFFTAG_ROWSPERSTRIP, &rowsperstrip);
+ (void) TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps);
+ if( bps == 0 )
+ {
+ TIFFError(TIFFFileName(out), "Error, cannot read BitsPerSample");
+ _TIFFfree(obuf);
+ return 0;
+ }
+ if( (bps % 8) != 0 )
+ {
+ TIFFError(TIFFFileName(out), "Error, cannot handle BitsPerSample that is not a multiple of 8");
+ _TIFFfree(obuf);
+ return 0;
+ }
+ bytes_per_sample = bps/8;
for (s = 0; s < spp; s++) {
uint32 row;
for (row = 0; row < imagelength; row += rowsperstrip) {
@@ -1591,7 +1591,7 @@ DECLAREwriteFunc(writeBufferToSeparateSt
cpContigBufToSeparateBuf(
obuf, (uint8*) buf + row*rowsize + s,
- nrows, imagewidth, 0, 0, spp, 1);
+ nrows, imagewidth, 0, 0, spp, bytes_per_sample);
if (TIFFWriteEncodedStrip(out, strip++, obuf, stripsize) < 0) {
TIFFError(TIFFFileName(out),
"Error, can't write strip %u",
--
GitLab
[buildout]
extends =
../cmake/buildout.cfg
../libjpeg/buildout.cfg
../lzo/buildout.cfg
../libtirpc/buildout.cfg
../kerberos/buildout.cfg
../xorg/buildout.cfg
parts =
x11vnc
[libvncserver]
recipe = slapos.recipe.cmmi
shared = true
url = https://github.com/LibVNC/libvncserver/archive/refs/tags/LibVNCServer-0.9.13.tar.gz
md5sum = 503b5527b93dce77e8b6a45f273f6e39
configure-command = cmake
configure-options =
-Bbuild
-DCMAKE_INSTALL_PREFIX=@@LOCATION@@
-DBUILD_SHARED_LIBS=ON
-DWITH_SYSTEMD=OFF
-DWITH_SDL=OFF
-DWITH_GTK=OFF
-DWITH_WEBSOCKETS=ON
-DWITH_LZO=ON
-DWITH_GCRYPT=ON
-DWITH_IPv6=ON
-DWITH_JPEG=ON
-DWITH_FFMPEG=OFF
-DWITH_PNG=ON
-DWITH_GNUTLS=ON
-DWITH_OPENSSL=ON
-DZLIB_INCLUDE_DIR=${zlib:location}/include
-DZLIB_LIBRARY=${zlib:location}/lib/libz.so
-DJPEG_LIBRARY=${libjpeg-turbo2:location}/lib/libjpeg.so
-DJPEG_INCLUDE_DIR=${libjpeg-turbo2:location}/include
-DPNG_LIBRARY=${libpng:location}/lib/libpng.so
-DPNG_PNG_INCLUDE_DIR=${libpng:location}/include
-DOPENSSL_INCLUDE_DIR=${openssl:location}/include
-DLZO_INCLUDE_DIR=${lzo:location}/include
-DLZO_LIBRARIES=${lzo:location}/lib/liblzo2.a
-DGNUTLS_LIBRARY=${gnutls:location}/lib/libgnutls.so
-DGNUTLS_INCLUDE_DIR=${gnutls:location}/include
make-options = -C build
environment =
PATH=${cmake:location}/bin:${pkgconfig:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${zlib:location}/lib/pkgconfig:${libpng:location}/lib/pkgconfig:${libjpeg-turbo2:location}/lib/pkgconfig:${openssl:location}/lib/pkgconfig
CPPFLAGS=-I${openssl:location}/include -I${libgcrypt:location}/include -I${libjpeg-turbo2:location}/include -I${gnutls:location}/include -I${lzo:location}/include
LDFLAGS=-L${libgcrypt:location}/lib -Wl,-rpath=${libgcrypt:location}/lib -L${openssl:location}/lib -Wl,-rpath=${openssl:location}/lib -L${libjpeg-turbo2:location}/lib -Wl,-rpath=${libjpeg-turbo2:location}/lib -Wl,-rpath=${libpng:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${gnutls:location}/lib -Wl,-rpath=${gnutls:location}/lib -L${lzo:location}/lib -pthread -ljpeg
[x11vnc]
recipe = slapos.recipe.cmmi
url = https://github.com/LibVNC/x11vnc/archive/0.9.16.tar.gz
md5sum = 64172e8f896389ec963fff93415f0d93
pre-configure =
autoreconf -fiv -I ${libtool:location}/share/aclocal -I ${pkgconfig:location}/share/aclocal -I ${gettext:location}/share/aclocal
configure-options =
--without-crypt
--without-avahi
--without-xinerama
--without-xtrap
--without-xrecord
--without-v4l
--without-fbpm
--without-dpms
environment =
PATH=${autoconf:location}/bin:${automake:location}/bin:${libtool:location}/bin:${pkgconfig:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${openssl:location}/lib/pkgconfig:${libX11:location}/lib/pkgconfig:${xproto:location}/lib/pkgconfig:${libX11:pkg_config_depends}:${libXext:location}/lib/pkgconfig:${xextproto:location}/lib/pkgconfig:${libXtst:location}/lib/pkgconfig:${libvncserver:location}/lib/pkgconfig:${zlib:location}/lib/pkgconfig
CPPFLAGS=-I${openssl:location}/include -I${libX11:location}/include -I${xproto:location}/include -I${xorgproto:location}/include -I${libXi:location}/include -I${libXtst:location}/include -I${libXext:location}/include -I${xextproto:location}/include -I${libvncserver:location}/include -I${zlib:location}/include -I${libXrandr:location}/include -I${xfixes:location}/include -I${xdamage:location}/include -I${libXcomposite:location}/include -I${libXrender:location}/include
LDFLAGS=-L${openssl:location}/lib -Wl,-rpath=${openssl:location}/lib -L${libX11:location}/lib -Wl,-rpath=${libX11:location}/lib -L${xproto:location}/lib -L${xorgproto:location}/lib -L${libXi:location}/lib -L${libXtst:location}/lib -Wl,-rpath=${libXtst:location}/lib -L${libXext:location}/lib -L${xextproto:location}/lib -Wl,-rpath=${libXext:location}/lib -L${libvncserver:location}/lib -Wl,-rpath=${libvncserver:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${libXrandr:location}/lib -Wl,-rpath=${libXrandr:location}/lib -L${xfixes:location}/lib -Wl,-rpath=${xfixes:location}/lib -L${xdamage:location}/lib -Wl,-rpath=${xdamage:location}/lib -L${libXcomposite:location}/lib -Wl,-rpath=${libXcomposite:location}/lib -L${libXrender:location}/lib -Wl,-rpath=${libXrender:location}/lib -Wl,-rpath=${libtirpc:location}/lib -Wl,-rpath=${kerberos:location}/lib
......@@ -5,5 +5,6 @@ parts =
[lzo]
recipe = slapos.recipe.cmmi
url = http://www.oberhumer.com/opensource/lzo/download/lzo-2.09.tar.gz
md5sum = c7ffc9a103afe2d1bba0b015e7aa887f
shared = true
url = https://www.oberhumer.com/opensource/lzo/download/lzo-2.10.tar.gz
md5sum = 39d3f3f9c55c87b1e5d6888e1420f4b5
[buildout]
extends =
../autoconf/buildout.cfg
../automake/buildout.cfg
../flex/buildout.cfg
../bison/buildout.cfg
[matiec]
recipe = slapos.recipe.cmmi
url = https://github.com/beremiz/matiec/archive/${:version}.tar.gz
md5sum = 6ee62c3d523c6154e7d781d98756444f
version = f59f45d5219172dea171d8ff305f28606a9500ff
pre-configure =
${autoconf:location}/bin/autoreconf -i
make-targets =
post-install =
cp -r * %(location)s/
environment =
PATH=${autoconf:location}/bin:${automake:location}/bin:${flex:location}/bin:${bison:location}/bin:%(PATH)s
[Modbus]
recipe = slapos.recipe.cmmi
url = https://hg.beremiz.org/Modbus/archive/e319814f1c17.tar.bz2
md5sum = ad43fdacf223c7861576422eb89c15aa
configure-command = true
make-targets =
post-install =
cp -r *.h libmb.a libmb.so %(location)s/
[buildout]
extends =
../java/buildout.cfg
../java-jdk/buildout.cfg
../cmake/buildout.cfg
../libjpeg/buildout.cfg
parts =
opencv
[java-re]
<= java-re-temurin-11
[ant]
recipe = slapos.recipe.build:download-unpacked
shared = true
url = https://dlcdn.apache.org/ant/binaries/apache-ant-1.9.16-bin.tar.bz2
md5sum = 2a1ef0230e673b6da876a8fc9744b9a1
[opencv]
recipe = slapos.recipe.cmmi
shared = true
url = https://github.com/opencv/opencv/archive/4.3.0.tar.gz
configure-command = cmake
configure-options =
-Bbuild
-DCMAKE_INSTALL_PREFIX=@@LOCATION@@
-DCMAKE_BUILD_TYPE=RELEASE
-DINSTALL_PYTHON_EXAMPLES=OFF
-DINSTALL_C_EXAMPLES=OFF
-DOPENCV_ENABLE_NONFREE=ON
-DPYTHON_EXECUTABLE=${python2.7:location}/bin/python
-DANT_EXECUTABLE=${ant:location}/bin/ant
-DBUILD_SHARED_LIBRARY=OFF
-DBUILD_TESTS=OFF
-DBUILD_PERF_TESTS=OFF
-DBUILD_EXAMPLES=OFF
-DBUILD_JAVA=ON
-DJAVA_AWT_INCLUDE_PATH=${java-jdk:location}/include
-DJAVA_AWT_LIBRARY=${java-jdk:location}/lib/libawt.so
-DJAVA_INCLUDE_PATH=${java-jdk:location}/include
-DJAVA_INCLUDE_PATH2=${java-jdk:location}/include/linux
-DJAVA_JVM_LIBRARY=${java-jdk:location}/include/jni.h
-DWITH_VTK=OFF
-DWITH_FFMPEG=OFF
-DWITH_GTK=OFF
-DPYTHON_LIBRARIES=${python:location}/lib
-DPYTHON_INCLUDE_DIRS=${python:location}/include/python${python:version}
-DZLIB_INCLUDE_DIR=${zlib:location}/include
-DZLIB_LIBRARY=${zlib:location}/lib/libz.so
-DJPEG_LIBRARY=${libjpeg-turbo2:location}/lib/libjpeg.so
-DJPEG_INCLUDE_DIR=${libjpeg-turbo2:location}/include
-DPNG_LIBRARY=${libpng:location}/lib/libpng.so
-DPNG_PNG_INCLUDE_DIR=${libpng:location}/include
make-options = -C build
post-install =
cp build/lib/libopencv_java430.so @@LOCATION@@/lib
cp build/bin/opencv-430.jar @@LOCATION@@/bin
environment =
PATH=${cmake:location}/bin:${pkgconfig:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${zlib:location}/lib/pkgconfig:${libpng:location}/lib/pkgconfig:${libjpeg-turbo2:location}/lib/pkgconfig
JAVA_HOME=${java-jdk:location}
JRE_HOME=${java-re:location}
CPPFLAGS=-I${libjpeg-turbo2:location}/include -I${libpng:location}/include
LDFLAGS=-L${libjpeg-turbo2:location}/lib -Wl,-rpath=${libjpeg-turbo2:location}/lib -Wl,-rpath=${libpng:location}/lib -Wl,-rpath=${zlib:location}/lib -L${zlib:location}/lib -Wl,-rpath=@@LOCATION@@/lib
......@@ -69,5 +69,5 @@ post-install = cd '%(prefix)s' &&
# which would otherwise load the system libmagic.so with ctypes
environment =
PATH=${patch:location}/bin:${xz-utils:location}/bin:%(PATH)s
CPPFLAGS=-I${zlib:location}/include -I${readline:location}/include -I${libexpat:location}/include -I${libffi:location}/include -I${ncurses:location}/include -I${ncurses:location}/include -I${bzip2:location}/include -I${gdbm:location}/include -I${openssl:location}/include -I${sqlite3:location}/include -I${gettext:location}/include
CPPFLAGS=-I${zlib:location}/include -I${readline:location}/include -I${libexpat:location}/include -I${libffi:location}/include -I${ncurses:location}/include -I${ncurses:location}/include -I${bzip2:location}/include -I${gdbm:location}/include -I${openssl:location}/include -I${sqlite3:location}/include -I${gettext:location}/include -fPIC
LDFLAGS=-L${zlib:location}/lib -L${readline:location}/lib -L${libexpat:location}/lib -L${libffi:location}/lib -L${ncurses:location}/lib -L${bzip2:location}/lib -L${gdbm:location}/lib -L${openssl:location}/lib -L${sqlite3:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${readline:location}/lib -Wl,-rpath=${libexpat:location}/lib -Wl,-rpath=${libffi:location}/lib -Wl,-rpath=${ncurses:location}/lib -Wl,-rpath=${bzip2:location}/lib -Wl,-rpath=${gdbm:location}/lib -Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${sqlite3:location}/lib -L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib -Wl,-rpath=${file:location}/lib
[buildout]
extends =
../java/buildout.cfg
../xorg/buildout.cfg
../tesseract/buildout.cfg
parts =
sikuli
[java]
<= java-re-temurin-11
[sikuli-download]
recipe = slapos.recipe.build:download
url = https://launchpad.net/sikuli/sikulix/2.0.5/+download/sikulixide-2.0.5.jar
filename = sikulixide-2.0.5.jar
md5sum = 0795f1e0866ee5a7a84e4c89793ea78c
[sikuli]
recipe = slapos.recipe.template
output = ${buildout:parts-directory}/${:_buildout_section_name_}/sikulix
inline =
#!/bin/sh -e
export JAVA_HOME=${java:location}
export JRE_HOME=${java:location}
export PATH=${java:location}/bin:$PATH
# Sikulix jar file hash some embeded shared libraries (libJXGrabKey.so, libopencv_java430.so)
export LD_LIBRARY_PATH=${tesseract:location}/lib:${libX11:location}/lib:${gcc:prefix}/lib64:${gcc:prefix}/lib:${libxcb:location}/lib:${libXau:location}/lib:${libXdmcp:location}/lib$${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}
exec java -jar ${sikuli-download:location}/${sikuli-download:filename} "$@"
[buildout]
extends =
../pkgconfig/buildout.cfg
../gtk-3/buildout.cfg
../pillow/buildout.cfg
../numpy/buildout.cfg
../wxwidgets/buildout.cfg
parts =
wxPython
[wxpython-eggs]
recipe = zc.recipe.egg
interpreter = wxpython2.7
eggs =
requests
${numpy:egg}
${pillow-python:egg}
[nanosvg]
recipe = slapos.recipe.build:download-unpacked
shared = true
url = https://github.com/wxWidgets/nanosvg/archive/${:version}.tar.gz
version = 9dd92bbfc6f709e889578a724724ffbd42ac3004
md5sum = b9060d6600ebffa4080d1b29c99d1f30
[wxPython-download]
recipe = slapos.recipe.build:download-unpacked
url = https://github.com/wxWidgets/Phoenix/archive/refs/tags/wxPython-4.1.1.tar.gz
md5sum = e72d99cd865c4220b65065079457c6c5
[wxPython]
recipe = slapos.recipe.build
egg = ${:_buildout_section_name_}
source-location = ${wxPython-download:location}
egg-name = ${:egg}-${versions:wxPython}-py${python:version}-linux-x86_64.egg
location = ${buildout:eggs-directory}/${:egg-name}
python-bin = ${buildout:bin-directory}/${wxpython-eggs:interpreter}
ext-path = ${wxWidgets:location}/${wxWidgets:ext-name}
install =
import os, sys
from slapos.recipe.downloadunpacked import unpack_archive
from zc.buildout import easy_install
env = self.environ
workdir = options['source-location']
python_bin = options['python-bin']
dist = os.path.join(workdir, 'dist')
build = os.path.join(workdir, 'build')
doxygen = os.path.join(workdir, 'bin', 'doxygen-1.8.8-linux')
sip = os.path.join(workdir, 'bin', 'sip-4.19.24-linux64')
waf = os.path.join(workdir, 'bin', 'waf-2.0.19')
wxwidget = os.path.join(workdir, 'ext', 'wxWidgets')
wxpython_eggs = self.buildout['wxpython-eggs']
egg_list = easy_install.working_set(wxpython_eggs['eggs'].split(), [
wxpython_eggs['develop-eggs-directory'],
wxpython_eggs['eggs-directory'],
]).entries
egg_list.append(workdir)
env['PYTHONPATH'] = os.pathsep.join(sys.path + egg_list)
self.cleanup_list += build, dist, doxygen, sip, waf, wxwidget
unpack_archive(self, options['ext-path'], wxwidget)
call([python_bin, 'build.py', 'dox', 'etg', '--nodoc', 'sip', 'build', '--use_syswx', '--release',
'--gtk3'], env=env, cwd=workdir)
call([python_bin, 'build.py', 'bdist_egg', '--use_syswx', '--release',
'--gtk3'], env=env, cwd=workdir)
unpack_archive(self, os.path.join(dist, options['egg-name']), location)
call([python_bin, 'build.py', 'clean'], env=env, cwd=workdir)
environment =
PATH=${xz-utils:location}/bin:${pkgconfig:location}/bin:${wxWidgets:location}/bin:%(PATH)s
LDFLAGS=-L${gtk-3:location}/lib -Wl,-rpath=${gtk-3:location}/lib -L${wxWidgets:location}/lib -Wl,-rpath=${wxWidgets:location}/lib
CPPFLAGS=-I${wxWidgets:location}/include/wx-3.0 -I${wxWidgets:location}/lib/wx/include/gtk3-unicode-3.0 -I${gtk-3:location}/include/gtk-3.0 -I${nanosvg:location}/src
PKG_CONFIG_PATH = ${glib:location}/lib/pkgconfig:${gtk-3:location}/lib/pkgconfig:${gtk-3:pkg_config_depends}
[versions]
wxPython = 4.1.1
[buildout]
extends =
../pkgconfig/buildout.cfg
../libpng/buildout.cfg
../zlib/buildout.cfg
../libjpeg/buildout.cfg
../libtiff/buildout.cfg
../gtk-3/buildout.cfg
../glib/buildout.cfg
../libexpat/buildout.cfg
../libepoxy/buildout.cfg
../jbigkit/buildout.cfg
../gettext/buildout.cfg
../freetype/buildout.cfg
../fontconfig/buildout.cfg
../tar/buildout.cfg
../git/buildout.cfg
parts =
wxWidgets
[catch]
recipe = slapos.recipe.build:download-unpacked
shared = true
url = https://github.com/wxWidgets/Catch/archive/${:version}.tar.gz
version = ee4acb6ae6e32a02bc012d197aa82b1ca7a493ab
md5sum = 68b358d05aca88f593d6b479ae30e9a0
[wxWidgets]
recipe = slapos.recipe.cmmi
shared = true
url = https://github.com/wxWidgets/wxWidgets/archive/${:version}.tar.gz
md5sum = ae15c3695aea69507ed392cf9ea2ec03
version = 493cc3571e0308e1a273231daefa8deb7fbc4cf1
ext-name = wxwidgets-ext.tar.xz
pre-configure =
# configure script is looking for catch in 3rdparty/catch
rm -rf 3rdparty/catch && ln -sf ${catch:location} 3rdparty/catch
configure-options =
--enable-ipv6
--enable-rpath
--with-gtk=3
--with-zlib
--with-expat
--with-libpng
--with-libjpeg
--with-libtiff
--with-gtk-prefix=${gtk-3:location}
--with-themes=all
post-install =
# wxPython need docs and interface folders to build, but wxPython build
# script will write and read to docs/out folder. So w'll extract this
# tarball to wxPython/ext/wxWidgets dir.
tar -acf @@LOCATION@@/${:ext-name} docs interface
environment =
PATH=${xz-utils:location}/bin:${tar:location}/bin:${git:location}/bin:${gettext:location}/bin:${gtk-3:location}/bin:${pkgconfig:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${glib:location}/lib/pkgconfig:${gtk-3:location}/lib/pkgconfig:${libtiff:location}/lib/pkgconfig:${gtk-3:pkg_config_depends}
LDFLAGS=-L${gtk-3:location}/lib -Wl,-rpath=${gtk-3:location}/lib -L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib -L${libX11:location}/lib -Wl,-rpath=${libX11:location}/lib -L${libtiff:location}/lib -Wl,-rpath=${libtiff:location}/lib -L${libjpeg-turbo:location}/lib -Wl,-rpath=${libjpeg-turbo:location}/lib -L${libpng:location}/lib -Wl,-rpath=${libpng:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${libexpat:location}/lib -Wl,-rpath=${libexpat:location}/lib -Wl,-rpath=${xz-utils:location}/lib -Wl,-rpath=${jbigkit:location}/lib -L${glib:location}/lib -Wl,-rpath=${glib:location}/lib -L${pango:location}/lib -Wl,-rpath=${pango:location}/lib -L${cairo:location}/lib -Wl,-rpath=${cairo:location}/lib -L${gdk-pixbuf:location}/lib -Wl,-rpath=${gdk-pixbuf:location}/lib -L${atk:location}/lib -Wl,-rpath=${atk:location}/lib -Wl,-rpath=${fontconfig:location}/lib -Wl,-rpath=${freetype:location}/lib -Wl,-rpath=@@LOCATION@@/lib
CPPFLAGS=-I${libexpat:location}/include -I${xz-utils:location}/include -I${zlib:location}/include -I${gettext:location}/include -I${gtk-3:location}/include/gtk-3.0 -I${pango:location}/include/pango-1.0 -I${cairo:location}/include/cairo -I${cairo:location}/include -I${gdk-pixbuf:location}/include/gdk-pixbuf-2.0 -I${atk:location}/include/atk-1.0 -I${glib:location}/include/glib-2.0 -I${glib:location}/include/gio-unix-2.0 -I${glib:location}/lib/glib-2.0/include -I${libjpeg-turbo:location}/include -I${libpng:location}/include -I${libX11:location}/include -I${libtiff:location}/include
......@@ -525,6 +525,19 @@ environment =
PATH=${pkgconfig:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${damageproto:location}/lib/pkgconfig:${xfixes:location}/lib/pkgconfig:${fixesproto:location}/lib/pkgconfig:${xextproto:location}/lib/pkgconfig:${libX11:location}/lib/pkgconfig:${xproto:location}/lib/pkgconfig:${kbproto:location}/lib/pkgconfig:${libxcb:location}/lib/pkgconfig:${xorg-libpthread-stubs:location}/lib/pkgconfig:${libXau:location}/lib/pkgconfig
[xdotool]
recipe = slapos.recipe.cmmi
url = https://github.com/jordansissel/xdotool/releases/download/v3.20211022.1/xdotool-3.20211022.1.tar.gz
md5sum = 9fd993a251a7c38b32381503544b0dd7
configure-command = true
make-options =
PREFIX=@@LOCATION@@
pre-build = mkdir @@LOCATION@@/lib
environment =
PKG_CONFIG_PATH=${libXtst:location}/lib/pkgconfig:${libX11:location}/lib/pkgconfig:${libXinerama:location}/lib/pkgconfig:${libX11:pkg_config_depends}:${libXi:location}/lib/pkgconfig:${libXi:pkg_config_depends}:${libxkbcommon:location}/lib/pkgconfig:${libxkbcommon:pkg_config_depends}:${recordproto:location}/lib/pkgconfig:${xineramaproto:location}/lib/pkgconfig
PATH=${pkgconfig:location}/bin:%(PATH)s
LDFLAGS=-Wl,-rpath=${libX11:location}/lib -Wl,-rpath=${libXi:location}/lib -Wl,-rpath=${libxkbcommon:location}/lib -Wl,-rpath=${libXtst:location}/lib -Wl,-rpath=${libXinerama:location}/lib
[libxmu]
recipe = slapos.recipe.cmmi
shared = true
......
[buildout]
parts =
xterm
extends =
../freetype/buildout.cfg
../ncurses/buildout.cfg
../autoconf/buildout.cfg
../automake/buildout.cfg
../libtool/buildout.cfg
../gettext/buildout.cfg
../pcre/buildout.cfg
../m4/buildout.cfg
../xorg/buildout.cfg
[libXpm]
recipe = slapos.recipe.cmmi
shared = true
url = https://gitlab.freedesktop.org/xorg/lib/libxpm/-/archive/libXpm-3.5.13/libxpm-libXpm-3.5.13.tar.bz2
md5sum = 9d7680f231e24777c2a2d278cac4be16
pre-configure =
${autoconf:location}/bin/autoreconf -i -I ${libtool:location}/share/aclocal -I ${xorg-util-macros:location}/share/aclocal -I${pkgconfig:location}/share/aclocal
environment =
PATH=${gettext:location}/bin:${autoconf:location}/bin:${automake:location}/bin:${libtool:location}/bin:${pkgconfig:location}/bin:%(PATH)s
M4=${m4:location}/bin/m4
PKG_CONFIG_PATH=${libSM:location}/lib/pkgconfig:${libICE:location}/lib/pkgconfig:${libICE:location}/lib/pkgconfig:${xextproto:location}/lib/pkgconfig:${libX11:location}/lib/pkgconfig:${libX11:pkg_config_depends}:${libXext:location}/lib/pkgconfig:${libXt:location}/lib/pkgconfig:${xproto:location}/lib/pkgconfig
[libXaw]
recipe = slapos.recipe.cmmi
shared = true
url = https://gitlab.freedesktop.org/xorg/lib/libxaw/-/archive/libXaw-1.0.14/libxaw-libXaw-1.0.14.tar.bz2
md5sum = a121ce2f9d83c633a0e3f2b74be246d5
pre-configure =
${autoconf:location}/bin/autoreconf -i -I ${libtool:location}/share/aclocal -I ${xorg-util-macros:location}/share/aclocal -I${pkgconfig:location}/share/aclocal
environment =
PATH=${autoconf:location}/bin:${automake:location}/bin:${libtool:location}/bin:${pkgconfig:location}/bin:%(PATH)s
M4=${m4:location}/bin/m4
PKG_CONFIG_PATH=${libX11:location}/lib/pkgconfig:${libX11:pkg_config_depends}:${libXext:location}/lib/pkgconfig:${libXt:location}/lib/pkgconfig:${xproto:location}/lib/pkgconfig:${xextproto:location}/lib/pkgconfig:${libxmu:location}/lib/pkgconfig:${libICE:location}/lib/pkgconfig:${libSM:location}/lib/pkgconfig:${libXpm:location}/lib/pkgconfig
[xterm]
recipe = slapos.recipe.cmmi
url = https://invisible-mirror.net/archives/xterm/xterm-372.tgz
md5sum = 442115b649ec2d11f5664bded595cefe
configure-options =
--with-pcre
--with-freetype-config=${freetype:location}/bin/freetype-config
environment =
PATH=${pkgconfig:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${libSM:location}/lib/pkgconfig:${libICE:location}/lib/pkgconfig:${libICE:location}/lib/pkgconfig:${xextproto:location}/lib/pkgconfig:${libX11:location}/lib/pkgconfig:${libX11:pkg_config_depends}:${libXext:location}/lib/pkgconfig:${libXt:location}/lib/pkgconfig:${xproto:location}/lib/pkgconfig:${libXaw:location}/lib/pkgconfig:${libXpm:location}/lib/pkgconfig:${libxmu:location}/lib/pkgconfig:${pcre:location}/lib/pkgconfig
CFLAGS=-I${ncurses:location}/include -I${libX11:location}/include -I${libXt:location}/include -I${xproto:location}/include -I${libXaw:location}/include -I${libxmu:location}/include
LDFLAGS=-L${ncurses:location}/lib -Wl,-rpath=${ncurses:location}/lib -L${libX11:location}/lib -Wl,-rpath=${libX11:location}/lib -L${libXt:location}/lib -L${libICE:location}/lib -L${libXext:location}/lib -L${libXaw:location} -L${libSM:location}/lib
# THIS IS NOT A BUILDOUT FILE, despite purposedly using a compatible syntax.
# The only allowed lines here are (regexes):
# - "^#" comments, copied verbatim
# - "^[" section beginings, copied verbatim
# - lines containing an "=" sign which must fit in the following categorie.
# - "^\s*filename\s*=\s*path\s*$" where "path" is relative to this file
# Copied verbatim.
# - "^\s*hashtype\s*=.*" where "hashtype" is one of the values supported
# by the re-generation script.
# Re-generated.
# - other lines are copied verbatim
# Substitution (${...:...}), extension ([buildout] extends = ...) and
# section inheritance (< = ...) are NOT supported (but you should really
# not need these here).
[instance]
filename = instance.cfg.in
md5sum = c4079d70ab3268234651bf6c36234b2f
[template-instance-beremiz]
filename = instance-beremiz.cfg.jinja2.in
md5sum = ac05663b9006b7c4c9810a18e1ea4220
[template-instance-beremiz-test]
filename = instance-beremiz-test.cfg.jinja2.in
md5sum = 6049681908c5619d94499a6f4f224045
[template-fluxbox-menu.in]
filename = fluxbox-menu.in
md5sum = 09560314eae0225b6085f8626f1a603a
[begin] (Fluxbox)
[encoding] {UTF-8}
[exec] (Beremiz IDE) { {{ beremiz_bin }} }
[exec] (Terminal) { {{ xterm_bin }} }
[submenu] (Fluxbox menu)
[config] (Configure)
[submenu] (System Styles) {Choose a style...}
[stylesdir] ({{ fluxbox_location }}/share/fluxbox/styles)
[end]
[submenu] (User Styles) {Choose a style...}
[stylesdir] (~/.fluxbox/styles)
[end]
[workspaces] (Workspace List)
[commanddialog] (Fluxbox Command)
[reconfig] (Reload config)
[restart] (Restart)
[exec] (About) {(fluxbox -v; fluxbox -info | sed 1d) | xmessage -file - -center}
[separator]
[exit] (Exit)
[end]
[endencoding]
[end]
[directory]
tests = ${:srv}/tests
[xserver]
display-num = 42
resolution = 1920x1080x24
[wmctrl]
recipe = slapos.cookbook:wrapper
command-line = {{ wmctrl_bin }}
wrapper-path = ${directory:bin}/wmctrl
environment =
XORG_LOCK_DIR=${xserver:lock-dir}
DISPLAY=${xserver:display}
[xdotool]
recipe = slapos.cookbook:wrapper
command-line = {{ xdotool_bin }}
wrapper-path = ${directory:bin}/xdotool
environment =
XORG_LOCK_DIR=${xserver:lock-dir}
DISPLAY=${xserver:display}
[runTestSuite]
env.sh = ${beremiz-env.sh:output}
workdir = {{ nxdtest_dir }}
[beremiz-tests]
recipe = slapos.recipe.template
inline =
#!/bin/sh -e
cd {{ beremiz_location }}/tests
make test_dir=${directory:tests} xserver_command='echo "Using ${xserver:display} on Slapos X Server !";' "$@"
output = ${directory:bin}/beremiztest
[sikulix]
recipe = slapos.cookbook:wrapper
command-line = {{ sikulix_bin }} -v
wrapper-path = ${directory:bin}/sikulix
environment =
JAVA_TOOL_OPTIONS=-Duser.home=${buildout:directory} -Djava.io.tmpdir=${directory:tmp}
[libopencv_java430.so]
recipe = plone.recipe.command
opencv-link = ${buildout:directory}/.Sikulix/SikulixLibs/libopencv_java430.so
# We run sikulix with a random not existing projet so it will initialise all files
# and extract libopencv_java430.so from jar. We can then replace it with slapos
# compiled lib which solves GLIBC issues (version `GLIBC_2.27' not found).
command =
LINK=${:opencv-link}
if [ ! -e "$LINK" ]; then
${sikulix:wrapper-path} -r not_found_for_slapos.sikulix > /dev/null 2>&1 || true
fi
rm -f $LINK
ln -sf {{ opencv_location }}/lib/libopencv_java430.so $LINK
update-command = ${:command}
stop-on-error = true
[buildout]
extends =
{{ instance_nxdtest }}
{{ instance_beremiz }}
parts +=
sikulix
wmctrl
xdotool
beremiz-tests
runTestSuite
libopencv_java430.so
eggs-directory = {{ eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }}
offline = true
{% set part_list = [] -%}
{% set ipv6 = (ipv6 | list)[0] -%}
{% set ipv4 = (ipv4 | list)[0] -%}
[directory]
recipe = slapos.cookbook:mkdirectory
etc = ${buildout:directory}/etc
bin = ${buildout:directory}/bin
srv = ${buildout:directory}/srv
var = ${buildout:directory}/var
tmp = ${buildout:directory}/tmp
log = ${:var}/log
vnc = ${buildout:directory}/.vnc
scripts = ${:etc}/run
services = ${:etc}/service
promise = ${:etc}/promise
ssl = ${:etc}/ssl
auth = ${:tmp}/auth
workdir = ${:srv}/workdir
framebuffer = ${:srv}/framebuffer
fluxbox = ${buildout:directory}/.fluxbox
[gen-certificate]
recipe = plone.recipe.command
command = "{{ openssl_bin }}" req -newkey rsa -batch -new -x509 -days 3650 -nodes -keyout "${:key-file}" -out "${:cert-file}"
stop-on-error = true
cert-file = ${directory:ssl}/beremiz.crt
key-file = ${directory:ssl}/beremiz.key
[novnc-instance]
recipe = slapos.cookbook:novnc
path = ${directory:bin}/novnc
ip = {{ ipv6 }}
port = 6080
vnc-ip = {{ ipv4 }}
vnc-port = ${x11vnc:port}
novnc-location = {{ novnc_location }}
websockify-path = {{ websockify_bin }}
ssl-key-path = ${gen-certificate:key-file}
ssl-cert-path = ${gen-certificate:cert-file}
[websockify-sighandler]
recipe = slapos.cookbook:signalwrapper
wrapper-path = ${directory:bin}/websockify-sighandler
wrapped-path = ${novnc-instance:path}
[websockify-sighandler-service]
recipe = slapos.cookbook:wrapper
command-line = ${websockify-sighandler:wrapper-path}
wrapper-path = ${directory:services}/websockify
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
[novnc-promise]
<= monitor-promise-base
promise = check_socket_listening
name = novnc_promise.py
config-host = ${novnc-instance:ip}
config-port = ${novnc-instance:port}
[x11vnc]
recipe = slapos.cookbook:wrapper
port = 5901
command-line = {{ x11vnc_bin }} -forever -display ${xserver:display} -ncache 10
-noxdamage -rfbport ${:port} -no6 -noipv6 -reopen -o ${directory:log}/x11vnc.log
-usepw -rfbauth ${x11vnc-passwd:passfile} -desktop BeremizVNC
-listen {{ ipv4 }} -xkb
wrapper-path = ${directory:services}/x11vnc
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
environment =
XORG_LOCK_DIR=${directory:run}
wait-for-files =
${xserver:lock-file}
[x11vnc-listen-promise]
<= monitor-promise-base
promise = check_socket_listening
name = x11vnc_listening.py
config-host = {{ ipv4 }}
config-port = ${x11vnc:port}
[random-password]
recipe = slapos.cookbook:generate.password
storage-path = ${directory:etc}/.passwd
bytes = 8
[x11vnc-passwd]
recipe = slapos.recipe.template
passfile = ${directory:vnc}/passwd
inline =
#!/bin/sh -e
if [ -s "${:passfile}" ]; then
echo "Password initialized.";
else
chmod 700 $(dirname ${:passfile});
{{ x11vnc_bin }} -storepasswd ${random-password:passwd} ${:passfile};
fi
output = ${directory:bin}/x11vnc_passwd
mode = 700
[generate-vnc-password]
recipe = plone.recipe.command
stop-on-error = true
command = ${x11vnc-passwd:output}
update-command = ${:command}
# Generate a fonts.conf file.
[font-config]
recipe = slapos.recipe.template:jinja2
url = {{ font_config_tmplt }}
output = ${directory:etc}/fonts.conf
context =
key cachedir :cache-dir
key fonts :fonts
key includes :includes
cache-dir =
${directory:etc}/.fontconfig.cache
fonts =
{{ font_dejavu }}
{{ font_liberation }}
includes =
{{ font_config_loc }}/etc/fonts/conf.d
[xserver]
recipe = slapos.cookbook:wrapper
command-line = {{ xvfb_bin }} ${:display} -screen 0 ${:resolution}x24
-fbdir ${directory:framebuffer}
wrapper-path = ${directory:services}/xserver
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
environment =
XORG_LOCK_DIR=${:lock-dir}
FONTCONFIG_FILE=${font-config:output}
display-num = 0
display = :${:display-num}
resolution = {{ slapparameter_dict.get('screen-resolution', '1280x1024') }}
lock-dir = ${directory:run}
lock-file = ${:lock-dir}/.X${:display-num}-lock
[xserver-promise]
recipe = slapos.cookbook:wrapper
wrapper-path = ${directory:promise}/xserver-is-up
command-line = bash -c "[ -S ${xserver:lock-dir}/.X11-unix/X${xserver:display-num} ]"
[fluxbox-menu]
recipe = slapos.recipe.template:jinja2
url = {{ fluxbox_menu }}
output = ${directory:fluxbox}/menu
context =
key beremiz_bin beremiz-x11:output
key xterm_bin xterm:output
raw fluxbox_location {{ fluxbox_location }}
[fluxbox-toolbar]
recipe = plone.recipe.command
command =
if [ ! -s "${directory:fluxbox}/init" ]; then
echo "session.screen0.toolbar.placement: TopCenter" > ${directory:fluxbox}/init;
fi
[fluxbox-bin]
recipe = slapos.cookbook:wrapper
command-line = {{ fluxbox_location }}/bin/fluxbox -display ${xserver:display}
wrapper-path = ${directory:bin}/fluxbox
environment =
HOME=${buildout:directory}
XORG_LOCK_DIR=${xserver:lock-dir}
FONTCONFIG_FILE=${font-config:output}
LANG=C.UTF-8
LC_ALL=C.UTF-8
depends =
${fluxbox-menu:recipe}
${fluxbox-toolbar:recipe}
[fluxbox]
recipe = slapos.cookbook:wrapper
command-line = ${fluxbox-bin:wrapper-path} -log ${directory:log}/fluxbox.log
wrapper-path = ${directory:services}/fluxbox
[beremiz-env.sh]
recipe = slapos.recipe.template
inline =
export LD_LIBRARY_PATH={{ mesa_location }}/lib
export PATH=${directory:bin}:{{ git_bin_dir }}:{{ autoconf_bin }}:{{ automake_bin }}:{{ matiec_location }}/bin:{{ bison_location }}/bin:{{ flex_location }}/bin:{{ bin_directory }}:{{ gcc_location }}/bin:$PATH
export XDG_DATA_DIR={{ gtk3_location }}/share
export GSETTINGS_SCHEMA_DIR={{ gtk3_location }}/share/glib-2.0/schemas
export FONTCONFIG_FILE=${font-config:output}
export DISPLAY=${xserver:display}
export XORG_LOCK_DIR=${xserver:lock-dir}
export LANG=C.UTF-8
export LC_ALL=C.UTF-8
export BEREMIZPYTHONPATH={{ python_bin }}
output = ${directory:bin}/beremiz-env.sh
[beremiz-x11]
recipe = slapos.recipe.template
inline =
#!/bin/sh -e
. ${beremiz-env.sh:output}
# wait a bit for xserver
sleep 1
exec {{ python_bin }} {{ beremiz_location }}/Beremiz.py
output = ${directory:bin}/beremiz-x11
[xterm]
recipe = slapos.recipe.template
inline =
#!/bin/sh -e
. ${beremiz-env.sh:output}
export SHELL={{bash_bin}}
exec {{ xterm_bin }}
output = ${directory:bin}/xterm
[request-vnc-frontend]
<= slap-connection
recipe = slapos.cookbook:requestoptional
slave = true
config-https-only = True
config-type = websocket
config-url = https://[${novnc-instance:ip}]:${novnc-instance:port}
return = secure_access domain
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
software-type = RootSoftwareInstance
name = Beremiz VNC
[publish-connection-information]
<= monitor-publish
recipe = slapos.cookbook:publish
backend-url = https://[${novnc-instance:ip}]:${novnc-instance:port}/vnc.html?host=[${novnc-instance:ip}]&port=${novnc-instance:port}&encrypt=1
url = ${request-vnc-frontend:connection-secure_access}/vnc.html?host=${request-vnc-frontend:connection-domain}&port=443&encrypt=1
vnc-password = ${random-password:passwd}
[buildout]
extends =
{{ template_logrotate }}
{{ ' ' ~ template_monitor }}
parts =
monitor-base
fluxbox
novnc-promise
xserver-promise
x11vnc-listen-promise
beremiz-x11
websockify-sighandler-service
request-vnc-frontend
generate-vnc-password
publish-connection-information
eggs-directory = {{ eggs_directory }}
develop-eggs-directory = {{ develop_eggs_directory }}
offline = true
[buildout]
parts = switch-softwaretype
eggs-directory = {{ buildout_egg_directory }}
develop-eggs-directory = {{ buildout_develop_directory }}
[switch-softwaretype]
recipe = slapos.cookbook:switch-softwaretype
default = template-{{ instance_template_type }}:output
RootSoftwareInstance = ${:default}
test = template-beremiz-test:output
[slap-configuration]
recipe = slapos.cookbook:slapconfiguration.serialised
computer = ${slap-connection:computer-id}
partition = ${slap-connection:partition-id}
url = ${slap-connection:server-url}
key = ${slap-connection:key-file}
cert = ${slap-connection:cert-file}
[jinja2-template-base]
recipe = slapos.recipe.template:jinja2
output = ${buildout:directory}/${:filename}
extensions = jinja2.ext.do
extra-context =
context =
key develop_eggs_directory buildout:develop-eggs-directory
key buildout_directory buildout:directory
key eggs_directory buildout:eggs-directory
key ipv4 slap-configuration:ipv4
key ipv6 slap-configuration:ipv6
key global_ipv4_prefix network-information:global-ipv4-network
key slapparameter_dict slap-configuration:configuration
key computer_id slap-configuration:computer
raw bin_directory {{ bin_directory }}
raw template_monitor {{ template_monitor_cfg }}
raw template_logrotate {{ logrotate_cfg }}
raw logrotate_cfg {{ logrotate_cfg }}
raw python_bin {{ python_bin }}
${:extra-context}
[template-beremiz]
<= jinja2-template-base
url = {{ template_instance_beremiz }}
filename = instance-beremiz.cfg
extra-context =
raw autoconf_bin {{ autoconf_location }}/bin
raw automake_bin {{ automake_location }}/bin
raw bash_bin {{ bash_location }}/bin/bash
raw beremiz_location {{ beremiz_location }}
raw bison_location {{ bison_location }}
raw flex_location {{ flex_location }}
raw fluxbox_location {{ fluxbox_location }}
raw fluxbox_menu {{ template_fluxbox_menu }}
raw font_config_loc {{ fontconfig_location }}
raw font_config_tmplt {{ template_fonts_conf_target }}
raw font_dejavu {{ font_dejavu }}
raw font_liberation {{ font_liberation }}
raw gcc_location {{ gcc_location }}
raw git_bin_dir {{ git_location }}
raw gtk3_location {{ gtk3_location }}
raw matiec_location {{ matiec_location }}
raw mesa_location {{ mesa_location }}
raw novnc_location {{ novnc_location }}
raw openssl_bin {{ openssl_location }}/bin/openssl
raw websockify_bin {{ bin_directory }}/websockify
raw x11vnc_bin {{ x11vnc_location }}/bin/x11vnc
raw xvfb_bin {{ xserver_location }}/bin/Xvfb
raw xterm_bin {{ xterm_location }}/bin/xterm
[template-beremiz-test]
<= jinja2-template-base
url = {{ template_instance_beremiz_test }}
filename = instance-beremiz-test.cfg
extra-context =
key instance_beremiz template-beremiz:output
raw beremiz_location {{ beremiz_location }}
raw sikulix_bin {{ sikulix_bin }}
raw xvfb_bin {{ xserver_location }}/bin/Xvfb
raw wmctrl_bin {{ wmctrl_location }}/bin/wmctrl
raw instance_nxdtest {{ nxdtest_template }}
raw xdotool_bin {{ xdotool_location }}/bin/xdotool
raw opencv_location {{ opencv_location }}
raw nxdtest_dir {{ buildout_directory }}
[buildout]
extends =
../../stack/slapos.cfg
../../component/autoconf/buildout.cfg
../../component/flex/buildout.cfg
../../component/fonts/buildout.cfg
../../component/noVNC/buildout.cfg
../../component/nginx/buildout.cfg
../../component/lxml-python/buildout.cfg
../../component/numpy/buildout.cfg
../../component/numpy/openblas.cfg
../../component/matplotlib/buildout.cfg
../../component/wxpython/buildout.cfg
../../component/matiec/buildout.cfg
../../component/mesa/buildout.cfg
../../component/libvnc/buildout.cfg
../../component/open62541/buildout.cfg
../../component/sikuli/buildout.cfg
../../component/fluxbox/buildout.cfg
../../component/pygolang/buildout.cfg
../../component/xorg/buildout.cfg
../../component/pytest/buildout.cfg
../../component/opencv/buildout.cfg
../../component/xterm/buildout.cfg
../../stack/monitor/buildout.cfg
../../stack/nxdtest.cfg
./buildout.hash.cfg
parts +=
slapos-cookbook
beremiz-eggs
open62541
Modbus
xterm
instance
[gcc]
# Always build GCC for Fortran (see openblas).
max_version = 0
[python]
# Beremiz works with python2.7 for now, the code is not yet upgraded for python3
part = python2.7
[open62541]
# Beremiz need it to be in folder parts/open62541
# as Beremiz search for open62541 to BEREMIZ_PATH/../open62541
shared = false
post-install =
mkdir -p @@LOCATION@@/build/bin
ln -sf @@LOCATION@@/lib/libopen62541.a @@LOCATION@@/build/bin/libopen62541.a
[twisted]
recipe = zc.recipe.egg:custom
egg = twisted
setup-eggs =
six
pathlib
incremental
[beremiz-eggs]
recipe = zc.recipe.egg
eggs =
${wxPython:egg}
${python-cryptography:egg}
${lxml-python:egg}
${matplotlib:egg}
future
websockify
zeroconf2
enum34
pyro
${twisted:egg}
nevow
autobahn
pycountry
fonttools
${beremiz-setup:egg}
opcua
msgpack
[python-interpreter]
eggs +=
${beremiz-eggs:eggs}
[beremiz]
recipe = slapos.recipe.build:download-unpacked
# download beremiz at revision bc72db1aa49fb5deabc950ed587772d027733a26
url = https://github.com/beremiz/beremiz/archive/bc72db1aa49fb5deabc950ed587772d027733a26.tar.gz
md5sum = 9ae7a55d4f2e673cbc8d2c4528e069b9
[beremiz-setup]
recipe = zc.recipe.egg:develop
egg = beremiz
setup = ${beremiz:location}
[download-template]
recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/${:filename}
[instance]
recipe = slapos.recipe.template:jinja2
output = ${buildout:directory}/instance.cfg
url = ${:_profile_base_location_}/${:filename}
python-bin = ${buildout:bin-directory}/${python-interpreter:interpreter}
type = beremiz
context =
key autoconf_location autoconf:location
key automake_location automake:location
key bash_location bash:location
key beremiz_location beremiz-setup:setup
key bin_directory buildout:bin-directory
key buildout_egg_directory buildout:eggs-directory
key buildout_develop_directory buildout:develop-eggs-directory
key buildout_directory buildout:directory
key template_fluxbox_menu template-fluxbox-menu.in:target
key template_fonts_conf_target template-fonts-conf:output
key template_monitor_cfg monitor2-template:rendered
key template_instance_beremiz template-instance-beremiz:target
key template_instance_beremiz_test template-instance-beremiz-test:target
key template_logrotate template-logrotate-base:rendered
key fontconfig_location fontconfig:location
key font_dejavu dejavu-fonts:location
key font_liberation liberation-fonts:location
key logrotate_cfg template-logrotate-base:rendered
key bison_location bison:location
key flex_location flex:location
key fluxbox_location fluxbox:location
key gcc_location gcc:prefix
key git_location git:location
key gtk3_location gtk-3:location
key instance_template_type :type
key matiec_location matiec:location
key mesa_location mesa:location
key novnc_location noVNC:location
key nxdtest_template nxdtest-instance.cfg:rendered
key python_bin :python-bin
key opencv_location opencv:location
key openssl_location openssl:location
key sikulix_bin sikuli:output
key xdotool_location xdotool:location
key xserver_location xserver:location
key xterm_location xterm:location
key x11vnc_location x11vnc:location
key wmctrl_location wmctrl:location
[template-instance-beremiz]
<= download-template
output = ${buildout:directory}/instance-beremiz.cfg.jinja2
[template-instance-beremiz-test]
<= download-template
output = ${buildout:directory}/instance-beremiz-test.cfg.jinja2
[template-fluxbox-menu.in]
<= download-template
output = ${buildout:directory}/fluxbox-menu.in
[versions]
Pillow = 6.2.2
matplotlib = 2.2.5
kiwisolver = 1.1.0
cycler = 0.10.0
websockify = 0.9.0
Pyro = 3.16
zeroconf2 = 0.19.2
cython = 0.29.24
sphinx = 1.8.5
doc2dash = 2.3.0
Twisted = 20.3.0
autobahn = 19.11.2
attrs = 19.2.0
Automat = 0.3.0
zope.interface = 4.4.2
Nevow = 0.14.5
PyHamcrest = 2.0.3
constantly = 15.1.0
hyperlink = 21.0.0
incremental = 21.3.0
future = 0.18.2
pycountry = 18.12.8
fonttools = 3.44.0
idna = 2.10
PyHamcrest = 2.0.2
txaio = 18.8.1
characteristic = 14.3.0
typing = 3.10.0.0
ifcfg = 0.22
opcua = 0.98.13
futures = 3.3.0
trollius = 2.2.1
pathlib = 1.0.1
ddt = 1.4.4
[buildout]
extends =
software.cfg
../../component/git/buildout.cfg
../../component/pytest/buildout.cfg
[beremiz-repository]
recipe = slapos.recipe.build:gitclone
repository = https://github.com/beremiz/beremiz
branch = wxPython4
location = ${buildout:parts-directory}/beremiz
git-executable = ${git:location}/bin/git
[beremiz-setup]
setup = ${beremiz-repository:location}
depends =
${beremiz-gen-nxdtest:recipe}
[ddt]
recipe = zc.recipe.egg:custom
egg = ddt
setup-eggs =
enum34
[python-interpreter]
eggs +=
${pytest:eggs}
pytest-timeout
${ddt:egg}
[instance]
type = beremiz-test
[gen-nxdtest.sh]
recipe = slapos.recipe.template
output = ${buildout:parts-directory}/gennxdtest.sh
nxdtest = ${buildout:directory}/.nxdtest
inline =
#!/bin/sh -e
cd ${beremiz-repository:location}/tests/ide_tests/
testlist=$(ls -d *.sikuli)
rm -f ${:nxdtest}
for test in $testlist; do
if [ -z "$test" ]; then
continue;
fi
# beremiztest script is generated by the instance (call make test_dir=xxx xserver_command=xxx)
cat <<EOF >> ${:nxdtest}
TestCase(
"$test",
['beremiztest', '$test'],
cwd="""${beremiz-repository:location}/tests""",
summaryf=UnitTest.summary,
)
EOF
done
[beremiz-gen-nxdtest]
recipe = plone.recipe.command
command = ${gen-nxdtest.sh:output}
update-command = ${:command}
Beremiz IDE tests Software Release
##############################################################################
#
# Copyright (c) 2022 Nexedi SA and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
from setuptools import setup, find_packages
version = '0.0.1.dev0'
name = 'slapos.test.beremiz_ide'
with open("README.md") as f:
long_description = f.read()
setup(name=name,
version=version,
description="Beremiz IDE test",
long_description=long_description,
long_description_content_type='text/markdown',
maintainer="Nexedi",
maintainer_email="info@nexedi.com",
url="https://lab.nexedi.com/nexedi/slapos",
packages=find_packages(),
install_requires=[
'slapos.core',
'slapos.libnetworkcache',
'requests',
],
zip_safe=True,
test_suite='test',
)
##############################################################################
#
# Copyright (c) 2019 Nexedi SA and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
from __future__ import unicode_literals
import os
import requests
from slapos.testing.testcase import makeModuleSetUpAndTestCaseClass
setUpModule, SlapOSInstanceTestCase = makeModuleSetUpAndTestCaseClass(
os.path.abspath(
os.path.join(os.path.dirname(__file__), '../software.cfg')))
class TestBeremizInstance(SlapOSInstanceTestCase):
__partition_reference__ = 'B'
@classmethod
def getInstanceSoftwareType(cls):
return 'default'
def setUp(self):
self.connection_parameters = self.computer_partition.getConnectionParameterDict()
def test_url_get(self):
resp = requests.get(self.connection_parameters['backend-url'], verify=False)
self.assertEqual(requests.codes.ok, resp.status_code)
......@@ -25,7 +25,7 @@ eggs =
<= go-git-package
go.importpath = lab.nexedi.com/nexedi/galene
repository = https://lab.nexedi.com/nexedi/galene.git
revision = galene-0.5
revision = 6669a93ae39ad83b8b3a222dd8210dfef8a7ed02
[gowork]
install =
......
......@@ -498,9 +498,9 @@
},
{
"const": [
"https://shacache.nxdcdn.com/d82b0510fd919c2a851ee93ea0f7ad6779bfa597297a5c7463b63746799f001321ec4c9b8ba6cfe20248dd2da28100ad3b78e74489a8c0c573238f226a509a9d#9d7b9cc850464d60ac174787c53e8f3f"
"https://shacache.nxdcdn.com/bc469019b9057073d36ff8f5402c95ff0a0363657358336dc9a05fc6af66276229aa727ec46cf17b84d308f44b825de7f24ea1a256062a14e0f605cd70bae02f#2dcf188877075d7b58ca46e27ca31bb9"
],
"title": "Debian Buster 10.11 netinst x86_64"
"title": "Debian Buster 10.12 netinst x86_64"
},
{
"const": [
......
{
"type": "object",
"$schema": "http://json-schema.org/draft-04/schema",
"title": "Input Parameters",
"properties": {
"kvm-partition-dict": {
"title": "kvm instances definition",
"description": "kvm instances definition",
"patternProperties": {
".*": {
"properties": {
"state": {
"title": "State of this Virtual Machine",
"description": "Define if SlapOS should start or stop this VM.",
"type": "string",
"default": "started",
"enum": [
"started",
"stopped"
]
},
"boot-image-url-select": {
"title": "Boot image",
"type": "array",
"oneOf": [
{
"const": [
"https://shacache.nxdcdn.com/0a6aee1d9aafc1ed095105c052f9fdd65ed00ea9274188c9cd0072c8e6838ab40e246d45a1e6956d74ef1b04a1fc042151762f25412e9ff0cbf49418eef7992e#a3ebc76aec372808ad80000108a2593a"
],
"title": "Debian Buster 10.5 netinst x86_64"
},
{
"const": [
"https://shacache.nxdcdn.com/ce5ddfdbdaccdf929b7fe321212356347d82a02f6b7733427282b416f113d91e587682b003e9d376ac189c3b731595c50c236962aadf2720c16d9f36913577c0#23bf2a2d60271e553e63525e794415f1"
],
"title": "Centos 8.2004 Minimal x86_64"
},
{
"const": [
"https://shacache.nxdcdn.com/302c990c6d69575ff24c96566e5c7e26bf36908abb0cd546e22687c46fb07bf8dba595bf77a9d4fd9ab63e75c0437c133f35462fd41ea77f6f616140cd0e5e6a#f3a306f40e4a313fb5a584d73b3dee8f"
],
"title": "Ubuntu Focal 20.04.1 Live Server x86_64"
},
{
"const": [
"https://shacache.nxdcdn.com/6635269a7eb6fbd6b85fda40cd94f14a27bf53cb1fc82ffcce9fe386a025a43e1ab681db7e8cec50416bfbfc90262f0d95273686a101c74b3f17646f0a34c85b#3708a59af6cf820a95cafe0ae73ac399"
],
"title": "openSUSE Leap 15.2 NET x86_64"
},
{
"const": [
"https://shacache.nxdcdn.com/fc17e8c6ae0790162f4beb8fa6226d945cff638429588999b3a08493ff27b280dc2939fba825ae04be1d9082ea8d7c3c002c5e4c39fbbcf88b8ab5104619e28a#ebcdb2223a77f098af3923fe1fa180aa"
],
"title": "Arch Linux 2020.09.01 x86_64"
},
{
"const": [
"https://shacache.nxdcdn.com/c5a511f349a1146b615e6fab9c24f9be4362046adcf24f0ff82c470d361fac5f6628895e2110ebf8ff87db49d4c413a0a332699da6b1bec64275e0c17a15b999#ca7a1e555c04b4d9a549065fa2ddf713"
],
"title": "Fedora Server 32-1.6 netinst x86_64"
},
{
"const": [
"https://shacache.nxdcdn.com/6c355def68b3c0427f21598cb054ffc893568902f205601ac60f192854769b31bc9cff8eeb6ce99ef975a8fb887d8d3e56fc6cd5ea5cb4b3bba1175c520047cb#57088b77f795ca44b00971e44782ee23"
],
"title": "FreeBSD 12.1 RELEASE bootonly x86_64"
}
]
},
"whitelist-domains": {
"title": "Whitelist domains",
"description": "List of whitelisted domain names to be accessed from the VM. They will be resolved to IPs depending on where the VM end up. IPs can be used too.",
"type": "string",
"textarea": true
}
},
"type": "object"
}
},
"type": "object"
}
}
}
......@@ -355,9 +355,9 @@
"oneOf": [
{
"const": [
"https://shacache.nxdcdn.com/0a6aee1d9aafc1ed095105c052f9fdd65ed00ea9274188c9cd0072c8e6838ab40e246d45a1e6956d74ef1b04a1fc042151762f25412e9ff0cbf49418eef7992e#a3ebc76aec372808ad80000108a2593a"
"https://shacache.nxdcdn.com/bc469019b9057073d36ff8f5402c95ff0a0363657358336dc9a05fc6af66276229aa727ec46cf17b84d308f44b825de7f24ea1a256062a14e0f605cd70bae02f#2dcf188877075d7b58ca46e27ca31bb9"
],
"title": "Debian Buster 10.5 netinst x86_64"
"title": "Debian Buster 10.12 netinst x86_64"
},
{
"const": [
......
......@@ -25,15 +25,6 @@
"response": "instance-kvm-output-schema.json",
"index": 2
},
"kvm-cluster-simplified": {
"title": "Basic Cluster",
"description": "Simplified Schema for Cluster KVM",
"software-type": "kvm-cluster",
"serialisation": "json-in-xml",
"request": "instance-kvm-cluster-simplified-input-schema.json",
"response": "instance-kvm-output-schema.json",
"index": 3
},
"nbd": {
"title": "NBD Server",
"description": "Simple NBD server where you can upload one image. This is a one-time server. Create another server if you want to change the image.",
......
......@@ -226,6 +226,11 @@ setup = ${slapos-repository:location}/software/caucase/test/
egg = slapos.test.erp5testnode
setup = ${slapos-repository:location}/software/erp5testnode/test/
[slapos.test.beremiz-ide-setup]
<= setup-develop-egg
egg = slapos.test.beremiz_ide
setup = ${slapos-repository:location}/software/beremiz-ide/test/
[slapos.core-repository]
<= git-clone-repository
repository = https://lab.nexedi.com/nexedi/slapos.core.git
......@@ -289,6 +294,7 @@ extra-eggs =
${slapos.test.erp5testnode-setup:egg}
${slapos.test.hugo-setup:egg}
${slapos.test.matomo-setup:egg}
${slapos.test.beremiz-ide-setup:egg}
# We don't name this interpreter `python`, so that when we run slapos node
# software, installation scripts running `python` use a python without any
......@@ -374,6 +380,7 @@ extra =
html5as ${slapos.test.html5as-setup:setup}
html5as-base ${slapos.test.html5as-base-setup:setup}
erp5testnode ${slapos.test.erp5testnode-setup:setup}
beremiz-ide ${slapos.test.beremiz-ide-setup:setup}
[versions]
# slapos.core is used from the clone always
......
......@@ -42,7 +42,7 @@ md5sum = a042e52e0594ec0486cff7dc896cb6ce
[template_httpd_conf]
filename = httpd_conf.in
md5sum = 1d983937ad0909b3ef4d35d190645635
md5sum = 35f5f5c6e183af6064398c88fa85de59
[template_launcher]
filename = launcher.in
......
......@@ -16,7 +16,6 @@ LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule mime_module modules/mod_mime.so
#LoadModule cgid_module modules/mod_cgid.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule alias_module modules/mod_alias.so
LoadModule env_module modules/mod_env.so
......@@ -29,7 +28,6 @@ LoadModule cache_module modules/mod_cache.so
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule dir_module modules/mod_dir.so
LoadModule cgid_module modules/mod_cgid.so
LoadModule autoindex_module modules/mod_autoindex.so
ErrorLog "{{ parameters.path_error_log }}"
......
......@@ -58,6 +58,7 @@ extends =
../../component/perl-Image-ExifTool/buildout.cfg
../../component/wendelin.core/buildout.cfg
../../component/jupyter-py2/buildout.cfg
../../component/pygolang/buildout.cfg
../../stack/caucase/buildout.cfg
../../software/neoppod/software-common.cfg
# keep neoppod extends last
......@@ -72,7 +73,7 @@ parts +=
# Buildoutish
eggs-all-scripts
testrunner
test_suite_runner
test-suite-runner
# get git repositories
genbt5list
......@@ -204,7 +205,7 @@ context =
key site_zcml site-zcml:target
key sixtunnel_location 6tunnel:location
key template_run_zelenium template-run-zelenium:target
key egg_interpreter eggs:interpreter
key egg_interpreter erp5-python-interpreter:interpreter
key template_apache_conf template-apache-backend-conf:target
key template_balancer template-balancer:target
key template_erp5 template-erp5:target
......@@ -369,7 +370,7 @@ initialization =
for x in os.getenv('INSERT_PRODUCTS_PATH', '').split(os.pathsep)), [])
os.environ['PATH'] = '${jsl:location}/bin:%s' % os.environ['PATH']
[test_suite_runner]
[test-suite-runner]
# XXX: Workaround for fact ERP5Type is not an distribution and does not
# expose entry point for test runner
recipe = zc.recipe.egg
......@@ -387,6 +388,13 @@ initialization =
repository_id_list = list(reversed('''${erp5_repository_list:repository_id_list}'''.split()))
sys.path[0:0] = ['/'.join(['''${buildout:parts-directory}''', x]) for x in repository_id_list]
[erp5-python-interpreter]
<= python-interpreter
# a python interpreter with all eggs available, usable for the software release but also
# for external tools (such as python extension in theia).
eggs += ${eggs:eggs}
extra-paths += ${eggs:extra-paths}
[zope-product-with-eggtestinfo]
recipe = zc.recipe.egg:custom
setup-eggs =
......@@ -586,10 +594,6 @@ eggs = ${neoppod:eggs}
# Python3
${my2to3-dev:egg}
# parameterizing the version of the generated python interpreter name by the
# python section version causes dependency between this egg section and the
# installation of python, which we don't want on an instance
interpreter = ${buildout:python}
entry-points =
runwsgi=Products.ERP5.bin.zopewsgi:runwsgi
scripts =
......@@ -813,7 +817,7 @@ jsonpointer = 2.2
# WIP Zope 4 ⚠
zope.interface = 5.2.0
zope.interface = 5.2.0
ZConfig = 3.5.0
Products.CMFCore = 2.5.4
Products.StandardCacheManagers = 4.1.0
......
......@@ -18,7 +18,7 @@ md5sum = 1d3aba1ba770ad3fcc2ab6c0b9266409
[pbsready-import]
filename = pbsready-import.cfg.in
md5sum = a8c9821951425bedbdea30a870fb5138
md5sum = a211e1a7e97ced47b8f011af806b351f
[pbsready-export]
filename = pbsready-export.cfg.in
......
......@@ -133,7 +133,7 @@ input = inline:
LoadModule mime_module modules/mod_mime.so
LoadModule cgid_module modules/mod_cgid.so
LoadModule dir_module modules/mod_dir.so
ScriptSock $${:cgid-pid-file}
ScriptSock $${:cgid-sock-file}
<Directory $${:document-root}>
# XXX: security????
Options +ExecCGI
......@@ -147,7 +147,7 @@ listening-ip = $${slap-network-information:global-ipv6}
listening-port = 9263
htdocs = $${directory:cgi-bin}
pid-file = $${directory:run}/resilient-web-takeover-httpd.pid
cgid-pid-file = $${directory:run}/resilient-web-takeover-httpd-cgid.pid
cgid-sock-file = $${directory:run}/resilient-web-takeover-httpd-cgid.sock
document-root = $${directory:cgi-bin}
error-log = $${directory:log}/resilient-web-takeover-httpd-error-log
......
......@@ -190,7 +190,7 @@ setuptools-dso = 1.7
rubygemsrecipe = 0.4.3
six = 1.12.0
slapos.cookbook = 1.0.237
slapos.core = 1.7.5
slapos.core = 1.7.6
slapos.extension.strip = 0.4
slapos.extension.shared = 1.0
slapos.libnetworkcache = 0.25
......@@ -228,7 +228,7 @@ feedparser = 5.2.1
functools32 = 3.2.3.post2
attrs = 18.2.0
pyrsistent = 0.16.1
pytest-runner = 5.2.0:whl
pytest-runner = 5.2:whl
ipaddress = 1.0.23
jsonschema = 3.0.2:whl
lockfile = 0.12.2:whl
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment