CVS commit: pkgsrc/graphics/tiff

["Nia Alarie" <nia%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   nia
Date:           Fri Mar 25 08:36:37 UTC 2022

Modified Files:
        pkgsrc/graphics/tiff: Makefile distinfo
Added Files:
        pkgsrc/graphics/tiff/patches: patch-CVE-2022-0561 patch-CVE-2022-22844

Log Message:
tiff: apply fixes for CVE-2022-22844 CVE-2022-0561 CVE-2022-0562

This is tiff-4.3.0nb1.


To generate a diff of this commit:
cvs rdiff -u -r1.150 -r1.151 pkgsrc/graphics/tiff/Makefile
cvs rdiff -u -r1.100 -r1.101 pkgsrc/graphics/tiff/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/graphics/tiff/patches/patch-CVE-2022-0561 \
    pkgsrc/graphics/tiff/patches/patch-CVE-2022-22844

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/graphics/tiff/Makefile
diff -u pkgsrc/graphics/tiff/Makefile:1.150 pkgsrc/graphics/tiff/Makefile:1.151
--- pkgsrc/graphics/tiff/Makefile:1.150 Mon Jun 14 20:45:03 2021
+++ pkgsrc/graphics/tiff/Makefile       Fri Mar 25 08:36:37 2022
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.150 2021/06/14 20:45:03 schmonz Exp $
+# $NetBSD: Makefile,v 1.151 2022/03/25 08:36:37 nia Exp $
 
 DISTNAME=      tiff-4.3.0
+PKGREVISION=   1
 CATEGORIES=    graphics
 MASTER_SITES=  https://download.osgeo.org/libtiff/
 

Index: pkgsrc/graphics/tiff/distinfo
diff -u pkgsrc/graphics/tiff/distinfo:1.100 pkgsrc/graphics/tiff/distinfo:1.101
--- pkgsrc/graphics/tiff/distinfo:1.100 Tue Oct 26 10:47:21 2021
+++ pkgsrc/graphics/tiff/distinfo       Fri Mar 25 08:36:37 2022
@@ -1,6 +1,8 @@
-$NetBSD: distinfo,v 1.100 2021/10/26 10:47:21 nia Exp $
+$NetBSD: distinfo,v 1.101 2022/03/25 08:36:37 nia Exp $
 
 BLAKE2s (tiff-4.3.0.tar.gz) = 28ba59df6d3d7a967dc168645bfc78f047ac8f7f548050abbbd0560f9dd21c75
 SHA512 (tiff-4.3.0.tar.gz) = e04a4a6c542e58a174c1e9516af3908acf1d3d3e1096648c5514f4963f73e7af27387a76b0fbabe43cf867a18874088f963796a7cd6e45deb998692e3e235493
 Size (tiff-4.3.0.tar.gz) = 2808254 bytes
+SHA1 (patch-CVE-2022-0561) = ceb02d9fb6a897a50d65fd3f46ab527ea84562a4
+SHA1 (patch-CVE-2022-22844) = 268d67ea1a24c6078006c37bf5c56b00a6a0183f
 SHA1 (patch-Makefile.in) = de93f4a2cea4bffc117482fdc6875adfb9aa67e0

Added files:

Index: pkgsrc/graphics/tiff/patches/patch-CVE-2022-0561
diff -u /dev/null pkgsrc/graphics/tiff/patches/patch-CVE-2022-0561:1.1
--- /dev/null   Fri Mar 25 08:36:37 2022
+++ pkgsrc/graphics/tiff/patches/patch-CVE-2022-0561    Fri Mar 25 08:36:37 2022
@@ -0,0 +1,30 @@
+$NetBSD: patch-CVE-2022-0561,v 1.1 2022/03/25 08:36:37 nia Exp $
+
+https://gitlab.com/libtiff/libtiff/-/issues/362
+
+This fixes CVE-2022-0561 and CVE-2022-0562.
+
+--- libtiff/tif_dirread.c.orig 2021-03-07 18:37:25.000000000 +0000
++++ libtiff/tif_dirread.c
+@@ -4173,7 +4173,8 @@ TIFFReadDirectory(TIFF* tif)
+                     goto bad;
+                 }
+ 
+-                memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16_t));
++                if (old_extrasamples > 0)
++                    memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16_t));
+                 _TIFFsetShortArray(&tif->tif_dir.td_sampleinfo, new_sampleinfo, tif->tif_dir.td_extrasamples);
+                 _TIFFfree(new_sampleinfo);
+         }
+@@ -5765,8 +5766,9 @@ TIFFFetchStripThing(TIFF* tif, TIFFDirEn
+                       _TIFFfree(data);
+                       return(0);
+               }
+-                _TIFFmemcpy(resizeddata,data, (uint32_t)dir->tdir_count * sizeof(uint64_t));
+-                _TIFFmemset(resizeddata+(uint32_t)dir->tdir_count, 0, (nstrips - (uint32_t)dir->tdir_count) * sizeof(uint64_t));
++              if( dir->tdir_count )
++                      _TIFFmemcpy(resizeddata,data, (uint32_t)dir->tdir_count * sizeof(uint64_t));
++              _TIFFmemset(resizeddata+(uint32_t)dir->tdir_count, 0, (nstrips - (uint32_t)dir->tdir_count) * sizeof(uint64_t));
+               _TIFFfree(data);
+               data=resizeddata;
+       }
Index: pkgsrc/graphics/tiff/patches/patch-CVE-2022-22844
diff -u /dev/null pkgsrc/graphics/tiff/patches/patch-CVE-2022-22844:1.1
--- /dev/null   Fri Mar 25 08:36:37 2022
+++ pkgsrc/graphics/tiff/patches/patch-CVE-2022-22844   Fri Mar 25 08:36:37 2022
@@ -0,0 +1,31 @@
+$NetBSD: patch-CVE-2022-22844,v 1.1 2022/03/25 08:36:37 nia Exp $
+
+https://gitlab.com/libtiff/libtiff/-/issues/355
+
+This fixes CVE-2022-22844.
+
+--- tools/tiffset.c.orig       2021-03-07 11:39:11.000000000 +0000
++++ tools/tiffset.c
+@@ -146,9 +146,19 @@ main(int argc, char* argv[])
+ 
+             arg_index++;
+             if (TIFFFieldDataType(fip) == TIFF_ASCII) {
+-                if (TIFFSetField(tiff, TIFFFieldTag(fip), argv[arg_index]) != 1)
+-                    fprintf( stderr, "Failed to set %s=%s\n",
+-                             TIFFFieldName(fip), argv[arg_index] );
++                if(TIFFFieldPassCount( fip )) {
++                    size_t len;
++                    len = strlen(argv[arg_index]) + 1;
++                    if (len > UINT16_MAX || TIFFSetField(tiff, TIFFFieldTag(fip),
++                            (uint16_t)len, argv[arg_index]) != 1)
++                        fprintf( stderr, "Failed to set %s=%s\n",
++                            TIFFFieldName(fip), argv[arg_index] );
++                } else {
++                    if (TIFFSetField(tiff, TIFFFieldTag(fip),
++                            argv[arg_index]) != 1)
++                        fprintf( stderr, "Failed to set %s=%s\n",
++                            TIFFFieldName(fip), argv[arg_index] );
++                }
+             } else if (TIFFFieldWriteCount(fip) > 0
+                      || TIFFFieldWriteCount(fip) == TIFF_VARIABLE) {
+                 int     ret = 1;