pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/graphics/tiff fix CVE-2014-8128, CVE-2016-5318, CVE-20...
details: https://anonhg.NetBSD.org/pkgsrc/rev/5001d929fb89
branches: trunk
changeset: 364102:5001d929fb89
user: tez <tez%pkgsrc.org@localhost>
date: Wed Jun 21 01:08:33 2017 +0000
description:
fix CVE-2014-8128, CVE-2016-5318, CVE-2015-7554 & CVE-2016-10095
per http://bugzilla.maptools.org/show_bug.cgi?id=2580
also CVE-2017-9147
(http://bugzilla.maptools.org/show_bug.cgi?id=2693)
diffstat:
graphics/tiff/Makefile | 3 +-
graphics/tiff/distinfo | 5 +-
graphics/tiff/patches/patch-libtiff_tif_dir.h | 31 +++++
graphics/tiff/patches/patch-libtiff_tif_dirinfo.c | 133 ++++++++++++++++++++++
graphics/tiff/patches/patch-libtiff_tif_dirread.c | 34 +++++
5 files changed, 204 insertions(+), 2 deletions(-)
diffs (237 lines):
diff -r 37b2bf5407ec -r 5001d929fb89 graphics/tiff/Makefile
--- a/graphics/tiff/Makefile Wed Jun 21 00:25:05 2017 +0000
+++ b/graphics/tiff/Makefile Wed Jun 21 01:08:33 2017 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.136 2017/05/29 13:44:05 he Exp $
+# $NetBSD: Makefile,v 1.137 2017/06/21 01:08:33 tez Exp $
DISTNAME= tiff-4.0.8
+PKGREVISION= 1
CATEGORIES= graphics
MASTER_SITES= ftp://download.osgeo.org/libtiff/
diff -r 37b2bf5407ec -r 5001d929fb89 graphics/tiff/distinfo
--- a/graphics/tiff/distinfo Wed Jun 21 00:25:05 2017 +0000
+++ b/graphics/tiff/distinfo Wed Jun 21 01:08:33 2017 +0000
@@ -1,7 +1,10 @@
-$NetBSD: distinfo,v 1.82 2017/05/29 13:44:05 he Exp $
+$NetBSD: distinfo,v 1.83 2017/06/21 01:08:33 tez Exp $
SHA1 (tiff-4.0.8.tar.gz) = 88717c97480a7976c94d23b6d9ed4ac74715267f
RMD160 (tiff-4.0.8.tar.gz) = 0d8bc26c98035810c73b8f876f76dc48efba7da8
SHA512 (tiff-4.0.8.tar.gz) = 5d010ec4ce37aca733f7ab7db9f432987b0cd21664bd9d99452a146833c40f0d1e7309d1870b0395e947964134d5cfeb1366181e761fe353ad585803ff3d6be6
Size (tiff-4.0.8.tar.gz) = 2065574 bytes
SHA1 (patch-configure) = a0032133f06b6ac92bbf52349fabe83f74ea14a6
+SHA1 (patch-libtiff_tif_dir.h) = f4790fc1a671d1404974e0fa99b36e77653f3b87
+SHA1 (patch-libtiff_tif_dirinfo.c) = 9acbc2912ff9e1636d94dfdfe6f0b3d593eed95a
+SHA1 (patch-libtiff_tif_dirread.c) = 87176772a12c1eb4d0ff801ad9d4e7f368c64c44
diff -r 37b2bf5407ec -r 5001d929fb89 graphics/tiff/patches/patch-libtiff_tif_dir.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/tiff/patches/patch-libtiff_tif_dir.h Wed Jun 21 01:08:33 2017 +0000
@@ -0,0 +1,31 @@
+$NetBSD: patch-libtiff_tif_dir.h,v 1.1 2017/06/21 01:08:33 tez Exp $
+
+fix CVE-2014-8128, CVE-2016-5318, CVE-2015-7554 & CVE-2016-10095
+per http://bugzilla.maptools.org/show_bug.cgi?id=2580
+
+also CVE-2017-9147
+(http://bugzilla.maptools.org/show_bug.cgi?id=2693)
+
+
+Index: tif_dir.h
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.h,v
+retrieving revision 1.54
+retrieving revision 1.55
+diff -w -u -b -r1.54 -r1.55
+--- libtiff/tif_dir.h.orig 18 Feb 2011 20:53:05 -0000 1.54
++++ libtiff/tif_dir.h 1 Jun 2017 12:44:04 -0000 1.55
+@@ -1,4 +1,4 @@
+-/* $Id: patch-libtiff_tif_dir.h,v 1.1 2017/06/21 01:08:33 tez Exp $ */
++/* $Id: patch-libtiff_tif_dir.h,v 1.1 2017/06/21 01:08:33 tez Exp $ */
+
+ /*
+ * Copyright (c) 1988-1997 Sam Leffler
+@@ -291,6 +291,7 @@
+ extern int _TIFFMergeFields(TIFF*, const TIFFField[], uint32);
+ extern const TIFFField* _TIFFFindOrRegisterField(TIFF *, uint32, TIFFDataType);
+ extern TIFFField* _TIFFCreateAnonField(TIFF *, uint32, TIFFDataType);
++extern int _TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag);
+
+ #if defined(__cplusplus)
+ }
diff -r 37b2bf5407ec -r 5001d929fb89 graphics/tiff/patches/patch-libtiff_tif_dirinfo.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/tiff/patches/patch-libtiff_tif_dirinfo.c Wed Jun 21 01:08:33 2017 +0000
@@ -0,0 +1,133 @@
+$NetBSD: patch-libtiff_tif_dirinfo.c,v 1.1 2017/06/21 01:08:33 tez Exp $
+
+fix CVE-2014-8128, CVE-2016-5318, CVE-2015-7554 & CVE-2016-10095
+per http://bugzilla.maptools.org/show_bug.cgi?id=2580
+
+also CVE-2017-9147
+(http://bugzilla.maptools.org/show_bug.cgi?id=2693)
+
+
+Index: tif_dirinfo.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirinfo.c,v
+retrieving revision 1.126
+retrieving revision 1.127
+diff -w -u -b -r1.126 -r1.127
+--- libtiff/tif_dirinfo.c.orig 18 Nov 2016 02:52:13 -0000 1.126
++++ libtiff/tif_dirinfo.c 1 Jun 2017 12:44:04 -0000 1.127
+@@ -1,4 +1,4 @@
+-/* $Id: patch-libtiff_tif_dirinfo.c,v 1.1 2017/06/21 01:08:33 tez Exp $ */
++/* $Id: patch-libtiff_tif_dirinfo.c,v 1.1 2017/06/21 01:08:33 tez Exp $ */
+
+ /*
+ * Copyright (c) 1988-1997 Sam Leffler
+@@ -956,6 +956,109 @@
+ return 0;
+ }
+
++int
++_TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag)
++{
++ /* Filter out non-codec specific tags */
++ switch (tag) {
++ /* Shared tags */
++ case TIFFTAG_PREDICTOR:
++ /* JPEG tags */
++ case TIFFTAG_JPEGTABLES:
++ /* OJPEG tags */
++ case TIFFTAG_JPEGIFOFFSET:
++ case TIFFTAG_JPEGIFBYTECOUNT:
++ case TIFFTAG_JPEGQTABLES:
++ case TIFFTAG_JPEGDCTABLES:
++ case TIFFTAG_JPEGACTABLES:
++ case TIFFTAG_JPEGPROC:
++ case TIFFTAG_JPEGRESTARTINTERVAL:
++ /* CCITT* */
++ case TIFFTAG_BADFAXLINES:
++ case TIFFTAG_CLEANFAXDATA:
++ case TIFFTAG_CONSECUTIVEBADFAXLINES:
++ case TIFFTAG_GROUP3OPTIONS:
++ case TIFFTAG_GROUP4OPTIONS:
++ break;
++ default:
++ return 1;
++ }
++ /* Check if codec specific tags are allowed for the current
++ * compression scheme (codec) */
++ switch (tif->tif_dir.td_compression) {
++ case COMPRESSION_LZW:
++ if (tag == TIFFTAG_PREDICTOR)
++ return 1;
++ break;
++ case COMPRESSION_PACKBITS:
++ /* No codec-specific tags */
++ break;
++ case COMPRESSION_THUNDERSCAN:
++ /* No codec-specific tags */
++ break;
++ case COMPRESSION_NEXT:
++ /* No codec-specific tags */
++ break;
++ case COMPRESSION_JPEG:
++ if (tag == TIFFTAG_JPEGTABLES)
++ return 1;
++ break;
++ case COMPRESSION_OJPEG:
++ switch (tag) {
++ case TIFFTAG_JPEGIFOFFSET:
++ case TIFFTAG_JPEGIFBYTECOUNT:
++ case TIFFTAG_JPEGQTABLES:
++ case TIFFTAG_JPEGDCTABLES:
++ case TIFFTAG_JPEGACTABLES:
++ case TIFFTAG_JPEGPROC:
++ case TIFFTAG_JPEGRESTARTINTERVAL:
++ return 1;
++ }
++ break;
++ case COMPRESSION_CCITTRLE:
++ case COMPRESSION_CCITTRLEW:
++ case COMPRESSION_CCITTFAX3:
++ case COMPRESSION_CCITTFAX4:
++ switch (tag) {
++ case TIFFTAG_BADFAXLINES:
++ case TIFFTAG_CLEANFAXDATA:
++ case TIFFTAG_CONSECUTIVEBADFAXLINES:
++ return 1;
++ case TIFFTAG_GROUP3OPTIONS:
++ if (tif->tif_dir.td_compression == COMPRESSION_CCITTFAX3)
++ return 1;
++ break;
++ case TIFFTAG_GROUP4OPTIONS:
++ if (tif->tif_dir.td_compression == COMPRESSION_CCITTFAX4)
++ return 1;
++ break;
++ }
++ break;
++ case COMPRESSION_JBIG:
++ /* No codec-specific tags */
++ break;
++ case COMPRESSION_DEFLATE:
++ case COMPRESSION_ADOBE_DEFLATE:
++ if (tag == TIFFTAG_PREDICTOR)
++ return 1;
++ break;
++ case COMPRESSION_PIXARLOG:
++ if (tag == TIFFTAG_PREDICTOR)
++ return 1;
++ break;
++ case COMPRESSION_SGILOG:
++ case COMPRESSION_SGILOG24:
++ /* No codec-specific tags */
++ break;
++ case COMPRESSION_LZMA:
++ if (tag == TIFFTAG_PREDICTOR)
++ return 1;
++ break;
++
++ }
++ return 0;
++}
++
+ /* vim: set ts=8 sts=8 sw=8 noet: */
+
+ /*
diff -r 37b2bf5407ec -r 5001d929fb89 graphics/tiff/patches/patch-libtiff_tif_dirread.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/tiff/patches/patch-libtiff_tif_dirread.c Wed Jun 21 01:08:33 2017 +0000
@@ -0,0 +1,34 @@
+$NetBSD: patch-libtiff_tif_dirread.c,v 1.5 2017/06/21 01:08:33 tez Exp $
+
+fix CVE-2014-8128, CVE-2016-5318, CVE-2015-7554 & CVE-2016-10095
+per http://bugzilla.maptools.org/show_bug.cgi?id=2580
+
+also CVE-2017-9147
+(http://bugzilla.maptools.org/show_bug.cgi?id=2693)
+
+
+Index: tif_dirread.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v
+retrieving revision 1.208
+retrieving revision 1.209
+diff -w -u -b -r1.208 -r1.209
+--- libtiff/tif_dirread.c.orig 27 Apr 2017 15:46:22 -0000 1.208
++++ libtiff/tif_dirread.c 1 Jun 2017 12:44:04 -0000 1.209
+@@ -1,4 +1,4 @@
+-/* $Id: patch-libtiff_tif_dirread.c,v 1.5 2017/06/21 01:08:33 tez Exp $ */
++/* $Id: patch-libtiff_tif_dirread.c,v 1.5 2017/06/21 01:08:33 tez Exp $ */
+
+ /*
+ * Copyright (c) 1988-1997 Sam Leffler
+@@ -3580,6 +3580,10 @@
+ goto bad;
+ dp->tdir_tag=IGNORE;
+ break;
++ default:
++ if( !_TIFFCheckFieldIsValidForCodec(tif, dp->tdir_tag) )
++ dp->tdir_tag=IGNORE;
++ break;
+ }
+ }
+ }
Home |
Main Index |
Thread Index |
Old Index