diff options
author | tez <tez@pkgsrc.org> | 2017-06-21 01:08:33 +0000 |
---|---|---|
committer | tez <tez@pkgsrc.org> | 2017-06-21 01:08:33 +0000 |
commit | 088e14657e1d4e1f548617793af95570c08ad9b4 (patch) | |
tree | 7ba723401c2a75620cd0c9b1b45678ed4371074f /graphics/tiff | |
parent | 78548ee691a1f7bbd16f4fc88bb01d23d20db151 (diff) | |
download | pkgsrc-088e14657e1d4e1f548617793af95570c08ad9b4.tar.gz |
fix CVE-2014-8128, CVE-2016-5318, CVE-2015-7554 & CVE-2016-10095
per http://bugzilla.maptools.org/show_bug.cgi?id=2580
also CVE-2017-9147
(http://bugzilla.maptools.org/show_bug.cgi?id=2693)
Diffstat (limited to 'graphics/tiff')
-rw-r--r-- | graphics/tiff/Makefile | 3 | ||||
-rw-r--r-- | graphics/tiff/distinfo | 5 | ||||
-rw-r--r-- | graphics/tiff/patches/patch-libtiff_tif_dir.h | 31 | ||||
-rw-r--r-- | graphics/tiff/patches/patch-libtiff_tif_dirinfo.c | 133 | ||||
-rw-r--r-- | graphics/tiff/patches/patch-libtiff_tif_dirread.c | 34 |
5 files changed, 204 insertions, 2 deletions
diff --git a/graphics/tiff/Makefile b/graphics/tiff/Makefile index 6e21c5a3d7c..7c124773047 100644 --- a/graphics/tiff/Makefile +++ b/graphics/tiff/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.136 2017/05/29 13:44:05 he Exp $ +# $NetBSD: Makefile,v 1.137 2017/06/21 01:08:33 tez Exp $ DISTNAME= tiff-4.0.8 +PKGREVISION= 1 CATEGORIES= graphics MASTER_SITES= ftp://download.osgeo.org/libtiff/ diff --git a/graphics/tiff/distinfo b/graphics/tiff/distinfo index ec7639020b9..65f10f36a37 100644 --- a/graphics/tiff/distinfo +++ b/graphics/tiff/distinfo @@ -1,7 +1,10 @@ -$NetBSD: distinfo,v 1.82 2017/05/29 13:44:05 he Exp $ +$NetBSD: distinfo,v 1.83 2017/06/21 01:08:33 tez Exp $ SHA1 (tiff-4.0.8.tar.gz) = 88717c97480a7976c94d23b6d9ed4ac74715267f RMD160 (tiff-4.0.8.tar.gz) = 0d8bc26c98035810c73b8f876f76dc48efba7da8 SHA512 (tiff-4.0.8.tar.gz) = 5d010ec4ce37aca733f7ab7db9f432987b0cd21664bd9d99452a146833c40f0d1e7309d1870b0395e947964134d5cfeb1366181e761fe353ad585803ff3d6be6 Size (tiff-4.0.8.tar.gz) = 2065574 bytes SHA1 (patch-configure) = a0032133f06b6ac92bbf52349fabe83f74ea14a6 +SHA1 (patch-libtiff_tif_dir.h) = f4790fc1a671d1404974e0fa99b36e77653f3b87 +SHA1 (patch-libtiff_tif_dirinfo.c) = 9acbc2912ff9e1636d94dfdfe6f0b3d593eed95a +SHA1 (patch-libtiff_tif_dirread.c) = 87176772a12c1eb4d0ff801ad9d4e7f368c64c44 diff --git a/graphics/tiff/patches/patch-libtiff_tif_dir.h b/graphics/tiff/patches/patch-libtiff_tif_dir.h new file mode 100644 index 00000000000..0843667d28c --- /dev/null +++ b/graphics/tiff/patches/patch-libtiff_tif_dir.h @@ -0,0 +1,31 @@ +$NetBSD: patch-libtiff_tif_dir.h,v 1.1 2017/06/21 01:08:33 tez Exp $ + +fix CVE-2014-8128, CVE-2016-5318, CVE-2015-7554 & CVE-2016-10095 +per http://bugzilla.maptools.org/show_bug.cgi?id=2580 + +also CVE-2017-9147 +(http://bugzilla.maptools.org/show_bug.cgi?id=2693) + + +Index: tif_dir.h +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.h,v +retrieving revision 1.54 +retrieving revision 1.55 +diff -w -u -b -r1.54 -r1.55 +--- libtiff/tif_dir.h.orig 18 Feb 2011 20:53:05 -0000 1.54 ++++ libtiff/tif_dir.h 1 Jun 2017 12:44:04 -0000 1.55 +@@ -1,4 +1,4 @@ +-/* $Id: patch-libtiff_tif_dir.h,v 1.1 2017/06/21 01:08:33 tez Exp $ */ ++/* $Id: patch-libtiff_tif_dir.h,v 1.1 2017/06/21 01:08:33 tez Exp $ */ + + /* + * Copyright (c) 1988-1997 Sam Leffler +@@ -291,6 +291,7 @@ + extern int _TIFFMergeFields(TIFF*, const TIFFField[], uint32); + extern const TIFFField* _TIFFFindOrRegisterField(TIFF *, uint32, TIFFDataType); + extern TIFFField* _TIFFCreateAnonField(TIFF *, uint32, TIFFDataType); ++extern int _TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag); + + #if defined(__cplusplus) + } diff --git a/graphics/tiff/patches/patch-libtiff_tif_dirinfo.c b/graphics/tiff/patches/patch-libtiff_tif_dirinfo.c new file mode 100644 index 00000000000..5aa3871917a --- /dev/null +++ b/graphics/tiff/patches/patch-libtiff_tif_dirinfo.c @@ -0,0 +1,133 @@ +$NetBSD: patch-libtiff_tif_dirinfo.c,v 1.1 2017/06/21 01:08:33 tez Exp $ + +fix CVE-2014-8128, CVE-2016-5318, CVE-2015-7554 & CVE-2016-10095 +per http://bugzilla.maptools.org/show_bug.cgi?id=2580 + +also CVE-2017-9147 +(http://bugzilla.maptools.org/show_bug.cgi?id=2693) + + +Index: tif_dirinfo.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirinfo.c,v +retrieving revision 1.126 +retrieving revision 1.127 +diff -w -u -b -r1.126 -r1.127 +--- libtiff/tif_dirinfo.c.orig 18 Nov 2016 02:52:13 -0000 1.126 ++++ libtiff/tif_dirinfo.c 1 Jun 2017 12:44:04 -0000 1.127 +@@ -1,4 +1,4 @@ +-/* $Id: patch-libtiff_tif_dirinfo.c,v 1.1 2017/06/21 01:08:33 tez Exp $ */ ++/* $Id: patch-libtiff_tif_dirinfo.c,v 1.1 2017/06/21 01:08:33 tez Exp $ */ + + /* + * Copyright (c) 1988-1997 Sam Leffler +@@ -956,6 +956,109 @@ + return 0; + } + ++int ++_TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag) ++{ ++ /* Filter out non-codec specific tags */ ++ switch (tag) { ++ /* Shared tags */ ++ case TIFFTAG_PREDICTOR: ++ /* JPEG tags */ ++ case TIFFTAG_JPEGTABLES: ++ /* OJPEG tags */ ++ case TIFFTAG_JPEGIFOFFSET: ++ case TIFFTAG_JPEGIFBYTECOUNT: ++ case TIFFTAG_JPEGQTABLES: ++ case TIFFTAG_JPEGDCTABLES: ++ case TIFFTAG_JPEGACTABLES: ++ case TIFFTAG_JPEGPROC: ++ case TIFFTAG_JPEGRESTARTINTERVAL: ++ /* CCITT* */ ++ case TIFFTAG_BADFAXLINES: ++ case TIFFTAG_CLEANFAXDATA: ++ case TIFFTAG_CONSECUTIVEBADFAXLINES: ++ case TIFFTAG_GROUP3OPTIONS: ++ case TIFFTAG_GROUP4OPTIONS: ++ break; ++ default: ++ return 1; ++ } ++ /* Check if codec specific tags are allowed for the current ++ * compression scheme (codec) */ ++ switch (tif->tif_dir.td_compression) { ++ case COMPRESSION_LZW: ++ if (tag == TIFFTAG_PREDICTOR) ++ return 1; ++ break; ++ case COMPRESSION_PACKBITS: ++ /* No codec-specific tags */ ++ break; ++ case COMPRESSION_THUNDERSCAN: ++ /* No codec-specific tags */ ++ break; ++ case COMPRESSION_NEXT: ++ /* No codec-specific tags */ ++ break; ++ case COMPRESSION_JPEG: ++ if (tag == TIFFTAG_JPEGTABLES) ++ return 1; ++ break; ++ case COMPRESSION_OJPEG: ++ switch (tag) { ++ case TIFFTAG_JPEGIFOFFSET: ++ case TIFFTAG_JPEGIFBYTECOUNT: ++ case TIFFTAG_JPEGQTABLES: ++ case TIFFTAG_JPEGDCTABLES: ++ case TIFFTAG_JPEGACTABLES: ++ case TIFFTAG_JPEGPROC: ++ case TIFFTAG_JPEGRESTARTINTERVAL: ++ return 1; ++ } ++ break; ++ case COMPRESSION_CCITTRLE: ++ case COMPRESSION_CCITTRLEW: ++ case COMPRESSION_CCITTFAX3: ++ case COMPRESSION_CCITTFAX4: ++ switch (tag) { ++ case TIFFTAG_BADFAXLINES: ++ case TIFFTAG_CLEANFAXDATA: ++ case TIFFTAG_CONSECUTIVEBADFAXLINES: ++ return 1; ++ case TIFFTAG_GROUP3OPTIONS: ++ if (tif->tif_dir.td_compression == COMPRESSION_CCITTFAX3) ++ return 1; ++ break; ++ case TIFFTAG_GROUP4OPTIONS: ++ if (tif->tif_dir.td_compression == COMPRESSION_CCITTFAX4) ++ return 1; ++ break; ++ } ++ break; ++ case COMPRESSION_JBIG: ++ /* No codec-specific tags */ ++ break; ++ case COMPRESSION_DEFLATE: ++ case COMPRESSION_ADOBE_DEFLATE: ++ if (tag == TIFFTAG_PREDICTOR) ++ return 1; ++ break; ++ case COMPRESSION_PIXARLOG: ++ if (tag == TIFFTAG_PREDICTOR) ++ return 1; ++ break; ++ case COMPRESSION_SGILOG: ++ case COMPRESSION_SGILOG24: ++ /* No codec-specific tags */ ++ break; ++ case COMPRESSION_LZMA: ++ if (tag == TIFFTAG_PREDICTOR) ++ return 1; ++ break; ++ ++ } ++ return 0; ++} ++ + /* vim: set ts=8 sts=8 sw=8 noet: */ + + /* diff --git a/graphics/tiff/patches/patch-libtiff_tif_dirread.c b/graphics/tiff/patches/patch-libtiff_tif_dirread.c new file mode 100644 index 00000000000..c8a62efaf81 --- /dev/null +++ b/graphics/tiff/patches/patch-libtiff_tif_dirread.c @@ -0,0 +1,34 @@ +$NetBSD: patch-libtiff_tif_dirread.c,v 1.5 2017/06/21 01:08:33 tez Exp $ + +fix CVE-2014-8128, CVE-2016-5318, CVE-2015-7554 & CVE-2016-10095 +per http://bugzilla.maptools.org/show_bug.cgi?id=2580 + +also CVE-2017-9147 +(http://bugzilla.maptools.org/show_bug.cgi?id=2693) + + +Index: tif_dirread.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v +retrieving revision 1.208 +retrieving revision 1.209 +diff -w -u -b -r1.208 -r1.209 +--- libtiff/tif_dirread.c.orig 27 Apr 2017 15:46:22 -0000 1.208 ++++ libtiff/tif_dirread.c 1 Jun 2017 12:44:04 -0000 1.209 +@@ -1,4 +1,4 @@ +-/* $Id: patch-libtiff_tif_dirread.c,v 1.5 2017/06/21 01:08:33 tez Exp $ */ ++/* $Id: patch-libtiff_tif_dirread.c,v 1.5 2017/06/21 01:08:33 tez Exp $ */ + + /* + * Copyright (c) 1988-1997 Sam Leffler +@@ -3580,6 +3580,10 @@ + goto bad; + dp->tdir_tag=IGNORE; + break; ++ default: ++ if( !_TIFFCheckFieldIsValidForCodec(tif, dp->tdir_tag) ) ++ dp->tdir_tag=IGNORE; ++ break; + } + } + } |