tiff: apply fixes for CVE-2022-22844 CVE-2022-0561 CVE-2022-0562

This is tiff-4.3.0nb1.
author: nia <nia@pkgsrc.org> 2022-03-25 08:36:37 +0000
committer: nia <nia@pkgsrc.org> 2022-03-25 08:36:37 +0000
commit: ea9aca8d65161f7cc3591fd5cfa9311a42d28174 (patch)
tree: 75f3a335a33dd76dffc49e8de2ca33bec3e24ffc /graphics
parent: 8a393c520c40c35c979690aad4aadbe67fdfd32c (diff)
download: pkgsrc-ea9aca8d65161f7cc3591fd5cfa9311a42d28174.tar.gz
4 files changed, 66 insertions, 2 deletions
diff --git a/graphics/tiff/Makefile b/graphics/tiff/Makefile
index 2de63d6955c..fd6a3f5372c 100644
--- a/graphics/tiff/Makefile
+++ b/graphics/tiff/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.150 2021/06/14 20:45:03 schmonz Exp $
+# $NetBSD: Makefile,v 1.151 2022/03/25 08:36:37 nia Exp $
 
 DISTNAME=	tiff-4.3.0
+PKGREVISION=	1
 CATEGORIES=	graphics
 MASTER_SITES=	https://download.osgeo.org/libtiff/
 
diff --git a/graphics/tiff/distinfo b/graphics/tiff/distinfo
index a029b886892..e6c112c2dec 100644
--- a/graphics/tiff/distinfo
+++ b/graphics/tiff/distinfo
@@ -1,6 +1,8 @@
-$NetBSD: distinfo,v 1.100 2021/10/26 10:47:21 nia Exp $
+$NetBSD: distinfo,v 1.101 2022/03/25 08:36:37 nia Exp $
 
 BLAKE2s (tiff-4.3.0.tar.gz) = 28ba59df6d3d7a967dc168645bfc78f047ac8f7f548050abbbd0560f9dd21c75
 SHA512 (tiff-4.3.0.tar.gz) = e04a4a6c542e58a174c1e9516af3908acf1d3d3e1096648c5514f4963f73e7af27387a76b0fbabe43cf867a18874088f963796a7cd6e45deb998692e3e235493
 Size (tiff-4.3.0.tar.gz) = 2808254 bytes
+SHA1 (patch-CVE-2022-0561) = ceb02d9fb6a897a50d65fd3f46ab527ea84562a4
+SHA1 (patch-CVE-2022-22844) = 268d67ea1a24c6078006c37bf5c56b00a6a0183f
 SHA1 (patch-Makefile.in) = de93f4a2cea4bffc117482fdc6875adfb9aa67e0
diff --git a/graphics/tiff/patches/patch-CVE-2022-0561 b/graphics/tiff/patches/patch-CVE-2022-0561
new file mode 100644
index 00000000000..250818c866f
--- /dev/null
+++ b/graphics/tiff/patches/patch-CVE-2022-0561
@@ -0,0 +1,30 @@
+$NetBSD: patch-CVE-2022-0561,v 1.1 2022/03/25 08:36:37 nia Exp $
+
+https://gitlab.com/libtiff/libtiff/-/issues/362
+
+This fixes CVE-2022-0561 and CVE-2022-0562.
+
+--- libtiff/tif_dirread.c.orig	2021-03-07 18:37:25.000000000 +0000
++++ libtiff/tif_dirread.c
+@@ -4173,7 +4173,8 @@ TIFFReadDirectory(TIFF* tif)
+                     goto bad;
+                 }
+ 
+-                memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16_t));
++                if (old_extrasamples > 0)
++                    memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16_t));
+                 _TIFFsetShortArray(&tif->tif_dir.td_sampleinfo, new_sampleinfo, tif->tif_dir.td_extrasamples);
+                 _TIFFfree(new_sampleinfo);
+         }
+@@ -5765,8 +5766,9 @@ TIFFFetchStripThing(TIFF* tif, TIFFDirEn
+ 			_TIFFfree(data);
+ 			return(0);
+ 		}
+-                _TIFFmemcpy(resizeddata,data, (uint32_t)dir->tdir_count * sizeof(uint64_t));
+-                _TIFFmemset(resizeddata+(uint32_t)dir->tdir_count, 0, (nstrips - (uint32_t)dir->tdir_count) * sizeof(uint64_t));
++		if( dir->tdir_count )
++			_TIFFmemcpy(resizeddata,data, (uint32_t)dir->tdir_count * sizeof(uint64_t));
++		_TIFFmemset(resizeddata+(uint32_t)dir->tdir_count, 0, (nstrips - (uint32_t)dir->tdir_count) * sizeof(uint64_t));
+ 		_TIFFfree(data);
+ 		data=resizeddata;
+ 	}
diff --git a/graphics/tiff/patches/patch-CVE-2022-22844 b/graphics/tiff/patches/patch-CVE-2022-22844
new file mode 100644
index 00000000000..3206bdfb2cf
--- /dev/null
+++ b/graphics/tiff/patches/patch-CVE-2022-22844
@@ -0,0 +1,31 @@
+$NetBSD: patch-CVE-2022-22844,v 1.1 2022/03/25 08:36:37 nia Exp $
+
+https://gitlab.com/libtiff/libtiff/-/issues/355
+
+This fixes CVE-2022-22844.
+
+--- tools/tiffset.c.orig	2021-03-07 11:39:11.000000000 +0000
++++ tools/tiffset.c
+@@ -146,9 +146,19 @@ main(int argc, char* argv[])
+ 
+             arg_index++;
+             if (TIFFFieldDataType(fip) == TIFF_ASCII) {
+-                if (TIFFSetField(tiff, TIFFFieldTag(fip), argv[arg_index]) != 1)
+-                    fprintf( stderr, "Failed to set %s=%s\n",
+-                             TIFFFieldName(fip), argv[arg_index] );
++                if(TIFFFieldPassCount( fip )) {
++                    size_t len;
++                    len = strlen(argv[arg_index]) + 1;
++                    if (len > UINT16_MAX || TIFFSetField(tiff, TIFFFieldTag(fip),
++                            (uint16_t)len, argv[arg_index]) != 1)
++                        fprintf( stderr, "Failed to set %s=%s\n",
++                            TIFFFieldName(fip), argv[arg_index] );
++                } else {
++                    if (TIFFSetField(tiff, TIFFFieldTag(fip),
++                            argv[arg_index]) != 1)
++                        fprintf( stderr, "Failed to set %s=%s\n",
++                            TIFFFieldName(fip), argv[arg_index] );
++                }
+             } else if (TIFFFieldWriteCount(fip) > 0
+ 		       || TIFFFieldWriteCount(fip) == TIFF_VARIABLE) {
+                 int     ret = 1;
author	nia <nia@pkgsrc.org>	2022-03-25 08:36:37 +0000
committer	nia <nia@pkgsrc.org>	2022-03-25 08:36:37 +0000
commit	ea9aca8d65161f7cc3591fd5cfa9311a42d28174 (patch)
tree	75f3a335a33dd76dffc49e8de2ca33bec3e24ffc /graphics
parent	8a393c520c40c35c979690aad4aadbe67fdfd32c (diff)
download	pkgsrc-ea9aca8d65161f7cc3591fd5cfa9311a42d28174.tar.gz