diff options
author | nia <nia@pkgsrc.org> | 2022-03-25 08:36:37 +0000 |
---|---|---|
committer | nia <nia@pkgsrc.org> | 2022-03-25 08:36:37 +0000 |
commit | ea9aca8d65161f7cc3591fd5cfa9311a42d28174 (patch) | |
tree | 75f3a335a33dd76dffc49e8de2ca33bec3e24ffc /graphics | |
parent | 8a393c520c40c35c979690aad4aadbe67fdfd32c (diff) | |
download | pkgsrc-ea9aca8d65161f7cc3591fd5cfa9311a42d28174.tar.gz |
tiff: apply fixes for CVE-2022-22844 CVE-2022-0561 CVE-2022-0562
This is tiff-4.3.0nb1.
Diffstat (limited to 'graphics')
-rw-r--r-- | graphics/tiff/Makefile | 3 | ||||
-rw-r--r-- | graphics/tiff/distinfo | 4 | ||||
-rw-r--r-- | graphics/tiff/patches/patch-CVE-2022-0561 | 30 | ||||
-rw-r--r-- | graphics/tiff/patches/patch-CVE-2022-22844 | 31 |
4 files changed, 66 insertions, 2 deletions
diff --git a/graphics/tiff/Makefile b/graphics/tiff/Makefile index 2de63d6955c..fd6a3f5372c 100644 --- a/graphics/tiff/Makefile +++ b/graphics/tiff/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.150 2021/06/14 20:45:03 schmonz Exp $ +# $NetBSD: Makefile,v 1.151 2022/03/25 08:36:37 nia Exp $ DISTNAME= tiff-4.3.0 +PKGREVISION= 1 CATEGORIES= graphics MASTER_SITES= https://download.osgeo.org/libtiff/ diff --git a/graphics/tiff/distinfo b/graphics/tiff/distinfo index a029b886892..e6c112c2dec 100644 --- a/graphics/tiff/distinfo +++ b/graphics/tiff/distinfo @@ -1,6 +1,8 @@ -$NetBSD: distinfo,v 1.100 2021/10/26 10:47:21 nia Exp $ +$NetBSD: distinfo,v 1.101 2022/03/25 08:36:37 nia Exp $ BLAKE2s (tiff-4.3.0.tar.gz) = 28ba59df6d3d7a967dc168645bfc78f047ac8f7f548050abbbd0560f9dd21c75 SHA512 (tiff-4.3.0.tar.gz) = e04a4a6c542e58a174c1e9516af3908acf1d3d3e1096648c5514f4963f73e7af27387a76b0fbabe43cf867a18874088f963796a7cd6e45deb998692e3e235493 Size (tiff-4.3.0.tar.gz) = 2808254 bytes +SHA1 (patch-CVE-2022-0561) = ceb02d9fb6a897a50d65fd3f46ab527ea84562a4 +SHA1 (patch-CVE-2022-22844) = 268d67ea1a24c6078006c37bf5c56b00a6a0183f SHA1 (patch-Makefile.in) = de93f4a2cea4bffc117482fdc6875adfb9aa67e0 diff --git a/graphics/tiff/patches/patch-CVE-2022-0561 b/graphics/tiff/patches/patch-CVE-2022-0561 new file mode 100644 index 00000000000..250818c866f --- /dev/null +++ b/graphics/tiff/patches/patch-CVE-2022-0561 @@ -0,0 +1,30 @@ +$NetBSD: patch-CVE-2022-0561,v 1.1 2022/03/25 08:36:37 nia Exp $ + +https://gitlab.com/libtiff/libtiff/-/issues/362 + +This fixes CVE-2022-0561 and CVE-2022-0562. + +--- libtiff/tif_dirread.c.orig 2021-03-07 18:37:25.000000000 +0000 ++++ libtiff/tif_dirread.c +@@ -4173,7 +4173,8 @@ TIFFReadDirectory(TIFF* tif) + goto bad; + } + +- memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16_t)); ++ if (old_extrasamples > 0) ++ memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16_t)); + _TIFFsetShortArray(&tif->tif_dir.td_sampleinfo, new_sampleinfo, tif->tif_dir.td_extrasamples); + _TIFFfree(new_sampleinfo); + } +@@ -5765,8 +5766,9 @@ TIFFFetchStripThing(TIFF* tif, TIFFDirEn + _TIFFfree(data); + return(0); + } +- _TIFFmemcpy(resizeddata,data, (uint32_t)dir->tdir_count * sizeof(uint64_t)); +- _TIFFmemset(resizeddata+(uint32_t)dir->tdir_count, 0, (nstrips - (uint32_t)dir->tdir_count) * sizeof(uint64_t)); ++ if( dir->tdir_count ) ++ _TIFFmemcpy(resizeddata,data, (uint32_t)dir->tdir_count * sizeof(uint64_t)); ++ _TIFFmemset(resizeddata+(uint32_t)dir->tdir_count, 0, (nstrips - (uint32_t)dir->tdir_count) * sizeof(uint64_t)); + _TIFFfree(data); + data=resizeddata; + } diff --git a/graphics/tiff/patches/patch-CVE-2022-22844 b/graphics/tiff/patches/patch-CVE-2022-22844 new file mode 100644 index 00000000000..3206bdfb2cf --- /dev/null +++ b/graphics/tiff/patches/patch-CVE-2022-22844 @@ -0,0 +1,31 @@ +$NetBSD: patch-CVE-2022-22844,v 1.1 2022/03/25 08:36:37 nia Exp $ + +https://gitlab.com/libtiff/libtiff/-/issues/355 + +This fixes CVE-2022-22844. + +--- tools/tiffset.c.orig 2021-03-07 11:39:11.000000000 +0000 ++++ tools/tiffset.c +@@ -146,9 +146,19 @@ main(int argc, char* argv[]) + + arg_index++; + if (TIFFFieldDataType(fip) == TIFF_ASCII) { +- if (TIFFSetField(tiff, TIFFFieldTag(fip), argv[arg_index]) != 1) +- fprintf( stderr, "Failed to set %s=%s\n", +- TIFFFieldName(fip), argv[arg_index] ); ++ if(TIFFFieldPassCount( fip )) { ++ size_t len; ++ len = strlen(argv[arg_index]) + 1; ++ if (len > UINT16_MAX || TIFFSetField(tiff, TIFFFieldTag(fip), ++ (uint16_t)len, argv[arg_index]) != 1) ++ fprintf( stderr, "Failed to set %s=%s\n", ++ TIFFFieldName(fip), argv[arg_index] ); ++ } else { ++ if (TIFFSetField(tiff, TIFFFieldTag(fip), ++ argv[arg_index]) != 1) ++ fprintf( stderr, "Failed to set %s=%s\n", ++ TIFFFieldName(fip), argv[arg_index] ); ++ } + } else if (TIFFFieldWriteCount(fip) > 0 + || TIFFFieldWriteCount(fip) == TIFF_VARIABLE) { + int ret = 1; |