pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/graphics/tiff tiff: add patch for CVE-2017-9935 from u...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/ccfaff86a493
branches:  trunk
changeset: 374141:ccfaff86a493
user:      tez <tez%pkgsrc.org@localhost>
date:      Tue Jan 16 23:52:06 2018 +0000

description:
tiff: add patch for CVE-2017-9935 from upstream git repo

diffstat:

 graphics/tiff/Makefile                    |    4 +-
 graphics/tiff/distinfo                    |    3 +-
 graphics/tiff/patches/patch-CVE-2017-9935 |  119 ++++++++++++++++++++++++++++++
 3 files changed, 123 insertions(+), 3 deletions(-)

diffs (150 lines):

diff -r 998d4d0bb5f7 -r ccfaff86a493 graphics/tiff/Makefile
--- a/graphics/tiff/Makefile    Tue Jan 16 16:30:45 2018 +0000
+++ b/graphics/tiff/Makefile    Tue Jan 16 23:52:06 2018 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.139 2017/12/03 09:07:06 maya Exp $
+# $NetBSD: Makefile,v 1.140 2018/01/16 23:52:06 tez Exp $
 
 DISTNAME=      tiff-4.0.9
-PKGREVISION=   1
+PKGREVISION=   2
 CATEGORIES=    graphics
 MASTER_SITES=  ftp://download.osgeo.org/libtiff/
 
diff -r 998d4d0bb5f7 -r ccfaff86a493 graphics/tiff/distinfo
--- a/graphics/tiff/distinfo    Tue Jan 16 16:30:45 2018 +0000
+++ b/graphics/tiff/distinfo    Tue Jan 16 23:52:06 2018 +0000
@@ -1,8 +1,9 @@
-$NetBSD: distinfo,v 1.88 2017/12/03 09:07:06 maya Exp $
+$NetBSD: distinfo,v 1.89 2018/01/16 23:52:06 tez Exp $
 
 SHA1 (tiff-4.0.9.tar.gz) = 87d4543579176cc568668617c22baceccd568296
 RMD160 (tiff-4.0.9.tar.gz) = ab5b3b7297e79344775b1e70c4d54c90c06836a3
 SHA512 (tiff-4.0.9.tar.gz) = 04f3d5eefccf9c1a0393659fe27f3dddd31108c401ba0dc587bca152a1c1f6bc844ba41622ff5572da8cc278593eff8c402b44e7af0a0090e91d326c2d79f6cd
 Size (tiff-4.0.9.tar.gz) = 2305681 bytes
+SHA1 (patch-CVE-2017-9935) = d33f3311e5bb96bf415f894237ab4dfcfafd2610
 SHA1 (patch-configure) = a0032133f06b6ac92bbf52349fabe83f74ea14a6
 SHA1 (patch-tools_pal2rgb.c) = f91652e8013940c162add870ceb9845e2730bc2c
diff -r 998d4d0bb5f7 -r ccfaff86a493 graphics/tiff/patches/patch-CVE-2017-9935
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/tiff/patches/patch-CVE-2017-9935 Tue Jan 16 23:52:06 2018 +0000
@@ -0,0 +1,119 @@
+$NetBSD: patch-CVE-2017-9935,v 1.1 2018/01/16 23:52:06 tez Exp $
+
+Patch for cve-2017-9935 from upstream git repo
+
+
+--- libtiff/tif_dir.c.orig
++++ libtiff/tif_dir.c
+@@ -1065,6 +1065,9 @@ 
+                       if (td->td_samplesperpixel - td->td_extrasamples > 1) {
+                               *va_arg(ap, uint16**) = td->td_transferfunction[1];
+                               *va_arg(ap, uint16**) = td->td_transferfunction[2];
++                      } else {
++                              *va_arg(ap, uint16**) = NULL;
++                              *va_arg(ap, uint16**) = NULL;
+                       }
+                       break;
+               case TIFFTAG_REFERENCEBLACKWHITE:
+
+--- tools/tiff2pdf.c.orig      2017-10-29 18:50:41.000000000 +0000
++++ tools/tiff2pdf.c
+@@ -237,7 +237,7 @@ typedef struct {
+       float tiff_whitechromaticities[2];
+       float tiff_primarychromaticities[6];
+       float tiff_referenceblackwhite[2];
+-      float* tiff_transferfunction[3];
++      uint16* tiff_transferfunction[3];
+       int pdf_image_interpolate;      /* 0 (default) : do not interpolate,
+                                          1 : interpolate */
+       uint16 tiff_transferfunctioncount;
+@@ -1047,6 +1047,8 @@ void t2p_read_tiff_init(T2P* t2p, TIFF*
+       uint16 pagen=0;
+       uint16 paged=0;
+       uint16 xuint16=0;
++      uint16 tiff_transferfunctioncount=0;
++      uint16* tiff_transferfunction[3];
+ 
+       directorycount=TIFFNumberOfDirectories(input);
+       t2p->tiff_pages = (T2P_PAGE*) _TIFFmalloc(TIFFSafeMultiply(tmsize_t,directorycount,sizeof(T2P_PAGE)));
+@@ -1147,26 +1149,48 @@ void t2p_read_tiff_init(T2P* t2p, TIFF*
+                 }
+ #endif
+               if (TIFFGetField(input, TIFFTAG_TRANSFERFUNCTION,
+-                                 &(t2p->tiff_transferfunction[0]),
+-                                 &(t2p->tiff_transferfunction[1]),
+-                                 &(t2p->tiff_transferfunction[2]))) {
+-                      if((t2p->tiff_transferfunction[1] != (float*) NULL) &&
+-                           (t2p->tiff_transferfunction[2] != (float*) NULL) &&
+-                           (t2p->tiff_transferfunction[1] !=
+-                            t2p->tiff_transferfunction[0])) {
+-                              t2p->tiff_transferfunctioncount = 3;
+-                              t2p->tiff_pages[i].page_extra += 4;
+-                              t2p->pdf_xrefcount += 4;
+-                      } else {
+-                              t2p->tiff_transferfunctioncount = 1;
+-                              t2p->tiff_pages[i].page_extra += 2;
+-                              t2p->pdf_xrefcount += 2;
+-                      }
+-                      if(t2p->pdf_minorversion < 2)
+-                              t2p->pdf_minorversion = 2;
++                                 &(tiff_transferfunction[0]),
++                                 &(tiff_transferfunction[1]),
++                                 &(tiff_transferfunction[2]))) {
++
++                        if((tiff_transferfunction[1] != (uint16*) NULL) &&
++                           (tiff_transferfunction[2] != (uint16*) NULL)
++                          ) {
++                            tiff_transferfunctioncount=3;
++                        } else {
++                            tiff_transferfunctioncount=1;
++                        }
+                 } else {
+-                      t2p->tiff_transferfunctioncount=0;
++                      tiff_transferfunctioncount=0;
+               }
++
++                if (i > 0){
++                    if (tiff_transferfunctioncount != t2p->tiff_transferfunctioncount){
++                        TIFFError(
++                            TIFF2PDF_MODULE, 
++                            "Different transfer function on page %d", 
++                            i);
++                        t2p->t2p_error = T2P_ERR_ERROR;
++                        return;
++                    }
++                }
++
++                t2p->tiff_transferfunctioncount = tiff_transferfunctioncount;
++                t2p->tiff_transferfunction[0] = tiff_transferfunction[0];
++                t2p->tiff_transferfunction[1] = tiff_transferfunction[1];
++                t2p->tiff_transferfunction[2] = tiff_transferfunction[2];
++                if(tiff_transferfunctioncount == 3){
++                        t2p->tiff_pages[i].page_extra += 4;
++                        t2p->pdf_xrefcount += 4;
++                        if(t2p->pdf_minorversion < 2)
++                                t2p->pdf_minorversion = 2;
++                } else if (tiff_transferfunctioncount == 1){
++                        t2p->tiff_pages[i].page_extra += 2;
++                        t2p->pdf_xrefcount += 2;
++                        if(t2p->pdf_minorversion < 2)
++                                t2p->pdf_minorversion = 2;
++                }
++
+               if( TIFFGetField(
+                       input, 
+                       TIFFTAG_ICCPROFILE, 
+@@ -1827,10 +1851,9 @@ void t2p_read_tiff_data(T2P* t2p, TIFF*
+                        &(t2p->tiff_transferfunction[0]),
+                        &(t2p->tiff_transferfunction[1]),
+                        &(t2p->tiff_transferfunction[2]))) {
+-              if((t2p->tiff_transferfunction[1] != (float*) NULL) &&
+-                   (t2p->tiff_transferfunction[2] != (float*) NULL) &&
+-                   (t2p->tiff_transferfunction[1] !=
+-                    t2p->tiff_transferfunction[0])) {
++              if((t2p->tiff_transferfunction[1] != (uint16*) NULL) &&
++                   (t2p->tiff_transferfunction[2] != (uint16*) NULL)
++                  ) {
+                       t2p->tiff_transferfunctioncount=3;
+               } else {
+                       t2p->tiff_transferfunctioncount=1;



Home | Main Index | Thread Index | Old Index