pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/graphics/tiff tiff: add patch for CVE-2017-9935 from u...
details: https://anonhg.NetBSD.org/pkgsrc/rev/ccfaff86a493
branches: trunk
changeset: 374141:ccfaff86a493
user: tez <tez%pkgsrc.org@localhost>
date: Tue Jan 16 23:52:06 2018 +0000
description:
tiff: add patch for CVE-2017-9935 from upstream git repo
diffstat:
graphics/tiff/Makefile | 4 +-
graphics/tiff/distinfo | 3 +-
graphics/tiff/patches/patch-CVE-2017-9935 | 119 ++++++++++++++++++++++++++++++
3 files changed, 123 insertions(+), 3 deletions(-)
diffs (150 lines):
diff -r 998d4d0bb5f7 -r ccfaff86a493 graphics/tiff/Makefile
--- a/graphics/tiff/Makefile Tue Jan 16 16:30:45 2018 +0000
+++ b/graphics/tiff/Makefile Tue Jan 16 23:52:06 2018 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.139 2017/12/03 09:07:06 maya Exp $
+# $NetBSD: Makefile,v 1.140 2018/01/16 23:52:06 tez Exp $
DISTNAME= tiff-4.0.9
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= graphics
MASTER_SITES= ftp://download.osgeo.org/libtiff/
diff -r 998d4d0bb5f7 -r ccfaff86a493 graphics/tiff/distinfo
--- a/graphics/tiff/distinfo Tue Jan 16 16:30:45 2018 +0000
+++ b/graphics/tiff/distinfo Tue Jan 16 23:52:06 2018 +0000
@@ -1,8 +1,9 @@
-$NetBSD: distinfo,v 1.88 2017/12/03 09:07:06 maya Exp $
+$NetBSD: distinfo,v 1.89 2018/01/16 23:52:06 tez Exp $
SHA1 (tiff-4.0.9.tar.gz) = 87d4543579176cc568668617c22baceccd568296
RMD160 (tiff-4.0.9.tar.gz) = ab5b3b7297e79344775b1e70c4d54c90c06836a3
SHA512 (tiff-4.0.9.tar.gz) = 04f3d5eefccf9c1a0393659fe27f3dddd31108c401ba0dc587bca152a1c1f6bc844ba41622ff5572da8cc278593eff8c402b44e7af0a0090e91d326c2d79f6cd
Size (tiff-4.0.9.tar.gz) = 2305681 bytes
+SHA1 (patch-CVE-2017-9935) = d33f3311e5bb96bf415f894237ab4dfcfafd2610
SHA1 (patch-configure) = a0032133f06b6ac92bbf52349fabe83f74ea14a6
SHA1 (patch-tools_pal2rgb.c) = f91652e8013940c162add870ceb9845e2730bc2c
diff -r 998d4d0bb5f7 -r ccfaff86a493 graphics/tiff/patches/patch-CVE-2017-9935
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/tiff/patches/patch-CVE-2017-9935 Tue Jan 16 23:52:06 2018 +0000
@@ -0,0 +1,119 @@
+$NetBSD: patch-CVE-2017-9935,v 1.1 2018/01/16 23:52:06 tez Exp $
+
+Patch for cve-2017-9935 from upstream git repo
+
+
+--- libtiff/tif_dir.c.orig
++++ libtiff/tif_dir.c
+@@ -1065,6 +1065,9 @@
+ if (td->td_samplesperpixel - td->td_extrasamples > 1) {
+ *va_arg(ap, uint16**) = td->td_transferfunction[1];
+ *va_arg(ap, uint16**) = td->td_transferfunction[2];
++ } else {
++ *va_arg(ap, uint16**) = NULL;
++ *va_arg(ap, uint16**) = NULL;
+ }
+ break;
+ case TIFFTAG_REFERENCEBLACKWHITE:
+
+--- tools/tiff2pdf.c.orig 2017-10-29 18:50:41.000000000 +0000
++++ tools/tiff2pdf.c
+@@ -237,7 +237,7 @@ typedef struct {
+ float tiff_whitechromaticities[2];
+ float tiff_primarychromaticities[6];
+ float tiff_referenceblackwhite[2];
+- float* tiff_transferfunction[3];
++ uint16* tiff_transferfunction[3];
+ int pdf_image_interpolate; /* 0 (default) : do not interpolate,
+ 1 : interpolate */
+ uint16 tiff_transferfunctioncount;
+@@ -1047,6 +1047,8 @@ void t2p_read_tiff_init(T2P* t2p, TIFF*
+ uint16 pagen=0;
+ uint16 paged=0;
+ uint16 xuint16=0;
++ uint16 tiff_transferfunctioncount=0;
++ uint16* tiff_transferfunction[3];
+
+ directorycount=TIFFNumberOfDirectories(input);
+ t2p->tiff_pages = (T2P_PAGE*) _TIFFmalloc(TIFFSafeMultiply(tmsize_t,directorycount,sizeof(T2P_PAGE)));
+@@ -1147,26 +1149,48 @@ void t2p_read_tiff_init(T2P* t2p, TIFF*
+ }
+ #endif
+ if (TIFFGetField(input, TIFFTAG_TRANSFERFUNCTION,
+- &(t2p->tiff_transferfunction[0]),
+- &(t2p->tiff_transferfunction[1]),
+- &(t2p->tiff_transferfunction[2]))) {
+- if((t2p->tiff_transferfunction[1] != (float*) NULL) &&
+- (t2p->tiff_transferfunction[2] != (float*) NULL) &&
+- (t2p->tiff_transferfunction[1] !=
+- t2p->tiff_transferfunction[0])) {
+- t2p->tiff_transferfunctioncount = 3;
+- t2p->tiff_pages[i].page_extra += 4;
+- t2p->pdf_xrefcount += 4;
+- } else {
+- t2p->tiff_transferfunctioncount = 1;
+- t2p->tiff_pages[i].page_extra += 2;
+- t2p->pdf_xrefcount += 2;
+- }
+- if(t2p->pdf_minorversion < 2)
+- t2p->pdf_minorversion = 2;
++ &(tiff_transferfunction[0]),
++ &(tiff_transferfunction[1]),
++ &(tiff_transferfunction[2]))) {
++
++ if((tiff_transferfunction[1] != (uint16*) NULL) &&
++ (tiff_transferfunction[2] != (uint16*) NULL)
++ ) {
++ tiff_transferfunctioncount=3;
++ } else {
++ tiff_transferfunctioncount=1;
++ }
+ } else {
+- t2p->tiff_transferfunctioncount=0;
++ tiff_transferfunctioncount=0;
+ }
++
++ if (i > 0){
++ if (tiff_transferfunctioncount != t2p->tiff_transferfunctioncount){
++ TIFFError(
++ TIFF2PDF_MODULE,
++ "Different transfer function on page %d",
++ i);
++ t2p->t2p_error = T2P_ERR_ERROR;
++ return;
++ }
++ }
++
++ t2p->tiff_transferfunctioncount = tiff_transferfunctioncount;
++ t2p->tiff_transferfunction[0] = tiff_transferfunction[0];
++ t2p->tiff_transferfunction[1] = tiff_transferfunction[1];
++ t2p->tiff_transferfunction[2] = tiff_transferfunction[2];
++ if(tiff_transferfunctioncount == 3){
++ t2p->tiff_pages[i].page_extra += 4;
++ t2p->pdf_xrefcount += 4;
++ if(t2p->pdf_minorversion < 2)
++ t2p->pdf_minorversion = 2;
++ } else if (tiff_transferfunctioncount == 1){
++ t2p->tiff_pages[i].page_extra += 2;
++ t2p->pdf_xrefcount += 2;
++ if(t2p->pdf_minorversion < 2)
++ t2p->pdf_minorversion = 2;
++ }
++
+ if( TIFFGetField(
+ input,
+ TIFFTAG_ICCPROFILE,
+@@ -1827,10 +1851,9 @@ void t2p_read_tiff_data(T2P* t2p, TIFF*
+ &(t2p->tiff_transferfunction[0]),
+ &(t2p->tiff_transferfunction[1]),
+ &(t2p->tiff_transferfunction[2]))) {
+- if((t2p->tiff_transferfunction[1] != (float*) NULL) &&
+- (t2p->tiff_transferfunction[2] != (float*) NULL) &&
+- (t2p->tiff_transferfunction[1] !=
+- t2p->tiff_transferfunction[0])) {
++ if((t2p->tiff_transferfunction[1] != (uint16*) NULL) &&
++ (t2p->tiff_transferfunction[2] != (uint16*) NULL)
++ ) {
+ t2p->tiff_transferfunctioncount=3;
+ } else {
+ t2p->tiff_transferfunctioncount=1;
Home |
Main Index |
Thread Index |
Old Index