pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2017Q1]: pkgsrc/graphics/tiff Pullup ticket #5399 - requested ...
details: https://anonhg.NetBSD.org/pkgsrc/rev/e19c8ef34cf0
branches: pkgsrc-2017Q1
changeset: 360354:e19c8ef34cf0
user: bsiegert <bsiegert%pkgsrc.org@localhost>
date: Sat May 06 15:01:21 2017 +0000
description:
Pullup ticket #5399 - requested by sevan
graphics/tiff: security fix
Revisions pulled up:
- graphics/tiff/Makefile 1.126
- graphics/tiff/distinfo 1.72
- graphics/tiff/patches/patch-libtiff_tif_dirread.c 1.1
- graphics/tiff/patches/patch-libtiff_tif_getimage.c 1.1
- graphics/tiff/patches/patch-libtiff_tif_jpeg.c 1.1
- graphics/tiff/patches/patch-libtiff_tif_ojpeg.c 1.1
- graphics/tiff/patches/patch-libtiff_tif_read.c 1.1
- graphics/tiff/patches/patch-libtiff_tif_unix.c 1.1
- graphics/tiff/patches/patch-libtiff_tif_win32.c 1.1
- graphics/tiff/patches/patch-libtiff_tiffio.h 1.1
- graphics/tiff/patches/patch-tools_tiffcp.c 1.1
---
Module Name: pkgsrc
Committed By: sevan
Date: Wed May 3 23:00:59 UTC 2017
Modified Files:
pkgsrc/graphics/tiff: Makefile distinfo
Added Files:
pkgsrc/graphics/tiff/patches: patch-libtiff_tif_dirread.c
patch-libtiff_tif_getimage.c patch-libtiff_tif_jpeg.c
patch-libtiff_tif_ojpeg.c patch-libtiff_tif_read.c
patch-libtiff_tif_unix.c patch-libtiff_tif_win32.c
patch-libtiff_tiffio.h patch-tools_tiffcp.c
Log Message:
Add security patches & bump rev.
via FreeBSD bz #216658
https://nvd.nist.gov/vuln/detail/CVE-2017-5225
http://bugzilla.maptools.org/show_bug.cgi?id=2656
http://bugzilla.maptools.org/show_bug.cgi?id=2657
https://github.com/vadz/libtiff/commit/5c080298d59efa53264d7248bbe3a04660db6ef7
https://nvd.nist.gov/vuln/detail/CVE-2017-7592
http://bugzilla.maptools.org/show_bug.cgi?id=2658
https://github.com/vadz/libtiff/commit/48780b4fcc42
https://nvd.nist.gov/vuln/detail/CVE-2017-7593
http://bugzilla.maptools.org/show_bug.cgi?id=2651
https://github.com/vadz/libtiff/commit/d60332057b95
https://nvd.nist.gov/vuln/detail/CVE-2017-7594
http://bugzilla.maptools.org/show_bug.cgi?id=2659
https://github.com/vadz/libtiff/commit/8283e4d1b7e5
https://github.com/vadz/libtiff/commit/2ea32f7372b6
https://nvd.nist.gov/vuln/detail/CVE-2017-7595
https://github.com/vadz/libtiff/commit/47f2fb61a3a64667bce1a8398a8fcb1b348ff122
https://nvd.nist.gov/vuln/detail/CVE-2017-7598
https://github.com/vadz/libtiff/commit/3cfd62d77c2a7e147a05bd678524c345fa9c2bb8
https://nvd.nist.gov/vuln/detail/CVE-2017-7601
https://github.com/vadz/libtiff/commit/0a76a8c765c7b8327c59646284fa78c3c27e5490
https://nvd.nist.gov/vuln/detail/CVE-2017-7602
https://github.com/vadz/libtiff/commit/66e7bd59520996740e4df5495a830b42fae48bc4
diffstat:
graphics/tiff/Makefile | 4 +-
graphics/tiff/distinfo | 11 +++-
graphics/tiff/patches/patch-libtiff_tif_dirread.c | 31 +++++++++++
graphics/tiff/patches/patch-libtiff_tif_getimage.c | 17 ++++++
graphics/tiff/patches/patch-libtiff_tif_jpeg.c | 31 +++++++++++
graphics/tiff/patches/patch-libtiff_tif_ojpeg.c | 42 +++++++++++++++
graphics/tiff/patches/patch-libtiff_tif_read.c | 57 ++++++++++++++++++++
graphics/tiff/patches/patch-libtiff_tif_unix.c | 23 ++++++++
graphics/tiff/patches/patch-libtiff_tif_win32.c | 23 ++++++++
graphics/tiff/patches/patch-libtiff_tiffio.h | 16 +++++
graphics/tiff/patches/patch-tools_tiffcp.c | 61 ++++++++++++++++++++++
11 files changed, 313 insertions(+), 3 deletions(-)
diffs (truncated from 373 to 300 lines):
diff -r 0cc477a7a4c0 -r e19c8ef34cf0 graphics/tiff/Makefile
--- a/graphics/tiff/Makefile Mon May 01 10:05:18 2017 +0000
+++ b/graphics/tiff/Makefile Sat May 06 15:01:21 2017 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.125 2016/11/23 13:51:29 he Exp $
+# $NetBSD: Makefile,v 1.125.4.1 2017/05/06 15:01:21 bsiegert Exp $
DISTNAME= tiff-4.0.7
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= graphics
MASTER_SITES= ftp://download.osgeo.org/libtiff/
diff -r 0cc477a7a4c0 -r e19c8ef34cf0 graphics/tiff/distinfo
--- a/graphics/tiff/distinfo Mon May 01 10:05:18 2017 +0000
+++ b/graphics/tiff/distinfo Sat May 06 15:01:21 2017 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.71 2016/11/23 13:51:29 he Exp $
+$NetBSD: distinfo,v 1.71.4.1 2017/05/06 15:01:21 bsiegert Exp $
SHA1 (tiff-4.0.7.tar.gz) = 2c1b64478e88f93522a42dd5271214a0e5eae648
RMD160 (tiff-4.0.7.tar.gz) = 582e19c31e7f29d9ed36995dcad7ad68802cbadb
@@ -6,4 +6,13 @@
Size (tiff-4.0.7.tar.gz) = 2076392 bytes
SHA1 (patch-configure) = a0032133f06b6ac92bbf52349fabe83f74ea14a6
SHA1 (patch-html_man_Makefile.in) = 705604e2a3065da192e7354a4a9cdcd16bd6823d
+SHA1 (patch-libtiff_tif_dirread.c) = 5c92e2c65a5d95f444f039955ee1afbafeccf5db
+SHA1 (patch-libtiff_tif_getimage.c) = 267b555c8b043d0a835db4d46ef65131776601e6
+SHA1 (patch-libtiff_tif_jpeg.c) = 1049b7b243e9e145886bcac8e68e5e7889337ebc
+SHA1 (patch-libtiff_tif_ojpeg.c) = 6447168e952bb80a1a8272c2c27bb0ce3ccf6939
+SHA1 (patch-libtiff_tif_read.c) = 85674d2e222846e3971301ce2fb7ebe02f54b9b2
+SHA1 (patch-libtiff_tif_unix.c) = c8312771e567f90de0f77ac8eb66ed5c36e35617
+SHA1 (patch-libtiff_tif_win32.c) = 1ea9dcb6618c40b9de3e8d2a81914355f2111fdc
+SHA1 (patch-libtiff_tiffio.h) = e0efa9e1246e07dbb3a69d626988a18f12ba9d3c
SHA1 (patch-man_Makefile.in) = ff073529c9d3ab98a03efa7d98c3263c1782482f
+SHA1 (patch-tools_tiffcp.c) = fa4846cfb5a52eedfb6dc4ed1306f45e3988ddc3
diff -r 0cc477a7a4c0 -r e19c8ef34cf0 graphics/tiff/patches/patch-libtiff_tif_dirread.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/tiff/patches/patch-libtiff_tif_dirread.c Sat May 06 15:01:21 2017 +0000
@@ -0,0 +1,31 @@
+$NetBSD: patch-libtiff_tif_dirread.c,v 1.2.2.2 2017/05/06 15:01:21 bsiegert Exp $
+
+CVE-2017-7598
+https://github.com/vadz/libtiff/commit/3cfd62d77c2a7e147a05bd678524c345fa9c2bb8
+
+--- libtiff/tif_dirread.c.orig 2016-11-18 02:42:46.000000000 +0000
++++ libtiff/tif_dirread.c
+@@ -2872,7 +2872,10 @@ static enum TIFFReadDirEntryErr TIFFRead
+ m.l = direntry->tdir_offset.toff_long8;
+ if (tif->tif_flags&TIFF_SWAB)
+ TIFFSwabArrayOfLong(m.i,2);
+- if (m.i[0]==0)
++ /* Not completely sure what we should do when m.i[1]==0, but some */
++ /* sanitizers do not like division by 0.0: */
++ /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */
++ if (m.i[0]==0 || m.i[1]==0)
+ *value=0.0;
+ else
+ *value=(double)m.i[0]/(double)m.i[1];
+@@ -2900,7 +2903,10 @@ static enum TIFFReadDirEntryErr TIFFRead
+ m.l=direntry->tdir_offset.toff_long8;
+ if (tif->tif_flags&TIFF_SWAB)
+ TIFFSwabArrayOfLong(m.i,2);
+- if ((int32)m.i[0]==0)
++ /* Not completely sure what we should do when m.i[1]==0, but some */
++ /* sanitizers do not like division by 0.0: */
++ /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */
++ if ((int32)m.i[0]==0 || m.i[1]==0)
+ *value=0.0;
+ else
+ *value=(double)((int32)m.i[0])/(double)m.i[1];
diff -r 0cc477a7a4c0 -r e19c8ef34cf0 graphics/tiff/patches/patch-libtiff_tif_getimage.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/tiff/patches/patch-libtiff_tif_getimage.c Sat May 06 15:01:21 2017 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-libtiff_tif_getimage.c,v 1.1.2.2 2017/05/06 15:01:21 bsiegert Exp $
+
+https://nvd.nist.gov/vuln/detail/CVE-2017-7592
+http://bugzilla.maptools.org/show_bug.cgi?id=2658
+https://github.com/vadz/libtiff/commit/48780b4fcc42
+
+--- libtiff/tif_getimage.c.orig 2016-11-18 02:47:45.000000000 +0000
++++ libtiff/tif_getimage.c
+@@ -1305,7 +1305,7 @@ DECLAREContigPutFunc(putagreytile)
+ while (h-- > 0) {
+ for (x = w; x-- > 0;)
+ {
+- *cp++ = BWmap[*pp][0] & (*(pp+1) << 24 | ~A1);
++ *cp++ = BWmap[*pp][0] & ((uint32)*(pp+1) << 24 | ~A1);
+ pp += samplesperpixel;
+ }
+ cp += toskew;
diff -r 0cc477a7a4c0 -r e19c8ef34cf0 graphics/tiff/patches/patch-libtiff_tif_jpeg.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/tiff/patches/patch-libtiff_tif_jpeg.c Sat May 06 15:01:21 2017 +0000
@@ -0,0 +1,31 @@
+$NetBSD: patch-libtiff_tif_jpeg.c,v 1.1.2.2 2017/05/06 15:01:21 bsiegert Exp $
+
+CVE-2017-7595
+https://github.com/vadz/libtiff/commit/47f2fb61a3a64667bce1a8398a8fcb1b348ff122
+
+CVE-2017-7601
+https://github.com/vadz/libtiff/commit/0a76a8c765c7b8327c59646284fa78c3c27e5490
+
+--- libtiff/tif_jpeg.c.orig 2017-05-03 22:26:09.000000000 +0000
++++ libtiff/tif_jpeg.c
+@@ -1626,6 +1626,20 @@ JPEGSetupEncode(TIFF* tif)
+ case PHOTOMETRIC_YCBCR:
+ sp->h_sampling = td->td_ycbcrsubsampling[0];
+ sp->v_sampling = td->td_ycbcrsubsampling[1];
++ if( sp->h_sampling == 0 || sp->v_sampling == 0 )
++ {
++ TIFFErrorExt(tif->tif_clientdata, module,
++ "Invalig horizontal/vertical sampling value");
++ return (0);
++ }
++ if( td->td_bitspersample > 16 )
++ {
++ TIFFErrorExt(tif->tif_clientdata, module,
++ "BitsPerSample %d not allowed for JPEG",
++ td->td_bitspersample);
++ return (0);
++ }
++
+ /*
+ * A ReferenceBlackWhite field *must* be present since the
+ * default value is inappropriate for YCbCr. Fill in the
diff -r 0cc477a7a4c0 -r e19c8ef34cf0 graphics/tiff/patches/patch-libtiff_tif_ojpeg.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/tiff/patches/patch-libtiff_tif_ojpeg.c Sat May 06 15:01:21 2017 +0000
@@ -0,0 +1,42 @@
+$NetBSD: patch-libtiff_tif_ojpeg.c,v 1.1.2.2 2017/05/06 15:01:21 bsiegert Exp $
+
+CVE-2017-7594
+http://bugzilla.maptools.org/show_bug.cgi?id=2659
+https://github.com/vadz/libtiff/commit/8283e4d1b7e5
+https://github.com/vadz/libtiff/commit/2ea32f7372b6
+
+--- libtiff/tif_ojpeg.c.orig 2017-05-03 22:08:50.000000000 +0000
++++ libtiff/tif_ojpeg.c
+@@ -1782,7 +1782,10 @@ OJPEGReadHeaderInfoSecTablesQTable(TIFF*
+ TIFFSeekFile(tif,sp->qtable_offset[m],SEEK_SET);
+ p=(uint32)TIFFReadFile(tif,&ob[sizeof(uint32)+5],64);
+ if (p!=64)
++ {
++ _TIFFfree(ob);
+ return(0);
++ }
+ sp->qtable[m]=ob;
+ sp->sof_tq[m]=m;
+ }
+@@ -1846,7 +1849,10 @@ OJPEGReadHeaderInfoSecTablesDcTable(TIFF
+ rb[sizeof(uint32)+5+n]=o[n];
+ p=(uint32)TIFFReadFile(tif,&(rb[sizeof(uint32)+21]),q);
+ if (p!=q)
++ {
++ _TIFFfree(rb);
+ return(0);
++ }
+ sp->dctable[m]=rb;
+ sp->sos_tda[m]=(m<<4);
+ }
+@@ -1910,7 +1916,10 @@ OJPEGReadHeaderInfoSecTablesAcTable(TIFF
+ rb[sizeof(uint32)+5+n]=o[n];
+ p=(uint32)TIFFReadFile(tif,&(rb[sizeof(uint32)+21]),q);
+ if (p!=q)
++ {
++ _TIFFfree(rb);
+ return(0);
++ }
+ sp->actable[m]=rb;
+ sp->sos_tda[m]=(sp->sos_tda[m]|m);
+ }
diff -r 0cc477a7a4c0 -r e19c8ef34cf0 graphics/tiff/patches/patch-libtiff_tif_read.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/tiff/patches/patch-libtiff_tif_read.c Sat May 06 15:01:21 2017 +0000
@@ -0,0 +1,57 @@
+$NetBSD: patch-libtiff_tif_read.c,v 1.1.2.2 2017/05/06 15:01:21 bsiegert Exp $
+
+CVE-2017-7593
+http://bugzilla.maptools.org/show_bug.cgi?id=2651
+https://github.com/vadz/libtiff/commit/d60332057b95
+
+CVE-2017-7602
+https://github.com/vadz/libtiff/commit/66e7bd59520996740e4df5495a830b42fae48bc4
+
+--- libtiff/tif_read.c.orig 2017-05-03 22:31:30.000000000 +0000
++++ libtiff/tif_read.c
+@@ -420,16 +420,25 @@ TIFFReadRawStrip1(TIFF* tif, uint32 stri
+ return ((tmsize_t)(-1));
+ }
+ } else {
+- tmsize_t ma,mb;
++ tmsize_t ma;
+ tmsize_t n;
+- ma=(tmsize_t)td->td_stripoffset[strip];
+- mb=ma+size;
+- if ((td->td_stripoffset[strip] > (uint64)TIFF_TMSIZE_T_MAX)||(ma>tif->tif_size))
+- n=0;
+- else if ((mb<ma)||(mb<size)||(mb>tif->tif_size))
+- n=tif->tif_size-ma;
+- else
+- n=size;
++ if ((td->td_stripoffset[strip] > (uint64)TIFF_TMSIZE_T_MAX)||
++ ((ma=(tmsize_t)td->td_stripoffset[strip])>tif->tif_size))
++ {
++ n=0;
++ }
++ else if( ma > TIFF_TMSIZE_T_MAX - size )
++ {
++ n=0;
++ }
++ else
++ {
++ tmsize_t mb=ma+size;
++ if (mb>tif->tif_size)
++ n=tif->tif_size-ma;
++ else
++ n=size;
++ }
+ if (n!=size) {
+ #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
+ TIFFErrorExt(tif->tif_clientdata, module,
+@@ -976,7 +985,9 @@ TIFFReadBufferSetup(TIFF* tif, void* bp,
+ "Invalid buffer size");
+ return (0);
+ }
+- tif->tif_rawdata = (uint8*) _TIFFmalloc(tif->tif_rawdatasize);
++ /* Initialize to zero to avoid uninitialized buffers in case of */
++ /* short reads (http://bugzilla.maptools.org/show_bug.cgi?id=2651) */
++ tif->tif_rawdata = (uint8*) _TIFFcalloc(1, tif->tif_rawdatasize);
+ tif->tif_flags |= TIFF_MYBUFFER;
+ }
+ if (tif->tif_rawdata == NULL) {
diff -r 0cc477a7a4c0 -r e19c8ef34cf0 graphics/tiff/patches/patch-libtiff_tif_unix.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/tiff/patches/patch-libtiff_tif_unix.c Sat May 06 15:01:21 2017 +0000
@@ -0,0 +1,23 @@
+$NetBSD: patch-libtiff_tif_unix.c,v 1.1.2.2 2017/05/06 15:01:21 bsiegert Exp $
+
+CVE-2017-7593
+http://bugzilla.maptools.org/show_bug.cgi?id=2651
+https://github.com/vadz/libtiff/commit/d60332057b95
+
+--- libtiff/tif_unix.c.orig 2015-08-28 22:16:22.000000000 +0000
++++ libtiff/tif_unix.c
+@@ -316,6 +316,14 @@ _TIFFmalloc(tmsize_t s)
+ return (malloc((size_t) s));
+ }
+
++void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz)
++{
++ if( nmemb == 0 || siz == 0 )
++ return ((void *) NULL);
++
++ return calloc((size_t) nmemb, (size_t)siz);
++}
++
+ void
+ _TIFFfree(void* p)
+ {
diff -r 0cc477a7a4c0 -r e19c8ef34cf0 graphics/tiff/patches/patch-libtiff_tif_win32.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/tiff/patches/patch-libtiff_tif_win32.c Sat May 06 15:01:21 2017 +0000
@@ -0,0 +1,23 @@
+$NetBSD: patch-libtiff_tif_win32.c,v 1.1.2.2 2017/05/06 15:01:21 bsiegert Exp $
+
+CVE-2017-7593
+http://bugzilla.maptools.org/show_bug.cgi?id=2651
+https://github.com/vadz/libtiff/commit/d60332057b95
+
+--- libtiff/tif_win32.c.orig 2015-08-28 22:16:22.000000000 +0000
++++ libtiff/tif_win32.c
+@@ -360,6 +360,14 @@ _TIFFmalloc(tmsize_t s)
+ return (malloc((size_t) s));
+ }
+
++void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz)
++{
++ if( nmemb == 0 || siz == 0 )
++ return ((void *) NULL);
++
++ return calloc((size_t) nmemb, (size_t)siz);
++}
++
+ void
+ _TIFFfree(void* p)
+ {
diff -r 0cc477a7a4c0 -r e19c8ef34cf0 graphics/tiff/patches/patch-libtiff_tiffio.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/tiff/patches/patch-libtiff_tiffio.h Sat May 06 15:01:21 2017 +0000
@@ -0,0 +1,16 @@
+$NetBSD: patch-libtiff_tiffio.h,v 1.1.2.2 2017/05/06 15:01:21 bsiegert Exp $
+
+CVE-2017-7593
+http://bugzilla.maptools.org/show_bug.cgi?id=2651
+https://github.com/vadz/libtiff/commit/d60332057b95
+
+--- libtiff/tiffio.h.orig 2016-01-24 15:39:51.000000000 +0000
++++ libtiff/tiffio.h
Home |
Main Index |
Thread Index |
Old Index