[pkgsrc/trunk]: pkgsrc/graphics/tiff tiff: apply fixes for CVE-2022-22844 CVE...

[nia <nia%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/f337d32203b5
branches:  trunk
changeset: 375753:f337d32203b5
user:      nia <nia%pkgsrc.org@localhost>
date:      Fri Mar 25 08:36:37 2022 +0000

description:
tiff: apply fixes for CVE-2022-22844 CVE-2022-0561 CVE-2022-0562

This is tiff-4.3.0nb1.

diffstat:

 graphics/tiff/Makefile                     |   3 +-
 graphics/tiff/distinfo                     |   4 ++-
 graphics/tiff/patches/patch-CVE-2022-0561  |  30 +++++++++++++++++++++++++++++
 graphics/tiff/patches/patch-CVE-2022-22844 |  31 ++++++++++++++++++++++++++++++
 4 files changed, 66 insertions(+), 2 deletions(-)

diffs (94 lines):

diff -r 58fd30a93c15 -r f337d32203b5 graphics/tiff/Makefile
--- a/graphics/tiff/Makefile    Fri Mar 25 08:22:35 2022 +0000
+++ b/graphics/tiff/Makefile    Fri Mar 25 08:36:37 2022 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.150 2021/06/14 20:45:03 schmonz Exp $
+# $NetBSD: Makefile,v 1.151 2022/03/25 08:36:37 nia Exp $
 
 DISTNAME=      tiff-4.3.0
+PKGREVISION=   1
 CATEGORIES=    graphics
 MASTER_SITES=  https://download.osgeo.org/libtiff/
 
diff -r 58fd30a93c15 -r f337d32203b5 graphics/tiff/distinfo
--- a/graphics/tiff/distinfo    Fri Mar 25 08:22:35 2022 +0000
+++ b/graphics/tiff/distinfo    Fri Mar 25 08:36:37 2022 +0000
@@ -1,6 +1,8 @@
-$NetBSD: distinfo,v 1.100 2021/10/26 10:47:21 nia Exp $
+$NetBSD: distinfo,v 1.101 2022/03/25 08:36:37 nia Exp $
 
 BLAKE2s (tiff-4.3.0.tar.gz) = 28ba59df6d3d7a967dc168645bfc78f047ac8f7f548050abbbd0560f9dd21c75
 SHA512 (tiff-4.3.0.tar.gz) = e04a4a6c542e58a174c1e9516af3908acf1d3d3e1096648c5514f4963f73e7af27387a76b0fbabe43cf867a18874088f963796a7cd6e45deb998692e3e235493
 Size (tiff-4.3.0.tar.gz) = 2808254 bytes
+SHA1 (patch-CVE-2022-0561) = ceb02d9fb6a897a50d65fd3f46ab527ea84562a4
+SHA1 (patch-CVE-2022-22844) = 268d67ea1a24c6078006c37bf5c56b00a6a0183f
 SHA1 (patch-Makefile.in) = de93f4a2cea4bffc117482fdc6875adfb9aa67e0
diff -r 58fd30a93c15 -r f337d32203b5 graphics/tiff/patches/patch-CVE-2022-0561
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/tiff/patches/patch-CVE-2022-0561 Fri Mar 25 08:36:37 2022 +0000
@@ -0,0 +1,30 @@
+$NetBSD: patch-CVE-2022-0561,v 1.1 2022/03/25 08:36:37 nia Exp $
+
+https://gitlab.com/libtiff/libtiff/-/issues/362
+
+This fixes CVE-2022-0561 and CVE-2022-0562.
+
+--- libtiff/tif_dirread.c.orig 2021-03-07 18:37:25.000000000 +0000
++++ libtiff/tif_dirread.c
+@@ -4173,7 +4173,8 @@ TIFFReadDirectory(TIFF* tif)
+                     goto bad;
+                 }
+ 
+-                memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16_t));
++                if (old_extrasamples > 0)
++                    memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16_t));
+                 _TIFFsetShortArray(&tif->tif_dir.td_sampleinfo, new_sampleinfo, tif->tif_dir.td_extrasamples);
+                 _TIFFfree(new_sampleinfo);
+         }
+@@ -5765,8 +5766,9 @@ TIFFFetchStripThing(TIFF* tif, TIFFDirEn
+                       _TIFFfree(data);
+                       return(0);
+               }
+-                _TIFFmemcpy(resizeddata,data, (uint32_t)dir->tdir_count * sizeof(uint64_t));
+-                _TIFFmemset(resizeddata+(uint32_t)dir->tdir_count, 0, (nstrips - (uint32_t)dir->tdir_count) * sizeof(uint64_t));
++              if( dir->tdir_count )
++                      _TIFFmemcpy(resizeddata,data, (uint32_t)dir->tdir_count * sizeof(uint64_t));
++              _TIFFmemset(resizeddata+(uint32_t)dir->tdir_count, 0, (nstrips - (uint32_t)dir->tdir_count) * sizeof(uint64_t));
+               _TIFFfree(data);
+               data=resizeddata;
+       }
diff -r 58fd30a93c15 -r f337d32203b5 graphics/tiff/patches/patch-CVE-2022-22844
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/tiff/patches/patch-CVE-2022-22844        Fri Mar 25 08:36:37 2022 +0000
@@ -0,0 +1,31 @@
+$NetBSD: patch-CVE-2022-22844,v 1.1 2022/03/25 08:36:37 nia Exp $
+
+https://gitlab.com/libtiff/libtiff/-/issues/355
+
+This fixes CVE-2022-22844.
+
+--- tools/tiffset.c.orig       2021-03-07 11:39:11.000000000 +0000
++++ tools/tiffset.c
+@@ -146,9 +146,19 @@ main(int argc, char* argv[])
+ 
+             arg_index++;
+             if (TIFFFieldDataType(fip) == TIFF_ASCII) {
+-                if (TIFFSetField(tiff, TIFFFieldTag(fip), argv[arg_index]) != 1)
+-                    fprintf( stderr, "Failed to set %s=%s\n",
+-                             TIFFFieldName(fip), argv[arg_index] );
++                if(TIFFFieldPassCount( fip )) {
++                    size_t len;
++                    len = strlen(argv[arg_index]) + 1;
++                    if (len > UINT16_MAX || TIFFSetField(tiff, TIFFFieldTag(fip),
++                            (uint16_t)len, argv[arg_index]) != 1)
++                        fprintf( stderr, "Failed to set %s=%s\n",
++                            TIFFFieldName(fip), argv[arg_index] );
++                } else {
++                    if (TIFFSetField(tiff, TIFFFieldTag(fip),
++                            argv[arg_index]) != 1)
++                        fprintf( stderr, "Failed to set %s=%s\n",
++                            TIFFFieldName(fip), argv[arg_index] );
++                }
+             } else if (TIFFFieldWriteCount(fip) > 0
+                      || TIFFFieldWriteCount(fip) == TIFF_VARIABLE) {
+                 int     ret = 1;