Wed Jun 21 01:08:33 2017 UTC ()
fix CVE-2014-8128, CVE-2016-5318, CVE-2015-7554 & CVE-2016-10095
per http://bugzilla.maptools.org/show_bug.cgi?id=2580
also CVE-2017-9147
(http://bugzilla.maptools.org/show_bug.cgi?id=2693)
(tez)
diff -r1.136 -r1.137 pkgsrc/graphics/tiff/Makefile
diff -r1.82 -r1.83 pkgsrc/graphics/tiff/distinfo
diff -r0 -r1.1 pkgsrc/graphics/tiff/patches/patch-libtiff_tif_dir.h
diff -r0 -r1.1 pkgsrc/graphics/tiff/patches/patch-libtiff_tif_dirinfo.c
diff -r0 -r1.5 pkgsrc/graphics/tiff/patches/patch-libtiff_tif_dirread.c
--- pkgsrc/graphics/tiff/Makefile 2017/05/29 13:44:05 1.136
+++ pkgsrc/graphics/tiff/Makefile 2017/06/21 01:08:33 1.137
| @@ -1,16 +1,17 @@ | | | @@ -1,16 +1,17 @@ |
1 | # $NetBSD: Makefile,v 1.136 2017/05/29 13:44:05 he Exp $ | | 1 | # $NetBSD: Makefile,v 1.137 2017/06/21 01:08:33 tez Exp $ |
2 | | | 2 | |
3 | DISTNAME= tiff-4.0.8 | | 3 | DISTNAME= tiff-4.0.8 |
| | | 4 | PKGREVISION= 1 |
4 | CATEGORIES= graphics | | 5 | CATEGORIES= graphics |
5 | MASTER_SITES= ftp://download.osgeo.org/libtiff/ | | 6 | MASTER_SITES= ftp://download.osgeo.org/libtiff/ |
6 | | | 7 | |
7 | MAINTAINER= pkgsrc-users@NetBSD.org | | 8 | MAINTAINER= pkgsrc-users@NetBSD.org |
8 | HOMEPAGE= http://simplesystems.org/libtiff/ | | 9 | HOMEPAGE= http://simplesystems.org/libtiff/ |
9 | COMMENT= Library and tools for reading and writing TIFF data files | | 10 | COMMENT= Library and tools for reading and writing TIFF data files |
10 | LICENSE= mit | | 11 | LICENSE= mit |
11 | | | 12 | |
12 | EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} | | 13 | EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} |
13 | | | 14 | |
14 | USE_LANGUAGES= c c++ | | 15 | USE_LANGUAGES= c c++ |
15 | USE_LIBTOOL= yes | | 16 | USE_LIBTOOL= yes |
16 | GNU_CONFIGURE= yes | | 17 | GNU_CONFIGURE= yes |
--- pkgsrc/graphics/tiff/distinfo 2017/05/29 13:44:05 1.82
+++ pkgsrc/graphics/tiff/distinfo 2017/06/21 01:08:33 1.83
| @@ -1,7 +1,10 @@ | | | @@ -1,7 +1,10 @@ |
1 | $NetBSD: distinfo,v 1.82 2017/05/29 13:44:05 he Exp $ | | 1 | $NetBSD: distinfo,v 1.83 2017/06/21 01:08:33 tez Exp $ |
2 | | | 2 | |
3 | SHA1 (tiff-4.0.8.tar.gz) = 88717c97480a7976c94d23b6d9ed4ac74715267f | | 3 | SHA1 (tiff-4.0.8.tar.gz) = 88717c97480a7976c94d23b6d9ed4ac74715267f |
4 | RMD160 (tiff-4.0.8.tar.gz) = 0d8bc26c98035810c73b8f876f76dc48efba7da8 | | 4 | RMD160 (tiff-4.0.8.tar.gz) = 0d8bc26c98035810c73b8f876f76dc48efba7da8 |
5 | SHA512 (tiff-4.0.8.tar.gz) = 5d010ec4ce37aca733f7ab7db9f432987b0cd21664bd9d99452a146833c40f0d1e7309d1870b0395e947964134d5cfeb1366181e761fe353ad585803ff3d6be6 | | 5 | SHA512 (tiff-4.0.8.tar.gz) = 5d010ec4ce37aca733f7ab7db9f432987b0cd21664bd9d99452a146833c40f0d1e7309d1870b0395e947964134d5cfeb1366181e761fe353ad585803ff3d6be6 |
6 | Size (tiff-4.0.8.tar.gz) = 2065574 bytes | | 6 | Size (tiff-4.0.8.tar.gz) = 2065574 bytes |
7 | SHA1 (patch-configure) = a0032133f06b6ac92bbf52349fabe83f74ea14a6 | | 7 | SHA1 (patch-configure) = a0032133f06b6ac92bbf52349fabe83f74ea14a6 |
| | | 8 | SHA1 (patch-libtiff_tif_dir.h) = f4790fc1a671d1404974e0fa99b36e77653f3b87 |
| | | 9 | SHA1 (patch-libtiff_tif_dirinfo.c) = 9acbc2912ff9e1636d94dfdfe6f0b3d593eed95a |
| | | 10 | SHA1 (patch-libtiff_tif_dirread.c) = 87176772a12c1eb4d0ff801ad9d4e7f368c64c44 |
$NetBSD: patch-libtiff_tif_dir.h,v 1.1 2017/06/21 01:08:33 tez Exp $
fix CVE-2014-8128, CVE-2016-5318, CVE-2015-7554 & CVE-2016-10095
per http://bugzilla.maptools.org/show_bug.cgi?id=2580
also CVE-2017-9147
(http://bugzilla.maptools.org/show_bug.cgi?id=2693)
Index: tif_dir.h
===================================================================
RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.h,v
retrieving revision 1.54
retrieving revision 1.55
diff -w -u -b -r1.54 -r1.55
--- libtiff/tif_dir.h.orig 18 Feb 2011 20:53:05 -0000 1.54
+++ libtiff/tif_dir.h 1 Jun 2017 12:44:04 -0000 1.55
@@ -1,4 +1,4 @@
-/* $Id: patch-libtiff_tif_dir.h,v 1.1 2017/06/21 01:08:33 tez Exp $ */
+/* $Id: patch-libtiff_tif_dir.h,v 1.1 2017/06/21 01:08:33 tez Exp $ */
/*
* Copyright (c) 1988-1997 Sam Leffler
@@ -291,6 +291,7 @@
extern int _TIFFMergeFields(TIFF*, const TIFFField[], uint32);
extern const TIFFField* _TIFFFindOrRegisterField(TIFF *, uint32, TIFFDataType);
extern TIFFField* _TIFFCreateAnonField(TIFF *, uint32, TIFFDataType);
+extern int _TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag);
#if defined(__cplusplus)
}
$NetBSD: patch-libtiff_tif_dirinfo.c,v 1.1 2017/06/21 01:08:33 tez Exp $
fix CVE-2014-8128, CVE-2016-5318, CVE-2015-7554 & CVE-2016-10095
per http://bugzilla.maptools.org/show_bug.cgi?id=2580
also CVE-2017-9147
(http://bugzilla.maptools.org/show_bug.cgi?id=2693)
Index: tif_dirinfo.c
===================================================================
RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirinfo.c,v
retrieving revision 1.126
retrieving revision 1.127
diff -w -u -b -r1.126 -r1.127
--- libtiff/tif_dirinfo.c.orig 18 Nov 2016 02:52:13 -0000 1.126
+++ libtiff/tif_dirinfo.c 1 Jun 2017 12:44:04 -0000 1.127
@@ -1,4 +1,4 @@
-/* $Id: patch-libtiff_tif_dirinfo.c,v 1.1 2017/06/21 01:08:33 tez Exp $ */
+/* $Id: patch-libtiff_tif_dirinfo.c,v 1.1 2017/06/21 01:08:33 tez Exp $ */
/*
* Copyright (c) 1988-1997 Sam Leffler
@@ -956,6 +956,109 @@
return 0;
}
+int
+_TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag)
+{
+ /* Filter out non-codec specific tags */
+ switch (tag) {
+ /* Shared tags */
+ case TIFFTAG_PREDICTOR:
+ /* JPEG tags */
+ case TIFFTAG_JPEGTABLES:
+ /* OJPEG tags */
+ case TIFFTAG_JPEGIFOFFSET:
+ case TIFFTAG_JPEGIFBYTECOUNT:
+ case TIFFTAG_JPEGQTABLES:
+ case TIFFTAG_JPEGDCTABLES:
+ case TIFFTAG_JPEGACTABLES:
+ case TIFFTAG_JPEGPROC:
+ case TIFFTAG_JPEGRESTARTINTERVAL:
+ /* CCITT* */
+ case TIFFTAG_BADFAXLINES:
+ case TIFFTAG_CLEANFAXDATA:
+ case TIFFTAG_CONSECUTIVEBADFAXLINES:
+ case TIFFTAG_GROUP3OPTIONS:
+ case TIFFTAG_GROUP4OPTIONS:
+ break;
+ default:
+ return 1;
+ }
+ /* Check if codec specific tags are allowed for the current
+ * compression scheme (codec) */
+ switch (tif->tif_dir.td_compression) {
+ case COMPRESSION_LZW:
+ if (tag == TIFFTAG_PREDICTOR)
+ return 1;
+ break;
+ case COMPRESSION_PACKBITS:
+ /* No codec-specific tags */
+ break;
+ case COMPRESSION_THUNDERSCAN:
+ /* No codec-specific tags */
+ break;
+ case COMPRESSION_NEXT:
+ /* No codec-specific tags */
+ break;
+ case COMPRESSION_JPEG:
+ if (tag == TIFFTAG_JPEGTABLES)
+ return 1;
+ break;
+ case COMPRESSION_OJPEG:
+ switch (tag) {
+ case TIFFTAG_JPEGIFOFFSET:
+ case TIFFTAG_JPEGIFBYTECOUNT:
+ case TIFFTAG_JPEGQTABLES:
+ case TIFFTAG_JPEGDCTABLES:
+ case TIFFTAG_JPEGACTABLES:
+ case TIFFTAG_JPEGPROC:
+ case TIFFTAG_JPEGRESTARTINTERVAL:
+ return 1;
+ }
+ break;
+ case COMPRESSION_CCITTRLE:
+ case COMPRESSION_CCITTRLEW:
+ case COMPRESSION_CCITTFAX3:
+ case COMPRESSION_CCITTFAX4:
+ switch (tag) {
+ case TIFFTAG_BADFAXLINES:
+ case TIFFTAG_CLEANFAXDATA:
+ case TIFFTAG_CONSECUTIVEBADFAXLINES:
+ return 1;
+ case TIFFTAG_GROUP3OPTIONS:
+ if (tif->tif_dir.td_compression == COMPRESSION_CCITTFAX3)
+ return 1;
+ break;
+ case TIFFTAG_GROUP4OPTIONS:
+ if (tif->tif_dir.td_compression == COMPRESSION_CCITTFAX4)
+ return 1;
+ break;
+ }
+ break;
+ case COMPRESSION_JBIG:
+ /* No codec-specific tags */
+ break;
+ case COMPRESSION_DEFLATE:
+ case COMPRESSION_ADOBE_DEFLATE:
+ if (tag == TIFFTAG_PREDICTOR)
+ return 1;
+ break;
+ case COMPRESSION_PIXARLOG:
+ if (tag == TIFFTAG_PREDICTOR)
+ return 1;
+ break;
+ case COMPRESSION_SGILOG:
+ case COMPRESSION_SGILOG24:
+ /* No codec-specific tags */
+ break;
+ case COMPRESSION_LZMA:
+ if (tag == TIFFTAG_PREDICTOR)
+ return 1;
+ break;
+
+ }
+ return 0;
+}
+
/* vim: set ts=8 sts=8 sw=8 noet: */
/*
$NetBSD: patch-libtiff_tif_dirread.c,v 1.5 2017/06/21 01:08:33 tez Exp $
fix CVE-2014-8128, CVE-2016-5318, CVE-2015-7554 & CVE-2016-10095
per http://bugzilla.maptools.org/show_bug.cgi?id=2580
also CVE-2017-9147
(http://bugzilla.maptools.org/show_bug.cgi?id=2693)
Index: tif_dirread.c
===================================================================
RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v
retrieving revision 1.208
retrieving revision 1.209
diff -w -u -b -r1.208 -r1.209
--- libtiff/tif_dirread.c.orig 27 Apr 2017 15:46:22 -0000 1.208
+++ libtiff/tif_dirread.c 1 Jun 2017 12:44:04 -0000 1.209
@@ -1,4 +1,4 @@
-/* $Id: patch-libtiff_tif_dirread.c,v 1.5 2017/06/21 01:08:33 tez Exp $ */
+/* $Id: patch-libtiff_tif_dirread.c,v 1.5 2017/06/21 01:08:33 tez Exp $ */
/*
* Copyright (c) 1988-1997 Sam Leffler
@@ -3580,6 +3580,10 @@
goto bad;
dp->tdir_tag=IGNORE;
break;
+ default:
+ if( !_TIFFCheckFieldIsValidForCodec(tif, dp->tdir_tag) )
+ dp->tdir_tag=IGNORE;
+ break;
}
}
}