Tue Jan 16 23:52:06 2018 UTC ()
tiff: add patch for CVE-2017-9935 from upstream git repo


(tez)
diff -r1.139 -r1.140 pkgsrc/graphics/tiff/Makefile
diff -r1.88 -r1.89 pkgsrc/graphics/tiff/distinfo
diff -r0 -r1.1 pkgsrc/graphics/tiff/patches/patch-CVE-2017-9935
cvs diff -r1.139 -r1.140 pkgsrc/graphics/tiff/Makefile (expand / switch to unified diff)

--- pkgsrc/graphics/tiff/Makefile 2017/12/03 09:07:06 1.139
+++ pkgsrc/graphics/tiff/Makefile 2018/01/16 23:52:06 1.140
@@ -1,17 +1,17 @@ @@ -1,17 +1,17 @@
1# $NetBSD: Makefile,v 1.139 2017/12/03 09:07:06 maya Exp $ 1# $NetBSD: Makefile,v 1.140 2018/01/16 23:52:06 tez Exp $
2 2
3DISTNAME= tiff-4.0.9 3DISTNAME= tiff-4.0.9
4PKGREVISION= 1 4PKGREVISION= 2
5CATEGORIES= graphics 5CATEGORIES= graphics
6MASTER_SITES= ftp://download.osgeo.org/libtiff/ 6MASTER_SITES= ftp://download.osgeo.org/libtiff/
7 7
8MAINTAINER= pkgsrc-users@NetBSD.org 8MAINTAINER= pkgsrc-users@NetBSD.org
9HOMEPAGE= http://simplesystems.org/libtiff/ 9HOMEPAGE= http://simplesystems.org/libtiff/
10COMMENT= Library and tools for reading and writing TIFF data files 10COMMENT= Library and tools for reading and writing TIFF data files
11LICENSE= mit 11LICENSE= mit
12 12
13EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} 13EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX}
14 14
15USE_LANGUAGES= c c++ 15USE_LANGUAGES= c c++
16USE_LIBTOOL= yes 16USE_LIBTOOL= yes
17GNU_CONFIGURE= yes 17GNU_CONFIGURE= yes
cvs diff -r1.88 -r1.89 pkgsrc/graphics/tiff/distinfo (expand / switch to unified diff)

--- pkgsrc/graphics/tiff/distinfo 2017/12/03 09:07:06 1.88
+++ pkgsrc/graphics/tiff/distinfo 2018/01/16 23:52:06 1.89
@@ -1,8 +1,9 @@ @@ -1,8 +1,9 @@
1$NetBSD: distinfo,v 1.88 2017/12/03 09:07:06 maya Exp $ 1$NetBSD: distinfo,v 1.89 2018/01/16 23:52:06 tez Exp $
2 2
3SHA1 (tiff-4.0.9.tar.gz) = 87d4543579176cc568668617c22baceccd568296 3SHA1 (tiff-4.0.9.tar.gz) = 87d4543579176cc568668617c22baceccd568296
4RMD160 (tiff-4.0.9.tar.gz) = ab5b3b7297e79344775b1e70c4d54c90c06836a3 4RMD160 (tiff-4.0.9.tar.gz) = ab5b3b7297e79344775b1e70c4d54c90c06836a3
5SHA512 (tiff-4.0.9.tar.gz) = 04f3d5eefccf9c1a0393659fe27f3dddd31108c401ba0dc587bca152a1c1f6bc844ba41622ff5572da8cc278593eff8c402b44e7af0a0090e91d326c2d79f6cd 5SHA512 (tiff-4.0.9.tar.gz) = 04f3d5eefccf9c1a0393659fe27f3dddd31108c401ba0dc587bca152a1c1f6bc844ba41622ff5572da8cc278593eff8c402b44e7af0a0090e91d326c2d79f6cd
6Size (tiff-4.0.9.tar.gz) = 2305681 bytes 6Size (tiff-4.0.9.tar.gz) = 2305681 bytes
 7SHA1 (patch-CVE-2017-9935) = d33f3311e5bb96bf415f894237ab4dfcfafd2610
7SHA1 (patch-configure) = a0032133f06b6ac92bbf52349fabe83f74ea14a6 8SHA1 (patch-configure) = a0032133f06b6ac92bbf52349fabe83f74ea14a6
8SHA1 (patch-tools_pal2rgb.c) = f91652e8013940c162add870ceb9845e2730bc2c 9SHA1 (patch-tools_pal2rgb.c) = f91652e8013940c162add870ceb9845e2730bc2c
File Added: pkgsrc/graphics/tiff/patches/Attic/patch-CVE-2017-9935
$NetBSD: patch-CVE-2017-9935,v 1.1 2018/01/16 23:52:06 tez Exp $

Patch for cve-2017-9935 from upstream git repo


--- libtiff/tif_dir.c.orig
+++ libtiff/tif_dir.c
@@ -1065,6 +1065,9 @@ 
 			if (td->td_samplesperpixel - td->td_extrasamples > 1) {
 				*va_arg(ap, uint16**) = td->td_transferfunction[1];
 				*va_arg(ap, uint16**) = td->td_transferfunction[2];
+			} else {
+				*va_arg(ap, uint16**) = NULL;
+				*va_arg(ap, uint16**) = NULL;
 			}
 			break;
 		case TIFFTAG_REFERENCEBLACKWHITE:

--- tools/tiff2pdf.c.orig	2017-10-29 18:50:41.000000000 +0000
+++ tools/tiff2pdf.c
@@ -237,7 +237,7 @@ typedef struct {
 	float tiff_whitechromaticities[2];
 	float tiff_primarychromaticities[6];
 	float tiff_referenceblackwhite[2];
-	float* tiff_transferfunction[3];
+	uint16* tiff_transferfunction[3];
 	int pdf_image_interpolate;	/* 0 (default) : do not interpolate,
 					   1 : interpolate */
 	uint16 tiff_transferfunctioncount;
@@ -1047,6 +1047,8 @@ void t2p_read_tiff_init(T2P* t2p, TIFF*
 	uint16 pagen=0;
 	uint16 paged=0;
 	uint16 xuint16=0;
+	uint16 tiff_transferfunctioncount=0;
+	uint16* tiff_transferfunction[3];
 
 	directorycount=TIFFNumberOfDirectories(input);
 	t2p->tiff_pages = (T2P_PAGE*) _TIFFmalloc(TIFFSafeMultiply(tmsize_t,directorycount,sizeof(T2P_PAGE)));
@@ -1147,26 +1149,48 @@ void t2p_read_tiff_init(T2P* t2p, TIFF*
                 }
 #endif
 		if (TIFFGetField(input, TIFFTAG_TRANSFERFUNCTION,
-                                 &(t2p->tiff_transferfunction[0]),
-                                 &(t2p->tiff_transferfunction[1]),
-                                 &(t2p->tiff_transferfunction[2]))) {
-			if((t2p->tiff_transferfunction[1] != (float*) NULL) &&
-                           (t2p->tiff_transferfunction[2] != (float*) NULL) &&
-                           (t2p->tiff_transferfunction[1] !=
-                            t2p->tiff_transferfunction[0])) {
-				t2p->tiff_transferfunctioncount = 3;
-				t2p->tiff_pages[i].page_extra += 4;
-				t2p->pdf_xrefcount += 4;
-			} else {
-				t2p->tiff_transferfunctioncount = 1;
-				t2p->tiff_pages[i].page_extra += 2;
-				t2p->pdf_xrefcount += 2;
-			}
-			if(t2p->pdf_minorversion < 2)
-				t2p->pdf_minorversion = 2;
+                                 &(tiff_transferfunction[0]),
+                                 &(tiff_transferfunction[1]),
+                                 &(tiff_transferfunction[2]))) {
+
+                        if((tiff_transferfunction[1] != (uint16*) NULL) &&
+                           (tiff_transferfunction[2] != (uint16*) NULL)
+                          ) {
+                            tiff_transferfunctioncount=3;
+                        } else {
+                            tiff_transferfunctioncount=1;
+                        }
                 } else {
-			t2p->tiff_transferfunctioncount=0;
+			tiff_transferfunctioncount=0;
 		}
+
+                if (i > 0){
+                    if (tiff_transferfunctioncount != t2p->tiff_transferfunctioncount){
+                        TIFFError(
+                            TIFF2PDF_MODULE, 
+                            "Different transfer function on page %d", 
+                            i);
+                        t2p->t2p_error = T2P_ERR_ERROR;
+                        return;
+                    }
+                }
+
+                t2p->tiff_transferfunctioncount = tiff_transferfunctioncount;
+                t2p->tiff_transferfunction[0] = tiff_transferfunction[0];
+                t2p->tiff_transferfunction[1] = tiff_transferfunction[1];
+                t2p->tiff_transferfunction[2] = tiff_transferfunction[2];
+                if(tiff_transferfunctioncount == 3){
+                        t2p->tiff_pages[i].page_extra += 4;
+                        t2p->pdf_xrefcount += 4;
+                        if(t2p->pdf_minorversion < 2)
+                                t2p->pdf_minorversion = 2;
+                } else if (tiff_transferfunctioncount == 1){
+                        t2p->tiff_pages[i].page_extra += 2;
+                        t2p->pdf_xrefcount += 2;
+                        if(t2p->pdf_minorversion < 2)
+                                t2p->pdf_minorversion = 2;
+                }
+
 		if( TIFFGetField(
 			input, 
 			TIFFTAG_ICCPROFILE, 
@@ -1827,10 +1851,9 @@ void t2p_read_tiff_data(T2P* t2p, TIFF*
 			 &(t2p->tiff_transferfunction[0]),
 			 &(t2p->tiff_transferfunction[1]),
 			 &(t2p->tiff_transferfunction[2]))) {
-		if((t2p->tiff_transferfunction[1] != (float*) NULL) &&
-                   (t2p->tiff_transferfunction[2] != (float*) NULL) &&
-                   (t2p->tiff_transferfunction[1] !=
-                    t2p->tiff_transferfunction[0])) {
+		if((t2p->tiff_transferfunction[1] != (uint16*) NULL) &&
+                   (t2p->tiff_transferfunction[2] != (uint16*) NULL)
+                  ) {
 			t2p->tiff_transferfunctioncount=3;
 		} else {
 			t2p->tiff_transferfunctioncount=1;