Tue Jan 16 23:52:06 2018 UTC ()
tiff: add patch for CVE-2017-9935 from upstream git repo
(tez)
diff -r1.139 -r1.140 pkgsrc/graphics/tiff/Makefile
diff -r1.88 -r1.89 pkgsrc/graphics/tiff/distinfo
diff -r0 -r1.1 pkgsrc/graphics/tiff/patches/patch-CVE-2017-9935
--- pkgsrc/graphics/tiff/Makefile 2017/12/03 09:07:06 1.139
+++ pkgsrc/graphics/tiff/Makefile 2018/01/16 23:52:06 1.140
| @@ -1,17 +1,17 @@ | | | @@ -1,17 +1,17 @@ |
1 | # $NetBSD: Makefile,v 1.139 2017/12/03 09:07:06 maya Exp $ | | 1 | # $NetBSD: Makefile,v 1.140 2018/01/16 23:52:06 tez Exp $ |
2 | | | 2 | |
3 | DISTNAME= tiff-4.0.9 | | 3 | DISTNAME= tiff-4.0.9 |
4 | PKGREVISION= 1 | | 4 | PKGREVISION= 2 |
5 | CATEGORIES= graphics | | 5 | CATEGORIES= graphics |
6 | MASTER_SITES= ftp://download.osgeo.org/libtiff/ | | 6 | MASTER_SITES= ftp://download.osgeo.org/libtiff/ |
7 | | | 7 | |
8 | MAINTAINER= pkgsrc-users@NetBSD.org | | 8 | MAINTAINER= pkgsrc-users@NetBSD.org |
9 | HOMEPAGE= http://simplesystems.org/libtiff/ | | 9 | HOMEPAGE= http://simplesystems.org/libtiff/ |
10 | COMMENT= Library and tools for reading and writing TIFF data files | | 10 | COMMENT= Library and tools for reading and writing TIFF data files |
11 | LICENSE= mit | | 11 | LICENSE= mit |
12 | | | 12 | |
13 | EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} | | 13 | EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} |
14 | | | 14 | |
15 | USE_LANGUAGES= c c++ | | 15 | USE_LANGUAGES= c c++ |
16 | USE_LIBTOOL= yes | | 16 | USE_LIBTOOL= yes |
17 | GNU_CONFIGURE= yes | | 17 | GNU_CONFIGURE= yes |
--- pkgsrc/graphics/tiff/distinfo 2017/12/03 09:07:06 1.88
+++ pkgsrc/graphics/tiff/distinfo 2018/01/16 23:52:06 1.89
| @@ -1,8 +1,9 @@ | | | @@ -1,8 +1,9 @@ |
1 | $NetBSD: distinfo,v 1.88 2017/12/03 09:07:06 maya Exp $ | | 1 | $NetBSD: distinfo,v 1.89 2018/01/16 23:52:06 tez Exp $ |
2 | | | 2 | |
3 | SHA1 (tiff-4.0.9.tar.gz) = 87d4543579176cc568668617c22baceccd568296 | | 3 | SHA1 (tiff-4.0.9.tar.gz) = 87d4543579176cc568668617c22baceccd568296 |
4 | RMD160 (tiff-4.0.9.tar.gz) = ab5b3b7297e79344775b1e70c4d54c90c06836a3 | | 4 | RMD160 (tiff-4.0.9.tar.gz) = ab5b3b7297e79344775b1e70c4d54c90c06836a3 |
5 | SHA512 (tiff-4.0.9.tar.gz) = 04f3d5eefccf9c1a0393659fe27f3dddd31108c401ba0dc587bca152a1c1f6bc844ba41622ff5572da8cc278593eff8c402b44e7af0a0090e91d326c2d79f6cd | | 5 | SHA512 (tiff-4.0.9.tar.gz) = 04f3d5eefccf9c1a0393659fe27f3dddd31108c401ba0dc587bca152a1c1f6bc844ba41622ff5572da8cc278593eff8c402b44e7af0a0090e91d326c2d79f6cd |
6 | Size (tiff-4.0.9.tar.gz) = 2305681 bytes | | 6 | Size (tiff-4.0.9.tar.gz) = 2305681 bytes |
| | | 7 | SHA1 (patch-CVE-2017-9935) = d33f3311e5bb96bf415f894237ab4dfcfafd2610 |
7 | SHA1 (patch-configure) = a0032133f06b6ac92bbf52349fabe83f74ea14a6 | | 8 | SHA1 (patch-configure) = a0032133f06b6ac92bbf52349fabe83f74ea14a6 |
8 | SHA1 (patch-tools_pal2rgb.c) = f91652e8013940c162add870ceb9845e2730bc2c | | 9 | SHA1 (patch-tools_pal2rgb.c) = f91652e8013940c162add870ceb9845e2730bc2c |
$NetBSD: patch-CVE-2017-9935,v 1.1 2018/01/16 23:52:06 tez Exp $
Patch for cve-2017-9935 from upstream git repo
--- libtiff/tif_dir.c.orig
+++ libtiff/tif_dir.c
@@ -1065,6 +1065,9 @@
if (td->td_samplesperpixel - td->td_extrasamples > 1) {
*va_arg(ap, uint16**) = td->td_transferfunction[1];
*va_arg(ap, uint16**) = td->td_transferfunction[2];
+ } else {
+ *va_arg(ap, uint16**) = NULL;
+ *va_arg(ap, uint16**) = NULL;
}
break;
case TIFFTAG_REFERENCEBLACKWHITE:
--- tools/tiff2pdf.c.orig 2017-10-29 18:50:41.000000000 +0000
+++ tools/tiff2pdf.c
@@ -237,7 +237,7 @@ typedef struct {
float tiff_whitechromaticities[2];
float tiff_primarychromaticities[6];
float tiff_referenceblackwhite[2];
- float* tiff_transferfunction[3];
+ uint16* tiff_transferfunction[3];
int pdf_image_interpolate; /* 0 (default) : do not interpolate,
1 : interpolate */
uint16 tiff_transferfunctioncount;
@@ -1047,6 +1047,8 @@ void t2p_read_tiff_init(T2P* t2p, TIFF*
uint16 pagen=0;
uint16 paged=0;
uint16 xuint16=0;
+ uint16 tiff_transferfunctioncount=0;
+ uint16* tiff_transferfunction[3];
directorycount=TIFFNumberOfDirectories(input);
t2p->tiff_pages = (T2P_PAGE*) _TIFFmalloc(TIFFSafeMultiply(tmsize_t,directorycount,sizeof(T2P_PAGE)));
@@ -1147,26 +1149,48 @@ void t2p_read_tiff_init(T2P* t2p, TIFF*
}
#endif
if (TIFFGetField(input, TIFFTAG_TRANSFERFUNCTION,
- &(t2p->tiff_transferfunction[0]),
- &(t2p->tiff_transferfunction[1]),
- &(t2p->tiff_transferfunction[2]))) {
- if((t2p->tiff_transferfunction[1] != (float*) NULL) &&
- (t2p->tiff_transferfunction[2] != (float*) NULL) &&
- (t2p->tiff_transferfunction[1] !=
- t2p->tiff_transferfunction[0])) {
- t2p->tiff_transferfunctioncount = 3;
- t2p->tiff_pages[i].page_extra += 4;
- t2p->pdf_xrefcount += 4;
- } else {
- t2p->tiff_transferfunctioncount = 1;
- t2p->tiff_pages[i].page_extra += 2;
- t2p->pdf_xrefcount += 2;
- }
- if(t2p->pdf_minorversion < 2)
- t2p->pdf_minorversion = 2;
+ &(tiff_transferfunction[0]),
+ &(tiff_transferfunction[1]),
+ &(tiff_transferfunction[2]))) {
+
+ if((tiff_transferfunction[1] != (uint16*) NULL) &&
+ (tiff_transferfunction[2] != (uint16*) NULL)
+ ) {
+ tiff_transferfunctioncount=3;
+ } else {
+ tiff_transferfunctioncount=1;
+ }
} else {
- t2p->tiff_transferfunctioncount=0;
+ tiff_transferfunctioncount=0;
}
+
+ if (i > 0){
+ if (tiff_transferfunctioncount != t2p->tiff_transferfunctioncount){
+ TIFFError(
+ TIFF2PDF_MODULE,
+ "Different transfer function on page %d",
+ i);
+ t2p->t2p_error = T2P_ERR_ERROR;
+ return;
+ }
+ }
+
+ t2p->tiff_transferfunctioncount = tiff_transferfunctioncount;
+ t2p->tiff_transferfunction[0] = tiff_transferfunction[0];
+ t2p->tiff_transferfunction[1] = tiff_transferfunction[1];
+ t2p->tiff_transferfunction[2] = tiff_transferfunction[2];
+ if(tiff_transferfunctioncount == 3){
+ t2p->tiff_pages[i].page_extra += 4;
+ t2p->pdf_xrefcount += 4;
+ if(t2p->pdf_minorversion < 2)
+ t2p->pdf_minorversion = 2;
+ } else if (tiff_transferfunctioncount == 1){
+ t2p->tiff_pages[i].page_extra += 2;
+ t2p->pdf_xrefcount += 2;
+ if(t2p->pdf_minorversion < 2)
+ t2p->pdf_minorversion = 2;
+ }
+
if( TIFFGetField(
input,
TIFFTAG_ICCPROFILE,
@@ -1827,10 +1851,9 @@ void t2p_read_tiff_data(T2P* t2p, TIFF*
&(t2p->tiff_transferfunction[0]),
&(t2p->tiff_transferfunction[1]),
&(t2p->tiff_transferfunction[2]))) {
- if((t2p->tiff_transferfunction[1] != (float*) NULL) &&
- (t2p->tiff_transferfunction[2] != (float*) NULL) &&
- (t2p->tiff_transferfunction[1] !=
- t2p->tiff_transferfunction[0])) {
+ if((t2p->tiff_transferfunction[1] != (uint16*) NULL) &&
+ (t2p->tiff_transferfunction[2] != (uint16*) NULL)
+ ) {
t2p->tiff_transferfunctioncount=3;
} else {
t2p->tiff_transferfunctioncount=1;