[arch-commits] Commit in libtiff/trunk (CVE-2016-10095.patch PKGBUILD)
Antonio Rojas
arojas at archlinux.org
Tue Jul 17 21:49:47 UTC 2018
Date: Tuesday, July 17, 2018 @ 21:49:47
Author: arojas
Revision: 328920
Backport security fixes (FS#59223)
Modified:
libtiff/trunk/PKGBUILD
Deleted:
libtiff/trunk/CVE-2016-10095.patch
----------------------+
CVE-2016-10095.patch | 175 -------------------------------------------------
PKGBUILD | 26 ++++++-
2 files changed, 23 insertions(+), 178 deletions(-)
Deleted: CVE-2016-10095.patch
===================================================================
--- CVE-2016-10095.patch 2018-07-17 20:02:02 UTC (rev 328919)
+++ CVE-2016-10095.patch 2018-07-17 21:49:47 UTC (rev 328920)
@@ -1,175 +0,0 @@
-From 4d4fa0b68ae9ae038959ee4f69ebe288ec892f06 Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Thu, 1 Jun 2017 12:44:04 +0000
-Subject: [PATCH] =?UTF-8?q?*=20libtiff/tif=5Fdirinfo.c,=20tif=5Fdirread.c:?=
- =?UTF-8?q?=20add=20=5FTIFFCheckFieldIsValidForCodec(),=20and=20use=20it?=
- =?UTF-8?q?=20in=20TIFFReadDirectory()=20so=20as=20to=20ignore=20fields=20?=
- =?UTF-8?q?whose=20tag=20is=20a=20codec-specified=20tag=20but=20this=20cod?=
- =?UTF-8?q?ec=20is=20not=20enabled.=20This=20avoids=20TIFFGetField()=20to?=
- =?UTF-8?q?=20behave=20differently=20depending=20on=20whether=20the=20code?=
- =?UTF-8?q?c=20is=20enabled=20or=20not,=20and=20thus=20can=20avoid=20stack?=
- =?UTF-8?q?=20based=20buffer=20overflows=20in=20a=20number=20of=20TIFF=20u?=
- =?UTF-8?q?tilities=20such=20as=20tiffsplit,=20tiffcmp,=20thumbnail,=20etc?=
- =?UTF-8?q?.=20Patch=20derived=20from=200063-Handle-properly-CODEC-specifi?=
- =?UTF-8?q?c-tags.patch=20(http://bugzilla.maptools.org/show=5Fbug.cgi=3Fi?=
- =?UTF-8?q?d=3D2580)=20by=20Rapha=C3=ABl=20Hertzog.=20Fixes:=20http://bugz?=
- =?UTF-8?q?illa.maptools.org/show=5Fbug.cgi=3Fid=3D2580=20http://bugzilla.?=
- =?UTF-8?q?maptools.org/show=5Fbug.cgi=3Fid=3D2693=20http://bugzilla.mapto?=
- =?UTF-8?q?ols.org/show=5Fbug.cgi=3Fid=3D2625=20(CVE-2016-10095)=20http://?=
- =?UTF-8?q?bugzilla.maptools.org/show=5Fbug.cgi=3Fid=3D2564=20(CVE-2015-75?=
- =?UTF-8?q?54)=20http://bugzilla.maptools.org/show=5Fbug.cgi=3Fid=3D2561?=
- =?UTF-8?q?=20(CVE-2016-5318)=20http://bugzilla.maptools.org/show=5Fbug.cg?=
- =?UTF-8?q?i=3Fid=3D2499=20(CVE-2014-8128)=20http://bugzilla.maptools.org/?=
- =?UTF-8?q?show=5Fbug.cgi=3Fid=3D2441=20http://bugzilla.maptools.org/show?=
- =?UTF-8?q?=5Fbug.cgi=3Fid=3D2433?=
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
----
- libtiff/tif_dir.h | 1 +
- libtiff/tif_dirinfo.c | 103 ++++++++++++++++++++++++++++++++++++++++++++++++++
- libtiff/tif_dirread.c | 4 ++
- 4 files changed, 128 insertions(+)
-
-diff --git a/libtiff/tif_dir.h b/libtiff/tif_dir.h
-index e12b44b2..5206be49 100644
---- a/libtiff/tif_dir.h
-+++ b/libtiff/tif_dir.h
-@@ -291,6 +291,7 @@ struct _TIFFField {
- extern int _TIFFMergeFields(TIFF*, const TIFFField[], uint32);
- extern const TIFFField* _TIFFFindOrRegisterField(TIFF *, uint32, TIFFDataType);
- extern TIFFField* _TIFFCreateAnonField(TIFF *, uint32, TIFFDataType);
-+extern int _TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag);
-
- #if defined(__cplusplus)
- }
-diff --git a/libtiff/tif_dirinfo.c b/libtiff/tif_dirinfo.c
-index 0c8ef424..97c0df05 100644
---- a/libtiff/tif_dirinfo.c
-+++ b/libtiff/tif_dirinfo.c
-@@ -956,6 +956,109 @@ TIFFMergeFieldInfo(TIFF* tif, const TIFFFieldInfo info[], uint32 n)
- return 0;
- }
-
-+int
-+_TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag)
-+{
-+ /* Filter out non-codec specific tags */
-+ switch (tag) {
-+ /* Shared tags */
-+ case TIFFTAG_PREDICTOR:
-+ /* JPEG tags */
-+ case TIFFTAG_JPEGTABLES:
-+ /* OJPEG tags */
-+ case TIFFTAG_JPEGIFOFFSET:
-+ case TIFFTAG_JPEGIFBYTECOUNT:
-+ case TIFFTAG_JPEGQTABLES:
-+ case TIFFTAG_JPEGDCTABLES:
-+ case TIFFTAG_JPEGACTABLES:
-+ case TIFFTAG_JPEGPROC:
-+ case TIFFTAG_JPEGRESTARTINTERVAL:
-+ /* CCITT* */
-+ case TIFFTAG_BADFAXLINES:
-+ case TIFFTAG_CLEANFAXDATA:
-+ case TIFFTAG_CONSECUTIVEBADFAXLINES:
-+ case TIFFTAG_GROUP3OPTIONS:
-+ case TIFFTAG_GROUP4OPTIONS:
-+ break;
-+ default:
-+ return 1;
-+ }
-+ /* Check if codec specific tags are allowed for the current
-+ * compression scheme (codec) */
-+ switch (tif->tif_dir.td_compression) {
-+ case COMPRESSION_LZW:
-+ if (tag == TIFFTAG_PREDICTOR)
-+ return 1;
-+ break;
-+ case COMPRESSION_PACKBITS:
-+ /* No codec-specific tags */
-+ break;
-+ case COMPRESSION_THUNDERSCAN:
-+ /* No codec-specific tags */
-+ break;
-+ case COMPRESSION_NEXT:
-+ /* No codec-specific tags */
-+ break;
-+ case COMPRESSION_JPEG:
-+ if (tag == TIFFTAG_JPEGTABLES)
-+ return 1;
-+ break;
-+ case COMPRESSION_OJPEG:
-+ switch (tag) {
-+ case TIFFTAG_JPEGIFOFFSET:
-+ case TIFFTAG_JPEGIFBYTECOUNT:
-+ case TIFFTAG_JPEGQTABLES:
-+ case TIFFTAG_JPEGDCTABLES:
-+ case TIFFTAG_JPEGACTABLES:
-+ case TIFFTAG_JPEGPROC:
-+ case TIFFTAG_JPEGRESTARTINTERVAL:
-+ return 1;
-+ }
-+ break;
-+ case COMPRESSION_CCITTRLE:
-+ case COMPRESSION_CCITTRLEW:
-+ case COMPRESSION_CCITTFAX3:
-+ case COMPRESSION_CCITTFAX4:
-+ switch (tag) {
-+ case TIFFTAG_BADFAXLINES:
-+ case TIFFTAG_CLEANFAXDATA:
-+ case TIFFTAG_CONSECUTIVEBADFAXLINES:
-+ return 1;
-+ case TIFFTAG_GROUP3OPTIONS:
-+ if (tif->tif_dir.td_compression == COMPRESSION_CCITTFAX3)
-+ return 1;
-+ break;
-+ case TIFFTAG_GROUP4OPTIONS:
-+ if (tif->tif_dir.td_compression == COMPRESSION_CCITTFAX4)
-+ return 1;
-+ break;
-+ }
-+ break;
-+ case COMPRESSION_JBIG:
-+ /* No codec-specific tags */
-+ break;
-+ case COMPRESSION_DEFLATE:
-+ case COMPRESSION_ADOBE_DEFLATE:
-+ if (tag == TIFFTAG_PREDICTOR)
-+ return 1;
-+ break;
-+ case COMPRESSION_PIXARLOG:
-+ if (tag == TIFFTAG_PREDICTOR)
-+ return 1;
-+ break;
-+ case COMPRESSION_SGILOG:
-+ case COMPRESSION_SGILOG24:
-+ /* No codec-specific tags */
-+ break;
-+ case COMPRESSION_LZMA:
-+ if (tag == TIFFTAG_PREDICTOR)
-+ return 1;
-+ break;
-+
-+ }
-+ return 0;
-+}
-+
- /* vim: set ts=8 sts=8 sw=8 noet: */
-
- /*
-diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
-index 1d4f0b9a..f1dc3d79 100644
---- a/libtiff/tif_dirread.c
-+++ b/libtiff/tif_dirread.c
-@@ -3580,6 +3580,10 @@ TIFFReadDirectory(TIFF* tif)
- goto bad;
- dp->tdir_tag=IGNORE;
- break;
-+ default:
-+ if( !_TIFFCheckFieldIsValidForCodec(tif, dp->tdir_tag) )
-+ dp->tdir_tag=IGNORE;
-+ break;
- }
- }
- }
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2018-07-17 20:02:02 UTC (rev 328919)
+++ PKGBUILD 2018-07-17 21:49:47 UTC (rev 328920)
@@ -3,7 +3,7 @@
pkgname=libtiff
pkgver=4.0.9
-pkgrel=1
+pkgrel=2
pkgdesc="Library for manipulation of TIFF images"
arch=('x86_64')
url="http://www.simplesystems.org/libtiff/"
@@ -11,9 +11,29 @@
depends=('libjpeg' 'zlib' 'xz')
makedepends=('freeglut' 'glu' 'mesa' 'jbigkit')
optdepends=('freeglut: for using tiffgt')
-source=(http://download.osgeo.org/libtiff/tiff-${pkgver}.tar.gz)
-sha256sums=('6e7bdeec2c310734e734d19aae3a71ebe37a4d842e0e23dbb1b8921c0026cfcd')
+source=(http://download.osgeo.org/libtiff/tiff-${pkgver}.tar.gz
+ CVE-2017-18013.patch::"https://gitlab.com/libtiff/libtiff/commit/c6f41df7.diff"
+ CVE-2018-5784.patch::"https://gitlab.com/libtiff/libtiff/commit/473851d2.diff"
+ CVE-2018-7456.patch::"https://gitlab.com/libtiff/libtiff/commit/be4c85b1.diff"
+ CVE-2018-8905.patch::"https://gitlab.com/libtiff/libtiff/commit/58a898cb.diff"
+ CVE-2018-10963.patch::"https://gitlab.com/libtiff/libtiff/commit/de144fd2.diff")
+sha256sums=('6e7bdeec2c310734e734d19aae3a71ebe37a4d842e0e23dbb1b8921c0026cfcd'
+ 'ea49366f085d324073bdbcc183db9b190e7ff4178649daf158e91ea1cfb12fef'
+ 'b93ff957acc1236481e9c5f33844334c62f3636d575f5f2cc418491349ebe7a5'
+ '2e00f46633e205fb6ed04957f07c5b13e3cc527876076c3cbda80f3894220909'
+ '8aed7c35dd2fb79af16a704a95cddff2852f85dbb019e9e9cdb54638b529935b'
+ 'f3c46de22050adad6da91498c549562af833d48e84028f36da5ec0387534e8af')
+prepare() {
+ cd tiff-$pkgver
+# Security fixes
+ patch -p1 -i ../CVE-2017-18013.patch
+ patch -p1 -i ../CVE-2018-5784.patch
+ patch -p1 -i ../CVE-2018-7456.patch
+ patch -p1 -i ../CVE-2018-8905.patch
+ patch -p1 -i ../CVE-2018-10963.patch
+}
+
build() {
cd tiff-${pkgver}
./configure --prefix=/usr
More information about the arch-commits
mailing list