Commit 51070ff9 authored by Francesco Colista's avatar Francesco Colista

main/tiff: security upgrade to 4.0.8. Fixes #7485

parent 9adf50a5
......@@ -2,8 +2,8 @@
# Contributor: Leonardo Arena <rnalrd@alpinelinux.org>
# Maintainer: Michael Mason <ms13sp@gmail.com>
pkgname=tiff
pkgver=4.0.7
pkgrel=2
pkgver=4.0.8
pkgrel=0
pkgdesc="Provides support for the Tag Image File Format or TIFF"
url="http://www.libtiff.org/"
arch="all"
......@@ -13,20 +13,14 @@ depends_dev="zlib-dev libjpeg-turbo-dev"
makedepends="libtool autoconf automake $depends_dev"
subpackages="$pkgname-doc $pkgname-dev $pkgname-tools"
source="http://download.osgeo.org/libtiff/$pkgname-$pkgver.tar.gz
CVE-2017-5225.patch
CVE-2017-7592.patch
CVE-2017-7593.patch
CVE-2017-7594-1.patch
CVE-2017-7594-2.patch
CVE-2017-7595.patch
0001-libtiff-tif_dirwrite.c-in-TIFFWriteDirectoryTagCheck.patch
CVE-2017-7596.patch
CVE-2017-7598.patch
CVE-2017-7601.patch
CVE-2017-7602.patch
CVE-2017-9936.patch
CVE-2017-10688.patch
"
# secfixes:
# 4.0.8-r0:
# - CVE-2017-9936
# - CVE-2017-10688
# 4.0.7-r2:
# - CVE-2017-7592
# - CVE-2017-7593
......@@ -100,15 +94,12 @@ tools() {
mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
}
sha512sums="941357bdd5f947cdca41a1d31ae14b3fadc174ae5dce7b7981dbe58f61995f575ac2e97a7cc4fcc435184012017bec0920278263490464644f2cdfad9a6c5ddc tiff-4.0.7.tar.gz
001a2df978f51025771c243edee2d033c91114bdd5318a05730b910add9c70f219a848faad899f27421ca18da6ce9972013aa3ecf689cf4ea37ac5409b4b6244 CVE-2017-5225.patch
c2401f41ce4725b94159da25290270fe4029bacd934aec4d85b4468b4ee8b37fffd4f07eb12ed654863c3ad97474cd4c196db0a3a0ccf6497fc4d8e6d46a5961 CVE-2017-7592.patch
487de0b6a4cf7f09bf23b8217ec8dbac3640f7e47cd86e885f331bc41e385146fd73c6e079768952adb6fa12148b9e52a177bf67affdfe8bdf3d8205302a3f0c CVE-2017-7593.patch
0d1639932613811ac7f9cc626e296a388ca922a2a9843d88e256e2f1249593799f98bbd353c84ad193d8e6a80f62f2d8751196169a07db1c47abd869676e83ed CVE-2017-7594-1.patch
0c77d2ade6d307c3fa1e9e44bf546d72f5664273f1e961fbe604c409e929a695282b71af137ff060a9f6adf8e471313270babc223df36d978cdca3d6681bd5a2 CVE-2017-7594-2.patch
bfbd193adb65feab8609231334ba7867c925997940398d1155f2cef8351fabeea0f3c0840aefdcd3f648e35e503f024bfdab00d544927368256025f7e3fb5214 CVE-2017-7595.patch
e64c3753c01029f2d951ca376ab14eaeb824e8021da5038a13e3216e499fc07c82fb8d1447642b3835cf22742785f856905220d1bbde561f4fa38ebb1fecb6e0 0001-libtiff-tif_dirwrite.c-in-TIFFWriteDirectoryTagCheck.patch
88e5e1e07f295933357adba70e88d5c3537e3d0e07951da1736407d871f7a44e370011b436fa923853ea47a51322bb503f7c7d6273791a654cf0fb104acf69b5 CVE-2017-7596.patch
098ece44709233abb905ede3d4034070c91e70e9c0c237568622598871062e212f40b4e0dfdd27fc66bd8a53aa3e9250072de8a991db93140e54db902224d79c CVE-2017-7598.patch
8264e9c82e60b33e08de53492cf0777402c1b5e54e42bf5b65360a6b1e9f54776bad496468fd4c32a31dadde760ccb1ae606d07ede36644218e2c8f30d292bd8 CVE-2017-7601.patch
12187ae305c2efbdaec2a6cfb05bd32286b9ab90bab7801a996a0f13ef8efe12951b77b51be09e9b56f7d092b7771b06109c4d1b35374fea819559b7e042135b CVE-2017-7602.patch"
md5sums="2a7d1c1318416ddf36d5f6fa4600069b tiff-4.0.8.tar.gz
01159a84385e422933502e7afc74297e CVE-2017-9936.patch
abbb8147e9201610cb33f3652be61ea1 CVE-2017-10688.patch"
sha256sums="59d7a5a8ccd92059913f246877db95a2918e6c04fb9d43fd74e5c3390dac2910 tiff-4.0.8.tar.gz
5c933324116c5ef1751097afe3635a83ef73982bc22bd7eca24de1594ac33cb4 CVE-2017-9936.patch
2460178424a56ba203df08c06148493789441ab5e246acf71bcce50cc23a9662 CVE-2017-10688.patch"
sha512sums="5d010ec4ce37aca733f7ab7db9f432987b0cd21664bd9d99452a146833c40f0d1e7309d1870b0395e947964134d5cfeb1366181e761fe353ad585803ff3d6be6 tiff-4.0.8.tar.gz
fdb9d442527f256047279a685369bb8f2d9c9bf97089ba7e66be5a478fdb1abd47482ff941aef7917001595245dd9ef787101bd59c96773ee7e8f6cc5431bfd5 CVE-2017-9936.patch
79880a6278a1e3e66f4014bbe1cf3323ce1e9554e3658536d6076fff09978e47e1e47ca6a273a87220f6d4c3121ed544ebb9ad0a64b5f6387c0e83915fdba517 CVE-2017-10688.patch"
From 6173a57d39e04d68b139f8c1aa499a24dbe74ba1 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Fri, 30 Jun 2017 17:29:44 +0000
Subject: [PATCH] * libtiff/tif_dirwrite.c: in
TIFFWriteDirectoryTagCheckedXXXX() functions associated with LONG8/SLONG8
data type, replace assertion that the file is BigTIFF, by a non-fatal error.
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2712 Reported by team
OWL337
---
ChangeLog | 8 ++++++++
libtiff/tif_dirwrite.c | 20 ++++++++++++++++----
2 files changed, 24 insertions(+), 4 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 6f085e09..77a64385 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,13 @@
2017-06-30 Even Rouault <even.rouault at spatialys.com>
+ * libtiff/tif_dirwrite.c: in TIFFWriteDirectoryTagCheckedXXXX()
+ functions associated with LONG8/SLONG8 data type, replace assertion that
+ the file is BigTIFF, by a non-fatal error.
+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2712
+ Reported by team OWL337
+
+2017-06-30 Even Rouault <even.rouault at spatialys.com>
+
* libtiff/tif_read.c, tiffiop.h: add a _TIFFReadEncodedStripAndAllocBuffer()
function, variant of TIFFReadEncodedStrip() that allocates the
decoded buffer only after a first successful TIFFFillStrip(). This avoids
diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
index 2967da58..8d6686ba 100644
--- a/libtiff/tif_dirwrite.c
+++ b/libtiff/tif_dirwrite.c
@@ -2111,7 +2111,10 @@ TIFFWriteDirectoryTagCheckedLong8(TIFF* tif, uint32* ndir, TIFFDirEntry* dir, ui
{
uint64 m;
assert(sizeof(uint64)==8);
- assert(tif->tif_flags&TIFF_BIGTIFF);
+ if( !(tif->tif_flags&TIFF_BIGTIFF) ) {
+ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","LONG8 not allowed for ClassicTIFF");
+ return(0);
+ }
m=value;
if (tif->tif_flags&TIFF_SWAB)
TIFFSwabLong8(&m);
@@ -2124,7 +2127,10 @@ TIFFWriteDirectoryTagCheckedLong8Array(TIFF* tif, uint32* ndir, TIFFDirEntry* di
{
assert(count<0x20000000);
assert(sizeof(uint64)==8);
- assert(tif->tif_flags&TIFF_BIGTIFF);
+ if( !(tif->tif_flags&TIFF_BIGTIFF) ) {
+ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","LONG8 not allowed for ClassicTIFF");
+ return(0);
+ }
if (tif->tif_flags&TIFF_SWAB)
TIFFSwabArrayOfLong8(value,count);
return(TIFFWriteDirectoryTagData(tif,ndir,dir,tag,TIFF_LONG8,count,count*8,value));
@@ -2136,7 +2142,10 @@ TIFFWriteDirectoryTagCheckedSlong8(TIFF* tif, uint32* ndir, TIFFDirEntry* dir, u
{
int64 m;
assert(sizeof(int64)==8);
- assert(tif->tif_flags&TIFF_BIGTIFF);
+ if( !(tif->tif_flags&TIFF_BIGTIFF) ) {
+ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","SLONG8 not allowed for ClassicTIFF");
+ return(0);
+ }
m=value;
if (tif->tif_flags&TIFF_SWAB)
TIFFSwabLong8((uint64*)(&m));
@@ -2149,7 +2158,10 @@ TIFFWriteDirectoryTagCheckedSlong8Array(TIFF* tif, uint32* ndir, TIFFDirEntry* d
{
assert(count<0x20000000);
assert(sizeof(int64)==8);
- assert(tif->tif_flags&TIFF_BIGTIFF);
+ if( !(tif->tif_flags&TIFF_BIGTIFF) ) {
+ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","SLONG8 not allowed for ClassicTIFF");
+ return(0);
+ }
if (tif->tif_flags&TIFF_SWAB)
TIFFSwabArrayOfLong8((uint64*)value,count);
return(TIFFWriteDirectoryTagData(tif,ndir,dir,tag,TIFF_SLONG8,count,count*8,value));
From fe8d7165956b88df4837034a9161dc5fd20cf67a Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Mon, 26 Jun 2017 15:19:59 +0000
Subject: [PATCH] * libtiff/tif_jbig.c: fix memory leak in error code path of
JBIGDecode() Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2706 Reported
by team OWL337
* libtiff/tif_jpeg.c: error out at decoding time if anticipated libjpeg
---
ChangeLog | 8 +++++++-
libtiff/tif_jbig.c | 1 +
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index bc5096e7..ecd70534 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,12 @@
+2017-06-26 Even Rouault <even.rouault at spatialys.com>
+
+ * libtiff/tif_jbig.c: fix memory leak in error code path of JBIGDecode()
+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2706
+ Reported by team OWL337
+
2017-06-24 Even Rouault <even.rouault at spatialys.com>
- * libjpeg/tif_jpeg.c: error out at decoding time if anticipated libjpeg
+ * libtiff/tif_jpeg.c: error out at decoding time if anticipated libjpeg
memory allocation is above 100 MB. libjpeg in case of multiple scans,
which is allowed even in baseline JPEG, if components are spread over several
scans and not interleavedin a single one, needs to allocate memory (or
diff --git a/libtiff/tif_jbig.c b/libtiff/tif_jbig.c
index 5f5f75e2..c75f31d9 100644
--- a/libtiff/tif_jbig.c
+++ b/libtiff/tif_jbig.c
@@ -94,6 +94,7 @@ static int JBIGDecode(TIFF* tif, uint8* buffer, tmsize_t size, uint16 s)
jbg_strerror(decodeStatus)
#endif
);
+ jbg_dec_free(&decoder);
return 0;
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment