aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFrancesco Colista <fcolista@alpinelinux.org>2017-08-07 12:18:49 +0000
committerFrancesco Colista <fcolista@alpinelinux.org>2017-08-07 12:42:25 +0000
commit86b18df8d4fb15e4edb60c579bc5408793c5b543 (patch)
tree7a8dff6818bbfffffd69b8fb9a61d9ba77002c16
parent98e4829d293bfaddb864399b59d1117b7ef81d23 (diff)
downloadaports-86b18df8d4fb15e4edb60c579bc5408793c5b543.tar.bz2
aports-86b18df8d4fb15e4edb60c579bc5408793c5b543.tar.xz
main/tiff: security fix CVE-2017-9936 and CVE-2017-10688. Fixes #7481
-rw-r--r--main/tiff/APKBUILD21
-rw-r--r--main/tiff/CVE-2017-10688.patch52
-rw-r--r--main/tiff/CVE-2017-9936.patch12
3 files changed, 75 insertions, 10 deletions
diff --git a/main/tiff/APKBUILD b/main/tiff/APKBUILD
index c0a2526d92..5c5afcfdfb 100644
--- a/main/tiff/APKBUILD
+++ b/main/tiff/APKBUILD
@@ -3,7 +3,7 @@
# Maintainer: Michael Mason <ms13sp@gmail.com>
pkgname=tiff
pkgver=4.0.8
-pkgrel=0
+pkgrel=1
pkgdesc="Provides support for the Tag Image File Format or TIFF"
url="http://www.libtiff.org/"
arch="all"
@@ -12,16 +12,15 @@ depends=
depends_dev="zlib-dev libjpeg-turbo-dev"
makedepends="libtool autoconf automake $depends_dev"
subpackages="$pkgname-doc $pkgname-dev $pkgname-tools"
-source="http://download.osgeo.org/libtiff/$pkgname-$pkgver.tar.gz"
builddir="$srcdir/$pkgname-$pkgver"
-
+source="http://download.osgeo.org/libtiff/$pkgname-$pkgver.tar.gz
+ CVE-2017-9936.patch
+ CVE-2017-10688.patch
+ "
# secfixes:
-# 4.0.7-r3:
-# - CVE-2016-10266
-# - CVE-2016-10267
-# - CVE-2016-10268
-# - CVE-2016-10269
-# - CVE-2016-10270
+# 4.0.8-r1:
+# - CVE-2017-9936
+# - CVE-2017-10688
# 4.0.7-r2:
# - CVE-2017-7592
# - CVE-2017-7593
@@ -69,4 +68,6 @@ tools() {
mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
}
-sha512sums="5d010ec4ce37aca733f7ab7db9f432987b0cd21664bd9d99452a146833c40f0d1e7309d1870b0395e947964134d5cfeb1366181e761fe353ad585803ff3d6be6 tiff-4.0.8.tar.gz"
+sha512sums="5d010ec4ce37aca733f7ab7db9f432987b0cd21664bd9d99452a146833c40f0d1e7309d1870b0395e947964134d5cfeb1366181e761fe353ad585803ff3d6be6 tiff-4.0.8.tar.gz
+8adb7023e121f0210f404b8db913435fc5afdb34ff57767ab318a1436d9afff81990a282539e99f5cc53a7cd790af5be1d1c516649f3f9a14ff1e86a3726ca5d CVE-2017-9936.patch
+e45fe7d08ef8152c1145e8d7b918b5c9f65eec6ecba643d5b94851b37e3b7c43733bdd04112f90887795a28df82bd6d540ea4d96ecb12018c858778bc3702fac CVE-2017-10688.patch"
diff --git a/main/tiff/CVE-2017-10688.patch b/main/tiff/CVE-2017-10688.patch
new file mode 100644
index 0000000000..846bf48ecf
--- /dev/null
+++ b/main/tiff/CVE-2017-10688.patch
@@ -0,0 +1,52 @@
+diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
+index 2967da58..8d6686ba 100644
+--- a/libtiff/tif_dirwrite.c
++++ b/libtiff/tif_dirwrite.c
+@@ -2111,7 +2111,10 @@ TIFFWriteDirectoryTagCheckedLong8(TIFF* tif, uint32* ndir, TIFFDirEntry* dir, ui
+ {
+ uint64 m;
+ assert(sizeof(uint64)==8);
+- assert(tif->tif_flags&TIFF_BIGTIFF);
++ if( !(tif->tif_flags&TIFF_BIGTIFF) ) {
++ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","LONG8 not allowed for ClassicTIFF");
++ return(0);
++ }
+ m=value;
+ if (tif->tif_flags&TIFF_SWAB)
+ TIFFSwabLong8(&m);
+@@ -2124,7 +2127,10 @@ TIFFWriteDirectoryTagCheckedLong8Array(TIFF* tif, uint32* ndir, TIFFDirEntry* di
+ {
+ assert(count<0x20000000);
+ assert(sizeof(uint64)==8);
+- assert(tif->tif_flags&TIFF_BIGTIFF);
++ if( !(tif->tif_flags&TIFF_BIGTIFF) ) {
++ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","LONG8 not allowed for ClassicTIFF");
++ return(0);
++ }
+ if (tif->tif_flags&TIFF_SWAB)
+ TIFFSwabArrayOfLong8(value,count);
+ return(TIFFWriteDirectoryTagData(tif,ndir,dir,tag,TIFF_LONG8,count,count*8,value));
+@@ -2136,7 +2142,10 @@ TIFFWriteDirectoryTagCheckedSlong8(TIFF* tif, uint32* ndir, TIFFDirEntry* dir, u
+ {
+ int64 m;
+ assert(sizeof(int64)==8);
+- assert(tif->tif_flags&TIFF_BIGTIFF);
++ if( !(tif->tif_flags&TIFF_BIGTIFF) ) {
++ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","SLONG8 not allowed for ClassicTIFF");
++ return(0);
++ }
+ m=value;
+ if (tif->tif_flags&TIFF_SWAB)
+ TIFFSwabLong8((uint64*)(&m));
+@@ -2149,7 +2158,10 @@ TIFFWriteDirectoryTagCheckedSlong8Array(TIFF* tif, uint32* ndir, TIFFDirEntry* d
+ {
+ assert(count<0x20000000);
+ assert(sizeof(int64)==8);
+- assert(tif->tif_flags&TIFF_BIGTIFF);
++ if( !(tif->tif_flags&TIFF_BIGTIFF) ) {
++ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","SLONG8 not allowed for ClassicTIFF");
++ return(0);
++ }
+ if (tif->tif_flags&TIFF_SWAB)
+ TIFFSwabArrayOfLong8((uint64*)value,count);
+ return(TIFFWriteDirectoryTagData(tif,ndir,dir,tag,TIFF_SLONG8,count,count*8,value));
diff --git a/main/tiff/CVE-2017-9936.patch b/main/tiff/CVE-2017-9936.patch
new file mode 100644
index 0000000000..bbf920f698
--- /dev/null
+++ b/main/tiff/CVE-2017-9936.patch
@@ -0,0 +1,12 @@
+diff --git a/libtiff/tif_jbig.c b/libtiff/tif_jbig.c
+index 5f5f75e2..c75f31d9 100644
+--- a/libtiff/tif_jbig.c
++++ b/libtiff/tif_jbig.c
+@@ -94,6 +94,7 @@ static int JBIGDecode(TIFF* tif, uint8* buffer, tmsize_t size, uint16 s)
+ jbg_strerror(decodeStatus)
+ #endif
+ );
++ jbg_dec_free(&decoder);
+ return 0;
+ }
+