diff options
| author | Sergey Lukin <sergej.lukin@gmail.com> | 2017-01-26 08:50:51 +0000 |
|---|---|---|
| committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2017-01-26 15:57:48 +0000 |
| commit | ab83f5e1f89d6fcb2eb66283aaf1cdf7c3610c82 (patch) | |
| tree | ba1d20dbe26dc7bc42dbb1b52c6667a0eae2a5e3 | |
| parent | 8a9c19caf7beab76554fea239c4ba9a2d2ec95de (diff) | |
| download | aports-ab83f5e1f89d6fcb2eb66283aaf1cdf7c3610c82.tar.bz2 aports-ab83f5e1f89d6fcb2eb66283aaf1cdf7c3610c82.tar.xz | |
main/tiff: security fixes #6733
| -rw-r--r-- | main/tiff/APKBUILD | 25 | ||||
| -rw-r--r-- | main/tiff/CVE-2017-5225.patch | 69 |
2 files changed, 86 insertions, 8 deletions
diff --git a/main/tiff/APKBUILD b/main/tiff/APKBUILD index b1889d1fa0..9ecb3090c5 100644 --- a/main/tiff/APKBUILD +++ b/main/tiff/APKBUILD @@ -1,8 +1,9 @@ +# Contributor: Sergei Lukin <sergej.lukin@gmail.com> # Contributor: Leonardo Arena <rnalrd@alpinelinux.org> # Maintainer: Michael Mason <ms13sp@gmail.com> pkgname=tiff pkgver=4.0.7 -pkgrel=0 +pkgrel=1 pkgdesc="Provides support for the Tag Image File Format or TIFF" url="http://www.libtiff.org/" arch="all" @@ -12,13 +13,18 @@ depends_dev="zlib-dev libjpeg-turbo-dev" makedepends="libtool autoconf automake $depends_dev" subpackages="$pkgname-doc $pkgname-dev $pkgname-tools" source="http://download.osgeo.org/libtiff/tiff-${pkgver}.tar.gz + CVE-2017-5225.patch " -_builddir="$srcdir"/$pkgname-$pkgver +# secfixes: +# 4.0.7-r1: +# - CVE-2017-5225 + +builddir="$srcdir"/$pkgname-$pkgver prepare() { local _failed= - cd "$_builddir" + cd "$builddir" update_config_sub || return 1 for i in $source; do case $i in @@ -28,7 +34,7 @@ prepare() { } build() { - cd "$_builddir" + cd "$builddir" ./configure \ --build=$CBUILD \ @@ -43,7 +49,7 @@ build() { } package() { - cd "$_builddir" + cd "$builddir" make DESTDIR="$pkgdir" install } @@ -53,6 +59,9 @@ tools() { mv "$pkgdir"/usr/bin "$subpkgdir"/usr/ } -md5sums="77ae928d2c6b7fb46a21c3a29325157b tiff-4.0.7.tar.gz" -sha256sums="9f43a2cfb9589e5cecaa66e16bf87f814c945f22df7ba600d63aac4632c4f019 tiff-4.0.7.tar.gz" -sha512sums="941357bdd5f947cdca41a1d31ae14b3fadc174ae5dce7b7981dbe58f61995f575ac2e97a7cc4fcc435184012017bec0920278263490464644f2cdfad9a6c5ddc tiff-4.0.7.tar.gz" +md5sums="77ae928d2c6b7fb46a21c3a29325157b tiff-4.0.7.tar.gz +1758d0b97458604fb770b55afcce156c CVE-2017-5225.patch" +sha256sums="9f43a2cfb9589e5cecaa66e16bf87f814c945f22df7ba600d63aac4632c4f019 tiff-4.0.7.tar.gz +a1bf4d4ce292a593d525fd3c6f68090c5f6242b493e9ba80bcad70e7c2a57e68 CVE-2017-5225.patch" +sha512sums="941357bdd5f947cdca41a1d31ae14b3fadc174ae5dce7b7981dbe58f61995f575ac2e97a7cc4fcc435184012017bec0920278263490464644f2cdfad9a6c5ddc tiff-4.0.7.tar.gz +001a2df978f51025771c243edee2d033c91114bdd5318a05730b910add9c70f219a848faad899f27421ca18da6ce9972013aa3ecf689cf4ea37ac5409b4b6244 CVE-2017-5225.patch" diff --git a/main/tiff/CVE-2017-5225.patch b/main/tiff/CVE-2017-5225.patch new file mode 100644 index 0000000000..d8d2cf11e3 --- /dev/null +++ b/main/tiff/CVE-2017-5225.patch @@ -0,0 +1,69 @@ +Original patch was downloaded from + https://github.com/vadz/libtiff/commit/5c080298d59efa53264d7248bbe3a04660db6ef7 + and adjusted to tiff-4.0.7 + +commit 5c080298d59efa53264d7248bbe3a04660db6ef7 +Author: erouault <erouault> +Date: Wed Jan 11 19:25:44 2017 +0000 + + * tools/tiffcp.c: error out cleanly in cpContig2SeparateByRow and + cpSeparate2ContigByRow if BitsPerSample != 8 to avoid heap based overflow. + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2656 and + http://bugzilla.maptools.org/show_bug.cgi?id=2657 + +diff --git a/tools/tiffcp.c b/tools/tiffcp.c +index bdf754c3..8bbcd52f 100644 +--- a/tools/tiffcp.c ++++ b/tools/tiffcp.c +@@ -591,7 +591,7 @@ static copyFunc pickCopyFunc(TIFF*, TIFF*, uint16, uint16); + static int + tiffcp(TIFF* in, TIFF* out) + { +- uint16 bitspersample, samplesperpixel = 1; ++ uint16 bitspersample = 1, samplesperpixel = 1; + uint16 input_compression, input_photometric = PHOTOMETRIC_MINISBLACK; + copyFunc cf; + uint32 width, length; +@@ -1067,6 +1067,16 @@ DECLAREcpFunc(cpContig2SeparateByRow) + register uint32 n; + uint32 row; + tsample_t s; ++ uint16 bps = 0; ++ ++ (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps); ++ if( bps != 8 ) ++ { ++ TIFFError(TIFFFileName(in), ++ "Error, can only handle BitsPerSample=8 in %s", ++ "cpContig2SeparateByRow"); ++ return 0; ++ } + + inbuf = _TIFFmalloc(scanlinesizein); + outbuf = _TIFFmalloc(scanlinesizeout); +@@ -1120,6 +1130,16 @@ DECLAREcpFunc(cpSeparate2ContigByRow) + register uint32 n; + uint32 row; + tsample_t s; ++ uint16 bps = 0; ++ ++ (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps); ++ if( bps != 8 ) ++ { ++ TIFFError(TIFFFileName(in), ++ "Error, can only handle BitsPerSample=8 in %s", ++ "cpSeparate2ContigByRow"); ++ return 0; ++ } + + inbuf = _TIFFmalloc(scanlinesizein); + outbuf = _TIFFmalloc(scanlinesizeout); +@@ -1784,7 +1804,7 @@ pickCopyFunc(TIFF* in, TIFF* out, uint16 bitspersample, uint16 samplesperpixel) + uint32 w, l, tw, tl; + int bychunk; + +- (void) TIFFGetField(in, TIFFTAG_PLANARCONFIG, &shortv); ++ (void) TIFFGetFieldDefaulted(in, TIFFTAG_PLANARCONFIG, &shortv); + if (shortv != config && bitspersample != 8 && samplesperpixel > 1) { + fprintf(stderr, + "%s: Cannot handle different planar configuration w/ bits/sample != 8\n", |