aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--main/tiff/APKBUILD41
-rw-r--r--main/tiff/CVE-2017-10688.patch84
-rw-r--r--main/tiff/CVE-2017-9936.patch43
3 files changed, 143 insertions, 25 deletions
diff --git a/main/tiff/APKBUILD b/main/tiff/APKBUILD
index 02713145be..d134b730ef 100644
--- a/main/tiff/APKBUILD
+++ b/main/tiff/APKBUILD
@@ -2,8 +2,8 @@
# Contributor: Leonardo Arena <rnalrd@alpinelinux.org>
# Maintainer: Michael Mason <ms13sp@gmail.com>
pkgname=tiff
-pkgver=4.0.7
-pkgrel=2
+pkgver=4.0.8
+pkgrel=0
pkgdesc="Provides support for the Tag Image File Format or TIFF"
url="http://www.libtiff.org/"
arch="all"
@@ -13,20 +13,14 @@ depends_dev="zlib-dev libjpeg-turbo-dev"
makedepends="libtool autoconf automake $depends_dev"
subpackages="$pkgname-doc $pkgname-dev $pkgname-tools"
source="http://download.osgeo.org/libtiff/$pkgname-$pkgver.tar.gz
- CVE-2017-5225.patch
- CVE-2017-7592.patch
- CVE-2017-7593.patch
- CVE-2017-7594-1.patch
- CVE-2017-7594-2.patch
- CVE-2017-7595.patch
- 0001-libtiff-tif_dirwrite.c-in-TIFFWriteDirectoryTagCheck.patch
- CVE-2017-7596.patch
- CVE-2017-7598.patch
- CVE-2017-7601.patch
- CVE-2017-7602.patch
+ CVE-2017-9936.patch
+ CVE-2017-10688.patch
"
# secfixes:
+# 4.0.8-r0:
+# - CVE-2017-9936
+# - CVE-2017-10688
# 4.0.7-r2:
# - CVE-2017-7592
# - CVE-2017-7593
@@ -100,15 +94,12 @@ tools() {
mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
}
-sha512sums="941357bdd5f947cdca41a1d31ae14b3fadc174ae5dce7b7981dbe58f61995f575ac2e97a7cc4fcc435184012017bec0920278263490464644f2cdfad9a6c5ddc tiff-4.0.7.tar.gz
-001a2df978f51025771c243edee2d033c91114bdd5318a05730b910add9c70f219a848faad899f27421ca18da6ce9972013aa3ecf689cf4ea37ac5409b4b6244 CVE-2017-5225.patch
-c2401f41ce4725b94159da25290270fe4029bacd934aec4d85b4468b4ee8b37fffd4f07eb12ed654863c3ad97474cd4c196db0a3a0ccf6497fc4d8e6d46a5961 CVE-2017-7592.patch
-487de0b6a4cf7f09bf23b8217ec8dbac3640f7e47cd86e885f331bc41e385146fd73c6e079768952adb6fa12148b9e52a177bf67affdfe8bdf3d8205302a3f0c CVE-2017-7593.patch
-0d1639932613811ac7f9cc626e296a388ca922a2a9843d88e256e2f1249593799f98bbd353c84ad193d8e6a80f62f2d8751196169a07db1c47abd869676e83ed CVE-2017-7594-1.patch
-0c77d2ade6d307c3fa1e9e44bf546d72f5664273f1e961fbe604c409e929a695282b71af137ff060a9f6adf8e471313270babc223df36d978cdca3d6681bd5a2 CVE-2017-7594-2.patch
-bfbd193adb65feab8609231334ba7867c925997940398d1155f2cef8351fabeea0f3c0840aefdcd3f648e35e503f024bfdab00d544927368256025f7e3fb5214 CVE-2017-7595.patch
-e64c3753c01029f2d951ca376ab14eaeb824e8021da5038a13e3216e499fc07c82fb8d1447642b3835cf22742785f856905220d1bbde561f4fa38ebb1fecb6e0 0001-libtiff-tif_dirwrite.c-in-TIFFWriteDirectoryTagCheck.patch
-88e5e1e07f295933357adba70e88d5c3537e3d0e07951da1736407d871f7a44e370011b436fa923853ea47a51322bb503f7c7d6273791a654cf0fb104acf69b5 CVE-2017-7596.patch
-098ece44709233abb905ede3d4034070c91e70e9c0c237568622598871062e212f40b4e0dfdd27fc66bd8a53aa3e9250072de8a991db93140e54db902224d79c CVE-2017-7598.patch
-8264e9c82e60b33e08de53492cf0777402c1b5e54e42bf5b65360a6b1e9f54776bad496468fd4c32a31dadde760ccb1ae606d07ede36644218e2c8f30d292bd8 CVE-2017-7601.patch
-12187ae305c2efbdaec2a6cfb05bd32286b9ab90bab7801a996a0f13ef8efe12951b77b51be09e9b56f7d092b7771b06109c4d1b35374fea819559b7e042135b CVE-2017-7602.patch"
+md5sums="2a7d1c1318416ddf36d5f6fa4600069b tiff-4.0.8.tar.gz
+01159a84385e422933502e7afc74297e CVE-2017-9936.patch
+abbb8147e9201610cb33f3652be61ea1 CVE-2017-10688.patch"
+sha256sums="59d7a5a8ccd92059913f246877db95a2918e6c04fb9d43fd74e5c3390dac2910 tiff-4.0.8.tar.gz
+5c933324116c5ef1751097afe3635a83ef73982bc22bd7eca24de1594ac33cb4 CVE-2017-9936.patch
+2460178424a56ba203df08c06148493789441ab5e246acf71bcce50cc23a9662 CVE-2017-10688.patch"
+sha512sums="5d010ec4ce37aca733f7ab7db9f432987b0cd21664bd9d99452a146833c40f0d1e7309d1870b0395e947964134d5cfeb1366181e761fe353ad585803ff3d6be6 tiff-4.0.8.tar.gz
+fdb9d442527f256047279a685369bb8f2d9c9bf97089ba7e66be5a478fdb1abd47482ff941aef7917001595245dd9ef787101bd59c96773ee7e8f6cc5431bfd5 CVE-2017-9936.patch
+79880a6278a1e3e66f4014bbe1cf3323ce1e9554e3658536d6076fff09978e47e1e47ca6a273a87220f6d4c3121ed544ebb9ad0a64b5f6387c0e83915fdba517 CVE-2017-10688.patch"
diff --git a/main/tiff/CVE-2017-10688.patch b/main/tiff/CVE-2017-10688.patch
new file mode 100644
index 0000000000..9775f69bc6
--- /dev/null
+++ b/main/tiff/CVE-2017-10688.patch
@@ -0,0 +1,84 @@
+From 6173a57d39e04d68b139f8c1aa499a24dbe74ba1 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Fri, 30 Jun 2017 17:29:44 +0000
+Subject: [PATCH] * libtiff/tif_dirwrite.c: in
+ TIFFWriteDirectoryTagCheckedXXXX() functions associated with LONG8/SLONG8
+ data type, replace assertion that the file is BigTIFF, by a non-fatal error.
+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2712 Reported by team
+ OWL337
+
+---
+ ChangeLog | 8 ++++++++
+ libtiff/tif_dirwrite.c | 20 ++++++++++++++++----
+ 2 files changed, 24 insertions(+), 4 deletions(-)
+
+diff --git a/ChangeLog b/ChangeLog
+index 6f085e09..77a64385 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,5 +1,13 @@
+ 2017-06-30 Even Rouault <even.rouault at spatialys.com>
+
++ * libtiff/tif_dirwrite.c: in TIFFWriteDirectoryTagCheckedXXXX()
++ functions associated with LONG8/SLONG8 data type, replace assertion that
++ the file is BigTIFF, by a non-fatal error.
++ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2712
++ Reported by team OWL337
++
++2017-06-30 Even Rouault <even.rouault at spatialys.com>
++
+ * libtiff/tif_read.c, tiffiop.h: add a _TIFFReadEncodedStripAndAllocBuffer()
+ function, variant of TIFFReadEncodedStrip() that allocates the
+ decoded buffer only after a first successful TIFFFillStrip(). This avoids
+diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
+index 2967da58..8d6686ba 100644
+--- a/libtiff/tif_dirwrite.c
++++ b/libtiff/tif_dirwrite.c
+@@ -2111,7 +2111,10 @@ TIFFWriteDirectoryTagCheckedLong8(TIFF* tif, uint32* ndir, TIFFDirEntry* dir, ui
+ {
+ uint64 m;
+ assert(sizeof(uint64)==8);
+- assert(tif->tif_flags&TIFF_BIGTIFF);
++ if( !(tif->tif_flags&TIFF_BIGTIFF) ) {
++ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","LONG8 not allowed for ClassicTIFF");
++ return(0);
++ }
+ m=value;
+ if (tif->tif_flags&TIFF_SWAB)
+ TIFFSwabLong8(&m);
+@@ -2124,7 +2127,10 @@ TIFFWriteDirectoryTagCheckedLong8Array(TIFF* tif, uint32* ndir, TIFFDirEntry* di
+ {
+ assert(count<0x20000000);
+ assert(sizeof(uint64)==8);
+- assert(tif->tif_flags&TIFF_BIGTIFF);
++ if( !(tif->tif_flags&TIFF_BIGTIFF) ) {
++ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","LONG8 not allowed for ClassicTIFF");
++ return(0);
++ }
+ if (tif->tif_flags&TIFF_SWAB)
+ TIFFSwabArrayOfLong8(value,count);
+ return(TIFFWriteDirectoryTagData(tif,ndir,dir,tag,TIFF_LONG8,count,count*8,value));
+@@ -2136,7 +2142,10 @@ TIFFWriteDirectoryTagCheckedSlong8(TIFF* tif, uint32* ndir, TIFFDirEntry* dir, u
+ {
+ int64 m;
+ assert(sizeof(int64)==8);
+- assert(tif->tif_flags&TIFF_BIGTIFF);
++ if( !(tif->tif_flags&TIFF_BIGTIFF) ) {
++ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","SLONG8 not allowed for ClassicTIFF");
++ return(0);
++ }
+ m=value;
+ if (tif->tif_flags&TIFF_SWAB)
+ TIFFSwabLong8((uint64*)(&m));
+@@ -2149,7 +2158,10 @@ TIFFWriteDirectoryTagCheckedSlong8Array(TIFF* tif, uint32* ndir, TIFFDirEntry* d
+ {
+ assert(count<0x20000000);
+ assert(sizeof(int64)==8);
+- assert(tif->tif_flags&TIFF_BIGTIFF);
++ if( !(tif->tif_flags&TIFF_BIGTIFF) ) {
++ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","SLONG8 not allowed for ClassicTIFF");
++ return(0);
++ }
+ if (tif->tif_flags&TIFF_SWAB)
+ TIFFSwabArrayOfLong8((uint64*)value,count);
+ return(TIFFWriteDirectoryTagData(tif,ndir,dir,tag,TIFF_SLONG8,count,count*8,value));
diff --git a/main/tiff/CVE-2017-9936.patch b/main/tiff/CVE-2017-9936.patch
new file mode 100644
index 0000000000..4d1ac0c823
--- /dev/null
+++ b/main/tiff/CVE-2017-9936.patch
@@ -0,0 +1,43 @@
+From fe8d7165956b88df4837034a9161dc5fd20cf67a Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Mon, 26 Jun 2017 15:19:59 +0000
+Subject: [PATCH] * libtiff/tif_jbig.c: fix memory leak in error code path of
+ JBIGDecode() Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2706 Reported
+ by team OWL337
+
+* libtiff/tif_jpeg.c: error out at decoding time if anticipated libjpeg
+---
+ ChangeLog | 8 +++++++-
+ libtiff/tif_jbig.c | 1 +
+ 2 files changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/ChangeLog b/ChangeLog
+index bc5096e7..ecd70534 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,6 +1,12 @@
++2017-06-26 Even Rouault <even.rouault at spatialys.com>
++
++ * libtiff/tif_jbig.c: fix memory leak in error code path of JBIGDecode()
++ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2706
++ Reported by team OWL337
++
+ 2017-06-24 Even Rouault <even.rouault at spatialys.com>
+
+- * libjpeg/tif_jpeg.c: error out at decoding time if anticipated libjpeg
++ * libtiff/tif_jpeg.c: error out at decoding time if anticipated libjpeg
+ memory allocation is above 100 MB. libjpeg in case of multiple scans,
+ which is allowed even in baseline JPEG, if components are spread over several
+ scans and not interleavedin a single one, needs to allocate memory (or
+diff --git a/libtiff/tif_jbig.c b/libtiff/tif_jbig.c
+index 5f5f75e2..c75f31d9 100644
+--- a/libtiff/tif_jbig.c
++++ b/libtiff/tif_jbig.c
+@@ -94,6 +94,7 @@ static int JBIGDecode(TIFF* tif, uint8* buffer, tmsize_t size, uint16 s)
+ jbg_strerror(decodeStatus)
+ #endif
+ );
++ jbg_dec_free(&decoder);
+ return 0;
+ }
+
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-12 23:12:14 +0000