diff options
author | BuildTools | 2017-07-28 18:46:06 -0700 |
---|---|---|
committer | BuildTools | 2017-07-28 18:46:06 -0700 |
commit | 1e0c1b2238cd721a2e1b0b7abfede2f2f98ac54a (patch) | |
tree | bf76e214ff912dc04fb32ee7d469eae1cdfbc88f | |
parent | 614a5bf81bf9666fa2dba18686a50f49dac4d092 (diff) | |
download | aur-1e0c1b2238cd721a2e1b0b7abfede2f2f98ac54a.tar.gz |
security fix
-rw-r--r-- | .SRCINFO | 8 | ||||
-rw-r--r-- | CVE-2016-10095.patch | 175 | ||||
-rw-r--r-- | PKGBUILD | 15 |
3 files changed, 191 insertions, 7 deletions
@@ -1,10 +1,10 @@ # Generated by mksrcinfo v8 -# Thu May 25 22:31:43 UTC 2017 +# Sat Jul 29 01:45:53 UTC 2017 pkgbase = mingw-w64-libtiff pkgdesc = Library for manipulation of TIFF images (mingw-w64) pkgver = 4.0.8 - pkgrel = 1 - url = http://www.remotesensing.org/libtiff + pkgrel = 2 + url = http://www.simplesystems.org/libtiff/ arch = any license = custom makedepends = mingw-w64-configure @@ -15,7 +15,9 @@ pkgbase = mingw-w64-libtiff options = !buildflags options = !strip source = http://download.osgeo.org/libtiff/tiff-4.0.8.tar.gz + source = CVE-2016-10095.patch sha256sums = 59d7a5a8ccd92059913f246877db95a2918e6c04fb9d43fd74e5c3390dac2910 + sha256sums = 36063a31e9317c3745b5e03b210c948586ea469205b06d3dde2e1b2493f18d81 pkgname = mingw-w64-libtiff diff --git a/CVE-2016-10095.patch b/CVE-2016-10095.patch new file mode 100644 index 000000000000..1c9fc5fbf7b5 --- /dev/null +++ b/CVE-2016-10095.patch @@ -0,0 +1,175 @@ +From 4d4fa0b68ae9ae038959ee4f69ebe288ec892f06 Mon Sep 17 00:00:00 2001 +From: erouault <erouault> +Date: Thu, 1 Jun 2017 12:44:04 +0000 +Subject: [PATCH] =?UTF-8?q?*=20libtiff/tif=5Fdirinfo.c,=20tif=5Fdirread.c:?= + =?UTF-8?q?=20add=20=5FTIFFCheckFieldIsValidForCodec(),=20and=20use=20it?= + =?UTF-8?q?=20in=20TIFFReadDirectory()=20so=20as=20to=20ignore=20fields=20?= + =?UTF-8?q?whose=20tag=20is=20a=20codec-specified=20tag=20but=20this=20cod?= + =?UTF-8?q?ec=20is=20not=20enabled.=20This=20avoids=20TIFFGetField()=20to?= + =?UTF-8?q?=20behave=20differently=20depending=20on=20whether=20the=20code?= + =?UTF-8?q?c=20is=20enabled=20or=20not,=20and=20thus=20can=20avoid=20stack?= + =?UTF-8?q?=20based=20buffer=20overflows=20in=20a=20number=20of=20TIFF=20u?= + =?UTF-8?q?tilities=20such=20as=20tiffsplit,=20tiffcmp,=20thumbnail,=20etc?= + =?UTF-8?q?.=20Patch=20derived=20from=200063-Handle-properly-CODEC-specifi?= + =?UTF-8?q?c-tags.patch=20(http://bugzilla.maptools.org/show=5Fbug.cgi=3Fi?= + =?UTF-8?q?d=3D2580)=20by=20Rapha=C3=ABl=20Hertzog.=20Fixes:=20http://bugz?= + =?UTF-8?q?illa.maptools.org/show=5Fbug.cgi=3Fid=3D2580=20http://bugzilla.?= + =?UTF-8?q?maptools.org/show=5Fbug.cgi=3Fid=3D2693=20http://bugzilla.mapto?= + =?UTF-8?q?ols.org/show=5Fbug.cgi=3Fid=3D2625=20(CVE-2016-10095)=20http://?= + =?UTF-8?q?bugzilla.maptools.org/show=5Fbug.cgi=3Fid=3D2564=20(CVE-2015-75?= + =?UTF-8?q?54)=20http://bugzilla.maptools.org/show=5Fbug.cgi=3Fid=3D2561?= + =?UTF-8?q?=20(CVE-2016-5318)=20http://bugzilla.maptools.org/show=5Fbug.cg?= + =?UTF-8?q?i=3Fid=3D2499=20(CVE-2014-8128)=20http://bugzilla.maptools.org/?= + =?UTF-8?q?show=5Fbug.cgi=3Fid=3D2441=20http://bugzilla.maptools.org/show?= + =?UTF-8?q?=5Fbug.cgi=3Fid=3D2433?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +--- + libtiff/tif_dir.h | 1 + + libtiff/tif_dirinfo.c | 103 ++++++++++++++++++++++++++++++++++++++++++++++++++ + libtiff/tif_dirread.c | 4 ++ + 4 files changed, 128 insertions(+) + +diff --git a/libtiff/tif_dir.h b/libtiff/tif_dir.h +index e12b44b2..5206be49 100644 +--- a/libtiff/tif_dir.h ++++ b/libtiff/tif_dir.h +@@ -291,6 +291,7 @@ struct _TIFFField { + extern int _TIFFMergeFields(TIFF*, const TIFFField[], uint32); + extern const TIFFField* _TIFFFindOrRegisterField(TIFF *, uint32, TIFFDataType); + extern TIFFField* _TIFFCreateAnonField(TIFF *, uint32, TIFFDataType); ++extern int _TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag); + + #if defined(__cplusplus) + } +diff --git a/libtiff/tif_dirinfo.c b/libtiff/tif_dirinfo.c +index 0c8ef424..97c0df05 100644 +--- a/libtiff/tif_dirinfo.c ++++ b/libtiff/tif_dirinfo.c +@@ -956,6 +956,109 @@ TIFFMergeFieldInfo(TIFF* tif, const TIFFFieldInfo info[], uint32 n) + return 0; + } + ++int ++_TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag) ++{ ++ /* Filter out non-codec specific tags */ ++ switch (tag) { ++ /* Shared tags */ ++ case TIFFTAG_PREDICTOR: ++ /* JPEG tags */ ++ case TIFFTAG_JPEGTABLES: ++ /* OJPEG tags */ ++ case TIFFTAG_JPEGIFOFFSET: ++ case TIFFTAG_JPEGIFBYTECOUNT: ++ case TIFFTAG_JPEGQTABLES: ++ case TIFFTAG_JPEGDCTABLES: ++ case TIFFTAG_JPEGACTABLES: ++ case TIFFTAG_JPEGPROC: ++ case TIFFTAG_JPEGRESTARTINTERVAL: ++ /* CCITT* */ ++ case TIFFTAG_BADFAXLINES: ++ case TIFFTAG_CLEANFAXDATA: ++ case TIFFTAG_CONSECUTIVEBADFAXLINES: ++ case TIFFTAG_GROUP3OPTIONS: ++ case TIFFTAG_GROUP4OPTIONS: ++ break; ++ default: ++ return 1; ++ } ++ /* Check if codec specific tags are allowed for the current ++ * compression scheme (codec) */ ++ switch (tif->tif_dir.td_compression) { ++ case COMPRESSION_LZW: ++ if (tag == TIFFTAG_PREDICTOR) ++ return 1; ++ break; ++ case COMPRESSION_PACKBITS: ++ /* No codec-specific tags */ ++ break; ++ case COMPRESSION_THUNDERSCAN: ++ /* No codec-specific tags */ ++ break; ++ case COMPRESSION_NEXT: ++ /* No codec-specific tags */ ++ break; ++ case COMPRESSION_JPEG: ++ if (tag == TIFFTAG_JPEGTABLES) ++ return 1; ++ break; ++ case COMPRESSION_OJPEG: ++ switch (tag) { ++ case TIFFTAG_JPEGIFOFFSET: ++ case TIFFTAG_JPEGIFBYTECOUNT: ++ case TIFFTAG_JPEGQTABLES: ++ case TIFFTAG_JPEGDCTABLES: ++ case TIFFTAG_JPEGACTABLES: ++ case TIFFTAG_JPEGPROC: ++ case TIFFTAG_JPEGRESTARTINTERVAL: ++ return 1; ++ } ++ break; ++ case COMPRESSION_CCITTRLE: ++ case COMPRESSION_CCITTRLEW: ++ case COMPRESSION_CCITTFAX3: ++ case COMPRESSION_CCITTFAX4: ++ switch (tag) { ++ case TIFFTAG_BADFAXLINES: ++ case TIFFTAG_CLEANFAXDATA: ++ case TIFFTAG_CONSECUTIVEBADFAXLINES: ++ return 1; ++ case TIFFTAG_GROUP3OPTIONS: ++ if (tif->tif_dir.td_compression == COMPRESSION_CCITTFAX3) ++ return 1; ++ break; ++ case TIFFTAG_GROUP4OPTIONS: ++ if (tif->tif_dir.td_compression == COMPRESSION_CCITTFAX4) ++ return 1; ++ break; ++ } ++ break; ++ case COMPRESSION_JBIG: ++ /* No codec-specific tags */ ++ break; ++ case COMPRESSION_DEFLATE: ++ case COMPRESSION_ADOBE_DEFLATE: ++ if (tag == TIFFTAG_PREDICTOR) ++ return 1; ++ break; ++ case COMPRESSION_PIXARLOG: ++ if (tag == TIFFTAG_PREDICTOR) ++ return 1; ++ break; ++ case COMPRESSION_SGILOG: ++ case COMPRESSION_SGILOG24: ++ /* No codec-specific tags */ ++ break; ++ case COMPRESSION_LZMA: ++ if (tag == TIFFTAG_PREDICTOR) ++ return 1; ++ break; ++ ++ } ++ return 0; ++} ++ + /* vim: set ts=8 sts=8 sw=8 noet: */ + + /* +diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c +index 1d4f0b9a..f1dc3d79 100644 +--- a/libtiff/tif_dirread.c ++++ b/libtiff/tif_dirread.c +@@ -3580,6 +3580,10 @@ TIFFReadDirectory(TIFF* tif) + goto bad; + dp->tdir_tag=IGNORE; + break; ++ default: ++ if( !_TIFFCheckFieldIsValidForCodec(tif, dp->tdir_tag) ) ++ dp->tdir_tag=IGNORE; ++ break; + } + } + } @@ -1,19 +1,26 @@ # Contributor: bubla <matej.tyc@gmail.com> pkgname=mingw-w64-libtiff pkgver=4.0.8 -pkgrel=1 +pkgrel=2 pkgdesc="Library for manipulation of TIFF images (mingw-w64)" arch=(any) -url="http://www.remotesensing.org/libtiff" +url="http://www.simplesystems.org/libtiff/" license=("custom") depends=(mingw-w64-libjpeg-turbo mingw-w64-zlib mingw-w64-xz) makedepends=(mingw-w64-configure) options=(staticlibs !buildflags !strip) -source=("http://download.osgeo.org/libtiff/tiff-${pkgver}.tar.gz") -sha256sums=('59d7a5a8ccd92059913f246877db95a2918e6c04fb9d43fd74e5c3390dac2910') +source=("http://download.osgeo.org/libtiff/tiff-${pkgver}.tar.gz" +"CVE-2016-10095.patch") +sha256sums=('59d7a5a8ccd92059913f246877db95a2918e6c04fb9d43fd74e5c3390dac2910' + '36063a31e9317c3745b5e03b210c948586ea469205b06d3dde2e1b2493f18d81') _architectures="i686-w64-mingw32 x86_64-w64-mingw32" +prepare() { + cd tiff-$pkgver + patch -p1 -i ../CVE-2016-10095.patch # Fix several security issues +} + build() { export CFLAGS+=" -fno-strict-aliasing" export CXXFLAGS+=" -fno-strict-aliasing" |