security fix

author: BuildTools 2017-07-28 18:46:06 -0700
committer: BuildTools 2017-07-28 18:46:06 -0700
commit: 1e0c1b2238cd721a2e1b0b7abfede2f2f98ac54a (patch)
tree: bf76e214ff912dc04fb32ee7d469eae1cdfbc88f
parent: 614a5bf81bf9666fa2dba18686a50f49dac4d092 (diff)
download: aur-1e0c1b2238cd721a2e1b0b7abfede2f2f98ac54a.tar.gz
3 files changed, 191 insertions, 7 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 8ed2d7dc68b7..d1e61699dd13 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,10 +1,10 @@
 # Generated by mksrcinfo v8
-# Thu May 25 22:31:43 UTC 2017
+# Sat Jul 29 01:45:53 UTC 2017
 pkgbase = mingw-w64-libtiff
 	pkgdesc = Library for manipulation of TIFF images (mingw-w64)
 	pkgver = 4.0.8
-	pkgrel = 1
-	url = http://www.remotesensing.org/libtiff
+	pkgrel = 2
+	url = http://www.simplesystems.org/libtiff/
 	arch = any
 	license = custom
 	makedepends = mingw-w64-configure
@@ -15,7 +15,9 @@ pkgbase = mingw-w64-libtiff
 	options = !buildflags
 	options = !strip
 	source = http://download.osgeo.org/libtiff/tiff-4.0.8.tar.gz
+	source = CVE-2016-10095.patch
 	sha256sums = 59d7a5a8ccd92059913f246877db95a2918e6c04fb9d43fd74e5c3390dac2910
+	sha256sums = 36063a31e9317c3745b5e03b210c948586ea469205b06d3dde2e1b2493f18d81
 
 pkgname = mingw-w64-libtiff
 
diff --git a/CVE-2016-10095.patch b/CVE-2016-10095.patch
new file mode 100644
index 000000000000..1c9fc5fbf7b5
--- /dev/null
+++ b/CVE-2016-10095.patch
@@ -0,0 +1,175 @@
+From 4d4fa0b68ae9ae038959ee4f69ebe288ec892f06 Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Thu, 1 Jun 2017 12:44:04 +0000
+Subject: [PATCH] =?UTF-8?q?*=20libtiff/tif=5Fdirinfo.c,=20tif=5Fdirread.c:?=
+ =?UTF-8?q?=20add=20=5FTIFFCheckFieldIsValidForCodec(),=20and=20use=20it?=
+ =?UTF-8?q?=20in=20TIFFReadDirectory()=20so=20as=20to=20ignore=20fields=20?=
+ =?UTF-8?q?whose=20tag=20is=20a=20codec-specified=20tag=20but=20this=20cod?=
+ =?UTF-8?q?ec=20is=20not=20enabled.=20This=20avoids=20TIFFGetField()=20to?=
+ =?UTF-8?q?=20behave=20differently=20depending=20on=20whether=20the=20code?=
+ =?UTF-8?q?c=20is=20enabled=20or=20not,=20and=20thus=20can=20avoid=20stack?=
+ =?UTF-8?q?=20based=20buffer=20overflows=20in=20a=20number=20of=20TIFF=20u?=
+ =?UTF-8?q?tilities=20such=20as=20tiffsplit,=20tiffcmp,=20thumbnail,=20etc?=
+ =?UTF-8?q?.=20Patch=20derived=20from=200063-Handle-properly-CODEC-specifi?=
+ =?UTF-8?q?c-tags.patch=20(http://bugzilla.maptools.org/show=5Fbug.cgi=3Fi?=
+ =?UTF-8?q?d=3D2580)=20by=20Rapha=C3=ABl=20Hertzog.=20Fixes:=20http://bugz?=
+ =?UTF-8?q?illa.maptools.org/show=5Fbug.cgi=3Fid=3D2580=20http://bugzilla.?=
+ =?UTF-8?q?maptools.org/show=5Fbug.cgi=3Fid=3D2693=20http://bugzilla.mapto?=
+ =?UTF-8?q?ols.org/show=5Fbug.cgi=3Fid=3D2625=20(CVE-2016-10095)=20http://?=
+ =?UTF-8?q?bugzilla.maptools.org/show=5Fbug.cgi=3Fid=3D2564=20(CVE-2015-75?=
+ =?UTF-8?q?54)=20http://bugzilla.maptools.org/show=5Fbug.cgi=3Fid=3D2561?=
+ =?UTF-8?q?=20(CVE-2016-5318)=20http://bugzilla.maptools.org/show=5Fbug.cg?=
+ =?UTF-8?q?i=3Fid=3D2499=20(CVE-2014-8128)=20http://bugzilla.maptools.org/?=
+ =?UTF-8?q?show=5Fbug.cgi=3Fid=3D2441=20http://bugzilla.maptools.org/show?=
+ =?UTF-8?q?=5Fbug.cgi=3Fid=3D2433?=
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+---
+ libtiff/tif_dir.h     |   1 +
+ libtiff/tif_dirinfo.c | 103 ++++++++++++++++++++++++++++++++++++++++++++++++++
+ libtiff/tif_dirread.c |   4 ++
+ 4 files changed, 128 insertions(+)
+
+diff --git a/libtiff/tif_dir.h b/libtiff/tif_dir.h
+index e12b44b2..5206be49 100644
+--- a/libtiff/tif_dir.h
++++ b/libtiff/tif_dir.h
+@@ -291,6 +291,7 @@ struct _TIFFField {
+ extern int _TIFFMergeFields(TIFF*, const TIFFField[], uint32);
+ extern const TIFFField* _TIFFFindOrRegisterField(TIFF *, uint32, TIFFDataType);
+ extern  TIFFField* _TIFFCreateAnonField(TIFF *, uint32, TIFFDataType);
++extern int _TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag);
+ 
+ #if defined(__cplusplus)
+ }
+diff --git a/libtiff/tif_dirinfo.c b/libtiff/tif_dirinfo.c
+index 0c8ef424..97c0df05 100644
+--- a/libtiff/tif_dirinfo.c
++++ b/libtiff/tif_dirinfo.c
+@@ -956,6 +956,109 @@ TIFFMergeFieldInfo(TIFF* tif, const TIFFFieldInfo info[], uint32 n)
+ 	return 0;
+ }
+ 
++int
++_TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag)
++{
++	/* Filter out non-codec specific tags */
++	switch (tag) {
++	    /* Shared tags */
++	    case TIFFTAG_PREDICTOR:
++	    /* JPEG tags */
++	    case TIFFTAG_JPEGTABLES:
++	    /* OJPEG tags */
++	    case TIFFTAG_JPEGIFOFFSET:
++	    case TIFFTAG_JPEGIFBYTECOUNT:
++	    case TIFFTAG_JPEGQTABLES:
++	    case TIFFTAG_JPEGDCTABLES:
++	    case TIFFTAG_JPEGACTABLES:
++	    case TIFFTAG_JPEGPROC:
++	    case TIFFTAG_JPEGRESTARTINTERVAL:
++	    /* CCITT* */
++	    case TIFFTAG_BADFAXLINES:
++	    case TIFFTAG_CLEANFAXDATA:
++	    case TIFFTAG_CONSECUTIVEBADFAXLINES:
++	    case TIFFTAG_GROUP3OPTIONS:
++	    case TIFFTAG_GROUP4OPTIONS:
++		break;
++	    default:
++		return 1;
++	}
++	/* Check if codec specific tags are allowed for the current
++	 * compression scheme (codec) */
++	switch (tif->tif_dir.td_compression) {
++	    case COMPRESSION_LZW:
++		if (tag == TIFFTAG_PREDICTOR)
++		    return 1;
++		break;
++	    case COMPRESSION_PACKBITS:
++		/* No codec-specific tags */
++		break;
++	    case COMPRESSION_THUNDERSCAN:
++		/* No codec-specific tags */
++		break;
++	    case COMPRESSION_NEXT:
++		/* No codec-specific tags */
++		break;
++	    case COMPRESSION_JPEG:
++		if (tag == TIFFTAG_JPEGTABLES)
++		    return 1;
++		break;
++	    case COMPRESSION_OJPEG:
++		switch (tag) {
++		    case TIFFTAG_JPEGIFOFFSET:
++		    case TIFFTAG_JPEGIFBYTECOUNT:
++		    case TIFFTAG_JPEGQTABLES:
++		    case TIFFTAG_JPEGDCTABLES:
++		    case TIFFTAG_JPEGACTABLES:
++		    case TIFFTAG_JPEGPROC:
++		    case TIFFTAG_JPEGRESTARTINTERVAL:
++			return 1;
++		}
++		break;
++	    case COMPRESSION_CCITTRLE:
++	    case COMPRESSION_CCITTRLEW:
++	    case COMPRESSION_CCITTFAX3:
++	    case COMPRESSION_CCITTFAX4:
++		switch (tag) {
++		    case TIFFTAG_BADFAXLINES:
++		    case TIFFTAG_CLEANFAXDATA:
++		    case TIFFTAG_CONSECUTIVEBADFAXLINES:
++			return 1;
++		    case TIFFTAG_GROUP3OPTIONS:
++			if (tif->tif_dir.td_compression == COMPRESSION_CCITTFAX3)
++			    return 1;
++			break;
++		    case TIFFTAG_GROUP4OPTIONS:
++			if (tif->tif_dir.td_compression == COMPRESSION_CCITTFAX4)
++			    return 1;
++			break;
++		}
++		break;
++	    case COMPRESSION_JBIG:
++		/* No codec-specific tags */
++		break;
++	    case COMPRESSION_DEFLATE:
++	    case COMPRESSION_ADOBE_DEFLATE:
++		if (tag == TIFFTAG_PREDICTOR)
++		    return 1;
++		break;
++	   case COMPRESSION_PIXARLOG:
++		if (tag == TIFFTAG_PREDICTOR)
++		    return 1;
++		break;
++	    case COMPRESSION_SGILOG:
++	    case COMPRESSION_SGILOG24:
++		/* No codec-specific tags */
++		break;
++	    case COMPRESSION_LZMA:
++		if (tag == TIFFTAG_PREDICTOR)
++		    return 1;
++		break;
++
++	}
++	return 0;
++}
++
+ /* vim: set ts=8 sts=8 sw=8 noet: */
+ 
+ /*
+diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
+index 1d4f0b9a..f1dc3d79 100644
+--- a/libtiff/tif_dirread.c
++++ b/libtiff/tif_dirread.c
+@@ -3580,6 +3580,10 @@ TIFFReadDirectory(TIFF* tif)
+ 							goto bad;
+ 						dp->tdir_tag=IGNORE;
+ 						break;
++                                        default:
++                                            if( !_TIFFCheckFieldIsValidForCodec(tif, dp->tdir_tag) )
++                                                dp->tdir_tag=IGNORE;
++                                            break;
+ 				}
+ 			}
+ 		}
diff --git a/PKGBUILD b/PKGBUILD
index 524fdf23eeed..e9f01334fc6e 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,19 +1,26 @@
 # Contributor: bubla <matej.tyc@gmail.com>
 pkgname=mingw-w64-libtiff
 pkgver=4.0.8
-pkgrel=1
+pkgrel=2
 pkgdesc="Library for manipulation of TIFF images (mingw-w64)"
 arch=(any)
-url="http://www.remotesensing.org/libtiff"
+url="http://www.simplesystems.org/libtiff/"
 license=("custom")
 depends=(mingw-w64-libjpeg-turbo mingw-w64-zlib mingw-w64-xz)
 makedepends=(mingw-w64-configure)
 options=(staticlibs !buildflags !strip)
-source=("http://download.osgeo.org/libtiff/tiff-${pkgver}.tar.gz")
-sha256sums=('59d7a5a8ccd92059913f246877db95a2918e6c04fb9d43fd74e5c3390dac2910')
+source=("http://download.osgeo.org/libtiff/tiff-${pkgver}.tar.gz"
+"CVE-2016-10095.patch")
+sha256sums=('59d7a5a8ccd92059913f246877db95a2918e6c04fb9d43fd74e5c3390dac2910'
+            '36063a31e9317c3745b5e03b210c948586ea469205b06d3dde2e1b2493f18d81')
 
 _architectures="i686-w64-mingw32 x86_64-w64-mingw32"
 
+prepare() {
+  cd tiff-$pkgver
+  patch -p1 -i ../CVE-2016-10095.patch # Fix several security issues
+}
+
 build() {
 	export CFLAGS+=" -fno-strict-aliasing"
   export CXXFLAGS+=" -fno-strict-aliasing"
author	BuildTools	2017-07-28 18:46:06 -0700
committer	BuildTools	2017-07-28 18:46:06 -0700
commit	1e0c1b2238cd721a2e1b0b7abfede2f2f98ac54a (patch)
tree	bf76e214ff912dc04fb32ee7d469eae1cdfbc88f
parent	614a5bf81bf9666fa2dba18686a50f49dac4d092 (diff)
download	aur-1e0c1b2238cd721a2e1b0b7abfede2f2f98ac54a.tar.gz