From ea62ce954d4df3cca110e7e7f53cb878b8d72073 Mon Sep 17 00:00:00 2001 From: skmpz Date: Sat, 24 Apr 2021 09:43:45 +0300 Subject: [PATCH] tiff: update to 4.3.0. --- .../tiff/patches/CVE-2017-11613_part1.patch | 40 ------------------- .../tiff/patches/CVE-2017-11613_part2.patch | 33 --------------- srcpkgs/tiff/template | 8 ++-- 3 files changed, 4 insertions(+), 77 deletions(-) delete mode 100644 srcpkgs/tiff/patches/CVE-2017-11613_part1.patch delete mode 100644 srcpkgs/tiff/patches/CVE-2017-11613_part2.patch diff --git a/srcpkgs/tiff/patches/CVE-2017-11613_part1.patch b/srcpkgs/tiff/patches/CVE-2017-11613_part1.patch deleted file mode 100644 index 12e20b21120f..000000000000 --- a/srcpkgs/tiff/patches/CVE-2017-11613_part1.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 3719385a3fac5cfb20b487619a5f08abbf967cf8 Mon Sep 17 00:00:00 2001 -From: Even Rouault -Date: Sun, 11 Mar 2018 11:14:01 +0100 -Subject: [PATCH] ChopUpSingleUncompressedStrip: avoid memory exhaustion (CVE-2017-11613) - -In ChopUpSingleUncompressedStrip(), if the computed number of strips is big -enough and we are in read only mode, validate that the file size is consistent -with that number of strips to avoid useless attempts at allocating a lot of -memory for the td_stripbytecount and td_stripoffset arrays. - -Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2724 ---- - libtiff/tif_dirread.c | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c -index 3fc0c8e..1a3259c 100644 ---- libtiff/tif_dirread.c -+++ libtiff/tif_dirread.c -@@ -5698,6 +5698,17 @@ ChopUpSingleUncompressedStrip(TIFF* tif) - if( nstrips == 0 ) - return; - -+ /* If we are going to allocate a lot of memory, make sure that the */ -+ /* file is as big as needed */ -+ if( tif->tif_mode == O_RDONLY && -+ nstrips > 1000000 && -+ (tif->tif_dir.td_stripoffset[0] >= TIFFGetFileSize(tif) || -+ tif->tif_dir.td_stripbytecount[0] > -+ TIFFGetFileSize(tif) - tif->tif_dir.td_stripoffset[0]) ) -+ { -+ return; -+ } -+ - newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64), - "for chopped \"StripByteCounts\" array"); - newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64), --- -libgit2 0.27.0 - diff --git a/srcpkgs/tiff/patches/CVE-2017-11613_part2.patch b/srcpkgs/tiff/patches/CVE-2017-11613_part2.patch deleted file mode 100644 index bd3b13ed417c..000000000000 --- a/srcpkgs/tiff/patches/CVE-2017-11613_part2.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 7a092f8af2568d61993a8cc2e7a35a998d7d37be Mon Sep 17 00:00:00 2001 -From: Even Rouault -Date: Sat, 17 Mar 2018 09:36:29 +0100 -Subject: [PATCH] ChopUpSingleUncompressedStrip: avoid memory exhaustion (CVE-2017-11613) - -Rework fix done in 3719385a3fac5cfb20b487619a5f08abbf967cf8 to work in more -cases like https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6979. -Credit to OSS Fuzz - -Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2724 ---- - libtiff/tif_dirread.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c -index 1a3259c..6baa7b3 100644 ---- libtiff/tif_dirread.c -+++ libtiff/tif_dirread.c -@@ -5702,9 +5702,8 @@ ChopUpSingleUncompressedStrip(TIFF* tif) - /* file is as big as needed */ - if( tif->tif_mode == O_RDONLY && - nstrips > 1000000 && -- (tif->tif_dir.td_stripoffset[0] >= TIFFGetFileSize(tif) || -- tif->tif_dir.td_stripbytecount[0] > -- TIFFGetFileSize(tif) - tif->tif_dir.td_stripoffset[0]) ) -+ (offset >= TIFFGetFileSize(tif) || -+ stripbytes > (TIFFGetFileSize(tif) - offset) / (nstrips - 1)) ) - { - return; - } --- -libgit2 0.27.0 - diff --git a/srcpkgs/tiff/template b/srcpkgs/tiff/template index e8531ee23d1c..4179cf8afc52 100644 --- a/srcpkgs/tiff/template +++ b/srcpkgs/tiff/template @@ -1,18 +1,18 @@ # Template file for 'tiff' pkgname=tiff -version=4.2.0 -revision=2 +version=4.3.0 +revision=1 build_style=gnu-configure configure_args="--enable-cxx --without-x" hostmakedepends="automake libtool" makedepends="jbigkit-devel libjpeg-turbo-devel liblzma-devel libzstd-devel zlib-devel" short_desc="Library and tools for reading and writing TIFF data files" -maintainer="Orphaned " +maintainer="skmpz " license="libtiff" homepage="http://libtiff.maptools.org/" distfiles="http://download.osgeo.org/libtiff/tiff-${version}.tar.gz" -checksum=eb0484e568ead8fa23b513e9b0041df7e327f4ee2d22db5a533929dfc19633cb +checksum=0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8 pre_configure() { autoreconf -fi