packages/libtiff
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update to 4.1.0

Browse Source
This commit is contained in:
yanan-rock 2020-01-07 23:56:46 +08:00
parent b2a454149e
commit 37377e1a73
10 changed files with 5 additions and 260 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
CVE-2018-12900-pre.patch
View File

@ -1,39 +0,0 @@
From 2b0d0e699730d1f26bbeba8397bfdf0e9e01e59d Mon Sep 17 00:00:00 2001
From: Thomas Bernard <miniupnp@free.fr>
Date: Mon, 11 Feb 2019 10:05:33 +0100
Subject: [PATCH] check that (Tile Width)*(Samples/Pixel) do no overflow
fixes bug 2833
---
tools/tiffcp.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/tools/tiffcp.c b/tools/tiffcp.c
index 2f406e2d..f0ee2c02 100644
--- a/tools/tiffcp.c
+++ b/tools/tiffcp.c
@@ -1408,7 +1408,7 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer)
int status = 1;
uint32 imagew = TIFFRasterScanlineSize(in);
uint32 tilew = TIFFTileRowSize(in);
- int iskew = imagew - tilew*spp;
+ int iskew;
tsize_t tilesize = TIFFTileSize(in);
tdata_t tilebuf;
uint8* bufp = (uint8*) buf;
@@ -1416,6 +1416,12 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer)
uint32 row;
uint16 bps = 0, bytes_per_sample;
+ if (spp > (0x7fffffff / tilew))
+ {
+ TIFFError(TIFFFileName(in), "Error, cannot handle that much samples per tile row (Tile Width * Samples/Pixel)");
+ return 0;
+ }
+ iskew = imagew - tilew*spp;
tilebuf = _TIFFmalloc(tilesize);
if (tilebuf == 0)
return 0;
--
2.18.1

33
CVE-2018-12900.patch
View File

@ -1,33 +0,0 @@
From 7cc76e9bc40bc8eb329a718ab26ecef7dd1afd94 Mon Sep 17 00:00:00 2001
From: Thomas Bernard <miniupnp@free.fr>
Date: Mon, 11 Feb 2019 21:42:03 +0100
Subject: [PATCH] tiffcp.c: use INT_MAX
---
tools/tiffcp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tools/tiffcp.c b/tools/tiffcp.c
index f0ee2c02..8c81aa4f 100644
--- a/tools/tiffcp.c
+++ b/tools/tiffcp.c
@@ -41,6 +41,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <limits.h>
#include <ctype.h>
@@ -1416,7 +1417,7 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer)
uint32 row;
uint16 bps = 0, bytes_per_sample;
- if (spp > (0x7fffffff / tilew))
+ if (spp > (INT_MAX / tilew))
{
TIFFError(TIFFFileName(in), "Error, cannot handle that much samples per tile row (Tile Width * Samples/Pixel)");
return 0;
--
2.18.1

40
CVE-2018-19210-1.patch
View File

@ -1,40 +0,0 @@
t a/libtiff/tif_dir.c b/libtiff/tif_dir.c
index 6f0b48798bdeee91729c10e1fbcf9786234be5f3..078fbcec20677f19f7f967a4834011fe60df1df3 100644
--- a/libtiff/tif_dir.c
+++ b/libtiff/tif_dir.c
@@ -285,6 +285,18 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap)
_TIFFfree(td->td_smaxsamplevalue);
td->td_smaxsamplevalue = NULL;
}
+ /* Test if 3 transfer functions instead of just one are now needed
+ See http://bugzilla.maptools.org/show_bug.cgi?id=2820 */
+ if( td->td_transferfunction[0] != NULL && (v - td->td_extrasamples > 1) &&
+ !(td->td_samplesperpixel - td->td_extrasamples > 1))
+ {
+ TIFFWarningExt(tif->tif_clientdata,module,
+ "SamplesPerPixel tag value is changing, "
+ "but TransferFunction was read with a different value. Cancelling it");
+ TIFFClrFieldBit(tif,FIELD_TRANSFERFUNCTION);
+ _TIFFfree(td->td_transferfunction[0]);
+ td->td_transferfunction[0] = NULL;
+ }
}
td->td_samplesperpixel = (uint16) v;
break;
@@ -361,6 +373,16 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap)
_TIFFsetShortArray(&td->td_colormap[2], va_arg(ap, uint16*), v32);
break;
case TIFFTAG_EXTRASAMPLES:
+ if ( td->td_transferfunction[0] != NULL && (td->td_samplesperpixel - v > 1) &&
+ !(td->td_samplesperpixel - td->td_extrasamples > 1))
+ {
+ TIFFWarningExt(tif->tif_clientdata,module,
+ "ExtraSamples tag value is changing, "
+ "but TransferFunction was read with a different value. Cancelling it");
+ TIFFClrFieldBit(tif,FIELD_TRANSFERFUNCTION);
+ _TIFFfree(td->td_transferfunction[0]);
+ td->td_transferfunction[0] = NULL;
+ }
if (!setExtraSamples(td, ap, &v))
goto badvalue;
break;

59
CVE-2018-19210-2.patch
View File

@ -1,59 +0,0 @@
diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c
index 078fbcec20677f19f7f967a4834011fe60df1df3..028ea54a256b4123ac320138aaedd1b356c2132f 100644
--- a/libtiff/tif_dir.c
+++ b/libtiff/tif_dir.c
@@ -88,13 +88,15 @@ setDoubleArrayOneValue(double** vpp, double value, size_t nmemb)
* Install extra samples information.
*/
static int
-setExtraSamples(TIFFDirectory* td, va_list ap, uint32* v)
+setExtraSamples(TIFF* tif, va_list ap, uint32* v)
{
/* XXX: Unassociated alpha data == 999 is a known Corel Draw bug, see below */
#define EXTRASAMPLE_COREL_UNASSALPHA 999
uint16* va;
uint32 i;
+ TIFFDirectory* td = &tif->tif_dir;
+ static const char module[] = "setExtraSamples";
*v = (uint16) va_arg(ap, uint16_vap);
if ((uint16) *v > td->td_samplesperpixel)
@@ -116,6 +118,18 @@ setExtraSamples(TIFFDirectory* td, va_list ap, uint32* v)
return 0;
}
}
+
+ if ( td->td_transferfunction[0] != NULL && (td->td_samplesperpixel - *v > 1) &&
+ !(td->td_samplesperpixel - td->td_extrasamples > 1))
+ {
+ TIFFWarningExt(tif->tif_clientdata,module,
+ "ExtraSamples tag value is changing, "
+ "but TransferFunction was read with a different value. Cancelling it");
+ TIFFClrFieldBit(tif,FIELD_TRANSFERFUNCTION);
+ _TIFFfree(td->td_transferfunction[0]);
+ td->td_transferfunction[0] = NULL;
+ }
+
td->td_extrasamples = (uint16) *v;
_TIFFsetShortArray(&td->td_sampleinfo, va, td->td_extrasamples);
return 1;
@@ -373,17 +387,7 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap)
_TIFFsetShortArray(&td->td_colormap[2], va_arg(ap, uint16*), v32);
break;
case TIFFTAG_EXTRASAMPLES:
- if ( td->td_transferfunction[0] != NULL && (td->td_samplesperpixel - v > 1) &&
- !(td->td_samplesperpixel - td->td_extrasamples > 1))
- {
- TIFFWarningExt(tif->tif_clientdata,module,
- "ExtraSamples tag value is changing, "
- "but TransferFunction was read with a different value. Cancelling it");
- TIFFClrFieldBit(tif,FIELD_TRANSFERFUNCTION);
- _TIFFfree(td->td_transferfunction[0]);
- td->td_transferfunction[0] = NULL;
- }
- if (!setExtraSamples(td, ap, &v))
+ if (!setExtraSamples(tif, ap, &v))
goto badvalue;
break;
case TIFFTAG_MATTEING:

35
CVE-2019-6128.patch
View File

@ -1,35 +0,0 @@
diff --git a/tools/pal2rgb.c b/tools/pal2rgb.c
index 01d8502ecf7a8a7f015e49ca9378a1a741cbc06b..9492f1cf1212177bf7e97d307757d0977c898e90 100644
--- a/tools/pal2rgb.c
+++ b/tools/pal2rgb.c
@@ -118,12 +118,14 @@ main(int argc, char* argv[])
shortv != PHOTOMETRIC_PALETTE) {
fprintf(stderr, "%s: Expecting a palette image.\n",
argv[optind]);
+ (void) TIFFClose(in);
return (-1);
}
if (!TIFFGetField(in, TIFFTAG_COLORMAP, &rmap, &gmap, &bmap)) {
fprintf(stderr,
"%s: No colormap (not a valid palette image).\n",
argv[optind]);
+ (void) TIFFClose(in);
return (-1);
}
bitspersample = 0;
@@ -131,11 +133,14 @@ main(int argc, char* argv[])
if (bitspersample != 8) {
fprintf(stderr, "%s: Sorry, can only handle 8-bit images.\n",
argv[optind]);
+ (void) TIFFClose(in);
return (-1);
}
out = TIFFOpen(argv[optind+1], "w");
- if (out == NULL)
+ if (out == NULL) {
+ (void) TIFFClose(in);
return (-2);
+ }
cpTags(in, out);
TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &imagewidth);
TIFFGetField(in, TIFFTAG_IMAGELENGTH, &imagelength);

31
libtiff-am-version.patch
View File

@ -1,31 +0,0 @@
Back off the minimum required automake version to 1.11. There isn't
anything in libtiff currently that actually requires 1.12, and changing
this allows the package to be built on pre-F18 machines for easier testing.
This patch can go away once we no longer care about testing on pre-F18.
diff -Naur tiff-4.0.3.orig/Makefile.am tiff-4.0.3/Makefile.am
--- tiff-4.0.3.orig/Makefile.am 2012-09-20 09:22:47.000000000 -0400
+++ tiff-4.0.3/Makefile.am 2012-10-30 11:33:30.312823564 -0400
@@ -25,7 +25,7 @@
docdir = $(LIBTIFF_DOCDIR)
-AUTOMAKE_OPTIONS = 1.12 dist-zip foreign
+AUTOMAKE_OPTIONS = 1.11 dist-zip foreign
ACLOCAL_AMFLAGS = -I m4
docfiles = \
diff -Naur tiff-4.0.3.orig/test/Makefile.am tiff-4.0.3/test/Makefile.am
--- tiff-4.0.3.orig/test/Makefile.am 2012-09-20 09:22:28.000000000 -0400
+++ tiff-4.0.3/test/Makefile.am 2012-10-30 11:33:17.109696812 -0400
@@ -23,7 +23,7 @@
# Process this file with automake to produce Makefile.in.
-AUTOMAKE_OPTIONS = 1.12 color-tests parallel-tests foreign
+AUTOMAKE_OPTIONS = 1.11 color-tests parallel-tests foreign
LIBTIFF = $(top_builddir)/libtiff/libtiff.la

12
libtiff-make-check.patch
View File

@ -1,12 +0,0 @@
diff --git a/html/man/Makefile.am b/html/man/Makefile.am
index 587296c..696005e 100644
--- a/html/man/Makefile.am
+++ b/html/man/Makefile.am
@@ -92,7 +92,6 @@ docfiles = \
tiffcrop.1.html \
tiffdither.1.html \
tiffdump.1.html \
- tiffgt.1.html \
tiffinfo.1.html \
tiffmedian.1.html \
tiffset.1.html \

16
libtiff.spec
View File

@ -1,20 +1,11 @@
Name: libtiff
Version: 4.0.10
Release: 2
Version: 4.1.0
Release: 1
Summary: TIFF Library and Utilities
License: libtiff
URL: https://www.simplesystems.org/libtiff/
Source0: https://download.osgeo.org/libtiff/tiff-%{version}.tar.gz
Patch0: libtiff-am-version.patch
Patch1: libtiff-make-check.patch
Patch6001: CVE-2018-12900-pre.patch
Patch6002: CVE-2018-12900.patch
Patch6003: CVE-2018-19210-1.patch
Patch6004: CVE-2018-19210-2.patch
Patch6005: CVE-2019-6128.patch
BuildRequires: gcc gcc-c++ zlib-devel libjpeg-devel jbigkit-devel
BuildRequires: libtool automake autoconf pkgconfig git
@ -120,6 +111,9 @@ find html -name 'Makefile*' | xargs rm
%exclude %{_datadir}/html/man/tiffgt.1.html
%changelog
* Tue Jan 7 2020 openEuler Buildteam <buildteam@openeuler.org> - 4.1.0-1
- update to 4.1.0
* Mon Oct 21 2019 openEuler Buildteam <buildteam@openeuler.org> - 4.0.10-2
- Type:enhancement
- Id:NA

BIN
tiff-4.0.10.tar.gz
View File

Binary file not shown.

BIN
tiff-4.1.0.tar.gz Normal file
View File

Binary file not shown.