Date: Thursday, March 22, 2018 @ 12:11:14 Author: arojas Revision: 310500
archrelease: copy trunk to multilib-x86_64 Added: lib32-libtiff/repos/multilib-x86_64/PKGBUILD (from rev 310499, lib32-libtiff/trunk/PKGBUILD) Deleted: lib32-libtiff/repos/multilib-x86_64/CVE-2016-10095.patch lib32-libtiff/repos/multilib-x86_64/PKGBUILD ----------------------+ CVE-2016-10095.patch | 175 ------------------------------------------------- PKGBUILD | 88 +++++++++++------------- 2 files changed, 41 insertions(+), 222 deletions(-) Deleted: CVE-2016-10095.patch =================================================================== --- CVE-2016-10095.patch 2018-03-22 12:10:47 UTC (rev 310499) +++ CVE-2016-10095.patch 2018-03-22 12:11:14 UTC (rev 310500) @@ -1,175 +0,0 @@ -From 4d4fa0b68ae9ae038959ee4f69ebe288ec892f06 Mon Sep 17 00:00:00 2001 -From: erouault <erouault> -Date: Thu, 1 Jun 2017 12:44:04 +0000 -Subject: [PATCH] =?UTF-8?q?*=20libtiff/tif=5Fdirinfo.c,=20tif=5Fdirread.c:?= - =?UTF-8?q?=20add=20=5FTIFFCheckFieldIsValidForCodec(),=20and=20use=20it?= - =?UTF-8?q?=20in=20TIFFReadDirectory()=20so=20as=20to=20ignore=20fields=20?= - =?UTF-8?q?whose=20tag=20is=20a=20codec-specified=20tag=20but=20this=20cod?= - =?UTF-8?q?ec=20is=20not=20enabled.=20This=20avoids=20TIFFGetField()=20to?= - =?UTF-8?q?=20behave=20differently=20depending=20on=20whether=20the=20code?= - =?UTF-8?q?c=20is=20enabled=20or=20not,=20and=20thus=20can=20avoid=20stack?= - =?UTF-8?q?=20based=20buffer=20overflows=20in=20a=20number=20of=20TIFF=20u?= - =?UTF-8?q?tilities=20such=20as=20tiffsplit,=20tiffcmp,=20thumbnail,=20etc?= - =?UTF-8?q?.=20Patch=20derived=20from=200063-Handle-properly-CODEC-specifi?= - =?UTF-8?q?c-tags.patch=20(http://bugzilla.maptools.org/show=5Fbug.cgi=3Fi?= - =?UTF-8?q?d=3D2580)=20by=20Rapha=C3=ABl=20Hertzog.=20Fixes:=20http://bugz?= - =?UTF-8?q?illa.maptools.org/show=5Fbug.cgi=3Fid=3D2580=20http://bugzilla.?= - =?UTF-8?q?maptools.org/show=5Fbug.cgi=3Fid=3D2693=20http://bugzilla.mapto?= - =?UTF-8?q?ols.org/show=5Fbug.cgi=3Fid=3D2625=20(CVE-2016-10095)=20http://?= - =?UTF-8?q?bugzilla.maptools.org/show=5Fbug.cgi=3Fid=3D2564=20(CVE-2015-75?= - =?UTF-8?q?54)=20http://bugzilla.maptools.org/show=5Fbug.cgi=3Fid=3D2561?= - =?UTF-8?q?=20(CVE-2016-5318)=20http://bugzilla.maptools.org/show=5Fbug.cg?= - =?UTF-8?q?i=3Fid=3D2499=20(CVE-2014-8128)=20http://bugzilla.maptools.org/?= - =?UTF-8?q?show=5Fbug.cgi=3Fid=3D2441=20http://bugzilla.maptools.org/show?= - =?UTF-8?q?=5Fbug.cgi=3Fid=3D2433?= -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - ---- - libtiff/tif_dir.h | 1 + - libtiff/tif_dirinfo.c | 103 ++++++++++++++++++++++++++++++++++++++++++++++++++ - libtiff/tif_dirread.c | 4 ++ - 4 files changed, 128 insertions(+) - -diff --git a/libtiff/tif_dir.h b/libtiff/tif_dir.h -index e12b44b2..5206be49 100644 ---- a/libtiff/tif_dir.h -+++ b/libtiff/tif_dir.h -@@ -291,6 +291,7 @@ struct _TIFFField { - extern int _TIFFMergeFields(TIFF*, const TIFFField[], uint32); - extern const TIFFField* _TIFFFindOrRegisterField(TIFF *, uint32, TIFFDataType); - extern TIFFField* _TIFFCreateAnonField(TIFF *, uint32, TIFFDataType); -+extern int _TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag); - - #if defined(__cplusplus) - } -diff --git a/libtiff/tif_dirinfo.c b/libtiff/tif_dirinfo.c -index 0c8ef424..97c0df05 100644 ---- a/libtiff/tif_dirinfo.c -+++ b/libtiff/tif_dirinfo.c -@@ -956,6 +956,109 @@ TIFFMergeFieldInfo(TIFF* tif, const TIFFFieldInfo info[], uint32 n) - return 0; - } - -+int -+_TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag) -+{ -+ /* Filter out non-codec specific tags */ -+ switch (tag) { -+ /* Shared tags */ -+ case TIFFTAG_PREDICTOR: -+ /* JPEG tags */ -+ case TIFFTAG_JPEGTABLES: -+ /* OJPEG tags */ -+ case TIFFTAG_JPEGIFOFFSET: -+ case TIFFTAG_JPEGIFBYTECOUNT: -+ case TIFFTAG_JPEGQTABLES: -+ case TIFFTAG_JPEGDCTABLES: -+ case TIFFTAG_JPEGACTABLES: -+ case TIFFTAG_JPEGPROC: -+ case TIFFTAG_JPEGRESTARTINTERVAL: -+ /* CCITT* */ -+ case TIFFTAG_BADFAXLINES: -+ case TIFFTAG_CLEANFAXDATA: -+ case TIFFTAG_CONSECUTIVEBADFAXLINES: -+ case TIFFTAG_GROUP3OPTIONS: -+ case TIFFTAG_GROUP4OPTIONS: -+ break; -+ default: -+ return 1; -+ } -+ /* Check if codec specific tags are allowed for the current -+ * compression scheme (codec) */ -+ switch (tif->tif_dir.td_compression) { -+ case COMPRESSION_LZW: -+ if (tag == TIFFTAG_PREDICTOR) -+ return 1; -+ break; -+ case COMPRESSION_PACKBITS: -+ /* No codec-specific tags */ -+ break; -+ case COMPRESSION_THUNDERSCAN: -+ /* No codec-specific tags */ -+ break; -+ case COMPRESSION_NEXT: -+ /* No codec-specific tags */ -+ break; -+ case COMPRESSION_JPEG: -+ if (tag == TIFFTAG_JPEGTABLES) -+ return 1; -+ break; -+ case COMPRESSION_OJPEG: -+ switch (tag) { -+ case TIFFTAG_JPEGIFOFFSET: -+ case TIFFTAG_JPEGIFBYTECOUNT: -+ case TIFFTAG_JPEGQTABLES: -+ case TIFFTAG_JPEGDCTABLES: -+ case TIFFTAG_JPEGACTABLES: -+ case TIFFTAG_JPEGPROC: -+ case TIFFTAG_JPEGRESTARTINTERVAL: -+ return 1; -+ } -+ break; -+ case COMPRESSION_CCITTRLE: -+ case COMPRESSION_CCITTRLEW: -+ case COMPRESSION_CCITTFAX3: -+ case COMPRESSION_CCITTFAX4: -+ switch (tag) { -+ case TIFFTAG_BADFAXLINES: -+ case TIFFTAG_CLEANFAXDATA: -+ case TIFFTAG_CONSECUTIVEBADFAXLINES: -+ return 1; -+ case TIFFTAG_GROUP3OPTIONS: -+ if (tif->tif_dir.td_compression == COMPRESSION_CCITTFAX3) -+ return 1; -+ break; -+ case TIFFTAG_GROUP4OPTIONS: -+ if (tif->tif_dir.td_compression == COMPRESSION_CCITTFAX4) -+ return 1; -+ break; -+ } -+ break; -+ case COMPRESSION_JBIG: -+ /* No codec-specific tags */ -+ break; -+ case COMPRESSION_DEFLATE: -+ case COMPRESSION_ADOBE_DEFLATE: -+ if (tag == TIFFTAG_PREDICTOR) -+ return 1; -+ break; -+ case COMPRESSION_PIXARLOG: -+ if (tag == TIFFTAG_PREDICTOR) -+ return 1; -+ break; -+ case COMPRESSION_SGILOG: -+ case COMPRESSION_SGILOG24: -+ /* No codec-specific tags */ -+ break; -+ case COMPRESSION_LZMA: -+ if (tag == TIFFTAG_PREDICTOR) -+ return 1; -+ break; -+ -+ } -+ return 0; -+} -+ - /* vim: set ts=8 sts=8 sw=8 noet: */ - - /* -diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c -index 1d4f0b9a..f1dc3d79 100644 ---- a/libtiff/tif_dirread.c -+++ b/libtiff/tif_dirread.c -@@ -3580,6 +3580,10 @@ TIFFReadDirectory(TIFF* tif) - goto bad; - dp->tdir_tag=IGNORE; - break; -+ default: -+ if( !_TIFFCheckFieldIsValidForCodec(tif, dp->tdir_tag) ) -+ dp->tdir_tag=IGNORE; -+ break; - } - } - } Deleted: PKGBUILD =================================================================== --- PKGBUILD 2018-03-22 12:10:47 UTC (rev 310499) +++ PKGBUILD 2018-03-22 12:11:14 UTC (rev 310500) @@ -1,47 +0,0 @@ -# $Id$ -# Maintainer: Eric Belanger <e...@archlinux.org> -# Contributor: dorphell <dorph...@archlinux.org> - -_pkgbasename=libtiff -pkgname=lib32-$_pkgbasename -pkgver=4.0.8 -pkgrel=1 -pkgdesc="Library for manipulation of TIFF images (32-bit)" -arch=('x86_64') -url="http://www.simplesystems.org/libtiff/" -license=('custom') -depends=('lib32-gcc-libs' 'lib32-libjpeg' 'lib32-zlib' 'lib32-xz' $_pkgbasename) -makedepends=('gcc-multilib') -source=(http://download.osgeo.org/libtiff/tiff-${pkgver}.tar.gz CVE-2016-10095.patch) -sha512sums=('5d010ec4ce37aca733f7ab7db9f432987b0cd21664bd9d99452a146833c40f0d1e7309d1870b0395e947964134d5cfeb1366181e761fe353ad585803ff3d6be6' - 'a707225f3fdf400409ff1d26dae9301d4babf177001e018b676f2cdbd4b900d011c07dc39832cb7778ee2418d9d19fd48eb816fdce5c2dd30adb789eb729fd67') - -prepare() { - cd tiff-$pkgver - patch -p1 -i ../CVE-2016-10095.patch # Fix several security issues -} - -build() { - export CC="gcc -m32" - export CXX="g++ -m32" - export PKG_CONFIG_PATH="/usr/lib32/pkgconfig" - - cd "${srcdir}/tiff-${pkgver}" - - ./configure --prefix=/usr --sysconfdir=/etc --mandir=/usr/share/man --libdir=/usr/lib32 --includedir=/usr/include/libtiff32 - make -} - -check() { -cd "${srcdir}/tiff-${pkgver}" -make check -} - -package() { - cd "${srcdir}/tiff-${pkgver}" - make DESTDIR="${pkgdir}" install - - rm -rf "${pkgdir}"/usr/{share,bin} - mkdir -p "$pkgdir/usr/share/licenses" - ln -s $_pkgbasename "$pkgdir/usr/share/licenses/$pkgname" -} Copied: lib32-libtiff/repos/multilib-x86_64/PKGBUILD (from rev 310499, lib32-libtiff/trunk/PKGBUILD) =================================================================== --- PKGBUILD (rev 0) +++ PKGBUILD 2018-03-22 12:11:14 UTC (rev 310500) @@ -0,0 +1,41 @@ +# $Id$ +# Maintainer: Eric Belanger <e...@archlinux.org> +# Contributor: dorphell <dorph...@archlinux.org> + +_pkgbasename=libtiff +pkgname=lib32-$_pkgbasename +pkgver=4.0.9 +pkgrel=1 +pkgdesc="Library for manipulation of TIFF images (32-bit)" +arch=('x86_64') +url="http://www.simplesystems.org/libtiff/" +license=('custom') +depends=('lib32-gcc-libs' 'lib32-libjpeg' 'lib32-zlib' 'lib32-xz' $_pkgbasename) +makedepends=('gcc-multilib') +source=(http://download.osgeo.org/libtiff/tiff-${pkgver}.tar.gz) +sha512sums=('04f3d5eefccf9c1a0393659fe27f3dddd31108c401ba0dc587bca152a1c1f6bc844ba41622ff5572da8cc278593eff8c402b44e7af0a0090e91d326c2d79f6cd') + +build() { + export CC="gcc -m32" + export CXX="g++ -m32" + export PKG_CONFIG_PATH="/usr/lib32/pkgconfig" + + cd "${srcdir}/tiff-${pkgver}" + + ./configure --prefix=/usr --sysconfdir=/etc --mandir=/usr/share/man --libdir=/usr/lib32 --includedir=/usr/include/libtiff32 + make +} + +check() { +cd "${srcdir}/tiff-${pkgver}" +make check +} + +package() { + cd "${srcdir}/tiff-${pkgver}" + make DESTDIR="${pkgdir}" install + + rm -rf "${pkgdir}"/usr/{share,bin} + mkdir -p "$pkgdir/usr/share/licenses" + ln -s $_pkgbasename "$pkgdir/usr/share/licenses/$pkgname" +}