rpms/libtiff
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to libtiff 4.0.1

Browse Source
This commit is contained in:
Tom Lane 2012-05-06 11:46:51 -04:00
parent 8e441a5926
commit 1295401c6e
5 changed files with 196 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1 +1,2 @@
/tiff-4.0.1.tar.gz
/tiff-3.9.5.tar.gz /tiff-3.9.5.tar.gz

71
libtiff-CVE-2012-1173-3.9.patch Normal file
View File

@ -0,0 +1,71 @@
This patch is submitted to upstream for CVE-2012-1173
diff -Naur tiff-3.9.5.orig/libtiff/tif_getimage.c tiff-3.9.5/libtiff/tif_getimage.c
--- tiff-3.9.5.orig/libtiff/tif_getimage.c 2010-07-08 12:17:59.000000000 -0400
+++ tiff-3.9.5/libtiff/tif_getimage.c 2012-03-14 14:49:25.796728783 -0400
@@ -673,18 +673,24 @@
unsigned char* p2;
unsigned char* pa;
tsize_t tilesize;
+ tsize_t bufsize;
int32 fromskew, toskew;
int alpha = img->alpha;
uint32 nrow;
int ret = 1, flip;
tilesize = TIFFTileSize(tif);
- buf = (unsigned char*) _TIFFmalloc((alpha?4:3)*tilesize);
+ bufsize = TIFFSafeMultiply(tsize_t,alpha?4:3,tilesize);
+ if (bufsize == 0) {
+ TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer overflow in %s", "gtTileSeparate");
+ return (0);
+ }
+ buf = (unsigned char*) _TIFFmalloc(bufsize);
if (buf == 0) {
TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "No space for tile buffer");
return (0);
}
- _TIFFmemset(buf, 0, (alpha?4:3)*tilesize);
+ _TIFFmemset(buf, 0, bufsize);
p0 = buf;
p1 = p0 + tilesize;
p2 = p1 + tilesize;
@@ -880,17 +886,23 @@
uint32 rowsperstrip, offset_row;
uint32 imagewidth = img->width;
tsize_t stripsize;
+ tsize_t bufsize;
int32 fromskew, toskew;
int alpha = img->alpha;
int ret = 1, flip;
stripsize = TIFFStripSize(tif);
- p0 = buf = (unsigned char *)_TIFFmalloc((alpha?4:3)*stripsize);
+ bufsize = TIFFSafeMultiply(tsize_t,alpha?4:3,stripsize);
+ if (bufsize == 0) {
+ TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer overflow in %s", "gtStripSeparate");
+ return (0);
+ }
+ p0 = buf = (unsigned char *)_TIFFmalloc(bufsize);
if (buf == 0) {
TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "No space for tile buffer");
return (0);
}
- _TIFFmemset(buf, 0, (alpha?4:3)*stripsize);
+ _TIFFmemset(buf, 0, bufsize);
p1 = p0 + stripsize;
p2 = p1 + stripsize;
pa = (alpha?(p2+stripsize):NULL);
diff -Naur tiff-3.9.5.orig/libtiff/tiffiop.h tiff-3.9.5/libtiff/tiffiop.h
--- tiff-3.9.5.orig/libtiff/tiffiop.h 2011-03-28 09:43:43.000000000 -0400
+++ tiff-3.9.5/libtiff/tiffiop.h 2012-03-14 14:49:25.797728754 -0400
@@ -246,7 +246,7 @@
#define TIFFroundup(x, y) (TIFFhowmany(x,y)*(y))
/* Safe multiply which returns zero if there is an integer overflow */
-#define TIFFSafeMultiply(t,v,m) ((((t)m != (t)0) && (((t)((v*m)/m)) == (t)v)) ? (t)(v*m) : (t)0)
+#define TIFFSafeMultiply(t,v,m) ((((t)(m) != (t)0) && (((t)(((v)*(m))/(m))) == (t)(v))) ? (t)((v)*(m)) : (t)0)
#define TIFFmax(A,B) ((A)>(B)?(A):(B))
#define TIFFmin(A,B) ((A)<(B)?(A):(B))

62
libtiff-CVE-2012-1173.patch
View File

@ -1,29 +1,45 @@
This patch is submitted to upstream for CVE-2012-1173 diff -Naur tiff-4.0.1.orig/ChangeLog tiff-4.0.1/ChangeLog
--- tiff-4.0.1.orig/ChangeLog 2012-02-18 17:02:33.000000000 -0500
+++ tiff-4.0.1/ChangeLog 2012-05-04 23:33:20.665334408 -0400
@@ -1,3 +1,8 @@
+2012-03-30 Frank Warmerdam <warmerdam@google.com>
+
+ * tif_getimage.c: Fix size overflow (zdi-can-1221,CVE-2012-1173)
+ care of Tom Lane @ Red Hat.
+
2012-02-18 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>
* libtiff 4.0.1 released.
diff -Naur tiff-4.0.1.orig/libtiff/tif_getimage.c tiff-4.0.1/libtiff/tif_getimage.c
--- tiff-4.0.1.orig/libtiff/tif_getimage.c 2011-02-24 22:34:02.000000000 -0500
+++ tiff-4.0.1/libtiff/tif_getimage.c 2012-05-04 23:33:20.666334244 -0400
@@ -1,4 +1,4 @@
-/* $Id: tif_getimage.c,v 1.78 2011-02-23 21:46:09 fwarmerdam Exp $ */
+/* $Id: tif_getimage.c,v 1.79 2012-04-06 16:46:46 fwarmerdam Exp $ */
diff -Naur tiff-3.9.5.orig/libtiff/tif_getimage.c tiff-3.9.5/libtiff/tif_getimage.c /*
--- tiff-3.9.5.orig/libtiff/tif_getimage.c 2010-07-08 12:17:59.000000000 -0400 * Copyright (c) 1991-1997 Sam Leffler
+++ tiff-3.9.5/libtiff/tif_getimage.c 2012-03-14 14:49:25.796728783 -0400 @@ -692,6 +692,7 @@
@@ -673,18 +673,24 @@
unsigned char* p2; unsigned char* p2;
unsigned char* pa; unsigned char* pa;
tsize_t tilesize; tmsize_t tilesize;
+ tsize_t bufsize; + tmsize_t bufsize;
int32 fromskew, toskew; int32 fromskew, toskew;
int alpha = img->alpha; int alpha = img->alpha;
uint32 nrow; uint32 nrow;
int ret = 1, flip; @@ -699,12 +700,17 @@
int colorchannels;
tilesize = TIFFTileSize(tif); tilesize = TIFFTileSize(tif);
- buf = (unsigned char*) _TIFFmalloc((alpha?4:3)*tilesize); - buf = (unsigned char*) _TIFFmalloc((alpha?4:3)*tilesize);
+ bufsize = TIFFSafeMultiply(tsize_t,alpha?4:3,tilesize); + bufsize = TIFFSafeMultiply(tmsize_t,alpha?4:3,tilesize);
+ if (bufsize == 0) { + if (bufsize == 0) {
+ TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer overflow in %s", "gtTileSeparate"); + TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer overflow in %s", "gtTileSeparate");
+ return (0); + return (0);
+ } + }
+ buf = (unsigned char*) _TIFFmalloc(bufsize); + buf = (unsigned char*) _TIFFmalloc(bufsize);
if (buf == 0) { if (buf == 0) {
TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "No space for tile buffer"); TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "%s", "No space for tile buffer");
return (0); return (0);
} }
- _TIFFmemset(buf, 0, (alpha?4:3)*tilesize); - _TIFFmemset(buf, 0, (alpha?4:3)*tilesize);
@ -31,18 +47,18 @@ diff -Naur tiff-3.9.5.orig/libtiff/tif_getimage.c tiff-3.9.5/libtiff/tif_getimag
p0 = buf; p0 = buf;
p1 = p0 + tilesize; p1 = p0 + tilesize;
p2 = p1 + tilesize; p2 = p1 + tilesize;
@@ -880,17 +886,23 @@ @@ -917,17 +923,23 @@
uint32 rowsperstrip, offset_row; uint32 rowsperstrip, offset_row;
uint32 imagewidth = img->width; uint32 imagewidth = img->width;
tsize_t stripsize; tmsize_t stripsize;
+ tsize_t bufsize; + tmsize_t bufsize;
int32 fromskew, toskew; int32 fromskew, toskew;
int alpha = img->alpha; int alpha = img->alpha;
int ret = 1, flip; int ret = 1, flip, colorchannels;
stripsize = TIFFStripSize(tif); stripsize = TIFFStripSize(tif);
- p0 = buf = (unsigned char *)_TIFFmalloc((alpha?4:3)*stripsize); - p0 = buf = (unsigned char *)_TIFFmalloc((alpha?4:3)*stripsize);
+ bufsize = TIFFSafeMultiply(tsize_t,alpha?4:3,stripsize); + bufsize = TIFFSafeMultiply(tmsize_t,alpha?4:3,stripsize);
+ if (bufsize == 0) { + if (bufsize == 0) {
+ TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer overflow in %s", "gtStripSeparate"); + TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer overflow in %s", "gtStripSeparate");
+ return (0); + return (0);
@ -57,11 +73,17 @@ diff -Naur tiff-3.9.5.orig/libtiff/tif_getimage.c tiff-3.9.5/libtiff/tif_getimag
p1 = p0 + stripsize; p1 = p0 + stripsize;
p2 = p1 + stripsize; p2 = p1 + stripsize;
pa = (alpha?(p2+stripsize):NULL); pa = (alpha?(p2+stripsize):NULL);
diff -Naur tiff-3.9.5.orig/libtiff/tiffiop.h tiff-3.9.5/libtiff/tiffiop.h diff -Naur tiff-4.0.1.orig/libtiff/tiffiop.h tiff-4.0.1/libtiff/tiffiop.h
--- tiff-3.9.5.orig/libtiff/tiffiop.h 2011-03-28 09:43:43.000000000 -0400 --- tiff-4.0.1.orig/libtiff/tiffiop.h 2011-02-19 11:26:09.000000000 -0500
+++ tiff-3.9.5/libtiff/tiffiop.h 2012-03-14 14:49:25.797728754 -0400 +++ tiff-4.0.1/libtiff/tiffiop.h 2012-05-04 23:33:20.667334085 -0400
@@ -246,7 +246,7 @@ @@ -1,4 +1,4 @@
#define TIFFroundup(x, y) (TIFFhowmany(x,y)*(y)) -/* $Id: tiffiop.h,v 1.82 2011-02-18 20:53:05 fwarmerdam Exp $ */
+/* $Id: tiffiop.h,v 1.83 2012-04-06 16:46:47 fwarmerdam Exp $ */
/*
* Copyright (c) 1988-1997 Sam Leffler
@@ -250,7 +250,7 @@
#define TIFFroundup_64(x, y) (TIFFhowmany_64(x,y)*(y))
/* Safe multiply which returns zero if there is an integer overflow */ /* Safe multiply which returns zero if there is an integer overflow */
-#define TIFFSafeMultiply(t,v,m) ((((t)m != (t)0) && (((t)((v*m)/m)) == (t)v)) ? (t)(v*m) : (t)0) -#define TIFFSafeMultiply(t,v,m) ((((t)m != (t)0) && (((t)((v*m)/m)) == (t)v)) ? (t)(v*m) : (t)0)

89
libtiff.spec
View File

@ -1,21 +1,30 @@
Summary: Library of functions for manipulating TIFF format image files Summary: Library of functions for manipulating TIFF format image files
Name: libtiff Name: libtiff
Version: 3.9.5 Version: 4.0.1
Release: 3%{?dist} Release: 1%{?dist}
License: libtiff License: libtiff
Group: System Environment/Libraries Group: System Environment/Libraries
URL: http://www.remotesensing.org/libtiff/ URL: http://www.remotesensing.org/libtiff/
Source: ftp://ftp.remotesensing.org/pub/libtiff/tiff-%{version}.tar.gz # This SRPM includes a copy of libtiff 3.9.x, which is provided as a stopgap
# measure to satisfy dependencies on libtiff.so.3 until all applications can
# be recompiled. The compatibility library is placed in a separate
# sub-RPM, libtiff-compat. There is no support for recompiling source code
# against the old version.
%global prevversion 3.9.5
Source0: ftp://ftp.remotesensing.org/pub/libtiff/tiff-%{version}.tar.gz
Source1: ftp://ftp.remotesensing.org/pub/libtiff/tiff-%{prevversion}.tar.gz
Patch1: libtiff-CVE-2012-1173.patch Patch1: libtiff-CVE-2012-1173.patch
# same patch for prevversion:
Patch2: libtiff-CVE-2012-1173-3.9.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: zlib-devel libjpeg-devel BuildRequires: zlib-devel libjpeg-devel
BuildRequires: libtool automake autoconf BuildRequires: libtool automake autoconf pkgconfig
%global LIBVER %(echo %{version} | cut -f 1-2 -d .)
%description %description
The libtiff package contains a library of functions for manipulating The libtiff package contains a library of functions for manipulating
@ -29,7 +38,8 @@ format image files.
%package devel %package devel
Summary: Development tools for programs which will use the libtiff library Summary: Development tools for programs which will use the libtiff library
Group: Development/Libraries Group: Development/Libraries
Requires: %{name} = %{version}-%{release} Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: pkgconfig
%description devel %description devel
This package contains the header files and documentation necessary for This package contains the header files and documentation necessary for
@ -43,7 +53,7 @@ install the libtiff package.
%package static %package static
Summary: Static TIFF image format file library Summary: Static TIFF image format file library
Group: Development/Libraries Group: Development/Libraries
Requires: %{name}-devel = %{version}-%{release} Requires: %{name}-devel%{?_isa} = %{version}-%{release}
%description static %description static
The libtiff-static package contains the statically linkable version of libtiff. The libtiff-static package contains the statically linkable version of libtiff.
@ -53,12 +63,19 @@ necessary for some boot packages.
%package tools %package tools
Summary: Command-line utility programs for manipulating TIFF files Summary: Command-line utility programs for manipulating TIFF files
Group: Development/Libraries Group: Development/Libraries
Requires: %{name} = %{version}-%{release} Requires: %{name}%{?_isa} = %{version}-%{release}
%description tools %description tools
This package contains command-line programs for manipulating TIFF format This package contains command-line programs for manipulating TIFF format
image files using the libtiff library. image files using the libtiff library.
%package compat
Summary: Temporary backwards-compatibility copy of old libtiff
Group: Development/Libraries
%description compat
This package contains shared libraries (only) for libtiff 3.9.x.
%prep %prep
%setup -q -n tiff-%{version} %setup -q -n tiff-%{version}
@ -73,16 +90,48 @@ automake --add-missing --copy
autoconf autoconf
autoheader autoheader
# And the same for the compatibility package ...
tar xfz %{SOURCE1}
pushd tiff-%{prevversion}
%patch2 -p1
# Use build system's libtool.m4, not the one in the package.
rm -f libtool.m4
libtoolize --force --copy
aclocal -I . -I m4
automake --add-missing --copy
autoconf
autoheader
popd
%build %build
export CFLAGS="%{optflags} -fno-strict-aliasing" export CFLAGS="%{optflags} -fno-strict-aliasing"
%configure %configure --enable-ld-version-script
make %{?_smp_mflags} make %{?_smp_mflags}
LD_LIBRARY_PATH=$PWD:$LD_LIBRARY_PATH make check LD_LIBRARY_PATH=$PWD:$LD_LIBRARY_PATH make check
# And the same for the compatibility package ...
pushd tiff-%{prevversion}
%configure
make %{?_smp_mflags}
popd
%install %install
rm -rf $RPM_BUILD_ROOT rm -rf $RPM_BUILD_ROOT
# install compat package first, then remove unwanted files
pushd tiff-%{prevversion}
make DESTDIR=$RPM_BUILD_ROOT install
rm -rf $RPM_BUILD_ROOT%{_bindir}
rm -rf $RPM_BUILD_ROOT%{_includedir}
rm -rf $RPM_BUILD_ROOT%{_mandir}
rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/
rm -f $RPM_BUILD_ROOT%{_libdir}/pkgconfig/libtiff*.pc
rm -f $RPM_BUILD_ROOT%{_libdir}/libtiff*.so
rm -f $RPM_BUILD_ROOT%{_libdir}/libtiff*.a
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
popd
make DESTDIR=$RPM_BUILD_ROOT install make DESTDIR=$RPM_BUILD_ROOT install
# remove what we didn't want installed # remove what we didn't want installed
@ -150,11 +199,14 @@ rm -rf $RPM_BUILD_ROOT
%postun -p /sbin/ldconfig %postun -p /sbin/ldconfig
%post compat -p /sbin/ldconfig
%postun compat -p /sbin/ldconfig
%files %files
%defattr(-,root,root,0755) %defattr(-,root,root,0755)
%doc COPYRIGHT README RELEASE-DATE VERSION %doc COPYRIGHT README RELEASE-DATE VERSION
%{_libdir}/libtiff.so.* %{_libdir}/libtiff.so.5*
%{_libdir}/libtiffxx.so.* %{_libdir}/libtiffxx.so.5*
%files devel %files devel
%defattr(-,root,root,0755) %defattr(-,root,root,0755)
@ -162,6 +214,7 @@ rm -rf $RPM_BUILD_ROOT
%{_includedir}/* %{_includedir}/*
%{_libdir}/libtiff.so %{_libdir}/libtiff.so
%{_libdir}/libtiffxx.so %{_libdir}/libtiffxx.so
%{_libdir}/pkgconfig/libtiff*.pc
%{_mandir}/man3/* %{_mandir}/man3/*
%files static %files static
@ -173,7 +226,19 @@ rm -rf $RPM_BUILD_ROOT
%{_bindir}/* %{_bindir}/*
%{_mandir}/man1/* %{_mandir}/man1/*
%files compat
%defattr(-,root,root)
%{_libdir}/libtiff.so.3*
%{_libdir}/libtiffxx.so.3*
%changelog %changelog
* Sun May 6 2012 Tom Lane <tgl@redhat.com> 4.0.1-1
- Update to libtiff 4.0.1, adds BigTIFF support and other features;
library soname is bumped from libtiff.so.3 to libtiff.so.5
Resolves: #782383
- Temporarily package 3.9.5 shared library (only) in libtiff-compat subpackage
so that dependent packages won't be broken while rebuilding proceeds
* Thu Apr 5 2012 Tom Lane <tgl@redhat.com> 3.9.5-3 * Thu Apr 5 2012 Tom Lane <tgl@redhat.com> 3.9.5-3
- Add fix for CVE-2012-1173 - Add fix for CVE-2012-1173
Resolves: #CVE-2012-1173 Resolves: #CVE-2012-1173

1
sources
View File

@ -1 +1,2 @@
fae149cc9da35c598d8be897826dfc63 tiff-4.0.1.tar.gz
8fc7ce3b4e1d0cc8a319336967815084 tiff-3.9.5.tar.gz 8fc7ce3b4e1d0cc8a319336967815084 tiff-3.9.5.tar.gz