package/tiff: security bump to v4.7.1
For more details on the version bump, see: - https://gitlab.com/libtiff/libtiff/-/releases/v4.7.1 This bump includes the security fix for CVE-2025-8176, CVE-2025-8177 that were addressed in commit [1][2]. Also fixes the following vulnerabilities: - CVE-2024-13978 A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as problematic. Affected by this vulnerability is the function t2p_read_tiff_init of the file tools/tiff2pdf.c of the component fax2ps. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The patch is named 2ebfffb0e8836bfb1cd7d85c059cd285c59761a4. It is recommended to apply a patch to fix this issue. For more information, see: - https://nvd.nist.gov//vuln/detail/CVE-2024-13978 -2ebfffb0e8- CVE-2025-8961 A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. For more information, see: - https://nvd.nist.gov//vuln/detail/CVE-2025-8961 -0ac97aa7a5- CVE-2025-9165 A flaw has been found in LibTIFF 4.7.0. This affects the function _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ed141286a37f6e5ddafb5069347ff5d587e7a4e0. It is best practice to apply a patch to resolve this issue. For more information, see: - https://nvd.nist.gov//vuln/detail/CVE-2025-9165 -ed141286a3This commit also updates the LICENSE.md hash file, which was updated upstream to include a historical license. See:a0b623c780[1]b3974df966package/tiff: add patches to fix CVE-2025-8176 [2]3db725d71dpackage/tiff: add patch to fix CVE-2025-8177 Signed-off-by: Thomas Perale <thomas.perale@mind.be> [Julien: fix license hash] Signed-off-by: Julien Olivain <ju.o@free.fr> (cherry picked from commit9e67ae519f) Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
This commit is contained in:
Thomas Perale
committed by
Titouan Christophe
Titouan Christophe
parent
987f5bcedc
commit
10d381d410
@@ -1,61 +0,0 @@
|
||||
From 3994cf3b3bc6b54c32f240ca5a412cffa11633fa Mon Sep 17 00:00:00 2001
|
||||
From: Lee Howard <faxguy@howardsilvan.com>
|
||||
Date: Mon, 19 May 2025 10:53:30 -0700
|
||||
Subject: [PATCH] Don't skip the first line of the input image. Addresses
|
||||
issue #703
|
||||
|
||||
Upstream: https://gitlab.com/libtiff/libtiff/-/commit/3994cf3b3bc6b54c32f240ca5a412cffa11633fa
|
||||
CVE: CVE-2025-8176
|
||||
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
|
||||
---
|
||||
tools/tiffdither.c | 4 ++--
|
||||
tools/tiffmedian.c | 4 ++--
|
||||
2 files changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/tools/tiffdither.c b/tools/tiffdither.c
|
||||
index 714fe03d4..bfed6df18 100644
|
||||
--- a/tools/tiffdither.c
|
||||
+++ b/tools/tiffdither.c
|
||||
@@ -98,7 +98,7 @@ static int fsdither(TIFF *in, TIFF *out)
|
||||
nextptr = nextline;
|
||||
for (j = 0; j < imagewidth; ++j)
|
||||
*nextptr++ = *inptr++;
|
||||
- for (i = 1; i < imagelength; ++i)
|
||||
+ for (i = 0; i < imagelength; ++i)
|
||||
{
|
||||
tmpptr = thisline;
|
||||
thisline = nextline;
|
||||
@@ -146,7 +146,7 @@ static int fsdither(TIFF *in, TIFF *out)
|
||||
nextptr[0] += v / 16;
|
||||
}
|
||||
}
|
||||
- if (TIFFWriteScanline(out, outline, i - 1, 0) < 0)
|
||||
+ if (TIFFWriteScanline(out, outline, i, 0) < 0)
|
||||
goto skip_on_error;
|
||||
}
|
||||
goto exit_label;
|
||||
diff --git a/tools/tiffmedian.c b/tools/tiffmedian.c
|
||||
index 02b0bc2b4..f6cf26c2c 100644
|
||||
--- a/tools/tiffmedian.c
|
||||
+++ b/tools/tiffmedian.c
|
||||
@@ -917,7 +917,7 @@ static void quant_fsdither(TIFF *in, TIFF *out)
|
||||
outline = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
|
||||
|
||||
GetInputLine(in, 0, goto bad); /* get first line */
|
||||
- for (i = 1; i <= imagelength; ++i)
|
||||
+ for (i = 0; i <= imagelength; ++i)
|
||||
{
|
||||
SWAP(short *, thisline, nextline);
|
||||
lastline = (i >= imax);
|
||||
@@ -997,7 +997,7 @@ static void quant_fsdither(TIFF *in, TIFF *out)
|
||||
nextptr += 3;
|
||||
}
|
||||
}
|
||||
- if (TIFFWriteScanline(out, outline, i - 1, 0) < 0)
|
||||
+ if (TIFFWriteScanline(out, outline, i, 0) < 0)
|
||||
break;
|
||||
}
|
||||
bad:
|
||||
--
|
||||
GitLab
|
||||
|
||||
@@ -1,31 +0,0 @@
|
||||
From ce46f002eca4148497363f80fab33f9396bcbeda Mon Sep 17 00:00:00 2001
|
||||
From: Lee Howard <faxguy@howardsilvan.com>
|
||||
Date: Sat, 24 May 2025 21:25:16 -0700
|
||||
Subject: [PATCH] Fix tiffmedian bug #707
|
||||
|
||||
Upstream: https://gitlab.com/libtiff/libtiff/-/merge_requests/727/diffs?commit_id=ce46f002eca4148497363f80fab33f9396bcbeda
|
||||
CVE: CVE-2025-8176
|
||||
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
|
||||
---
|
||||
tools/tiffmedian.c | 5 ++++-
|
||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/tools/tiffmedian.c b/tools/tiffmedian.c
|
||||
index f6cf26c2c..8c9978bab 100644
|
||||
--- a/tools/tiffmedian.c
|
||||
+++ b/tools/tiffmedian.c
|
||||
@@ -414,7 +414,10 @@ static void get_histogram(TIFF *in, Colorbox *box)
|
||||
for (i = 0; i < imagelength; i++)
|
||||
{
|
||||
if (TIFFReadScanline(in, inputline, i, 0) <= 0)
|
||||
- break;
|
||||
+ {
|
||||
+ fprintf(stderr, "Error reading scanline\n");
|
||||
+ exit(EXIT_FAILURE);
|
||||
+ }
|
||||
inptr = inputline;
|
||||
for (j = imagewidth; j-- > 0;)
|
||||
{
|
||||
--
|
||||
GitLab
|
||||
|
||||
@@ -1,28 +0,0 @@
|
||||
From ecc4ddbf1f0fed7957d1e20361e37f01907898e0 Mon Sep 17 00:00:00 2001
|
||||
From: Lee Howard <faxguy@howardsilvan.com>
|
||||
Date: Sat, 24 May 2025 21:38:09 -0700
|
||||
Subject: [PATCH] conflict resolution
|
||||
|
||||
Upstream: https://gitlab.com/libtiff/libtiff/-/merge_requests/727/diffs?commit_id=ecc4ddbf1f0fed7957d1e20361e37f01907898e0
|
||||
CVE: CVE-2025-8176
|
||||
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
|
||||
---
|
||||
tools/tiffmedian.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/tools/tiffmedian.c b/tools/tiffmedian.c
|
||||
index 8c9978bab..47e0524bc 100644
|
||||
--- a/tools/tiffmedian.c
|
||||
+++ b/tools/tiffmedian.c
|
||||
@@ -920,7 +920,7 @@ static void quant_fsdither(TIFF *in, TIFF *out)
|
||||
outline = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
|
||||
|
||||
GetInputLine(in, 0, goto bad); /* get first line */
|
||||
- for (i = 0; i <= imagelength; ++i)
|
||||
+ for (i = 0; i < imagelength; ++i)
|
||||
{
|
||||
SWAP(short *, thisline, nextline);
|
||||
lastline = (i >= imax);
|
||||
--
|
||||
GitLab
|
||||
|
||||
@@ -1,35 +0,0 @@
|
||||
From e8de4dc1f923576dce9d625caeebd93f9db697e1 Mon Sep 17 00:00:00 2001
|
||||
From: Lee Howard <faxguy@howardsilvan.com>
|
||||
Date: Wed, 25 Jun 2025 17:14:18 +0000
|
||||
Subject: [PATCH] Fix for thumbnail issue #715
|
||||
|
||||
CVE: CVE-2025-8177
|
||||
Upstream: https://gitlab.com/libtiff/libtiff/-/commit/e8de4dc1f923576dce9d625caeebd93f9db697e1
|
||||
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
|
||||
---
|
||||
tools/thumbnail.c | 10 +++++++++-
|
||||
1 file changed, 9 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/tools/thumbnail.c b/tools/thumbnail.c
|
||||
index 9cade913..7e21f521 100644
|
||||
--- a/tools/thumbnail.c
|
||||
+++ b/tools/thumbnail.c
|
||||
@@ -620,7 +620,15 @@ static void setrow(uint8_t *row, uint32_t nrows, const uint8_t *rows[])
|
||||
}
|
||||
acc += bits[*src & mask1];
|
||||
}
|
||||
- *row++ = cmap[(255 * acc) / area];
|
||||
+ if (255 * acc / area < 256)
|
||||
+ {
|
||||
+ *row++ = cmap[(255 * acc) / area];
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ fprintf(stderr, "acc=%d, area=%d\n", acc, area);
|
||||
+ *row++ = cmap[0];
|
||||
+ }
|
||||
}
|
||||
}
|
||||
|
||||
--
|
||||
GitLab
|
||||
@@ -1,5 +1,5 @@
|
||||
# Locally computed after checking pgp signature
|
||||
# https://download.osgeo.org/libtiff/tiff-4.7.0.tar.xz.sig
|
||||
# https://download.osgeo.org/libtiff/tiff-4.7.1.tar.xz.sig
|
||||
# with key: B1FA7D81EEB8E66399178B9733EBBFC47B3DD87D
|
||||
sha256 273a0a73b1f0bed640afee4a5df0337357ced5b53d3d5d1c405b936501f71017 tiff-4.7.0.tar.xz
|
||||
sha256 0780558a8bfba0af1160ec1ff11ade4f41c0d7deafd6ecfc796b492a788e380d LICENSE.md
|
||||
sha256 b92017489bdc1db3a4c97191aa4b75366673cb746de0dce5d7a749d5954681ba tiff-4.7.1.tar.xz
|
||||
sha256 0e27c2382d7b8147972bbb746e04059a1152c8d0fda9d03ef1399d1a433c4ade LICENSE.md
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
#
|
||||
################################################################################
|
||||
|
||||
TIFF_VERSION = 4.7.0
|
||||
TIFF_VERSION = 4.7.1
|
||||
TIFF_SOURCE = tiff-$(TIFF_VERSION).tar.xz
|
||||
TIFF_SITE = https://download.osgeo.org/libtiff
|
||||
TIFF_LICENSE = tiff license
|
||||
@@ -13,12 +13,6 @@ TIFF_CPE_ID_VENDOR = libtiff
|
||||
TIFF_CPE_ID_PRODUCT = libtiff
|
||||
TIFF_INSTALL_STAGING = YES
|
||||
|
||||
# 0001-don-t-skip-the-first-line-of-the-input-image.patch, 0002-fix-tiffmedian-bug.patch, 0003-conflict-resolution.patch
|
||||
TIFF_IGNORE_CVES += CVE-2025-8176
|
||||
|
||||
# 0004-fix-for-thumbnail-issue.patch
|
||||
TIFF_IGNORE_CVES += CVE-2025-8177
|
||||
|
||||
# Fixed in 4.7.0
|
||||
TIFF_IGNORE_CVES += CVE-2025-8851
|
||||
|
||||
|
||||
Reference in New Issue
Block a user