From: Baruch Siach via buildroot <buildroot@buildroot.org>
To: Peter Korsgaard <peter@korsgaard.com>
Cc: buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH] package/tiff: security bump to version 4.5.1
Date: Mon, 26 Jun 2023 06:00:04 +0300 [thread overview]
Message-ID: <87jzvr3p01.fsf@tarshish> (raw)
In-Reply-To: <20230625203736.1722233-1-peter@korsgaard.com>
Hi Peter,
On Sun, Jun 25 2023, Peter Korsgaard wrote:
> Fixes the following security issues:
>
> - CVE-2023-1916: A flaw was found in tiffcrop, a program distributed by the
> libtiff package. A specially crafted tiff file can lead to an
> out-of-bounds read in the extractImageSection function in
> tools/tiffcrop.c, resulting in a denial of service and limited information
> disclosure. This issue affects libtiff versions 4.x.
>
> - CVE-2023-25434: libtiff 4.5.0 is vulnerable to Buffer Overflow via
> extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c:3215.
>
> - CVE-2023-26965: loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0
> has a heap-based use after free via a crafted TIFF image
>
> Drop the now upstream
> 0001-tiffcrop-Correct-simple-copy-paste-error-Fix-488.patch.
Should be removed from .checkpackageignore as well.
baruch
>
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
> ---
> ...rect-simple-copy-paste-error-Fix-488.patch | 28 -------------------
> package/tiff/tiff.hash | 2 +-
> package/tiff/tiff.mk | 5 +---
> 3 files changed, 2 insertions(+), 33 deletions(-)
> delete mode 100644 package/tiff/0001-tiffcrop-Correct-simple-copy-paste-error-Fix-488.patch
>
> diff --git a/package/tiff/0001-tiffcrop-Correct-simple-copy-paste-error-Fix-488.patch b/package/tiff/0001-tiffcrop-Correct-simple-copy-paste-error-Fix-488.patch
> deleted file mode 100644
> index 73c0d10ffc..0000000000
> --- a/package/tiff/0001-tiffcrop-Correct-simple-copy-paste-error-Fix-488.patch
> +++ /dev/null
> @@ -1,28 +0,0 @@
> -From 97d65859bc29ee334012e9c73022d8a8e55ed586 Mon Sep 17 00:00:00 2001
> -From: Su Laus <sulau@freenet.de>
> -Date: Sat, 21 Jan 2023 15:58:10 +0000
> -Subject: [PATCH] tiffcrop: Correct simple copy paste error. Fix #488.
> -
> -[Retrieved from:
> -https://gitlab.com/libtiff/libtiff/-/commit/97d65859bc29ee334012e9c73022d8a8e55ed586]
> -Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ----
> - tools/tiffcrop.c | 2 +-
> - 1 file changed, 1 insertion(+), 1 deletion(-)
> -
> -diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
> -index 14fa18da..7db69883 100644
> ---- a/tools/tiffcrop.c
> -+++ b/tools/tiffcrop.c
> -@@ -8591,7 +8591,7 @@ static int processCropSelections(struct image_data *image,
> - cropsize + NUM_BUFF_OVERSIZE_BYTES);
> - else
> - {
> -- prev_cropsize = seg_buffs[0].size;
> -+ prev_cropsize = seg_buffs[i].size;
> - if (prev_cropsize < cropsize)
> - {
> - next_buff = _TIFFrealloc(
> ---
> -GitLab
> -
> diff --git a/package/tiff/tiff.hash b/package/tiff/tiff.hash
> index 73732892a5..0fa503a02a 100644
> --- a/package/tiff/tiff.hash
> +++ b/package/tiff/tiff.hash
> @@ -1,3 +1,3 @@
> # Locally computed
> -sha256 c7a1d9296649233979fa3eacffef3fa024d73d05d589cb622727b5b08c423464 tiff-4.5.0.tar.gz
> +sha256 d7f38b6788e4a8f5da7940c5ac9424f494d8a79eba53d555f4a507167dca5e2b tiff-4.5.1.tar.gz
> sha256 0780558a8bfba0af1160ec1ff11ade4f41c0d7deafd6ecfc796b492a788e380d LICENSE.md
> diff --git a/package/tiff/tiff.mk b/package/tiff/tiff.mk
> index f9754a4b49..0006f461a0 100644
> --- a/package/tiff/tiff.mk
> +++ b/package/tiff/tiff.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -TIFF_VERSION = 4.5.0
> +TIFF_VERSION = 4.5.1
> TIFF_SITE = http://download.osgeo.org/libtiff
> TIFF_LICENSE = tiff license
> TIFF_LICENSE_FILES = LICENSE.md
> @@ -12,9 +12,6 @@ TIFF_CPE_ID_VENDOR = libtiff
> TIFF_CPE_ID_PRODUCT = libtiff
> TIFF_INSTALL_STAGING = YES
>
> -# 0001-tiffcrop-Correct-simple-copy-paste-error-Fix-488.patch
> -TIFF_IGNORE_CVES += CVE-2022-48281
> -
> # webp has a (optional) dependency on tiff, so we can't have webp
> # support in tiff, or that would create a circular dependency.
> TIFF_CONF_OPTS = \
--
~. .~ Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
- baruch@tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next prev parent reply other threads:[~2023-06-26 3:02 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-25 20:37 [Buildroot] [PATCH] package/tiff: security bump to version 4.5.1 Peter Korsgaard
2023-06-26 3:00 ` Baruch Siach via buildroot [this message]
2023-06-26 5:50 ` Peter Korsgaard
2023-06-26 7:04 ` Peter Korsgaard
2023-07-16 6:20 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87jzvr3p01.fsf@tarshish \
--to=buildroot@buildroot.org \
--cc=baruch@tkos.co.il \
--cc=peter@korsgaard.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.