From debbugs-submit-bounces@debbugs.gnu.org Wed Jun 14 23:46:27 2017 Received: (at submit) by debbugs.gnu.org; 15 Jun 2017 03:46:27 +0000 Received: from localhost ([127.0.0.1]:48396 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dLLjh-0003Gh-C9 for submit@debbugs.gnu.org; Wed, 14 Jun 2017 23:46:27 -0400 Received: from eggs.gnu.org ([208.118.235.92]:58430) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dLLjc-0003GQ-TT for submit@debbugs.gnu.org; Wed, 14 Jun 2017 23:46:19 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dLLjW-0007Kk-06 for submit@debbugs.gnu.org; Wed, 14 Jun 2017 23:46:11 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:47365) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dLLjV-0007KW-SV for submit@debbugs.gnu.org; Wed, 14 Jun 2017 23:46:09 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49396) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dLLjT-0003lq-MN for guix-patches@gnu.org; Wed, 14 Jun 2017 23:46:09 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dLLjQ-0007IS-C8 for guix-patches@gnu.org; Wed, 14 Jun 2017 23:46:07 -0400 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:33995) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dLLjP-0007Hx-Pl for guix-patches@gnu.org; Wed, 14 Jun 2017 23:46:04 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id D10C7207B7; Wed, 14 Jun 2017 23:46:02 -0400 (EDT) Received: from frontend2 ([10.202.2.161]) by compute4.internal (MEProxy); Wed, 14 Jun 2017 23:46:02 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=content-transfer-encoding:content-type:date:from:message-id :mime-version:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=iJTasGRQA6hxSH3Yuf+7NwEZ9g8bitf+q/lAut DhIVE=; b=Y+HgubqkhtWZeSarFdUCjUL2M/EnxxxGR6FliMY2Dp/JrLnM97tNC3 TW9n8m7H39xjl5vCvukGBuRks8xum6VIV7k2apuxmsX5xpDXZyc03RVOxEh0Tc2W TTvdyUe16IOIprO/zSoAZ9zS5T5IVfQfg8K2lxeoxnUxYtqR0UOvc= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:message-id:mime-version:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=iJTasGRQA6hxSH3Yuf +7NwEZ9g8bitf+q/lAutDhIVE=; b=MH2pt62zRSw4qcPNgBNAQR5vW+nEyjcOPk wU9PzeGcWGcopCbdRkXE7jfkejL1l5iFGsejtBU75gWcvvUMJXTmj4PozMSNr7Rr D8asqp5kpwzn5ocfQAgj+T2hy+UiBrlRm9Nw9eaxxblcCmvRRVz+6yF+IV+Nx1x9 tUSzsMh60iPaRm3Jom9OI0aFVE78Yqp1UYzQ3QTAgpUhxuftn8AfQaPnWnI2+BF0 1kQvoRzEYvYugMsEBVH12IdSFOw9b3S2yVAWyy/qRSCbKqUbU3caf/L7OontVFrc wQyeDrQuKaC4tX/f8TZi/YOBAYnNqBTllvMSkUNeoUpkF1uZoUxw== X-ME-Sender: X-Sasl-enc: gsQV8K5sk69WSIEpxMhaDjYxazs0Xs0l6L7vS8550/jj 1497498362 Received: from jasmine.lan (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70]) by mail.messagingengine.com (Postfix) with ESMTPA id 84C39249CD for ; Wed, 14 Jun 2017 23:46:02 -0400 (EDT) From: Leo Famulari To: guix-patches@gnu.org Subject: [PATCH] gnu: libtiff: Fix several bugs related to improper codec usage [security fixes]. Date: Wed, 14 Jun 2017 23:45:57 -0400 Message-Id: X-Mailer: git-send-email 2.13.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.1 (----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.1 (----) Fixes CVE-2014-8128, CVE-2015-7554, CVE-2016-5318, CVE-2016-10095, and the other bugs listed in 'libtiff-tiffgetfield-bugs.patch'. * gnu/packages/patches/libtiff-tiffgetfield-bugs.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/image.scm (libtiff-4.0.8)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/image.scm | 1 + .../patches/libtiff-tiffgetfield-bugs.patch | 201 +++++++++++++++++++++ 3 files changed, 203 insertions(+) create mode 100644 gnu/packages/patches/libtiff-tiffgetfield-bugs.patch diff --git a/gnu/local.mk b/gnu/local.mk index 8fcd2cab2..974b6536f 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -769,6 +769,7 @@ dist_patch_DATA = \ %D%/packages/patches/libtiff-invalid-read.patch \ %D%/packages/patches/libtiff-null-dereference.patch \ %D%/packages/patches/libtiff-tiffcp-underflow.patch \ + %D%/packages/patches/libtiff-tiffgetfield-bugs.patch \ %D%/packages/patches/libtirpc-CVE-2017-8779.patch \ %D%/packages/patches/libtorrent-rasterbar-boost-compat.patch \ %D%/packages/patches/libtool-skip-tests2.patch \ diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index abac17d6d..b94c006b1 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -393,6 +393,7 @@ collection of tools for doing simple manipulations of TIFF images.") (method url-fetch) (uri (string-append "ftp://download.osgeo.org/libtiff/tiff-" version ".tar.gz")) + (patches (search-patches "libtiff-tiffgetfield-bugs.patch")) (sha256 (base32 "0419mh6kkhz5fkyl77gv0in8x4d2jpdpfs147y8mj86rrjlabmsr")))))) diff --git a/gnu/packages/patches/libtiff-tiffgetfield-bugs.patch b/gnu/packages/patches/libtiff-tiffgetfield-bugs.patch new file mode 100644 index 000000000..84566ca23 --- /dev/null +++ b/gnu/packages/patches/libtiff-tiffgetfield-bugs.patch @@ -0,0 +1,201 @@ +Fix several bugs in libtiff related to use of TIFFGetField(): + +http://bugzilla.maptools.org/show_bug.cgi?id=2580 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8128 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7554 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5318 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10095 + +Patch copied from upstream CVS. 3rd-party Git reference: +https://github.com/vadz/libtiff/commit/4d4fa0b68ae9ae038959ee4f69ebe288ec892f06 + +2017-06-01 Even Rouault + +* libtiff/tif_dirinfo.c, tif_dirread.c: add _TIFFCheckFieldIsValidForCodec(), +and use it in TIFFReadDirectory() so as to ignore fields whose tag is a +codec-specified tag but this codec is not enabled. This avoids TIFFGetField() +to behave differently depending on whether the codec is enabled or not, and +thus can avoid stack based buffer overflows in a number of TIFF utilities +such as tiffsplit, tiffcmp, thumbnail, etc. +Patch derived from 0063-Handle-properly-CODEC-specific-tags.patch +(http://bugzilla.maptools.org/show_bug.cgi?id=2580) by Raphaƫl Hertzog. +Fixes: +http://bugzilla.maptools.org/show_bug.cgi?id=2580 +http://bugzilla.maptools.org/show_bug.cgi?id=2693 +http://bugzilla.maptools.org/show_bug.cgi?id=2625 (CVE-2016-10095) +http://bugzilla.maptools.org/show_bug.cgi?id=2564 (CVE-2015-7554) +http://bugzilla.maptools.org/show_bug.cgi?id=2561 (CVE-2016-5318) +http://bugzilla.maptools.org/show_bug.cgi?id=2499 (CVE-2014-8128) +http://bugzilla.maptools.org/show_bug.cgi?id=2441 +http://bugzilla.maptools.org/show_bug.cgi?id=2433 +Index: libtiff/libtiff/tif_dirread.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v +retrieving revision 1.208 +retrieving revision 1.209 +diff -u -r1.208 -r1.209 +--- libtiff/libtiff/tif_dirread.c 27 Apr 2017 15:46:22 -0000 1.208 ++++ libtiff/libtiff/tif_dirread.c 1 Jun 2017 12:44:04 -0000 1.209 +@@ -1,4 +1,4 @@ +-/* $Id: tif_dirread.c,v 1.208 2017-04-27 15:46:22 erouault Exp $ */ ++/* $Id: tif_dirread.c,v 1.209 2017-06-01 12:44:04 erouault Exp $ */ + + /* + * Copyright (c) 1988-1997 Sam Leffler +@@ -3580,6 +3580,10 @@ + goto bad; + dp->tdir_tag=IGNORE; + break; ++ default: ++ if( !_TIFFCheckFieldIsValidForCodec(tif, dp->tdir_tag) ) ++ dp->tdir_tag=IGNORE; ++ break; + } + } + } +Index: libtiff/libtiff/tif_dirinfo.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirinfo.c,v +retrieving revision 1.126 +retrieving revision 1.127 +diff -u -r1.126 -r1.127 +--- libtiff/libtiff/tif_dirinfo.c 18 Nov 2016 02:52:13 -0000 1.126 ++++ libtiff/libtiff/tif_dirinfo.c 1 Jun 2017 12:44:04 -0000 1.127 +@@ -1,4 +1,4 @@ +-/* $Id: tif_dirinfo.c,v 1.126 2016-11-18 02:52:13 bfriesen Exp $ */ ++/* $Id: tif_dirinfo.c,v 1.127 2017-06-01 12:44:04 erouault Exp $ */ + + /* + * Copyright (c) 1988-1997 Sam Leffler +@@ -956,6 +956,109 @@ + return 0; + } + ++int ++_TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag) ++{ ++ /* Filter out non-codec specific tags */ ++ switch (tag) { ++ /* Shared tags */ ++ case TIFFTAG_PREDICTOR: ++ /* JPEG tags */ ++ case TIFFTAG_JPEGTABLES: ++ /* OJPEG tags */ ++ case TIFFTAG_JPEGIFOFFSET: ++ case TIFFTAG_JPEGIFBYTECOUNT: ++ case TIFFTAG_JPEGQTABLES: ++ case TIFFTAG_JPEGDCTABLES: ++ case TIFFTAG_JPEGACTABLES: ++ case TIFFTAG_JPEGPROC: ++ case TIFFTAG_JPEGRESTARTINTERVAL: ++ /* CCITT* */ ++ case TIFFTAG_BADFAXLINES: ++ case TIFFTAG_CLEANFAXDATA: ++ case TIFFTAG_CONSECUTIVEBADFAXLINES: ++ case TIFFTAG_GROUP3OPTIONS: ++ case TIFFTAG_GROUP4OPTIONS: ++ break; ++ default: ++ return 1; ++ } ++ /* Check if codec specific tags are allowed for the current ++ * compression scheme (codec) */ ++ switch (tif->tif_dir.td_compression) { ++ case COMPRESSION_LZW: ++ if (tag == TIFFTAG_PREDICTOR) ++ return 1; ++ break; ++ case COMPRESSION_PACKBITS: ++ /* No codec-specific tags */ ++ break; ++ case COMPRESSION_THUNDERSCAN: ++ /* No codec-specific tags */ ++ break; ++ case COMPRESSION_NEXT: ++ /* No codec-specific tags */ ++ break; ++ case COMPRESSION_JPEG: ++ if (tag == TIFFTAG_JPEGTABLES) ++ return 1; ++ break; ++ case COMPRESSION_OJPEG: ++ switch (tag) { ++ case TIFFTAG_JPEGIFOFFSET: ++ case TIFFTAG_JPEGIFBYTECOUNT: ++ case TIFFTAG_JPEGQTABLES: ++ case TIFFTAG_JPEGDCTABLES: ++ case TIFFTAG_JPEGACTABLES: ++ case TIFFTAG_JPEGPROC: ++ case TIFFTAG_JPEGRESTARTINTERVAL: ++ return 1; ++ } ++ break; ++ case COMPRESSION_CCITTRLE: ++ case COMPRESSION_CCITTRLEW: ++ case COMPRESSION_CCITTFAX3: ++ case COMPRESSION_CCITTFAX4: ++ switch (tag) { ++ case TIFFTAG_BADFAXLINES: ++ case TIFFTAG_CLEANFAXDATA: ++ case TIFFTAG_CONSECUTIVEBADFAXLINES: ++ return 1; ++ case TIFFTAG_GROUP3OPTIONS: ++ if (tif->tif_dir.td_compression == COMPRESSION_CCITTFAX3) ++ return 1; ++ break; ++ case TIFFTAG_GROUP4OPTIONS: ++ if (tif->tif_dir.td_compression == COMPRESSION_CCITTFAX4) ++ return 1; ++ break; ++ } ++ break; ++ case COMPRESSION_JBIG: ++ /* No codec-specific tags */ ++ break; ++ case COMPRESSION_DEFLATE: ++ case COMPRESSION_ADOBE_DEFLATE: ++ if (tag == TIFFTAG_PREDICTOR) ++ return 1; ++ break; ++ case COMPRESSION_PIXARLOG: ++ if (tag == TIFFTAG_PREDICTOR) ++ return 1; ++ break; ++ case COMPRESSION_SGILOG: ++ case COMPRESSION_SGILOG24: ++ /* No codec-specific tags */ ++ break; ++ case COMPRESSION_LZMA: ++ if (tag == TIFFTAG_PREDICTOR) ++ return 1; ++ break; ++ ++ } ++ return 0; ++} ++ + /* vim: set ts=8 sts=8 sw=8 noet: */ + + /* +Index: libtiff/libtiff/tif_dir.h +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.h,v +retrieving revision 1.54 +retrieving revision 1.55 +diff -u -r1.54 -r1.55 +--- libtiff/libtiff/tif_dir.h 18 Feb 2011 20:53:05 -0000 1.54 ++++ libtiff/libtiff/tif_dir.h 1 Jun 2017 12:44:04 -0000 1.55 +@@ -1,4 +1,4 @@ +-/* $Id: tif_dir.h,v 1.54 2011-02-18 20:53:05 fwarmerdam Exp $ */ ++/* $Id: tif_dir.h,v 1.55 2017-06-01 12:44:04 erouault Exp $ */ + + /* + * Copyright (c) 1988-1997 Sam Leffler +@@ -291,6 +291,7 @@ + extern int _TIFFMergeFields(TIFF*, const TIFFField[], uint32); + extern const TIFFField* _TIFFFindOrRegisterField(TIFF *, uint32, TIFFDataType); + extern TIFFField* _TIFFCreateAnonField(TIFF *, uint32, TIFFDataType); ++extern int _TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag); + + #if defined(__cplusplus) + } -- 2.13.1 From debbugs-submit-bounces@debbugs.gnu.org Thu Jun 15 04:13:59 2017 Received: (at 27370) by debbugs.gnu.org; 15 Jun 2017 08:13:59 +0000 Received: from localhost ([127.0.0.1]:48494 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dLPug-00038k-T3 for submit@debbugs.gnu.org; Thu, 15 Jun 2017 04:13:59 -0400 Received: from eggs.gnu.org ([208.118.235.92]:43022) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dLPud-00038X-OY for 27370@debbugs.gnu.org; Thu, 15 Jun 2017 04:13:58 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dLPuU-0000jI-I5 for 27370@debbugs.gnu.org; Thu, 15 Jun 2017 04:13:50 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:46832) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dLPuU-0000j7-Ej; Thu, 15 Jun 2017 04:13:46 -0400 Received: from [193.50.110.101] (port=45398 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1dLPuT-0007Ju-I9; Thu, 15 Jun 2017 04:13:45 -0400 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: Leo Famulari Subject: Re: [bug#27370] [PATCH] gnu: libtiff: Fix several bugs related to improper codec usage [security fixes]. References: X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 27 Prairial an 225 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-unknown-linux-gnu Date: Thu, 15 Jun 2017 10:13:43 +0200 In-Reply-To: (Leo Famulari's message of "Wed, 14 Jun 2017 23:45:57 -0400") Message-ID: <87eful4qiw.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 27370 Cc: 27370@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Leo Famulari skribis: > Fixes CVE-2014-8128, CVE-2015-7554, CVE-2016-5318, CVE-2016-10095, and > the other bugs listed in 'libtiff-tiffgetfield-bugs.patch'. > > * gnu/packages/patches/libtiff-tiffgetfield-bugs.patch: New file. > * gnu/local.mk (dist_patch_DATA): Add it. > * gnu/packages/image.scm (libtiff-4.0.8)[source]: Use it. LGTM. =E2=80=98guix lint -c cve=E2=80=99 will keep complaining, but I gues= s splitting the patch in one patch per CVE might be hard and not worth the effort. Thoughts? Could you apply them to =E2=80=98core-updates=E2=80=99 as well? Thank you! Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Thu Jun 15 11:22:57 2017 Received: (at 27370) by debbugs.gnu.org; 15 Jun 2017 15:22:57 +0000 Received: from localhost ([127.0.0.1]:49754 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dLWbp-0000Em-9z for submit@debbugs.gnu.org; Thu, 15 Jun 2017 11:22:57 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:50419) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dLWbj-0000Ea-Sc for 27370@debbugs.gnu.org; Thu, 15 Jun 2017 11:22:55 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 4D17820A09; Thu, 15 Jun 2017 11:22:51 -0400 (EDT) Received: from frontend2 ([10.202.2.161]) by compute4.internal (MEProxy); Thu, 15 Jun 2017 11:22:51 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=bCVDxVZ/Byzr/ZTpT9YZOvJShGP8kahpo8YEBY uA4IE=; b=RuBmdiMC0V7hykzlzTWLKa5vPgfPSODiP+ArmP5rIA0YINiKKY0oBs GUJZ009rejjMrhS/RW89HV3aYSh0DuWdKGkecSAKllKGAlUrS+MEd5XgElTySflj H9Qb7+RYC5zy6cTPqFqXrBG+AnERmM8kdTQeVuBUppJIYzBszXXKI= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=bCVDxVZ/Byzr/ZTpT9 YZOvJShGP8kahpo8YEBYuA4IE=; b=C3MIc7LbPcavKHjo7LoQErkyhZqs8xNm4f qiV08VlS3BE/Dr50k8bykMb5NtnEa6bFn2AkYOImTbM6rOX9OREy5AjxZiE6x1PR fU1bIDZ+cZxAoGa6bzJb0/K6PlBTQ/1vZ3TpJ7Sc9GYHO/tmICp/5WsfBjdmmvvQ KXzACoeReUtM+mXkZkZzGNc5/3K23/TJ53etx/o4LMnQDvKkOD1D7drByh3O7Sxs P/QUZWJDOPoxBkd9i8m3Lw8dZIuaKkc41TGHBbgDtIAi43iaXo08f2K/O/YQwZC5 bpuzkOwNGF55AakxBdVoH68z0G7/EbltVsFZBp3TXv0bOnNszzXw== X-ME-Sender: X-Sasl-enc: Nh8lekdPcFgVES4Oc46BlzXpbqM8bAzdCt+UEDUz1rLV 1497540171 Received: from localhost (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70]) by mail.messagingengine.com (Postfix) with ESMTPA id 088FE241E0 for <27370@debbugs.gnu.org>; Thu, 15 Jun 2017 11:22:51 -0400 (EDT) Date: Thu, 15 Jun 2017 11:22:49 -0400 From: Leo Famulari To: 27370@debbugs.gnu.org Subject: Re: [PATCH] gnu: libtiff: Fix several bugs related to improper codec usage [security fixes]. Message-ID: <20170615152249.GA2776@jasmine.lan> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="d6Gm4EdcadzBjdND" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.8.3 (2017-05-23) X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 27370 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --d6Gm4EdcadzBjdND Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jun 14, 2017 at 11:45:57PM -0400, Leo Famulari wrote: > Fixes CVE-2014-8128, CVE-2015-7554, CVE-2016-5318, CVE-2016-10095, and > the other bugs listed in 'libtiff-tiffgetfield-bugs.patch'. >=20 > * gnu/packages/patches/libtiff-tiffgetfield-bugs.patch: New file. > * gnu/local.mk (dist_patch_DATA): Add it. > * gnu/packages/image.scm (libtiff-4.0.8)[source]: Use it. I'd also like to add a patch for this libtiff commit, fixing a regression in 4.0.8: https://github.com/vadz/libtiff/commit/cd23b66764cb0a2d67198e060a9e238380e3= ae9f --d6Gm4EdcadzBjdND Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAllCpkkACgkQJkb6MLrK fwg9gxAAiEQ2GNfPXpLXQQRFXpDa3HavAWKMvA0zWi+UPzjp/y2/81W5EXx+ZEFW EAPMa2qJI8/iFR7LB/v70Na9NzpjephsoRWu4K0fgetiVJvB2Ax9KMU4ziUPVQko f1fsLw8toHyLaHEK0UUF8pCl98UmIYmJNLV9d0rG30YHDntaNBV8vC1MEyvkQdit hM0vX7aCfaEM+nUatZx2VfzuI1ZAlZPNFChb3euuDhG1qXdPphG4poslA+reZsJM TiHa+iMOEjkIKhQeUnPbCGi2vyF4zd+40Eu0yTday4HidUV/sOvahMTerG2/YHYb hXEVY/XiwlZqS997EIcliqlCZPVMvXwEVfDU2bbFBgeQJik2Q70k5OMJ59IUg1lp hkRgt0tnLGSbYt1GTQIh2bpN6SvjNeDoykUEfQfsmBJAdwTi/vB+F8DdBGb+u6K7 9XBwVneMAyBn1iXmX993XMp7N7cKL97lMuTZoRUw2WJItEoOjLexNJsilzEk9Wt1 EO+q8umHUFLcA8WaGTmByA2UoXWjSLsHG/lk62GS3YBpP4nPEdoTNF++X8CyJIKu p8SfVQXIYChMsNWeiMu2FACh9TbmVVxJ3vS9yV4urydRAHnDlBBhSAqXYG4aOjEj Tp1lS0bMruth04pBXdJG02AksudrsiYEdFyIFsMNqSr7ERW3R7Y= =fjay -----END PGP SIGNATURE----- --d6Gm4EdcadzBjdND-- From debbugs-submit-bounces@debbugs.gnu.org Thu Jun 15 11:52:34 2017 Received: (at 27370-done) by debbugs.gnu.org; 15 Jun 2017 15:52:35 +0000 Received: from localhost ([127.0.0.1]:49802 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dLX4U-00013N-Ne for submit@debbugs.gnu.org; Thu, 15 Jun 2017 11:52:34 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:34523) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dLX4R-00013D-EW for 27370-done@debbugs.gnu.org; Thu, 15 Jun 2017 11:52:34 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id DBCCF208CB; Thu, 15 Jun 2017 11:52:30 -0400 (EDT) Received: from frontend2 ([10.202.2.161]) by compute4.internal (MEProxy); Thu, 15 Jun 2017 11:52:30 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=5IOAiAZpZ1HZU62OxQi9KfALFkI35cntbHPK5Q vGPI8=; b=Aw1LOczm/DUswD+sTW67CJRTDOrJ8KhSer3Q4x1mH5bH9xzhmW1xpV Z8ZT1uLO0y1KjP1UQ4h5XAcapS6p6Ez4P1/vRUIrU8r4BxZoIO/YbKgOfLU8ZewH Gjv5kKxSqJ/PGtzE1nw0bVsRUAQgn9Ngh2relSXf/3lCPOXVANIuI= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=5IOAiAZpZ1HZU62OxQ i9KfALFkI35cntbHPK5QvGPI8=; b=eF2gU8tDRCvrV8W3HIolZPzrMooAagqxIc tCXZh2ZR2kOdQ4BUam7K6no/mn+U5uow69nZBSwiT8+0lLttWSXIQVBNiIno18IV fI6YwJFnLo/RD1yBFP9cOLkG+q8dv6waMU9aw+jyRdb/A26upd9LCkhPi3116Et4 5KyZs52vMiGgHcHmkKRx3Y7hDnmtiHqcE4vpqWMM8McLAm9ZaFiGgvykJenAbECQ c1t6aPZwo/mHqGZ/aTzHLGS3wROsjvGS9jo8ii+WEPJ3Y2nNX10OAKo4wjsfjz9y q3s8phiUubLSW10klF3zqnH+YnslaMwkFmPMIzkG+bzaw1vY+3XQ== X-ME-Sender: X-Sasl-enc: m+ynjxKOYK4+sGmVKBMNahEdVY5ThTN7u9120xfVvllL 1497541950 Received: from localhost (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70]) by mail.messagingengine.com (Postfix) with ESMTPA id 8FBB72498B; Thu, 15 Jun 2017 11:52:30 -0400 (EDT) Date: Thu, 15 Jun 2017 11:52:29 -0400 From: Leo Famulari To: Ludovic =?iso-8859-1?Q?Court=E8s?= Subject: Re: [bug#27370] [PATCH] gnu: libtiff: Fix several bugs related to improper codec usage [security fixes]. Message-ID: <20170615155229.GB2932@jasmine.lan> References: <87eful4qiw.fsf@gnu.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="4SFOXa2GPu3tIq4H" Content-Disposition: inline In-Reply-To: <87eful4qiw.fsf@gnu.org> User-Agent: Mutt/1.8.3 (2017-05-23) X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 27370-done Cc: 27370-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --4SFOXa2GPu3tIq4H Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jun 15, 2017 at 10:13:43AM +0200, Ludovic Court=C3=A8s wrote: > Leo Famulari skribis: >=20 > > Fixes CVE-2014-8128, CVE-2015-7554, CVE-2016-5318, CVE-2016-10095, and > > the other bugs listed in 'libtiff-tiffgetfield-bugs.patch'. > > > > * gnu/packages/patches/libtiff-tiffgetfield-bugs.patch: New file. > > * gnu/local.mk (dist_patch_DATA): Add it. > > * gnu/packages/image.scm (libtiff-4.0.8)[source]: Use it. >=20 > LGTM. =E2=80=98guix lint -c cve=E2=80=99 will keep complaining, but I gu= ess splitting > the patch in one patch per CVE might be hard and not worth the effort. > Thoughts? The long list of bugs has a single root cause and fix, so there is only one patch. > Could you apply them to =E2=80=98core-updates=E2=80=99 as well? Sure, done! --4SFOXa2GPu3tIq4H Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAllCrT0ACgkQJkb6MLrK fwh1lw//eNY3MRXSYLBnN5x9ckEioioz7BG/EDrwFO0Y+A9E9RAvwoXQTyTpM5Pu fsWKak64hVbturdww8prrHf0284hOCkO2rJJ5l4KG4JKycLJKb7A838XWM/o6Rfj tIpjbH4ixVQcQR6Y7g9Ba9BKkr8oS5L1WXTErCyNM6TkxGhnlc5UY/tYWcZGYmeC z/mTJAVpJGh4vGq7mKWZ314YFplxSNImKFOptutMEYT+pEDPifTLXmiVXo7KEvMK 7OMV3vti3txnjzNUddC0kSsZ/dzVjierhbG3YZbSIMO4MwI97qgmqXjIIygD/cJ7 8lYTa7PnkvDRC82ShdZcVxWnDL3V/Uo6pddZt0EFmwcVNNk98DFMIfnIrYybRNkn eQuCnR/WFoPIzS2GiJsPD52pO6GDtGb3RafBTu2YvcA7wbMJQwHEuKx5gCgucUoB w1i20D1UWeN82gLbioa9v/fjRBlxqnHstogJWCEE+JmIsurL6s81Ta9DgxLtxjj7 tRU3yiKyDqikbq+DetWxIRimwZAvOWaRVXxkQem57U4KrwjhJbwWxXlvEMI37WmR O1rKxKHTrJvH0eNP7NKK+cYyFUdJFpR2M3RELJaGIT9ugbiTQItka2MQuVHyzofE wZWNFHinNfUTu4Lm0DPGej1d3WT7+ch42RUZgxYuy4VDaCvtKbI= =9eC2 -----END PGP SIGNATURE----- --4SFOXa2GPu3tIq4H-- From unknown Sat Sep 06 02:32:45 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Fri, 14 Jul 2017 11:24:05 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator