Add libtiff 4.0.6 for various bugs

author: Nguyễn Gia Phong <cnx@loang.net> 2025-02-25 17:37:13 +0900
committer: Nguyễn Gia Phong <cnx@loang.net> 2025-02-26 14:45:29 +0900
commit: e6d75b5c1e7138cb3148d457e4f392dff697824d (patch)
tree: f96ddba557f7b25a9c366a4e62c65e37a9203cbd
parent: d9d06b24c4293f8df5c34cb192d074efcc7b9f37 (diff)
download: loftix-e6d75b5c1e7138cb3148d457e4f392dff697824d.tar.gz
8 files changed, 76 insertions, 1 deletions
diff --git a/REUSE.toml b/REUSE.toml
index 33b099c..0174744 100644
--- a/REUSE.toml
+++ b/REUSE.toml
@@ -32,6 +32,10 @@ SPDX-FileCopyrightText = '2015 Mateusz Jurczyk'
 SPDX-License-Identifier = 'CC0-1.0'
 
 [[annotations]]
+path = 'bugs/cve/2016/3186/crash.gif'
+SPDX-FileCopyrightText = '2016 Aladdin Mubaied'
+
+[[annotations]]
 path = 'bugs/cve/2016/5844/libarchive-signed-int-overflow.iso'
 SPDX-FileCopyrightText = '2016 Hanno Böck'
 SPDX-License-Identifier = 'CC0-1.0'
@@ -42,6 +46,26 @@ SPDX-FileCopyrightText = '2016 Agostino Sarubbo'
 SPDX-License-Identifier = 'CC0-1.0'
 
 [[annotations]]
+path = 'bugs/cve/2016/5314/oobw.tiff'
+SPDX-FileCopyrightText = '2016 Kaixiang Zhang'
+SPDX-License-Identifier = 'CC0-1.0'
+
+[[annotations]]
+path = 'bugs/cve/2016/5321/ill-read.tiff'
+SPDX-FileCopyrightText = '2016 Kaixiang Zhang'
+SPDX-License-Identifier = 'CC0-1.0'
+
+[[annotations]]
+path = 'bugs/cve/2016/9273/test049.tiff'
+SPDX-FileCopyrightText = '2016 Brian Carpenter'
+SPDX-License-Identifier = 'CC0-1.0'
+
+[[annotations]]
+path = 'bugs/cve/2016/9532/heap-buffer-overflow.tiff'
+SPDX-FileCopyrightText = '2016 Henri Salo'
+SPDX-License-Identifier = 'CC0-1.0'
+
+[[annotations]]
 path = 'bugs/cve/2016/9557/signed-int-overflow.jp2'
 SPDX-FileCopyrightText = '2016 Agostino Sarubbo'
 SPDX-License-Identifier = 'CC0-1.0'
diff --git a/bugs/README.md b/bugs/README.md
index 08e88ce..de9149a 100644
--- a/bugs/README.md
+++ b/bugs/README.md
@@ -79,6 +79,31 @@
 
 ## libtiff
 
+- CVE-2016-3186: [buffer overflow][redhat-1319503]
+
+      guix shell -e '(@@ (loftix bugs) libtiff-4.0.6)'
+      echo y | gif2tiff cve/2016/3186/crash.gif /dev/null
+
+- CVE-2016-5314: [heap buffer overflow][maptools-2554]
+
+      guix shell -e '(@@ (loftix bugs) libtiff-4.0.6-asan)'
+      rgb2ycbcr cve/2016/5314/oobw.tiff /dev/null
+
+- CVE-2016-5321: [invalid read][maptools-2558]
+
+      guix shell -e '(@@ (loftix bugs) libtiff-4.0.6)'
+      tiffcrop cve/2016/5321/ill-read.tiff /dev/null
+
+- CVE-2016-9273: [heap buffer overflow][maptools-2587]
+
+      guix shell -e '(@@ (loftix bugs) libtiff-4.0.6-asan)'
+      tiffsplit cve/2016/9273/test049.tiff
+
+- CVE-2016-9532: [heap buffer overflow][maptools-2592]
+
+      guix shell -e '(@@ (loftix bugs) libtiff-4.0.6)'
+      tiffcrop cve/2016/9532/heap-buffer-overflow.tiff /dev/null
+
 - CVE-2016-10092: [heap buffer overflow][maptools-2622]
 
       guix shell -e '(@@ (loftix bugs) libtiff-4.0.7-asan)'
@@ -184,6 +209,10 @@
 [libarchive-717]: https://github.com/libarchive/libarchive/issues/717
 [libjpeg-turbo-258]: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258
 [libjpeg-turbo-305]: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/305
+[maptools-2554]: https://bugzilla.maptools.org/show_bug.cgi?id=2554
+[maptools-2558]: https://bugzilla.maptools.org/show_bug.cgi?id=2558
+[maptools-2587]: https://bugzilla.maptools.org/show_bug.cgi?id=2587
+[maptools-2592]: https://bugzilla.maptools.org/show_bug.cgi?id=2592
 [maptools-2596]: https://bugzilla.maptools.org/show_bug.cgi?id=2596
 [maptools-2598]: https://bugzilla.maptools.org/show_bug.cgi?id=2598
 [maptools-2610]: https://bugzilla.maptools.org/show_bug.cgi?id=2610
@@ -200,6 +229,7 @@
 [mozjpeg-268]: https://github.com/mozilla/mozjpeg/issues/268
 [oss-sec-20161105-3]: https://www.openwall.com/lists/oss-security/2016/11/05/3
 [redhat-955808]: https://bugzilla.redhat.com/show_bug.cgi?id=955808
+[redhat-1319503]: https://bugzilla.redhat.com/show_bug.cgi?id=1319503
 [sourceware-21137]: https://sourceware.org/bugzilla/show_bug.cgi?id=21137
 [sourceware-22148]: https://sourceware.org/bugzilla/show_bug.cgi?id=22148
 [sourceware-22186]: https://sourceware.org/bugzilla/show_bug.cgi?id=22186
diff --git a/bugs/cve/2016/3186/crash.gif b/bugs/cve/2016/3186/crash.gif
new file mode 100644
index 0000000..48b97ef
--- /dev/null
+++ b/bugs/cve/2016/3186/crash.gif
Binary files differdiff --git a/bugs/cve/2016/5314/oobw.tiff b/bugs/cve/2016/5314/oobw.tiff
new file mode 100644
index 0000000..e3d3e19
--- /dev/null
+++ b/bugs/cve/2016/5314/oobw.tiff
Binary files differdiff --git a/bugs/cve/2016/5321/ill-read.tiff b/bugs/cve/2016/5321/ill-read.tiff
new file mode 100644
index 0000000..97ad39d
--- /dev/null
+++ b/bugs/cve/2016/5321/ill-read.tiff
Binary files differdiff --git a/bugs/cve/2016/9273/test049.tiff b/bugs/cve/2016/9273/test049.tiff
new file mode 100644
index 0000000..6beaf3f
--- /dev/null
+++ b/bugs/cve/2016/9273/test049.tiff
Binary files differdiff --git a/bugs/cve/2016/9532/heap-buffer-overflow.tiff b/bugs/cve/2016/9532/heap-buffer-overflow.tiff
new file mode 100644
index 0000000..abf11de
--- /dev/null
+++ b/bugs/cve/2016/9532/heap-buffer-overflow.tiff
Binary files differdiff --git a/loftix/bugs.scm b/loftix/bugs.scm
index 91bf15e..f053a7f 100644
--- a/loftix/bugs.scm
+++ b/loftix/bugs.scm
@@ -3,7 +3,7 @@
 ;;; SPDX-FileCopyrightText: 2012, 2014-2015 Ludovic Courtès
 ;;; SPDX-FileCopyrightText: 2013 Andreas Enge
 ;;; SPDX-FileCopyrightText: 2014 Eric Bavier
-;;; SPDX-FileCopyrightText: 2015 David Thompson
+;;; SPDX-FileCopyrightText: 2014-2015 David Thompson
 ;;; SPDX-FileCopyrightText: 2016 Efraim Flashner
 ;;; SPDX-FileCopyrightText: 2016 Tobias Geerinckx-Rice
 ;;; SPDX-FileCopyrightText: 2017, 2019 Marius Bakke
@@ -227,6 +227,27 @@
                  ;; Tests fail with ASan enabled^
                  #:tests? #f))))
 
+(define-public libtiff-4.0.6
+  (package
+    (inherit libtiff)
+    (version "4.0.6")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                     "ftp://ftp.remotesensing.org/pub/libtiff/tiff-" version
+                     ".tar.gz"))
+              (sha256
+               (base32
+                "136nf1rj9dp5jgv1p7z4dk0xy3wki1w0vfjbk82f645m0w4samsd"))))
+    (arguments '(#:make-flags '("LDFLAGS=-static")))
+    (outputs '("out"))))
+
+(define-public libtiff-4.0.6-asan
+  (package
+    (inherit libtiff-4.0.6)
+    (arguments '(#:make-flags '("CFLAGS=-O2 -g -fsanitize=address"
+                                "LDFLAGS=-static -fsanitize=address")))))
+
 (define-public libtiff-4.0.7
   (package
     (inherit libtiff)
author	Nguyễn Gia Phong <cnx@loang.net>	2025-02-25 17:37:13 +0900
committer	Nguyễn Gia Phong <cnx@loang.net>	2025-02-26 14:45:29 +0900
commit	e6d75b5c1e7138cb3148d457e4f392dff697824d (patch)
tree	f96ddba557f7b25a9c366a4e62c65e37a9203cbd
parent	d9d06b24c4293f8df5c34cb192d074efcc7b9f37 (diff)
download	loftix-e6d75b5c1e7138cb3148d457e4f392dff697824d.tar.gz