ports/opt
4
3
Fork 1
Code Issues 1 Pull Requests Activity

[notify] libtiff: fixes for CVE-2013-4231 CVE-2013-4232

Browse Source 
See http://bugzilla.maptools.org/show_bug.cgi?id=2450 and
http://bugzilla.maptools.org/show_bug.cgi?id=2449
This commit is contained in:
Fredrik Rinnestam 2013-08-19 19:10:53 +02:00
parent 9a24ac4abd
commit a04a2ddc7e
4 changed files with 40 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libtiff/.md5sum
View File

@ -1 +1,3 @@
6c1189a715708edc8ba926977b33895f gif2tiff-buffer-overflow.patch
051c1068e6a0627f461948c365290410 tiff-4.0.3.tar.gz
35aee7eea6949c2d26ffa52872991115 tiff2pdf_use-after-free.patch

7
libtiff/Pkgfile
View File

@ -5,11 +5,14 @@
name=libtiff
version=4.0.3
release=1
source=(http://download.osgeo.org/libtiff/tiff-$version.tar.gz)
release=2
source=(http://download.osgeo.org/libtiff/tiff-$version.tar.gz \
gif2tiff-buffer-overflow.patch tiff2pdf_use-after-free.patch)
build() {
cd tiff-$version
patch -d tools -p0 -i $SRC/tiff2pdf_use-after-free.patch
patch -d tools -p0 -i $SRC/gif2tiff-buffer-overflow.patch
./configure --prefix=/usr --mandir=/usr/man
make
make DESTDIR=$PKG install

18
libtiff/gif2tiff-buffer-overflow.patch Normal file
View File

@ -0,0 +1,18 @@
Index: gif2tiff.c
===================================================================
RCS file: /cvs/maptools/cvsroot/libtiff/tools/gif2tiff.c,v
retrieving revision 1.12
diff -u -r1.12 gif2tiff.c
--- gif2tiff.c 15 Dec 2010 00:22:44 -0000 1.12
+++ gif2tiff.c 13 Aug 2013 08:25:38 -0000
@@ -333,6 +333,10 @@
int status = 1;
datasize = getc(infile);
+
+ if (datasize > 12)
+ return 0;
+
clear = 1 << datasize;
eoi = clear + 1;
avail = clear + 2;

15
libtiff/tiff2pdf_use-after-free.patch Normal file
View File

@ -0,0 +1,15 @@
Index: tiff2pdf.c
===================================================================
RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v
retrieving revision 1.71
diff -u -r1.71 tiff2pdf.c
--- tiff2pdf.c 2 May 2013 14:54:08 -0000 1.71
+++ tiff2pdf.c 13 Aug 2013 04:45:40 -0000
@@ -2462,6 +2462,7 @@
TIFFFileName(input));
t2p->t2p_error = T2P_ERR_ERROR;
_TIFFfree(buffer);
+ return(0);
} else {
buffer=samplebuffer;
t2p->tiff_datasize *= t2p->tiff_samplesperpixel;