commit a04a2ddc7e7b56ef300aa9ad935f77ca73142fce Author: Fredrik Rinnestam <fredrik@crux.nu> Date: Mon Aug 19 19:10:53 2013 +0200 [notify] libtiff: fixes for CVE-2013-4231 CVE-2013-4232 See http://bugzilla.maptools.org/show_bug.cgi?id=2450 and http://bugzilla.maptools.org/show_bug.cgi?id=2449 diff --git a/libtiff/.md5sum b/libtiff/.md5sum index 10672da..40fe639 100644 --- a/libtiff/.md5sum +++ b/libtiff/.md5sum @@ -1 +1,3 @@ +6c1189a715708edc8ba926977b33895f gif2tiff-buffer-overflow.patch 051c1068e6a0627f461948c365290410 tiff-4.0.3.tar.gz +35aee7eea6949c2d26ffa52872991115 tiff2pdf_use-after-free.patch diff --git a/libtiff/Pkgfile b/libtiff/Pkgfile index 4e95592..6e9a6cd 100644 --- a/libtiff/Pkgfile +++ b/libtiff/Pkgfile @@ -5,11 +5,14 @@ name=libtiff version=4.0.3 -release=1 -source=(http://download.osgeo.org/libtiff/tiff-$version.tar.gz) +release=2 +source=(http://download.osgeo.org/libtiff/tiff-$version.tar.gz \ + gif2tiff-buffer-overflow.patch tiff2pdf_use-after-free.patch) build() { cd tiff-$version + patch -d tools -p0 -i $SRC/tiff2pdf_use-after-free.patch + patch -d tools -p0 -i $SRC/gif2tiff-buffer-overflow.patch ./configure --prefix=/usr --mandir=/usr/man make make DESTDIR=$PKG install diff --git a/libtiff/gif2tiff-buffer-overflow.patch b/libtiff/gif2tiff-buffer-overflow.patch new file mode 100644 index 0000000..3c21718 --- /dev/null +++ b/libtiff/gif2tiff-buffer-overflow.patch @@ -0,0 +1,18 @@ +Index: gif2tiff.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/tools/gif2tiff.c,v +retrieving revision 1.12 +diff -u -r1.12 gif2tiff.c +--- gif2tiff.c 15 Dec 2010 00:22:44 -0000 1.12 ++++ gif2tiff.c 13 Aug 2013 08:25:38 -0000 +@@ -333,6 +333,10 @@ + int status = 1; + + datasize = getc(infile); ++ ++ if (datasize > 12) ++ return 0; ++ + clear = 1 << datasize; + eoi = clear + 1; + avail = clear + 2; diff --git a/libtiff/tiff2pdf_use-after-free.patch b/libtiff/tiff2pdf_use-after-free.patch new file mode 100644 index 0000000..87673d9 --- /dev/null +++ b/libtiff/tiff2pdf_use-after-free.patch @@ -0,0 +1,15 @@ +Index: tiff2pdf.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v +retrieving revision 1.71 +diff -u -r1.71 tiff2pdf.c +--- tiff2pdf.c 2 May 2013 14:54:08 -0000 1.71 ++++ tiff2pdf.c 13 Aug 2013 04:45:40 -0000 +@@ -2462,6 +2462,7 @@ + TIFFFileName(input)); + t2p->t2p_error = T2P_ERR_ERROR; + _TIFFfree(buffer); ++ return(0); + } else { + buffer=samplebuffer; + t2p->tiff_datasize *= t2p->tiff_samplesperpixel;