ports/opt (3.0): [notify] libtiff: fixes for CVE-2013-4231 CVE-2013-4232

crux at crux.nu crux at crux.nu
Mon Aug 19 17:11:41 UTC 2013


commit a04a2ddc7e7b56ef300aa9ad935f77ca73142fce
Author: Fredrik Rinnestam <fredrik at crux.nu>
Date:   Mon Aug 19 19:10:53 2013 +0200

    [notify] libtiff: fixes for CVE-2013-4231 CVE-2013-4232
    
    See http://bugzilla.maptools.org/show_bug.cgi?id=2450 and
    http://bugzilla.maptools.org/show_bug.cgi?id=2449

diff --git a/libtiff/.md5sum b/libtiff/.md5sum
index 10672da..40fe639 100644
--- a/libtiff/.md5sum
+++ b/libtiff/.md5sum
@@ -1 +1,3 @@
+6c1189a715708edc8ba926977b33895f  gif2tiff-buffer-overflow.patch
 051c1068e6a0627f461948c365290410  tiff-4.0.3.tar.gz
+35aee7eea6949c2d26ffa52872991115  tiff2pdf_use-after-free.patch
diff --git a/libtiff/Pkgfile b/libtiff/Pkgfile
index 4e95592..6e9a6cd 100644
--- a/libtiff/Pkgfile
+++ b/libtiff/Pkgfile
@@ -5,11 +5,14 @@
 
 name=libtiff
 version=4.0.3
-release=1
-source=(http://download.osgeo.org/libtiff/tiff-$version.tar.gz)
+release=2
+source=(http://download.osgeo.org/libtiff/tiff-$version.tar.gz \
+        gif2tiff-buffer-overflow.patch tiff2pdf_use-after-free.patch)
 
 build() {
     cd tiff-$version
+    patch -d tools -p0 -i $SRC/tiff2pdf_use-after-free.patch
+    patch -d tools -p0 -i $SRC/gif2tiff-buffer-overflow.patch
     ./configure --prefix=/usr --mandir=/usr/man
     make
     make DESTDIR=$PKG install
diff --git a/libtiff/gif2tiff-buffer-overflow.patch b/libtiff/gif2tiff-buffer-overflow.patch
new file mode 100644
index 0000000..3c21718
--- /dev/null
+++ b/libtiff/gif2tiff-buffer-overflow.patch
@@ -0,0 +1,18 @@
+Index: gif2tiff.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/tools/gif2tiff.c,v
+retrieving revision 1.12
+diff -u -r1.12 gif2tiff.c
+--- gif2tiff.c	15 Dec 2010 00:22:44 -0000	1.12
++++ gif2tiff.c	13 Aug 2013 08:25:38 -0000
+@@ -333,6 +333,10 @@
+     int status = 1;
+ 
+     datasize = getc(infile);
++
++    if (datasize > 12)
++        return 0;
++
+     clear = 1 << datasize;
+     eoi = clear + 1;
+     avail = clear + 2;
diff --git a/libtiff/tiff2pdf_use-after-free.patch b/libtiff/tiff2pdf_use-after-free.patch
new file mode 100644
index 0000000..87673d9
--- /dev/null
+++ b/libtiff/tiff2pdf_use-after-free.patch
@@ -0,0 +1,15 @@
+Index: tiff2pdf.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v
+retrieving revision 1.71
+diff -u -r1.71 tiff2pdf.c
+--- tiff2pdf.c	2 May 2013 14:54:08 -0000	1.71
++++ tiff2pdf.c	13 Aug 2013 04:45:40 -0000
+@@ -2462,6 +2462,7 @@
+ 					TIFFFileName(input));
+ 				t2p->t2p_error = T2P_ERR_ERROR;
+ 			  _TIFFfree(buffer);
++                          return(0);
+ 			} else {
+ 				buffer=samplebuffer;
+ 				t2p->tiff_datasize *= t2p->tiff_samplesperpixel;



More information about the CRUX mailing list