ports/opt (3.0): [notify] libtiff: patched for CVE-2013-4244

crux at crux.nu crux at crux.nu
Wed Aug 28 16:13:26 UTC 2013


commit b049fc6c70f8409810706e7da318f82cb78d3ba2
Author: Fredrik Rinnestam <fredrik at crux.nu>
Date:   Tue Aug 27 18:51:52 2013 +0200

    [notify] libtiff: patched for CVE-2013-4244

diff --git a/libtiff/.md5sum b/libtiff/.md5sum
index 40fe639..502f704 100644
--- a/libtiff/.md5sum
+++ b/libtiff/.md5sum
@@ -1,3 +1,4 @@
 6c1189a715708edc8ba926977b33895f  gif2tiff-buffer-overflow.patch
+2c0dabc854c95e7453fc56d2fd50a503  lzw-oob-write.patch
 051c1068e6a0627f461948c365290410  tiff-4.0.3.tar.gz
 35aee7eea6949c2d26ffa52872991115  tiff2pdf_use-after-free.patch
diff --git a/libtiff/Pkgfile b/libtiff/Pkgfile
index 6e9a6cd..fa8a104 100644
--- a/libtiff/Pkgfile
+++ b/libtiff/Pkgfile
@@ -1,18 +1,20 @@
 # Description: Library for manipulation of TIFF (Tag Image File Format) images
-# URL:         http://libtiff.maptools.org/
+# URL:         http://www.remotesensing.org/libtiff/
 # Maintainer:  Fredrik Rinnestam, fredrik at crux dot nu
 # Depends on:  libjpeg, zlib
 
 name=libtiff
 version=4.0.3
-release=2
+release=3
 source=(http://download.osgeo.org/libtiff/tiff-$version.tar.gz \
-        gif2tiff-buffer-overflow.patch tiff2pdf_use-after-free.patch)
+        gif2tiff-buffer-overflow.patch tiff2pdf_use-after-free.patch lzw-oob-write.patch)
 
 build() {
     cd tiff-$version
     patch -d tools -p0 -i $SRC/tiff2pdf_use-after-free.patch
     patch -d tools -p0 -i $SRC/gif2tiff-buffer-overflow.patch
+    patch -d tools -p0 -i $SRC/lzw-oob-write.patch
+
     ./configure --prefix=/usr --mandir=/usr/man
     make
     make DESTDIR=$PKG install
diff --git a/libtiff/lzw-oob-write.patch b/libtiff/lzw-oob-write.patch
new file mode 100644
index 0000000..674afc6
--- /dev/null
+++ b/libtiff/lzw-oob-write.patch
@@ -0,0 +1,18 @@
+Index: gif2tiff.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/tools/gif2tiff.c,v
+retrieving revision 1.12
+diff -u -r1.12 gif2tiff.c
+--- gif2tiff.c	15 Dec 2010 00:22:44 -0000	1.12
++++ gif2tiff.c	14 Aug 2013 04:28:07 -0000
+@@ -398,6 +398,10 @@
+     }
+ 
+     if (oldcode == -1) {
++        if (code >= clear) {
++            fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear);
++            return 0;
++        }
+ 	*(*fill)++ = suffix[code];
+ 	firstchar = oldcode = code;
+ 	return 1;



More information about the CRUX mailing list