summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordrochner <drochner@pkgsrc.org>2013-08-15 14:58:46 +0000
committerdrochner <drochner@pkgsrc.org>2013-08-15 14:58:46 +0000
commitfc483f7762cd1ad02ffaae98c86759f3a079490d (patch)
tree78f9c99193277010612026ca8c5b1e828cc03740
parentb2926e9c5fb49d5be83b975c6fe0ffe5ad906d1c (diff)
downloadpkgsrc-fc483f7762cd1ad02ffaae98c86759f3a079490d.tar.gz
add patches from upstream CVS and Redhat bugzilla to fix buffer overflow
and use-after-free problems in the "gif2tiff" and "tiff2pdf" command line tools (the library is not affected) (CVE-2013-4231, CVE-2013-4232, CVE-2013-4244) bump PKGREV
-rw-r--r--graphics/tiff/Makefile4
-rw-r--r--graphics/tiff/distinfo5
-rw-r--r--graphics/tiff/patches/patch-CVE-2013-1960_196121
-rw-r--r--graphics/tiff/patches/patch-CVE-2013-423131
4 files changed, 52 insertions, 9 deletions
diff --git a/graphics/tiff/Makefile b/graphics/tiff/Makefile
index 861e2ba71e5..e22b62c5904 100644
--- a/graphics/tiff/Makefile
+++ b/graphics/tiff/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.112 2013/05/02 14:52:44 drochner Exp $
+# $NetBSD: Makefile,v 1.113 2013/08/15 14:58:46 drochner Exp $
DISTNAME= tiff-4.0.3
-PKGREVISION= 3
+PKGREVISION= 4
CATEGORIES= graphics
MASTER_SITES= ftp://ftp.remotesensing.org/pub/libtiff/ \
http://libtiff.maptools.org/dl/
diff --git a/graphics/tiff/distinfo b/graphics/tiff/distinfo
index 144e149f221..3a5b6aedcbe 100644
--- a/graphics/tiff/distinfo
+++ b/graphics/tiff/distinfo
@@ -1,8 +1,9 @@
-$NetBSD: distinfo,v 1.60 2013/05/02 14:52:44 drochner Exp $
+$NetBSD: distinfo,v 1.61 2013/08/15 14:58:46 drochner Exp $
SHA1 (tiff-4.0.3.tar.gz) = 652e97b78f1444237a82cbcfe014310e776eb6f0
RMD160 (tiff-4.0.3.tar.gz) = eacd725fb3c299682c1c2e508049d98acd170f31
Size (tiff-4.0.3.tar.gz) = 2051630 bytes
SHA1 (patch-CVE-2012-4564) = bda3b26e431e8234e5afd984a086c980a8eb6c41
-SHA1 (patch-CVE-2013-1960_1961) = dff40e975426a6df2ba27383d22b5f8f4275a443
+SHA1 (patch-CVE-2013-1960_1961) = b815edbeeb1eb23ce2633060dd390985dec794f3
+SHA1 (patch-CVE-2013-4231) = bc1420583b9c4b0a34d26142bc35b6d0d26af529
SHA1 (patch-configure) = 1fb9ef790a59ac9c1396dd8e962c75946e2c998a
diff --git a/graphics/tiff/patches/patch-CVE-2013-1960_1961 b/graphics/tiff/patches/patch-CVE-2013-1960_1961
index 7e63de2c56c..4d2c1dee7c9 100644
--- a/graphics/tiff/patches/patch-CVE-2013-1960_1961
+++ b/graphics/tiff/patches/patch-CVE-2013-1960_1961
@@ -1,8 +1,11 @@
-$NetBSD: patch-CVE-2013-1960_1961,v 1.1 2013/05/02 14:52:44 drochner Exp $
+$NetBSD: patch-CVE-2013-1960_1961,v 1.2 2013/08/15 14:58:46 drochner Exp $
see https://bugzilla.redhat.com/show_bug.cgi?id=952131
and https://bugzilla.redhat.com/show_bug.cgi?id=952158
+also fixes CVE-2013-4232
+see http://bugzilla.maptools.org/show_bug.cgi?id=2449
+
--- contrib/dbs/xtiff/xtiff.c.orig 2010-06-08 20:55:15.000000000 +0200
+++ contrib/dbs/xtiff/xtiff.c 2013-05-02 16:27:43.000000000 +0200
@@ -512,9 +512,9 @@ SetNameLabel()
@@ -63,9 +66,17 @@ and https://bugzilla.redhat.com/show_bug.cgi?id=952158
TIFFSetField(out, TIFFTAG_IMAGEDESCRIPTION, thing);
TIFFSetField(out, TIFFTAG_SOFTWARE, "tiff2bw");
outbuf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
---- tools/tiff2pdf.c.orig 2013-05-02 16:27:43.000000000 +0200
-+++ tools/tiff2pdf.c 2013-05-02 16:32:49.000000000 +0200
-@@ -3341,33 +3341,56 @@ int t2p_process_jpeg_strip(
+--- tools/tiff2pdf.c.orig 2012-07-26 02:56:43.000000000 +0000
++++ tools/tiff2pdf.c
+@@ -2462,6 +2462,7 @@ tsize_t t2p_readwrite_pdf_image(T2P* t2p
+ TIFFFileName(input));
+ t2p->t2p_error = T2P_ERR_ERROR;
+ _TIFFfree(buffer);
++ return(0);
+ } else {
+ buffer=samplebuffer;
+ t2p->tiff_datasize *= t2p->tiff_samplesperpixel;
+@@ -3341,33 +3342,56 @@ int t2p_process_jpeg_strip(
uint32 height){
tsize_t i=0;
@@ -144,7 +155,7 @@ and https://bugzilla.redhat.com/show_bug.cgi?id=952158
}
v_samp*=8;
h_samp*=8;
-@@ -3381,45 +3404,43 @@ int t2p_process_jpeg_strip(
+@@ -3381,45 +3405,43 @@ int t2p_process_jpeg_strip(
(unsigned char) ((height>>8) & 0xff);
buffer[*bufferoffset+6]=
(unsigned char) (height & 0xff);
diff --git a/graphics/tiff/patches/patch-CVE-2013-4231 b/graphics/tiff/patches/patch-CVE-2013-4231
new file mode 100644
index 00000000000..0916dfd5818
--- /dev/null
+++ b/graphics/tiff/patches/patch-CVE-2013-4231
@@ -0,0 +1,31 @@
+$NetBSD: patch-CVE-2013-4231,v 1.1 2013/08/15 14:58:46 drochner Exp $
+
+see http://bugzilla.maptools.org/show_bug.cgi?id=2450
+
+also fixes CVE-2013-4244
+see https://bugzilla.redhat.com/show_bug.cgi?id=996468
+
+--- tools/gif2tiff.c.orig 2010-12-15 03:52:53.000000000 +0000
++++ tools/gif2tiff.c
+@@ -333,6 +333,10 @@ readraster(void)
+ int status = 1;
+
+ datasize = getc(infile);
++
++ if (datasize > 12)
++ return 0;
++
+ clear = 1 << datasize;
+ eoi = clear + 1;
+ avail = clear + 2;
+@@ -398,6 +402,10 @@ process(register int code, unsigned char
+ }
+
+ if (oldcode == -1) {
++ if (code >= clear) {
++ fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear);
++ return 0;
++ }
+ *(*fill)++ = suffix[code];
+ firstchar = oldcode = code;
+ return 1;