[packages/libtiff] upstream fixes for CVE-2013-4231, CVE-2013-4232

draenog draenog at pld-linux.org
Tue Aug 20 03:34:17 CEST 2013 

commit 24c59827abf415890e82a30574782238e4aedc54
Author: Kacper Kornet <draenog at pld-linux.org>
Date:   Tue Aug 20 02:32:43 2013 +0100

    upstream fixes for CVE-2013-4231, CVE-2013-4232

 libtiff-CVE-2013-4231.patch | 19 +++++++++++++++++++
 libtiff-CVE-2013-4232.patch | 22 ++++++++++++++++++++++
 libtiff.spec                |  6 +++++-
 3 files changed, 46 insertions(+), 1 deletion(-)
---
diff --git a/libtiff.spec b/libtiff.spec
index 49970e5..3fb3d5b 100644
--- a/libtiff.spec
+++ b/libtiff.spec
@@ -10,7 +10,7 @@ Summary(pl.UTF-8):	Biblioteka do manipulacji plikami w formacie TIFF
 Summary(tr.UTF-8):	TIFF dosyalarını işleme kitaplığı
 Name:		libtiff
 Version:	4.0.3
-Release:	3
+Release:	4
 License:	BSD-like
 Group:		Libraries
 Source0:	http://download.osgeo.org/libtiff/tiff-%{version}.tar.gz
@@ -20,6 +20,8 @@ Patch1:	        %{name}-CVE-2012-4447.patch
 Patch2:	        %{name}-CVE-2012-4564.patch
 Patch3:		%{name}-CVE-2013-1960.patch
 Patch4:		%{name}-CVE-2013-1961.patch
+Patch5:		%{name}-CVE-2013-4231.patch
+Patch6:		%{name}-CVE-2013-4232.patch
 URL:		http://www.remotesensing.org/libtiff/
 %{?with_opengl:BuildRequires:  OpenGL-glut-devel}
 BuildRequires:	autoconf >= 2.64
@@ -174,6 +176,8 @@ tiffgt - program do oglądania plików tiff oparty o OpenGL.
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1
+%patch6 -p1
 
 %build
 %{__libtoolize}
diff --git a/libtiff-CVE-2013-4231.patch b/libtiff-CVE-2013-4231.patch
new file mode 100644
index 0000000..84e069a
--- /dev/null
+++ b/libtiff-CVE-2013-4231.patch
@@ -0,0 +1,19 @@
+commit 4893813409a79748ddc9f8d9a0cc183af51a662c
+Author: fwarmerdam <fwarmerdam>
+Date:   Wed Aug 14 05:18:53 2013 +0000
+
+    make more resistent to corrupt/hostile input files (#2450, CVE-2013-4231)
+
+diff --git a/tools/gif2tiff.c b/tools/gif2tiff.c
+index 17f7a19..4093411 100644
+--- a/tools/gif2tiff.c
++++ b/tools/gif2tiff.c
+@@ -333,6 +333,8 @@ readraster(void)
+     int status = 1;
+ 
+     datasize = getc(infile);
++    if (datasize > 12)
++	return 0;
+     clear = 1 << datasize;
+     eoi = clear + 1;
+     avail = clear + 2;
diff --git a/libtiff-CVE-2013-4232.patch b/libtiff-CVE-2013-4232.patch
new file mode 100644
index 0000000..2107344
--- /dev/null
+++ b/libtiff-CVE-2013-4232.patch
@@ -0,0 +1,22 @@
+commit 0583f9859af8862c5a8748cb8a2a93673a5de3d4
+Author: fwarmerdam <fwarmerdam>
+Date:   Wed Aug 14 05:11:36 2013 +0000
+
+    ensure return after memory allocation failure (#2449, CVS-2013-4232)
+
+diff --git a/ChangeLog b/ChangeLog
+index 1a6c779..449555d 100644
+diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c
+index 109f618..951f44b 100644
+--- a/tools/tiff2pdf.c
++++ b/tools/tiff2pdf.c
+@@ -2461,7 +2461,8 @@ tsize_t t2p_readwrite_pdf_image(T2P* t2p, TIFF* input, TIFF* output){
+ 					(unsigned long) t2p->tiff_datasize, 
+ 					TIFFFileName(input));
+ 				t2p->t2p_error = T2P_ERR_ERROR;
+-			  _TIFFfree(buffer);
++				_TIFFfree(buffer);
++				return(0);
+ 			} else {
+ 				buffer=samplebuffer;
+ 				t2p->tiff_datasize *= t2p->tiff_samplesperpixel;
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/libtiff.git/commitdiff/24c59827abf415890e82a30574782238e4aedc54

More information about the pld-cvs-commit mailing list