Attachment 172515 Details for Bug 211113 – CVE patch

[patch] CVE patch

tiff.patch (text/plain), 3.26 KB, created by Piotr Kubaj on 2016-07-14 14:27:49 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Piotr Kubaj

Created: 2016-07-14 14:27:49 UTC

Size: 3.26 KB

patch

obsolete

>Index: Makefile
>===================================================================
>--- Makefile	(revision 418428)
>+++ Makefile	(working copy)
>@@ -3,7 +3,7 @@
> 
> PORTNAME=	tiff
> PORTVERSION=	4.0.6
>-PORTREVISION=	1
>+PORTREVISION=	2
> CATEGORIES=	graphics
> MASTER_SITES=	ftp://ftp.remotesensing.org/pub/libtiff/ \
> 		http://download.osgeo.org/libtiff/
>Index: files/patch-libtiff_tif__pixarlog.c
>===================================================================
>--- files/patch-libtiff_tif__pixarlog.c	(revision 0)
>+++ files/patch-libtiff_tif__pixarlog.c	(working copy)
>@@ -0,0 +1,34 @@
>+CVE-2016-5875(, dup?)
>+https://marc.info/?l=oss-security&m=146720235906569&w=2
>+
>+--- libtiff/tif_pixarlog.c.orig	Sat Aug 29 00:16:22 2015
>++++ libtiff/tif_pixarlog.c	Fri Jul  1 13:04:52 2016
>+@@ -457,6 +457,7 @@ horizontalAccumulate8abgr(uint16 *wp, int n, int strid
>+ typedef	struct {
>+ 	TIFFPredictorState	predict;
>+ 	z_stream		stream;
>++	tmsize_t		tbuf_size; /* only set/used on reading for now */
>+ 	uint16			*tbuf; 
>+ 	uint16			stride;
>+ 	int			state;
>+@@ -692,6 +693,7 @@ PixarLogSetupDecode(TIFF* tif)
>+ 	sp->tbuf = (uint16 *) _TIFFmalloc(tbuf_size);
>+ 	if (sp->tbuf == NULL)
>+ 		return (0);
>++	sp->tbuf_size = tbuf_size;
>+ 	if (sp->user_datafmt == PIXARLOGDATAFMT_UNKNOWN)
>+ 		sp->user_datafmt = PixarLogGuessDataFmt(td);
>+ 	if (sp->user_datafmt == PIXARLOGDATAFMT_UNKNOWN) {
>+@@ -779,6 +781,12 @@ PixarLogDecode(TIFF* tif, uint8* op, tmsize_t occ, uin
>+ 	if (sp->stream.avail_out != nsamples * sizeof(uint16))
>+ 	{
>+ 		TIFFErrorExt(tif->tif_clientdata, module, "ZLib cannot deal with buffers this size");
>++		return (0);
>++	}
>++	/* Check that we will not fill more than what was allocated */
>++	if (sp->stream.avail_out > sp->tbuf_size)
>++	{
>++		TIFFErrorExt(tif->tif_clientdata, module, "sp->stream.avail_out > sp->tbuf_size");
>+ 		return (0);
>+ 	}
>+ 	do {
>
>Property changes on: files/patch-libtiff_tif__pixarlog.c
>___________________________________________________________________
>Added: fbsd:nokeywords
>## -0,0 +1 ##
>+yes
>\ No newline at end of property
>Added: svn:eol-style
>## -0,0 +1 ##
>+native
>\ No newline at end of property
>Added: svn:mime-type
>## -0,0 +1 ##
>+text/plain
>\ No newline at end of property
>Index: files/patch-tools_gif2tiff.c
>===================================================================
>--- files/patch-tools_gif2tiff.c	(revision 0)
>+++ files/patch-tools_gif2tiff.c	(working copy)
>@@ -0,0 +1,14 @@
>+CVE-2016-3186, patch from:
>+https://bugzilla.redhat.com/show_bug.cgi?id=1319666
>+
>+--- tools/gif2tiff.c.orig	Fri Jul  1 13:11:43 2016
>++++ tools/gif2tiff.c	Fri Jul  1 13:12:07 2016
>+@@ -349,7 +349,7 @@ readextension(void)
>+     int status = 1;
>+ 
>+     (void) getc(infile);
>+-    while ((count = getc(infile)) && count <= 255)
>++    while ((count = getc(infile)) && count >= 0 && count <= 255)
>+         if (fread(buf, 1, count, infile) != (size_t) count) {
>+             fprintf(stderr, "short read from file %s (%s)\n",
>+                     filename, strerror(errno));
>
>Property changes on: files/patch-tools_gif2tiff.c
>___________________________________________________________________
>Added: fbsd:nokeywords
>## -0,0 +1 ##
>+yes
>\ No newline at end of property
>Added: svn:eol-style
>## -0,0 +1 ##
>+native
>\ No newline at end of property
>Added: svn:mime-type
>## -0,0 +1 ##
>+text/plain
>\ No newline at end of property

Flags:

pkubaj: maintainer-approval? (portmgr)

Actions: View | Diff

Attachments on bug 211113: 172514 | 172515