FreeBSD Bugzilla – Attachment 172515 Details for
Bug 211113
graphics/tiff: Backport fixes for CVE-2016-5875, CVE-2016-3186
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
CVE patch
tiff.patch (text/plain), 3.26 KB, created by
Piotr Kubaj
on 2016-07-14 14:27:49 UTC
(
hide
)
Description:
CVE patch
Filename:
MIME Type:
Creator:
Piotr Kubaj
Created:
2016-07-14 14:27:49 UTC
Size:
3.26 KB
patch
obsolete
>Index: Makefile >=================================================================== >--- Makefile (revision 418428) >+++ Makefile (working copy) >@@ -3,7 +3,7 @@ > > PORTNAME= tiff > PORTVERSION= 4.0.6 >-PORTREVISION= 1 >+PORTREVISION= 2 > CATEGORIES= graphics > MASTER_SITES= ftp://ftp.remotesensing.org/pub/libtiff/ \ > http://download.osgeo.org/libtiff/ >Index: files/patch-libtiff_tif__pixarlog.c >=================================================================== >--- files/patch-libtiff_tif__pixarlog.c (revision 0) >+++ files/patch-libtiff_tif__pixarlog.c (working copy) >@@ -0,0 +1,34 @@ >+CVE-2016-5875(, dup?) >+https://marc.info/?l=oss-security&m=146720235906569&w=2 >+ >+--- libtiff/tif_pixarlog.c.orig Sat Aug 29 00:16:22 2015 >++++ libtiff/tif_pixarlog.c Fri Jul 1 13:04:52 2016 >+@@ -457,6 +457,7 @@ horizontalAccumulate8abgr(uint16 *wp, int n, int strid >+ typedef struct { >+ TIFFPredictorState predict; >+ z_stream stream; >++ tmsize_t tbuf_size; /* only set/used on reading for now */ >+ uint16 *tbuf; >+ uint16 stride; >+ int state; >+@@ -692,6 +693,7 @@ PixarLogSetupDecode(TIFF* tif) >+ sp->tbuf = (uint16 *) _TIFFmalloc(tbuf_size); >+ if (sp->tbuf == NULL) >+ return (0); >++ sp->tbuf_size = tbuf_size; >+ if (sp->user_datafmt == PIXARLOGDATAFMT_UNKNOWN) >+ sp->user_datafmt = PixarLogGuessDataFmt(td); >+ if (sp->user_datafmt == PIXARLOGDATAFMT_UNKNOWN) { >+@@ -779,6 +781,12 @@ PixarLogDecode(TIFF* tif, uint8* op, tmsize_t occ, uin >+ if (sp->stream.avail_out != nsamples * sizeof(uint16)) >+ { >+ TIFFErrorExt(tif->tif_clientdata, module, "ZLib cannot deal with buffers this size"); >++ return (0); >++ } >++ /* Check that we will not fill more than what was allocated */ >++ if (sp->stream.avail_out > sp->tbuf_size) >++ { >++ TIFFErrorExt(tif->tif_clientdata, module, "sp->stream.avail_out > sp->tbuf_size"); >+ return (0); >+ } >+ do { > >Property changes on: files/patch-libtiff_tif__pixarlog.c >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: files/patch-tools_gif2tiff.c >=================================================================== >--- files/patch-tools_gif2tiff.c (revision 0) >+++ files/patch-tools_gif2tiff.c (working copy) >@@ -0,0 +1,14 @@ >+CVE-2016-3186, patch from: >+https://bugzilla.redhat.com/show_bug.cgi?id=1319666 >+ >+--- tools/gif2tiff.c.orig Fri Jul 1 13:11:43 2016 >++++ tools/gif2tiff.c Fri Jul 1 13:12:07 2016 >+@@ -349,7 +349,7 @@ readextension(void) >+ int status = 1; >+ >+ (void) getc(infile); >+- while ((count = getc(infile)) && count <= 255) >++ while ((count = getc(infile)) && count >= 0 && count <= 255) >+ if (fread(buf, 1, count, infile) != (size_t) count) { >+ fprintf(stderr, "short read from file %s (%s)\n", >+ filename, strerror(errno)); > >Property changes on: files/patch-tools_gif2tiff.c >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Flags:
pkubaj
:
maintainer-approval?
(
portmgr
)
Actions:
View
|
Diff
Attachments on
bug 211113
:
172514
| 172515