diff options
| author | Mark H Weaver <mhw@netris.org> | 2015-06-16 00:59:15 -0400 |
|---|---|---|
| committer | Mark H Weaver <mhw@netris.org> | 2015-06-16 01:02:01 -0400 |
| commit | 8e28d22c914122aa7bfb70847370d8ae0f070688 (patch) | |
| tree | 14ffa1b7954a3f67c4057bc03ab35c993e98120f /gnu/packages/patches/libtiff-CVE-2014-9330.patch | |
| parent | 7d02724b7bddb4d5e1cc93db99f737baa26840ca (diff) | |
| download | guix-8e28d22c914122aa7bfb70847370d8ae0f070688.tar.gz | |
gnu: libtiff: Add fixes for several CVEs.
* gnu/packages/patches/libtiff-CVE-2012-4564.patch, gnu/packages/patches/libtiff-CVE-2013-1960.patch, gnu/packages/patches/libtiff-CVE-2013-1961.patch, gnu/packages/patches/libtiff-CVE-2013-4231.patch, gnu/packages/patches/libtiff-CVE-2013-4232.patch, gnu/packages/patches/libtiff-CVE-2013-4243.patch, gnu/packages/patches/libtiff-CVE-2013-4244.patch, gnu/packages/patches/libtiff-CVE-2014-8127-pt1.patch, gnu/packages/patches/libtiff-CVE-2014-8127-pt2.patch, gnu/packages/patches/libtiff-CVE-2014-8127-pt3.patch, gnu/packages/patches/libtiff-CVE-2014-8127-pt4.patch, gnu/packages/patches/libtiff-CVE-2014-8128-pt1.patch, gnu/packages/patches/libtiff-CVE-2014-8128-pt2.patch, gnu/packages/patches/libtiff-CVE-2014-8128-pt3.patch, gnu/packages/patches/libtiff-CVE-2014-8128-pt4.patch, gnu/packages/patches/libtiff-CVE-2014-8128-pt5.patch, gnu/packages/patches/libtiff-CVE-2014-8129.patch, gnu/packages/patches/libtiff-CVE-2014-9330.patch, gnu/packages/patches/libtiff-CVE-2014-9655.patch: New files. * gnu-system.am (dist_patch_DATA): Add them. * gnu/packages/image.scm (libtiff)[source]: Add patches.
Diffstat (limited to 'gnu/packages/patches/libtiff-CVE-2014-9330.patch')
| -rw-r--r-- | gnu/packages/patches/libtiff-CVE-2014-9330.patch | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/gnu/packages/patches/libtiff-CVE-2014-9330.patch b/gnu/packages/patches/libtiff-CVE-2014-9330.patch new file mode 100644 index 0000000000..c3c5fc0367 --- /dev/null +++ b/gnu/packages/patches/libtiff-CVE-2014-9330.patch @@ -0,0 +1,47 @@ +Copied from Debian + +Description: CVE-2014-9330 + Integer overflow in bmp2tiff +Origin: upstream, http://bugzilla.maptools.org/show_bug.cgi?id=2494 +Bug: http://bugzilla.maptools.org/show_bug.cgi?id=2494 +Bug-Debian: http://bugs.debian.org/773987 + +Index: tiff/tools/bmp2tiff.c +=================================================================== +--- tiff.orig/tools/bmp2tiff.c ++++ tiff/tools/bmp2tiff.c +@@ -1,4 +1,4 @@ +-/* $Id: bmp2tiff.c,v 1.23 2010-03-10 18:56:49 bfriesen Exp $ ++/* $Id: bmp2tiff.c,v 1.24 2014-12-21 15:15:32 erouault Exp $ + * + * Project: libtiff tools + * Purpose: Convert Windows BMP files in TIFF. +@@ -403,6 +403,13 @@ main(int argc, char* argv[]) + + width = info_hdr.iWidth; + length = (info_hdr.iHeight > 0) ? info_hdr.iHeight : -info_hdr.iHeight; ++ if( width <= 0 || length <= 0 ) ++ { ++ TIFFError(infilename, ++ "Invalid dimensions of BMP file" ); ++ close(fd); ++ return -1; ++ } + + switch (info_hdr.iBitCount) + { +@@ -593,6 +600,14 @@ main(int argc, char* argv[]) + + compr_size = file_hdr.iSize - file_hdr.iOffBits; + uncompr_size = width * length; ++ /* Detect int overflow */ ++ if( uncompr_size / width != length ) ++ { ++ TIFFError(infilename, ++ "Invalid dimensions of BMP file" ); ++ close(fd); ++ return -1; ++ } + comprbuf = (unsigned char *) _TIFFmalloc( compr_size ); + if (!comprbuf) { + TIFFError(infilename, |