aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/libtiff-divide-by-zero-ojpeg.patch
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2017-01-10 03:22:33 -0500
committerLeo Famulari <leo@famulari.name>2017-01-10 17:52:42 -0500
commit4b96149d8b199048aa526159120d14a44d6ee054 (patch)
tree1ffa03b2a425040f2b00578d417784bf69d1abc5 /gnu/packages/patches/libtiff-divide-by-zero-ojpeg.patch
parent8966c6b43989a0f7bca972f12b78567da7de3eec (diff)
downloadgnu-guix-4b96149d8b199048aa526159120d14a44d6ee054.tar
gnu-guix-4b96149d8b199048aa526159120d14a44d6ee054.tar.gz
gnu: libtiff: Fix CVE-2016-{10092,10093,10094} and others.
* gnu/packages/patches/libtiff-CVE-2016-10092.patch, gnu/packages/patches/libtiff-CVE-2016-10093.patch, gnu/packages/patches/libtiff-CVE-2016-10094.patch, gnu/packages/patches/libtiff-assertion-failure.patch, gnu/packages/patches/libtiff-divide-by-zero-ojpeg.patch, gnu/packages/patches/libtiff-divide-by-zero-tiffcp.patch, gnu/packages/patches/libtiff-divide-by-zero-tiffcrop.patch, gnu/packages/patches/libtiff-divide-by-zero.patch, gnu/packages/patches/libtiff-heap-overflow-pixarlog-luv.patch, gnu/packages/patches/libtiff-heap-overflow-tif-dirread.patch, gnu/packages/patches/libtiff-heap-overflow-tiffcp.patch, gnu/packages/patches/libtiff-heap-overflow-tiffcrop.patch, gnu/packages/patches/libtiff-invalid-read.patch, gnu/packages/patches/libtiff-null-dereference.patch, gnu/packages/patches/libtiff-tiffcp-underflow.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/image.scm (libtiff)[replacement]: New field. (libtiff/fixed): New variable.
Diffstat (limited to 'gnu/packages/patches/libtiff-divide-by-zero-ojpeg.patch')
-rw-r--r--gnu/packages/patches/libtiff-divide-by-zero-ojpeg.patch63
1 files changed, 63 insertions, 0 deletions
diff --git a/gnu/packages/patches/libtiff-divide-by-zero-ojpeg.patch b/gnu/packages/patches/libtiff-divide-by-zero-ojpeg.patch
new file mode 100644
index 0000000000..2a96b68521
--- /dev/null
+++ b/gnu/packages/patches/libtiff-divide-by-zero-ojpeg.patch
@@ -0,0 +1,63 @@
+Fix divide-by-zero in OJPEGDecodeRaw():
+
+http://bugzilla.maptools.org/show_bug.cgi?id=2611
+
+2016-12-03 Even Rouault <even.rouault at spatialys.com>
+
+ * libtiff/tif_ojpeg.c: make OJPEGDecode() early exit in case of failure
+in
+ OJPEGPreDecode(). This will avoid a divide by zero, and potential other
+issues.
+ Reported by Agostino Sarubbo.
+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2611
+
+/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog
+new revision: 1.1177; previous revision: 1.1176
+/cvs/maptools/cvsroot/libtiff/libtiff/tif_ojpeg.c,v <-- libtiff/tif_ojpeg.c
+new revision: 1.66; previous revision: 1.65
+
+Index: libtiff/libtiff/tif_ojpeg.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_ojpeg.c,v
+retrieving revision 1.65
+retrieving revision 1.66
+diff -u -r1.65 -r1.66
+--- libtiff/libtiff/tif_ojpeg.c 4 Sep 2016 21:32:56 -0000 1.65
++++ libtiff/libtiff/tif_ojpeg.c 3 Dec 2016 11:15:18 -0000 1.66
+@@ -1,4 +1,4 @@
+-/* $Id: tif_ojpeg.c,v 1.65 2016-09-04 21:32:56 erouault Exp $ */
++/* $Id: tif_ojpeg.c,v 1.66 2016-12-03 11:15:18 erouault Exp $ */
+
+ /* WARNING: The type of JPEG encapsulation defined by the TIFF Version 6.0
+ specification is now totally obsolete and deprecated for new applications and
+@@ -244,6 +244,7 @@
+
+ typedef struct {
+ TIFF* tif;
++ int decoder_ok;
+ #ifndef LIBJPEG_ENCAP_EXTERNAL
+ JMP_BUF exit_jmpbuf;
+ #endif
+@@ -722,6 +723,7 @@
+ }
+ sp->write_curstrile++;
+ }
++ sp->decoder_ok = 1;
+ return(1);
+ }
+
+@@ -784,8 +786,14 @@
+ static int
+ OJPEGDecode(TIFF* tif, uint8* buf, tmsize_t cc, uint16 s)
+ {
++ static const char module[]="OJPEGDecode";
+ OJPEGState* sp=(OJPEGState*)tif->tif_data;
+ (void)s;
++ if( !sp->decoder_ok )
++ {
++ TIFFErrorExt(tif->tif_clientdata,module,"Cannot decode: decoder not correctly initialized");
++ return 0;
++ }
+ if (sp->libjpeg_jpeg_query_style==0)
+ {
+ if (OJPEGDecodeRaw(tif,buf,cc)==0)