~ubuntu-branches/ubuntu/precise/tiff/precise-security

« back to all changes in this revision

Viewing changes to debian/patches/CVE-2014-81xx-5.patch

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2015-03-30 08:11:18 UTC
  • Revision ID: package-import@ubuntu.com-20150330081118-bvaoaii1act27voq
Tags: 3.9.5-2ubuntu1.7
* SECURITY UPDATE: Fix multiple security issues
  - debian/patches/CVE-2014-81xx-1.patch to CVE-2014-81xx-11.patch
  - debian/patches/CVE-2014-8128-5.patch
  - debian/patches/CVE-2014-9655-1.patch to CVE-2014-9655-3.patch
  - debian/patches/read_overrun.patch
  - debian/patches/CVE-2014-8130.patch
  - CVE-2014-8127 (partially)
  - CVE-2014-8128
  - CVE-2014-8129
  - CVE-2014-8130
  - CVE-2014-9330
  - CVE-2014-9655

Show diffs side-by-side

added added

removed removed

Lines of Context:
 
1
From 8b6e80fca434525497e5a31c3309a3bab5b3c1c8 Mon Sep 17 00:00:00 2001
 
2
From: erouault <erouault>
 
3
Date: Sun, 21 Dec 2014 18:52:42 +0000
 
4
Subject: [PATCH] * tools/thumbnail.c, tools/tiffcmp.c: only read/write
 
5
 TIFFTAG_GROUP3OPTIONS or TIFFTAG_GROUP4OPTIONS if compression is
 
6
 COMPRESSION_CCITTFAX3 or COMPRESSION_CCITTFAX4
 
7
 http://bugzilla.maptools.org/show_bug.cgi?id=2493 (CVE-2014-8128)
 
8
 
 
9
---
 
10
 ChangeLog         |  7 +++++++
 
11
 tools/thumbnail.c | 21 ++++++++++++++++++++-
 
12
 tools/tiffcmp.c   | 17 +++++++++++++++--
 
13
 3 files changed, 42 insertions(+), 3 deletions(-)
 
14
 
 
15
Index: tiff-3.9.5/tools/thumbnail.c
 
16
===================================================================
 
17
--- tiff-3.9.5.orig/tools/thumbnail.c   2015-03-30 07:47:00.561025658 -0400
 
18
+++ tiff-3.9.5/tools/thumbnail.c        2015-03-30 07:47:00.561025658 -0400
 
19
@@ -254,7 +254,26 @@
 
20
 {
 
21
     struct cpTag *p;
 
22
     for (p = tags; p < &tags[NTAGS]; p++)
 
23
-       cpTag(in, out, p->tag, p->count, p->type);
 
24
+       {
 
25
+               /* Horrible: but TIFFGetField() expects 2 arguments to be passed */
 
26
+               /* if we request a tag that is defined in a codec, but that codec */
 
27
+               /* isn't used */
 
28
+               if( p->tag == TIFFTAG_GROUP3OPTIONS )
 
29
+               {
 
30
+                       uint16 compression;
 
31
+                       if( !TIFFGetField(in, TIFFTAG_COMPRESSION, &compression) ||
 
32
+                               compression != COMPRESSION_CCITTFAX3 )
 
33
+                               continue;
 
34
+               }
 
35
+               if( p->tag == TIFFTAG_GROUP4OPTIONS )
 
36
+               {
 
37
+                       uint16 compression;
 
38
+                       if( !TIFFGetField(in, TIFFTAG_COMPRESSION, &compression) ||
 
39
+                               compression != COMPRESSION_CCITTFAX4 )
 
40
+                               continue;
 
41
+               }
 
42
+               cpTag(in, out, p->tag, p->count, p->type);
 
43
+       }
 
44
 }
 
45
 #undef NTAGS
 
46
 
 
47
Index: tiff-3.9.5/tools/tiffcmp.c
 
48
===================================================================
 
49
--- tiff-3.9.5.orig/tools/tiffcmp.c     2015-03-30 07:47:00.561025658 -0400
 
50
+++ tiff-3.9.5/tools/tiffcmp.c  2015-03-30 07:47:00.561025658 -0400
 
51
@@ -256,6 +256,7 @@
 
52
 static int
 
53
 cmptags(TIFF* tif1, TIFF* tif2)
 
54
 {
 
55
+       uint16 compression1, compression2;
 
56
        CmpLongField(TIFFTAG_SUBFILETYPE,       "SubFileType");
 
57
        CmpLongField(TIFFTAG_IMAGEWIDTH,        "ImageWidth");
 
58
        CmpLongField(TIFFTAG_IMAGELENGTH,       "ImageLength");
 
59
@@ -272,8 +273,20 @@
 
60
        CmpShortField(TIFFTAG_SAMPLEFORMAT,     "SampleFormat");
 
61
        CmpFloatField(TIFFTAG_XRESOLUTION,      "XResolution");
 
62
        CmpFloatField(TIFFTAG_YRESOLUTION,      "YResolution");
 
63
-       CmpLongField(TIFFTAG_GROUP3OPTIONS,     "Group3Options");
 
64
-       CmpLongField(TIFFTAG_GROUP4OPTIONS,     "Group4Options");
 
65
+       if( TIFFGetField(tif1, TIFFTAG_COMPRESSION, &compression1) &&
 
66
+               compression1 == COMPRESSION_CCITTFAX3 &&
 
67
+               TIFFGetField(tif2, TIFFTAG_COMPRESSION, &compression2) &&
 
68
+               compression2 == COMPRESSION_CCITTFAX3 )
 
69
+       {
 
70
+               CmpLongField(TIFFTAG_GROUP3OPTIONS,     "Group3Options");
 
71
+       }
 
72
+       if( TIFFGetField(tif1, TIFFTAG_COMPRESSION, &compression1) &&
 
73
+               compression1 == COMPRESSION_CCITTFAX4 &&
 
74
+               TIFFGetField(tif2, TIFFTAG_COMPRESSION, &compression2) &&
 
75
+               compression2 == COMPRESSION_CCITTFAX4 )
 
76
+       {
 
77
+               CmpLongField(TIFFTAG_GROUP4OPTIONS,     "Group4Options");
 
78
+       }
 
79
        CmpShortField(TIFFTAG_RESOLUTIONUNIT,   "ResolutionUnit");
 
80
        CmpShortField(TIFFTAG_PLANARCONFIG,     "PlanarConfiguration");
 
81
        CmpLongField(TIFFTAG_ROWSPERSTRIP,      "RowsPerStrip");