← Back to branch summary

~ubuntu-branches/ubuntu/precise/tiff/precise-security

~ubuntu-branches/ubuntu/precise/tiff/precise-security

« back to all changes in this revision

Viewing changes to debian/patches/CVE-2014-81xx-8.patch

Committer: Package Import Robot
Author(s): Marc Deslauriers
Date: 2015-03-30 08:11:18 UTC
Revision ID: package-import@ubuntu.com-20150330081118-bvaoaii1act27voq

Tags: 3.9.5-2ubuntu1.7

* SECURITY UPDATE: Fix multiple security issues
  - debian/patches/CVE-2014-81xx-1.patch to CVE-2014-81xx-11.patch
  - debian/patches/CVE-2014-8128-5.patch
  - debian/patches/CVE-2014-9655-1.patch to CVE-2014-9655-3.patch
  - debian/patches/read_overrun.patch
  - debian/patches/CVE-2014-8130.patch
  - CVE-2014-8127 (partially)
  - CVE-2014-8128
  - CVE-2014-8129
  - CVE-2014-8130
  - CVE-2014-9330
  - CVE-2014-9655

files added:
.pc/CVE-2014-8128-5.patch

.pc/CVE-2014-8128-5.patch/libtiff

.pc/CVE-2014-8128-5.patch/libtiff/tif_dirinfo.c

.pc/CVE-2014-8130.patch

.pc/CVE-2014-8130.patch/libtiff

.pc/CVE-2014-8130.patch/libtiff/tif_unix.c

.pc/CVE-2014-81xx-1.patch

.pc/CVE-2014-81xx-1.patch/libtiff

.pc/CVE-2014-81xx-1.patch/libtiff/tif_dir.c

.pc/CVE-2014-81xx-1.patch/libtiff/tif_getimage.c

.pc/CVE-2014-81xx-1.patch/libtiff/tif_next.c

.pc/CVE-2014-81xx-1.patch/tools

.pc/CVE-2014-81xx-1.patch/tools/bmp2tiff.c

.pc/CVE-2014-81xx-1.patch/tools/tiff2pdf.c

.pc/CVE-2014-81xx-1.patch/tools/tiffcrop.c

.pc/CVE-2014-81xx-10.patch

.pc/CVE-2014-81xx-10.patch/libtiff

.pc/CVE-2014-81xx-10.patch/libtiff/tif_read.c

.pc/CVE-2014-81xx-11.patch

.pc/CVE-2014-81xx-11.patch/tools

.pc/CVE-2014-81xx-11.patch/tools/tiffdither.c

.pc/CVE-2014-81xx-2.patch

.pc/CVE-2014-81xx-2.patch/tools

.pc/CVE-2014-81xx-2.patch/tools/tiffcp.c

.pc/CVE-2014-81xx-3.patch

.pc/CVE-2014-81xx-3.patch/tools

.pc/CVE-2014-81xx-3.patch/tools/tiff2pdf.c

.pc/CVE-2014-81xx-4.patch

.pc/CVE-2014-81xx-4.patch/libtiff

.pc/CVE-2014-81xx-4.patch/libtiff/tif_next.c

.pc/CVE-2014-81xx-5.patch

.pc/CVE-2014-81xx-5.patch/tools

.pc/CVE-2014-81xx-5.patch/tools/thumbnail.c

.pc/CVE-2014-81xx-5.patch/tools/tiffcmp.c

.pc/CVE-2014-81xx-6.patch

.pc/CVE-2014-81xx-6.patch/tools

.pc/CVE-2014-81xx-6.patch/tools/thumbnail.c

.pc/CVE-2014-81xx-7.patch

.pc/CVE-2014-81xx-7.patch/tools

.pc/CVE-2014-81xx-7.patch/tools/pal2rgb.c

.pc/CVE-2014-81xx-7.patch/tools/thumbnail.c

.pc/CVE-2014-81xx-8.patch

.pc/CVE-2014-81xx-8.patch/tools

.pc/CVE-2014-81xx-8.patch/tools/tiff2bw.c

.pc/CVE-2014-81xx-9.patch

.pc/CVE-2014-81xx-9.patch/tools

.pc/CVE-2014-81xx-9.patch/tools/tiffdump.c

.pc/CVE-2014-9655-1.patch

.pc/CVE-2014-9655-1.patch/libtiff

.pc/CVE-2014-9655-1.patch/libtiff/tif_getimage.c

.pc/CVE-2014-9655-2.patch

.pc/CVE-2014-9655-2.patch/libtiff

.pc/CVE-2014-9655-2.patch/libtiff/tif_getimage.c

.pc/CVE-2014-9655-2.patch/libtiff/tif_next.c

.pc/CVE-2014-9655-3.patch

.pc/CVE-2014-9655-3.patch/libtiff

.pc/CVE-2014-9655-3.patch/libtiff/tif_getimage.c

.pc/read_overrun.patch

.pc/read_overrun.patch/tools

.pc/read_overrun.patch/tools/thumbnail.c

.pc/read_overrun.patch/tools/tiffcrop.c

debian/patches/CVE-2014-8128-5.patch

debian/patches/CVE-2014-8130.patch

debian/patches/CVE-2014-81xx-1.patch

debian/patches/CVE-2014-81xx-10.patch

debian/patches/CVE-2014-81xx-11.patch

debian/patches/CVE-2014-81xx-2.patch

debian/patches/CVE-2014-81xx-3.patch

debian/patches/CVE-2014-81xx-4.patch

debian/patches/CVE-2014-81xx-5.patch

debian/patches/CVE-2014-81xx-6.patch

debian/patches/CVE-2014-81xx-7.patch

debian/patches/CVE-2014-81xx-8.patch

debian/patches/CVE-2014-81xx-9.patch

debian/patches/CVE-2014-9655-1.patch

debian/patches/CVE-2014-9655-2.patch

debian/patches/CVE-2014-9655-3.patch

debian/patches/read_overrun.patch

files modified:
.pc/applied-patches

debian/changelog

debian/patches/series

libtiff/tif_dir.c

libtiff/tif_dirinfo.c

libtiff/tif_getimage.c

libtiff/tif_next.c

libtiff/tif_read.c

libtiff/tif_unix.c

tools/bmp2tiff.c

tools/pal2rgb.c

tools/thumbnail.c

tools/tiff2bw.c

tools/tiff2pdf.c

tools/tiffcmp.c

tools/tiffcp.c

tools/tiffcrop.c

tools/tiffdither.c

tools/tiffdump.c

Show diffs side-by-side

added added

removed removed

debian/patches/CVE-2014-81xx-8.patch

1

From 0782c759084daaf9e4de7ee6be7543081823455e Mon Sep 17 00:00:00 2001

2

From: erouault <erouault>

3

Date: Sun, 21 Dec 2014 20:58:29 +0000

4

Subject: [PATCH] * tools/tiff2bw.c: when Photometric=RGB, the utility only

5

works if SamplesPerPixel = 3. Enforce that

6

http://bugzilla.maptools.org/show_bug.cgi?id=2485 (CVE-2014-8127)

7

8

---

9

ChangeLog | 6 ++++++

10

tools/tiff2bw.c | 5 +++++

11

2 files changed, 11 insertions(+)

12

13

Index: tiff-3.9.5/tools/tiff2bw.c

14

===================================================================

15

--- tiff-3.9.5.orig/tools/tiff2bw.c 2015-03-30 07:47:25.321241804 -0400

16

+++ tiff-3.9.5/tools/tiff2bw.c 2015-03-30 07:47:25.317241770 -0400

17

@@ -167,6 +167,11 @@

18

argv[optind], samplesperpixel);

19

return (-1);

20

}

21

+ if( photometric == PHOTOMETRIC_RGB && samplesperpixel != 3) {

22

+ fprintf(stderr, "%s: Bad samples/pixel %u for PHOTOMETRIC_RGB.\n",

23

+ argv[optind], samplesperpixel);

24

+ return (-1);

25

+ }

26

TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bitspersample);

27

if (bitspersample != 8) {

28

fprintf(stderr,

Older »