aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorpsykose <alice@ayaya.dev>2023-06-29 11:18:51 +0000
committerpsykose <alice@ayaya.dev>2023-06-29 13:19:22 +0200
commit298f9e3792044fc8f29355e9db2dcf7d118084d8 (patch)
tree53e305f958f54fff8d2725158b43a69a553ad3e7
parent3ed1b1e0ef91f8900f6269c942ce15209b10c30e (diff)
main/tiff: fix CVE-2023-3316
-rw-r--r--main/tiff/APKBUILD6
-rw-r--r--main/tiff/CVE-2023-3316.patch52
2 files changed, 57 insertions, 1 deletions
diff --git a/main/tiff/APKBUILD b/main/tiff/APKBUILD
index 5e4ba5d1323..0fe86b2738f 100644
--- a/main/tiff/APKBUILD
+++ b/main/tiff/APKBUILD
@@ -3,7 +3,7 @@
# Maintainer: Michael Mason <ms13sp@gmail.com>
pkgname=tiff
pkgver=4.4.0
-pkgrel=3
+pkgrel=4
pkgdesc="Provides support for the Tag Image File Format or TIFF"
url="https://gitlab.com/libtiff/libtiff"
arch="all"
@@ -19,10 +19,13 @@ source="https://gitlab.com/libtiff/libtiff/-/archive/v$pkgver/libtiff-v$pkgver.t
CVE-2022-3970.patch
CVE-2023-0795-9.patch
CVE-2023-0800-4.patch
+ CVE-2023-3316.patch
"
builddir="$srcdir/libtiff-v$pkgver"
# secfixes:
+# 4.4.0-r4:
+# - CVE-2023-3316
# 4.4.0-r3:
# - CVE-2022-2056
# - CVE-2022-2057
@@ -154,4 +157,5 @@ bceb639a8fc18d892b9aca0d34256b2269e0677c19f357636ecad354e5c75aba742f811b6ec014af
59d7079109f9e60f25e08330a046334d4ad54328b214fb7c7054d438e01e7372786b2df4d656286ecd531abda7eee15cc46f169a83b2f83468cc5b47adc4d9af CVE-2022-3970.patch
1266bbaf4db924fef4aaecddb24ccb330058eb5a55091edf48750e3100c60758f706f7916f0be74c44b96794e44726280a11df0f66ca918f98699ac29a4fb23f CVE-2023-0795-9.patch
6ba09194d6d342c0a312f7d4b1a45fbc76bca6c8288fb39d88d5a22210612d74252c86205add6a9802baa5ea86e2672e1f173cfeda965b3c900b36e998392134 CVE-2023-0800-4.patch
+75eca2edfd4f64258983522e0eb65581271408eee873207b6a9407b4e893b0c834dee1582e1787021f45c17faa64e67b75b26ee0496ef21eeb6af5dd51fc66c6 CVE-2023-3316.patch
"
diff --git a/main/tiff/CVE-2023-3316.patch b/main/tiff/CVE-2023-3316.patch
new file mode 100644
index 00000000000..9c07b0cff91
--- /dev/null
+++ b/main/tiff/CVE-2023-3316.patch
@@ -0,0 +1,52 @@
+Patch-Source: https://gitlab.com/libtiff/libtiff/-/commit/f171d7a2cd50e34975036748a395c156d32d9235
+--
+From d63de61b1ec3385f6383ef9a1f453e4b8b11d536 Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Fri, 3 Feb 2023 17:38:55 +0100
+Subject: [PATCH] TIFFClose() avoid NULL pointer dereferencing. fix#515
+
+Closes #515
+---
+ libtiff/tif_close.c | 11 +++++++----
+ tools/tiffcrop.c | 5 ++++-
+ 2 files changed, 11 insertions(+), 5 deletions(-)
+
+diff --git a/libtiff/tif_close.c b/libtiff/tif_close.c
+index 04977bc..6d4d707 100644
+--- a/libtiff/tif_close.c
++++ b/libtiff/tif_close.c
+@@ -125,11 +125,14 @@ TIFFCleanup(TIFF* tif)
+ void
+ TIFFClose(TIFF* tif)
+ {
+- TIFFCloseProc closeproc = tif->tif_closeproc;
+- thandle_t fd = tif->tif_clientdata;
++ if (tif != NULL)
++ {
++ TIFFCloseProc closeproc = tif->tif_closeproc;
++ thandle_t fd = tif->tif_clientdata;
+
+- TIFFCleanup(tif);
+- (void) (*closeproc)(fd);
++ TIFFCleanup(tif);
++ (void)(*closeproc)(fd);
++ }
+ }
+
+ /* vim: set ts=8 sts=8 sw=8 noet: */
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index a0e8851..14ea715 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -2553,7 +2553,10 @@ main(int argc, char* argv[])
+ }
+ }
+
+- TIFFClose(out);
++ if (out != NULL)
++ {
++ TIFFClose(out);
++ }
+
+ return (0);
+ } /* end main */