aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeo <thinkabit.ukim@gmail.com>2019-11-28 19:39:59 +0100
committerLeo <thinkabit.ukim@gmail.com>2019-11-28 19:39:59 +0100
commit967440f6a760b0f6868ff91e77113a352f1335f7 (patch)
treed7716556fad16505f5adcb495f009b3e5e1734c1
parent93080dac2fc349d9fdd148de126f3eaf749cb373 (diff)
downloadaports-967440f6a760b0f6868ff91e77113a352f1335f7.tar.gz
aports-967440f6a760b0f6868ff91e77113a352f1335f7.tar.bz2
aports-967440f6a760b0f6868ff91e77113a352f1335f7.tar.xz
main/tiff: fix CVE-2019-6128
ref #10996
-rw-r--r--main/tiff/APKBUILD8
-rw-r--r--main/tiff/CVE-2019-6128.patch36
2 files changed, 42 insertions, 2 deletions
diff --git a/main/tiff/APKBUILD b/main/tiff/APKBUILD
index 9143b94c1a..ae10a014cb 100644
--- a/main/tiff/APKBUILD
+++ b/main/tiff/APKBUILD
@@ -3,7 +3,7 @@
# Maintainer: Michael Mason <ms13sp@gmail.com>
pkgname=tiff
pkgver=4.0.10
-pkgrel=2
+pkgrel=3
pkgdesc="Provides support for the Tag Image File Format or TIFF"
url="http://www.libtiff.org"
arch="all"
@@ -17,9 +17,12 @@ source="http://download.osgeo.org/libtiff/$pkgname-$pkgver.tar.gz
CVE-2018-12900.patch
CVE-2019-14973-rebased.patch
CVE-2019-17546.patch
+ CVE-2019-6128.patch
"
# secfixes:
+# 4.0.10-r3:
+# - CVE-2019-6128
# 4.0.10-r2:
# - CVE-2019-10927
# 4.0.10-r1:
@@ -101,4 +104,5 @@ tools() {
sha512sums="d213e5db09fd56b8977b187c5a756f60d6e3e998be172550c2892dbdb4b2a8e8c750202bc863fe27d0d1c577ab9de1710d15e9f6ed665aadbfd857525a81eea8 tiff-4.0.10.tar.gz
c321f1d4e5d334cdb3b0800299e8165055c040c0c030220769ccfdadcc7fd35a0f3231115f44dc86fe5e34f32eafe1074aa85495a744717f8fc10c0cab2ab085 CVE-2018-12900.patch
4567184ea17028dbf90753dbebce221881ec26632d88f02d4f6b56556fc19bb9134523f16487707fdd908f21c7bc4660103d0a95f3ccf0890ad4f0d93e81c503 CVE-2019-14973-rebased.patch
-140a6f435a682c5fd2a56e364e0d7448e56b8bf20c8db45db8b15ffd711fa6449f6cdaecab417d7fa96fc832d8eebd40423658153c05dd4f25f769b4b346d5f1 CVE-2019-17546.patch"
+140a6f435a682c5fd2a56e364e0d7448e56b8bf20c8db45db8b15ffd711fa6449f6cdaecab417d7fa96fc832d8eebd40423658153c05dd4f25f769b4b346d5f1 CVE-2019-17546.patch
+f9031d51f50ccfa2c3be96978fb5ac670b83237dec1c6b5b3d51d26af1d0266afd94a8f1c7df9b73dfeb5b4f06d0e66c164dfd6c672887a008f5c9cd675be173 CVE-2019-6128.patch"
diff --git a/main/tiff/CVE-2019-6128.patch b/main/tiff/CVE-2019-6128.patch
new file mode 100644
index 0000000000..178566f883
--- /dev/null
+++ b/main/tiff/CVE-2019-6128.patch
@@ -0,0 +1,36 @@
+diff --git a/tools/pal2rgb.c b/tools/pal2rgb.c
+index 01d8502ecf7a8a7f015e49ca9378a1a741cbc06b..9492f1cf1212177bf7e97d307757d0977c898e90 100644
+--- a/tools/pal2rgb.c
++++ b/tools/pal2rgb.c
+@@ -118,12 +118,14 @@ main(int argc, char* argv[])
+ shortv != PHOTOMETRIC_PALETTE) {
+ fprintf(stderr, "%s: Expecting a palette image.\n",
+ argv[optind]);
++ (void) TIFFClose(in);
+ return (-1);
+ }
+ if (!TIFFGetField(in, TIFFTAG_COLORMAP, &rmap, &gmap, &bmap)) {
+ fprintf(stderr,
+ "%s: No colormap (not a valid palette image).\n",
+ argv[optind]);
++ (void) TIFFClose(in);
+ return (-1);
+ }
+ bitspersample = 0;
+@@ -131,11 +133,14 @@ main(int argc, char* argv[])
+ if (bitspersample != 8) {
+ fprintf(stderr, "%s: Sorry, can only handle 8-bit images.\n",
+ argv[optind]);
++ (void) TIFFClose(in);
+ return (-1);
+ }
+ out = TIFFOpen(argv[optind+1], "w");
+- if (out == NULL)
++ if (out == NULL) {
++ (void) TIFFClose(in);
+ return (-2);
++ }
+ cpTags(in, out);
+ TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &imagewidth);
+ TIFFGetField(in, TIFFTAG_IMAGELENGTH, &imagelength);
+