Skip to content
Snippets Groups Projects
Commit 298f9e37 authored by alice's avatar alice
Browse files

main/tiff: fix CVE-2023-3316

parent 3ed1b1e0
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
main/tiff/APKBUILD
+ 5
1
View file @ 298f9e37
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
# Maintainer: Michael Mason <ms13sp@gmail.com> # Maintainer: Michael Mason <ms13sp@gmail.com>
pkgname=tiff pkgname=tiff
pkgver=4.4.0 pkgver=4.4.0
pkgrel=3 pkgrel=4
pkgdesc="Provides support for the Tag Image File Format or TIFF" pkgdesc="Provides support for the Tag Image File Format or TIFF"
url="https://gitlab.com/libtiff/libtiff" url="https://gitlab.com/libtiff/libtiff"
arch="all" arch="all"
...@@ -19,10 +19,13 @@ source="https://gitlab.com/libtiff/libtiff/-/archive/v$pkgver/libtiff-v$pkgver.t ...@@ -19,10 +19,13 @@ source="https://gitlab.com/libtiff/libtiff/-/archive/v$pkgver/libtiff-v$pkgver.t
CVE-2022-3970.patch CVE-2022-3970.patch
CVE-2023-0795-9.patch CVE-2023-0795-9.patch
CVE-2023-0800-4.patch CVE-2023-0800-4.patch
CVE-2023-3316.patch
" "
builddir="$srcdir/libtiff-v$pkgver" builddir="$srcdir/libtiff-v$pkgver"
# secfixes: # secfixes:
# 4.4.0-r4:
# - CVE-2023-3316
# 4.4.0-r3: # 4.4.0-r3:
# - CVE-2022-2056 # - CVE-2022-2056
# - CVE-2022-2057 # - CVE-2022-2057
...@@ -154,4 +157,5 @@ bceb639a8fc18d892b9aca0d34256b2269e0677c19f357636ecad354e5c75aba742f811b6ec014af ...@@ -154,4 +157,5 @@ bceb639a8fc18d892b9aca0d34256b2269e0677c19f357636ecad354e5c75aba742f811b6ec014af
59d7079109f9e60f25e08330a046334d4ad54328b214fb7c7054d438e01e7372786b2df4d656286ecd531abda7eee15cc46f169a83b2f83468cc5b47adc4d9af CVE-2022-3970.patch 59d7079109f9e60f25e08330a046334d4ad54328b214fb7c7054d438e01e7372786b2df4d656286ecd531abda7eee15cc46f169a83b2f83468cc5b47adc4d9af CVE-2022-3970.patch
1266bbaf4db924fef4aaecddb24ccb330058eb5a55091edf48750e3100c60758f706f7916f0be74c44b96794e44726280a11df0f66ca918f98699ac29a4fb23f CVE-2023-0795-9.patch 1266bbaf4db924fef4aaecddb24ccb330058eb5a55091edf48750e3100c60758f706f7916f0be74c44b96794e44726280a11df0f66ca918f98699ac29a4fb23f CVE-2023-0795-9.patch
6ba09194d6d342c0a312f7d4b1a45fbc76bca6c8288fb39d88d5a22210612d74252c86205add6a9802baa5ea86e2672e1f173cfeda965b3c900b36e998392134 CVE-2023-0800-4.patch 6ba09194d6d342c0a312f7d4b1a45fbc76bca6c8288fb39d88d5a22210612d74252c86205add6a9802baa5ea86e2672e1f173cfeda965b3c900b36e998392134 CVE-2023-0800-4.patch
75eca2edfd4f64258983522e0eb65581271408eee873207b6a9407b4e893b0c834dee1582e1787021f45c17faa64e67b75b26ee0496ef21eeb6af5dd51fc66c6 CVE-2023-3316.patch
" "
main/tiff/CVE-2023-3316.patch 0 → 100644
+ 52
0
View file @ 298f9e37
Patch-Source: https://gitlab.com/libtiff/libtiff/-/commit/f171d7a2cd50e34975036748a395c156d32d9235
--
From d63de61b1ec3385f6383ef9a1f453e4b8b11d536 Mon Sep 17 00:00:00 2001
From: Su_Laus <sulau@freenet.de>
Date: Fri, 3 Feb 2023 17:38:55 +0100
Subject: [PATCH] TIFFClose() avoid NULL pointer dereferencing. fix#515
Closes #515
---
libtiff/tif_close.c | 11 +++++++----
tools/tiffcrop.c | 5 ++++-
2 files changed, 11 insertions(+), 5 deletions(-)
diff --git a/libtiff/tif_close.c b/libtiff/tif_close.c
index 04977bc..6d4d707 100644
--- a/libtiff/tif_close.c
+++ b/libtiff/tif_close.c
@@ -125,11 +125,14 @@ TIFFCleanup(TIFF* tif)
void
TIFFClose(TIFF* tif)
{
- TIFFCloseProc closeproc = tif->tif_closeproc;
- thandle_t fd = tif->tif_clientdata;
+ if (tif != NULL)
+ {
+ TIFFCloseProc closeproc = tif->tif_closeproc;
+ thandle_t fd = tif->tif_clientdata;
- TIFFCleanup(tif);
- (void) (*closeproc)(fd);
+ TIFFCleanup(tif);
+ (void)(*closeproc)(fd);
+ }
}
/* vim: set ts=8 sts=8 sw=8 noet: */
diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
index a0e8851..14ea715 100644
--- a/tools/tiffcrop.c
+++ b/tools/tiffcrop.c
@@ -2553,7 +2553,10 @@ main(int argc, char* argv[])
}
}
- TIFFClose(out);
+ if (out != NULL)
+ {
+ TIFFClose(out);
+ }
return (0);
} /* end main */
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment