1 files changed, 45 insertions, 0 deletions

diff --git a/gnu/packages/patches/libtiff-CVE-2014-8129.patch b/gnu/packages/patches/libtiff-CVE-2014-8129.patch
new file mode 100644
index 0000000000..091ec8f573
--- /dev/null
+++ b/gnu/packages/patches/libtiff-CVE-2014-8129.patch
@@ -0,0 +1,45 @@
+Copied from Debian
+
+From cd82b5267ad4c10eb91e4ee8a716a81362cf851c Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Sun, 21 Dec 2014 18:07:48 +0000
+Subject: [PATCH] * libtiff/tif_next.c: check that BitsPerSample = 2. Fixes
+ http://bugzilla.maptools.org/show_bug.cgi?id=2487 (CVE-2014-8129)
+
+---
+ ChangeLog          |  5 +++++
+ libtiff/tif_next.c | 17 +++++++++++++++++
+ 2 files changed, 22 insertions(+)
+
+diff --git a/libtiff/tif_next.c b/libtiff/tif_next.c
+index a53c716..d834196 100644
+--- a/libtiff/tif_next.c
++++ b/libtiff/tif_next.c
+@@ -141,10 +141,27 @@ NeXTDecode(TIFF* tif, uint8* buf, tmsize_t occ, uint16 s)
+ 	return (0);
+ }
+ 
++static int
++NeXTPreDecode(TIFF* tif, uint16 s)
++{
++	static const char module[] = "NeXTPreDecode";
++	TIFFDirectory *td = &tif->tif_dir;
++	(void)s;
++
++	if( td->td_bitspersample != 2 )
++	{
++		TIFFErrorExt(tif->tif_clientdata, module, "Unsupported BitsPerSample = %d",
++					 td->td_bitspersample);
++		return (0);
++	}
++	return (1);
++}
++	
+ int
+ TIFFInitNeXT(TIFF* tif, int scheme)
+ {
+ 	(void) scheme;
++	tif->tif_predecode = NeXTPreDecode;  
+ 	tif->tif_decoderow = NeXTDecode;  
+ 	tif->tif_decodestrip = NeXTDecode;  
+ 	tif->tif_decodetile = NeXTDecode;