[arch-commits] Commit in libtiff/trunk (3 files)
Eric Bélanger
eric at nymeria.archlinux.org
Thu Aug 22 21:10:48 UTC 2013
Date: Thursday, August 22, 2013 @ 23:10:48
Author: eric
Revision: 193539
upgpkg: libtiff 4.0.3-3
Add security patches (close FS#36635)
Added:
libtiff/trunk/tiff-4.0.3-CVE-2013-4231.patch
libtiff/trunk/tiff-4.0.3-CVE-2013-4232.patch
Modified:
libtiff/trunk/PKGBUILD
--------------------------------+
PKGBUILD | 13 ++++++++++---
tiff-4.0.3-CVE-2013-4231.patch | 18 ++++++++++++++++++
tiff-4.0.3-CVE-2013-4232.patch | 15 +++++++++++++++
3 files changed, 43 insertions(+), 3 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2013-08-22 18:43:53 UTC (rev 193538)
+++ PKGBUILD 2013-08-22 21:10:48 UTC (rev 193539)
@@ -3,7 +3,7 @@
pkgname=libtiff
pkgver=4.0.3
-pkgrel=2
+pkgrel=3
pkgdesc="Library for manipulation of TIFF images"
arch=('i686' 'x86_64')
url="http://www.remotesensing.org/libtiff/"
@@ -18,14 +18,18 @@
tiff-4.0.3-CVE-2013-1960.patch
tiff-4.0.3-CVE-2013-1961.patch
tiff-4.0.3-libjpeg-turbo.patch
- tiff-4.0.3-tiff2pdf-colors.patch)
+ tiff-4.0.3-tiff2pdf-colors.patch
+ tiff-4.0.3-CVE-2013-4231.patch
+ tiff-4.0.3-CVE-2013-4232.patch)
sha1sums=('652e97b78f1444237a82cbcfe014310e776eb6f0'
'41be661638282dae0d07bd2788414cb6650f8981'
'6cb3d480908132335c05c769b5a51f951413725d'
'5903355afdd0bb27ea3746339e2196720f9fac9d'
'29a91870cca5d4cd9ca1c464f8074088eddc3fb8'
'02d57835df50d3f84587571ec52b36f5af838de2'
- '23443ad0bc130d70860b6cc6d19b69584ae7a6cc')
+ '23443ad0bc130d70860b6cc6d19b69584ae7a6cc'
+ '969f588e9da5991e7f17dddf69ae59424b05fa16'
+ '2a23c55d081bed74ac8dd99541a93d312cc72b64')
prepare() {
cd tiff-${pkgver}
@@ -35,6 +39,9 @@
patch -p1 -i "${srcdir}/tiff-4.0.3-CVE-2013-1960.patch"
patch -p1 -i "${srcdir}/tiff-4.0.3-CVE-2013-1961.patch"
patch -p1 -i "${srcdir}/tiff-4.0.3-libjpeg-turbo.patch"
+ cd tools
+ patch -p0 -i "${srcdir}/tiff-4.0.3-CVE-2013-4231.patch"
+ patch -p0 -i "${srcdir}/tiff-4.0.3-CVE-2013-4232.patch"
}
build() {
Added: tiff-4.0.3-CVE-2013-4231.patch
===================================================================
--- tiff-4.0.3-CVE-2013-4231.patch (rev 0)
+++ tiff-4.0.3-CVE-2013-4231.patch 2013-08-22 21:10:48 UTC (rev 193539)
@@ -0,0 +1,18 @@
+Index: gif2tiff.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/tools/gif2tiff.c,v
+retrieving revision 1.12
+diff -u -r1.12 gif2tiff.c
+--- gif2tiff.c 15 Dec 2010 00:22:44 -0000 1.12
++++ gif2tiff.c 13 Aug 2013 08:25:38 -0000
+@@ -333,6 +333,10 @@
+ int status = 1;
+
+ datasize = getc(infile);
++
++ if (datasize > 12)
++ return 0;
++
+ clear = 1 << datasize;
+ eoi = clear + 1;
+ avail = clear + 2;
Added: tiff-4.0.3-CVE-2013-4232.patch
===================================================================
--- tiff-4.0.3-CVE-2013-4232.patch (rev 0)
+++ tiff-4.0.3-CVE-2013-4232.patch 2013-08-22 21:10:48 UTC (rev 193539)
@@ -0,0 +1,15 @@
+Index: tiff2pdf.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v
+retrieving revision 1.71
+diff -u -r1.71 tiff2pdf.c
+--- tiff2pdf.c 2 May 2013 14:54:08 -0000 1.71
++++ tiff2pdf.c 13 Aug 2013 04:45:40 -0000
+@@ -2462,6 +2462,7 @@
+ TIFFFileName(input));
+ t2p->t2p_error = T2P_ERR_ERROR;
+ _TIFFfree(buffer);
++ return(0);
+ } else {
+ buffer=samplebuffer;
+ t2p->tiff_datasize *= t2p->tiff_samplesperpixel;
More information about the arch-commits
mailing list