[arch-commits] Commit in libtiff/trunk (PKGBUILD libtiff-CVE-2013-4244.patch)
Eric Bélanger
eric at nymeria.archlinux.org
Wed Oct 23 23:16:55 UTC 2013
Date: Thursday, October 24, 2013 @ 01:16:55
Author: eric
Revision: 197203
upgpkg: libtiff 4.0.3-4
Add security patch (close FS#37462)
Added:
libtiff/trunk/libtiff-CVE-2013-4244.patch
Modified:
libtiff/trunk/PKGBUILD
-----------------------------+
PKGBUILD | 10 +++++++---
libtiff-CVE-2013-4244.patch | 15 +++++++++++++++
2 files changed, 22 insertions(+), 3 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2013-10-23 20:31:32 UTC (rev 197202)
+++ PKGBUILD 2013-10-23 23:16:55 UTC (rev 197203)
@@ -3,7 +3,7 @@
pkgname=libtiff
pkgver=4.0.3
-pkgrel=3
+pkgrel=4
pkgdesc="Library for manipulation of TIFF images"
arch=('i686' 'x86_64')
url="http://www.remotesensing.org/libtiff/"
@@ -20,7 +20,8 @@
tiff-4.0.3-libjpeg-turbo.patch
tiff-4.0.3-tiff2pdf-colors.patch
tiff-4.0.3-CVE-2013-4231.patch
- tiff-4.0.3-CVE-2013-4232.patch)
+ tiff-4.0.3-CVE-2013-4232.patch
+ libtiff-CVE-2013-4244.patch)
sha1sums=('652e97b78f1444237a82cbcfe014310e776eb6f0'
'41be661638282dae0d07bd2788414cb6650f8981'
'6cb3d480908132335c05c769b5a51f951413725d'
@@ -29,7 +30,8 @@
'02d57835df50d3f84587571ec52b36f5af838de2'
'23443ad0bc130d70860b6cc6d19b69584ae7a6cc'
'969f588e9da5991e7f17dddf69ae59424b05fa16'
- '2a23c55d081bed74ac8dd99541a93d312cc72b64')
+ '2a23c55d081bed74ac8dd99541a93d312cc72b64'
+ '01c6792ba2470493da4d990edae8de6c13bd4670')
prepare() {
cd tiff-${pkgver}
@@ -39,9 +41,11 @@
patch -p1 -i "${srcdir}/tiff-4.0.3-CVE-2013-1960.patch"
patch -p1 -i "${srcdir}/tiff-4.0.3-CVE-2013-1961.patch"
patch -p1 -i "${srcdir}/tiff-4.0.3-libjpeg-turbo.patch"
+ patch -p1 -i "${srcdir}/libtiff-CVE-2013-4244.patch"
cd tools
patch -p0 -i "${srcdir}/tiff-4.0.3-CVE-2013-4231.patch"
patch -p0 -i "${srcdir}/tiff-4.0.3-CVE-2013-4232.patch"
+
}
build() {
Added: libtiff-CVE-2013-4244.patch
===================================================================
--- libtiff-CVE-2013-4244.patch (rev 0)
+++ libtiff-CVE-2013-4244.patch 2013-10-23 23:16:55 UTC (rev 197203)
@@ -0,0 +1,15 @@
+diff --git a/tools/gif2tiff.c b/tools/gif2tiff.c
+index 375b152..2731273 100644
+--- a/tools/gif2tiff.c
++++ b/tools/gif2tiff.c
+@@ -402,6 +402,10 @@ process(register int code, unsigned char** fill)
+ }
+
+ if (oldcode == -1) {
++ if (code >= clear) {
++ fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear);
++ return 0;
++ }
+ *(*fill)++ = suffix[code];
+ firstchar = oldcode = code;
+ return 1;
More information about the arch-commits
mailing list