[arch-commits] Commit in libtiff/trunk (PKGBUILD libtiff-CVE-2013-4244.patch)

Eric Bélanger eric at nymeria.archlinux.org
Wed Oct 23 23:16:55 UTC 2013 

    Date: Thursday, October 24, 2013 @ 01:16:55
  Author: eric
Revision: 197203

upgpkg: libtiff 4.0.3-4

Add security patch (close FS#37462)

Added:
  libtiff/trunk/libtiff-CVE-2013-4244.patch
Modified:
  libtiff/trunk/PKGBUILD

-----------------------------+
 PKGBUILD                    |   10 +++++++---
 libtiff-CVE-2013-4244.patch |   15 +++++++++++++++
 2 files changed, 22 insertions(+), 3 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2013-10-23 20:31:32 UTC (rev 197202)
+++ PKGBUILD	2013-10-23 23:16:55 UTC (rev 197203)
@@ -3,7 +3,7 @@
 
 pkgname=libtiff
 pkgver=4.0.3
-pkgrel=3
+pkgrel=4
 pkgdesc="Library for manipulation of TIFF images"
 arch=('i686' 'x86_64')
 url="http://www.remotesensing.org/libtiff/"
@@ -20,7 +20,8 @@
 	tiff-4.0.3-libjpeg-turbo.patch
 	tiff-4.0.3-tiff2pdf-colors.patch
 	tiff-4.0.3-CVE-2013-4231.patch
-	tiff-4.0.3-CVE-2013-4232.patch)
+	tiff-4.0.3-CVE-2013-4232.patch
+	libtiff-CVE-2013-4244.patch)
 sha1sums=('652e97b78f1444237a82cbcfe014310e776eb6f0'
           '41be661638282dae0d07bd2788414cb6650f8981'
           '6cb3d480908132335c05c769b5a51f951413725d'
@@ -29,7 +30,8 @@
           '02d57835df50d3f84587571ec52b36f5af838de2'
           '23443ad0bc130d70860b6cc6d19b69584ae7a6cc'
           '969f588e9da5991e7f17dddf69ae59424b05fa16'
-          '2a23c55d081bed74ac8dd99541a93d312cc72b64')
+          '2a23c55d081bed74ac8dd99541a93d312cc72b64'
+          '01c6792ba2470493da4d990edae8de6c13bd4670')
 
 prepare() {
   cd tiff-${pkgver}
@@ -39,9 +41,11 @@
   patch -p1 -i "${srcdir}/tiff-4.0.3-CVE-2013-1960.patch"
   patch -p1 -i "${srcdir}/tiff-4.0.3-CVE-2013-1961.patch"
   patch -p1 -i "${srcdir}/tiff-4.0.3-libjpeg-turbo.patch"
+  patch -p1 -i "${srcdir}/libtiff-CVE-2013-4244.patch"
   cd tools
   patch -p0 -i "${srcdir}/tiff-4.0.3-CVE-2013-4231.patch"
   patch -p0 -i "${srcdir}/tiff-4.0.3-CVE-2013-4232.patch"
+
 }
 
 build() {

Added: libtiff-CVE-2013-4244.patch
===================================================================
--- libtiff-CVE-2013-4244.patch	                        (rev 0)
+++ libtiff-CVE-2013-4244.patch	2013-10-23 23:16:55 UTC (rev 197203)
@@ -0,0 +1,15 @@
+diff --git a/tools/gif2tiff.c b/tools/gif2tiff.c
+index 375b152..2731273 100644
+--- a/tools/gif2tiff.c
++++ b/tools/gif2tiff.c
+@@ -402,6 +402,10 @@ process(register int code, unsigned char** fill)
+     }
+ 
+     if (oldcode == -1) {
++        if (code >= clear) {
++            fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear);
++            return 0;
++        }
+ 	*(*fill)++ = suffix[code];
+ 	firstchar = oldcode = code;
+ 	return 1;

More information about the arch-commits mailing list