main/tiff: security fix (CVE-2012-3401)

fixes #1329

2 files changed, 15 insertions, 2 deletions

diff --git a/main/tiff/APKBUILD b/main/tiff/APKBUILD
index 6822a2f595..fe21fd3648 100644
--- a/main/tiff/APKBUILD
+++ b/main/tiff/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Michael Mason <ms13sp@gmail.com>
 pkgname=tiff
 pkgver=3.9.6
-pkgrel=0
+pkgrel=1
 pkgdesc="Provides support for the Tag Image File Format or TIFF"
 url="http://www.libtiff.org/"
 license="GPL"
@@ -12,6 +12,7 @@ makedepends="libtool autoconf automake $depends_dev"
 subpackages="$pkgname-doc $pkgname-dev"
 source="ftp://ftp.remotesensing.org/pub/libtiff/$pkgname-$pkgver.tar.gz
 	libtiff-negsize-3.9.patch
+	CVE-2012-3401.patch
 	"
 	
 _builddir="$srcdir"/$pkgname-$pkgver
@@ -43,4 +44,5 @@ package() {
 }
 
 md5sums="6920f3bf628d791d49f268b83612ed23  tiff-3.9.6.tar.gz
-a0742e7c81551c51438a8d6fa5d68676  libtiff-negsize-3.9.patch"
+a0742e7c81551c51438a8d6fa5d68676  libtiff-negsize-3.9.patch
+8c862de25b906d3fcefce2fb06c7b604  CVE-2012-3401.patch"
diff --git a/main/tiff/CVE-2012-3401.patch b/main/tiff/CVE-2012-3401.patch
new file mode 100644
index 0000000000..847bd0d138
--- /dev/null
+++ b/main/tiff/CVE-2012-3401.patch
@@ -0,0 +1,11 @@
+diff -Naur tiff-4.0.2.orig/tools/tiff2pdf.c tiff-4.0.2/tools/tiff2pdf.c
+--- tiff-4.0.2.orig/tools/tiff2pdf.c	2012-06-15 17:51:54.000000000 -0400
++++ tiff-4.0.2/tools/tiff2pdf.c	2012-07-05 13:34:36.569691068 -0400
+@@ -1066,6 +1066,7 @@
+ 				"Can't set directory %u of input file %s", 
+ 				i,
+ 				TIFFFileName(input));
++			t2p->t2p_error = T2P_ERR_ERROR;
+ 			return;
+ 		}
+ 		if(TIFFGetField(input, TIFFTAG_PAGENUMBER, &pagen, &paged)){