diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2013-11-06 10:09:37 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-11-06 10:09:37 +0000 |
commit | cd3a7514e340084f017101da89b5326147c44b2d (patch) | |
tree | 8aae721213ff5e9485ba7e2c9d6afc8717545762 | |
parent | 026e461741037e4fb6788848c8b4d9602b6649ad (diff) | |
download | aports-cd3a7514e340084f017101da89b5326147c44b2d.tar.bz2 aports-cd3a7514e340084f017101da89b5326147c44b2d.tar.xz |
main/tiff: fix CVE-2013-4231, CVE-2013-4232
-rw-r--r-- | main/tiff/APKBUILD | 18 | ||||
-rw-r--r-- | main/tiff/tiff-4.0.3-CVE-2013-4231.patch | 16 | ||||
-rw-r--r-- | main/tiff/tiff-4.0.3-CVE-2013-4232.patch | 13 |
3 files changed, 42 insertions, 5 deletions
diff --git a/main/tiff/APKBUILD b/main/tiff/APKBUILD index 7244a35a36..a181f00c8d 100644 --- a/main/tiff/APKBUILD +++ b/main/tiff/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Michael Mason <ms13sp@gmail.com> pkgname=tiff pkgver=4.0.3 -pkgrel=1 +pkgrel=2 pkgdesc="Provides support for the Tag Image File Format or TIFF" url="http://www.libtiff.org/" arch="all" @@ -16,8 +16,10 @@ source="ftp://ftp.remotesensing.org/pub/libtiff/$pkgname-$pkgver.tar.gz libtiff-CVE-2012-4564.patch libtiff-CVE-2013-1960.patch libtiff-CVE-2013-1961.patch + tiff-4.0.3-CVE-2013-4231.patch + tiff-4.0.3-CVE-2013-4232.patch " - + _builddir="$srcdir"/$pkgname-$pkgver prepare() { @@ -62,14 +64,20 @@ md5sums="051c1068e6a0627f461948c365290410 tiff-4.0.3.tar.gz 71bbe3b51f8a4e3a26cbf0af63588e4a libtiff-CVE-2012-4447.patch a4b9f293f706b5668df62833cf0b56d2 libtiff-CVE-2012-4564.patch e9de577a81571ab8ffac84aac8c64381 libtiff-CVE-2013-1960.patch -e484981da6d2366a30a89dc0217c115a libtiff-CVE-2013-1961.patch" +e484981da6d2366a30a89dc0217c115a libtiff-CVE-2013-1961.patch +fd604fe47922cbb0c271f84b2fe7f119 tiff-4.0.3-CVE-2013-4231.patch +cea05bfff32ed3982980320cc0e16bbb tiff-4.0.3-CVE-2013-4232.patch" sha256sums="ea1aebe282319537fb2d4d7805f478dd4e0e05c33d0928baba76a7c963684872 tiff-4.0.3.tar.gz 917187494cd3f80929e4919951637683aaccd98ffa23a6f1f97e49f6db85baa9 libtiff-CVE-2012-4447.patch 0ef1f4055930c8b38246a4f6ed66e393bb2f2a3d5238f5c5f5d57d1f4b230d3e libtiff-CVE-2012-4564.patch 688e577d3266b1cd7df5321b5e63fed82d088407a447a022eea2188d643b5a5b libtiff-CVE-2013-1960.patch -2f0a1cf4826416d248ff5288db7702b80245d02c624c415836053a762c1e3fd4 libtiff-CVE-2013-1961.patch" +2f0a1cf4826416d248ff5288db7702b80245d02c624c415836053a762c1e3fd4 libtiff-CVE-2013-1961.patch +3c9c56f83fec5c6be3f69feb2b457d0706ad52c424ed2c9e830d48367446971d tiff-4.0.3-CVE-2013-4231.patch +772d9ab61e94b9ef40e1446c31a373e52b5345f8c1d18438d52bf8d4f4f008ff tiff-4.0.3-CVE-2013-4232.patch" sha512sums="d80e18b00e9e696a30b954c0d92e5f2f773fd9a7a0a944cf6cabb69c1798e671506580daa1cd2ebf493ae922000170c2491dfc6d4c0a9cd0b865684070595a73 tiff-4.0.3.tar.gz 1377b675cfbeffbe810518053fb2e683f889cf1274d0b1adc6060beb9ef70dcd504038b02d569d08bf497511b99ea9c237e581b4a66676d0a69370b78c98736b libtiff-CVE-2012-4447.patch d8e9ffaefd9ce9f38c117faa6368fd858422b870d1afa3e9ce7b05218f35c29a84e23a1da00879aedade4c1d1d578c06be08aa51ed4e2e7d2a3ca819614be8e8 libtiff-CVE-2012-4564.patch db160c93453db8f4b611028bca48622eebfa54b320b780b7491bdc9c3385d227928a7e9016073a64cdd85388284aa2bb0f0af04daa235d45cdb28e4e6fcf82fa libtiff-CVE-2013-1960.patch -c9870c7b85d2a3c666e2c9f932c815a1b4c9fb0bf2485c7cfff3ab3435222214fa7900adc0ded0f49866f28db2124121012bac7186b675955613fa983dbf45d7 libtiff-CVE-2013-1961.patch" +c9870c7b85d2a3c666e2c9f932c815a1b4c9fb0bf2485c7cfff3ab3435222214fa7900adc0ded0f49866f28db2124121012bac7186b675955613fa983dbf45d7 libtiff-CVE-2013-1961.patch +077dc58b99d6ab2689cfde9d427a719692758aab971a0e6c3edbab1688be6e5078705f251c8aa50b74182cf4d230f38eaa35308388958a319204ca60a30b578f tiff-4.0.3-CVE-2013-4231.patch +2b384beeeed9717593a223427ec4a7ff7ec438cc8040e747b63fa1ef411008e3702bbb7dabf95dee605b88d72ef1fd50c6e496942630e4742687540855f4b612 tiff-4.0.3-CVE-2013-4232.patch" diff --git a/main/tiff/tiff-4.0.3-CVE-2013-4231.patch b/main/tiff/tiff-4.0.3-CVE-2013-4231.patch new file mode 100644 index 0000000000..f754c3a02f --- /dev/null +++ b/main/tiff/tiff-4.0.3-CVE-2013-4231.patch @@ -0,0 +1,16 @@ +http://pkgs.fedoraproject.org/cgit/libtiff.git/plain/libtiff-CVE-2013-4231.patch +http://bugs.gentoo.org/480466 + +--- a/tools/gif2tiff.c ++++ b/tools/gif2tiff.c +@@ -333,6 +333,10 @@ readraster(void) + int status = 1; + + datasize = getc(infile); ++ ++ if (datasize > 12) ++ return 0; ++ + clear = 1 << datasize; + eoi = clear + 1; + avail = clear + 2; diff --git a/main/tiff/tiff-4.0.3-CVE-2013-4232.patch b/main/tiff/tiff-4.0.3-CVE-2013-4232.patch new file mode 100644 index 0000000000..1cef664d05 --- /dev/null +++ b/main/tiff/tiff-4.0.3-CVE-2013-4232.patch @@ -0,0 +1,13 @@ +http://pkgs.fedoraproject.org/cgit/libtiff.git/plain/libtiff-CVE-2013-4232.patch +http://bugs.gentoo.org/480466 + +--- a/tools/tiff2pdf.c ++++ b/tools/tiff2pdf.c +@@ -2462,6 +2462,7 @@ tsize_t t2p_readwrite_pdf_image(T2P* t2p, TIFF* input, TIFF* output){ + TIFFFileName(input)); + t2p->t2p_error = T2P_ERR_ERROR; + _TIFFfree(buffer); ++ return(0); + } else { + buffer=samplebuffer; + t2p->tiff_datasize *= t2p->tiff_samplesperpixel; |