aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--main/tiff/APKBUILD18
-rw-r--r--main/tiff/tiff-4.0.3-CVE-2013-4231.patch16
-rw-r--r--main/tiff/tiff-4.0.3-CVE-2013-4232.patch13
3 files changed, 42 insertions, 5 deletions
diff --git a/main/tiff/APKBUILD b/main/tiff/APKBUILD
index 7244a35a36..a181f00c8d 100644
--- a/main/tiff/APKBUILD
+++ b/main/tiff/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Michael Mason <ms13sp@gmail.com>
pkgname=tiff
pkgver=4.0.3
-pkgrel=1
+pkgrel=2
pkgdesc="Provides support for the Tag Image File Format or TIFF"
url="http://www.libtiff.org/"
arch="all"
@@ -16,8 +16,10 @@ source="ftp://ftp.remotesensing.org/pub/libtiff/$pkgname-$pkgver.tar.gz
libtiff-CVE-2012-4564.patch
libtiff-CVE-2013-1960.patch
libtiff-CVE-2013-1961.patch
+ tiff-4.0.3-CVE-2013-4231.patch
+ tiff-4.0.3-CVE-2013-4232.patch
"
-
+
_builddir="$srcdir"/$pkgname-$pkgver
prepare() {
@@ -62,14 +64,20 @@ md5sums="051c1068e6a0627f461948c365290410 tiff-4.0.3.tar.gz
71bbe3b51f8a4e3a26cbf0af63588e4a libtiff-CVE-2012-4447.patch
a4b9f293f706b5668df62833cf0b56d2 libtiff-CVE-2012-4564.patch
e9de577a81571ab8ffac84aac8c64381 libtiff-CVE-2013-1960.patch
-e484981da6d2366a30a89dc0217c115a libtiff-CVE-2013-1961.patch"
+e484981da6d2366a30a89dc0217c115a libtiff-CVE-2013-1961.patch
+fd604fe47922cbb0c271f84b2fe7f119 tiff-4.0.3-CVE-2013-4231.patch
+cea05bfff32ed3982980320cc0e16bbb tiff-4.0.3-CVE-2013-4232.patch"
sha256sums="ea1aebe282319537fb2d4d7805f478dd4e0e05c33d0928baba76a7c963684872 tiff-4.0.3.tar.gz
917187494cd3f80929e4919951637683aaccd98ffa23a6f1f97e49f6db85baa9 libtiff-CVE-2012-4447.patch
0ef1f4055930c8b38246a4f6ed66e393bb2f2a3d5238f5c5f5d57d1f4b230d3e libtiff-CVE-2012-4564.patch
688e577d3266b1cd7df5321b5e63fed82d088407a447a022eea2188d643b5a5b libtiff-CVE-2013-1960.patch
-2f0a1cf4826416d248ff5288db7702b80245d02c624c415836053a762c1e3fd4 libtiff-CVE-2013-1961.patch"
+2f0a1cf4826416d248ff5288db7702b80245d02c624c415836053a762c1e3fd4 libtiff-CVE-2013-1961.patch
+3c9c56f83fec5c6be3f69feb2b457d0706ad52c424ed2c9e830d48367446971d tiff-4.0.3-CVE-2013-4231.patch
+772d9ab61e94b9ef40e1446c31a373e52b5345f8c1d18438d52bf8d4f4f008ff tiff-4.0.3-CVE-2013-4232.patch"
sha512sums="d80e18b00e9e696a30b954c0d92e5f2f773fd9a7a0a944cf6cabb69c1798e671506580daa1cd2ebf493ae922000170c2491dfc6d4c0a9cd0b865684070595a73 tiff-4.0.3.tar.gz
1377b675cfbeffbe810518053fb2e683f889cf1274d0b1adc6060beb9ef70dcd504038b02d569d08bf497511b99ea9c237e581b4a66676d0a69370b78c98736b libtiff-CVE-2012-4447.patch
d8e9ffaefd9ce9f38c117faa6368fd858422b870d1afa3e9ce7b05218f35c29a84e23a1da00879aedade4c1d1d578c06be08aa51ed4e2e7d2a3ca819614be8e8 libtiff-CVE-2012-4564.patch
db160c93453db8f4b611028bca48622eebfa54b320b780b7491bdc9c3385d227928a7e9016073a64cdd85388284aa2bb0f0af04daa235d45cdb28e4e6fcf82fa libtiff-CVE-2013-1960.patch
-c9870c7b85d2a3c666e2c9f932c815a1b4c9fb0bf2485c7cfff3ab3435222214fa7900adc0ded0f49866f28db2124121012bac7186b675955613fa983dbf45d7 libtiff-CVE-2013-1961.patch"
+c9870c7b85d2a3c666e2c9f932c815a1b4c9fb0bf2485c7cfff3ab3435222214fa7900adc0ded0f49866f28db2124121012bac7186b675955613fa983dbf45d7 libtiff-CVE-2013-1961.patch
+077dc58b99d6ab2689cfde9d427a719692758aab971a0e6c3edbab1688be6e5078705f251c8aa50b74182cf4d230f38eaa35308388958a319204ca60a30b578f tiff-4.0.3-CVE-2013-4231.patch
+2b384beeeed9717593a223427ec4a7ff7ec438cc8040e747b63fa1ef411008e3702bbb7dabf95dee605b88d72ef1fd50c6e496942630e4742687540855f4b612 tiff-4.0.3-CVE-2013-4232.patch"
diff --git a/main/tiff/tiff-4.0.3-CVE-2013-4231.patch b/main/tiff/tiff-4.0.3-CVE-2013-4231.patch
new file mode 100644
index 0000000000..f754c3a02f
--- /dev/null
+++ b/main/tiff/tiff-4.0.3-CVE-2013-4231.patch
@@ -0,0 +1,16 @@
+http://pkgs.fedoraproject.org/cgit/libtiff.git/plain/libtiff-CVE-2013-4231.patch
+http://bugs.gentoo.org/480466
+
+--- a/tools/gif2tiff.c
++++ b/tools/gif2tiff.c
+@@ -333,6 +333,10 @@ readraster(void)
+ int status = 1;
+
+ datasize = getc(infile);
++
++ if (datasize > 12)
++ return 0;
++
+ clear = 1 << datasize;
+ eoi = clear + 1;
+ avail = clear + 2;
diff --git a/main/tiff/tiff-4.0.3-CVE-2013-4232.patch b/main/tiff/tiff-4.0.3-CVE-2013-4232.patch
new file mode 100644
index 0000000000..1cef664d05
--- /dev/null
+++ b/main/tiff/tiff-4.0.3-CVE-2013-4232.patch
@@ -0,0 +1,13 @@
+http://pkgs.fedoraproject.org/cgit/libtiff.git/plain/libtiff-CVE-2013-4232.patch
+http://bugs.gentoo.org/480466
+
+--- a/tools/tiff2pdf.c
++++ b/tools/tiff2pdf.c
+@@ -2462,6 +2462,7 @@ tsize_t t2p_readwrite_pdf_image(T2P* t2p, TIFF* input, TIFF* output){
+ TIFFFileName(input));
+ t2p->t2p_error = T2P_ERR_ERROR;
+ _TIFFfree(buffer);
++ return(0);
+ } else {
+ buffer=samplebuffer;
+ t2p->tiff_datasize *= t2p->tiff_samplesperpixel;