From cd3a7514e340084f017101da89b5326147c44b2d Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Wed, 6 Nov 2013 10:09:37 +0000
Subject: main/tiff: fix CVE-2013-4231, CVE-2013-4232

---
 main/tiff/APKBUILD                       | 18 +++++++++++++-----
 main/tiff/tiff-4.0.3-CVE-2013-4231.patch | 16 ++++++++++++++++
 main/tiff/tiff-4.0.3-CVE-2013-4232.patch | 13 +++++++++++++
 3 files changed, 42 insertions(+), 5 deletions(-)
 create mode 100644 main/tiff/tiff-4.0.3-CVE-2013-4231.patch
 create mode 100644 main/tiff/tiff-4.0.3-CVE-2013-4232.patch

diff --git a/main/tiff/APKBUILD b/main/tiff/APKBUILD
index 7244a35a36..a181f00c8d 100644
--- a/main/tiff/APKBUILD
+++ b/main/tiff/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Michael Mason <ms13sp@gmail.com>
 pkgname=tiff
 pkgver=4.0.3
-pkgrel=1
+pkgrel=2
 pkgdesc="Provides support for the Tag Image File Format or TIFF"
 url="http://www.libtiff.org/"
 arch="all"
@@ -16,8 +16,10 @@ source="ftp://ftp.remotesensing.org/pub/libtiff/$pkgname-$pkgver.tar.gz
 	libtiff-CVE-2012-4564.patch
 	libtiff-CVE-2013-1960.patch
 	libtiff-CVE-2013-1961.patch
+	tiff-4.0.3-CVE-2013-4231.patch
+	tiff-4.0.3-CVE-2013-4232.patch
 	"
-	
+
 _builddir="$srcdir"/$pkgname-$pkgver
 
 prepare() {
@@ -62,14 +64,20 @@ md5sums="051c1068e6a0627f461948c365290410  tiff-4.0.3.tar.gz
 71bbe3b51f8a4e3a26cbf0af63588e4a  libtiff-CVE-2012-4447.patch
 a4b9f293f706b5668df62833cf0b56d2  libtiff-CVE-2012-4564.patch
 e9de577a81571ab8ffac84aac8c64381  libtiff-CVE-2013-1960.patch
-e484981da6d2366a30a89dc0217c115a  libtiff-CVE-2013-1961.patch"
+e484981da6d2366a30a89dc0217c115a  libtiff-CVE-2013-1961.patch
+fd604fe47922cbb0c271f84b2fe7f119  tiff-4.0.3-CVE-2013-4231.patch
+cea05bfff32ed3982980320cc0e16bbb  tiff-4.0.3-CVE-2013-4232.patch"
 sha256sums="ea1aebe282319537fb2d4d7805f478dd4e0e05c33d0928baba76a7c963684872  tiff-4.0.3.tar.gz
 917187494cd3f80929e4919951637683aaccd98ffa23a6f1f97e49f6db85baa9  libtiff-CVE-2012-4447.patch
 0ef1f4055930c8b38246a4f6ed66e393bb2f2a3d5238f5c5f5d57d1f4b230d3e  libtiff-CVE-2012-4564.patch
 688e577d3266b1cd7df5321b5e63fed82d088407a447a022eea2188d643b5a5b  libtiff-CVE-2013-1960.patch
-2f0a1cf4826416d248ff5288db7702b80245d02c624c415836053a762c1e3fd4  libtiff-CVE-2013-1961.patch"
+2f0a1cf4826416d248ff5288db7702b80245d02c624c415836053a762c1e3fd4  libtiff-CVE-2013-1961.patch
+3c9c56f83fec5c6be3f69feb2b457d0706ad52c424ed2c9e830d48367446971d  tiff-4.0.3-CVE-2013-4231.patch
+772d9ab61e94b9ef40e1446c31a373e52b5345f8c1d18438d52bf8d4f4f008ff  tiff-4.0.3-CVE-2013-4232.patch"
 sha512sums="d80e18b00e9e696a30b954c0d92e5f2f773fd9a7a0a944cf6cabb69c1798e671506580daa1cd2ebf493ae922000170c2491dfc6d4c0a9cd0b865684070595a73  tiff-4.0.3.tar.gz
 1377b675cfbeffbe810518053fb2e683f889cf1274d0b1adc6060beb9ef70dcd504038b02d569d08bf497511b99ea9c237e581b4a66676d0a69370b78c98736b  libtiff-CVE-2012-4447.patch
 d8e9ffaefd9ce9f38c117faa6368fd858422b870d1afa3e9ce7b05218f35c29a84e23a1da00879aedade4c1d1d578c06be08aa51ed4e2e7d2a3ca819614be8e8  libtiff-CVE-2012-4564.patch
 db160c93453db8f4b611028bca48622eebfa54b320b780b7491bdc9c3385d227928a7e9016073a64cdd85388284aa2bb0f0af04daa235d45cdb28e4e6fcf82fa  libtiff-CVE-2013-1960.patch
-c9870c7b85d2a3c666e2c9f932c815a1b4c9fb0bf2485c7cfff3ab3435222214fa7900adc0ded0f49866f28db2124121012bac7186b675955613fa983dbf45d7  libtiff-CVE-2013-1961.patch"
+c9870c7b85d2a3c666e2c9f932c815a1b4c9fb0bf2485c7cfff3ab3435222214fa7900adc0ded0f49866f28db2124121012bac7186b675955613fa983dbf45d7  libtiff-CVE-2013-1961.patch
+077dc58b99d6ab2689cfde9d427a719692758aab971a0e6c3edbab1688be6e5078705f251c8aa50b74182cf4d230f38eaa35308388958a319204ca60a30b578f  tiff-4.0.3-CVE-2013-4231.patch
+2b384beeeed9717593a223427ec4a7ff7ec438cc8040e747b63fa1ef411008e3702bbb7dabf95dee605b88d72ef1fd50c6e496942630e4742687540855f4b612  tiff-4.0.3-CVE-2013-4232.patch"
diff --git a/main/tiff/tiff-4.0.3-CVE-2013-4231.patch b/main/tiff/tiff-4.0.3-CVE-2013-4231.patch
new file mode 100644
index 0000000000..f754c3a02f
--- /dev/null
+++ b/main/tiff/tiff-4.0.3-CVE-2013-4231.patch
@@ -0,0 +1,16 @@
+http://pkgs.fedoraproject.org/cgit/libtiff.git/plain/libtiff-CVE-2013-4231.patch
+http://bugs.gentoo.org/480466
+
+--- a/tools/gif2tiff.c
++++ b/tools/gif2tiff.c
+@@ -333,6 +333,10 @@ readraster(void)
+     int status = 1;
+ 
+     datasize = getc(infile);
++
++    if (datasize > 12)
++        return 0;
++
+     clear = 1 << datasize;
+     eoi = clear + 1;
+     avail = clear + 2;
diff --git a/main/tiff/tiff-4.0.3-CVE-2013-4232.patch b/main/tiff/tiff-4.0.3-CVE-2013-4232.patch
new file mode 100644
index 0000000000..1cef664d05
--- /dev/null
+++ b/main/tiff/tiff-4.0.3-CVE-2013-4232.patch
@@ -0,0 +1,13 @@
+http://pkgs.fedoraproject.org/cgit/libtiff.git/plain/libtiff-CVE-2013-4232.patch
+http://bugs.gentoo.org/480466
+
+--- a/tools/tiff2pdf.c
++++ b/tools/tiff2pdf.c
+@@ -2462,6 +2462,7 @@ tsize_t t2p_readwrite_pdf_image(T2P* t2p, TIFF* input, TIFF* output){
+ 					TIFFFileName(input));
+ 				t2p->t2p_error = T2P_ERR_ERROR;
+ 			  _TIFFfree(buffer);
++			  return(0);
+ 			} else {
+ 				buffer=samplebuffer;
+ 				t2p->tiff_datasize *= t2p->tiff_samplesperpixel;
-- 
cgit v1.2.3