commit 8bf065c6435c508c02c37506507989539299751f Author: Fredrik Rinnestam <fredrik@crux.nu> Date: Thu Jul 19 19:11:41 2012 +0200 [notify] libtiff: added patch for CVE-2012-3401 diff --git a/libtiff/.md5sum b/libtiff/.md5sum index 93348c1..aed8089 100644 --- a/libtiff/.md5sum +++ b/libtiff/.md5sum @@ -1,3 +1,4 @@ f8f762ce62748d4d39d753823158342b CVE-2012-2088.patch 45e96e9c6f56a16dd3f7d3b7cca61bc5 CVE-2012-2113.patch +8dd6d80daa79d06c3de8e4c375ba5854 CVE-2012-3401.patch 6920f3bf628d791d49f268b83612ed23 tiff-3.9.6.tar.gz diff --git a/libtiff/CVE-2012-3401.patch b/libtiff/CVE-2012-3401.patch new file mode 100644 index 0000000..dd6c6b6 --- /dev/null +++ b/libtiff/CVE-2012-3401.patch @@ -0,0 +1,11 @@ +--- tiff-4.0.2.orig/tools/tiff2pdf.c 2012-06-15 17:51:54.000000000 -0400 ++++ tiff-4.0.2/tools/tiff2pdf.c 2012-07-05 13:34:36.569691068 -0400 +@@ -1066,6 +1066,7 @@ + "Can't set directory %u of input file %s", + i, + TIFFFileName(input)); ++ t2p->t2p_error = T2P_ERR_ERROR; + return; + } + if(TIFFGetField(input, TIFFTAG_PAGENUMBER, &pagen, &paged)){ + diff --git a/libtiff/Pkgfile b/libtiff/Pkgfile index 9ee323c..5fee894 100644 --- a/libtiff/Pkgfile +++ b/libtiff/Pkgfile @@ -5,14 +5,15 @@ name=libtiff version=3.9.6 -release=2 +release=3 source=(http://download.osgeo.org/libtiff/tiff-$version.tar.gz \ - CVE-2012-2088.patch CVE-2012-2113.patch) + CVE-2012-2088.patch CVE-2012-2113.patch CVE-2012-3401.patch) build() { cd tiff-$version patch -p0 -i $SRC/CVE-2012-2088.patch patch -p0 -i $SRC/CVE-2012-2113.patch + patch -p1 -i $SRC/CVE-2012-3401.patch ./configure --prefix=/usr --mandir=/usr/man make make DESTDIR=$PKG install