[arch-commits] Commit in libtiff/trunk (3 files)
Date: Thursday, August 22, 2013 @ 23:10:48 Author: eric Revision: 193539 upgpkg: libtiff 4.0.3-3 Add security patches (close FS#36635) Added: libtiff/trunk/tiff-4.0.3-CVE-2013-4231.patch libtiff/trunk/tiff-4.0.3-CVE-2013-4232.patch Modified: libtiff/trunk/PKGBUILD + PKGBUILD | 13 ++--- tiff-4.0.3-CVE-2013-4231.patch | 18 ++ tiff-4.0.3-CVE-2013-4232.patch | 15 +++ 3 files changed, 43 insertions(+), 3 deletions(-) Modified: PKGBUILD === --- PKGBUILD2013-08-22 18:43:53 UTC (rev 193538) +++ PKGBUILD2013-08-22 21:10:48 UTC (rev 193539) @@ -3,7 +3,7 @@ pkgname=libtiff pkgver=4.0.3 -pkgrel=2 +pkgrel=3 pkgdesc="Library for manipulation of TIFF images" arch=('i686' 'x86_64') url="http://www.remotesensing.org/libtiff/"; @@ -18,14 +18,18 @@ tiff-4.0.3-CVE-2013-1960.patch tiff-4.0.3-CVE-2013-1961.patch tiff-4.0.3-libjpeg-turbo.patch - tiff-4.0.3-tiff2pdf-colors.patch) + tiff-4.0.3-tiff2pdf-colors.patch + tiff-4.0.3-CVE-2013-4231.patch + tiff-4.0.3-CVE-2013-4232.patch) sha1sums=('652e97b78f1444237a82cbcfe014310e776eb6f0' '41be661638282dae0d07bd2788414cb6650f8981' '6cb3d480908132335c05c769b5a51f951413725d' '5903355afdd0bb27ea3746339e2196720f9fac9d' '29a91870cca5d4cd9ca1c464f8074088eddc3fb8' '02d57835df50d3f84587571ec52b36f5af838de2' - '23443ad0bc130d70860b6cc6d19b69584ae7a6cc') + '23443ad0bc130d70860b6cc6d19b69584ae7a6cc' + '969f588e9da5991e7f17dddf69ae59424b05fa16' + '2a23c55d081bed74ac8dd99541a93d312cc72b64') prepare() { cd tiff-${pkgver} @@ -35,6 +39,9 @@ patch -p1 -i "${srcdir}/tiff-4.0.3-CVE-2013-1960.patch" patch -p1 -i "${srcdir}/tiff-4.0.3-CVE-2013-1961.patch" patch -p1 -i "${srcdir}/tiff-4.0.3-libjpeg-turbo.patch" + cd tools + patch -p0 -i "${srcdir}/tiff-4.0.3-CVE-2013-4231.patch" + patch -p0 -i "${srcdir}/tiff-4.0.3-CVE-2013-4232.patch" } build() { Added: tiff-4.0.3-CVE-2013-4231.patch === --- tiff-4.0.3-CVE-2013-4231.patch (rev 0) +++ tiff-4.0.3-CVE-2013-4231.patch 2013-08-22 21:10:48 UTC (rev 193539) @@ -0,0 +1,18 @@ +Index: gif2tiff.c +=== +RCS file: /cvs/maptools/cvsroot/libtiff/tools/gif2tiff.c,v +retrieving revision 1.12 +diff -u -r1.12 gif2tiff.c +--- gif2tiff.c 15 Dec 2010 00:22:44 - 1.12 gif2tiff.c 13 Aug 2013 08:25:38 - +@@ -333,6 +333,10 @@ + int status = 1; + + datasize = getc(infile); ++ ++if (datasize > 12) ++return 0; ++ + clear = 1 << datasize; + eoi = clear + 1; + avail = clear + 2; Added: tiff-4.0.3-CVE-2013-4232.patch === --- tiff-4.0.3-CVE-2013-4232.patch (rev 0) +++ tiff-4.0.3-CVE-2013-4232.patch 2013-08-22 21:10:48 UTC (rev 193539) @@ -0,0 +1,15 @@ +Index: tiff2pdf.c +=== +RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v +retrieving revision 1.71 +diff -u -r1.71 tiff2pdf.c +--- tiff2pdf.c 2 May 2013 14:54:08 - 1.71 tiff2pdf.c 13 Aug 2013 04:45:40 - +@@ -2462,6 +2462,7 @@ + TIFFFileName(input)); + t2p->t2p_error = T2P_ERR_ERROR; + _TIFFfree(buffer); ++ return(0); + } else { + buffer=samplebuffer; + t2p->tiff_datasize *= t2p->tiff_samplesperpixel;
[arch-commits] Commit in libtiff/trunk (3 files)
Date: Tuesday, April 12, 2011 @ 10:21:49 Author: eric Revision: 119577 upgpkg: libtiff 3.9.5-1 Upstream update, Removed old patch and ChangeLog Modified: libtiff/trunk/PKGBUILD Deleted: libtiff/trunk/ChangeLog libtiff/trunk/libtiff-CVE-2009-2285.patch -+ ChangeLog | 35 --- PKGBUILD| 21 + libtiff-CVE-2009-2285.patch | 22 -- 3 files changed, 9 insertions(+), 69 deletions(-) Deleted: ChangeLog === --- ChangeLog 2011-04-12 13:37:35 UTC (rev 119576) +++ ChangeLog 2011-04-12 14:21:49 UTC (rev 119577) @@ -1,35 +0,0 @@ -2010-06-20 Eric Belanger - - * libtiff 3.9.4-1 - * Upstream update - -2009-11-05 Eric Belanger - - * libtiff 3.9.2-1 - * Upstream update - -2009-08-28 Eric Belanger - - * libtiff 3.9.1-1 - * Upstream update - -2009-08-26 Eric Belanger - - * libtiff 3.9.0-1 - * Upstream update - * Updated url - * Updated patches - -2009-08-14 Eric Belanger - - * libtiff 3.8.2-6 - * Added security fixes (close FS#15931) - -2008-09-05 Eric Belanger - - * libtiff 3.8.2-4 - * Applied patch to fix buffer underflow in LZW decoding (tiff-3.8.2-CVE-2008-2327.patch) - * Added license - * Added freeglut optdepends - * FHS man pages - * Added ChangeLog Modified: PKGBUILD === --- PKGBUILD2011-04-12 13:37:35 UTC (rev 119576) +++ PKGBUILD2011-04-12 14:21:49 UTC (rev 119577) @@ -1,9 +1,8 @@ # $Id$ -# Maintainer: Eric Belanger -# Contributor: dorphell +# Maintainer: Eric Bélanger pkgname=libtiff -pkgver=3.9.4 +pkgver=3.9.5 pkgrel=1 pkgdesc="Library for manipulation of TIFF images" arch=('i686' 'x86_64') @@ -13,20 +12,18 @@ makedepends=('libgl' 'freeglut' 'libxmu' 'libxi') optdepends=('freeglut: for using tiffgt') options=('!libtool') -source=(ftp://ftp.remotesensing.org/pub/libtiff/tiff-${pkgver}.tar.gz \ -libtiff-CVE-2009-2285.patch) -md5sums=('2006c1bdd12644dbf02956955175afd6' 'ff61077408727a82281f77a94f555e2a') -sha1sums=('a4e32d55afbbcabd0391a9c89995e8e8a19961de' 'eadce8c8bd72ea9c74f35300bf299131813b0c8b') +source=(ftp://ftp.remotesensing.org/pub/libtiff/tiff-${pkgver}.tar.gz) +md5sums=('8fc7ce3b4e1d0cc8a319336967815084') +sha1sums=('f40aab20fb2f609b5cbc1171c40b66a1445e3773') build() { cd "${srcdir}/tiff-${pkgver}" - patch -p1 < ../libtiff-CVE-2009-2285.patch || return 1 - ./configure --prefix=/usr --sysconfdir=/etc --mandir=/usr/share/man || return 1 - make || return 1 + ./configure --prefix=/usr + make } package() { cd "${srcdir}/tiff-${pkgver}" - make DESTDIR="${pkgdir}" install || return 1 - install -D -m644 COPYRIGHT "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" || return 1 + make DESTDIR="${pkgdir}" install + install -D -m644 COPYRIGHT "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" } Deleted: libtiff-CVE-2009-2285.patch === --- libtiff-CVE-2009-2285.patch 2011-04-12 13:37:35 UTC (rev 119576) +++ libtiff-CVE-2009-2285.patch 2011-04-12 14:21:49 UTC (rev 119577) @@ -1,22 +0,0 @@ -Index: tiff-3.8.2/libtiff/tif_lzw.c -=== tiff-3.8.2.orig/libtiff/tif_lzw.c -+++ tiff-3.8.2/libtiff/tif_lzw.c -@@ -421,7 +421,7 @@ LZWDecode(TIFF* tif, tidata_t op0, tsize - NextCode(tif, sp, bp, code, GetNextCode); - if (code == CODE_EOI) - break; -- if (code == CODE_CLEAR) { -+ if (code >= CODE_CLEAR) { - TIFFErrorExt(tif->tif_clientdata, tif->tif_name, - "LZWDecode: Corrupted LZW table at scanline %d", - tif->tif_row); -@@ -624,7 +624,7 @@ LZWDecodeCompat(TIFF* tif, tidata_t op0, - NextCode(tif, sp, bp, code, GetNextCodeCompat); - if (code == CODE_EOI) - break; -- if (code == CODE_CLEAR) { -+ if (code >= CODE_CLEAR) { - TIFFErrorExt(tif->tif_clientdata, tif->tif_name, - "LZWDecode: Corrupted LZW table at scanline %d", - tif->tif_row);
[arch-commits] Commit in libtiff/trunk (3 files)
Date: Sunday, June 20, 2010 @ 17:43:27 Author: eric Revision: 83314 upgpkg: libtiff 3.9.4-1 Upstream update Modified: libtiff/trunk/ChangeLog libtiff/trunk/PKGBUILD Deleted: libtiff/trunk/tiff-3.9.0-CVE-2009-2347.patch + ChangeLog |5 + PKGBUILD | 19 ++- tiff-3.9.0-CVE-2009-2347.patch | 29 - 3 files changed, 15 insertions(+), 38 deletions(-) Modified: ChangeLog === --- ChangeLog 2010-06-20 21:17:46 UTC (rev 83313) +++ ChangeLog 2010-06-20 21:43:27 UTC (rev 83314) @@ -1,3 +1,8 @@ +2010-06-20 Eric Belanger + + * libtiff 3.9.4-1 + * Upstream update + 2009-11-05 Eric Belanger * libtiff 3.9.2-1 Modified: PKGBUILD === --- PKGBUILD2010-06-20 21:17:46 UTC (rev 83313) +++ PKGBUILD2010-06-20 21:43:27 UTC (rev 83314) @@ -3,29 +3,30 @@ # Contributor: dorphell pkgname=libtiff -pkgver=3.9.2 -pkgrel=2 +pkgver=3.9.4 +pkgrel=1 pkgdesc="Library for manipulation of TIFF images" arch=('i686' 'x86_64') url="http://www.remotesensing.org/libtiff/"; license=('custom') -depends=('libjpeg>=8' 'zlib') +depends=('libjpeg' 'zlib') makedepends=('libgl' 'freeglut' 'libxmu' 'libxi') optdepends=('freeglut: for using tiffgt') options=('!libtool') source=(ftp://ftp.remotesensing.org/pub/libtiff/tiff-${pkgver}.tar.gz \ -libtiff-CVE-2009-2285.patch tiff-3.9.0-CVE-2009-2347.patch) -md5sums=('93e56e421679c591de7552db13384cb8' 'ff61077408727a82281f77a94f555e2a'\ - '867fa3ec83e748abf247f9706ef13f9a') -sha1sums=('5c054d31e350e53102221b7760c3700cf70b4327' 'eadce8c8bd72ea9c74f35300bf299131813b0c8b'\ - 'cf8b68ed8f218d2429ab296c2033dc0292efe299') +libtiff-CVE-2009-2285.patch) +md5sums=('2006c1bdd12644dbf02956955175afd6' 'ff61077408727a82281f77a94f555e2a') +sha1sums=('a4e32d55afbbcabd0391a9c89995e8e8a19961de' 'eadce8c8bd72ea9c74f35300bf299131813b0c8b') build() { cd "${srcdir}/tiff-${pkgver}" patch -p1 < ../libtiff-CVE-2009-2285.patch || return 1 - patch -p0 < ../tiff-3.9.0-CVE-2009-2347.patch || return 1 ./configure --prefix=/usr --sysconfdir=/etc --mandir=/usr/share/man || return 1 make || return 1 +} + +package() { + cd "${srcdir}/tiff-${pkgver}" make DESTDIR="${pkgdir}" install || return 1 install -D -m644 COPYRIGHT "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" || return 1 } Deleted: tiff-3.9.0-CVE-2009-2347.patch === --- tiff-3.9.0-CVE-2009-2347.patch 2010-06-20 21:17:46 UTC (rev 83313) +++ tiff-3.9.0-CVE-2009-2347.patch 2010-06-20 21:43:27 UTC (rev 83314) @@ -1,29 +0,0 @@ tools/tiff2rgba.c.orig 2009-08-27 00:05:33.0 -0400 -+++ tools/tiff2rgba.c 2009-08-27 00:23:44.0 -0400 -@@ -236,6 +236,7 @@ - uint32 width, height;/* image width & height */ - uint32 row; - uint32 *wrk_line; -+size_t pixel_count; - int ok = 1; - - TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &width); -@@ -251,7 +252,17 @@ - /* - * Allocate strip buffer - */ --raster = (uint32*)_TIFFmalloc(width * rowsperstrip * sizeof (uint32)); -+ pixel_count = width * rowsperstrip; -+ -+/* XXX: Check the integer overflow. */ -+if (!width || !rowsperstrip || pixel_count / width != rowsperstrip) { -+TIFFError(TIFFFileName(in), -+"Malformed input file; can't allocate buffer for raster of %lux%lu size", -+(unsigned long)width, (unsigned long)rowsperstrip); -+return 0; -+} -+ -+ raster = (uint32*)_TIFFCheckMalloc(in, pixel_count, sizeof(uint32), "raster buffer"); - if (raster == 0) { - TIFFError(TIFFFileName(in), "No space for raster buffer"); - return (0);