[arch-commits] Commit in libtiff/trunk (3 files)
Date: Thursday, August 22, 2013 @ 23:10:48
Author: eric
Revision: 193539
upgpkg: libtiff 4.0.3-3
Add security patches (close FS#36635)
Added:
libtiff/trunk/tiff-4.0.3-CVE-2013-4231.patch
libtiff/trunk/tiff-4.0.3-CVE-2013-4232.patch
Modified:
libtiff/trunk/PKGBUILD
+
PKGBUILD | 13 ++---
tiff-4.0.3-CVE-2013-4231.patch | 18 ++
tiff-4.0.3-CVE-2013-4232.patch | 15 +++
3 files changed, 43 insertions(+), 3 deletions(-)
Modified: PKGBUILD
===
--- PKGBUILD2013-08-22 18:43:53 UTC (rev 193538)
+++ PKGBUILD2013-08-22 21:10:48 UTC (rev 193539)
@@ -3,7 +3,7 @@
pkgname=libtiff
pkgver=4.0.3
-pkgrel=2
+pkgrel=3
pkgdesc="Library for manipulation of TIFF images"
arch=('i686' 'x86_64')
url="http://www.remotesensing.org/libtiff/";
@@ -18,14 +18,18 @@
tiff-4.0.3-CVE-2013-1960.patch
tiff-4.0.3-CVE-2013-1961.patch
tiff-4.0.3-libjpeg-turbo.patch
- tiff-4.0.3-tiff2pdf-colors.patch)
+ tiff-4.0.3-tiff2pdf-colors.patch
+ tiff-4.0.3-CVE-2013-4231.patch
+ tiff-4.0.3-CVE-2013-4232.patch)
sha1sums=('652e97b78f1444237a82cbcfe014310e776eb6f0'
'41be661638282dae0d07bd2788414cb6650f8981'
'6cb3d480908132335c05c769b5a51f951413725d'
'5903355afdd0bb27ea3746339e2196720f9fac9d'
'29a91870cca5d4cd9ca1c464f8074088eddc3fb8'
'02d57835df50d3f84587571ec52b36f5af838de2'
- '23443ad0bc130d70860b6cc6d19b69584ae7a6cc')
+ '23443ad0bc130d70860b6cc6d19b69584ae7a6cc'
+ '969f588e9da5991e7f17dddf69ae59424b05fa16'
+ '2a23c55d081bed74ac8dd99541a93d312cc72b64')
prepare() {
cd tiff-${pkgver}
@@ -35,6 +39,9 @@
patch -p1 -i "${srcdir}/tiff-4.0.3-CVE-2013-1960.patch"
patch -p1 -i "${srcdir}/tiff-4.0.3-CVE-2013-1961.patch"
patch -p1 -i "${srcdir}/tiff-4.0.3-libjpeg-turbo.patch"
+ cd tools
+ patch -p0 -i "${srcdir}/tiff-4.0.3-CVE-2013-4231.patch"
+ patch -p0 -i "${srcdir}/tiff-4.0.3-CVE-2013-4232.patch"
}
build() {
Added: tiff-4.0.3-CVE-2013-4231.patch
===
--- tiff-4.0.3-CVE-2013-4231.patch (rev 0)
+++ tiff-4.0.3-CVE-2013-4231.patch 2013-08-22 21:10:48 UTC (rev 193539)
@@ -0,0 +1,18 @@
+Index: gif2tiff.c
+===
+RCS file: /cvs/maptools/cvsroot/libtiff/tools/gif2tiff.c,v
+retrieving revision 1.12
+diff -u -r1.12 gif2tiff.c
+--- gif2tiff.c 15 Dec 2010 00:22:44 - 1.12
gif2tiff.c 13 Aug 2013 08:25:38 -
+@@ -333,6 +333,10 @@
+ int status = 1;
+
+ datasize = getc(infile);
++
++if (datasize > 12)
++return 0;
++
+ clear = 1 << datasize;
+ eoi = clear + 1;
+ avail = clear + 2;
Added: tiff-4.0.3-CVE-2013-4232.patch
===
--- tiff-4.0.3-CVE-2013-4232.patch (rev 0)
+++ tiff-4.0.3-CVE-2013-4232.patch 2013-08-22 21:10:48 UTC (rev 193539)
@@ -0,0 +1,15 @@
+Index: tiff2pdf.c
+===
+RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v
+retrieving revision 1.71
+diff -u -r1.71 tiff2pdf.c
+--- tiff2pdf.c 2 May 2013 14:54:08 - 1.71
tiff2pdf.c 13 Aug 2013 04:45:40 -
+@@ -2462,6 +2462,7 @@
+ TIFFFileName(input));
+ t2p->t2p_error = T2P_ERR_ERROR;
+ _TIFFfree(buffer);
++ return(0);
+ } else {
+ buffer=samplebuffer;
+ t2p->tiff_datasize *= t2p->tiff_samplesperpixel;
[arch-commits] Commit in libtiff/trunk (3 files)
Date: Tuesday, April 12, 2011 @ 10:21:49
Author: eric
Revision: 119577
upgpkg: libtiff 3.9.5-1
Upstream update, Removed old patch and ChangeLog
Modified:
libtiff/trunk/PKGBUILD
Deleted:
libtiff/trunk/ChangeLog
libtiff/trunk/libtiff-CVE-2009-2285.patch
-+
ChangeLog | 35 ---
PKGBUILD| 21 +
libtiff-CVE-2009-2285.patch | 22 --
3 files changed, 9 insertions(+), 69 deletions(-)
Deleted: ChangeLog
===
--- ChangeLog 2011-04-12 13:37:35 UTC (rev 119576)
+++ ChangeLog 2011-04-12 14:21:49 UTC (rev 119577)
@@ -1,35 +0,0 @@
-2010-06-20 Eric Belanger
-
- * libtiff 3.9.4-1
- * Upstream update
-
-2009-11-05 Eric Belanger
-
- * libtiff 3.9.2-1
- * Upstream update
-
-2009-08-28 Eric Belanger
-
- * libtiff 3.9.1-1
- * Upstream update
-
-2009-08-26 Eric Belanger
-
- * libtiff 3.9.0-1
- * Upstream update
- * Updated url
- * Updated patches
-
-2009-08-14 Eric Belanger
-
- * libtiff 3.8.2-6
- * Added security fixes (close FS#15931)
-
-2008-09-05 Eric Belanger
-
- * libtiff 3.8.2-4
- * Applied patch to fix buffer underflow in LZW decoding
(tiff-3.8.2-CVE-2008-2327.patch)
- * Added license
- * Added freeglut optdepends
- * FHS man pages
- * Added ChangeLog
Modified: PKGBUILD
===
--- PKGBUILD2011-04-12 13:37:35 UTC (rev 119576)
+++ PKGBUILD2011-04-12 14:21:49 UTC (rev 119577)
@@ -1,9 +1,8 @@
# $Id$
-# Maintainer: Eric Belanger
-# Contributor: dorphell
+# Maintainer: Eric Bélanger
pkgname=libtiff
-pkgver=3.9.4
+pkgver=3.9.5
pkgrel=1
pkgdesc="Library for manipulation of TIFF images"
arch=('i686' 'x86_64')
@@ -13,20 +12,18 @@
makedepends=('libgl' 'freeglut' 'libxmu' 'libxi')
optdepends=('freeglut: for using tiffgt')
options=('!libtool')
-source=(ftp://ftp.remotesensing.org/pub/libtiff/tiff-${pkgver}.tar.gz \
-libtiff-CVE-2009-2285.patch)
-md5sums=('2006c1bdd12644dbf02956955175afd6' 'ff61077408727a82281f77a94f555e2a')
-sha1sums=('a4e32d55afbbcabd0391a9c89995e8e8a19961de'
'eadce8c8bd72ea9c74f35300bf299131813b0c8b')
+source=(ftp://ftp.remotesensing.org/pub/libtiff/tiff-${pkgver}.tar.gz)
+md5sums=('8fc7ce3b4e1d0cc8a319336967815084')
+sha1sums=('f40aab20fb2f609b5cbc1171c40b66a1445e3773')
build() {
cd "${srcdir}/tiff-${pkgver}"
- patch -p1 < ../libtiff-CVE-2009-2285.patch || return 1
- ./configure --prefix=/usr --sysconfdir=/etc --mandir=/usr/share/man ||
return 1
- make || return 1
+ ./configure --prefix=/usr
+ make
}
package() {
cd "${srcdir}/tiff-${pkgver}"
- make DESTDIR="${pkgdir}" install || return 1
- install -D -m644 COPYRIGHT "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
|| return 1
+ make DESTDIR="${pkgdir}" install
+ install -D -m644 COPYRIGHT "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
}
Deleted: libtiff-CVE-2009-2285.patch
===
--- libtiff-CVE-2009-2285.patch 2011-04-12 13:37:35 UTC (rev 119576)
+++ libtiff-CVE-2009-2285.patch 2011-04-12 14:21:49 UTC (rev 119577)
@@ -1,22 +0,0 @@
-Index: tiff-3.8.2/libtiff/tif_lzw.c
-===
tiff-3.8.2.orig/libtiff/tif_lzw.c
-+++ tiff-3.8.2/libtiff/tif_lzw.c
-@@ -421,7 +421,7 @@ LZWDecode(TIFF* tif, tidata_t op0, tsize
- NextCode(tif, sp, bp, code, GetNextCode);
- if (code == CODE_EOI)
- break;
-- if (code == CODE_CLEAR) {
-+ if (code >= CODE_CLEAR) {
- TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
- "LZWDecode: Corrupted LZW table at scanline %d",
- tif->tif_row);
-@@ -624,7 +624,7 @@ LZWDecodeCompat(TIFF* tif, tidata_t op0,
- NextCode(tif, sp, bp, code, GetNextCodeCompat);
- if (code == CODE_EOI)
- break;
-- if (code == CODE_CLEAR) {
-+ if (code >= CODE_CLEAR) {
- TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
- "LZWDecode: Corrupted LZW table at scanline %d",
- tif->tif_row);
[arch-commits] Commit in libtiff/trunk (3 files)
Date: Sunday, June 20, 2010 @ 17:43:27
Author: eric
Revision: 83314
upgpkg: libtiff 3.9.4-1
Upstream update
Modified:
libtiff/trunk/ChangeLog
libtiff/trunk/PKGBUILD
Deleted:
libtiff/trunk/tiff-3.9.0-CVE-2009-2347.patch
+
ChangeLog |5 +
PKGBUILD | 19 ++-
tiff-3.9.0-CVE-2009-2347.patch | 29 -
3 files changed, 15 insertions(+), 38 deletions(-)
Modified: ChangeLog
===
--- ChangeLog 2010-06-20 21:17:46 UTC (rev 83313)
+++ ChangeLog 2010-06-20 21:43:27 UTC (rev 83314)
@@ -1,3 +1,8 @@
+2010-06-20 Eric Belanger
+
+ * libtiff 3.9.4-1
+ * Upstream update
+
2009-11-05 Eric Belanger
* libtiff 3.9.2-1
Modified: PKGBUILD
===
--- PKGBUILD2010-06-20 21:17:46 UTC (rev 83313)
+++ PKGBUILD2010-06-20 21:43:27 UTC (rev 83314)
@@ -3,29 +3,30 @@
# Contributor: dorphell
pkgname=libtiff
-pkgver=3.9.2
-pkgrel=2
+pkgver=3.9.4
+pkgrel=1
pkgdesc="Library for manipulation of TIFF images"
arch=('i686' 'x86_64')
url="http://www.remotesensing.org/libtiff/";
license=('custom')
-depends=('libjpeg>=8' 'zlib')
+depends=('libjpeg' 'zlib')
makedepends=('libgl' 'freeglut' 'libxmu' 'libxi')
optdepends=('freeglut: for using tiffgt')
options=('!libtool')
source=(ftp://ftp.remotesensing.org/pub/libtiff/tiff-${pkgver}.tar.gz \
-libtiff-CVE-2009-2285.patch tiff-3.9.0-CVE-2009-2347.patch)
-md5sums=('93e56e421679c591de7552db13384cb8' 'ff61077408727a82281f77a94f555e2a'\
- '867fa3ec83e748abf247f9706ef13f9a')
-sha1sums=('5c054d31e350e53102221b7760c3700cf70b4327'
'eadce8c8bd72ea9c74f35300bf299131813b0c8b'\
- 'cf8b68ed8f218d2429ab296c2033dc0292efe299')
+libtiff-CVE-2009-2285.patch)
+md5sums=('2006c1bdd12644dbf02956955175afd6' 'ff61077408727a82281f77a94f555e2a')
+sha1sums=('a4e32d55afbbcabd0391a9c89995e8e8a19961de'
'eadce8c8bd72ea9c74f35300bf299131813b0c8b')
build() {
cd "${srcdir}/tiff-${pkgver}"
patch -p1 < ../libtiff-CVE-2009-2285.patch || return 1
- patch -p0 < ../tiff-3.9.0-CVE-2009-2347.patch || return 1
./configure --prefix=/usr --sysconfdir=/etc --mandir=/usr/share/man ||
return 1
make || return 1
+}
+
+package() {
+ cd "${srcdir}/tiff-${pkgver}"
make DESTDIR="${pkgdir}" install || return 1
install -D -m644 COPYRIGHT "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
|| return 1
}
Deleted: tiff-3.9.0-CVE-2009-2347.patch
===
--- tiff-3.9.0-CVE-2009-2347.patch 2010-06-20 21:17:46 UTC (rev 83313)
+++ tiff-3.9.0-CVE-2009-2347.patch 2010-06-20 21:43:27 UTC (rev 83314)
@@ -1,29 +0,0 @@
tools/tiff2rgba.c.orig 2009-08-27 00:05:33.0 -0400
-+++ tools/tiff2rgba.c 2009-08-27 00:23:44.0 -0400
-@@ -236,6 +236,7 @@
- uint32 width, height;/* image width & height */
- uint32 row;
- uint32 *wrk_line;
-+size_t pixel_count;
- int ok = 1;
-
- TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &width);
-@@ -251,7 +252,17 @@
- /*
- * Allocate strip buffer
- */
--raster = (uint32*)_TIFFmalloc(width * rowsperstrip * sizeof (uint32));
-+ pixel_count = width * rowsperstrip;
-+
-+/* XXX: Check the integer overflow. */
-+if (!width || !rowsperstrip || pixel_count / width != rowsperstrip) {
-+TIFFError(TIFFFileName(in),
-+"Malformed input file; can't allocate buffer for raster of
%lux%lu size",
-+(unsigned long)width, (unsigned long)rowsperstrip);
-+return 0;
-+}
-+
-+ raster = (uint32*)_TIFFCheckMalloc(in, pixel_count, sizeof(uint32),
"raster buffer");
- if (raster == 0) {
- TIFFError(TIFFFileName(in), "No space for raster buffer");
- return (0);
