[libtiff/f17] Add patch for CVE-2012-3401
Tom Lane
tgl at fedoraproject.org
Sun Jul 22 22:02:33 UTC 2012
commit 639c15da6d07d3e51c6d10b15b47a3ef259281ff
Author: Tom Lane <tgl at redhat.com>
Date: Sun Jul 22 18:02:23 2012 -0400
Add patch for CVE-2012-3401
libtiff-CVE-2012-3401.patch | 11 +++++++++++
libtiff.spec | 8 +++++++-
2 files changed, 18 insertions(+), 1 deletions(-)
---
diff --git a/libtiff-CVE-2012-3401.patch b/libtiff-CVE-2012-3401.patch
new file mode 100644
index 0000000..1cdd9fa
--- /dev/null
+++ b/libtiff-CVE-2012-3401.patch
@@ -0,0 +1,11 @@
+diff -Naur tiff-3.9.6.orig/tools/tiff2pdf.c tiff-3.9.6/tools/tiff2pdf.c
+--- tiff-3.9.6.orig/tools/tiff2pdf.c 2010-12-13 20:45:51.000000000 -0500
++++ tiff-3.9.6/tools/tiff2pdf.c 2012-07-05 13:37:20.143798126 -0400
+@@ -1035,6 +1035,7 @@
+ "Can't set directory %u of input file %s",
+ i,
+ TIFFFileName(input));
++ t2p->t2p_error = T2P_ERR_ERROR;
+ return;
+ }
+ if(TIFFGetField(input, TIFFTAG_PAGENUMBER, &pagen, &paged)){
diff --git a/libtiff.spec b/libtiff.spec
index a7a7732..a6493ca 100644
--- a/libtiff.spec
+++ b/libtiff.spec
@@ -1,7 +1,7 @@
Summary: Library of functions for manipulating TIFF format image files
Name: libtiff
Version: 3.9.6
-Release: 1%{?dist}
+Release: 2%{?dist}
License: libtiff
Group: System Environment/Libraries
@@ -12,6 +12,7 @@ Source: ftp://ftp.remotesensing.org/pub/libtiff/tiff-%{version}.tar.gz
Patch1: libtiff-CVE-2012-1173.patch
Patch2: libtiff-CVE-2012-2088.patch
Patch3: libtiff-CVE-2012-2113.patch
+Patch4: libtiff-CVE-2012-3401.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: zlib-devel libjpeg-devel
@@ -67,6 +68,7 @@ image files using the libtiff library.
%patch1 -p1
%patch2 -p1
%patch3 -p1
+%patch4 -p1
# Use build system's libtool.m4, not the one in the package.
rm -f libtool.m4
@@ -178,6 +180,10 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man1/*
%changelog
+* Sun Jul 22 2012 Tom Lane <tgl at redhat.com> 3.9.6-2
+- Add patch for CVE-2012-3401
+Resolves: #841736
+
* Thu Jun 28 2012 Tom Lane <tgl at redhat.com> 3.9.6-1
- Update to libtiff 3.9.6, and add patches for CVE-2012-2088, CVE-2012-2113
Resolves: #832866
More information about the scm-commits
mailing list