[libtiff/f17] Add patch for CVE-2012-3401

Tom Lane tgl at fedoraproject.org
Sun Jul 22 22:02:33 UTC 2012 

commit 639c15da6d07d3e51c6d10b15b47a3ef259281ff
Author: Tom Lane <tgl at redhat.com>
Date:   Sun Jul 22 18:02:23 2012 -0400

    Add patch for CVE-2012-3401

 libtiff-CVE-2012-3401.patch |   11 +++++++++++
 libtiff.spec                |    8 +++++++-
 2 files changed, 18 insertions(+), 1 deletions(-)
---
diff --git a/libtiff-CVE-2012-3401.patch b/libtiff-CVE-2012-3401.patch
new file mode 100644
index 0000000..1cdd9fa
--- /dev/null
+++ b/libtiff-CVE-2012-3401.patch
@@ -0,0 +1,11 @@
+diff -Naur tiff-3.9.6.orig/tools/tiff2pdf.c tiff-3.9.6/tools/tiff2pdf.c
+--- tiff-3.9.6.orig/tools/tiff2pdf.c	2010-12-13 20:45:51.000000000 -0500
++++ tiff-3.9.6/tools/tiff2pdf.c	2012-07-05 13:37:20.143798126 -0400
+@@ -1035,6 +1035,7 @@
+ 				"Can't set directory %u of input file %s", 
+ 				i,
+ 				TIFFFileName(input));
++			t2p->t2p_error = T2P_ERR_ERROR;
+ 			return;
+ 		}
+ 		if(TIFFGetField(input, TIFFTAG_PAGENUMBER, &pagen, &paged)){
diff --git a/libtiff.spec b/libtiff.spec
index a7a7732..a6493ca 100644
--- a/libtiff.spec
+++ b/libtiff.spec
@@ -1,7 +1,7 @@
 Summary: Library of functions for manipulating TIFF format image files
 Name: libtiff
 Version: 3.9.6
-Release: 1%{?dist}
+Release: 2%{?dist}
 
 License: libtiff
 Group: System Environment/Libraries
@@ -12,6 +12,7 @@ Source: ftp://ftp.remotesensing.org/pub/libtiff/tiff-%{version}.tar.gz
 Patch1: libtiff-CVE-2012-1173.patch
 Patch2: libtiff-CVE-2012-2088.patch
 Patch3: libtiff-CVE-2012-2113.patch
+Patch4: libtiff-CVE-2012-3401.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 BuildRequires: zlib-devel libjpeg-devel
@@ -67,6 +68,7 @@ image files using the libtiff library.
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1
 
 # Use build system's libtool.m4, not the one in the package.
 rm -f libtool.m4
@@ -178,6 +180,10 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man1/*
 
 %changelog
+* Sun Jul 22 2012 Tom Lane <tgl at redhat.com> 3.9.6-2
+- Add patch for CVE-2012-3401
+Resolves: #841736
+
 * Thu Jun 28 2012 Tom Lane <tgl at redhat.com> 3.9.6-1
 - Update to libtiff 3.9.6, and add patches for CVE-2012-2088, CVE-2012-2113
 Resolves: #832866

More information about the scm-commits mailing list