[Lunar-commits] <moonbase-other> tiff: Adding some CVE patches kindly provided by the gentoo folks.

Dennis Veatch dennisveatch at bellsouth.net
Tue Oct 7 12:33:40 CEST 2014 

commit a0963ee814ccd95e1fdb6b3e992e460befc67327
Author: Dennis Veatch <dennisveatch at bellsouth.net>
Date: Tue, 07 Oct 2014 06:32:56 -0400
URL: https://github.com/lunar-linux/moonbase-other/commit/a0963ee814ccd95e1fdb6b3e992e460befc67327

tiff: Adding some CVE patches kindly provided by the gentoo folks.
---
  graphics/tiff/BUILD   | +11/-3    
  graphics/tiff/DETAILS | +22/-1    
  2 files changed, 33 insertions(+), 4 deletions(-)

--- a/graphics/tiff/BUILD
+++ b/graphics/tiff/BUILD
@@ -1,7 +1,15 @@
-(
+
+# Fix output colors of tiff2pdf when JPEG compression is enabled.
+  sedit "s:ColorTransform 0 :ColorTransform 1 :" tools/tiff2pdf.c &&
+
+  patch_it $SOURCE2 1 &&
+  patch_it $SOURCE3 1 &&
+  patch_it $SOURCE4 1 &&
+  patch_it $SOURCE5 0 &&
+  patch_it $SOURCE6 0 &&
+  patch_it $SOURCE7 1 &&
+  patch_it $SOURCE8 1 &&
 
   OPTS+=" --with-docdir=/usr/share/doc/$MODULE --disable-static" &&
 
   default_build
-
-) > $C_FIFO 2>&1
--- a/graphics/tiff/DETAILS
+++ b/graphics/tiff/DETAILS
@@ -1,11 +1,32 @@
           MODULE=tiff
          VERSION=4.0.3
           SOURCE=$MODULE-$VERSION.tar.gz
+         SOURCE2=tiff-3.9.7-CVE-2012-4564.patch
+         SOURCE3=tiff-4.0.3-CVE-2013-1960.patch
+         SOURCE4=tiff-4.0.3-CVE-2013-1961.patch
+         SOURCE5=tiff-4.0.3-CVE-2013-4231.patch
+         SOURCE6=tiff-4.0.3-CVE-2013-4232.patch
+         SOURCE7=tiff-4.0.3-CVE-2013-4244.patch
+         SOURCE8=tiff-4.0.3-libjpeg-turbo.patch
       SOURCE_URL=http://download.osgeo.org/libtiff
+     SOURCE2_URL=http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/media-libs/tiff/files/
+     SOURCE3_URL=http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/media-libs/tiff/files/
+     SOURCE4_URL=http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/media-libs/tiff/files/
+     SOURCE5_URL=http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/media-libs/tiff/files/
+     SOURCE6_URL=http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/media-libs/tiff/files/
+     SOURCE7_URL=http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/media-libs/tiff/files/
+     SOURCE8_URL=http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/media-libs/tiff/files/
       SOURCE_VFY=sha1:652e97b78f1444237a82cbcfe014310e776eb6f0
+     SOURCE2_VFY=sha1:6cb3d480908132335c05c769b5a51f951413725d
+     SOURCE3_VFY=sha1:5903355afdd0bb27ea3746339e2196720f9fac9d
+     SOURCE4_VFY=sha1:29a91870cca5d4cd9ca1c464f8074088eddc3fb8
+     SOURCE5_VFY=sha1:e2871800764e250895402b7a8cba9231162e7cf7
+     SOURCE6_VFY=sha1:b4da9ac9a51d3774040579fbd38ff2ab7cc42be2
+     SOURCE7_VFY=sha1:01c6792ba2470493da4d990edae8de6c13bd4670
+     SOURCE8_VFY=sha1:02d57835df50d3f84587571ec52b36f5af838de2
         WEB_SITE=http://www.libtiff.org
          ENTERED=20010922
-         UPDATED=20120923
+         UPDATED=20141007
            SHORT="provides support for the Tag Image File Format"
 
 cat << EOF

More information about the Lunar-commits mailing list