[notify] libtiff: added patch for CVE-2012-3401

3 files changed, 15 insertions, 2 deletions

diff --git a/libtiff/.md5sum b/libtiff/.md5sum
index 93348c1ec..aed8089e8 100644
--- a/libtiff/.md5sum
+++ b/libtiff/.md5sum
@@ -1,3 +1,4 @@
 f8f762ce62748d4d39d753823158342b  CVE-2012-2088.patch
 45e96e9c6f56a16dd3f7d3b7cca61bc5  CVE-2012-2113.patch
+8dd6d80daa79d06c3de8e4c375ba5854  CVE-2012-3401.patch
 6920f3bf628d791d49f268b83612ed23  tiff-3.9.6.tar.gz
diff --git a/libtiff/CVE-2012-3401.patch b/libtiff/CVE-2012-3401.patch
new file mode 100644
index 000000000..dd6c6b699
--- /dev/null
+++ b/libtiff/CVE-2012-3401.patch
@@ -0,0 +1,11 @@
+--- tiff-4.0.2.orig/tools/tiff2pdf.c	2012-06-15 17:51:54.000000000 -0400
++++ tiff-4.0.2/tools/tiff2pdf.c	2012-07-05 13:34:36.569691068 -0400
+@@ -1066,6 +1066,7 @@
+ 				"Can't set directory %u of input file %s", 
+ 				i,
+ 				TIFFFileName(input));
++			t2p->t2p_error = T2P_ERR_ERROR;
+ 			return;
+ 		}
+ 		if(TIFFGetField(input, TIFFTAG_PAGENUMBER, &pagen, &paged)){
+
diff --git a/libtiff/Pkgfile b/libtiff/Pkgfile
index 9ee323c96..5fee8948d 100644
--- a/libtiff/Pkgfile
+++ b/libtiff/Pkgfile
@@ -5,14 +5,15 @@
 
 name=libtiff
 version=3.9.6
-release=2
+release=3
 source=(http://download.osgeo.org/libtiff/tiff-$version.tar.gz \
-        CVE-2012-2088.patch CVE-2012-2113.patch)
+        CVE-2012-2088.patch CVE-2012-2113.patch CVE-2012-3401.patch)
 
 build() {
     cd tiff-$version
     patch -p0 -i $SRC/CVE-2012-2088.patch
     patch -p0 -i $SRC/CVE-2012-2113.patch
+    patch -p1 -i $SRC/CVE-2012-3401.patch
     ./configure --prefix=/usr --mandir=/usr/man
     make
     make DESTDIR=$PKG install