wok rev 9579
Up: tiff to 3.9.5.
| author | Christopher Rogers <slaxemulator@gmail.com> |
|---|---|
| date | Tue Apr 12 11:37:28 2011 +0000 (2011-04-12) |
| parents | 540e07f1f4e1 |
| children | 63f55f52c422 |
| files | tiff-apps/receipt tiff-dev/receipt tiff/receipt tiff/stuff/libtiff-CVE-2009-2285.patch tiff/stuff/libtiff-CVE-2011-0192.patch tiff/stuff/libtiff-CVE-2011-1167.patch |
line diff
1.1 --- a/tiff-apps/receipt Tue Apr 12 11:24:03 2011 +0000 1.2 +++ b/tiff-apps/receipt Tue Apr 12 11:37:28 2011 +0000 1.3 @@ -1,7 +1,7 @@ 1.4 # SliTaz package receipt. 1.5 1.6 PACKAGE="tiff-apps" 1.7 -VERSION="3.9.4" 1.8 +VERSION="3.9.5" 1.9 CATEGORY="x-window" 1.10 SHORT_DESC="TIFF images manipulation cli applications. (Check tiff for libs)." 1.11 MAINTAINER="pankso@slitaz.org" 1.12 @@ -12,6 +12,6 @@ 1.13 # Rules to gen a SliTaz package suitable for Tazpkg. 1.14 genpkg_rules() 1.15 { 1.16 - mkdir -p $fs/usr 1.17 + mkdir -p $fs/usr 1.18 cp -a $_pkg/usr/bin $fs/usr 1.19 }
2.1 --- a/tiff-dev/receipt Tue Apr 12 11:24:03 2011 +0000 2.2 +++ b/tiff-dev/receipt Tue Apr 12 11:37:28 2011 +0000 2.3 @@ -1,7 +1,7 @@ 2.4 # SliTaz package receipt. 2.5 2.6 PACKAGE="tiff-dev" 2.7 -VERSION="3.9.4" 2.8 +VERSION="3.9.5" 2.9 CATEGORY="development" 2.10 SHORT_DESC="TIFF images libs devel files. (Check tiff-apps for utilities)." 2.11 MAINTAINER="pankso@slitaz.org" 2.12 @@ -12,7 +12,7 @@ 2.13 # Rules to gen a SliTaz package suitable for Tazpkg. 2.14 genpkg_rules() 2.15 { 2.16 - mkdir -p $fs/usr/lib 2.17 + mkdir -p $fs/usr/lib 2.18 cp -a $_pkg/usr/lib/*.*a $fs/usr/lib 2.19 cp -a $_pkg/usr/include $fs/usr 2.20 }
3.1 --- a/tiff/receipt Tue Apr 12 11:24:03 2011 +0000 3.2 +++ b/tiff/receipt Tue Apr 12 11:37:28 2011 +0000 3.3 @@ -1,7 +1,7 @@ 3.4 # SliTaz package receipt. 3.5 3.6 PACKAGE="tiff" 3.7 -VERSION="3.9.4" 3.8 +VERSION="3.9.5" 3.9 CATEGORY="x-window" 3.10 SHORT_DESC="TIFF images libs. (Check tiff-apps for utilities)." 3.11 MAINTAINER="pankso@slitaz.org" 3.12 @@ -15,16 +15,6 @@ 3.13 { 3.14 cd $src 3.15 3.16 - # Added patch to fix CVE-2009-2285 3.17 - # Bufffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 3.18 - # allows context-dependent attackers to cause a denial of service 3.19 - # (crash) via a crafted TIFF imag. 3.20 - 3.21 - patch -Np1 -i $stuff/libtiff-CVE-2009-2285.patch 3.22 - #http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0192 3.23 - patch -Np1 -i $stuff/libtiff-CVE-2011-0192.patch 3.24 - #http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1167 3.25 - patch -Np1 -i $stuff/libtiff-CVE-2011-1167.patch 3.26 ./configure && 3.27 make && 3.28 make install
4.1 --- a/tiff/stuff/libtiff-CVE-2009-2285.patch Tue Apr 12 11:24:03 2011 +0000 4.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 4.3 @@ -1,22 +0,0 @@ 4.4 -Index: tiff-3.8.2/libtiff/tif_lzw.c 4.5 -=================================================================== 4.6 ---- tiff-3.8.2.orig/libtiff/tif_lzw.c 4.7 -+++ tiff-3.8.2/libtiff/tif_lzw.c 4.8 -@@ -421,7 +421,7 @@ LZWDecode(TIFF* tif, tidata_t op0, tsize 4.9 - NextCode(tif, sp, bp, code, GetNextCode); 4.10 - if (code == CODE_EOI) 4.11 - break; 4.12 -- if (code == CODE_CLEAR) { 4.13 -+ if (code >= CODE_CLEAR) { 4.14 - TIFFErrorExt(tif->tif_clientdata, tif->tif_name, 4.15 - "LZWDecode: Corrupted LZW table at scanline %d", 4.16 - tif->tif_row); 4.17 -@@ -624,7 +624,7 @@ LZWDecodeCompat(TIFF* tif, tidata_t op0, 4.18 - NextCode(tif, sp, bp, code, GetNextCodeCompat); 4.19 - if (code == CODE_EOI) 4.20 - break; 4.21 -- if (code == CODE_CLEAR) { 4.22 -+ if (code >= CODE_CLEAR) { 4.23 - TIFFErrorExt(tif->tif_clientdata, tif->tif_name, 4.24 - "LZWDecode: Corrupted LZW table at scanline %d", 4.25 - tif->tif_row);
5.1 --- a/tiff/stuff/libtiff-CVE-2011-0192.patch Tue Apr 12 11:24:03 2011 +0000 5.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 5.3 @@ -1,27 +0,0 @@ 5.4 -Protect against a fax VL(n) codeword commanding a move left. Without 5.5 -this, a malicious input file can generate an indefinitely large series 5.6 -of runs without a0 ever reaching the right margin, thus overrunning 5.7 -our buffer of run lengths. Per CVE-2011-0192. This is a modified 5.8 -version of a patch proposed by Drew Yao of Apple Product Security. 5.9 -It adds an unexpected() report, and disallows the equality case except 5.10 -for the first run of a line, since emitting a run without increasing a0 5.11 -still allows buffer overrun. (We have to allow it for the first run to 5.12 -cover the case of encoding a zero-length run at start of line using VL.) 5.13 - 5.14 - 5.15 -diff -Naur tiff-3.9.4.orig/libtiff/tif_fax3.h tiff-3.9.4/libtiff/tif_fax3.h 5.16 ---- tiff-3.9.4.orig/libtiff/tif_fax3.h 2010-06-08 14:50:42.000000000 -0400 5.17 -+++ tiff-3.9.4/libtiff/tif_fax3.h 2011-03-10 12:11:20.850839162 -0500 5.18 -@@ -478,6 +478,12 @@ 5.19 - break; \ 5.20 - case S_VL: \ 5.21 - CHECK_b1; \ 5.22 -+ if (b1 <= (int) (a0 + TabEnt->Param)) { \ 5.23 -+ if (b1 < (int) (a0 + TabEnt->Param) || pa != thisrun) { \ 5.24 -+ unexpected("VL", a0); \ 5.25 -+ goto eol2d; \ 5.26 -+ } \ 5.27 -+ } \ 5.28 - SETVALUE(b1 - a0 - TabEnt->Param); \ 5.29 - b1 -= *--pb; \ 5.30 - break; \
6.1 --- a/tiff/stuff/libtiff-CVE-2011-1167.patch Tue Apr 12 11:24:03 2011 +0000 6.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 6.3 @@ -1,53 +0,0 @@ 6.4 -Upstream patch for CVE-2011-1167, heap-based buffer overflow in thunder 6.5 -decoder (ZDI-CAN-1004). 6.6 - 6.7 - 6.8 -diff -Naur tiff-3.9.4.orig/libtiff/tif_thunder.c tiff-3.9.4/libtiff/tif_thunder.c 6.9 ---- tiff-3.9.4.orig/libtiff/tif_thunder.c 2010-06-08 14:50:43.000000000 -0400 6.10 -+++ tiff-3.9.4/libtiff/tif_thunder.c 2011-03-18 12:17:13.635796403 -0400 6.11 -@@ -55,12 +55,32 @@ 6.12 - static const int twobitdeltas[4] = { 0, 1, 0, -1 }; 6.13 - static const int threebitdeltas[8] = { 0, 1, 2, 3, 0, -3, -2, -1 }; 6.14 - 6.15 --#define SETPIXEL(op, v) { \ 6.16 -- lastpixel = (v) & 0xf; \ 6.17 -- if (npixels++ & 1) \ 6.18 -- *op++ |= lastpixel; \ 6.19 -- else \ 6.20 -+#define SETPIXEL(op, v) { \ 6.21 -+ lastpixel = (v) & 0xf; \ 6.22 -+ if ( npixels < maxpixels ) \ 6.23 -+ { \ 6.24 -+ if (npixels++ & 1) \ 6.25 -+ *op++ |= lastpixel; \ 6.26 -+ else \ 6.27 - op[0] = (tidataval_t) (lastpixel << 4); \ 6.28 -+ } \ 6.29 -+} 6.30 -+ 6.31 -+static int 6.32 -+ThunderSetupDecode(TIFF* tif) 6.33 -+{ 6.34 -+ static const char module[] = "ThunderSetupDecode"; 6.35 -+ 6.36 -+ if( tif->tif_dir.td_bitspersample != 4 ) 6.37 -+ { 6.38 -+ TIFFErrorExt(tif->tif_clientdata, module, 6.39 -+ "Wrong bitspersample value (%d), Thunder decoder only supports 4bits per sample.", 6.40 -+ (int) tif->tif_dir.td_bitspersample ); 6.41 -+ return 0; 6.42 -+ } 6.43 -+ 6.44 -+ 6.45 -+ return (1); 6.46 - } 6.47 - 6.48 - static int 6.49 -@@ -151,6 +171,7 @@ 6.50 - (void) scheme; 6.51 - tif->tif_decoderow = ThunderDecodeRow; 6.52 - tif->tif_decodestrip = ThunderDecodeRow; 6.53 -+ tif->tif_setupdecode = ThunderSetupDecode; 6.54 - return (1); 6.55 - } 6.56 - #endif /* THUNDER_SUPPORT */