wok annotate tiff/receipt @ rev 9544

tiff: Patched overflows that could lead to aribitrary code execution when parsing a malformed image file. Thanks slackware for having this.
author Christopher Rogers <slaxemulator@gmail.com>
date Sat Apr 09 07:21:58 2011 +0000 (2011-04-09)
parents 02bbaa9d12ba
children 85e2616a7123
rev   line source
pankso@23 1 # SliTaz package receipt.
pankso@23 2
pankso@23 3 PACKAGE="tiff"
pascal@6414 4 VERSION="3.9.4"
pankso@23 5 CATEGORY="x-window"
pankso@23 6 SHORT_DESC="TIFF images libs. (Check tiff-apps for utilities)."
pankso@23 7 MAINTAINER="pankso@slitaz.org"
pankso@23 8 TARBALL="$PACKAGE-$VERSION.tar.gz"
pascal@5007 9 DEPENDS="jpeg zlib gcc-lib-base"
pankso@23 10 WEB_SITE="http://www.remotesensing.org/libtiff/"
pankso@23 11 WGET_URL="ftp://ftp.remotesensing.org/pub/libtiff/$TARBALL"
pankso@23 12
pankso@23 13 # Rules to configure and make the package.
pankso@23 14 compile_rules()
pankso@23 15 {
pankso@23 16 cd $src
slaxemulator@6424 17
slaxemulator@6424 18 # Added patch to fix CVE-2009-2285
slaxemulator@6424 19 # Bufffer underflow in the LZWDecodeCompat function in libtiff 3.8.2
slaxemulator@6424 20 # allows context-dependent attackers to cause a denial of service
slaxemulator@6424 21 # (crash) via a crafted TIFF imag.
slaxemulator@6424 22
slaxemulator@9544 23 patch -Np1 -i $stuff/libtiff-CVE-2009-2285.patch
slaxemulator@9544 24 #http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0192
slaxemulator@9544 25 patch -Np1 -i $stuff/libtiff-CVE-2011-0192.patch
slaxemulator@9544 26 #http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1167
slaxemulator@9544 27 patch -Np1 -i $stuff/libtiff-CVE-2011-1167.patch
slaxemulator@9544 28 ./configure &&
pascal@2407 29 make &&
slaxemulator@9544 30 make install
pankso@23 31 }
pankso@23 32
pankso@23 33 # Rules to gen a SliTaz package suitable for Tazpkg.
pankso@23 34 genpkg_rules()
pankso@23 35 {
slaxemulator@9544 36 mkdir -p $fs/usr/lib
pankso@23 37 cp -a $_pkg/usr/lib/*.so* $fs/usr/lib
pankso@23 38 }