packages: libtiff/libtiff.spec, libtiff/libtiff-CVE-2009-2285.patch (NEW) -...
arekm
arekm at pld-linux.org
Fri Jul 10 15:16:07 CEST 2009
Author: arekm Date: Fri Jul 10 13:16:07 2009 GMT
Module: packages Tag: HEAD
---- Log message:
- rel 7; CVE-2009-2285 fix
---- Files affected:
packages/libtiff:
libtiff.spec (1.96 -> 1.97) , libtiff-CVE-2009-2285.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: packages/libtiff/libtiff.spec
diff -u packages/libtiff/libtiff.spec:1.96 packages/libtiff/libtiff.spec:1.97
--- packages/libtiff/libtiff.spec:1.96 Mon Jun 29 17:02:58 2009
+++ packages/libtiff/libtiff.spec Fri Jul 10 15:16:01 2009
@@ -10,7 +10,7 @@
Summary(tr.UTF-8): TIFF dosyalarını işleme kitaplığı
Name: libtiff
Version: 3.8.2
-Release: 6
+Release: 7
License: BSD-like
Group: Libraries
Source0: ftp://ftp.remotesensing.org/pub/libtiff/tiff-%{version}.tar.gz
@@ -20,9 +20,8 @@
Patch2: %{name}-libtool.patch
Patch3: %{name}-glut.patch
Patch4: %{name}-CVE-2006-2193.patch
+Patch5: %{name}-CVE-2009-2285.patch
URL: http://www.remotesensing.org/libtiff/
-# http://securitytracker.com/alerts/2009/Jun/1022426.html
-BuildRequires: security(LZWDecodeCompat_via_underflow)
%{?with_opengl:BuildRequires: OpenGL-glut-devel}
BuildRequires: autoconf >= 2.59
BuildRequires: automake
@@ -170,6 +169,7 @@
%patch2
%patch3
%patch4 -p1
+%patch5 -p1
rm -f m4/{libtool,lt*}.m4
@@ -252,6 +252,9 @@
All persons listed below can be reached at <cvs_login>@pld-linux.org
$Log$
+Revision 1.97 2009/07/10 13:16:01 arekm
+- rel 7; CVE-2009-2285 fix
+
Revision 1.96 2009/06/29 15:02:58 blues
- security blocker added
================================================================
Index: packages/libtiff/libtiff-CVE-2009-2285.patch
diff -u /dev/null packages/libtiff/libtiff-CVE-2009-2285.patch:1.1
--- /dev/null Fri Jul 10 15:16:07 2009
+++ packages/libtiff/libtiff-CVE-2009-2285.patch Fri Jul 10 15:16:01 2009
@@ -0,0 +1,22 @@
+Index: tiff-3.8.2/libtiff/tif_lzw.c
+===================================================================
+--- tiff-3.8.2.orig/libtiff/tif_lzw.c
++++ tiff-3.8.2/libtiff/tif_lzw.c
+@@ -421,7 +421,7 @@ LZWDecode(TIFF* tif, tidata_t op0, tsize
+ NextCode(tif, sp, bp, code, GetNextCode);
+ if (code == CODE_EOI)
+ break;
+- if (code == CODE_CLEAR) {
++ if (code >= CODE_CLEAR) {
+ TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
+ "LZWDecode: Corrupted LZW table at scanline %d",
+ tif->tif_row);
+@@ -624,7 +624,7 @@ LZWDecodeCompat(TIFF* tif, tidata_t op0,
+ NextCode(tif, sp, bp, code, GetNextCodeCompat);
+ if (code == CODE_EOI)
+ break;
+- if (code == CODE_CLEAR) {
++ if (code >= CODE_CLEAR) {
+ TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
+ "LZWDecode: Corrupted LZW table at scanline %d",
+ tif->tif_row);
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/libtiff/libtiff.spec?r1=1.96&r2=1.97&f=u
More information about the pld-cvs-commit
mailing list