packages: libtiff/libtiff.spec, libtiff/libtiff-CVE-2009-2285.patch (NEW) -...

arekm arekm at pld-linux.org
Fri Jul 10 15:16:07 CEST 2009 

Author: arekm                        Date: Fri Jul 10 13:16:07 2009 GMT
Module: packages                      Tag: HEAD
---- Log message:
- rel 7; CVE-2009-2285 fix

---- Files affected:
packages/libtiff:
   libtiff.spec (1.96 -> 1.97) , libtiff-CVE-2009-2285.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: packages/libtiff/libtiff.spec
diff -u packages/libtiff/libtiff.spec:1.96 packages/libtiff/libtiff.spec:1.97
--- packages/libtiff/libtiff.spec:1.96	Mon Jun 29 17:02:58 2009
+++ packages/libtiff/libtiff.spec	Fri Jul 10 15:16:01 2009
@@ -10,7 +10,7 @@
 Summary(tr.UTF-8):	TIFF dosyalarını işleme kitaplığı
 Name:		libtiff
 Version:	3.8.2
-Release:	6
+Release:	7
 License:	BSD-like
 Group:		Libraries
 Source0:	ftp://ftp.remotesensing.org/pub/libtiff/tiff-%{version}.tar.gz
@@ -20,9 +20,8 @@
 Patch2:		%{name}-libtool.patch
 Patch3:		%{name}-glut.patch
 Patch4:		%{name}-CVE-2006-2193.patch
+Patch5:		%{name}-CVE-2009-2285.patch
 URL:		http://www.remotesensing.org/libtiff/
-# http://securitytracker.com/alerts/2009/Jun/1022426.html
-BuildRequires:	security(LZWDecodeCompat_via_underflow)
 %{?with_opengl:BuildRequires:  OpenGL-glut-devel}
 BuildRequires:	autoconf >= 2.59
 BuildRequires:	automake
@@ -170,6 +169,7 @@
 %patch2
 %patch3
 %patch4 -p1
+%patch5 -p1
 
 rm -f m4/{libtool,lt*}.m4
 
@@ -252,6 +252,9 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
+Revision 1.97  2009/07/10 13:16:01  arekm
+- rel 7; CVE-2009-2285 fix
+
 Revision 1.96  2009/06/29 15:02:58  blues
 - security blocker added
 

================================================================
Index: packages/libtiff/libtiff-CVE-2009-2285.patch
diff -u /dev/null packages/libtiff/libtiff-CVE-2009-2285.patch:1.1
--- /dev/null	Fri Jul 10 15:16:07 2009
+++ packages/libtiff/libtiff-CVE-2009-2285.patch	Fri Jul 10 15:16:01 2009
@@ -0,0 +1,22 @@
+Index: tiff-3.8.2/libtiff/tif_lzw.c
+===================================================================
+--- tiff-3.8.2.orig/libtiff/tif_lzw.c
++++ tiff-3.8.2/libtiff/tif_lzw.c
+@@ -421,7 +421,7 @@ LZWDecode(TIFF* tif, tidata_t op0, tsize
+ 			NextCode(tif, sp, bp, code, GetNextCode);
+ 			if (code == CODE_EOI)
+ 				break;
+-			if (code == CODE_CLEAR) {
++			if (code >= CODE_CLEAR) {
+ 				TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
+ 				"LZWDecode: Corrupted LZW table at scanline %d",
+ 				tif->tif_row);
+@@ -624,7 +624,7 @@ LZWDecodeCompat(TIFF* tif, tidata_t op0,
+ 			NextCode(tif, sp, bp, code, GetNextCodeCompat);
+ 			if (code == CODE_EOI)
+ 				break;
+-			if (code == CODE_CLEAR) {
++			if (code >= CODE_CLEAR) {
+ 				TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
+ 				"LZWDecode: Corrupted LZW table at scanline %d",
+ 				tif->tif_row);
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/libtiff/libtiff.spec?r1=1.96&r2=1.97&f=u

More information about the pld-cvs-commit mailing list