wok-current rev 9544
tiff: Patched overflows that could lead to aribitrary code execution when parsing a malformed image file. Thanks slackware for having this.
author | Christopher Rogers <slaxemulator@gmail.com> |
---|---|
date | Sat Apr 09 07:21:58 2011 +0000 (2011-04-09) |
parents | c3cd2c0689de |
children | d36e3f34f5c0 |
files | linux/receipt tiff/receipt tiff/stuff/libtiff-CVE-2011-0192.patch tiff/stuff/libtiff-CVE-2011-1167.patch wxpython/receipt |
line diff
1.1 --- a/linux/receipt Sat Apr 09 13:01:20 2011 +0200 1.2 +++ b/linux/receipt Sat Apr 09 07:21:58 2011 +0000 1.3 @@ -1,13 +1,20 @@ 1.4 # SliTaz package receipt. 1.5 1.6 PACKAGE="linux" 1.7 -VERSION="2.6.37" 1.8 +VERSION="2.6.37.6" 1.9 +BASE_VERSION="${VERSION%.*}" 1.10 +# the one below is when your using the newer base version 1.11 +#BASE_VERSION="$VERSION" 1.12 CATEGORY="base-system" 1.13 SHORT_DESC="The Linux kernel and modules." 1.14 DEPENDS="depmod" 1.15 -BUILD_DEPENDS="slitaz-toolchain perl git lzma patch" 1.16 +if [ "$BASE_VERSION" != "$VERSION" ]; then 1.17 + BUILD_DEPENDS="linux-patch perl git lzma patch" 1.18 +else 1.19 + BUILD_DEPENDS="perl git lzma patch" 1.20 +fi 1.21 MAINTAINER="devel@slitaz.org" 1.22 -TARBALL="$PACKAGE-$VERSION.tar.bz2" 1.23 +TARBALL="$PACKAGE-$BASE_VERSION.tar.bz2" 1.24 WEB_SITE="http://www.kernel.org/" 1.25 WGET_URL="http://www.eu.kernel.org/pub/linux/kernel/v${VERSION:0:3}/$TARBALL" 1.26 CONFIG_FILES="/lib/modules/$VERSION-slitaz/modules.dep" 1.27 @@ -48,10 +55,10 @@ 1.28 patch -p1 < $WOK/$PACKAGE/slitaz/$patch_file || { report close-bloc; return 1; } 1.29 touch done.$patch_file 1.30 done <<EOT 1.31 -$PACKAGE-diff-$VERSION.u 1.32 -$PACKAGE-unlzma-$VERSION.u 1.33 -$PACKAGE-header-$VERSION.u 1.34 -$PACKAGE-freeinitrd-$VERSION.u 1.35 +$PACKAGE-diff-$BASE_VERSION.u 1.36 +$PACKAGE-unlzma-$BASE_VERSION.u 1.37 +$PACKAGE-header-$BASE_VERSION.u 1.38 +$PACKAGE-freeinitrd-$BASE_VERSION.u 1.39 aufs2-base.patch 1.40 aufs2-standalone.patch 1.41 001-squashfs-decompressors-add-xz-decompressor-module.patch 1.42 @@ -68,7 +75,7 @@ 1.43 1.44 report step "Make bzImage without modules first" 1.45 # Build bzImage without modules first 1.46 - cp -f $stuff/$PACKAGE-$VERSION-slitaz.config .config 1.47 + cp -f $stuff/$PACKAGE-$BASE_VERSION-slitaz.config .config 1.48 sed -i 's/CONFIG_MODULES=y/# CONFIG_MODULES is not set/' .config 1.49 # We can't keep every driver in staging 1.50 sed -i -e 's/^CONFIG_RTL8192/#&/' \ 1.51 @@ -82,7 +89,7 @@ 1.52 1.53 report step "Now build bzImage with modules" 1.54 # Build bzImage with modules 1.55 - cp -f $stuff/$PACKAGE-$VERSION-slitaz.config .config 1.56 + cp -f $stuff/$PACKAGE-$BASE_VERSION-slitaz.config .config 1.57 make oldconfig 1.58 ln .config $WOK/$PACKAGE/slitaz/config 1.59 make -j 4 bzImage && 1.60 @@ -116,7 +123,7 @@ 1.61 export _pkg 1.62 mkdir $WOK/$PACKAGE/tmp 1.63 $WOK/$PACKAGE/stuff/list_modules.sh \ 1.64 - $(cat stuff/modules-$VERSION.list) > $WOK/$PACKAGE/tmp/modules.list 1.65 + $(cat $stuff/modules-$BASE_VERSION.list) > $WOK/$PACKAGE/tmp/modules.list 1.66 while read module; do 1.67 dir=$(dirname $module) 1.68 [ -d $path/$dir ] || mkdir -p $path/$dir
2.1 --- a/tiff/receipt Sat Apr 09 13:01:20 2011 +0200 2.2 +++ b/tiff/receipt Sat Apr 09 07:21:58 2011 +0000 2.3 @@ -20,16 +20,19 @@ 2.4 # allows context-dependent attackers to cause a denial of service 2.5 # (crash) via a crafted TIFF imag. 2.6 2.7 - patch -p1 -i $stuff/libtiff-CVE-2009-2285.patch 2.8 - ./configure --prefix=/usr --infodir=/usr/share/info \ 2.9 - --mandir=/usr/share/man $CONFIGURE_ARGS && 2.10 + patch -Np1 -i $stuff/libtiff-CVE-2009-2285.patch 2.11 + #http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0192 2.12 + patch -Np1 -i $stuff/libtiff-CVE-2011-0192.patch 2.13 + #http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1167 2.14 + patch -Np1 -i $stuff/libtiff-CVE-2011-1167.patch 2.15 + ./configure && 2.16 make && 2.17 - make DESTDIR=$PWD/_pkg install 2.18 + make install 2.19 } 2.20 2.21 # Rules to gen a SliTaz package suitable for Tazpkg. 2.22 genpkg_rules() 2.23 { 2.24 - mkdir -p $fs/usr/lib 2.25 + mkdir -p $fs/usr/lib 2.26 cp -a $_pkg/usr/lib/*.so* $fs/usr/lib 2.27 }
3.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 3.2 +++ b/tiff/stuff/libtiff-CVE-2011-0192.patch Sat Apr 09 07:21:58 2011 +0000 3.3 @@ -0,0 +1,27 @@ 3.4 +Protect against a fax VL(n) codeword commanding a move left. Without 3.5 +this, a malicious input file can generate an indefinitely large series 3.6 +of runs without a0 ever reaching the right margin, thus overrunning 3.7 +our buffer of run lengths. Per CVE-2011-0192. This is a modified 3.8 +version of a patch proposed by Drew Yao of Apple Product Security. 3.9 +It adds an unexpected() report, and disallows the equality case except 3.10 +for the first run of a line, since emitting a run without increasing a0 3.11 +still allows buffer overrun. (We have to allow it for the first run to 3.12 +cover the case of encoding a zero-length run at start of line using VL.) 3.13 + 3.14 + 3.15 +diff -Naur tiff-3.9.4.orig/libtiff/tif_fax3.h tiff-3.9.4/libtiff/tif_fax3.h 3.16 +--- tiff-3.9.4.orig/libtiff/tif_fax3.h 2010-06-08 14:50:42.000000000 -0400 3.17 ++++ tiff-3.9.4/libtiff/tif_fax3.h 2011-03-10 12:11:20.850839162 -0500 3.18 +@@ -478,6 +478,12 @@ 3.19 + break; \ 3.20 + case S_VL: \ 3.21 + CHECK_b1; \ 3.22 ++ if (b1 <= (int) (a0 + TabEnt->Param)) { \ 3.23 ++ if (b1 < (int) (a0 + TabEnt->Param) || pa != thisrun) { \ 3.24 ++ unexpected("VL", a0); \ 3.25 ++ goto eol2d; \ 3.26 ++ } \ 3.27 ++ } \ 3.28 + SETVALUE(b1 - a0 - TabEnt->Param); \ 3.29 + b1 -= *--pb; \ 3.30 + break; \
4.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 4.2 +++ b/tiff/stuff/libtiff-CVE-2011-1167.patch Sat Apr 09 07:21:58 2011 +0000 4.3 @@ -0,0 +1,53 @@ 4.4 +Upstream patch for CVE-2011-1167, heap-based buffer overflow in thunder 4.5 +decoder (ZDI-CAN-1004). 4.6 + 4.7 + 4.8 +diff -Naur tiff-3.9.4.orig/libtiff/tif_thunder.c tiff-3.9.4/libtiff/tif_thunder.c 4.9 +--- tiff-3.9.4.orig/libtiff/tif_thunder.c 2010-06-08 14:50:43.000000000 -0400 4.10 ++++ tiff-3.9.4/libtiff/tif_thunder.c 2011-03-18 12:17:13.635796403 -0400 4.11 +@@ -55,12 +55,32 @@ 4.12 + static const int twobitdeltas[4] = { 0, 1, 0, -1 }; 4.13 + static const int threebitdeltas[8] = { 0, 1, 2, 3, 0, -3, -2, -1 }; 4.14 + 4.15 +-#define SETPIXEL(op, v) { \ 4.16 +- lastpixel = (v) & 0xf; \ 4.17 +- if (npixels++ & 1) \ 4.18 +- *op++ |= lastpixel; \ 4.19 +- else \ 4.20 ++#define SETPIXEL(op, v) { \ 4.21 ++ lastpixel = (v) & 0xf; \ 4.22 ++ if ( npixels < maxpixels ) \ 4.23 ++ { \ 4.24 ++ if (npixels++ & 1) \ 4.25 ++ *op++ |= lastpixel; \ 4.26 ++ else \ 4.27 + op[0] = (tidataval_t) (lastpixel << 4); \ 4.28 ++ } \ 4.29 ++} 4.30 ++ 4.31 ++static int 4.32 ++ThunderSetupDecode(TIFF* tif) 4.33 ++{ 4.34 ++ static const char module[] = "ThunderSetupDecode"; 4.35 ++ 4.36 ++ if( tif->tif_dir.td_bitspersample != 4 ) 4.37 ++ { 4.38 ++ TIFFErrorExt(tif->tif_clientdata, module, 4.39 ++ "Wrong bitspersample value (%d), Thunder decoder only supports 4bits per sample.", 4.40 ++ (int) tif->tif_dir.td_bitspersample ); 4.41 ++ return 0; 4.42 ++ } 4.43 ++ 4.44 ++ 4.45 ++ return (1); 4.46 + } 4.47 + 4.48 + static int 4.49 +@@ -151,6 +171,7 @@ 4.50 + (void) scheme; 4.51 + tif->tif_decoderow = ThunderDecodeRow; 4.52 + tif->tif_decodestrip = ThunderDecodeRow; 4.53 ++ tif->tif_setupdecode = ThunderSetupDecode; 4.54 + return (1); 4.55 + } 4.56 + #endif /* THUNDER_SUPPORT */
5.1 --- a/wxpython/receipt Sat Apr 09 13:01:20 2011 +0200 5.2 +++ b/wxpython/receipt Sat Apr 09 07:21:58 2011 +0000 5.3 @@ -5,8 +5,8 @@ 5.4 CATEGORY="x-window" 5.5 SHORT_DESC="GUI toolkit for the Python programming language." 5.6 MAINTAINER="pankso@slitaz.org" 5.7 -DEPENDS="python gtk+" 5.8 -BUILD_DEPENDS="python-dev gtk+-dev" 5.9 +DEPENDS="python wxWidgets" 5.10 +BUILD_DEPENDS="python-dev wxWidgets-dev" 5.11 SOURCE="wxPython-src" 5.12 TARBALL="$SOURCE-$VERSION.tar.bz2" 5.13 WEB_SITE="http://www.wxpython.org/" 5.14 @@ -17,12 +17,14 @@ 5.15 { 5.16 cd $src 5.17 ./configure \ 5.18 - --prefix=/usr \ 5.19 - --mandir=/usr/share/man \ 5.20 - --without-sdl \ 5.21 - $CONFIGURE_ARGS && 5.22 - make -j 4 && 5.23 - make DESTDIR=$PWD/_pkg install 5.24 + --with-gtk=2 \ 5.25 + --with-libpng=sys \ 5.26 + --with-libjpeg=sys \ 5.27 + --with-libtiff=sys && 5.28 + cd wxPython && 5.29 + python setup.py WXPORT=gtk2 UNICODE=1 build && 5.30 + python setup.py WXPORT=gtk2 UNICODE=1 install --root=$DESTDIR 5.31 + 5.32 } 5.33 5.34 # Rules to gen a SliTaz package suitable for Tazpkg.