# HG changeset patch # User Christopher Rogers # Date 1285568486 0 # Node ID 22302c6b4b2d2799d839610776c38c001f8bd02d # Parent 556f2271529a2bec5490acc838a69190f25a4b39 Added patch to tiff to fix CVE-2009-2285 bug. diff -r 556f2271529a -r 22302c6b4b2d tiff/receipt --- a/tiff/receipt Mon Sep 27 02:41:42 2010 +0200 +++ b/tiff/receipt Mon Sep 27 06:21:26 2010 +0000 @@ -14,6 +14,13 @@ compile_rules() { cd $src + + # Added patch to fix CVE-2009-2285 + # Bufffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 + # allows context-dependent attackers to cause a denial of service + # (crash) via a crafted TIFF imag. + + patch -p1 -i ../stuff/libtiff-CVE-2009-2285.patch ./configure --prefix=/usr --infodir=/usr/share/info \ --mandir=/usr/share/man $CONFIGURE_ARGS && make && diff -r 556f2271529a -r 22302c6b4b2d tiff/stuff/libtiff-CVE-2009-2285.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tiff/stuff/libtiff-CVE-2009-2285.patch Mon Sep 27 06:21:26 2010 +0000 @@ -0,0 +1,22 @@ +Index: tiff-3.8.2/libtiff/tif_lzw.c +=================================================================== +--- tiff-3.8.2.orig/libtiff/tif_lzw.c ++++ tiff-3.8.2/libtiff/tif_lzw.c +@@ -421,7 +421,7 @@ LZWDecode(TIFF* tif, tidata_t op0, tsize + NextCode(tif, sp, bp, code, GetNextCode); + if (code == CODE_EOI) + break; +- if (code == CODE_CLEAR) { ++ if (code >= CODE_CLEAR) { + TIFFErrorExt(tif->tif_clientdata, tif->tif_name, + "LZWDecode: Corrupted LZW table at scanline %d", + tif->tif_row); +@@ -624,7 +624,7 @@ LZWDecodeCompat(TIFF* tif, tidata_t op0, + NextCode(tif, sp, bp, code, GetNextCodeCompat); + if (code == CODE_EOI) + break; +- if (code == CODE_CLEAR) { ++ if (code >= CODE_CLEAR) { + TIFFErrorExt(tif->tif_clientdata, tif->tif_name, + "LZWDecode: Corrupted LZW table at scanline %d", + tif->tif_row);