# HG changeset patch
# User Christopher Rogers <slaxemulator@gmail.com>
# Date 1302333718 0
# Node ID a09f59c162605de65f99d5284c6b0c01e2d4618d
# Parent  c3cd2c0689de8b36f13e6446c17636262240f571
tiff: Patched overflows that could lead to aribitrary code execution when parsing a malformed image file. Thanks slackware for having this.

diff -r c3cd2c0689de -r a09f59c16260 linux/receipt
--- a/linux/receipt	Sat Apr 09 13:01:20 2011 +0200
+++ b/linux/receipt	Sat Apr 09 07:21:58 2011 +0000
@@ -1,13 +1,20 @@
 # SliTaz package receipt.
 
 PACKAGE="linux"
-VERSION="2.6.37"
+VERSION="2.6.37.6"
+BASE_VERSION="${VERSION%.*}"
+# the one below is when your using the newer base version
+#BASE_VERSION="$VERSION"
 CATEGORY="base-system"
 SHORT_DESC="The Linux kernel and modules."
 DEPENDS="depmod"
-BUILD_DEPENDS="slitaz-toolchain perl git lzma patch"
+if [ "$BASE_VERSION" != "$VERSION" ]; then
+	BUILD_DEPENDS="linux-patch perl git lzma patch"
+else
+	BUILD_DEPENDS="perl git lzma patch"
+fi
 MAINTAINER="devel@slitaz.org"
-TARBALL="$PACKAGE-$VERSION.tar.bz2"
+TARBALL="$PACKAGE-$BASE_VERSION.tar.bz2"
 WEB_SITE="http://www.kernel.org/"
 WGET_URL="http://www.eu.kernel.org/pub/linux/kernel/v${VERSION:0:3}/$TARBALL"
 CONFIG_FILES="/lib/modules/$VERSION-slitaz/modules.dep"
@@ -48,10 +55,10 @@
 		patch -p1 < $WOK/$PACKAGE/slitaz/$patch_file || { report close-bloc; return 1; }
 		touch done.$patch_file
 	done <<EOT
-$PACKAGE-diff-$VERSION.u
-$PACKAGE-unlzma-$VERSION.u
-$PACKAGE-header-$VERSION.u
-$PACKAGE-freeinitrd-$VERSION.u
+$PACKAGE-diff-$BASE_VERSION.u
+$PACKAGE-unlzma-$BASE_VERSION.u
+$PACKAGE-header-$BASE_VERSION.u
+$PACKAGE-freeinitrd-$BASE_VERSION.u
 aufs2-base.patch
 aufs2-standalone.patch
 001-squashfs-decompressors-add-xz-decompressor-module.patch
@@ -68,7 +75,7 @@
 
 	report step "Make bzImage without modules first"
 	# Build bzImage without modules first
-	cp -f $stuff/$PACKAGE-$VERSION-slitaz.config .config
+	cp -f $stuff/$PACKAGE-$BASE_VERSION-slitaz.config .config
 	sed -i 's/CONFIG_MODULES=y/# CONFIG_MODULES is not set/' .config
 	# We can't keep every driver in staging 
 	sed -i -e 's/^CONFIG_RTL8192/#&/' \
@@ -82,7 +89,7 @@
 
 	report step "Now build bzImage with modules"
 	# Build bzImage with modules
-	cp -f $stuff/$PACKAGE-$VERSION-slitaz.config .config
+	cp -f $stuff/$PACKAGE-$BASE_VERSION-slitaz.config .config
 	make oldconfig
 	ln .config $WOK/$PACKAGE/slitaz/config
 	make -j 4 bzImage &&
@@ -116,7 +123,7 @@
     export _pkg
     mkdir $WOK/$PACKAGE/tmp
     $WOK/$PACKAGE/stuff/list_modules.sh \
-	$(cat stuff/modules-$VERSION.list) > $WOK/$PACKAGE/tmp/modules.list
+	$(cat $stuff/modules-$BASE_VERSION.list) > $WOK/$PACKAGE/tmp/modules.list
     while read module; do
     	dir=$(dirname $module)
     	[ -d $path/$dir ] || mkdir -p $path/$dir
diff -r c3cd2c0689de -r a09f59c16260 tiff/receipt
--- a/tiff/receipt	Sat Apr 09 13:01:20 2011 +0200
+++ b/tiff/receipt	Sat Apr 09 07:21:58 2011 +0000
@@ -20,16 +20,19 @@
     # allows context-dependent attackers to cause a denial of service 
     # (crash) via a crafted TIFF imag.
 
-    patch -p1 -i $stuff/libtiff-CVE-2009-2285.patch
-    ./configure --prefix=/usr --infodir=/usr/share/info \
-    --mandir=/usr/share/man $CONFIGURE_ARGS &&
+    patch -Np1 -i $stuff/libtiff-CVE-2009-2285.patch
+    #http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0192
+    patch -Np1 -i $stuff/libtiff-CVE-2011-0192.patch
+    #http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1167
+    patch -Np1 -i $stuff/libtiff-CVE-2011-1167.patch
+    ./configure &&
     make &&
-    make DESTDIR=$PWD/_pkg install
+    make install
 }
 
 # Rules to gen a SliTaz package suitable for Tazpkg.
 genpkg_rules()
 {
-	mkdir -p $fs/usr/lib
+    mkdir -p $fs/usr/lib
     cp -a $_pkg/usr/lib/*.so* $fs/usr/lib
 }
diff -r c3cd2c0689de -r a09f59c16260 tiff/stuff/libtiff-CVE-2011-0192.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tiff/stuff/libtiff-CVE-2011-0192.patch	Sat Apr 09 07:21:58 2011 +0000
@@ -0,0 +1,27 @@
+Protect against a fax VL(n) codeword commanding a move left.  Without
+this, a malicious input file can generate an indefinitely large series
+of runs without a0 ever reaching the right margin, thus overrunning
+our buffer of run lengths.  Per CVE-2011-0192.  This is a modified
+version of a patch proposed by Drew Yao of Apple Product Security.
+It adds an unexpected() report, and disallows the equality case except
+for the first run of a line, since emitting a run without increasing a0
+still allows buffer overrun.  (We have to allow it for the first run to
+cover the case of encoding a zero-length run at start of line using VL.)
+
+
+diff -Naur tiff-3.9.4.orig/libtiff/tif_fax3.h tiff-3.9.4/libtiff/tif_fax3.h
+--- tiff-3.9.4.orig/libtiff/tif_fax3.h	2010-06-08 14:50:42.000000000 -0400
++++ tiff-3.9.4/libtiff/tif_fax3.h	2011-03-10 12:11:20.850839162 -0500
+@@ -478,6 +478,12 @@
+ 	    break;							\
+ 	case S_VL:							\
+ 	    CHECK_b1;							\
++	    if (b1 <= (int) (a0 + TabEnt->Param)) {			\
++		if (b1 < (int) (a0 + TabEnt->Param) || pa != thisrun) {	\
++		    unexpected("VL", a0);				\
++		    goto eol2d;						\
++		}							\
++	    }								\
+ 	    SETVALUE(b1 - a0 - TabEnt->Param);				\
+ 	    b1 -= *--pb;						\
+ 	    break;							\
diff -r c3cd2c0689de -r a09f59c16260 tiff/stuff/libtiff-CVE-2011-1167.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tiff/stuff/libtiff-CVE-2011-1167.patch	Sat Apr 09 07:21:58 2011 +0000
@@ -0,0 +1,53 @@
+Upstream patch for CVE-2011-1167, heap-based buffer overflow in thunder
+decoder (ZDI-CAN-1004).
+
+
+diff -Naur tiff-3.9.4.orig/libtiff/tif_thunder.c tiff-3.9.4/libtiff/tif_thunder.c
+--- tiff-3.9.4.orig/libtiff/tif_thunder.c	2010-06-08 14:50:43.000000000 -0400
++++ tiff-3.9.4/libtiff/tif_thunder.c	2011-03-18 12:17:13.635796403 -0400
+@@ -55,12 +55,32 @@
+ static const int twobitdeltas[4] = { 0, 1, 0, -1 };
+ static const int threebitdeltas[8] = { 0, 1, 2, 3, 0, -3, -2, -1 };
+ 
+-#define	SETPIXEL(op, v) { \
+-	lastpixel = (v) & 0xf; \
+-	if (npixels++ & 1) \
+-	    *op++ |= lastpixel; \
+-	else \
++#define	SETPIXEL(op, v) {                     \
++	lastpixel = (v) & 0xf;                \
++        if ( npixels < maxpixels )         \
++        {                                     \
++	  if (npixels++ & 1)                  \
++	    *op++ |= lastpixel;               \
++	  else                                \
+ 	    op[0] = (tidataval_t) (lastpixel << 4); \
++        }                                     \
++}
++
++static int
++ThunderSetupDecode(TIFF* tif)
++{
++	static const char module[] = "ThunderSetupDecode";
++
++        if( tif->tif_dir.td_bitspersample != 4 )
++        {
++                TIFFErrorExt(tif->tif_clientdata, module,
++                             "Wrong bitspersample value (%d), Thunder decoder only supports 4bits per sample.",
++                             (int) tif->tif_dir.td_bitspersample );
++                return 0;
++        }
++        
++
++	return (1);
+ }
+ 
+ static int
+@@ -151,6 +171,7 @@
+ 	(void) scheme;
+ 	tif->tif_decoderow = ThunderDecodeRow;
+ 	tif->tif_decodestrip = ThunderDecodeRow;
++	tif->tif_setupdecode = ThunderSetupDecode;
+ 	return (1);
+ }
+ #endif /* THUNDER_SUPPORT */
diff -r c3cd2c0689de -r a09f59c16260 wxpython/receipt
--- a/wxpython/receipt	Sat Apr 09 13:01:20 2011 +0200
+++ b/wxpython/receipt	Sat Apr 09 07:21:58 2011 +0000
@@ -5,8 +5,8 @@
 CATEGORY="x-window"
 SHORT_DESC="GUI toolkit for the Python programming language."
 MAINTAINER="pankso@slitaz.org"
-DEPENDS="python gtk+"
-BUILD_DEPENDS="python-dev gtk+-dev"
+DEPENDS="python wxWidgets"
+BUILD_DEPENDS="python-dev wxWidgets-dev"
 SOURCE="wxPython-src"
 TARBALL="$SOURCE-$VERSION.tar.bz2"
 WEB_SITE="http://www.wxpython.org/"
@@ -17,12 +17,14 @@
 {
     cd $src
     ./configure \
-    	--prefix=/usr \
-    	--mandir=/usr/share/man \
-    	--without-sdl \
-    	$CONFIGURE_ARGS &&
-    make -j 4 &&
-    make DESTDIR=$PWD/_pkg install
+	--with-gtk=2 \
+	--with-libpng=sys \
+	--with-libjpeg=sys \
+	--with-libtiff=sys &&
+    cd wxPython &&
+    python setup.py WXPORT=gtk2 UNICODE=1 build &&
+    python setup.py WXPORT=gtk2 UNICODE=1 install --root=$DESTDIR
+
 }
 
 # Rules to gen a SliTaz package suitable for Tazpkg.