SliTaz Repositories

     1.1 --- a/tiff/receipt	Mon Sep 27 02:41:42 2010 +0200
     1.2 +++ b/tiff/receipt	Mon Sep 27 06:21:26 2010 +0000
     1.3 @@ -14,6 +14,13 @@
     1.4  compile_rules()
     1.5  {
     1.6      cd $src
     1.7 +
     1.8 +    # Added patch to fix CVE-2009-2285 
     1.9 +    # Bufffer underflow in the LZWDecodeCompat function in libtiff 3.8.2
    1.10 +    # allows context-dependent attackers to cause a denial of service 
    1.11 +    # (crash) via a crafted TIFF imag.
    1.12 +
    1.13 +    patch -p1 -i ../stuff/libtiff-CVE-2009-2285.patch
    1.14      ./configure --prefix=/usr --infodir=/usr/share/info \
    1.15      --mandir=/usr/share/man $CONFIGURE_ARGS &&
    1.16      make &&

     2.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     2.2 +++ b/tiff/stuff/libtiff-CVE-2009-2285.patch	Mon Sep 27 06:21:26 2010 +0000
     2.3 @@ -0,0 +1,22 @@
     2.4 +Index: tiff-3.8.2/libtiff/tif_lzw.c
     2.5 +===================================================================
     2.6 +--- tiff-3.8.2.orig/libtiff/tif_lzw.c
     2.7 ++++ tiff-3.8.2/libtiff/tif_lzw.c
     2.8 +@@ -421,7 +421,7 @@ LZWDecode(TIFF* tif, tidata_t op0, tsize
     2.9 + 			NextCode(tif, sp, bp, code, GetNextCode);
    2.10 + 			if (code == CODE_EOI)
    2.11 + 				break;
    2.12 +-			if (code == CODE_CLEAR) {
    2.13 ++			if (code >= CODE_CLEAR) {
    2.14 + 				TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
    2.15 + 				"LZWDecode: Corrupted LZW table at scanline %d",
    2.16 + 				tif->tif_row);
    2.17 +@@ -624,7 +624,7 @@ LZWDecodeCompat(TIFF* tif, tidata_t op0,
    2.18 + 			NextCode(tif, sp, bp, code, GetNextCodeCompat);
    2.19 + 			if (code == CODE_EOI)
    2.20 + 				break;
    2.21 +-			if (code == CODE_CLEAR) {
    2.22 ++			if (code >= CODE_CLEAR) {
    2.23 + 				TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
    2.24 + 				"LZWDecode: Corrupted LZW table at scanline %d",
    2.25 + 				tif->tif_row);