wok rev 9579

Up: tiff to 3.9.5.
author Christopher Rogers <slaxemulator@gmail.com>
date Tue Apr 12 11:37:28 2011 +0000 (2011-04-12)
parents 540e07f1f4e1
children 63f55f52c422
files tiff-apps/receipt tiff-dev/receipt tiff/receipt tiff/stuff/libtiff-CVE-2009-2285.patch tiff/stuff/libtiff-CVE-2011-0192.patch tiff/stuff/libtiff-CVE-2011-1167.patch
line diff
     1.1 --- a/tiff-apps/receipt	Tue Apr 12 11:24:03 2011 +0000
     1.2 +++ b/tiff-apps/receipt	Tue Apr 12 11:37:28 2011 +0000
     1.3 @@ -1,7 +1,7 @@
     1.4  # SliTaz package receipt.
     1.5  
     1.6  PACKAGE="tiff-apps"
     1.7 -VERSION="3.9.4"
     1.8 +VERSION="3.9.5"
     1.9  CATEGORY="x-window"
    1.10  SHORT_DESC="TIFF images manipulation cli applications. (Check tiff for libs)."
    1.11  MAINTAINER="pankso@slitaz.org"
    1.12 @@ -12,6 +12,6 @@
    1.13  # Rules to gen a SliTaz package suitable for Tazpkg.
    1.14  genpkg_rules()
    1.15  {
    1.16 -	mkdir -p $fs/usr
    1.17 +    mkdir -p $fs/usr
    1.18      cp -a $_pkg/usr/bin $fs/usr
    1.19  }
     2.1 --- a/tiff-dev/receipt	Tue Apr 12 11:24:03 2011 +0000
     2.2 +++ b/tiff-dev/receipt	Tue Apr 12 11:37:28 2011 +0000
     2.3 @@ -1,7 +1,7 @@
     2.4  # SliTaz package receipt.
     2.5  
     2.6  PACKAGE="tiff-dev"
     2.7 -VERSION="3.9.4"
     2.8 +VERSION="3.9.5"
     2.9  CATEGORY="development"
    2.10  SHORT_DESC="TIFF images libs devel files. (Check tiff-apps for utilities)."
    2.11  MAINTAINER="pankso@slitaz.org"
    2.12 @@ -12,7 +12,7 @@
    2.13  # Rules to gen a SliTaz package suitable for Tazpkg.
    2.14  genpkg_rules()
    2.15  {
    2.16 -	mkdir -p $fs/usr/lib
    2.17 +    mkdir -p $fs/usr/lib
    2.18      cp -a $_pkg/usr/lib/*.*a $fs/usr/lib
    2.19      cp -a $_pkg/usr/include $fs/usr
    2.20  }
     3.1 --- a/tiff/receipt	Tue Apr 12 11:24:03 2011 +0000
     3.2 +++ b/tiff/receipt	Tue Apr 12 11:37:28 2011 +0000
     3.3 @@ -1,7 +1,7 @@
     3.4  # SliTaz package receipt.
     3.5  
     3.6  PACKAGE="tiff"
     3.7 -VERSION="3.9.4"
     3.8 +VERSION="3.9.5"
     3.9  CATEGORY="x-window"
    3.10  SHORT_DESC="TIFF images libs. (Check tiff-apps for utilities)."
    3.11  MAINTAINER="pankso@slitaz.org"
    3.12 @@ -15,16 +15,6 @@
    3.13  {
    3.14      cd $src
    3.15  
    3.16 -    # Added patch to fix CVE-2009-2285 
    3.17 -    # Bufffer underflow in the LZWDecodeCompat function in libtiff 3.8.2
    3.18 -    # allows context-dependent attackers to cause a denial of service 
    3.19 -    # (crash) via a crafted TIFF imag.
    3.20 -
    3.21 -    patch -Np1 -i $stuff/libtiff-CVE-2009-2285.patch
    3.22 -    #http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0192
    3.23 -    patch -Np1 -i $stuff/libtiff-CVE-2011-0192.patch
    3.24 -    #http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1167
    3.25 -    patch -Np1 -i $stuff/libtiff-CVE-2011-1167.patch
    3.26      ./configure &&
    3.27      make &&
    3.28      make install
     4.1 --- a/tiff/stuff/libtiff-CVE-2009-2285.patch	Tue Apr 12 11:24:03 2011 +0000
     4.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
     4.3 @@ -1,22 +0,0 @@
     4.4 -Index: tiff-3.8.2/libtiff/tif_lzw.c
     4.5 -===================================================================
     4.6 ---- tiff-3.8.2.orig/libtiff/tif_lzw.c
     4.7 -+++ tiff-3.8.2/libtiff/tif_lzw.c
     4.8 -@@ -421,7 +421,7 @@ LZWDecode(TIFF* tif, tidata_t op0, tsize
     4.9 - 			NextCode(tif, sp, bp, code, GetNextCode);
    4.10 - 			if (code == CODE_EOI)
    4.11 - 				break;
    4.12 --			if (code == CODE_CLEAR) {
    4.13 -+			if (code >= CODE_CLEAR) {
    4.14 - 				TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
    4.15 - 				"LZWDecode: Corrupted LZW table at scanline %d",
    4.16 - 				tif->tif_row);
    4.17 -@@ -624,7 +624,7 @@ LZWDecodeCompat(TIFF* tif, tidata_t op0,
    4.18 - 			NextCode(tif, sp, bp, code, GetNextCodeCompat);
    4.19 - 			if (code == CODE_EOI)
    4.20 - 				break;
    4.21 --			if (code == CODE_CLEAR) {
    4.22 -+			if (code >= CODE_CLEAR) {
    4.23 - 				TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
    4.24 - 				"LZWDecode: Corrupted LZW table at scanline %d",
    4.25 - 				tif->tif_row);
     5.1 --- a/tiff/stuff/libtiff-CVE-2011-0192.patch	Tue Apr 12 11:24:03 2011 +0000
     5.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
     5.3 @@ -1,27 +0,0 @@
     5.4 -Protect against a fax VL(n) codeword commanding a move left.  Without
     5.5 -this, a malicious input file can generate an indefinitely large series
     5.6 -of runs without a0 ever reaching the right margin, thus overrunning
     5.7 -our buffer of run lengths.  Per CVE-2011-0192.  This is a modified
     5.8 -version of a patch proposed by Drew Yao of Apple Product Security.
     5.9 -It adds an unexpected() report, and disallows the equality case except
    5.10 -for the first run of a line, since emitting a run without increasing a0
    5.11 -still allows buffer overrun.  (We have to allow it for the first run to
    5.12 -cover the case of encoding a zero-length run at start of line using VL.)
    5.13 -
    5.14 -
    5.15 -diff -Naur tiff-3.9.4.orig/libtiff/tif_fax3.h tiff-3.9.4/libtiff/tif_fax3.h
    5.16 ---- tiff-3.9.4.orig/libtiff/tif_fax3.h	2010-06-08 14:50:42.000000000 -0400
    5.17 -+++ tiff-3.9.4/libtiff/tif_fax3.h	2011-03-10 12:11:20.850839162 -0500
    5.18 -@@ -478,6 +478,12 @@
    5.19 - 	    break;							\
    5.20 - 	case S_VL:							\
    5.21 - 	    CHECK_b1;							\
    5.22 -+	    if (b1 <= (int) (a0 + TabEnt->Param)) {			\
    5.23 -+		if (b1 < (int) (a0 + TabEnt->Param) || pa != thisrun) {	\
    5.24 -+		    unexpected("VL", a0);				\
    5.25 -+		    goto eol2d;						\
    5.26 -+		}							\
    5.27 -+	    }								\
    5.28 - 	    SETVALUE(b1 - a0 - TabEnt->Param);				\
    5.29 - 	    b1 -= *--pb;						\
    5.30 - 	    break;							\
     6.1 --- a/tiff/stuff/libtiff-CVE-2011-1167.patch	Tue Apr 12 11:24:03 2011 +0000
     6.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
     6.3 @@ -1,53 +0,0 @@
     6.4 -Upstream patch for CVE-2011-1167, heap-based buffer overflow in thunder
     6.5 -decoder (ZDI-CAN-1004).
     6.6 -
     6.7 -
     6.8 -diff -Naur tiff-3.9.4.orig/libtiff/tif_thunder.c tiff-3.9.4/libtiff/tif_thunder.c
     6.9 ---- tiff-3.9.4.orig/libtiff/tif_thunder.c	2010-06-08 14:50:43.000000000 -0400
    6.10 -+++ tiff-3.9.4/libtiff/tif_thunder.c	2011-03-18 12:17:13.635796403 -0400
    6.11 -@@ -55,12 +55,32 @@
    6.12 - static const int twobitdeltas[4] = { 0, 1, 0, -1 };
    6.13 - static const int threebitdeltas[8] = { 0, 1, 2, 3, 0, -3, -2, -1 };
    6.14 - 
    6.15 --#define	SETPIXEL(op, v) { \
    6.16 --	lastpixel = (v) & 0xf; \
    6.17 --	if (npixels++ & 1) \
    6.18 --	    *op++ |= lastpixel; \
    6.19 --	else \
    6.20 -+#define	SETPIXEL(op, v) {                     \
    6.21 -+	lastpixel = (v) & 0xf;                \
    6.22 -+        if ( npixels < maxpixels )         \
    6.23 -+        {                                     \
    6.24 -+	  if (npixels++ & 1)                  \
    6.25 -+	    *op++ |= lastpixel;               \
    6.26 -+	  else                                \
    6.27 - 	    op[0] = (tidataval_t) (lastpixel << 4); \
    6.28 -+        }                                     \
    6.29 -+}
    6.30 -+
    6.31 -+static int
    6.32 -+ThunderSetupDecode(TIFF* tif)
    6.33 -+{
    6.34 -+	static const char module[] = "ThunderSetupDecode";
    6.35 -+
    6.36 -+        if( tif->tif_dir.td_bitspersample != 4 )
    6.37 -+        {
    6.38 -+                TIFFErrorExt(tif->tif_clientdata, module,
    6.39 -+                             "Wrong bitspersample value (%d), Thunder decoder only supports 4bits per sample.",
    6.40 -+                             (int) tif->tif_dir.td_bitspersample );
    6.41 -+                return 0;
    6.42 -+        }
    6.43 -+        
    6.44 -+
    6.45 -+	return (1);
    6.46 - }
    6.47 - 
    6.48 - static int
    6.49 -@@ -151,6 +171,7 @@
    6.50 - 	(void) scheme;
    6.51 - 	tif->tif_decoderow = ThunderDecodeRow;
    6.52 - 	tif->tif_decodestrip = ThunderDecodeRow;
    6.53 -+	tif->tif_setupdecode = ThunderSetupDecode;
    6.54 - 	return (1);
    6.55 - }
    6.56 - #endif /* THUNDER_SUPPORT */