Author: arekm Date: Fri Jul 10 13:16:07 2009 GMT Module: packages Tag: HEAD ---- Log message: - rel 7; CVE-2009-2285 fix
---- Files affected: packages/libtiff: libtiff.spec (1.96 -> 1.97) , libtiff-CVE-2009-2285.patch (NONE -> 1.1) (NEW) ---- Diffs: ================================================================ Index: packages/libtiff/libtiff.spec diff -u packages/libtiff/libtiff.spec:1.96 packages/libtiff/libtiff.spec:1.97 --- packages/libtiff/libtiff.spec:1.96 Mon Jun 29 17:02:58 2009 +++ packages/libtiff/libtiff.spec Fri Jul 10 15:16:01 2009 @@ -10,7 +10,7 @@ Summary(tr.UTF-8): TIFF dosyalarını işleme kitaplığı Name: libtiff Version: 3.8.2 -Release: 6 +Release: 7 License: BSD-like Group: Libraries Source0: ftp://ftp.remotesensing.org/pub/libtiff/tiff-%{version}.tar.gz @@ -20,9 +20,8 @@ Patch2: %{name}-libtool.patch Patch3: %{name}-glut.patch Patch4: %{name}-CVE-2006-2193.patch +Patch5: %{name}-CVE-2009-2285.patch URL: http://www.remotesensing.org/libtiff/ -# http://securitytracker.com/alerts/2009/Jun/1022426.html -BuildRequires: security(LZWDecodeCompat_via_underflow) %{?with_opengl:BuildRequires: OpenGL-glut-devel} BuildRequires: autoconf >= 2.59 BuildRequires: automake @@ -170,6 +169,7 @@ %patch2 %patch3 %patch4 -p1 +%patch5 -p1 rm -f m4/{libtool,lt*}.m4 @@ -252,6 +252,9 @@ All persons listed below can be reached at <cvs_login>@pld-linux.org $Log$ +Revision 1.97 2009/07/10 13:16:01 arekm +- rel 7; CVE-2009-2285 fix + Revision 1.96 2009/06/29 15:02:58 blues - security blocker added ================================================================ Index: packages/libtiff/libtiff-CVE-2009-2285.patch diff -u /dev/null packages/libtiff/libtiff-CVE-2009-2285.patch:1.1 --- /dev/null Fri Jul 10 15:16:07 2009 +++ packages/libtiff/libtiff-CVE-2009-2285.patch Fri Jul 10 15:16:01 2009 @@ -0,0 +1,22 @@ +Index: tiff-3.8.2/libtiff/tif_lzw.c +=================================================================== +--- tiff-3.8.2.orig/libtiff/tif_lzw.c ++++ tiff-3.8.2/libtiff/tif_lzw.c +@@ -421,7 +421,7 @@ LZWDecode(TIFF* tif, tidata_t op0, tsize + NextCode(tif, sp, bp, code, GetNextCode); + if (code == CODE_EOI) + break; +- if (code == CODE_CLEAR) { ++ if (code >= CODE_CLEAR) { + TIFFErrorExt(tif->tif_clientdata, tif->tif_name, + "LZWDecode: Corrupted LZW table at scanline %d", + tif->tif_row); +@@ -624,7 +624,7 @@ LZWDecodeCompat(TIFF* tif, tidata_t op0, + NextCode(tif, sp, bp, code, GetNextCodeCompat); + if (code == CODE_EOI) + break; +- if (code == CODE_CLEAR) { ++ if (code >= CODE_CLEAR) { + TIFFErrorExt(tif->tif_clientdata, tif->tif_name, + "LZWDecode: Corrupted LZW table at scanline %d", + tif->tif_row); ================================================================ ---- CVS-web: http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/libtiff/libtiff.spec?r1=1.96&r2=1.97&f=u _______________________________________________ pld-cvs-commit mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
