From 415856bdd4f48ab4f2732996f0bae58595092bbe Mon Sep 17 00:00:00 2001 From: Parabola Date: Tue, 5 Apr 2011 14:26:38 +0000 Subject: Tue Apr 5 14:26:38 UTC 2011 --- extra/libtiff/ChangeLog | 35 +++++++++++++++++++++++++++++++ extra/libtiff/PKGBUILD | 32 ++++++++++++++++++++++++++++ extra/libtiff/libtiff-CVE-2009-2285.patch | 22 +++++++++++++++++++ 3 files changed, 89 insertions(+) create mode 100644 extra/libtiff/ChangeLog create mode 100644 extra/libtiff/PKGBUILD create mode 100644 extra/libtiff/libtiff-CVE-2009-2285.patch (limited to 'extra/libtiff') diff --git a/extra/libtiff/ChangeLog b/extra/libtiff/ChangeLog new file mode 100644 index 000000000..88edcc7fc --- /dev/null +++ b/extra/libtiff/ChangeLog @@ -0,0 +1,35 @@ +2010-06-20 Eric Belanger + + * libtiff 3.9.4-1 + * Upstream update + +2009-11-05 Eric Belanger + + * libtiff 3.9.2-1 + * Upstream update + +2009-08-28 Eric Belanger + + * libtiff 3.9.1-1 + * Upstream update + +2009-08-26 Eric Belanger + + * libtiff 3.9.0-1 + * Upstream update + * Updated url + * Updated patches + +2009-08-14 Eric Belanger + + * libtiff 3.8.2-6 + * Added security fixes (close FS#15931) + +2008-09-05 Eric Belanger + + * libtiff 3.8.2-4 + * Applied patch to fix buffer underflow in LZW decoding (tiff-3.8.2-CVE-2008-2327.patch) + * Added license + * Added freeglut optdepends + * FHS man pages + * Added ChangeLog diff --git a/extra/libtiff/PKGBUILD b/extra/libtiff/PKGBUILD new file mode 100644 index 000000000..ed80a2bae --- /dev/null +++ b/extra/libtiff/PKGBUILD @@ -0,0 +1,32 @@ +# $Id: PKGBUILD 83314 2010-06-20 21:43:27Z eric $ +# Maintainer: Eric Belanger +# Contributor: dorphell + +pkgname=libtiff +pkgver=3.9.4 +pkgrel=1 +pkgdesc="Library for manipulation of TIFF images" +arch=('i686' 'x86_64') +url="http://www.remotesensing.org/libtiff/" +license=('custom') +depends=('libjpeg' 'zlib') +makedepends=('libgl' 'freeglut' 'libxmu' 'libxi') +optdepends=('freeglut: for using tiffgt') +options=('!libtool') +source=(ftp://ftp.remotesensing.org/pub/libtiff/tiff-${pkgver}.tar.gz \ + libtiff-CVE-2009-2285.patch) +md5sums=('2006c1bdd12644dbf02956955175afd6' 'ff61077408727a82281f77a94f555e2a') +sha1sums=('a4e32d55afbbcabd0391a9c89995e8e8a19961de' 'eadce8c8bd72ea9c74f35300bf299131813b0c8b') + +build() { + cd "${srcdir}/tiff-${pkgver}" + patch -p1 < ../libtiff-CVE-2009-2285.patch || return 1 + ./configure --prefix=/usr --sysconfdir=/etc --mandir=/usr/share/man || return 1 + make || return 1 +} + +package() { + cd "${srcdir}/tiff-${pkgver}" + make DESTDIR="${pkgdir}" install || return 1 + install -D -m644 COPYRIGHT "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" || return 1 +} diff --git a/extra/libtiff/libtiff-CVE-2009-2285.patch b/extra/libtiff/libtiff-CVE-2009-2285.patch new file mode 100644 index 000000000..435a84b53 --- /dev/null +++ b/extra/libtiff/libtiff-CVE-2009-2285.patch @@ -0,0 +1,22 @@ +Index: tiff-3.8.2/libtiff/tif_lzw.c +=================================================================== +--- tiff-3.8.2.orig/libtiff/tif_lzw.c ++++ tiff-3.8.2/libtiff/tif_lzw.c +@@ -421,7 +421,7 @@ LZWDecode(TIFF* tif, tidata_t op0, tsize + NextCode(tif, sp, bp, code, GetNextCode); + if (code == CODE_EOI) + break; +- if (code == CODE_CLEAR) { ++ if (code >= CODE_CLEAR) { + TIFFErrorExt(tif->tif_clientdata, tif->tif_name, + "LZWDecode: Corrupted LZW table at scanline %d", + tif->tif_row); +@@ -624,7 +624,7 @@ LZWDecodeCompat(TIFF* tif, tidata_t op0, + NextCode(tif, sp, bp, code, GetNextCodeCompat); + if (code == CODE_EOI) + break; +- if (code == CODE_CLEAR) { ++ if (code >= CODE_CLEAR) { + TIFFErrorExt(tif->tif_clientdata, tif->tif_name, + "LZWDecode: Corrupted LZW table at scanline %d", + tif->tif_row); -- cgit v1.2.3-54-g00ecf