[arch-commits] Commit in libtiff/repos (4 files)

Eric Belanger eric at archlinux.org
Sat Sep 6 04:28:47 UTC 2008 

    Date: Saturday, September 6, 2008 @ 00:28:47
  Author: eric
Revision: 11899

fixing svn conflict

Added:
  libtiff/repos/extra-i686/ChangeLog
    (from rev 11884, libtiff/trunk/ChangeLog)
  libtiff/repos/extra-i686/tiff-3.8.2-CVE-2008-2327.patch
    (from rev 11884, libtiff/trunk/tiff-3.8.2-CVE-2008-2327.patch)
Modified:
  libtiff/repos/extra-i686/	(properties)
  libtiff/repos/extra-i686/PKGBUILD

--------------------------------+
 ChangeLog                      |    8 ++++
 PKGBUILD                       |   50 ++++++++++++++++++------------
 tiff-3.8.2-CVE-2008-2327.patch |   64 +++++++++++++++++++++++++++++++++++++++
 3 files changed, 103 insertions(+), 19 deletions(-)


Property changes on: libtiff/repos/extra-i686
___________________________________________________________________
Name: svnmerge-integrated
   - /libtiff/trunk:1
   + /libtiff/trunk:1-11898

Copied: libtiff/repos/extra-i686/ChangeLog (from rev 11884, libtiff/trunk/ChangeLog)
===================================================================
--- extra-i686/ChangeLog	                        (rev 0)
+++ extra-i686/ChangeLog	2008-09-06 04:28:47 UTC (rev 11899)
@@ -0,0 +1,8 @@
+2008-09-05  Eric Belanger  <eric at archlinux.org>
+
+	* libtiff 3.8.2-4
+	* Applied patch to fix buffer underflow in LZW decoding	(tiff-3.8.2-CVE-2008-2327.patch)
+	* Added license
+	* Added freeglut optdepends
+	* FHS man pages
+	* Added ChangeLog

Modified: extra-i686/PKGBUILD
===================================================================
--- extra-i686/PKGBUILD	2008-09-06 04:24:40 UTC (rev 11898)
+++ extra-i686/PKGBUILD	2008-09-06 04:28:47 UTC (rev 11899)
@@ -1,31 +1,43 @@
 # $Id$
-# Maintainer: dorphell <dorphell at archlinux.org>
+# Maintainer: Eric Belanger <eric at archlinux.org>
+# Contributor: dorphell <dorphell at archlinux.org>
 
 pkgname=libtiff
 pkgver=3.8.2
-pkgrel=3
+pkgrel=4
 pkgdesc="Library for manipulation of TIFF images"
-arch=(i686 x86_64)
-depends=(libjpeg zlib)
-makedepends=(libgl freeglut libxmu libxi)
-options=(NOLIBTOOL)
+arch=('i686' 'x86_64')
 url="http://www.libtiff.org/"
-source=(ftp://ftp.remotesensing.org/pub/libtiff/tiff-${pkgver}.tar.gz
-	tiff2pdf-octal-printf.patch
-       	tiffsplit-fname-overflow.patch
-	CVE-2006-3459-3465.patch
-	tiff2pdf-compression.patch)
+license=('custom')
+depends=('libjpeg' 'zlib')
+makedepends=('libgl' 'freeglut' 'libxmu' 'libxi')
+optdepends=('freeglut: for using tiffgt')
+options=('!libtool')
+source=(ftp://ftp.remotesensing.org/pub/libtiff/tiff-${pkgver}.tar.gz \
+	tiff2pdf-octal-printf.patch \
+       	tiffsplit-fname-overflow.patch \
+	CVE-2006-3459-3465.patch \
+	tiff2pdf-compression.patch \
+        tiff-3.8.2-CVE-2008-2327.patch)
 md5sums=('fbb6f446ea4ed18955e2714934e5b698' 'd54368687d2645ffbbe6c2df384b11bf'\
          '323352fd60a7bd3ffac8724c3c031669' '624d3067e6a4c0680767eb62253ea980'\
-         'b443ffca9d498bb3a88c17da0200025b')
+         'b443ffca9d498bb3a88c17da0200025b' 'c2c2e22557d9c63011df5777dda6a86b')
+sha1sums=('549e67b6a15b42bfcd72fe17cda7c9a198a393eb'
+          'c79245249634a121bfaff6cfecb763f72fe7f8eb'
+          'dc86bb68c7831ff70ff01d952d553be9f986be46'
+          '85dc50a60a10025757e249d869dab7eb73ba6e3c'
+          '508751f55131356ea8a7e7c4994ffbc9bd881769'
+          '1da2ec6a47c0666cad9d07fb8427c1c75ca27b10')
 
 build() {
-  cd ${startdir}/src/tiff-${pkgver}
-  patch -Np1 -i ${startdir}/src/tiff2pdf-octal-printf.patch || return 1
-  patch -Np1 -i ${startdir}/src/tiffsplit-fname-overflow.patch || return 1
-  patch -Np1 -i ${startdir}/src/CVE-2006-3459-3465.patch || return 1
-  patch -Np1 -i ${startdir}/src/tiff2pdf-compression.patch || return 1
-  ./configure --prefix=/usr --sysconfdir=/etc
+  cd ${srcdir}/tiff-${pkgver}
+  patch -Np1 -i ${srcdir}/tiff2pdf-octal-printf.patch || return 1
+  patch -Np1 -i ${srcdir}/tiffsplit-fname-overflow.patch || return 1
+  patch -Np1 -i ${srcdir}/CVE-2006-3459-3465.patch || return 1
+  patch -Np1 -i ${srcdir}/tiff2pdf-compression.patch || return 1
+  patch -Np1 -i ${srcdir}/tiff-3.8.2-CVE-2008-2327.patch || return 1
+  ./configure --prefix=/usr --sysconfdir=/etc --mandir=/usr/share/man || return 1
   make || return 1
-  make DESTDIR=${startdir}/pkg install
+  make DESTDIR=${pkgdir} install || return 1
+  install -D -m644 COPYRIGHT ${pkgdir}/usr/share/licenses/${pkgname}/LICENSE || return 1
 }

Copied: libtiff/repos/extra-i686/tiff-3.8.2-CVE-2008-2327.patch (from rev 11884, libtiff/trunk/tiff-3.8.2-CVE-2008-2327.patch)
===================================================================
--- extra-i686/tiff-3.8.2-CVE-2008-2327.patch	                        (rev 0)
+++ extra-i686/tiff-3.8.2-CVE-2008-2327.patch	2008-09-06 04:28:47 UTC (rev 11899)
@@ -0,0 +1,64 @@
+Fixes security issues in libTIFF's handling of LZW-encoded
+images.  The use of uninitialized data could lead to a buffer
+underflow and a crash or arbitrary code execution.
+
+CVE-ID: CVE-2008-2327
+Security bug: https://bugs.gentoo.org/show_bug.cgi?id=234080
+
+Index: tiff-3.8.2/libtiff/tif_lzw.c
+===================================================================
+--- tiff-3.8.2.orig/libtiff/tif_lzw.c
++++ tiff-3.8.2/libtiff/tif_lzw.c
+@@ -237,6 +237,12 @@ LZWSetupDecode(TIFF* tif)
+                     sp->dec_codetab[code].length = 1;
+                     sp->dec_codetab[code].next = NULL;
+                 } while (code--);
++		/*
++		* Zero-out the unused entries
++		*/
++		_TIFFmemset(&sp->dec_codetab[CODE_CLEAR], 0,
++		(CODE_FIRST-CODE_CLEAR)*sizeof (code_t));
++
+ 	}
+ 	return (1);
+ }
+@@ -408,12 +414,19 @@ LZWDecode(TIFF* tif, tidata_t op0, tsize
+ 			break;
+ 		if (code == CODE_CLEAR) {
+ 			free_entp = sp->dec_codetab + CODE_FIRST;
++			_TIFFmemset(free_entp, 0, (CSIZE-CODE_FIRST)*sizeof (code_t));
+ 			nbits = BITS_MIN;
+ 			nbitsmask = MAXCODE(BITS_MIN);
+ 			maxcodep = sp->dec_codetab + nbitsmask-1;
+ 			NextCode(tif, sp, bp, code, GetNextCode);
+ 			if (code == CODE_EOI)
+ 				break;
++			if (code == CODE_CLEAR) {
++				TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
++				"LZWDecode: Corrupted LZW table at scanline %d",
++				tif->tif_row);
++				return (0);
++			}
+ 			*op++ = (char)code, occ--;
+ 			oldcodep = sp->dec_codetab + code;
+ 			continue;
+@@ -604,12 +617,19 @@ LZWDecodeCompat(TIFF* tif, tidata_t op0,
+ 			break;
+ 		if (code == CODE_CLEAR) {
+ 			free_entp = sp->dec_codetab + CODE_FIRST;
++			_TIFFmemset(free_entp, 0, (CSIZE-CODE_FIRST)*sizeof (code_t));
+ 			nbits = BITS_MIN;
+ 			nbitsmask = MAXCODE(BITS_MIN);
+ 			maxcodep = sp->dec_codetab + nbitsmask;
+ 			NextCode(tif, sp, bp, code, GetNextCodeCompat);
+ 			if (code == CODE_EOI)
+ 				break;
++			if (code == CODE_CLEAR) {
++				TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
++				"LZWDecode: Corrupted LZW table at scanline %d",
++				tif->tif_row);
++				return (0);
++			}
+ 			*op++ = code, occ--;
+ 			oldcodep = sp->dec_codetab + code;
+ 			continue;

More information about the arch-commits mailing list