--- a/ChangeLog Tue Aug 25 15:04:06 2009 +0000
+++ b/ChangeLog Fri Sep 04 07:26:54 2009 +0000
@@ -1,3 +1,9 @@
+2009-09-04 Abhijit Nath <[email protected]>
+
+ * SUNWTiff.spec: add patch libtiff-05-CVE-2009-2285.diff
+ * patches/libtiff-05-CVE-2009-2285.diff: Added fix for CVE-2009-2285,
+ CR 6875065
+
2009-08-22 Hemantha Holla <[email protected]>
* patches/evolution-14-disable-attachments-when-wcap.diff: Modify
--- a/SUNWTiff.spec Tue Aug 25 15:04:06 2009 +0000
+++ b/SUNWTiff.spec Fri Sep 04 07:26:54 2009 +0000
@@ -32,6 +32,8 @@
Patch3: libtiff-03-CVE-2008-2327.diff
# date:2009-08-21 owner:an230044 type:bug bugster:6858149
Patch4: libtiff-04-CVE-2009-2347.diff
+# date:2009-08-31 owner:an230044 type:bug bugster:6875065
+Patch5: libtiff-05-CVE-2009-2285.diff
SUNW_BaseDir: %{_prefix}
SUNW_Copyright: %{name}.copyright
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -54,6 +56,7 @@
%patch2 -p1
%patch3 -p1
%patch4 -p1
+%patch5 -p1
gzcat %SOURCE1 | tar -xf -
%ifarch amd64 sparcv9
@@ -169,6 +172,8 @@
%{_mandir}/man3tiff/*
%changelog
+* Mon Aug 31 2009 - [email protected]
+- add patch libtiff-05-CVE-2009-2285.diff
* Thu Aug 21 2009 - [email protected]
- add patch libtiff-04-CVE-2009-2347.diff
* Thu Sep 4 2008 - [email protected]
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/libtiff-05-CVE-2009-2285.diff Fri Sep 04 07:26:54 2009 +0000
@@ -0,0 +1,20 @@
+--- tiff-3.8.2.orig/libtiff/tif_lzw.c 2009-08-31 12:47:05.836485000 +0530
++++ tiff-3.8.2/libtiff/tif_lzw.c 2009-08-31 12:54:01.816310000 +0530
+@@ -420,7 +420,7 @@ LZWDecode(TIFF* tif, tidata_t op0, tsize
+ NextCode(tif, sp, bp, code, GetNextCode);
+ if (code == CODE_EOI)
+ break;
+- if (code == CODE_CLEAR) {
++ if (code >= CODE_CLEAR) {
+ TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
+ "LZWDecode: Corrupted LZW table at scanline %d",
+ tif->tif_row);
+@@ -623,7 +623,7 @@ LZWDecodeCompat(TIFF* tif, tidata_t op0,
+ NextCode(tif, sp, bp, code, GetNextCodeCompat);
+ if (code == CODE_EOI)
+ break;
+- if (code == CODE_CLEAR) {
++ if (code >= CODE_CLEAR) {
+ TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
+ "LZWDecodeCompat: Corrupted LZW table at scanline %d",
+ tif->tif_row);