tiff - security patching required
Auke Kok
sofar at foo-projects.org
Sat Aug 8 06:36:50 CEST 2009
Paul Bredbury wrote:
> Hi, tiff has several bugs (including security), which are all unpatched
> in Lunar. Here's my fix, which is too big for
> http://foo-projects.org/~sofar/queue.php?p=tiff to accept:
>
> My rolled-up patch is at http://devnull.lunar-linux.org/p/917
>
> New BUILD:
>
> (
>
> # Apply all 6 patches from libtiff-3.8.2-15.fc12 -
> http://koji.fedoraproject.org/koji/packageinfo?packageID=328
> # http://www.gentoo.org/security/en/glsa/glsa-200908-03.xml
> # Patch0: tiffsplit-overflow.patch
> # Patch1: libtiff-3.8.2-ormandy.patch
> # Patch2: libtiff-3.8.2-CVE-2006-2193.patch
> # Patch3: libtiff-3.8.2-mantypo.patch
> # Patch4: libtiff-3.8.2-lzw-bugs.patch
> # Patch5: libtiff-3.8.2-CVE-2009-2347.patch
> bzcat $SCRIPT_DIRECTORY/tiff-3.8.2-15fc12.patch.bz2 >
> tiff-3.8.2-15fc12.patch &&
> patch_it tiff-3.8.2-15fc12.patch 1 &&
>
> default_build
>
> ) > $C_FIFO 2>&1
>
>
> So, which Lunar dev wants to apply the security patches?
are the patches downloadable from a certain location? please share that
or send the patches to the list.
I can then put them in $PATCH_URL and you can include them in your
module's DETAILS when you submit the update parts (so you can actually
test that they download properly from the lunar patch location)
Auke
More information about the Lunar-dev
mailing list