Hello community, here is the log from the commit of package tiff for openSUSE:11.2 checked in at Fri Apr 15 17:03:36 CEST 2011.
-------- --- old-versions/11.2/UPDATES/all/tiff/tiff.changes 2011-03-31 23:07:12.000000000 +0200 +++ 11.2/tiff/tiff.changes 2011-04-14 16:51:09.000000000 +0200 @@ -1,0 +2,5 @@ +Thu Apr 14 16:49:14 CEST 2011 - pgaj...@suse.cz + +- fixed integer overflow CVE-2010-4665 [bnc#687442] + +------------------------------------------------------------------- calling whatdependson for 11.2-i586 New: ---- tiff-3.8.2-CVE-2010-4665.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tiff.spec ++++++ --- /var/tmp/diff_new_pack.3E2k0s/_old 2011-04-15 17:03:12.000000000 +0200 +++ /var/tmp/diff_new_pack.3E2k0s/_new 2011-04-15 17:03:12.000000000 +0200 @@ -29,7 +29,7 @@ # Url: http://www.remotesensing.org/libtiff/ Version: 3.8.2 -Release: 145.<RELEASE148> +Release: 145.<RELEASE150> Summary: Tools for Converting from and to the Tiff Format Source: tiff-%{version}.tar.bz2 Source1: jpegint.h @@ -47,6 +47,7 @@ Patch12: tiff-%{version}-CVE-2011-0192.patch Patch13: tiff-%{version}-CVE-2011-0191.patch Patch14: tiff-3.8.2-CVE-2011-1167.patch +Patch15: tiff-3.8.2-CVE-2010-4665.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -116,6 +117,7 @@ %patch12 %patch13 %patch14 +%patch15 cp %{S:1} libtiff find -type d -name "CVS" | xargs rm -rfv find -type d | xargs chmod 755 ++++++ tiff-3.8.2-CVE-2010-4665.patch ++++++ http://bugzilla.maptools.org/attachment.cgi?id=398 Make tiffdump more paranoid about checking the count field of a directory entry. diff -Naur tiff-3.9.4.orig/tools/tiffdump.c tiff-3.9.4/tools/tiffdump.c --- tools/tiffdump.c 2010-06-08 14:50:44.000000000 -0400 +++ tools/tiffdump.c 2010-06-22 12:51:42.207932477 -0400 @@ -46,6 +46,7 @@ # include <io.h> #endif +#define TIFFSafeMultiply(t,v,m) ((((t)m != (t)0) && (((t)((v*m)/m)) == (t)v)) ? (t)(v*m) : (t)0) #include "tiffio.h" #ifndef O_BINARY @@ -317,7 +318,7 @@ printf(">\n"); continue; } - space = dp->tdir_count * datawidth[dp->tdir_type]; + space = TIFFSafeMultiply(int, dp->tdir_count, datawidth[dp->tdir_type]); if (space <= 0) { printf(">\n"); Error("Invalid count for tag %u", dp->tdir_tag); @@ -709,7 +710,7 @@ w = (dir->tdir_type < NWIDTHS ? datawidth[dir->tdir_type] : 0); cc = dir->tdir_count * w; if (lseek(fd, (off_t)dir->tdir_offset, 0) != (off_t)-1 - && read(fd, cp, cc) != -1) { + && read(fd, cp, cc) == cc) { if (swabflag) { switch (dir->tdir_type) { case TIFF_SHORT: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
