commit tiff for openSUSE:Factory

h_root Sun, 08 Sep 2013 04:06:33 -0700

Hello community,

here is the log from the commit of package tiff for openSUSE:Factory checked in 
at 2013-09-08 13:06:02
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/tiff (Old)
 and      /work/SRC/openSUSE:Factory/.tiff.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "tiff"

Changes:
--------
--- /work/SRC/openSUSE:Factory/tiff/tiff.changes        2013-06-28 
19:29:19.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.tiff.new/tiff.changes   2013-09-08 
13:06:03.000000000 +0200
@@ -1,0 +2,9 @@
+Wed Aug 21 12:57:57 UTC 2013 - pgaj...@suse.com
+
+- security update
+  * CVE-2013-4232.patch [bnc#834477]
+  * CVE-2013-4231.patch [bnc#834477]
+  * CVE-2013-4244.patch [bnc#834788]
+  * CVE-2013-4243.patch [bnc#834779]
+
+-------------------------------------------------------------------

New:
----
  tiff-4.0.3-CVE-2013-4231.patch
  tiff-4.0.3-CVE-2013-4232.patch
  tiff-4.0.3-CVE-2013-4243.patch
  tiff-4.0.3-CVE-2013-4244.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ tiff.spec ++++++
--- /var/tmp/diff_new_pack.iQ7zit/_old  2013-09-08 13:06:03.000000000 +0200
+++ /var/tmp/diff_new_pack.iQ7zit/_new  2013-09-08 13:06:03.000000000 +0200
@@ -56,6 +56,10 @@
 Patch6:         tiff-%{version}-double-free.patch
 # http://bugzilla.maptools.org/show_bug.cgi?id=2442
 Patch7:         tiff-%{version}-compress-warning.patch
+Patch8:         tiff-4.0.3-CVE-2013-4232.patch
+Patch9:         tiff-4.0.3-CVE-2013-4231.patch
+Patch10:        tiff-4.0.3-CVE-2013-4244.patch
+Patch11:        tiff-4.0.3-CVE-2013-4243.patch
 # FYI: this issue is solved another way
 # http://bugzilla.maptools.org/show_bug.cgi?id=1985#c1
 # Patch9:         tiff-%{version}-lzw-CVE-2009-2285.patch
@@ -107,6 +111,10 @@
 %patch5
 %patch6
 %patch7 -p1
+%patch8
+%patch9
+%patch10
+%patch11
 
 %build
 %configure --disable-static --with-pic

++++++ tiff-4.0.3-CVE-2013-4231.patch ++++++
Index: gif2tiff.c
===================================================================
RCS file: /cvs/maptools/cvsroot/libtiff/tools/gif2tiff.c,v
retrieving revision 1.12
diff -u -r1.12 gif2tiff.c
--- tools/gif2tiff.c    15 Dec 2010 00:22:44 -0000      1.12
+++ tools/gif2tiff.c    13 Aug 2013 08:25:38 -0000
@@ -333,6 +333,10 @@
     int status = 1;
 
     datasize = getc(infile);
+
+    if (datasize > 12)
+        return 0;
+
     clear = 1 << datasize;
     eoi = clear + 1;
     avail = clear + 2;

++++++ tiff-4.0.3-CVE-2013-4232.patch ++++++
Index: tiff2pdf.c
===================================================================
RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v
retrieving revision 1.71
diff -u -r1.71 tiff2pdf.c
--- tools/tiff2pdf.c    2 May 2013 14:54:08 -0000       1.71
+++ toolstiff2pdf.c     13 Aug 2013 04:45:40 -0000
@@ -2462,6 +2462,7 @@
                                        TIFFFileName(input));
                                t2p->t2p_error = T2P_ERR_ERROR;
                          _TIFFfree(buffer);
+                          return(0);
                        } else {
                                buffer=samplebuffer;
                                t2p->tiff_datasize *= t2p->tiff_samplesperpixel;

++++++ tiff-4.0.3-CVE-2013-4243.patch ++++++
Index: tools/gif2tiff.c
===================================================================
--- tools/gif2tiff.c.orig
+++ tools/gif2tiff.c
@@ -280,6 +280,10 @@ readgifimage(char* mode)
         fprintf(stderr, "no colormap present for image\n");
         return (0);
     }
+    if (width == 0 || height == 0) {
+        fprintf(stderr, "Invalid value of width or height\n");
+        return(0);
+    }
     if ((raster = (unsigned char*) _TIFFmalloc(width*height+EXTRAFUDGE)) == 
NULL) {
         fprintf(stderr, "not enough memory for image\n");
         return (0);
@@ -406,6 +410,10 @@ process(register int code, unsigned char
             fprintf(stderr, "bad input: code=%d is larger than 
clear=%d\n",code, clear);
             return 0;
         }
+        if (*fill >= raster + width*height) {
+            fprintf(stderr, "raster full before eoi code\n");
+            return 0;
+        }
        *(*fill)++ = suffix[code];
        firstchar = oldcode = code;
        return 1;
@@ -436,6 +444,10 @@ process(register int code, unsigned char
     }
     oldcode = incode;
     do {
+        if (*fill >= raster + width*height) {
+            fprintf(stderr, "raster full before eoi code\n");
+            return 0;
+        }
        *(*fill)++ = *--stackp;
     } while (stackp > stack);
     return 1;
++++++ tiff-4.0.3-CVE-2013-4244.patch ++++++
Index: gif2tiff.c
===================================================================
RCS file: /cvs/maptools/cvsroot/libtiff/tools/gif2tiff.c,v
retrieving revision 1.12
diff -u -r1.12 gif2tiff.c
--- tools/gif2tiff.c    15 Dec 2010 00:22:44 -0000      1.12
+++ tools/gif2tiff.c    14 Aug 2013 04:28:07 -0000
@@ -398,6 +398,10 @@
     }
 
     if (oldcode == -1) {
+        if (code >= clear) {
+            fprintf(stderr, "bad input: code=%d is larger than 
clear=%d\n",code, clear);
+            return 0;
+        }
        *(*fill)++ = suffix[code];
        firstchar = oldcode = code;
        return 1;

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit tiff for openSUSE:Factory

Reply via email to