Hello community, here is the log from the commit of package tiff for openSUSE:Factory checked in at 2013-09-08 13:06:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tiff (Old) and /work/SRC/openSUSE:Factory/.tiff.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tiff" Changes: -------- --- /work/SRC/openSUSE:Factory/tiff/tiff.changes 2013-06-28 19:29:19.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.tiff.new/tiff.changes 2013-09-08 13:06:03.000000000 +0200 @@ -1,0 +2,9 @@ +Wed Aug 21 12:57:57 UTC 2013 - pgaj...@suse.com + +- security update + * CVE-2013-4232.patch [bnc#834477] + * CVE-2013-4231.patch [bnc#834477] + * CVE-2013-4244.patch [bnc#834788] + * CVE-2013-4243.patch [bnc#834779] + +------------------------------------------------------------------- New: ---- tiff-4.0.3-CVE-2013-4231.patch tiff-4.0.3-CVE-2013-4232.patch tiff-4.0.3-CVE-2013-4243.patch tiff-4.0.3-CVE-2013-4244.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tiff.spec ++++++ --- /var/tmp/diff_new_pack.iQ7zit/_old 2013-09-08 13:06:03.000000000 +0200 +++ /var/tmp/diff_new_pack.iQ7zit/_new 2013-09-08 13:06:03.000000000 +0200 @@ -56,6 +56,10 @@ Patch6: tiff-%{version}-double-free.patch # http://bugzilla.maptools.org/show_bug.cgi?id=2442 Patch7: tiff-%{version}-compress-warning.patch +Patch8: tiff-4.0.3-CVE-2013-4232.patch +Patch9: tiff-4.0.3-CVE-2013-4231.patch +Patch10: tiff-4.0.3-CVE-2013-4244.patch +Patch11: tiff-4.0.3-CVE-2013-4243.patch # FYI: this issue is solved another way # http://bugzilla.maptools.org/show_bug.cgi?id=1985#c1 # Patch9: tiff-%{version}-lzw-CVE-2009-2285.patch @@ -107,6 +111,10 @@ %patch5 %patch6 %patch7 -p1 +%patch8 +%patch9 +%patch10 +%patch11 %build %configure --disable-static --with-pic ++++++ tiff-4.0.3-CVE-2013-4231.patch ++++++ Index: gif2tiff.c =================================================================== RCS file: /cvs/maptools/cvsroot/libtiff/tools/gif2tiff.c,v retrieving revision 1.12 diff -u -r1.12 gif2tiff.c --- tools/gif2tiff.c 15 Dec 2010 00:22:44 -0000 1.12 +++ tools/gif2tiff.c 13 Aug 2013 08:25:38 -0000 @@ -333,6 +333,10 @@ int status = 1; datasize = getc(infile); + + if (datasize > 12) + return 0; + clear = 1 << datasize; eoi = clear + 1; avail = clear + 2; ++++++ tiff-4.0.3-CVE-2013-4232.patch ++++++ Index: tiff2pdf.c =================================================================== RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v retrieving revision 1.71 diff -u -r1.71 tiff2pdf.c --- tools/tiff2pdf.c 2 May 2013 14:54:08 -0000 1.71 +++ toolstiff2pdf.c 13 Aug 2013 04:45:40 -0000 @@ -2462,6 +2462,7 @@ TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; _TIFFfree(buffer); + return(0); } else { buffer=samplebuffer; t2p->tiff_datasize *= t2p->tiff_samplesperpixel; ++++++ tiff-4.0.3-CVE-2013-4243.patch ++++++ Index: tools/gif2tiff.c =================================================================== --- tools/gif2tiff.c.orig +++ tools/gif2tiff.c @@ -280,6 +280,10 @@ readgifimage(char* mode) fprintf(stderr, "no colormap present for image\n"); return (0); } + if (width == 0 || height == 0) { + fprintf(stderr, "Invalid value of width or height\n"); + return(0); + } if ((raster = (unsigned char*) _TIFFmalloc(width*height+EXTRAFUDGE)) == NULL) { fprintf(stderr, "not enough memory for image\n"); return (0); @@ -406,6 +410,10 @@ process(register int code, unsigned char fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear); return 0; } + if (*fill >= raster + width*height) { + fprintf(stderr, "raster full before eoi code\n"); + return 0; + } *(*fill)++ = suffix[code]; firstchar = oldcode = code; return 1; @@ -436,6 +444,10 @@ process(register int code, unsigned char } oldcode = incode; do { + if (*fill >= raster + width*height) { + fprintf(stderr, "raster full before eoi code\n"); + return 0; + } *(*fill)++ = *--stackp; } while (stackp > stack); return 1; ++++++ tiff-4.0.3-CVE-2013-4244.patch ++++++ Index: gif2tiff.c =================================================================== RCS file: /cvs/maptools/cvsroot/libtiff/tools/gif2tiff.c,v retrieving revision 1.12 diff -u -r1.12 gif2tiff.c --- tools/gif2tiff.c 15 Dec 2010 00:22:44 -0000 1.12 +++ tools/gif2tiff.c 14 Aug 2013 04:28:07 -0000 @@ -398,6 +398,10 @@ } if (oldcode == -1) { + if (code >= clear) { + fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear); + return 0; + } *(*fill)++ = suffix[code]; firstchar = oldcode = code; return 1; -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org