commit tiff for openSUSE:11.2
Hello community,
here is the log from the commit of package tiff for openSUSE:11.2
checked in at Fri Apr 15 17:03:36 CEST 2011.
--- old-versions/11.2/UPDATES/all/tiff/tiff.changes 2011-03-31
23:07:12.0 +0200
+++ 11.2/tiff/tiff.changes 2011-04-14 16:51:09.0 +0200
@@ -1,0 +2,5 @@
+Thu Apr 14 16:49:14 CEST 2011 - pgaj...@suse.cz
+
+- fixed integer overflow CVE-2010-4665 [bnc#687442]
+
+---
calling whatdependson for 11.2-i586
New:
tiff-3.8.2-CVE-2010-4665.patch
Other differences:
--
++ tiff.spec ++
--- /var/tmp/diff_new_pack.3E2k0s/_old 2011-04-15 17:03:12.0 +0200
+++ /var/tmp/diff_new_pack.3E2k0s/_new 2011-04-15 17:03:12.0 +0200
@@ -29,7 +29,7 @@
#
Url:http://www.remotesensing.org/libtiff/
Version:3.8.2
-Release:145.
+Release:145.
Summary:Tools for Converting from and to the Tiff Format
Source: tiff-%{version}.tar.bz2
Source1:jpegint.h
@@ -47,6 +47,7 @@
Patch12:tiff-%{version}-CVE-2011-0192.patch
Patch13:tiff-%{version}-CVE-2011-0191.patch
Patch14:tiff-3.8.2-CVE-2011-1167.patch
+Patch15:tiff-3.8.2-CVE-2010-4665.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -116,6 +117,7 @@
%patch12
%patch13
%patch14
+%patch15
cp %{S:1} libtiff
find -type d -name "CVS" | xargs rm -rfv
find -type d | xargs chmod 755
++ tiff-3.8.2-CVE-2010-4665.patch ++
http://bugzilla.maptools.org/attachment.cgi?id=398
Make tiffdump more paranoid about checking the count field of a directory
entry.
diff -Naur tiff-3.9.4.orig/tools/tiffdump.c tiff-3.9.4/tools/tiffdump.c
--- tools/tiffdump.c2010-06-08 14:50:44.0 -0400
+++ tools/tiffdump.c2010-06-22 12:51:42.207932477 -0400
@@ -46,6 +46,7 @@
# include
#endif
+#define TIFFSafeMultiply(t,v,m) t)m != (t)0) && (((t)((v*m)/m)) == (t)v))
? (t)(v*m) : (t)0)
#include "tiffio.h"
#ifndef O_BINARY
@@ -317,7 +318,7 @@
printf(">\n");
continue;
}
- space = dp->tdir_count * datawidth[dp->tdir_type];
+ space = TIFFSafeMultiply(int, dp->tdir_count,
datawidth[dp->tdir_type]);
if (space <= 0) {
printf(">\n");
Error("Invalid count for tag %u", dp->tdir_tag);
@@ -709,7 +710,7 @@
w = (dir->tdir_type < NWIDTHS ? datawidth[dir->tdir_type] : 0);
cc = dir->tdir_count * w;
if (lseek(fd, (off_t)dir->tdir_offset, 0) != (off_t)-1
- && read(fd, cp, cc) != -1) {
+ && read(fd, cp, cc) == cc) {
if (swabflag) {
switch (dir->tdir_type) {
case TIFF_SHORT:
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit tiff for openSUSE:11.2
Hello community,
here is the log from the commit of package tiff for openSUSE:11.2
checked in at Fri Apr 1 10:44:47 CEST 2011.
--- old-versions/11.2/UPDATES/all/tiff/tiff.changes 2011-03-03
09:28:25.0 +0100
+++ 11.2/tiff/tiff.changes 2011-03-31 23:07:12.0 +0200
@@ -1,0 +2,8 @@
+Thu Mar 31 12:31:31 CEST 2011 - pgaj...@suse.cz
+
+- fixed regression caused by previous update [bnc#682871]
+ * modified CVE-2011-0192.patch
+- fixed buffer overflow in thunder decoder [bnc#683337]
+ * added CVE-2011-1167.patch
+
+---
calling whatdependson for 11.2-i586
New:
tiff-3.8.2-CVE-2011-1167.patch
Other differences:
--
++ tiff.spec ++
--- /var/tmp/diff_new_pack.Pf4nDC/_old 2011-04-01 10:44:31.0 +0200
+++ /var/tmp/diff_new_pack.Pf4nDC/_new 2011-04-01 10:44:31.0 +0200
@@ -29,7 +29,7 @@
#
Url:http://www.remotesensing.org/libtiff/
Version:3.8.2
-Release:145.
+Release:145.
Summary:Tools for Converting from and to the Tiff Format
Source: tiff-%{version}.tar.bz2
Source1:jpegint.h
@@ -46,6 +46,7 @@
Patch11:tiff-%{version}-CVE-2010-1411.patch
Patch12:tiff-%{version}-CVE-2011-0192.patch
Patch13:tiff-%{version}-CVE-2011-0191.patch
+Patch14:tiff-3.8.2-CVE-2011-1167.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -114,6 +115,7 @@
%patch11 -p1
%patch12
%patch13
+%patch14
cp %{S:1} libtiff
find -type d -name "CVS" | xargs rm -rfv
find -type d | xargs chmod 755
++ tiff-3.8.2-CVE-2011-0192.patch ++
--- /var/tmp/diff_new_pack.Pf4nDC/_old 2011-04-01 10:44:31.0 +0200
+++ /var/tmp/diff_new_pack.Pf4nDC/_new 2011-04-01 10:44:31.0 +0200
@@ -1,15 +1,29 @@
-Index: libtiff/tif_fax3.h
-===
libtiff/tif_fax3.h.orig
-+++ libtiff/tif_fax3.h
-@@ -478,6 +478,10 @@ done1d:
\
+Protect against a fax VL(n) codeword commanding a move left. Without
+this, a malicious input file can generate an indefinitely large series
+of runs without a0 ever reaching the right margin, thus overrunning
+our buffer of run lengths. Per CVE-2011-0192. This is a modified
+version of a patch proposed by Drew Yao of Apple Product Security.
+It adds an unexpected() report, and disallows the equality case except
+for the first run of a line, since emitting a run without increasing a0
+still allows buffer overrun. (We have to allow it for the first run to
+cover the case of encoding a zero-length run at start of line using VL.)
+
+http://bugzilla.maptools.org/show_bug.cgi?id=2297
+
+diff -Naur libtiff/tif_fax3.h tiff-3.9.4/libtiff/tif_fax3.h
+--- libtiff/tif_fax3.h 2010-06-08 14:50:42.0 -0400
libtiff/tif_fax3.h 2011-03-10 12:11:20.850839162 -0500
+@@ -478,6 +478,12 @@
break; \
case S_VL: \
CHECK_b1; \
-+if (b1 <= (int) (a0 + TabEnt->Param)) { \
-+ unexpected("VL", a0); \
-+ goto eol2d; \
-+} \
++ if (b1 <= (int) (a0 + TabEnt->Param)) { \
++ if (b1 < (int) (a0 + TabEnt->Param) || pa != thisrun) { \
++ unexpected("VL", a0); \
++ goto eol2d; \
++ } \
++ } \
SETVALUE(b1 - a0 - TabEnt->Param); \
b1 -= *--pb;\
break; \
+
++ tiff-3.8.2-CVE-2011-1167.patch ++
Index: libtiff/tif_thunder.c
===
--- libtiff/tif_thunder.c.orig
+++ libtiff/tif_thunder.c
@@ -25,6 +25,7 @@
*/
#include "tiffiop.h"
+#include
#ifdef THUNDER_SUPPORT
/*
* TIFF Library.
@@ -55,12 +56,32 @@
static const int twobitdeltas[4] = { 0, 1, 0, -1 };
static const int threebitdeltas[8] = { 0, 1, 2, 3, 0, -3, -2, -1 };
-#defineSETPIXEL(op, v) { \
- lastpixel = (v) & 0xf; \
- if (npixels++ & 1) \
- *op++ |= lastpixel; \
- else \
+#defineSETPIXEL(op, v) { \
+ lastpixel = (v) & 0xf;\
+if ( npixels
commit tiff for openSUSE:11.2
Hello community,
here is the log from the commit of package tiff for openSUSE:11.2
checked in at Mon Mar 14 15:35:09 CET 2011.
--- old-versions/11.2/UPDATES/all/tiff/tiff.changes 2010-05-24
11:09:18.0 +0200
+++ 11.2/tiff/tiff.changes 2011-03-03 09:28:25.0 +0100
@@ -1,0 +2,7 @@
+Thu Feb 17 16:17:08 CET 2011 - pgaj...@suse.cz
+
+- fixed buffer overflows [bnc#672510]
+ * CVE-2011-0192.patch
+ * CVE-2011-0191.patch
+
+---
calling whatdependson for 11.2-i586
New:
tiff-3.8.2-CVE-2011-0191.patch
tiff-3.8.2-CVE-2011-0192.patch
Other differences:
--
++ tiff.spec ++
--- /var/tmp/diff_new_pack.sQV9RL/_old 2011-03-14 15:30:09.0 +0100
+++ /var/tmp/diff_new_pack.sQV9RL/_new 2011-03-14 15:30:09.0 +0100
@@ -1,7 +1,7 @@
#
-# spec file for package tiff (Version 3.8.2)
+# spec file for package tiff
#
-# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -29,7 +29,7 @@
#
Url:http://www.remotesensing.org/libtiff/
Version:3.8.2
-Release:145.
+Release:145.
Summary:Tools for Converting from and to the Tiff Format
Source: tiff-%{version}.tar.bz2
Source1:jpegint.h
@@ -44,6 +44,8 @@
Patch9: tiff-3.8.2-lzw-CVE-2009-2285.patch
Patch10:tiff-%{version}-CVE-2009-2347.patch
Patch11:tiff-%{version}-CVE-2010-1411.patch
+Patch12:tiff-%{version}-CVE-2011-0192.patch
+Patch13:tiff-%{version}-CVE-2011-0191.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -110,6 +112,8 @@
%patch9
%patch10 -p1
%patch11 -p1
+%patch12
+%patch13
cp %{S:1} libtiff
find -type d -name "CVS" | xargs rm -rfv
find -type d | xargs chmod 755
++ tiff-3.8.2-CVE-2011-0191.patch ++
Index: libtiff/tif_dir.c
===
--- libtiff/tif_dir.c.orig
+++ libtiff/tif_dir.c
@@ -370,6 +370,10 @@ _TIFFVSetField(TIFF* tif, ttag_t tag, va
case TIFFTAG_YCBCRSUBSAMPLING:
td->td_ycbcrsubsampling[0] = (uint16) va_arg(ap, int);
td->td_ycbcrsubsampling[1] = (uint16) va_arg(ap, int);
+if (td->td_ycbcrsubsampling[0] > 4)
+ td->td_ycbcrsubsampling[0] = (td->td_compression == 7) ? 1 :
2;
+if (td->td_ycbcrsubsampling[1] > 4)
+ td->td_ycbcrsubsampling[1] = (td->td_compression == 7) ? 1 :
2;
break;
case TIFFTAG_TRANSFERFUNCTION:
v = (td->td_samplesperpixel - td->td_extrasamples) > 1 ? 3 : 1;
++ tiff-3.8.2-CVE-2011-0192.patch ++
Index: libtiff/tif_fax3.h
===
--- libtiff/tif_fax3.h.orig
+++ libtiff/tif_fax3.h
@@ -478,6 +478,10 @@ done1d:
\
break; \
case S_VL: \
CHECK_b1; \
+if (b1 <= (int) (a0 + TabEnt->Param)) { \
+ unexpected("VL", a0); \
+ goto eol2d; \
+} \
SETVALUE(b1 - a0 - TabEnt->Param); \
b1 -= *--pb;\
break; \
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
