This commit is contained in:
OBS User unknown
Git OBS Bridge
parent
589ab93e5b
commit
35bd01c476
41
tiff-3.8.2-tif_lzw.c-CVE-2008-2327-2.patch
Normal file
41
tiff-3.8.2-tif_lzw.c-CVE-2008-2327-2.patch
Normal file
@ -0,0 +1,41 @@
|
||||
--- libtiff/tif_lzw.c
|
||||
+++ libtiff/tif_lzw.c
|
||||
@@ -237,6 +237,11 @@
|
||||
sp->dec_codetab[code].length = 1;
|
||||
sp->dec_codetab[code].next = NULL;
|
||||
} while (code--);
|
||||
+ /*
|
||||
+ * Zero-out the unused entries
|
||||
+ */
|
||||
+ _TIFFmemset(&sp->dec_codetab[CODE_CLEAR], 0,
|
||||
+ (CODE_FIRST-CODE_CLEAR)*sizeof (code_t));
|
||||
}
|
||||
return (1);
|
||||
}
|
||||
@@ -416,6 +421,13 @@
|
||||
NextCode(tif, sp, bp, code, GetNextCode);
|
||||
if (code == CODE_EOI)
|
||||
break;
|
||||
+
|
||||
+ if (code == CODE_CLEAR) {
|
||||
+ TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
|
||||
+ "LZWDecode: Corrupted LZW table at scanline %d",
|
||||
+ tif->tif_row);
|
||||
+ return (0);
|
||||
+ }
|
||||
*op++ = (char)code, occ--;
|
||||
oldcodep = sp->dec_codetab + code;
|
||||
continue;
|
||||
@@ -613,6 +625,12 @@
|
||||
NextCode(tif, sp, bp, code, GetNextCodeCompat);
|
||||
if (code == CODE_EOI)
|
||||
break;
|
||||
+ if (code == CODE_CLEAR) {
|
||||
+ TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
|
||||
+ "LZWDecode: Corrupted LZW table at scanline %d",
|
||||
+ tif->tif_row);
|
||||
+ return (0);
|
||||
+ }
|
||||
*op++ = code, occ--;
|
||||
oldcodep = sp->dec_codetab + code;
|
||||
continue;
|
||||
19
tiff-3.8.2-tif_lzw.c-CVE-2008-2327.patch
Normal file
19
tiff-3.8.2-tif_lzw.c-CVE-2008-2327.patch
Normal file
@ -0,0 +1,19 @@
|
||||
--- libtiff/tif_lzw.c
|
||||
+++ libtiff/tif_lzw.c
|
||||
@@ -408,6 +408,8 @@
|
||||
break;
|
||||
if (code == CODE_CLEAR) {
|
||||
free_entp = sp->dec_codetab + CODE_FIRST;
|
||||
+ _TIFFmemset(free_entp, 0, (CSIZE-CODE_FIRST)*sizeof (code_t));
|
||||
+ _TIFFmemset(free_entp, 0, (CSIZE-CODE_FIRST)*sizeof (code_t));
|
||||
nbits = BITS_MIN;
|
||||
nbitsmask = MAXCODE(BITS_MIN);
|
||||
maxcodep = sp->dec_codetab + nbitsmask-1;
|
||||
@@ -604,6 +606,7 @@
|
||||
break;
|
||||
if (code == CODE_CLEAR) {
|
||||
free_entp = sp->dec_codetab + CODE_FIRST;
|
||||
+ _TIFFmemset(free_entp, 0, (CSIZE-CODE_FIRST)*sizeof (code_t));
|
||||
nbits = BITS_MIN;
|
||||
nbitsmask = MAXCODE(BITS_MIN);
|
||||
maxcodep = sp->dec_codetab + nbitsmask;
|
||||
@ -1,3 +1,8 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Aug 19 17:45:10 CEST 2008 - nadvornik@suse.cz
|
||||
|
||||
- fixed buffer overflows in LZW code (CVE-2008-2327) [bnc#414946]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun May 18 10:37:18 CEST 2008 - coolo@suse.de
|
||||
|
||||
|
||||
19
tiff.spec
19
tiff.spec
@ -2,9 +2,16 @@
|
||||
# spec file for package tiff (Version 3.8.2)
|
||||
#
|
||||
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# This file and all modifications and additions to the pristine
|
||||
# package are under the same license as the package itself.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
# upon. The license for this file, and modifications and additions to the
|
||||
# file, is the same license as for the pristine package itself (unless the
|
||||
# license for the pristine package is not an Open Source License, in which
|
||||
# case the license is the MIT License). An "Open Source License" is a
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
@ -18,7 +25,7 @@ Group: Productivity/Graphics/Convertors
|
||||
AutoReqProv: on
|
||||
Url: http://www.remotesensing.org/libtiff/
|
||||
Version: 3.8.2
|
||||
Release: 106
|
||||
Release: 128
|
||||
Summary: Tools for Converting from and to the Tiff Format
|
||||
Source: tiff-%{version}.tar.bz2
|
||||
Source1: jpegint.h
|
||||
@ -26,6 +33,8 @@ Source2: README.SUSE
|
||||
Patch2: tiff-%{version}-seek.patch
|
||||
Patch3: tiff-%{version}-tiff2pdf.patch
|
||||
Patch4: tiff-%{version}-tiffsplit-CVE-2006-2656.patch
|
||||
Patch5: tiff-%{version}-tif_lzw.c-CVE-2008-2327.patch
|
||||
Patch6: tiff-%{version}-tif_lzw.c-CVE-2008-2327-2.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
|
||||
%description
|
||||
@ -75,6 +84,8 @@ the libtiff library.
|
||||
%patch2
|
||||
%patch3
|
||||
%patch4
|
||||
%patch5
|
||||
%patch6
|
||||
cp %{S:1} libtiff
|
||||
find -type d -name "CVS" | xargs rm -rfv
|
||||
find -type d | xargs chmod 755
|
||||
@ -125,6 +136,8 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%doc %{_mandir}/man3/*
|
||||
|
||||
%changelog
|
||||
* Tue Aug 19 2008 nadvornik@suse.cz
|
||||
- fixed buffer overflows in LZW code (CVE-2008-2327) [bnc#414946]
|
||||
* Sun May 18 2008 coolo@suse.de
|
||||
- fix rename of xxbit packages
|
||||
* Thu Apr 10 2008 ro@suse.de
|
||||
|
||||
Loading…
Reference in New Issue
Block a user