OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tiff?expand=0&rev=6

2008-09-05 18:56:16 +00:00 · 2008-09-05 18:56:16 +00:00 · 35bd01c476
commit 35bd01c476
parent 589ab93e5b
4 changed files with 81 additions and 3 deletions
--- a/tiff-3.8.2-tif_lzw.c-CVE-2008-2327-2.patch
+++ b/tiff-3.8.2-tif_lzw.c-CVE-2008-2327-2.patch
@ -0,0 +1,41 @@
+--- libtiff/tif_lzw.c
+++ libtiff/tif_lzw.c
+@@ -237,6 +237,11 @@
+                     sp->dec_codetab[code].length = 1;
+                     sp->dec_codetab[code].next = NULL;
+                 } while (code--);
+               /*
+                * Zero-out the unused entries
+                */
+                _TIFFmemset(&sp->dec_codetab[CODE_CLEAR], 0,
+                (CODE_FIRST-CODE_CLEAR)*sizeof (code_t));
+ 	}
+ 	return (1);
+ }
+@@ -416,6 +421,13 @@
+ 			NextCode(tif, sp, bp, code, GetNextCode);
+ 			if (code == CODE_EOI)
+ 				break;
+
+                       if (code == CODE_CLEAR) {
+                               TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
+                               "LZWDecode: Corrupted LZW table at scanline %d",
+                               tif->tif_row);
+                               return (0);
+                       }
+ 			*op++ = (char)code, occ--;
+ 			oldcodep = sp->dec_codetab + code;
+ 			continue;
+@@ -613,6 +625,12 @@
+ 			NextCode(tif, sp, bp, code, GetNextCodeCompat);
+ 			if (code == CODE_EOI)
+ 				break;
+                       if (code == CODE_CLEAR) {
+                               TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
+                               "LZWDecode: Corrupted LZW table at scanline %d",
+                               tif->tif_row);
+                               return (0);
+                       }
+ 			*op++ = code, occ--;
+ 			oldcodep = sp->dec_codetab + code;
+ 			continue;
--- a/tiff-3.8.2-tif_lzw.c-CVE-2008-2327.patch
+++ b/tiff-3.8.2-tif_lzw.c-CVE-2008-2327.patch
@ -0,0 +1,19 @@
+--- libtiff/tif_lzw.c
+++ libtiff/tif_lzw.c
+@@ -408,6 +408,8 @@
+ 			break;
+ 		if (code == CODE_CLEAR) {
+ 			free_entp = sp->dec_codetab + CODE_FIRST;
+			_TIFFmemset(free_entp, 0, (CSIZE-CODE_FIRST)*sizeof (code_t));
+			_TIFFmemset(free_entp, 0, (CSIZE-CODE_FIRST)*sizeof (code_t));
+ 			nbits = BITS_MIN;
+ 			nbitsmask = MAXCODE(BITS_MIN);
+ 			maxcodep = sp->dec_codetab + nbitsmask-1;
+@@ -604,6 +606,7 @@
+ 			break;
+ 		if (code == CODE_CLEAR) {
+ 			free_entp = sp->dec_codetab + CODE_FIRST;
+			_TIFFmemset(free_entp, 0, (CSIZE-CODE_FIRST)*sizeof (code_t));
+ 			nbits = BITS_MIN;
+ 			nbitsmask = MAXCODE(BITS_MIN);
+ 			maxcodep = sp->dec_codetab + nbitsmask;
--- a/tiff.changes
+++ b/tiff.changes
@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Tue Aug 19 17:45:10 CEST 2008 - nadvornik@suse.cz
+
+- fixed buffer overflows in LZW code (CVE-2008-2327) [bnc#414946]
+
 -------------------------------------------------------------------
 Sun May 18 10:37:18 CEST 2008 - coolo@suse.de

--- a/tiff.spec
+++ b/tiff.spec
@ -2,9 +2,16 @@
 # spec file for package tiff (Version 3.8.2)
 #
 # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
-# This file and all modifications and additions to the pristine
-# package are under the same license as the package itself.
 #
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #

@ -18,7 +25,7 @@ Group:          Productivity/Graphics/Convertors
 AutoReqProv:    on
 Url:            http://www.remotesensing.org/libtiff/
 Version:        3.8.2
-Release:        106
+Release:        128
 Summary:        Tools for Converting from and to the Tiff  Format
 Source:         tiff-%{version}.tar.bz2
 Source1:        jpegint.h
@ -26,6 +33,8 @@ Source2:        README.SUSE
 Patch2:         tiff-%{version}-seek.patch
 Patch3:         tiff-%{version}-tiff2pdf.patch
 Patch4:         tiff-%{version}-tiffsplit-CVE-2006-2656.patch
+Patch5:         tiff-%{version}-tif_lzw.c-CVE-2008-2327.patch
+Patch6:         tiff-%{version}-tif_lzw.c-CVE-2008-2327-2.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

 %description
@ -75,6 +84,8 @@ the libtiff library.
 %patch2
 %patch3
 %patch4
+%patch5
+%patch6
 cp %{S:1} libtiff
 find -type d -name "CVS" | xargs rm -rfv
 find -type d | xargs chmod 755
@ -125,6 +136,8 @@ rm -rf $RPM_BUILD_ROOT
 %doc %{_mandir}/man3/*

 %changelog
+* Tue Aug 19 2008 nadvornik@suse.cz
+- fixed buffer overflows in LZW code (CVE-2008-2327) [bnc#414946]
 * Sun May 18 2008 coolo@suse.de
 - fix rename of xxbit packages
 * Thu Apr 10 2008 ro@suse.de