pool/tiff
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tiff?expand=0&rev=6

Browse Source
This commit is contained in:
OBS User unknown 2008-09-05 18:56:16 +00:00 committed by Git OBS Bridge
parent 589ab93e5b
commit 35bd01c476
4 changed files with 81 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
tiff-3.8.2-tif_lzw.c-CVE-2008-2327-2.patch Normal file
View File

@ -0,0 +1,41 @@
--- libtiff/tif_lzw.c
+++ libtiff/tif_lzw.c
@@ -237,6 +237,11 @@
sp->dec_codetab[code].length = 1;
sp->dec_codetab[code].next = NULL;
} while (code--);
+ /*
+ * Zero-out the unused entries
+ */
+ _TIFFmemset(&sp->dec_codetab[CODE_CLEAR], 0,
+ (CODE_FIRST-CODE_CLEAR)*sizeof (code_t));
}
return (1);
}
@@ -416,6 +421,13 @@
NextCode(tif, sp, bp, code, GetNextCode);
if (code == CODE_EOI)
break;
+
+ if (code == CODE_CLEAR) {
+ TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
+ "LZWDecode: Corrupted LZW table at scanline %d",
+ tif->tif_row);
+ return (0);
+ }
*op++ = (char)code, occ--;
oldcodep = sp->dec_codetab + code;
continue;
@@ -613,6 +625,12 @@
NextCode(tif, sp, bp, code, GetNextCodeCompat);
if (code == CODE_EOI)
break;
+ if (code == CODE_CLEAR) {
+ TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
+ "LZWDecode: Corrupted LZW table at scanline %d",
+ tif->tif_row);
+ return (0);
+ }
*op++ = code, occ--;
oldcodep = sp->dec_codetab + code;
continue;

19
tiff-3.8.2-tif_lzw.c-CVE-2008-2327.patch Normal file
View File

@ -0,0 +1,19 @@
--- libtiff/tif_lzw.c
+++ libtiff/tif_lzw.c
@@ -408,6 +408,8 @@
break;
if (code == CODE_CLEAR) {
free_entp = sp->dec_codetab + CODE_FIRST;
+ _TIFFmemset(free_entp, 0, (CSIZE-CODE_FIRST)*sizeof (code_t));
+ _TIFFmemset(free_entp, 0, (CSIZE-CODE_FIRST)*sizeof (code_t));
nbits = BITS_MIN;
nbitsmask = MAXCODE(BITS_MIN);
maxcodep = sp->dec_codetab + nbitsmask-1;
@@ -604,6 +606,7 @@
break;
if (code == CODE_CLEAR) {
free_entp = sp->dec_codetab + CODE_FIRST;
+ _TIFFmemset(free_entp, 0, (CSIZE-CODE_FIRST)*sizeof (code_t));
nbits = BITS_MIN;
nbitsmask = MAXCODE(BITS_MIN);
maxcodep = sp->dec_codetab + nbitsmask;

5
tiff.changes
View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Tue Aug 19 17:45:10 CEST 2008 - nadvornik@suse.cz
- fixed buffer overflows in LZW code (CVE-2008-2327) [bnc#414946]
------------------------------------------------------------------- -------------------------------------------------------------------
Sun May 18 10:37:18 CEST 2008 - coolo@suse.de Sun May 18 10:37:18 CEST 2008 - coolo@suse.de

19
tiff.spec
View File

@ -2,9 +2,16 @@
# spec file for package tiff (Version 3.8.2) # spec file for package tiff (Version 3.8.2)
# #
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
# #
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/ # Please submit bugfixes or comments via http://bugs.opensuse.org/
# #
@ -18,7 +25,7 @@ Group: Productivity/Graphics/Convertors
AutoReqProv: on AutoReqProv: on
Url: http://www.remotesensing.org/libtiff/ Url: http://www.remotesensing.org/libtiff/
Version: 3.8.2 Version: 3.8.2
Release: 106 Release: 128
Summary: Tools for Converting from and to the Tiff Format Summary: Tools for Converting from and to the Tiff Format
Source: tiff-%{version}.tar.bz2 Source: tiff-%{version}.tar.bz2
Source1: jpegint.h Source1: jpegint.h
@ -26,6 +33,8 @@ Source2: README.SUSE
Patch2: tiff-%{version}-seek.patch Patch2: tiff-%{version}-seek.patch
Patch3: tiff-%{version}-tiff2pdf.patch Patch3: tiff-%{version}-tiff2pdf.patch
Patch4: tiff-%{version}-tiffsplit-CVE-2006-2656.patch Patch4: tiff-%{version}-tiffsplit-CVE-2006-2656.patch
Patch5: tiff-%{version}-tif_lzw.c-CVE-2008-2327.patch
Patch6: tiff-%{version}-tif_lzw.c-CVE-2008-2327-2.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description %description
@ -75,6 +84,8 @@ the libtiff library.
%patch2 %patch2
%patch3 %patch3
%patch4 %patch4
%patch5
%patch6
cp %{S:1} libtiff cp %{S:1} libtiff
find -type d -name "CVS" | xargs rm -rfv find -type d -name "CVS" | xargs rm -rfv
find -type d | xargs chmod 755 find -type d | xargs chmod 755
@ -125,6 +136,8 @@ rm -rf $RPM_BUILD_ROOT
%doc %{_mandir}/man3/* %doc %{_mandir}/man3/*
%changelog %changelog
* Tue Aug 19 2008 nadvornik@suse.cz
- fixed buffer overflows in LZW code (CVE-2008-2327) [bnc#414946]
* Sun May 18 2008 coolo@suse.de * Sun May 18 2008 coolo@suse.de
- fix rename of xxbit packages - fix rename of xxbit packages
* Thu Apr 10 2008 ro@suse.de * Thu Apr 10 2008 ro@suse.de