diff --git a/tiff-3.9.2-NULL-deref.patch b/tiff-3.9.2-NULL-deref.patch deleted file mode 100644 index 338532d..0000000 --- a/tiff-3.9.2-NULL-deref.patch +++ /dev/null @@ -1,19 +0,0 @@ -Index: libtiff/tif_ojpeg.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_ojpeg.c,v -retrieving revision 1.24.2.5 -retrieving revision 1.24.2.6 -diff -u -p -r1.24.2.5 -r1.24.2.6 ---- libtiff/tif_ojpeg.c 8 Jun 2010 18:50:42 -0000 1.24.2.5 -+++ libtiff/tif_ojpeg.c 8 Jun 2010 23:29:51 -0000 1.24.2.6 -@@ -1909,6 +1909,10 @@ OJPEGReadBufferFill(OJPEGState* sp) - sp->in_buffer_source=osibsEof; - else - { -+ if (sp->tif->tif_dir.td_stripoffset == 0) { -+ TIFFErrorExt(sp->tif->tif_clientdata,sp->tif->tif_name,"Strip offsets are missing"); -+ return(0); -+ } - sp->in_buffer_file_pos=sp->tif->tif_dir.td_stripoffset[sp->in_buffer_next_strile]; - if (sp->in_buffer_file_pos!=0) - { diff --git a/tiff-3.9.2-integer-overflow.patch b/tiff-3.9.2-integer-overflow.patch deleted file mode 100644 index 964a4aa..0000000 --- a/tiff-3.9.2-integer-overflow.patch +++ /dev/null @@ -1,17 +0,0 @@ -Index: libtiff/tif_read.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_read.c,v -retrieving revision 1.16.2.1 -retrieving revision 1.16.2.2 -diff -u -p -r1.16.2.1 -r1.16.2.2 ---- libtiff/tif_read.c 8 Jun 2010 18:50:43 -0000 1.16.2.1 -+++ libtiff/tif_read.c 8 Jun 2010 23:29:51 -0000 1.16.2.2 -@@ -609,7 +610,7 @@ TIFFReadBufferSetup(TIFF* tif, tdata_t b - tif->tif_rawdata = (tidata_t) _TIFFmalloc(tif->tif_rawdatasize); - tif->tif_flags |= TIFF_MYBUFFER; - } -- if (tif->tif_rawdata == NULL) { -+ if ((tif->tif_rawdata == NULL) || (tif->tif_rawdatasize == 0)) { - TIFFErrorExt(tif->tif_clientdata, module, - "%s: No space for data buffer at scanline %ld", - tif->tif_name, (long) tif->tif_row); diff --git a/tiff-3.9.2.tar.bz2 b/tiff-3.9.2.tar.bz2 deleted file mode 100644 index 9e8ff12..0000000 --- a/tiff-3.9.2.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c8952149cbcd937ac620f913981dc0ffc7db79696c2f0d559b71d5cd51721e6e -size 1160792 diff --git a/tiff-3.9.2-getimage-64bit.patch b/tiff-3.9.4-getimage-64bit.patch similarity index 100% rename from tiff-3.9.2-getimage-64bit.patch rename to tiff-3.9.4-getimage-64bit.patch diff --git a/tiff-3.9.2-oob-read.patch b/tiff-3.9.4-oob-read.patch similarity index 100% rename from tiff-3.9.2-oob-read.patch rename to tiff-3.9.4-oob-read.patch diff --git a/tiff-3.9.2-seek.patch b/tiff-3.9.4-seek.patch similarity index 100% rename from tiff-3.9.2-seek.patch rename to tiff-3.9.4-seek.patch diff --git a/tiff-3.9.2-tiff2pdf-colors.patch b/tiff-3.9.4-tiff2pdf-colors.patch similarity index 100% rename from tiff-3.9.2-tiff2pdf-colors.patch rename to tiff-3.9.4-tiff2pdf-colors.patch diff --git a/tiff-3.9.4.tar.bz2 b/tiff-3.9.4.tar.bz2 new file mode 100644 index 0000000..6e79c79 --- /dev/null +++ b/tiff-3.9.4.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a2102a511ebee0d99d769e70efe017c7a114cd17c98f338dd5e073a6b61cd6ba +size 1116882 diff --git a/tiff.changes b/tiff.changes index 2681d76..ededea8 100644 --- a/tiff.changes +++ b/tiff.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Mon Jul 12 16:36:48 CEST 2010 - pgajdos@suse.cz + +- updated to 3.9.4: fixes CVE-2010-2065 -- obsoletes + * integer-overflow.patch + * NULL-deref.patch +- fixes CVE-2010-2067 + ------------------------------------------------------------------- Wed Jun 23 10:32:01 CEST 2010 - pgajdos@suse.cz diff --git a/tiff.spec b/tiff.spec index 4e68b27..f517ddc 100644 --- a/tiff.spec +++ b/tiff.spec @@ -1,5 +1,5 @@ # -# spec file for package tiff (Version 3.9.2) +# spec file for package tiff (Version 3.9.4) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -28,16 +28,14 @@ Obsoletes: tiff-64bit %endif # Url: http://www.remotesensing.org/libtiff/ -Version: 3.9.2 -Release: 4 +Version: 3.9.4 +Release: 1 Summary: Tools for Converting from and to the Tiff Format Source: tiff-%{version}.tar.bz2 Source2: README.SUSE Source3: baselibs.conf Patch2: tiff-%{version}-seek.patch Patch3: tiff-%{version}-tiff2pdf-colors.patch -Patch4: tiff-%{version}-NULL-deref.patch -Patch5: tiff-%{version}-integer-overflow.patch Patch6: tiff-%{version}-oob-read.patch Patch7: tiff-%{version}-getimage-64bit.patch # FYI: this issue is solved another way @@ -101,8 +99,6 @@ the libtiff library. %setup -q %patch2 %patch3 -p1 -%patch4 -%patch5 %patch6 -p1 %patch7 -p1 find -type d -name "CVS" | xargs rm -rfv