From 534e709f59de361365a417544de9d27908dec4831cf51a94a2cd63f106c68184 Mon Sep 17 00:00:00 2001 From: Petr Gajdos Date: Wed, 23 Jun 2010 08:48:20 +0000 Subject: [PATCH 1/6] - fixed CVE-2010-2065 * integer-overflow.patch * NULL-deref.patch and out of bounds read * oob-read.patch OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=17 --- tiff-3.9.2-NULL-deref.patch | 19 +++++++++++++++++++ tiff-3.9.2-integer-overflow.patch | 17 +++++++++++++++++ tiff-3.9.2-oob-read.patch | 12 ++++++++++++ tiff.changes | 9 +++++++++ tiff.spec | 6 ++++++ 5 files changed, 63 insertions(+) create mode 100644 tiff-3.9.2-NULL-deref.patch create mode 100644 tiff-3.9.2-integer-overflow.patch create mode 100644 tiff-3.9.2-oob-read.patch diff --git a/tiff-3.9.2-NULL-deref.patch b/tiff-3.9.2-NULL-deref.patch new file mode 100644 index 0000000..338532d --- /dev/null +++ b/tiff-3.9.2-NULL-deref.patch @@ -0,0 +1,19 @@ +Index: libtiff/tif_ojpeg.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_ojpeg.c,v +retrieving revision 1.24.2.5 +retrieving revision 1.24.2.6 +diff -u -p -r1.24.2.5 -r1.24.2.6 +--- libtiff/tif_ojpeg.c 8 Jun 2010 18:50:42 -0000 1.24.2.5 ++++ libtiff/tif_ojpeg.c 8 Jun 2010 23:29:51 -0000 1.24.2.6 +@@ -1909,6 +1909,10 @@ OJPEGReadBufferFill(OJPEGState* sp) + sp->in_buffer_source=osibsEof; + else + { ++ if (sp->tif->tif_dir.td_stripoffset == 0) { ++ TIFFErrorExt(sp->tif->tif_clientdata,sp->tif->tif_name,"Strip offsets are missing"); ++ return(0); ++ } + sp->in_buffer_file_pos=sp->tif->tif_dir.td_stripoffset[sp->in_buffer_next_strile]; + if (sp->in_buffer_file_pos!=0) + { diff --git a/tiff-3.9.2-integer-overflow.patch b/tiff-3.9.2-integer-overflow.patch new file mode 100644 index 0000000..964a4aa --- /dev/null +++ b/tiff-3.9.2-integer-overflow.patch @@ -0,0 +1,17 @@ +Index: libtiff/tif_read.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_read.c,v +retrieving revision 1.16.2.1 +retrieving revision 1.16.2.2 +diff -u -p -r1.16.2.1 -r1.16.2.2 +--- libtiff/tif_read.c 8 Jun 2010 18:50:43 -0000 1.16.2.1 ++++ libtiff/tif_read.c 8 Jun 2010 23:29:51 -0000 1.16.2.2 +@@ -609,7 +610,7 @@ TIFFReadBufferSetup(TIFF* tif, tdata_t b + tif->tif_rawdata = (tidata_t) _TIFFmalloc(tif->tif_rawdatasize); + tif->tif_flags |= TIFF_MYBUFFER; + } +- if (tif->tif_rawdata == NULL) { ++ if ((tif->tif_rawdata == NULL) || (tif->tif_rawdatasize == 0)) { + TIFFErrorExt(tif->tif_clientdata, module, + "%s: No space for data buffer at scanline %ld", + tif->tif_name, (long) tif->tif_row); diff --git a/tiff-3.9.2-oob-read.patch b/tiff-3.9.2-oob-read.patch new file mode 100644 index 0000000..8f67f3c --- /dev/null +++ b/tiff-3.9.2-oob-read.patch @@ -0,0 +1,12 @@ +diff -Naur tiff-3.9.2.orig/libtiff/tif_getimage.c tiff-3.9.2/libtiff/tif_getimage.c +--- tiff-3.9.2.orig/libtiff/tif_getimage.c 2009-08-30 12:21:46.000000000 -0400 ++++ tiff-3.9.2/libtiff/tif_getimage.c 2010-06-11 12:06:47.000000000 -0400 +@@ -2397,7 +2397,7 @@ + } + break; + case PHOTOMETRIC_YCBCR: +- if (img->bitspersample == 8) ++ if ((img->bitspersample==8) && (img->samplesperpixel==3)) + { + if (initYCbCrConversion(img)!=0) + { diff --git a/tiff.changes b/tiff.changes index 995bf05..ba0cfb0 100644 --- a/tiff.changes +++ b/tiff.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Wed Jun 23 10:32:01 CEST 2010 - pgajdos@suse.cz + +- fixed CVE-2010-2065 + * integer-overflow.patch + * NULL-deref.patch + and out of bounds read + * oob-read.patch + ------------------------------------------------------------------- Mon Apr 26 15:07:09 CEST 2010 - pgajdos@suse.cz diff --git a/tiff.spec b/tiff.spec index 38ec934..c3d9b98 100644 --- a/tiff.spec +++ b/tiff.spec @@ -36,6 +36,9 @@ Source2: README.SUSE Source3: baselibs.conf Patch2: tiff-%{version}-seek.patch Patch3: tiff-%{version}-tiff2pdf-colors.patch +Patch4: tiff-%{version}-NULL-deref.patch +Patch5: tiff-%{version}-integer-overflow.patch +Patch6: tiff-%{version}-oob-read.patch # FYI: this issue is solved another way # http://bugzilla.maptools.org/show_bug.cgi?id=1985#c1 # Patch9: tiff-%{version}-lzw-CVE-2009-2285.patch @@ -97,6 +100,9 @@ the libtiff library. %setup -q %patch2 %patch3 -p1 +%patch4 +%patch5 +%patch6 -p1 find -type d -name "CVS" | xargs rm -rfv find -type d | xargs chmod 755 From 190f2ef330256efbd451dd8379319a59232ccba697fed02612b0ffe442ed0b36 Mon Sep 17 00:00:00 2001 From: Petr Gajdos Date: Wed, 23 Jun 2010 09:19:39 +0000 Subject: [PATCH 2/6] - part of [bnc#612879] OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=18 --- tiff.changes | 1 + 1 file changed, 1 insertion(+) diff --git a/tiff.changes b/tiff.changes index ba0cfb0..339bf7b 100644 --- a/tiff.changes +++ b/tiff.changes @@ -6,6 +6,7 @@ Wed Jun 23 10:32:01 CEST 2010 - pgajdos@suse.cz * NULL-deref.patch and out of bounds read * oob-read.patch +- part of [bnc#612879] ------------------------------------------------------------------- Mon Apr 26 15:07:09 CEST 2010 - pgajdos@suse.cz From edd0a84a4713d450cc0accc800bd5b3078d72d97f89ad2eaa71bfef3a5cf3536 Mon Sep 17 00:00:00 2001 From: Petr Gajdos Date: Wed, 23 Jun 2010 15:50:18 +0000 Subject: [PATCH 3/6] - fixed out of bounds read - fixed CVE-2010-2233 * getimage-64bit.patch - [bnc#612879] OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=19 --- tiff-3.9.2-getimage-64bit.patch | 41 +++++++++++++++++++++++++++++++++ tiff.changes | 6 +++-- tiff.spec | 2 ++ 3 files changed, 47 insertions(+), 2 deletions(-) create mode 100644 tiff-3.9.2-getimage-64bit.patch diff --git a/tiff-3.9.2-getimage-64bit.patch b/tiff-3.9.2-getimage-64bit.patch new file mode 100644 index 0000000..5cd99e4 --- /dev/null +++ b/tiff-3.9.2-getimage-64bit.patch @@ -0,0 +1,41 @@ +diff -Naur tiff-3.9.2.orig/libtiff/tif_getimage.c tiff-3.9.2/libtiff/tif_getimage.c +--- tiff-3.9.2.orig/libtiff/tif_getimage.c 2009-08-30 12:21:46.000000000 -0400 ++++ tiff-3.9.2/libtiff/tif_getimage.c 2010-06-10 15:07:28.000000000 -0400 +@@ -1846,6 +1846,7 @@ + DECLAREContigPutFunc(putcontig8bitYCbCr22tile) + { + uint32* cp2; ++ int32 incr = 2*toskew+w; + (void) y; + fromskew = (fromskew / 2) * 6; + cp2 = cp+w+toskew; +@@ -1872,8 +1873,8 @@ + cp2 ++ ; + pp += 6; + } +- cp += toskew*2+w; +- cp2 += toskew*2+w; ++ cp += incr; ++ cp2 += incr; + pp += fromskew; + h-=2; + } +@@ -1939,6 +1940,7 @@ + DECLAREContigPutFunc(putcontig8bitYCbCr12tile) + { + uint32* cp2; ++ int32 incr = 2*toskew+w; + (void) y; + fromskew = (fromskew / 2) * 4; + cp2 = cp+w+toskew; +@@ -1953,8 +1955,8 @@ + cp2 ++; + pp += 4; + } while (--x); +- cp += toskew*2+w; +- cp2 += toskew*2+w; ++ cp += incr; ++ cp2 += incr; + pp += fromskew; + h-=2; + } diff --git a/tiff.changes b/tiff.changes index 339bf7b..2681d76 100644 --- a/tiff.changes +++ b/tiff.changes @@ -4,9 +4,11 @@ Wed Jun 23 10:32:01 CEST 2010 - pgajdos@suse.cz - fixed CVE-2010-2065 * integer-overflow.patch * NULL-deref.patch - and out of bounds read +- fixed out of bounds read * oob-read.patch -- part of [bnc#612879] +- fixed CVE-2010-2233 + * getimage-64bit.patch +- [bnc#612879] ------------------------------------------------------------------- Mon Apr 26 15:07:09 CEST 2010 - pgajdos@suse.cz diff --git a/tiff.spec b/tiff.spec index c3d9b98..4741224 100644 --- a/tiff.spec +++ b/tiff.spec @@ -39,6 +39,7 @@ Patch3: tiff-%{version}-tiff2pdf-colors.patch Patch4: tiff-%{version}-NULL-deref.patch Patch5: tiff-%{version}-integer-overflow.patch Patch6: tiff-%{version}-oob-read.patch +Patch7: tiff-%{version}-getimage-64bit.patch # FYI: this issue is solved another way # http://bugzilla.maptools.org/show_bug.cgi?id=1985#c1 # Patch9: tiff-%{version}-lzw-CVE-2009-2285.patch @@ -103,6 +104,7 @@ the libtiff library. %patch4 %patch5 %patch6 -p1 +%patch7 -p1 find -type d -name "CVS" | xargs rm -rfv find -type d | xargs chmod 755 From eb86a43286dae8538818aae5a29797781c368c5a1948ad1a9a46ee91893f41bf Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Fri, 25 Jun 2010 18:48:21 +0000 Subject: [PATCH 4/6] Accepting request 41989 from graphics checked in (request 41989) OBS-URL: https://build.opensuse.org/request/show/41989 OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=20 --- tiff-3.9.2-NULL-deref.patch | 19 -------------- tiff-3.9.2-getimage-64bit.patch | 41 ------------------------------- tiff-3.9.2-integer-overflow.patch | 17 ------------- tiff-3.9.2-oob-read.patch | 12 --------- tiff.changes | 12 --------- tiff.spec | 8 ------ 6 files changed, 109 deletions(-) delete mode 100644 tiff-3.9.2-NULL-deref.patch delete mode 100644 tiff-3.9.2-getimage-64bit.patch delete mode 100644 tiff-3.9.2-integer-overflow.patch delete mode 100644 tiff-3.9.2-oob-read.patch diff --git a/tiff-3.9.2-NULL-deref.patch b/tiff-3.9.2-NULL-deref.patch deleted file mode 100644 index 338532d..0000000 --- a/tiff-3.9.2-NULL-deref.patch +++ /dev/null @@ -1,19 +0,0 @@ -Index: libtiff/tif_ojpeg.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_ojpeg.c,v -retrieving revision 1.24.2.5 -retrieving revision 1.24.2.6 -diff -u -p -r1.24.2.5 -r1.24.2.6 ---- libtiff/tif_ojpeg.c 8 Jun 2010 18:50:42 -0000 1.24.2.5 -+++ libtiff/tif_ojpeg.c 8 Jun 2010 23:29:51 -0000 1.24.2.6 -@@ -1909,6 +1909,10 @@ OJPEGReadBufferFill(OJPEGState* sp) - sp->in_buffer_source=osibsEof; - else - { -+ if (sp->tif->tif_dir.td_stripoffset == 0) { -+ TIFFErrorExt(sp->tif->tif_clientdata,sp->tif->tif_name,"Strip offsets are missing"); -+ return(0); -+ } - sp->in_buffer_file_pos=sp->tif->tif_dir.td_stripoffset[sp->in_buffer_next_strile]; - if (sp->in_buffer_file_pos!=0) - { diff --git a/tiff-3.9.2-getimage-64bit.patch b/tiff-3.9.2-getimage-64bit.patch deleted file mode 100644 index 5cd99e4..0000000 --- a/tiff-3.9.2-getimage-64bit.patch +++ /dev/null @@ -1,41 +0,0 @@ -diff -Naur tiff-3.9.2.orig/libtiff/tif_getimage.c tiff-3.9.2/libtiff/tif_getimage.c ---- tiff-3.9.2.orig/libtiff/tif_getimage.c 2009-08-30 12:21:46.000000000 -0400 -+++ tiff-3.9.2/libtiff/tif_getimage.c 2010-06-10 15:07:28.000000000 -0400 -@@ -1846,6 +1846,7 @@ - DECLAREContigPutFunc(putcontig8bitYCbCr22tile) - { - uint32* cp2; -+ int32 incr = 2*toskew+w; - (void) y; - fromskew = (fromskew / 2) * 6; - cp2 = cp+w+toskew; -@@ -1872,8 +1873,8 @@ - cp2 ++ ; - pp += 6; - } -- cp += toskew*2+w; -- cp2 += toskew*2+w; -+ cp += incr; -+ cp2 += incr; - pp += fromskew; - h-=2; - } -@@ -1939,6 +1940,7 @@ - DECLAREContigPutFunc(putcontig8bitYCbCr12tile) - { - uint32* cp2; -+ int32 incr = 2*toskew+w; - (void) y; - fromskew = (fromskew / 2) * 4; - cp2 = cp+w+toskew; -@@ -1953,8 +1955,8 @@ - cp2 ++; - pp += 4; - } while (--x); -- cp += toskew*2+w; -- cp2 += toskew*2+w; -+ cp += incr; -+ cp2 += incr; - pp += fromskew; - h-=2; - } diff --git a/tiff-3.9.2-integer-overflow.patch b/tiff-3.9.2-integer-overflow.patch deleted file mode 100644 index 964a4aa..0000000 --- a/tiff-3.9.2-integer-overflow.patch +++ /dev/null @@ -1,17 +0,0 @@ -Index: libtiff/tif_read.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_read.c,v -retrieving revision 1.16.2.1 -retrieving revision 1.16.2.2 -diff -u -p -r1.16.2.1 -r1.16.2.2 ---- libtiff/tif_read.c 8 Jun 2010 18:50:43 -0000 1.16.2.1 -+++ libtiff/tif_read.c 8 Jun 2010 23:29:51 -0000 1.16.2.2 -@@ -609,7 +610,7 @@ TIFFReadBufferSetup(TIFF* tif, tdata_t b - tif->tif_rawdata = (tidata_t) _TIFFmalloc(tif->tif_rawdatasize); - tif->tif_flags |= TIFF_MYBUFFER; - } -- if (tif->tif_rawdata == NULL) { -+ if ((tif->tif_rawdata == NULL) || (tif->tif_rawdatasize == 0)) { - TIFFErrorExt(tif->tif_clientdata, module, - "%s: No space for data buffer at scanline %ld", - tif->tif_name, (long) tif->tif_row); diff --git a/tiff-3.9.2-oob-read.patch b/tiff-3.9.2-oob-read.patch deleted file mode 100644 index 8f67f3c..0000000 --- a/tiff-3.9.2-oob-read.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -Naur tiff-3.9.2.orig/libtiff/tif_getimage.c tiff-3.9.2/libtiff/tif_getimage.c ---- tiff-3.9.2.orig/libtiff/tif_getimage.c 2009-08-30 12:21:46.000000000 -0400 -+++ tiff-3.9.2/libtiff/tif_getimage.c 2010-06-11 12:06:47.000000000 -0400 -@@ -2397,7 +2397,7 @@ - } - break; - case PHOTOMETRIC_YCBCR: -- if (img->bitspersample == 8) -+ if ((img->bitspersample==8) && (img->samplesperpixel==3)) - { - if (initYCbCrConversion(img)!=0) - { diff --git a/tiff.changes b/tiff.changes index 2681d76..995bf05 100644 --- a/tiff.changes +++ b/tiff.changes @@ -1,15 +1,3 @@ -------------------------------------------------------------------- -Wed Jun 23 10:32:01 CEST 2010 - pgajdos@suse.cz - -- fixed CVE-2010-2065 - * integer-overflow.patch - * NULL-deref.patch -- fixed out of bounds read - * oob-read.patch -- fixed CVE-2010-2233 - * getimage-64bit.patch -- [bnc#612879] - ------------------------------------------------------------------- Mon Apr 26 15:07:09 CEST 2010 - pgajdos@suse.cz diff --git a/tiff.spec b/tiff.spec index 4741224..38ec934 100644 --- a/tiff.spec +++ b/tiff.spec @@ -36,10 +36,6 @@ Source2: README.SUSE Source3: baselibs.conf Patch2: tiff-%{version}-seek.patch Patch3: tiff-%{version}-tiff2pdf-colors.patch -Patch4: tiff-%{version}-NULL-deref.patch -Patch5: tiff-%{version}-integer-overflow.patch -Patch6: tiff-%{version}-oob-read.patch -Patch7: tiff-%{version}-getimage-64bit.patch # FYI: this issue is solved another way # http://bugzilla.maptools.org/show_bug.cgi?id=1985#c1 # Patch9: tiff-%{version}-lzw-CVE-2009-2285.patch @@ -101,10 +97,6 @@ the libtiff library. %setup -q %patch2 %patch3 -p1 -%patch4 -%patch5 -%patch6 -p1 -%patch7 -p1 find -type d -name "CVS" | xargs rm -rfv find -type d | xargs chmod 755 From 75ab37b55f91ae7119fe5f3bd3760cad487c79775fff804338ba4052fda40776 Mon Sep 17 00:00:00 2001 From: Petr Gajdos Date: Mon, 12 Jul 2010 14:40:09 +0000 Subject: [PATCH 5/6] - updated to 3.9.4: fixes CVE-2010-2065 -- obsoletes * integer-overflow.patch * NULL-deref.patch - fixes CVE-2010-2067 OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=21 --- tiff-3.9.2.tar.bz2 | 3 -- tiff-3.9.4-getimage-64bit.patch | 41 +++++++++++++++++++ tiff-3.9.4-oob-read.patch | 12 ++++++ ...-3.9.2-seek.patch => tiff-3.9.4-seek.patch | 0 ....patch => tiff-3.9.4-tiff2pdf-colors.patch | 0 tiff-3.9.4.tar.bz2 | 3 ++ tiff.changes | 20 +++++++++ tiff.spec | 8 +++- 8 files changed, 82 insertions(+), 5 deletions(-) delete mode 100644 tiff-3.9.2.tar.bz2 create mode 100644 tiff-3.9.4-getimage-64bit.patch create mode 100644 tiff-3.9.4-oob-read.patch rename tiff-3.9.2-seek.patch => tiff-3.9.4-seek.patch (100%) rename tiff-3.9.2-tiff2pdf-colors.patch => tiff-3.9.4-tiff2pdf-colors.patch (100%) create mode 100644 tiff-3.9.4.tar.bz2 diff --git a/tiff-3.9.2.tar.bz2 b/tiff-3.9.2.tar.bz2 deleted file mode 100644 index 9e8ff12..0000000 --- a/tiff-3.9.2.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c8952149cbcd937ac620f913981dc0ffc7db79696c2f0d559b71d5cd51721e6e -size 1160792 diff --git a/tiff-3.9.4-getimage-64bit.patch b/tiff-3.9.4-getimage-64bit.patch new file mode 100644 index 0000000..5cd99e4 --- /dev/null +++ b/tiff-3.9.4-getimage-64bit.patch @@ -0,0 +1,41 @@ +diff -Naur tiff-3.9.2.orig/libtiff/tif_getimage.c tiff-3.9.2/libtiff/tif_getimage.c +--- tiff-3.9.2.orig/libtiff/tif_getimage.c 2009-08-30 12:21:46.000000000 -0400 ++++ tiff-3.9.2/libtiff/tif_getimage.c 2010-06-10 15:07:28.000000000 -0400 +@@ -1846,6 +1846,7 @@ + DECLAREContigPutFunc(putcontig8bitYCbCr22tile) + { + uint32* cp2; ++ int32 incr = 2*toskew+w; + (void) y; + fromskew = (fromskew / 2) * 6; + cp2 = cp+w+toskew; +@@ -1872,8 +1873,8 @@ + cp2 ++ ; + pp += 6; + } +- cp += toskew*2+w; +- cp2 += toskew*2+w; ++ cp += incr; ++ cp2 += incr; + pp += fromskew; + h-=2; + } +@@ -1939,6 +1940,7 @@ + DECLAREContigPutFunc(putcontig8bitYCbCr12tile) + { + uint32* cp2; ++ int32 incr = 2*toskew+w; + (void) y; + fromskew = (fromskew / 2) * 4; + cp2 = cp+w+toskew; +@@ -1953,8 +1955,8 @@ + cp2 ++; + pp += 4; + } while (--x); +- cp += toskew*2+w; +- cp2 += toskew*2+w; ++ cp += incr; ++ cp2 += incr; + pp += fromskew; + h-=2; + } diff --git a/tiff-3.9.4-oob-read.patch b/tiff-3.9.4-oob-read.patch new file mode 100644 index 0000000..8f67f3c --- /dev/null +++ b/tiff-3.9.4-oob-read.patch @@ -0,0 +1,12 @@ +diff -Naur tiff-3.9.2.orig/libtiff/tif_getimage.c tiff-3.9.2/libtiff/tif_getimage.c +--- tiff-3.9.2.orig/libtiff/tif_getimage.c 2009-08-30 12:21:46.000000000 -0400 ++++ tiff-3.9.2/libtiff/tif_getimage.c 2010-06-11 12:06:47.000000000 -0400 +@@ -2397,7 +2397,7 @@ + } + break; + case PHOTOMETRIC_YCBCR: +- if (img->bitspersample == 8) ++ if ((img->bitspersample==8) && (img->samplesperpixel==3)) + { + if (initYCbCrConversion(img)!=0) + { diff --git a/tiff-3.9.2-seek.patch b/tiff-3.9.4-seek.patch similarity index 100% rename from tiff-3.9.2-seek.patch rename to tiff-3.9.4-seek.patch diff --git a/tiff-3.9.2-tiff2pdf-colors.patch b/tiff-3.9.4-tiff2pdf-colors.patch similarity index 100% rename from tiff-3.9.2-tiff2pdf-colors.patch rename to tiff-3.9.4-tiff2pdf-colors.patch diff --git a/tiff-3.9.4.tar.bz2 b/tiff-3.9.4.tar.bz2 new file mode 100644 index 0000000..6e79c79 --- /dev/null +++ b/tiff-3.9.4.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a2102a511ebee0d99d769e70efe017c7a114cd17c98f338dd5e073a6b61cd6ba +size 1116882 diff --git a/tiff.changes b/tiff.changes index 995bf05..ededea8 100644 --- a/tiff.changes +++ b/tiff.changes @@ -1,3 +1,23 @@ +------------------------------------------------------------------- +Mon Jul 12 16:36:48 CEST 2010 - pgajdos@suse.cz + +- updated to 3.9.4: fixes CVE-2010-2065 -- obsoletes + * integer-overflow.patch + * NULL-deref.patch +- fixes CVE-2010-2067 + +------------------------------------------------------------------- +Wed Jun 23 10:32:01 CEST 2010 - pgajdos@suse.cz + +- fixed CVE-2010-2065 + * integer-overflow.patch + * NULL-deref.patch +- fixed out of bounds read + * oob-read.patch +- fixed CVE-2010-2233 + * getimage-64bit.patch +- [bnc#612879] + ------------------------------------------------------------------- Mon Apr 26 15:07:09 CEST 2010 - pgajdos@suse.cz diff --git a/tiff.spec b/tiff.spec index 38ec934..285b126 100644 --- a/tiff.spec +++ b/tiff.spec @@ -28,14 +28,16 @@ Obsoletes: tiff-64bit %endif # Url: http://www.remotesensing.org/libtiff/ -Version: 3.9.2 -Release: 3 +Version: 3.9.4 +Release: 4 Summary: Tools for Converting from and to the Tiff Format Source: tiff-%{version}.tar.bz2 Source2: README.SUSE Source3: baselibs.conf Patch2: tiff-%{version}-seek.patch Patch3: tiff-%{version}-tiff2pdf-colors.patch +Patch6: tiff-%{version}-oob-read.patch +Patch7: tiff-%{version}-getimage-64bit.patch # FYI: this issue is solved another way # http://bugzilla.maptools.org/show_bug.cgi?id=1985#c1 # Patch9: tiff-%{version}-lzw-CVE-2009-2285.patch @@ -97,6 +99,8 @@ the libtiff library. %setup -q %patch2 %patch3 -p1 +%patch6 -p1 +%patch7 -p1 find -type d -name "CVS" | xargs rm -rfv find -type d | xargs chmod 755 From 7fe5753bde1f5ddf8b1044ede2321e13173da83b06e5eb40bb2bde64edef979d Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Mon, 19 Jul 2010 11:27:37 +0000 Subject: [PATCH 6/6] Accepting request 42845 from graphics checked in (request 42845) OBS-URL: https://build.opensuse.org/request/show/42845 OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=22 --- tiff.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tiff.spec b/tiff.spec index 285b126..f517ddc 100644 --- a/tiff.spec +++ b/tiff.spec @@ -1,5 +1,5 @@ # -# spec file for package tiff (Version 3.9.2) +# spec file for package tiff (Version 3.9.4) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -29,7 +29,7 @@ Obsoletes: tiff-64bit # Url: http://www.remotesensing.org/libtiff/ Version: 3.9.4 -Release: 4 +Release: 1 Summary: Tools for Converting from and to the Tiff Format Source: tiff-%{version}.tar.bz2 Source2: README.SUSE