OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=73

2016-01-13 17:00:35 +00:00 · 2016-01-13 17:00:35 +00:00 · 616d19b8b7
commit 616d19b8b7
parent a4befe7391
3 changed files with 12 additions and 17 deletions
--- a/tiff-4.0.4-uninitialized_mem_NeXTDecode.patch
+++ b/tiff-4.0.4-uninitialized_mem_NeXTDecode.patch
@ -1,5 +1,5 @@
 --- libtiff/tif_next.c	29 Dec 2014 12:09:11 -0000	1.16
-+++ libtiff/tif_next.c	27 Dec 2015 17:14:52 -0000	1.18
+++ libtiff/tif_next.c	27 Dec 2015 16:55:20 -0000	1.17
@@ -37,7 +37,7 @@
 	case 0:	op[0]  = (unsigned char) ((v) << 6); break;	\
 	case 1:	op[0] |= (v) << 4; break;	\
@ -9,14 +9,14 @@
 	}					\
 }
 
-@@ -103,6 +103,7 @@
- 		}
- 		default: {
- 			uint32 npixels = 0, grey;
-+			tmsize_t op_offset = 0;
+@@ -106,6 +106,7 @@
 			uint32 imagewidth = tif->tif_dir.td_imagewidth;
             if( isTiled(tif) )
                 imagewidth = tif->tif_dir.td_tilewidth;
+            tmsize_t op_offset = 0;
+ 
+ 			/*
+ 			 * The scanline is composed of a sequence of constant
@@ -122,10 +123,15 @@
 				 * bounds, potentially resulting in a security
 				 * issue.
--- a/tiff.changes
+++ b/tiff.changes
@ -1,11 +1,9 @@
 -------------------------------------------------------------------
-Mon Jan 11 09:48:49 UTC 2016 - fstrba@suse.com
+Mon Jan 11 13:53:42 UTC 2016 - kstreitova@suse.com

- Added patch:
-  * tiff-4.0.6-nextdecode-oob.patch
-    - Fix potential out-of-bound write in NeXTDecode() triggered by
-      http://lcamtuf.coredump.cx/afl/vulns/libtiff5.tif (#2508,
-      bsc#942690)
+- add tiff-4.0.4-uninitialized_mem_NeXTDecode.patch to fix
+  uninitialized memory in NeXTDecode (upstream bug #2508)
+  [bnc#942690]

 -------------------------------------------------------------------
 Tue Dec  8 15:55:30 UTC 2015 - p.drouand@gmail.com
--- a/tiff.spec
+++ b/tiff.spec
@ -30,14 +30,11 @@ Patch0:         tiff-4.0.3-seek.patch
 # http://bugzilla.maptools.org/show_bug.cgi?id=2442
 Patch1:         tiff-4.0.3-compress-warning.patch
 # http://bugzilla.maptools.org/show_bug.cgi?id=2508
-Patch2:         tiff-4.0.6-nextdecode-oob.patch
+Patch2:         tiff-4.0.4-uninitialized_mem_NeXTDecode.patch
 BuildRequires:  gcc-c++
 BuildRequires:  libjpeg-devel
 BuildRequires:  libtool
 BuildRequires:  zlib-devel
-# FYI: this issue is solved another way
-# http://bugzilla.maptools.org/show_bug.cgi?id=1985#c1
-# Patch9:         tiff-%{version}-lzw-CVE-2009-2285.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %if 0%{?suse_version} > 1030
 BuildRequires:  lzma-devel
@ -96,7 +93,7 @@ the libtiff library.
 %setup -q
 %patch0 -p1
 %patch1 -p1
-%patch2 -p0
+%patch2

 %build
 CFLAGS="%{optflags} -fPIE"