pool/tiff
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tiff?expand=0&rev=11

Browse Source
This commit is contained in:
OBS User unknown 2009-07-03 15:02:46 +00:00 committed by Git OBS Bridge
parent 30b7aa05f2
commit 63f682b29a
3 changed files with 31 additions and 145 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
tiff-3.8.2-lzw-CVE-2009-2285.patch Normal file
View File

@ -0,0 +1,20 @@
--- libtiff/tif_lzw.c
+++ libtiff/tif_lzw.c
@@ -422,7 +422,7 @@
if (code == CODE_EOI)
break;
- if (code == CODE_CLEAR) {
+ if (code >= CODE_CLEAR) {
TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
"LZWDecode: Corrupted LZW table at scanline %d",
tif->tif_row);
@@ -625,7 +625,7 @@
NextCode(tif, sp, bp, code, GetNextCodeCompat);
if (code == CODE_EOI)
break;
- if (code == CODE_CLEAR) {
+ if (code >= CODE_CLEAR) {
TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
"LZWDecode: Corrupted LZW table at scanline %d",
tif->tif_row);

5
tiff.changes
View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Thu Jul 2 16:33:02 CEST 2009 - nadvornik@suse.cz
- fixed lzw overflow CVE-2009-2285 [bnc#518698]
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Feb 4 15:49:04 CET 2009 - nadvornik@suse.cz Wed Feb 4 15:49:04 CET 2009 - nadvornik@suse.cz

151
tiff.spec
View File

@ -19,7 +19,7 @@
Name: tiff Name: tiff
BuildRequires: gcc-c++ libjpeg-devel zlib-devel BuildRequires: gcc-c++ libjpeg-devel zlib-devel
License: X11/MIT License: MIT License (or similar)
Group: Productivity/Graphics/Convertors Group: Productivity/Graphics/Convertors
AutoReqProv: on AutoReqProv: on
# bug437293 # bug437293
@ -29,7 +29,7 @@ Obsoletes: tiff-64bit
# #
Url: http://www.remotesensing.org/libtiff/ Url: http://www.remotesensing.org/libtiff/
Version: 3.8.2 Version: 3.8.2
Release: 142 Release: 143
Summary: Tools for Converting from and to the Tiff Format Summary: Tools for Converting from and to the Tiff Format
Source: tiff-%{version}.tar.bz2 Source: tiff-%{version}.tar.bz2
Source1: jpegint.h Source1: jpegint.h
@ -41,6 +41,7 @@ Patch5: tiff-%{version}-tif_lzw.c-CVE-2008-2327.patch
Patch6: tiff-%{version}-tif_lzw.c-CVE-2008-2327-2.patch Patch6: tiff-%{version}-tif_lzw.c-CVE-2008-2327-2.patch
Patch7: tiff-am.patch Patch7: tiff-am.patch
Patch8: tiff-3.8.2-bnc444079.patch Patch8: tiff-3.8.2-bnc444079.patch
Patch9: tiff-3.8.2-lzw-CVE-2009-2285.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description %description
@ -54,7 +55,7 @@ Authors:
Sam Leffler <sam@engr.sgi.com> Sam Leffler <sam@engr.sgi.com>
%package -n libtiff3 %package -n libtiff3
License: Any permissive; X11/MIT License: PERMISSIVE-OSI-COMPLIANT ; MIT License (or similar)
Summary: The Tiff Library (with JPEG and compression support) Summary: The Tiff Library (with JPEG and compression support)
Group: System/Libraries Group: System/Libraries
Provides: libtiff = %{version} Provides: libtiff = %{version}
@ -78,7 +79,7 @@ Authors:
Sam Leffler <sam@engr.sgi.com> Sam Leffler <sam@engr.sgi.com>
%package -n libtiff-devel %package -n libtiff-devel
License: Any permissive License: PERMISSIVE-OSI-COMPLIANT
Summary: Development Tools for Programs which will use the libtiff Library Summary: Development Tools for Programs which will use the libtiff Library
Group: Development/Libraries/C and C++ Group: Development/Libraries/C and C++
Requires: libtiff3 = %{version} libjpeg-devel zlib-devel libstdc++-devel glibc-devel Requires: libtiff3 = %{version} libjpeg-devel zlib-devel libstdc++-devel glibc-devel
@ -104,6 +105,7 @@ the libtiff library.
%patch6 %patch6
%patch7 %patch7
%patch8 %patch8
%patch9
cp %{S:1} libtiff cp %{S:1} libtiff
find -type d -name "CVS" | xargs rm -rfv find -type d -name "CVS" | xargs rm -rfv
find -type d | xargs chmod 755 find -type d | xargs chmod 755
@ -154,144 +156,3 @@ rm -rf $RPM_BUILD_ROOT
%doc %{_mandir}/man3/* %doc %{_mandir}/man3/*
%changelog %changelog
* Wed Feb 04 2009 nadvornik@suse.cz
- fixed an endless loop on invalid images
(bnc#444079) CVE-2008-1586
* Tue Jan 13 2009 olh@suse.de
- obsolete old libtiff-64bit on ppc64 (bnc#437293)
* Wed Jan 07 2009 olh@suse.de
- obsolete old -XXbit packages (bnc#437293)
* Sun Sep 07 2008 schwab@suse.de
- Fix conflicting options.
* Tue Aug 19 2008 nadvornik@suse.cz
- fixed buffer overflows in LZW code (CVE-2008-2327) [bnc#414946]
* Sun May 18 2008 coolo@suse.de
- fix rename of xxbit packages
* Thu Apr 10 2008 ro@suse.de
- added baselibs.conf file to build xxbit packages
for multilib support
* Fri Jul 27 2007 ro@suse.de
- add provides and obsoletes for libtiff to libtiff3 package
* Thu Jul 19 2007 nadvornik@suse.cz
- renamed libtiff to libtiff3
- do not package static libraries
- added zlib-devel to BuildRequires
* Mon Jun 12 2006 nadvornik@suse.cz
- fixed a typo in the previous change [#179051]
* Fri Jun 02 2006 nadvornik@suse.cz
- fixed buffer overflow in tiffsplit (CVE-2006-2656) [#179051]
- fixed buffer overflow in tiff2pdf [#179587]
* Wed Apr 12 2006 nadvornik@suse.cz
- updated to 3.8.2 [#165237]
* bugfix release
* fixed several segfaults caused by incorrect tiff data
* Tue Feb 07 2006 nadvornik@suse.cz
- fixed crash on certain tiff images CVE-2006-0405 [#145757]
* Wed Jan 25 2006 mls@suse.de
- converted neededforbuild to BuildRequires
* Thu Jan 12 2006 nadvornik@suse.cz
- compile with -fstack-protector
* Tue Jan 03 2006 nadvornik@suse.cz
- updated to 3.8.0:
* Read-only support for custom directories (e.g. EXIF directory)
* Preliminary support for MS MDI format
* Mon Oct 10 2005 nadvornik@suse.cz
- built with -fno-strict-aliasing
* Fri Jul 15 2005 nadvornik@suse.cz
- updated to 3.7.3
* Tue May 24 2005 nadvornik@suse.cz
- updated to 3.7.2
- fixed 64bit bug in ppm2tiff [#85440]
- fixed buffer overflow in BitsPerSample [#82787]
* Thu Feb 17 2005 nadvornik@suse.cz
- fixed reading of alpha channel
* Sun Jan 16 2005 ro@suse.de
- added c++ to neededforbuild
* Fri Jan 07 2005 nadvornik@suse.cz
- use typedef int int32 on all architectures
* Wed Jan 05 2005 nadvornik@suse.cz
- disabled c++ API as it would add a dependency on c++ libraries
* Mon Jan 03 2005 nadvornik@suse.cz
- updated to 3.7.1: bugfix release
* Wed Dec 15 2004 nadvornik@suse.cz
- added README.SUSE pointing to the documentation [#48601]
- moved man3 to devel subpackage
* Fri Oct 22 2004 nadvornik@suse.cz
- updated to 3.7.0 - security fixes are included in mainstream
* Wed Oct 20 2004 meissner@suse.de
- Initialize ycbcrsubsampling to be not 0 in case
of bad tiffs to avoid denial of service by divison/0.
* Tue Oct 12 2004 nadvornik@suse.cz
- do not call TIFFTileSize with uninitialized values [#44635]
* Thu Oct 07 2004 pmladek@suse.cz
- fixed much more buffer overflows (the older tiff-alt-bound-CheckMalloc.patch
is included in the new libtiff-3.6.1-alt-bound.patch now) [#44635]
* Thu Sep 30 2004 nadvornik@suse.cz
- fixed more buffer overflows [#44635]
* Tue Sep 21 2004 nadvornik@suse.cz
- fixed multiple buffer overflows - CAN-2004-0803 [#44635]
- disabled old jpeg support because of security problems [#45116]
* Tue Aug 31 2004 nadvornik@suse.cz
- added LZW support
* Wed Aug 25 2004 kukuk@suse.de
- Create -devel subpackage
- Add libjpeg-devel to neededforbuild
- Avoid /bin/sh in PreRequires
* Fri Jul 02 2004 max@suse.de
- port.h is needed as well.
* Thu May 06 2004 max@suse.de
- Install private headers (tif_dir.h, tiffiop.h).
* Tue Apr 27 2004 nadvornik@suse.cz
- fixed tif_fax3 from cvs [#39515]
* Mon Feb 09 2004 nadvornik@suse.cz
- updated to 3.6.1
- fixed dangerous compiler warnings
* Sat Jan 10 2004 adrian@suse.de
- add %%defattr and %%run_ldconfig
* Wed May 21 2003 ro@suse.de
- remove cvs subdirs
* Sat Jul 27 2002 kukuk@suse.de
- Provide libtiff-devel in libtiff [Bug #17260]
* Fri Jul 26 2002 adrian@suse.de
- fix neededforbuild
* Wed Jul 03 2002 nadvornik@suse.cz
- fixed segfault in fax2tiff [bug #16818]
- fixed size of int32 on 64bit architectures
* Wed Jun 26 2002 ro@suse.de
- fixed directory permissions
* Wed Jun 19 2002 nadvornik@suse.cz
- compiled with OJPEG_SUPPORT [bug #16408]
* Thu Apr 18 2002 kukuk@suse.de
- Fix to compile on lib64 architectures
* Wed Feb 06 2002 coolo@suse.de
- use %%_libdir
* Thu Jan 24 2002 okir@suse.de
- Fixed a tempfile race in fax2ps
* Tue Dec 11 2001 nadvornik@suse.cz
- updated to 3.5.7: bugfix release
* Wed May 09 2001 mfabian@suse.de
- bzip2 sources
* Thu Mar 15 2001 schwab@suse.de
- Fix for ia64.
* Fri May 26 2000 bubnikv@suse.cz
- sorted
* Thu May 25 2000 schwab@suse.de
- Fix dso configure check for ia64.
* Thu May 11 2000 nadvornik@suse.cz
- update to 3.5.5
- added BuildRoot
* Tue Jan 25 2000 ro@suse.de
- manpages to /usr/share using macro
* Mon Jan 03 2000 schwab@suse.de
- Update to 3.5.4 (Y2K fix)
* Mon Sep 13 1999 bs@suse.de
- ran old prepare_spec on spec file to switch to new prepare_spec.
* Wed Jan 13 1999 ro@suse.de
- respect systems where libc is libc.so.6.1 (alpha)
* Wed Nov 25 1998 ro@suse.de
- update to 3.4 (final) named 3.4.final for rpm
- moved from /usr/X11R6 to /usr
* Wed Jul 29 1998 werner@suse.de
- Link shared libs explicit with -lc
* Tue May 12 1998 ro@suse.de
- extracted package from libgr / build from own sources