This commit is contained in:
OBS User unknown
Git OBS Bridge
parent
30b7aa05f2
commit
63f682b29a
20
tiff-3.8.2-lzw-CVE-2009-2285.patch
Normal file
20
tiff-3.8.2-lzw-CVE-2009-2285.patch
Normal file
@ -0,0 +1,20 @@
|
||||
--- libtiff/tif_lzw.c
|
||||
+++ libtiff/tif_lzw.c
|
||||
@@ -422,7 +422,7 @@
|
||||
if (code == CODE_EOI)
|
||||
break;
|
||||
|
||||
- if (code == CODE_CLEAR) {
|
||||
+ if (code >= CODE_CLEAR) {
|
||||
TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
|
||||
"LZWDecode: Corrupted LZW table at scanline %d",
|
||||
tif->tif_row);
|
||||
@@ -625,7 +625,7 @@
|
||||
NextCode(tif, sp, bp, code, GetNextCodeCompat);
|
||||
if (code == CODE_EOI)
|
||||
break;
|
||||
- if (code == CODE_CLEAR) {
|
||||
+ if (code >= CODE_CLEAR) {
|
||||
TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
|
||||
"LZWDecode: Corrupted LZW table at scanline %d",
|
||||
tif->tif_row);
|
||||
@ -1,3 +1,8 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Jul 2 16:33:02 CEST 2009 - nadvornik@suse.cz
|
||||
|
||||
- fixed lzw overflow CVE-2009-2285 [bnc#518698]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Feb 4 15:49:04 CET 2009 - nadvornik@suse.cz
|
||||
|
||||
|
||||
151
tiff.spec
151
tiff.spec
@ -19,7 +19,7 @@
|
||||
|
||||
Name: tiff
|
||||
BuildRequires: gcc-c++ libjpeg-devel zlib-devel
|
||||
License: X11/MIT
|
||||
License: MIT License (or similar)
|
||||
Group: Productivity/Graphics/Convertors
|
||||
AutoReqProv: on
|
||||
# bug437293
|
||||
@ -29,7 +29,7 @@ Obsoletes: tiff-64bit
|
||||
#
|
||||
Url: http://www.remotesensing.org/libtiff/
|
||||
Version: 3.8.2
|
||||
Release: 142
|
||||
Release: 143
|
||||
Summary: Tools for Converting from and to the Tiff Format
|
||||
Source: tiff-%{version}.tar.bz2
|
||||
Source1: jpegint.h
|
||||
@ -41,6 +41,7 @@ Patch5: tiff-%{version}-tif_lzw.c-CVE-2008-2327.patch
|
||||
Patch6: tiff-%{version}-tif_lzw.c-CVE-2008-2327-2.patch
|
||||
Patch7: tiff-am.patch
|
||||
Patch8: tiff-3.8.2-bnc444079.patch
|
||||
Patch9: tiff-3.8.2-lzw-CVE-2009-2285.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
|
||||
%description
|
||||
@ -54,7 +55,7 @@ Authors:
|
||||
Sam Leffler <sam@engr.sgi.com>
|
||||
|
||||
%package -n libtiff3
|
||||
License: Any permissive; X11/MIT
|
||||
License: PERMISSIVE-OSI-COMPLIANT ; MIT License (or similar)
|
||||
Summary: The Tiff Library (with JPEG and compression support)
|
||||
Group: System/Libraries
|
||||
Provides: libtiff = %{version}
|
||||
@ -78,7 +79,7 @@ Authors:
|
||||
Sam Leffler <sam@engr.sgi.com>
|
||||
|
||||
%package -n libtiff-devel
|
||||
License: Any permissive
|
||||
License: PERMISSIVE-OSI-COMPLIANT
|
||||
Summary: Development Tools for Programs which will use the libtiff Library
|
||||
Group: Development/Libraries/C and C++
|
||||
Requires: libtiff3 = %{version} libjpeg-devel zlib-devel libstdc++-devel glibc-devel
|
||||
@ -104,6 +105,7 @@ the libtiff library.
|
||||
%patch6
|
||||
%patch7
|
||||
%patch8
|
||||
%patch9
|
||||
cp %{S:1} libtiff
|
||||
find -type d -name "CVS" | xargs rm -rfv
|
||||
find -type d | xargs chmod 755
|
||||
@ -154,144 +156,3 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%doc %{_mandir}/man3/*
|
||||
|
||||
%changelog
|
||||
* Wed Feb 04 2009 nadvornik@suse.cz
|
||||
- fixed an endless loop on invalid images
|
||||
(bnc#444079) CVE-2008-1586
|
||||
* Tue Jan 13 2009 olh@suse.de
|
||||
- obsolete old libtiff-64bit on ppc64 (bnc#437293)
|
||||
* Wed Jan 07 2009 olh@suse.de
|
||||
- obsolete old -XXbit packages (bnc#437293)
|
||||
* Sun Sep 07 2008 schwab@suse.de
|
||||
- Fix conflicting options.
|
||||
* Tue Aug 19 2008 nadvornik@suse.cz
|
||||
- fixed buffer overflows in LZW code (CVE-2008-2327) [bnc#414946]
|
||||
* Sun May 18 2008 coolo@suse.de
|
||||
- fix rename of xxbit packages
|
||||
* Thu Apr 10 2008 ro@suse.de
|
||||
- added baselibs.conf file to build xxbit packages
|
||||
for multilib support
|
||||
* Fri Jul 27 2007 ro@suse.de
|
||||
- add provides and obsoletes for libtiff to libtiff3 package
|
||||
* Thu Jul 19 2007 nadvornik@suse.cz
|
||||
- renamed libtiff to libtiff3
|
||||
- do not package static libraries
|
||||
- added zlib-devel to BuildRequires
|
||||
* Mon Jun 12 2006 nadvornik@suse.cz
|
||||
- fixed a typo in the previous change [#179051]
|
||||
* Fri Jun 02 2006 nadvornik@suse.cz
|
||||
- fixed buffer overflow in tiffsplit (CVE-2006-2656) [#179051]
|
||||
- fixed buffer overflow in tiff2pdf [#179587]
|
||||
* Wed Apr 12 2006 nadvornik@suse.cz
|
||||
- updated to 3.8.2 [#165237]
|
||||
* bugfix release
|
||||
* fixed several segfaults caused by incorrect tiff data
|
||||
* Tue Feb 07 2006 nadvornik@suse.cz
|
||||
- fixed crash on certain tiff images CVE-2006-0405 [#145757]
|
||||
* Wed Jan 25 2006 mls@suse.de
|
||||
- converted neededforbuild to BuildRequires
|
||||
* Thu Jan 12 2006 nadvornik@suse.cz
|
||||
- compile with -fstack-protector
|
||||
* Tue Jan 03 2006 nadvornik@suse.cz
|
||||
- updated to 3.8.0:
|
||||
* Read-only support for custom directories (e.g. EXIF directory)
|
||||
* Preliminary support for MS MDI format
|
||||
* Mon Oct 10 2005 nadvornik@suse.cz
|
||||
- built with -fno-strict-aliasing
|
||||
* Fri Jul 15 2005 nadvornik@suse.cz
|
||||
- updated to 3.7.3
|
||||
* Tue May 24 2005 nadvornik@suse.cz
|
||||
- updated to 3.7.2
|
||||
- fixed 64bit bug in ppm2tiff [#85440]
|
||||
- fixed buffer overflow in BitsPerSample [#82787]
|
||||
* Thu Feb 17 2005 nadvornik@suse.cz
|
||||
- fixed reading of alpha channel
|
||||
* Sun Jan 16 2005 ro@suse.de
|
||||
- added c++ to neededforbuild
|
||||
* Fri Jan 07 2005 nadvornik@suse.cz
|
||||
- use typedef int int32 on all architectures
|
||||
* Wed Jan 05 2005 nadvornik@suse.cz
|
||||
- disabled c++ API as it would add a dependency on c++ libraries
|
||||
* Mon Jan 03 2005 nadvornik@suse.cz
|
||||
- updated to 3.7.1: bugfix release
|
||||
* Wed Dec 15 2004 nadvornik@suse.cz
|
||||
- added README.SUSE pointing to the documentation [#48601]
|
||||
- moved man3 to devel subpackage
|
||||
* Fri Oct 22 2004 nadvornik@suse.cz
|
||||
- updated to 3.7.0 - security fixes are included in mainstream
|
||||
* Wed Oct 20 2004 meissner@suse.de
|
||||
- Initialize ycbcrsubsampling to be not 0 in case
|
||||
of bad tiffs to avoid denial of service by divison/0.
|
||||
* Tue Oct 12 2004 nadvornik@suse.cz
|
||||
- do not call TIFFTileSize with uninitialized values [#44635]
|
||||
* Thu Oct 07 2004 pmladek@suse.cz
|
||||
- fixed much more buffer overflows (the older tiff-alt-bound-CheckMalloc.patch
|
||||
is included in the new libtiff-3.6.1-alt-bound.patch now) [#44635]
|
||||
* Thu Sep 30 2004 nadvornik@suse.cz
|
||||
- fixed more buffer overflows [#44635]
|
||||
* Tue Sep 21 2004 nadvornik@suse.cz
|
||||
- fixed multiple buffer overflows - CAN-2004-0803 [#44635]
|
||||
- disabled old jpeg support because of security problems [#45116]
|
||||
* Tue Aug 31 2004 nadvornik@suse.cz
|
||||
- added LZW support
|
||||
* Wed Aug 25 2004 kukuk@suse.de
|
||||
- Create -devel subpackage
|
||||
- Add libjpeg-devel to neededforbuild
|
||||
- Avoid /bin/sh in PreRequires
|
||||
* Fri Jul 02 2004 max@suse.de
|
||||
- port.h is needed as well.
|
||||
* Thu May 06 2004 max@suse.de
|
||||
- Install private headers (tif_dir.h, tiffiop.h).
|
||||
* Tue Apr 27 2004 nadvornik@suse.cz
|
||||
- fixed tif_fax3 from cvs [#39515]
|
||||
* Mon Feb 09 2004 nadvornik@suse.cz
|
||||
- updated to 3.6.1
|
||||
- fixed dangerous compiler warnings
|
||||
* Sat Jan 10 2004 adrian@suse.de
|
||||
- add %%defattr and %%run_ldconfig
|
||||
* Wed May 21 2003 ro@suse.de
|
||||
- remove cvs subdirs
|
||||
* Sat Jul 27 2002 kukuk@suse.de
|
||||
- Provide libtiff-devel in libtiff [Bug #17260]
|
||||
* Fri Jul 26 2002 adrian@suse.de
|
||||
- fix neededforbuild
|
||||
* Wed Jul 03 2002 nadvornik@suse.cz
|
||||
- fixed segfault in fax2tiff [bug #16818]
|
||||
- fixed size of int32 on 64bit architectures
|
||||
* Wed Jun 26 2002 ro@suse.de
|
||||
- fixed directory permissions
|
||||
* Wed Jun 19 2002 nadvornik@suse.cz
|
||||
- compiled with OJPEG_SUPPORT [bug #16408]
|
||||
* Thu Apr 18 2002 kukuk@suse.de
|
||||
- Fix to compile on lib64 architectures
|
||||
* Wed Feb 06 2002 coolo@suse.de
|
||||
- use %%_libdir
|
||||
* Thu Jan 24 2002 okir@suse.de
|
||||
- Fixed a tempfile race in fax2ps
|
||||
* Tue Dec 11 2001 nadvornik@suse.cz
|
||||
- updated to 3.5.7: bugfix release
|
||||
* Wed May 09 2001 mfabian@suse.de
|
||||
- bzip2 sources
|
||||
* Thu Mar 15 2001 schwab@suse.de
|
||||
- Fix for ia64.
|
||||
* Fri May 26 2000 bubnikv@suse.cz
|
||||
- sorted
|
||||
* Thu May 25 2000 schwab@suse.de
|
||||
- Fix dso configure check for ia64.
|
||||
* Thu May 11 2000 nadvornik@suse.cz
|
||||
- update to 3.5.5
|
||||
- added BuildRoot
|
||||
* Tue Jan 25 2000 ro@suse.de
|
||||
- manpages to /usr/share using macro
|
||||
* Mon Jan 03 2000 schwab@suse.de
|
||||
- Update to 3.5.4 (Y2K fix)
|
||||
* Mon Sep 13 1999 bs@suse.de
|
||||
- ran old prepare_spec on spec file to switch to new prepare_spec.
|
||||
* Wed Jan 13 1999 ro@suse.de
|
||||
- respect systems where libc is libc.so.6.1 (alpha)
|
||||
* Wed Nov 25 1998 ro@suse.de
|
||||
- update to 3.4 (final) named 3.4.final for rpm
|
||||
- moved from /usr/X11R6 to /usr
|
||||
* Wed Jul 29 1998 werner@suse.de
|
||||
- Link shared libs explicit with -lc
|
||||
* Tue May 12 1998 ro@suse.de
|
||||
- extracted package from libgr / build from own sources
|
||||
|
||||
Loading…
Reference in New Issue
Block a user