diff --git a/tiff-3.9.2.tar.bz2 b/tiff-3.9.2.tar.bz2 deleted file mode 100644 index 9e8ff12..0000000 --- a/tiff-3.9.2.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c8952149cbcd937ac620f913981dc0ffc7db79696c2f0d559b71d5cd51721e6e -size 1160792 diff --git a/tiff-3.9.4-getimage-64bit.patch b/tiff-3.9.4-getimage-64bit.patch new file mode 100644 index 0000000..5cd99e4 --- /dev/null +++ b/tiff-3.9.4-getimage-64bit.patch @@ -0,0 +1,41 @@ +diff -Naur tiff-3.9.2.orig/libtiff/tif_getimage.c tiff-3.9.2/libtiff/tif_getimage.c +--- tiff-3.9.2.orig/libtiff/tif_getimage.c 2009-08-30 12:21:46.000000000 -0400 ++++ tiff-3.9.2/libtiff/tif_getimage.c 2010-06-10 15:07:28.000000000 -0400 +@@ -1846,6 +1846,7 @@ + DECLAREContigPutFunc(putcontig8bitYCbCr22tile) + { + uint32* cp2; ++ int32 incr = 2*toskew+w; + (void) y; + fromskew = (fromskew / 2) * 6; + cp2 = cp+w+toskew; +@@ -1872,8 +1873,8 @@ + cp2 ++ ; + pp += 6; + } +- cp += toskew*2+w; +- cp2 += toskew*2+w; ++ cp += incr; ++ cp2 += incr; + pp += fromskew; + h-=2; + } +@@ -1939,6 +1940,7 @@ + DECLAREContigPutFunc(putcontig8bitYCbCr12tile) + { + uint32* cp2; ++ int32 incr = 2*toskew+w; + (void) y; + fromskew = (fromskew / 2) * 4; + cp2 = cp+w+toskew; +@@ -1953,8 +1955,8 @@ + cp2 ++; + pp += 4; + } while (--x); +- cp += toskew*2+w; +- cp2 += toskew*2+w; ++ cp += incr; ++ cp2 += incr; + pp += fromskew; + h-=2; + } diff --git a/tiff-3.9.4-oob-read.patch b/tiff-3.9.4-oob-read.patch new file mode 100644 index 0000000..8f67f3c --- /dev/null +++ b/tiff-3.9.4-oob-read.patch @@ -0,0 +1,12 @@ +diff -Naur tiff-3.9.2.orig/libtiff/tif_getimage.c tiff-3.9.2/libtiff/tif_getimage.c +--- tiff-3.9.2.orig/libtiff/tif_getimage.c 2009-08-30 12:21:46.000000000 -0400 ++++ tiff-3.9.2/libtiff/tif_getimage.c 2010-06-11 12:06:47.000000000 -0400 +@@ -2397,7 +2397,7 @@ + } + break; + case PHOTOMETRIC_YCBCR: +- if (img->bitspersample == 8) ++ if ((img->bitspersample==8) && (img->samplesperpixel==3)) + { + if (initYCbCrConversion(img)!=0) + { diff --git a/tiff-3.9.2-seek.patch b/tiff-3.9.4-seek.patch similarity index 100% rename from tiff-3.9.2-seek.patch rename to tiff-3.9.4-seek.patch diff --git a/tiff-3.9.2-tiff2pdf-colors.patch b/tiff-3.9.4-tiff2pdf-colors.patch similarity index 100% rename from tiff-3.9.2-tiff2pdf-colors.patch rename to tiff-3.9.4-tiff2pdf-colors.patch diff --git a/tiff-3.9.4.tar.bz2 b/tiff-3.9.4.tar.bz2 new file mode 100644 index 0000000..6e79c79 --- /dev/null +++ b/tiff-3.9.4.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a2102a511ebee0d99d769e70efe017c7a114cd17c98f338dd5e073a6b61cd6ba +size 1116882 diff --git a/tiff.changes b/tiff.changes index 995bf05..ededea8 100644 --- a/tiff.changes +++ b/tiff.changes @@ -1,3 +1,23 @@ +------------------------------------------------------------------- +Mon Jul 12 16:36:48 CEST 2010 - pgajdos@suse.cz + +- updated to 3.9.4: fixes CVE-2010-2065 -- obsoletes + * integer-overflow.patch + * NULL-deref.patch +- fixes CVE-2010-2067 + +------------------------------------------------------------------- +Wed Jun 23 10:32:01 CEST 2010 - pgajdos@suse.cz + +- fixed CVE-2010-2065 + * integer-overflow.patch + * NULL-deref.patch +- fixed out of bounds read + * oob-read.patch +- fixed CVE-2010-2233 + * getimage-64bit.patch +- [bnc#612879] + ------------------------------------------------------------------- Mon Apr 26 15:07:09 CEST 2010 - pgajdos@suse.cz diff --git a/tiff.spec b/tiff.spec index 38ec934..285b126 100644 --- a/tiff.spec +++ b/tiff.spec @@ -28,14 +28,16 @@ Obsoletes: tiff-64bit %endif # Url: http://www.remotesensing.org/libtiff/ -Version: 3.9.2 -Release: 3 +Version: 3.9.4 +Release: 4 Summary: Tools for Converting from and to the Tiff Format Source: tiff-%{version}.tar.bz2 Source2: README.SUSE Source3: baselibs.conf Patch2: tiff-%{version}-seek.patch Patch3: tiff-%{version}-tiff2pdf-colors.patch +Patch6: tiff-%{version}-oob-read.patch +Patch7: tiff-%{version}-getimage-64bit.patch # FYI: this issue is solved another way # http://bugzilla.maptools.org/show_bug.cgi?id=1985#c1 # Patch9: tiff-%{version}-lzw-CVE-2009-2285.patch @@ -97,6 +99,8 @@ the libtiff library. %setup -q %patch2 %patch3 -p1 +%patch6 -p1 +%patch7 -p1 find -type d -name "CVS" | xargs rm -rfv find -type d | xargs chmod 755