pool/tiff
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 41989 from graphics

Browse Source 
checked in (request 41989)

OBS-URL: https://build.opensuse.org/request/show/41989
OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=20
This commit is contained in:
OBS User autobuild 2010-06-25 18:48:21 +00:00 committed by Git OBS Bridge
parent edd0a84a47
commit eb86a43286
6 changed files with 0 additions and 109 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
tiff-3.9.2-NULL-deref.patch
View File

@ -1,19 +0,0 @@
Index: libtiff/tif_ojpeg.c
===================================================================
RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_ojpeg.c,v
retrieving revision 1.24.2.5
retrieving revision 1.24.2.6
diff -u -p -r1.24.2.5 -r1.24.2.6
--- libtiff/tif_ojpeg.c 8 Jun 2010 18:50:42 -0000 1.24.2.5
+++ libtiff/tif_ojpeg.c 8 Jun 2010 23:29:51 -0000 1.24.2.6
@@ -1909,6 +1909,10 @@ OJPEGReadBufferFill(OJPEGState* sp)
sp->in_buffer_source=osibsEof;
else
{
+ if (sp->tif->tif_dir.td_stripoffset == 0) {
+ TIFFErrorExt(sp->tif->tif_clientdata,sp->tif->tif_name,"Strip offsets are missing");
+ return(0);
+ }
sp->in_buffer_file_pos=sp->tif->tif_dir.td_stripoffset[sp->in_buffer_next_strile];
if (sp->in_buffer_file_pos!=0)
{

41
tiff-3.9.2-getimage-64bit.patch
View File

@ -1,41 +0,0 @@
diff -Naur tiff-3.9.2.orig/libtiff/tif_getimage.c tiff-3.9.2/libtiff/tif_getimage.c
--- tiff-3.9.2.orig/libtiff/tif_getimage.c 2009-08-30 12:21:46.000000000 -0400
+++ tiff-3.9.2/libtiff/tif_getimage.c 2010-06-10 15:07:28.000000000 -0400
@@ -1846,6 +1846,7 @@
DECLAREContigPutFunc(putcontig8bitYCbCr22tile)
{
uint32* cp2;
+ int32 incr = 2*toskew+w;
(void) y;
fromskew = (fromskew / 2) * 6;
cp2 = cp+w+toskew;
@@ -1872,8 +1873,8 @@
cp2 ++ ;
pp += 6;
}
- cp += toskew*2+w;
- cp2 += toskew*2+w;
+ cp += incr;
+ cp2 += incr;
pp += fromskew;
h-=2;
}
@@ -1939,6 +1940,7 @@
DECLAREContigPutFunc(putcontig8bitYCbCr12tile)
{
uint32* cp2;
+ int32 incr = 2*toskew+w;
(void) y;
fromskew = (fromskew / 2) * 4;
cp2 = cp+w+toskew;
@@ -1953,8 +1955,8 @@
cp2 ++;
pp += 4;
} while (--x);
- cp += toskew*2+w;
- cp2 += toskew*2+w;
+ cp += incr;
+ cp2 += incr;
pp += fromskew;
h-=2;
}

17
tiff-3.9.2-integer-overflow.patch
View File

@ -1,17 +0,0 @@
Index: libtiff/tif_read.c
===================================================================
RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_read.c,v
retrieving revision 1.16.2.1
retrieving revision 1.16.2.2
diff -u -p -r1.16.2.1 -r1.16.2.2
--- libtiff/tif_read.c 8 Jun 2010 18:50:43 -0000 1.16.2.1
+++ libtiff/tif_read.c 8 Jun 2010 23:29:51 -0000 1.16.2.2
@@ -609,7 +610,7 @@ TIFFReadBufferSetup(TIFF* tif, tdata_t b
tif->tif_rawdata = (tidata_t) _TIFFmalloc(tif->tif_rawdatasize);
tif->tif_flags |= TIFF_MYBUFFER;
}
- if (tif->tif_rawdata == NULL) {
+ if ((tif->tif_rawdata == NULL) || (tif->tif_rawdatasize == 0)) {
TIFFErrorExt(tif->tif_clientdata, module,
"%s: No space for data buffer at scanline %ld",
tif->tif_name, (long) tif->tif_row);

12
tiff-3.9.2-oob-read.patch
View File

@ -1,12 +0,0 @@
diff -Naur tiff-3.9.2.orig/libtiff/tif_getimage.c tiff-3.9.2/libtiff/tif_getimage.c
--- tiff-3.9.2.orig/libtiff/tif_getimage.c 2009-08-30 12:21:46.000000000 -0400
+++ tiff-3.9.2/libtiff/tif_getimage.c 2010-06-11 12:06:47.000000000 -0400
@@ -2397,7 +2397,7 @@
}
break;
case PHOTOMETRIC_YCBCR:
- if (img->bitspersample == 8)
+ if ((img->bitspersample==8) && (img->samplesperpixel==3))
{
if (initYCbCrConversion(img)!=0)
{

12
tiff.changes
View File

@ -1,15 +1,3 @@
-------------------------------------------------------------------
Wed Jun 23 10:32:01 CEST 2010 - pgajdos@suse.cz
- fixed CVE-2010-2065
* integer-overflow.patch
* NULL-deref.patch
- fixed out of bounds read
* oob-read.patch
- fixed CVE-2010-2233
* getimage-64bit.patch
- [bnc#612879]
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Apr 26 15:07:09 CEST 2010 - pgajdos@suse.cz Mon Apr 26 15:07:09 CEST 2010 - pgajdos@suse.cz

8
tiff.spec
View File

@ -36,10 +36,6 @@ Source2: README.SUSE
Source3: baselibs.conf Source3: baselibs.conf
Patch2: tiff-%{version}-seek.patch Patch2: tiff-%{version}-seek.patch
Patch3: tiff-%{version}-tiff2pdf-colors.patch Patch3: tiff-%{version}-tiff2pdf-colors.patch
Patch4: tiff-%{version}-NULL-deref.patch
Patch5: tiff-%{version}-integer-overflow.patch
Patch6: tiff-%{version}-oob-read.patch
Patch7: tiff-%{version}-getimage-64bit.patch
# FYI: this issue is solved another way # FYI: this issue is solved another way
# http://bugzilla.maptools.org/show_bug.cgi?id=1985#c1 # http://bugzilla.maptools.org/show_bug.cgi?id=1985#c1
# Patch9: tiff-%{version}-lzw-CVE-2009-2285.patch # Patch9: tiff-%{version}-lzw-CVE-2009-2285.patch
@ -101,10 +97,6 @@ the libtiff library.
%setup -q %setup -q
%patch2 %patch2
%patch3 -p1 %patch3 -p1
%patch4
%patch5
%patch6 -p1
%patch7 -p1
find -type d -name "CVS" | xargs rm -rfv find -type d -name "CVS" | xargs rm -rfv
find -type d | xargs chmod 755 find -type d | xargs chmod 755