commit tiff for openSUSE:Factory
Hello community, here is the log from the commit of package tiff for openSUSE:Factory checked in at Thu Sep 9 16:03:38 CEST 2010. -------- --- tiff/tiff.changes 2010-07-12 16:40:09.000000000 +0200 +++ /mounts/work_src_done/STABLE/tiff/tiff.changes 2010-09-06 15:07:08.000000000 +0200 @@ -1,0 +2,10 @@ +Mon Sep 6 14:56:09 CEST 2010 - pgajdos@suse.cz + +- fixed "Possibly exploitable memory corruption issue in libtiff" + (see http://bugzilla.maptools.org/show_bug.cgi?id=2228) + [bnc#624215] + * scanlinesize.patch +- fixed crash while using libjpeg7 and higher + * dont-fancy-upsampling.patch + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- tiff-3.9.4-dont-fancy-upsampling.patch tiff-3.9.4-scanlinesize.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tiff.spec ++++++ --- /var/tmp/diff_new_pack.Qsl2JZ/_old 2010-09-09 16:02:55.000000000 +0200 +++ /var/tmp/diff_new_pack.Qsl2JZ/_new 2010-09-09 16:02:55.000000000 +0200 @@ -29,7 +29,7 @@ # Url: http://www.remotesensing.org/libtiff/ Version: 3.9.4 -Release: 1 +Release: 2 Summary: Tools for Converting from and to the Tiff Format Source: tiff-%{version}.tar.bz2 Source2: README.SUSE @@ -38,6 +38,8 @@ Patch3: tiff-%{version}-tiff2pdf-colors.patch Patch6: tiff-%{version}-oob-read.patch Patch7: tiff-%{version}-getimage-64bit.patch +Patch8: tiff-%{version}-scanlinesize.patch +Patch9: tiff-%{version}-dont-fancy-upsampling.patch # FYI: this issue is solved another way # http://bugzilla.maptools.org/show_bug.cgi?id=1985#c1 # Patch9: tiff-%{version}-lzw-CVE-2009-2285.patch @@ -101,6 +103,8 @@ %patch3 -p1 %patch6 -p1 %patch7 -p1 +%patch8 -p1 +%patch9 -p1 find -type d -name "CVS" | xargs rm -rfv find -type d | xargs chmod 755 ++++++ tiff-3.9.4-dont-fancy-upsampling.patch ++++++ Index: tiff-3.9.4/libtiff/tif_jpeg.c =================================================================== --- tiff-3.9.4.orig/libtiff/tif_jpeg.c +++ tiff-3.9.4/libtiff/tif_jpeg.c @@ -850,6 +850,7 @@ JPEGPreDecode(TIFF* tif, tsample_t s) if (downsampled_output) { /* Need to use raw-data interface to libjpeg */ sp->cinfo.d.raw_data_out = TRUE; + sp->cinfo.d.do_fancy_upsampling = FALSE; tif->tif_decoderow = JPEGDecodeRaw; tif->tif_decodestrip = JPEGDecodeRaw; tif->tif_decodetile = JPEGDecodeRaw; ++++++ tiff-3.9.4-scanlinesize.patch ++++++ diff -Naur tiff-3.9.2.orig/libtiff/tif_jpeg.c tiff-3.9.2/libtiff/tif_jpeg.c --- tiff-3.9.2.orig/libtiff/tif_jpeg.c 2009-08-30 12:21:46.000000000 -0400 +++ tiff-3.9.2/libtiff/tif_jpeg.c 2010-01-05 22:40:40.000000000 -0500 @@ -988,8 +988,15 @@ tsize_t nrows; (void) s; - /* data is expected to be read in multiples of a scanline */ - if ( (nrows = sp->cinfo.d.image_height) ) { + nrows = cc / sp->bytesperline; + if (cc % sp->bytesperline) + TIFFWarningExt(tif->tif_clientdata, tif->tif_name, "fractional scanline not read"); + + if( nrows > (int) sp->cinfo.d.image_height ) + nrows = sp->cinfo.d.image_height; + + /* data is expected to be read in multiples of a scanline */ + if (nrows) { /* Cb,Cr both have sampling factors 1, so this is correct */ JDIMENSION clumps_per_line = sp->cinfo.d.comp_info[1].downsampled_width; int samples_per_clump = sp->samplesperclump; @@ -1087,8 +1094,7 @@ * TODO: resolve this */ buf += sp->bytesperline; cc -= sp->bytesperline; - nrows -= sp->v_sampling; - } while (nrows > 0); + } while (--nrows > 0); #ifdef JPEG_LIB_MK1 _TIFFfree(tmpbuf); diff -Naur tiff-3.9.2.orig/libtiff/tif_strip.c tiff-3.9.2/libtiff/tif_strip.c --- tiff-3.9.2.orig/libtiff/tif_strip.c 2006-03-25 13:04:35.000000000 -0500 +++ tiff-3.9.2/libtiff/tif_strip.c 2010-01-05 21:39:20.000000000 -0500 @@ -238,23 +238,19 @@ ycbcrsubsampling + 0, ycbcrsubsampling + 1); - if (ycbcrsubsampling[0] == 0) { + if (ycbcrsubsampling[0]*ycbcrsubsampling[1] == 0) { TIFFErrorExt(tif->tif_clientdata, tif->tif_name, "Invalid YCbCr subsampling"); return 0; } - scanline = TIFFroundup(td->td_imagewidth, + /* number of sample clumps per line */ + scanline = TIFFhowmany(td->td_imagewidth, ycbcrsubsampling[0]); - scanline = TIFFhowmany8(multiply(tif, scanline, - td->td_bitspersample, - "TIFFScanlineSize")); - return ((tsize_t) - summarize(tif, scanline, - multiply(tif, 2, - scanline / ycbcrsubsampling[0], - "TIFFVStripSize"), - "TIFFVStripSize")); + /* number of samples per line */ + scanline = multiply(tif, scanline, + ycbcrsubsampling[0]*ycbcrsubsampling[1] + 2, + "TIFFScanlineSize"); } else { scanline = multiply(tif, td->td_imagewidth, td->td_samplesperpixel, ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@hilbert.suse.de