commit tiff

5 Sep 2008

Hello community,

here is the log from the commit of package tiff
checked in at Fri Sep 5 20:56:15 CEST 2008.


--------

--- tiff/tiff.changes	2008-05-18 10:37:14.000000000 +0200
+++ tiff/tiff.changes	2008-08-19 17:46:38.000000000 +0200
@@ -1,0 +2,5 @@
+Tue Aug 19 17:45:10 CEST 2008 - nadvornik@suse.cz
+
+- fixed buffer overflows in LZW code (CVE-2008-2327) [bnc#414946]
+
+-------------------------------------------------------------------



New:
----
  tiff-3.8.2-tif_lzw.c-CVE-2008-2327-2.patch
  tiff-3.8.2-tif_lzw.c-CVE-2008-2327.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ tiff.spec ++++++
--- /var/tmp/diff_new_pack.E12093/_old	2008-09-05 20:42:22.000000000 +0200
+++ /var/tmp/diff_new_pack.E12093/_new	2008-09-05 20:42:22.000000000 +0200
@@ -2,9 +2,16 @@
 # spec file for package tiff (Version 3.8.2)
 #
 # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
-# This file and all modifications and additions to the pristine
-# package are under the same license as the package itself.
 #
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 
@@ -18,7 +25,7 @@
 AutoReqProv:    on
 Url:            http://www.remotesensing.org/libtiff/
 Version:        3.8.2
-Release:        106
+Release:        128
 Summary:        Tools for Converting from and to the Tiff  Format
 Source:         tiff-%{version}.tar.bz2
 Source1:        jpegint.h
@@ -26,6 +33,8 @@
 Patch2:         tiff-%{version}-seek.patch
 Patch3:         tiff-%{version}-tiff2pdf.patch
 Patch4:         tiff-%{version}-tiffsplit-CVE-2006-2656.patch
+Patch5:         tiff-%{version}-tif_lzw.c-CVE-2008-2327.patch
+Patch6:         tiff-%{version}-tif_lzw.c-CVE-2008-2327-2.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -75,6 +84,8 @@
 %patch2
 %patch3
 %patch4
+%patch5
+%patch6
 cp %{S:1} libtiff
 find -type d -name "CVS" | xargs rm -rfv
 find -type d | xargs chmod 755
@@ -125,6 +136,8 @@
 %doc %{_mandir}/man3/*
 
 %changelog
+* Tue Aug 19 2008 nadvornik@suse.cz
+- fixed buffer overflows in LZW code (CVE-2008-2327) [bnc#414946]
 * Sun May 18 2008 coolo@suse.de
 - fix rename of xxbit packages
 * Thu Apr 10 2008 ro@suse.de




++++++ tiff-3.8.2-tif_lzw.c-CVE-2008-2327-2.patch ++++++
--- libtiff/tif_lzw.c
+++ libtiff/tif_lzw.c
@@ -237,6 +237,11 @@
                     sp->dec_codetab[code].length = 1;
                     sp->dec_codetab[code].next = NULL;
                 } while (code--);
+               /*
+                * Zero-out the unused entries
+                */
+                _TIFFmemset(&sp->dec_codetab[CODE_CLEAR], 0,
+                (CODE_FIRST-CODE_CLEAR)*sizeof (code_t));
 	}
 	return (1);
 }
@@ -416,6 +421,13 @@
 			NextCode(tif, sp, bp, code, GetNextCode);
 			if (code == CODE_EOI)
 				break;
+
+                       if (code == CODE_CLEAR) {
+                               TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
+                               "LZWDecode: Corrupted LZW table at scanline %d",
+                               tif->tif_row);
+                               return (0);
+                       }
 			*op++ = (char)code, occ--;
 			oldcodep = sp->dec_codetab + code;
 			continue;
@@ -613,6 +625,12 @@
 			NextCode(tif, sp, bp, code, GetNextCodeCompat);
 			if (code == CODE_EOI)
 				break;
+                       if (code == CODE_CLEAR) {
+                               TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
+                               "LZWDecode: Corrupted LZW table at scanline %d",
+                               tif->tif_row);
+                               return (0);
+                       }
 			*op++ = code, occ--;
 			oldcodep = sp->dec_codetab + code;
 			continue;
++++++ tiff-3.8.2-tif_lzw.c-CVE-2008-2327.patch ++++++
--- libtiff/tif_lzw.c
+++ libtiff/tif_lzw.c
@@ -408,6 +408,8 @@
 			break;
 		if (code == CODE_CLEAR) {
 			free_entp = sp->dec_codetab + CODE_FIRST;
+			_TIFFmemset(free_entp, 0, (CSIZE-CODE_FIRST)*sizeof (code_t));
+			_TIFFmemset(free_entp, 0, (CSIZE-CODE_FIRST)*sizeof (code_t));
 			nbits = BITS_MIN;
 			nbitsmask = MAXCODE(BITS_MIN);
 			maxcodep = sp->dec_codetab + nbitsmask-1;
@@ -604,6 +606,7 @@
 			break;
 		if (code == CODE_CLEAR) {
 			free_entp = sp->dec_codetab + CODE_FIRST;
+			_TIFFmemset(free_entp, 0, (CSIZE-CODE_FIRST)*sizeof (code_t));
 			nbits = BITS_MIN;
 			nbitsmask = MAXCODE(BITS_MIN);
 			maxcodep = sp->dec_codetab + nbitsmask;

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Remember to have fun...

---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org

    

commit tiff

root＠Hilbert.suse.de