Hello community, here is the log from the commit of package tiff for openSUSE:Factory checked in at Mon Mar 14 09:40:37 CET 2011. -------- --- tiff/tiff.changes 2010-09-06 15:07:08.000000000 +0200 +++ /mounts/work_src_done/STABLE/tiff/tiff.changes 2011-03-03 09:30:27.000000000 +0100 @@ -1,0 +2,6 @@ +Thu Feb 17 15:40:54 CET 2011 - pgajdos@suse.cz + +- fixed buffer overflow [bnc#672510] + * CVE-2011-0192.patch + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- tiff-3.9.4-CVE-2011-0192.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tiff.spec ++++++ --- /var/tmp/diff_new_pack.jWu4xE/_old 2011-03-14 09:40:19.000000000 +0100 +++ /var/tmp/diff_new_pack.jWu4xE/_new 2011-03-14 09:40:19.000000000 +0100 @@ -1,7 +1,7 @@ # -# spec file for package tiff (Version 3.9.4) +# spec file for package tiff # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -29,7 +29,7 @@ # Url: http://www.remotesensing.org/libtiff/ Version: 3.9.4 -Release: 2 +Release: 3 Summary: Tools for Converting from and to the Tiff Format Source: tiff-%{version}.tar.bz2 Source2: README.SUSE @@ -40,6 +40,7 @@ Patch7: tiff-%{version}-getimage-64bit.patch Patch8: tiff-%{version}-scanlinesize.patch Patch9: tiff-%{version}-dont-fancy-upsampling.patch +Patch10: tiff-%{version}-CVE-2011-0192.patch # FYI: this issue is solved another way # http://bugzilla.maptools.org/show_bug.cgi?id=1985#c1 # Patch9: tiff-%{version}-lzw-CVE-2009-2285.patch @@ -105,6 +106,7 @@ %patch7 -p1 %patch8 -p1 %patch9 -p1 +%patch10 find -type d -name "CVS" | xargs rm -rfv find -type d | xargs chmod 755 ++++++ tiff-3.9.4-CVE-2011-0192.patch ++++++ Index: libtiff/tif_fax3.h =================================================================== --- libtiff/tif_fax3.h.orig +++ libtiff/tif_fax3.h @@ -478,6 +478,10 @@ done1d: \ break; \ case S_VL: \ CHECK_b1; \ + if (b1 <= (int) (a0 + TabEnt->Param)) { \ + unexpected("VL", a0); \ + goto eol2d; \ + } \ SETVALUE(b1 - a0 - TabEnt->Param); \ b1 -= *--pb; \ break; \ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org