rpms/libtiff/devel libtiff-3.8.2-lzw-bugs.patch, NONE, 1.1 libtiff.spec, 1.51, 1.52
Tom Lane
tgl at fedoraproject.org
Tue Aug 26 15:53:00 UTC 2008
- Previous message (by thread): rpms/gssdp/F-9 gssdp.spec, NONE, 1.1 gssdp_remove_gthread.patch, NONE, 1.1 import.log, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/libv4l/devel .cvsignore, 1.4, 1.5 libv4l.spec, 1.3, 1.4 sources, 1.4, 1.5
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: tgl
Update of /cvs/pkgs/rpms/libtiff/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv28697
Modified Files:
libtiff.spec
Added Files:
libtiff-3.8.2-lzw-bugs.patch
Log Message:
Fix LZW decoding vulnerabilities (CVE-2008-2327)
libtiff-3.8.2-lzw-bugs.patch:
--- NEW FILE libtiff-3.8.2-lzw-bugs.patch ---
Fixes for CVE-2008-2327
diff -Naur tiff-3.8.2.orig/libtiff/tif_lzw.c tiff-3.8.2/libtiff/tif_lzw.c
--- tiff-3.8.2.orig/libtiff/tif_lzw.c 2006-03-21 11:42:50.000000000 -0500
+++ tiff-3.8.2/libtiff/tif_lzw.c 2008-08-22 16:26:01.000000000 -0400
@@ -237,6 +237,11 @@
sp->dec_codetab[code].length = 1;
sp->dec_codetab[code].next = NULL;
} while (code--);
+ /*
+ * Zero-out the unused entries
+ */
+ _TIFFmemset(&sp->dec_codetab[CODE_CLEAR], 0,
+ (CODE_FIRST-CODE_CLEAR)*sizeof (code_t));
}
return (1);
}
@@ -408,12 +413,19 @@
break;
if (code == CODE_CLEAR) {
free_entp = sp->dec_codetab + CODE_FIRST;
+ _TIFFmemset(free_entp, 0, (CSIZE-CODE_FIRST)*sizeof (code_t));
nbits = BITS_MIN;
nbitsmask = MAXCODE(BITS_MIN);
maxcodep = sp->dec_codetab + nbitsmask-1;
NextCode(tif, sp, bp, code, GetNextCode);
if (code == CODE_EOI)
break;
+ if (code == CODE_CLEAR) {
+ TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
+ "LZWDecode: Corrupted LZW table at scanline %d",
+ tif->tif_row);
+ return (0);
+ }
*op++ = (char)code, occ--;
oldcodep = sp->dec_codetab + code;
continue;
@@ -604,12 +616,19 @@
break;
if (code == CODE_CLEAR) {
free_entp = sp->dec_codetab + CODE_FIRST;
+ _TIFFmemset(free_entp, 0, (CSIZE-CODE_FIRST)*sizeof (code_t));
nbits = BITS_MIN;
nbitsmask = MAXCODE(BITS_MIN);
maxcodep = sp->dec_codetab + nbitsmask;
NextCode(tif, sp, bp, code, GetNextCodeCompat);
if (code == CODE_EOI)
break;
+ if (code == CODE_CLEAR) {
+ TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
+ "LZWDecodeCompat: Corrupted LZW table at scanline %d",
+ tif->tif_row);
+ return (0);
+ }
*op++ = code, occ--;
oldcodep = sp->dec_codetab + code;
continue;
Index: libtiff.spec
===================================================================
RCS file: /cvs/pkgs/rpms/libtiff/devel/libtiff.spec,v
retrieving revision 1.51
retrieving revision 1.52
diff -u -r1.51 -r1.52
--- libtiff.spec 20 Feb 2008 03:51:03 -0000 1.51
+++ libtiff.spec 26 Aug 2008 15:52:30 -0000 1.52
@@ -1,7 +1,7 @@
Summary: Library of functions for manipulating TIFF format image files
Name: libtiff
Version: 3.8.2
-Release: 10%{?dist}
+Release: 11%{?dist}
License: libtiff
Group: System Environment/Libraries
URL: http://www.libtiff.org/
@@ -11,6 +11,7 @@
Patch1: libtiff-3.8.2-ormandy.patch
Patch2: libtiff-3.8.2-CVE-2006-2193.patch
Patch3: libtiff-3.8.2-mantypo.patch
+Patch4: libtiff-3.8.2-lzw-bugs.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: zlib-devel libjpeg-devel
@@ -56,8 +57,10 @@
%patch1 -p1 -b .ormandy
%patch2 -p1 -b .CVE-2006-2193
%patch3 -p1 -b .mantypo
+%patch4 -p1
%build
+export CFLAGS="%{optflags} -fno-strict-aliasing"
%configure
make %{?_smp_mflags}
@@ -154,6 +157,11 @@
%{_libdir}/*.a
%changelog
+* Tue Aug 26 2008 Tom Lane <tgl at redhat.com> 3.8.2-11
+- Fix LZW decoding vulnerabilities (CVE-2008-2327)
+Related: #458674
+- Use -fno-strict-aliasing per rpmdiff recommendation
+
* Tue Feb 19 2008 Fedora Release Engineering <rel-eng at fedoraproject.org> - 3.8.2-10
- Autorebuild for GCC 4.3
- Previous message (by thread): rpms/gssdp/F-9 gssdp.spec, NONE, 1.1 gssdp_remove_gthread.patch, NONE, 1.1 import.log, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/libv4l/devel .cvsignore, 1.4, 1.5 libv4l.spec, 1.3, 1.4 sources, 1.4, 1.5
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list