rpms/mingw32-libtiff/devel import.log, NONE, 1.1 libtiff-3.8.2-CVE-2006-2193.patch, NONE, 1.1 libtiff-3.8.2-lzw-bugs.patch, NONE, 1.1 libtiff-3.8.2-ormandy.patch, NONE, 1.1 mingw32-libtiff.spec, NONE, 1.1 tiffsplit-overflow.patch, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
Michael Ploujnikov
plouj at fedoraproject.org
Mon Jun 8 22:29:31 UTC 2009
- Previous message (by thread): rpms/kernel/F-11 linux-2.6-input-atkbd-forced-release.patch, NONE, 1.1 kernel.spec, 1.1632, 1.1633
- Next message (by thread): rpms/mingw32-libtiff/F-10 import.log, NONE, 1.1 libtiff-3.8.2-CVE-2006-2193.patch, NONE, 1.1 libtiff-3.8.2-lzw-bugs.patch, NONE, 1.1 libtiff-3.8.2-ormandy.patch, NONE, 1.1 mingw32-libtiff.spec, NONE, 1.1 tiffsplit-overflow.patch, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: plouj
Update of /cvs/pkgs/rpms/mingw32-libtiff/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv22167/devel
Modified Files:
.cvsignore sources
Added Files:
import.log libtiff-3.8.2-CVE-2006-2193.patch
libtiff-3.8.2-lzw-bugs.patch libtiff-3.8.2-ormandy.patch
mingw32-libtiff.spec tiffsplit-overflow.patch
Log Message:
* Mon Jun 8 2009 Michael Ploujnikov <ploujj at gmail.com> - 3.8.2-15
- initial devel branch CVS import
--- NEW FILE import.log ---
mingw32-libtiff-3_8_2-15_fc10:HEAD:mingw32-libtiff-3.8.2-15.fc10.src.rpm:1244499917
libtiff-3.8.2-CVE-2006-2193.patch:
--- NEW FILE libtiff-3.8.2-CVE-2006-2193.patch ---
--- tiff-3.8.2/tools/tiff2pdf.c.CVE-2006-2193 2006-03-21 17:42:51.000000000 +0100
+++ tiff-3.8.2/tools/tiff2pdf.c 2006-09-05 10:47:51.000000000 +0200
@@ -3668,7 +3668,7 @@
written += TIFFWriteFile(output, (tdata_t) "(", 1);
for (i=0;i<len;i++){
if((pdfstr[i]&0x80) || (pdfstr[i]==127) || (pdfstr[i]<32)){
- sprintf(buffer, "\\%.3o", pdfstr[i]);
+ snprintf(buffer, sizeof(buffer), "\\%.3o", (unsigned char) pdfstr[i]);
written += TIFFWriteFile(output, (tdata_t) buffer, 4);
} else {
switch (pdfstr[i]){
libtiff-3.8.2-lzw-bugs.patch:
--- NEW FILE libtiff-3.8.2-lzw-bugs.patch ---
Fixes for CVE-2008-2327
diff -Naur tiff-3.8.2.orig/libtiff/tif_lzw.c tiff-3.8.2/libtiff/tif_lzw.c
--- tiff-3.8.2.orig/libtiff/tif_lzw.c 2006-03-21 11:42:50.000000000 -0500
+++ tiff-3.8.2/libtiff/tif_lzw.c 2008-08-22 16:26:01.000000000 -0400
@@ -237,6 +237,11 @@
sp->dec_codetab[code].length = 1;
sp->dec_codetab[code].next = NULL;
} while (code--);
+ /*
+ * Zero-out the unused entries
+ */
+ _TIFFmemset(&sp->dec_codetab[CODE_CLEAR], 0,
+ (CODE_FIRST-CODE_CLEAR)*sizeof (code_t));
}
return (1);
}
@@ -408,12 +413,19 @@
break;
if (code == CODE_CLEAR) {
free_entp = sp->dec_codetab + CODE_FIRST;
+ _TIFFmemset(free_entp, 0, (CSIZE-CODE_FIRST)*sizeof (code_t));
nbits = BITS_MIN;
nbitsmask = MAXCODE(BITS_MIN);
maxcodep = sp->dec_codetab + nbitsmask-1;
NextCode(tif, sp, bp, code, GetNextCode);
if (code == CODE_EOI)
break;
+ if (code == CODE_CLEAR) {
+ TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
+ "LZWDecode: Corrupted LZW table at scanline %d",
+ tif->tif_row);
+ return (0);
+ }
*op++ = (char)code, occ--;
oldcodep = sp->dec_codetab + code;
continue;
@@ -604,12 +616,19 @@
break;
if (code == CODE_CLEAR) {
free_entp = sp->dec_codetab + CODE_FIRST;
+ _TIFFmemset(free_entp, 0, (CSIZE-CODE_FIRST)*sizeof (code_t));
nbits = BITS_MIN;
nbitsmask = MAXCODE(BITS_MIN);
maxcodep = sp->dec_codetab + nbitsmask;
NextCode(tif, sp, bp, code, GetNextCodeCompat);
if (code == CODE_EOI)
break;
+ if (code == CODE_CLEAR) {
+ TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
+ "LZWDecodeCompat: Corrupted LZW table at scanline %d",
+ tif->tif_row);
+ return (0);
+ }
*op++ = code, occ--;
oldcodep = sp->dec_codetab + code;
continue;
libtiff-3.8.2-ormandy.patch:
--- NEW FILE libtiff-3.8.2-ormandy.patch ---
diff -ru tiff-3.8.2/libtiff/tif_dir.c tiff-3.8.2-goo/libtiff/tif_dir.c
--- tiff-3.8.2/libtiff/tif_dir.c 2006-03-21 16:42:50.000000000 +0000
+++ tiff-3.8.2-goo/libtiff/tif_dir.c 2006-07-14 13:52:01.027562000 +0100
@@ -122,6 +122,7 @@
{
static const char module[] = "_TIFFVSetField";
+ const TIFFFieldInfo* fip = _TIFFFindFieldInfo(tif, tag, TIFF_ANY);
TIFFDirectory* td = &tif->tif_dir;
int status = 1;
uint32 v32, i, v;
@@ -195,10 +196,12 @@
break;
case TIFFTAG_ORIENTATION:
v = va_arg(ap, uint32);
+ const TIFFFieldInfo* fip;
if (v < ORIENTATION_TOPLEFT || ORIENTATION_LEFTBOT < v) {
+ fip = _TIFFFieldWithTag(tif, tag);
TIFFWarningExt(tif->tif_clientdata, tif->tif_name,
"Bad value %lu for \"%s\" tag ignored",
- v, _TIFFFieldWithTag(tif, tag)->field_name);
+ v, fip ? fip->field_name : "Unknown");
} else
td->td_orientation = (uint16) v;
break;
@@ -387,11 +390,15 @@
* happens, for example, when tiffcp is used to convert between
* compression schemes and codec-specific tags are blindly copied.
*/
+ /*
+ * better not dereference fip if it is NULL.
+ * -- taviso at google.com 15 Jun 2006
+ */
if(fip == NULL || fip->field_bit != FIELD_CUSTOM) {
TIFFErrorExt(tif->tif_clientdata, module,
"%s: Invalid %stag \"%s\" (not supported by codec)",
tif->tif_name, isPseudoTag(tag) ? "pseudo-" : "",
- _TIFFFieldWithTag(tif, tag)->field_name);
+ fip ? fip->field_name : "Unknown");
status = 0;
break;
}
@@ -468,7 +475,7 @@
if (fip->field_type == TIFF_ASCII)
_TIFFsetString((char **)&tv->value, va_arg(ap, char *));
else {
- tv->value = _TIFFmalloc(tv_size * tv->count);
+ tv->value = _TIFFCheckMalloc(tif, tv_size, tv->count, "Tag Value");
if (!tv->value) {
status = 0;
goto end;
@@ -563,7 +570,7 @@
}
}
if (status) {
- TIFFSetFieldBit(tif, _TIFFFieldWithTag(tif, tag)->field_bit);
+ TIFFSetFieldBit(tif, fip->field_bit);
tif->tif_flags |= TIFF_DIRTYDIRECT;
}
@@ -572,12 +579,12 @@
return (status);
badvalue:
TIFFErrorExt(tif->tif_clientdata, module, "%s: Bad value %d for \"%s\"",
- tif->tif_name, v, _TIFFFieldWithTag(tif, tag)->field_name);
+ tif->tif_name, v, fip ? fip->field_name : "Unknown");
va_end(ap);
return (0);
badvalue32:
TIFFErrorExt(tif->tif_clientdata, module, "%s: Bad value %ld for \"%s\"",
- tif->tif_name, v32, _TIFFFieldWithTag(tif, tag)->field_name);
+ tif->tif_name, v32, fip ? fip->field_name : "Unknown");
va_end(ap);
return (0);
}
@@ -813,12 +820,16 @@
* If the client tries to get a tag that is not valid
* for the image's codec then we'll arrive here.
*/
+ /*
+ * dont dereference fip if it's NULL.
+ * -- taviso at google.com 15 Jun 2006
+ */
if( fip == NULL || fip->field_bit != FIELD_CUSTOM )
{
TIFFErrorExt(tif->tif_clientdata, "_TIFFVGetField",
"%s: Invalid %stag \"%s\" (not supported by codec)",
tif->tif_name, isPseudoTag(tag) ? "pseudo-" : "",
- _TIFFFieldWithTag(tif, tag)->field_name);
+ fip ? fip->field_name : "Unknown");
ret_val = 0;
break;
}
diff -ru tiff-3.8.2/libtiff/tif_dirinfo.c tiff-3.8.2-goo/libtiff/tif_dirinfo.c
--- tiff-3.8.2/libtiff/tif_dirinfo.c 2006-02-07 13:51:03.000000000 +0000
+++ tiff-3.8.2-goo/libtiff/tif_dirinfo.c 2006-07-14 13:52:00.953558000 +0100
@@ -775,7 +775,8 @@
TIFFErrorExt(tif->tif_clientdata, "TIFFFieldWithTag",
"Internal error, unknown tag 0x%x",
(unsigned int) tag);
- assert(fip != NULL);
+ /* assert(fip != NULL); */
+
/*NOTREACHED*/
}
return (fip);
@@ -789,7 +790,8 @@
if (!fip) {
TIFFErrorExt(tif->tif_clientdata, "TIFFFieldWithName",
"Internal error, unknown tag %s", field_name);
- assert(fip != NULL);
+ /* assert(fip != NULL); */
+
/*NOTREACHED*/
}
return (fip);
diff -ru tiff-3.8.2/libtiff/tif_dirread.c tiff-3.8.2-goo/libtiff/tif_dirread.c
--- tiff-3.8.2/libtiff/tif_dirread.c 2006-03-21 16:42:50.000000000 +0000
+++ tiff-3.8.2-goo/libtiff/tif_dirread.c 2006-07-14 13:52:00.842557000 +0100
@@ -29,6 +29,9 @@
*
* Directory Read Support Routines.
*/
+
+#include <limits.h>
+
#include "tiffiop.h"
#define IGNORE 0 /* tag placeholder used below */
@@ -81,6 +84,7 @@
uint16 dircount;
toff_t nextdiroff;
int diroutoforderwarning = 0;
+ int compressionknown = 0;
toff_t* new_dirlist;
tif->tif_diroff = tif->tif_nextdiroff;
@@ -147,13 +151,20 @@
} else {
toff_t off = tif->tif_diroff;
- if (off + sizeof (uint16) > tif->tif_size) {
- TIFFErrorExt(tif->tif_clientdata, module,
- "%s: Can not read TIFF directory count",
- tif->tif_name);
- return (0);
+ /*
+ * Check for integer overflow when validating the dir_off, otherwise
+ * a very high offset may cause an OOB read and crash the client.
+ * -- taviso at google.com, 14 Jun 2006.
+ */
+ if (off + sizeof (uint16) > tif->tif_size ||
+ off > (UINT_MAX - sizeof(uint16))) {
+ TIFFErrorExt(tif->tif_clientdata, module,
+ "%s: Can not read TIFF directory count",
+ tif->tif_name);
+ return (0);
} else
- _TIFFmemcpy(&dircount, tif->tif_base + off, sizeof (uint16));
+ _TIFFmemcpy(&dircount, tif->tif_base + off,
+ sizeof (uint16));
off += sizeof (uint16);
if (tif->tif_flags & TIFF_SWAB)
TIFFSwabShort(&dircount);
@@ -254,6 +265,7 @@
while (fix < tif->tif_nfields &&
tif->tif_fieldinfo[fix]->field_tag < dp->tdir_tag)
fix++;
+
if (fix >= tif->tif_nfields ||
tif->tif_fieldinfo[fix]->field_tag != dp->tdir_tag) {
@@ -264,17 +276,23 @@
dp->tdir_tag,
dp->tdir_tag,
dp->tdir_type);
-
- TIFFMergeFieldInfo(tif,
- _TIFFCreateAnonFieldInfo(tif,
- dp->tdir_tag,
- (TIFFDataType) dp->tdir_type),
- 1 );
+ /*
+ * creating anonymous fields prior to knowing the compression
+ * algorithm (ie, when the field info has been merged) could cause
+ * crashes with pathological directories.
+ * -- taviso at google.com 15 Jun 2006
+ */
+ if (compressionknown)
+ TIFFMergeFieldInfo(tif, _TIFFCreateAnonFieldInfo(tif, dp->tdir_tag,
+ (TIFFDataType) dp->tdir_type), 1 );
+ else goto ignore;
+
fix = 0;
while (fix < tif->tif_nfields &&
tif->tif_fieldinfo[fix]->field_tag < dp->tdir_tag)
fix++;
}
+
/*
* Null out old tags that we ignore.
*/
@@ -326,6 +344,7 @@
dp->tdir_type, dp->tdir_offset);
if (!TIFFSetField(tif, dp->tdir_tag, (uint16)v))
goto bad;
+ else compressionknown++;
break;
/* XXX: workaround for broken TIFFs */
} else if (dp->tdir_type == TIFF_LONG) {
@@ -540,6 +559,7 @@
* Attempt to deal with a missing StripByteCounts tag.
*/
if (!TIFFFieldSet(tif, FIELD_STRIPBYTECOUNTS)) {
+ const TIFFFieldInfo* fip = _TIFFFieldWithTag(tif, TIFFTAG_STRIPBYTECOUNTS);
/*
* Some manufacturers violate the spec by not giving
* the size of the strips. In this case, assume there
@@ -556,7 +576,7 @@
"%s: TIFF directory is missing required "
"\"%s\" field, calculating from imagelength",
tif->tif_name,
- _TIFFFieldWithTag(tif,TIFFTAG_STRIPBYTECOUNTS)->field_name);
+ fip ? fip->field_name : "Unknown");
if (EstimateStripByteCounts(tif, dir, dircount) < 0)
goto bad;
/*
@@ -580,6 +600,7 @@
} else if (td->td_nstrips == 1
&& td->td_stripoffset[0] != 0
&& BYTECOUNTLOOKSBAD) {
+ const TIFFFieldInfo* fip = _TIFFFieldWithTag(tif, TIFFTAG_STRIPBYTECOUNTS);
/*
* XXX: Plexus (and others) sometimes give a value of zero for
* a tag when they don't know what the correct value is! Try
@@ -589,13 +610,14 @@
TIFFWarningExt(tif->tif_clientdata, module,
"%s: Bogus \"%s\" field, ignoring and calculating from imagelength",
tif->tif_name,
- _TIFFFieldWithTag(tif,TIFFTAG_STRIPBYTECOUNTS)->field_name);
+ fip ? fip->field_name : "Unknown");
if(EstimateStripByteCounts(tif, dir, dircount) < 0)
goto bad;
} else if (td->td_planarconfig == PLANARCONFIG_CONTIG
&& td->td_nstrips > 2
&& td->td_compression == COMPRESSION_NONE
&& td->td_stripbytecount[0] != td->td_stripbytecount[1]) {
+ const TIFFFieldInfo* fip = _TIFFFieldWithTag(tif, TIFFTAG_STRIPBYTECOUNTS);
/*
* XXX: Some vendors fill StripByteCount array with absolutely
* wrong values (it can be equal to StripOffset array, for
@@ -604,7 +626,7 @@
TIFFWarningExt(tif->tif_clientdata, module,
"%s: Wrong \"%s\" field, ignoring and calculating from imagelength",
tif->tif_name,
- _TIFFFieldWithTag(tif,TIFFTAG_STRIPBYTECOUNTS)->field_name);
+ fip ? fip->field_name : "Unknown");
if (EstimateStripByteCounts(tif, dir, dircount) < 0)
goto bad;
}
@@ -870,7 +892,13 @@
register TIFFDirEntry *dp;
register TIFFDirectory *td = &tif->tif_dir;
- uint16 i;
+
+ /* i is used to iterate over td->td_nstrips, so must be
+ * at least the same width.
+ * -- taviso at google.com 15 Jun 2006
+ */
+
+ uint32 i;
if (td->td_stripbytecount)
_TIFFfree(td->td_stripbytecount);
@@ -947,16 +975,18 @@
static int
CheckDirCount(TIFF* tif, TIFFDirEntry* dir, uint32 count)
{
+ const TIFFFieldInfo* fip = _TIFFFieldWithTag(tif, dir->tdir_tag);
+
if (count > dir->tdir_count) {
TIFFWarningExt(tif->tif_clientdata, tif->tif_name,
"incorrect count for field \"%s\" (%lu, expecting %lu); tag ignored",
- _TIFFFieldWithTag(tif, dir->tdir_tag)->field_name,
+ fip ? fip->field_name : "Unknown",
dir->tdir_count, count);
return (0);
} else if (count < dir->tdir_count) {
TIFFWarningExt(tif->tif_clientdata, tif->tif_name,
"incorrect count for field \"%s\" (%lu, expecting %lu); tag trimmed",
- _TIFFFieldWithTag(tif, dir->tdir_tag)->field_name,
+ fip ? fip->field_name : "Unknown",
dir->tdir_count, count);
return (1);
}
@@ -970,6 +1000,7 @@
TIFFFetchData(TIFF* tif, TIFFDirEntry* dir, char* cp)
{
int w = TIFFDataWidth((TIFFDataType) dir->tdir_type);
+ const TIFFFieldInfo* fip = _TIFFFieldWithTag(tif, dir->tdir_tag);
tsize_t cc = dir->tdir_count * w;
/* Check for overflow. */
@@ -1013,7 +1044,7 @@
bad:
TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
"Error fetching data for field \"%s\"",
- _TIFFFieldWithTag(tif, dir->tdir_tag)->field_name);
+ fip ? fip->field_name : "Unknown");
return (tsize_t) 0;
}
@@ -1039,10 +1070,12 @@
static int
cvtRational(TIFF* tif, TIFFDirEntry* dir, uint32 num, uint32 denom, float* rv)
{
+ const TIFFFieldInfo* fip;
if (denom == 0) {
+ fip = _TIFFFieldWithTag(tif, dir->tdir_tag);
TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
"%s: Rational with zero denominator (num = %lu)",
- _TIFFFieldWithTag(tif, dir->tdir_tag)->field_name, num);
+ fip ? fip->field_name : "Unknown", num);
return (0);
} else {
if (dir->tdir_type == TIFF_RATIONAL)
@@ -1159,6 +1192,20 @@
static int
TIFFFetchShortPair(TIFF* tif, TIFFDirEntry* dir)
{
+ /*
+ * Prevent overflowing the v stack arrays below by performing a sanity
+ * check on tdir_count, this should never be greater than two.
+ * -- taviso at google.com 14 Jun 2006.
+ */
+ if (dir->tdir_count > 2) {
+ const TIFFFieldInfo* fip = _TIFFFieldWithTag(tif, dir->tdir_tag);
+ TIFFWarningExt(tif->tif_clientdata, tif->tif_name,
+ "unexpected count for field \"%s\", %lu, expected 2; ignored.",
+ fip ? fip->field_name : "Unknown",
+ dir->tdir_count);
+ return 0;
+ }
+
switch (dir->tdir_type) {
case TIFF_BYTE:
case TIFF_SBYTE:
@@ -1329,14 +1376,15 @@
case TIFF_DOUBLE:
return (TIFFFetchDoubleArray(tif, dir, (double*) v));
default:
+ { const TIFFFieldInfo* fip = _TIFFFieldWithTag(tif, dir->tdir_tag);
/* TIFF_NOTYPE */
/* TIFF_ASCII */
/* TIFF_UNDEFINED */
TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
"cannot read TIFF_ANY type %d for field \"%s\"",
dir->tdir_type,
- _TIFFFieldWithTag(tif, dir->tdir_tag)->field_name);
- return (0);
+ fip ? fip->field_name : "Unknown");
+ return (0); }
}
return (1);
}
@@ -1351,6 +1399,9 @@
int ok = 0;
const TIFFFieldInfo* fip = _TIFFFieldWithTag(tif, dp->tdir_tag);
+ if (fip == NULL) {
+ return (0);
+ }
if (dp->tdir_count > 1) { /* array of values */
char* cp = NULL;
@@ -1493,6 +1544,7 @@
TIFFFetchPerSampleShorts(TIFF* tif, TIFFDirEntry* dir, uint16* pl)
{
uint16 samples = tif->tif_dir.td_samplesperpixel;
+ const TIFFFieldInfo* fip;
int status = 0;
if (CheckDirCount(tif, dir, (uint32) samples)) {
@@ -1510,9 +1562,10 @@
for (i = 1; i < check_count; i++)
if (v[i] != v[0]) {
+ fip = _TIFFFieldWithTag(tif, dir->tdir_tag);
TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
"Cannot handle different per-sample values for field \"%s\"",
- _TIFFFieldWithTag(tif, dir->tdir_tag)->field_name);
+ fip ? fip->field_name : "Unknown");
goto bad;
}
*pl = v[0];
@@ -1534,6 +1587,7 @@
TIFFFetchPerSampleLongs(TIFF* tif, TIFFDirEntry* dir, uint32* pl)
{
uint16 samples = tif->tif_dir.td_samplesperpixel;
+ const TIFFFieldInfo* fip;
int status = 0;
if (CheckDirCount(tif, dir, (uint32) samples)) {
@@ -1551,9 +1605,10 @@
check_count = samples;
for (i = 1; i < check_count; i++)
if (v[i] != v[0]) {
+ fip = _TIFFFieldWithTag(tif, dir->tdir_tag);
TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
"Cannot handle different per-sample values for field \"%s\"",
- _TIFFFieldWithTag(tif, dir->tdir_tag)->field_name);
+ fip ? fip->field_name : "Unknown");
goto bad;
}
*pl = v[0];
@@ -1574,6 +1629,7 @@
TIFFFetchPerSampleAnys(TIFF* tif, TIFFDirEntry* dir, double* pl)
{
uint16 samples = tif->tif_dir.td_samplesperpixel;
+ const TIFFFieldInfo* fip;
int status = 0;
if (CheckDirCount(tif, dir, (uint32) samples)) {
@@ -1591,9 +1647,10 @@
for (i = 1; i < check_count; i++)
if (v[i] != v[0]) {
+ fip = _TIFFFieldWithTag(tif, dir->tdir_tag);
TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
"Cannot handle different per-sample values for field \"%s\"",
- _TIFFFieldWithTag(tif, dir->tdir_tag)->field_name);
+ fip ? fip->field_name : "Unknown");
goto bad;
}
*pl = v[0];
diff -ru tiff-3.8.2/libtiff/tif_fax3.c tiff-3.8.2-goo/libtiff/tif_fax3.c
--- tiff-3.8.2/libtiff/tif_fax3.c 2006-03-21 16:42:50.000000000 +0000
+++ tiff-3.8.2-goo/libtiff/tif_fax3.c 2006-07-14 13:52:00.669557000 +0100
@@ -1136,6 +1136,7 @@
Fax3VSetField(TIFF* tif, ttag_t tag, va_list ap)
{
Fax3BaseState* sp = Fax3State(tif);
+ const TIFFFieldInfo* fip;
assert(sp != 0);
assert(sp->vsetparent != 0);
@@ -1181,7 +1182,13 @@
default:
return (*sp->vsetparent)(tif, tag, ap);
}
- TIFFSetFieldBit(tif, _TIFFFieldWithTag(tif, tag)->field_bit);
+
+ if ((fip = _TIFFFieldWithTag(tif, tag))) {
+ TIFFSetFieldBit(tif, fip->field_bit);
+ } else {
+ return (0);
+ }
+
tif->tif_flags |= TIFF_DIRTYDIRECT;
return (1);
}
diff -ru tiff-3.8.2/libtiff/tif_jpeg.c tiff-3.8.2-goo/libtiff/tif_jpeg.c
--- tiff-3.8.2/libtiff/tif_jpeg.c 2006-03-21 16:42:50.000000000 +0000
+++ tiff-3.8.2-goo/libtiff/tif_jpeg.c 2006-07-14 13:52:00.655560000 +0100
@@ -722,15 +722,31 @@
segment_width = TIFFhowmany(segment_width, sp->h_sampling);
segment_height = TIFFhowmany(segment_height, sp->v_sampling);
}
- if (sp->cinfo.d.image_width != segment_width ||
- sp->cinfo.d.image_height != segment_height) {
+ if (sp->cinfo.d.image_width < segment_width ||
+ sp->cinfo.d.image_height < segment_height) {
TIFFWarningExt(tif->tif_clientdata, module,
"Improper JPEG strip/tile size, expected %dx%d, got %dx%d",
segment_width,
segment_height,
sp->cinfo.d.image_width,
sp->cinfo.d.image_height);
+ }
+
+ if (sp->cinfo.d.image_width > segment_width ||
+ sp->cinfo.d.image_height > segment_height) {
+ /*
+ * This case could be dangerous, if the strip or tile size has been
+ * reported as less than the amount of data jpeg will return, some
+ * potential security issues arise. Catch this case and error out.
+ * -- taviso at google.com 14 Jun 2006
+ */
+ TIFFErrorExt(tif->tif_clientdata, module,
+ "JPEG strip/tile size exceeds expected dimensions,"
+ "expected %dx%d, got %dx%d", segment_width, segment_height,
+ sp->cinfo.d.image_width, sp->cinfo.d.image_height);
+ return (0);
}
+
if (sp->cinfo.d.num_components !=
(td->td_planarconfig == PLANARCONFIG_CONTIG ?
td->td_samplesperpixel : 1)) {
@@ -761,6 +777,22 @@
sp->cinfo.d.comp_info[0].v_samp_factor,
sp->h_sampling, sp->v_sampling);
+ /*
+ * There are potential security issues here for decoders that
+ * have already allocated buffers based on the expected sampling
+ * factors. Lets check the sampling factors dont exceed what
+ * we were expecting.
+ * -- taviso at google.com 14 June 2006
+ */
+ if (sp->cinfo.d.comp_info[0].h_samp_factor > sp->h_sampling ||
+ sp->cinfo.d.comp_info[0].v_samp_factor > sp->v_sampling) {
+ TIFFErrorExt(tif->tif_clientdata, module,
+ "Cannot honour JPEG sampling factors that"
+ " exceed those specified.");
+ return (0);
+ }
+
+
/*
* XXX: Files written by the Intergraph software
* has different sampling factors stored in the
@@ -1521,15 +1553,18 @@
{
JPEGState *sp = JState(tif);
- assert(sp != 0);
+ /* assert(sp != 0); */
tif->tif_tagmethods.vgetfield = sp->vgetparent;
tif->tif_tagmethods.vsetfield = sp->vsetparent;
- if( sp->cinfo_initialized )
- TIFFjpeg_destroy(sp); /* release libjpeg resources */
- if (sp->jpegtables) /* tag value */
- _TIFFfree(sp->jpegtables);
+ if (sp != NULL) {
+ if( sp->cinfo_initialized )
+ TIFFjpeg_destroy(sp); /* release libjpeg resources */
+ if (sp->jpegtables) /* tag value */
+ _TIFFfree(sp->jpegtables);
+ }
+
_TIFFfree(tif->tif_data); /* release local state */
tif->tif_data = NULL;
@@ -1541,6 +1576,7 @@
{
JPEGState* sp = JState(tif);
TIFFDirectory* td = &tif->tif_dir;
+ const TIFFFieldInfo* fip;
uint32 v32;
assert(sp != NULL);
@@ -1606,7 +1642,13 @@
default:
return (*sp->vsetparent)(tif, tag, ap);
}
- TIFFSetFieldBit(tif, _TIFFFieldWithTag(tif, tag)->field_bit);
+
+ if ((fip = _TIFFFieldWithTag(tif, tag))) {
+ TIFFSetFieldBit(tif, fip->field_bit);
+ } else {
+ return (0);
+ }
+
tif->tif_flags |= TIFF_DIRTYDIRECT;
return (1);
}
@@ -1726,7 +1768,11 @@
{
JPEGState* sp = JState(tif);
- assert(sp != NULL);
+ /* assert(sp != NULL); */
+ if (sp == NULL) {
+ TIFFWarningExt(tif->tif_clientdata, "JPEGPrintDir", "Unknown JPEGState");
+ return;
+ }
(void) flags;
if (TIFFFieldSet(tif,FIELD_JPEGTABLES))
diff -ru tiff-3.8.2/libtiff/tif_next.c tiff-3.8.2-goo/libtiff/tif_next.c
--- tiff-3.8.2/libtiff/tif_next.c 2005-12-21 12:33:56.000000000 +0000
+++ tiff-3.8.2-goo/libtiff/tif_next.c 2006-07-14 13:52:00.556567000 +0100
@@ -105,11 +105,16 @@
* as codes of the form <color><npixels>
* until we've filled the scanline.
*/
+ /*
+ * Ensure the run does not exceed the scanline
+ * bounds, potentially resulting in a security issue.
+ * -- taviso at google.com 14 Jun 2006.
+ */
op = row;
for (;;) {
grey = (n>>6) & 0x3;
n &= 0x3f;
- while (n-- > 0)
+ while (n-- > 0 && npixels < imagewidth)
SETPIXEL(op, grey);
if (npixels >= (int) imagewidth)
break;
diff -ru tiff-3.8.2/libtiff/tif_pixarlog.c tiff-3.8.2-goo/libtiff/tif_pixarlog.c
--- tiff-3.8.2/libtiff/tif_pixarlog.c 2006-03-21 16:42:50.000000000 +0000
+++ tiff-3.8.2-goo/libtiff/tif_pixarlog.c 2006-07-14 13:52:00.483557000 +0100
@@ -768,7 +768,19 @@
if (tif->tif_flags & TIFF_SWAB)
TIFFSwabArrayOfShort(up, nsamples);
- for (i = 0; i < nsamples; i += llen, up += llen) {
+ /*
+ * if llen is not an exact multiple of nsamples, the decode operation
+ * may overflow the output buffer, so truncate it enough to prevent that
+ * but still salvage as much data as possible.
+ * -- taviso at google.com 14th June 2006
+ */
+ if (nsamples % llen)
+ TIFFWarningExt(tif->tif_clientdata, module,
+ "%s: stride %lu is not a multiple of sample count, "
+ "%lu, data truncated.", tif->tif_name, llen, nsamples);
+
+
+ for (i = 0; i < nsamples - (nsamples % llen); i += llen, up += llen) {
switch (sp->user_datafmt) {
case PIXARLOGDATAFMT_FLOAT:
horizontalAccumulateF(up, llen, sp->stride,
diff -ru tiff-3.8.2/libtiff/tif_read.c tiff-3.8.2-goo/libtiff/tif_read.c
--- tiff-3.8.2/libtiff/tif_read.c 2005-12-21 12:33:56.000000000 +0000
+++ tiff-3.8.2-goo/libtiff/tif_read.c 2006-07-14 13:52:00.467568000 +0100
@@ -31,6 +31,8 @@
#include "tiffiop.h"
#include <stdio.h>
+#include <limits.h>
+
int TIFFFillStrip(TIFF*, tstrip_t);
int TIFFFillTile(TIFF*, ttile_t);
static int TIFFStartStrip(TIFF*, tstrip_t);
@@ -272,7 +274,13 @@
if ((tif->tif_flags & TIFF_MYBUFFER) && tif->tif_rawdata)
_TIFFfree(tif->tif_rawdata);
tif->tif_flags &= ~TIFF_MYBUFFER;
- if ( td->td_stripoffset[strip] + bytecount > tif->tif_size) {
+ /*
+ * This sanity check could potentially overflow, causing an OOB read.
+ * verify that offset + bytecount is > offset.
+ * -- taviso at google.com 14 Jun 2006
+ */
+ if ( td->td_stripoffset[strip] + bytecount > tif->tif_size ||
+ bytecount > (UINT_MAX - td->td_stripoffset[strip])) {
/*
* This error message might seem strange, but it's
* what would happen if a read were done instead.
@@ -470,7 +478,13 @@
if ((tif->tif_flags & TIFF_MYBUFFER) && tif->tif_rawdata)
_TIFFfree(tif->tif_rawdata);
tif->tif_flags &= ~TIFF_MYBUFFER;
- if ( td->td_stripoffset[tile] + bytecount > tif->tif_size) {
+ /*
+ * We must check this calculation doesnt overflow, potentially
+ * causing an OOB read.
+ * -- taviso at google.com 15 Jun 2006
+ */
+ if (td->td_stripoffset[tile] + bytecount > tif->tif_size ||
+ bytecount > (UINT_MAX - td->td_stripoffset[tile])) {
tif->tif_curtile = NOTILE;
return (0);
}
--- NEW FILE mingw32-libtiff.spec ---
%global __strip %{_mingw32_strip}
%global __objdump %{_mingw32_objdump}
%global _use_internal_dependency_generator 0
%global __find_requires %{_mingw32_findrequires}
%global __find_provides %{_mingw32_findprovides}
Summary: MinGW Windows port of the LibTIFF library
Name: mingw32-libtiff
Version: 3.8.2
Release: 15%{?dist}
License: libtiff
Group: System Environment/Libraries
URL: http://www.libtiff.org/
Source: ftp://ftp.remotesensing.org/pub/libtiff/tiff-%{version}.tar.gz
Patch0: tiffsplit-overflow.patch
Patch1: libtiff-3.8.2-ormandy.patch
Patch2: libtiff-3.8.2-CVE-2006-2193.patch
Patch4: libtiff-3.8.2-lzw-bugs.patch
BuildArch: noarch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: mingw32-zlib mingw32-libjpeg
BuildRequires: mingw32-filesystem >= 35
BuildRequires: mingw32-gcc
BuildRequires: mingw32-binutils
%description
The libtiff package contains a library of functions for manipulating
TIFF (Tagged Image File Format) image format files. TIFF is a widely
used file format for bitmapped images. TIFF files usually end in the
.tif extension and they are often quite large.
The libtiff package should be installed if you need to manipulate TIFF
format image files.
%prep
%setup -q -n tiff-%{version}
# Patches from the native Fedora package:
%patch0 -p1 -b .overflow
%patch1 -p1 -b .ormandy
%patch2 -p1 -b .CVE-2006-2193
%patch4 -p1
%build
export MINGW32_CFLAGS="%{_mingw32_cflags} -fno-strict-aliasing"
%{_mingw32_configure} --disable-static
make %{?_smp_mflags}
%install
rm -rf $RPM_BUILD_ROOT
make DESTDIR=$RPM_BUILD_ROOT install
# remove docs
rm -rf $RPM_BUILD_ROOT%{_mingw32_datadir}/doc
rm -rf $RPM_BUILD_ROOT%{_mingw32_mandir}
# remove binaries
rm -f $RPM_BUILD_ROOT%{_mingw32_bindir}/*.exe
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root,-)
%doc COPYRIGHT README RELEASE-DATE VERSION TODO ChangeLog
%{_mingw32_bindir}/libtiff-3.dll
%{_mingw32_bindir}/libtiffxx-3.dll
%{_mingw32_includedir}/*
%{_mingw32_libdir}/libtiff.dll.a
%{_mingw32_libdir}/libtiffxx.dll.a
%{_mingw32_libdir}/libtiff.la
%{_mingw32_libdir}/libtiffxx.la
%changelog
* Fri Jun 5 2009 Michael Ploujnikov <ploujj at gmail.com> - 3.8.2-15
- replace %%define with %%global as per Fedora packaging guidelines
* Wed Jun 3 2009 Michael Ploujnikov <ploujj at gmail.com> - 3.8.2-14
- cleanup based on initial review and help from Adam Goode:
- removed LIBVER define
- exported proper mingw32 cflags
- removed make check
- removed executables
- removed multilib stuff (irrelevant for mingw32)
- fixed defattr
- added .la files back in
* Sun Mar 22 2009 Michael Ploujnikov <ploujj at gmail.com> - 3.8.2-13
- Initial mingw32 build
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.8.2-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Tue Aug 26 2008 Tom Lane <tgl at redhat.com> 3.8.2-11
- Fix LZW decoding vulnerabilities (CVE-2008-2327)
Related: #458674
- Use -fno-strict-aliasing per rpmdiff recommendation
* Tue Feb 19 2008 Fedora Release Engineering <rel-eng at fedoraproject.org> - 3.8.2-10
- Autorebuild for GCC 4.3
* Wed Aug 22 2007 Tom Lane <tgl at redhat.com> 3.8.2-9
- Update License tag
- Rebuild to fix Fedora toolchain issues
* Thu Jul 19 2007 Tom Lane <tgl at redhat.com> 3.8.2-8
- Restore static library to distribution, in a separate -static subpackage
Resolves: #219905
- Don't apply multilib header hack to unrecognized architectures
Resolves: #233091
- Remove documentation for programs we don't ship
Resolves: #205079
Related: #185145
* Tue Jan 16 2007 Tom Lane <tgl at redhat.com> 3.8.2-7
- Remove Makefiles from the shipped /usr/share/doc/html directories
Resolves: bz #222729
* Tue Sep 5 2006 Jindrich Novy <jnovy at redhat.com> - 3.8.2-6
- fix CVE-2006-2193, tiff2pdf buffer overflow (#194362)
- fix typo in man page for tiffset (#186297)
- use %%{?dist}
* Mon Jul 24 2006 Matthias Clasen <mclasen at redhat.com>
- Fix several vulnerabilities (CVE-2006-3460 CVE-2006-3461
CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)
* Wed Jul 12 2006 Jesse Keating <jkeating at redhat.com> - 3.8.2-4.1
- rebuild
* Fri Jun 2 2006 Matthias Clasen <mclasen at redhat.com> - 3.8.2-3
- Fix multilib conflict
* Thu May 25 2006 Matthias Clasen <mclasen at redhat.com> - 3.8.2-3
- Fix overflows in tiffsplit
* Wed Apr 26 2006 Matthias Clasen <mclasen at redhat.com> - 3.8.2-2
- Drop tiffgt to get rid of the libGL dependency (#190768)
* Wed Apr 26 2006 Matthias Clasen <mclasen at redhat.com> - 3.8.2-1
- Update to 3.8.2
* Fri Feb 10 2006 Jesse Keating <jkeating at redhat.com> - 3.7.4-3.2.1
- bump again for double-long bug on ppc(64)
* Tue Feb 07 2006 Jesse Keating <jkeating at redhat.com> - 3.7.4-3.2
- rebuilt for new gcc4.1 snapshot and glibc changes
* Fri Dec 09 2005 Jesse Keating <jkeating at redhat.com>
- rebuilt
* Wed Nov 16 2005 Matthias Clasen <mclasen at redhat.com> 3.7.4-3
- Don't ship static libs
* Fri Nov 11 2005 Matthias Saou <http://freshrpms.net/> 3.7.4-2
- Remove useless explicit dependencies.
- Minor spec file cleanups.
- Move make check to %%check.
- Add _smp_mflags.
* Thu Sep 29 2005 Matthias Clasen <mclasen at redhat.com> - 3.7.4-1
- Update to 3.7.4
- Drop upstreamed patches
* Wed Jun 29 2005 Matthias Clasen <mclasen at redhat.com> - 3.7.2-1
- Update to 3.7.2
- Drop upstreamed patches
* Fri May 6 2005 Matthias Clasen <mclasen at redhat.com> - 3.7.1-6
- Fix a stack overflow
* Wed Mar 2 2005 Matthias Clasen <mclasen at redhat.com> - 3.7.1-5
- Don't use mktemp
* Wed Mar 2 2005 Matthias Clasen <mclasen at redhat.com> - 3.7.1-4
- Rebuild with gcc4
* Wed Jan 5 2005 Matthias Clasen <mclasen at redhat.com> - 3.7.1-3
- Drop the largefile patch again
- Fix a problem with the handling of alpha channels
- Fix an integer overflow in tiffdump (#143576)
* Wed Dec 22 2004 Matthias Clasen <mclasen at redhat.com> - 3.7.1-2
- Readd the largefile patch (#143560)
* Wed Dec 22 2004 Matthias Clasen <mclasen at redhat.com> - 3.7.1-1
- Upgrade to 3.7.1
- Remove upstreamed patches
- Remove specfile cruft
- make check
* Thu Oct 14 2004 Matthias Clasen <mclasen at redhat.com> 3.6.1-7
- fix some integer and buffer overflows (#134853, #134848)
* Tue Oct 12 2004 Matthias Clasen <mclasen at redhat.com> 3.6.1-6
- fix http://bugzilla.remotesensing.org/show_bug.cgi?id=483
* Mon Sep 27 2004 Rik van Riel <riel at redhat.com> 3.6.1-4
- compile using RPM_OPT_FLAGS (bz #133650)
* Tue Jun 15 2004 Elliot Lee <sopwith at redhat.com>
- rebuilt
* Thu May 20 2004 Matthias Clasen <mclasen at redhat.com> 3.6.1-2
- Fix and use the makeflags patch
* Wed May 19 2004 Matthias Clasen <mclasen at redhat.com> 3.6.1-1
- Upgrade to 3.6.1
- Adjust patches
- Don't install tiffgt man page (#104864)
* Tue Mar 02 2004 Elliot Lee <sopwith at redhat.com>
- rebuilt
* Sat Feb 21 2004 Florian La Roche <Florian.LaRoche at redhat.de>
- really add symlink to shared lib by running ldconfig at compile time
* Fri Feb 13 2004 Elliot Lee <sopwith at redhat.com>
- rebuilt
* Thu Oct 09 2003 Florian La Roche <Florian.LaRoche at redhat.de>
- link shared lib against -lm (Jakub Jelinek)
* Thu Sep 25 2003 Jeremy Katz <katzj at redhat.com> 3.5.7-13
- rebuild to fix gzipped file md5sum (#91281)
* Wed Jun 04 2003 Elliot Lee <sopwith at redhat.com>
- rebuilt
* Tue Feb 11 2003 Phil Knirsch <pknirsch at redhat.com> 3.5.7-11
- Fixed rebuild problems.
* Tue Feb 04 2003 Florian La Roche <Florian.LaRoche at redhat.de>
- add symlink to shared lib
* Wed Jan 22 2003 Tim Powers <timp at redhat.com>
- rebuilt
* Thu Dec 12 2002 Tim Powers <timp at redhat.com> 3.5.7-8
- rebuild on all arches
* Mon Aug 19 2002 Phil Knirsch <pknirsch at redhat.com> 3.5.7-7
- Added LFS support (#71593)
* Tue Jun 25 2002 Phil Knirsch <pknirsch at redhat.com> 3.5.7-6
- Fixed wrong exit code of tiffcp app (#67240)
* Fri Jun 21 2002 Tim Powers <timp at redhat.com>
- automated rebuild
* Thu May 23 2002 Tim Powers <timp at redhat.com>
- automated rebuild
* Wed May 15 2002 Phil Knirsch <pknirsch at redhat.com>
- Fixed segfault in fax2tiff tool (#64708).
* Mon Feb 25 2002 Phil Knirsch <pknirsch at redhat.com>
- Fixed problem with newer bash versions setting CDPATH (#59741)
* Tue Feb 19 2002 Phil Knirsch <pknirsch at redhat.com>
- Update to current release 3.5.7
* Wed Jan 09 2002 Tim Powers <timp at redhat.com>
- automated rebuild
* Tue Aug 28 2001 Phil Knirsch <phil at redhat.de>
- Fixed ia64 problem with tiffinfo. Was general 64 bit arch problem where s390x
and ia64 were missing (#52129).
* Tue Jun 26 2001 Philipp Knirsch <pknirsch at redhat.de>
- Hopefully final symlink fix
* Thu Jun 21 2001 Than Ngo <than at redhat.com>
- add missing libtiff symlink
* Fri Mar 16 2001 Crutcher Dunnavant <crutcher at redhat.com>
- killed tiff-to-ps.fpi filter
* Wed Feb 28 2001 Philipp Knirsch <pknirsch at redhat.de>
- Fixed missing devel version dependancy.
* Tue Dec 19 2000 Philipp Knirsch <pknirsch at redhat.de>
- rebuild
* Tue Aug 7 2000 Crutcher Dunnavant <crutcher at redhat.com>
- added a tiff-to-ps.fpi filter for printing
* Thu Jul 13 2000 Prospector <bugzilla at redhat.com>
- automatic rebuild
* Thu Jul 13 2000 Nalin Dahyabhai <nalin at redhat.com>
- apply Peter Skarpetis's fix for the 32-bit conversion
* Mon Jul 3 2000 Nalin Dahyabhai <nalin at redhat.com>
- make man pages non-executable (#12811)
* Mon Jun 12 2000 Nalin Dahyabhai <nalin at redhat.com>
- remove CVS repo info from data directories
* Thu May 18 2000 Nalin Dahyabhai <nalin at redhat.com>
- fix build rooting
- fix syntax error in configure script
- move man pages to {_mandir}
* Wed May 17 2000 Nalin Dahyabhai <nalin at redhat.com>
- rebuild for an errata release
* Wed Mar 29 2000 Nalin Dahyabhai <nalin at redhat.com>
- update to 3.5.5, which integrates our fax2ps fixes and the glibc fix
* Tue Mar 28 2000 Nalin Dahyabhai <nalin at redhat.com>
- fix fax2ps swapping height and width in the bounding box
* Mon Mar 27 2000 Nalin Dahyabhai <nalin at redhat.com>
- move man pages from devel package to the regular one
- integrate Frank Warmerdam's fixed .fax handling code (keep until next release
of libtiff)
- fix fax2ps breakage (bug #8345)
* Sat Feb 05 2000 Nalin Dahyabhai <nalin at redhat.com>
- set MANDIR=man3 to make multifunction man pages friendlier
* Mon Jan 31 2000 Nalin Dahyabhai <nalin at redhat.com>
- fix URLs
* Fri Jan 28 2000 Nalin Dahyabhai <nalin at redhat.com>
- link shared library against libjpeg and libz
* Tue Jan 18 2000 Nalin Dahyabhai <nalin at redhat.com>
- enable zip and jpeg codecs
- change defattr in normal package to 0755
- add defattr to -devel package
* Wed Dec 22 1999 Bill Nottingham <notting at redhat.com>
- update to 3.5.4
* Sun Mar 21 1999 Cristian Gafton <gafton at redhat.com>
- auto rebuild in the new build environment (release 6)
* Wed Jan 13 1999 Cristian Gafton <gafton at redhat.com>
- build for glibc 2.1
* Wed Jun 10 1998 Prospector System <bugs at redhat.com>
- translations modified for de
* Wed Jun 10 1998 Michael Fulbright <msf at redhat.com>
- rebuilt against fixed jpeg libs (libjpeg-6b)
* Thu May 07 1998 Prospector System <bugs at redhat.com>
- translations modified for de, fr, tr
* Mon Oct 13 1997 Donnie Barnes <djb at redhat.com>
- new version to replace the one from libgr
- patched for glibc
- added shlib support
tiffsplit-overflow.patch:
--- NEW FILE tiffsplit-overflow.patch ---
--- tiff-3.8.2/tools/tiffsplit.c.overflow 2006-05-25 22:37:11.000000000 -0400
+++ tiff-3.8.2/tools/tiffsplit.c 2006-05-25 22:42:42.000000000 -0400
@@ -60,14 +60,16 @@
fprintf(stderr, "usage: tiffsplit input.tif [prefix]\n");
return (-3);
}
- if (argc > 2)
- strcpy(fname, argv[2]);
+ if (argc > 2) {
+ strncpy(fname, argv[2], 1024);
+ fname[1024] = '\0';
+ }
in = TIFFOpen(argv[1], "r");
if (in != NULL) {
do {
char path[1024+1];
newfilename();
- strcpy(path, fname);
+ strncpy(path, fname, 1020);
strcat(path, ".tif");
out = TIFFOpen(path, TIFFIsBigEndian(in)?"wb":"wl");
if (out == NULL)
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/mingw32-libtiff/devel/.cvsignore,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- .cvsignore 8 Jun 2009 16:20:43 -0000 1.1
+++ .cvsignore 8 Jun 2009 22:29:00 -0000 1.2
@@ -0,0 +1 @@
+tiff-3.8.2.tar.gz
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/mingw32-libtiff/devel/sources,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- sources 8 Jun 2009 16:20:43 -0000 1.1
+++ sources 8 Jun 2009 22:29:00 -0000 1.2
@@ -0,0 +1 @@
+fbb6f446ea4ed18955e2714934e5b698 tiff-3.8.2.tar.gz
- Previous message (by thread): rpms/kernel/F-11 linux-2.6-input-atkbd-forced-release.patch, NONE, 1.1 kernel.spec, 1.1632, 1.1633
- Next message (by thread): rpms/mingw32-libtiff/F-10 import.log, NONE, 1.1 libtiff-3.8.2-CVE-2006-2193.patch, NONE, 1.1 libtiff-3.8.2-lzw-bugs.patch, NONE, 1.1 libtiff-3.8.2-ormandy.patch, NONE, 1.1 mingw32-libtiff.spec, NONE, 1.1 tiffsplit-overflow.patch, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list