rpms/libtiff/devel libtiff-CVE-2009-2347.patch, NONE, 1.1 libtiff-acversion.patch, NONE, 1.1 libtiff-mantypo.patch, NONE, 1.1 .cvsignore, 1.8, 1.9 libtiff.spec, 1.57, 1.58 sources, 1.8, 1.9 libtiff-3.7.2-persample.patch, 1.1, NONE libtiff-3.8.2-CVE-2006-2193.patch, 1.1, NONE libtiff-3.8.2-CVE-2009-2347.patch, 1.1, NONE libtiff-3.8.2-lzw-bugs.patch, 1.2, NONE libtiff-3.8.2-mantypo.patch, 1.1, NONE libtiff-3.8.2-ormandy.patch, 1.1, NONE libtiff-v3.6.1-64bit.patch, 1.1, NONE tiffsplit-overflow.patch, 1.1, NONE
Tom Lane
tgl at fedoraproject.org
Thu Dec 3 18:42:07 UTC 2009
Author: tgl
Update of /cvs/pkgs/rpms/libtiff/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv31888
Modified Files:
.cvsignore libtiff.spec sources
Added Files:
libtiff-CVE-2009-2347.patch libtiff-acversion.patch
libtiff-mantypo.patch
Removed Files:
libtiff-3.7.2-persample.patch
libtiff-3.8.2-CVE-2006-2193.patch
libtiff-3.8.2-CVE-2009-2347.patch libtiff-3.8.2-lzw-bugs.patch
libtiff-3.8.2-mantypo.patch libtiff-3.8.2-ormandy.patch
libtiff-v3.6.1-64bit.patch tiffsplit-overflow.patch
Log Message:
Update to libtiff 3.9.2
libtiff-CVE-2009-2347.patch:
tiff2rgba.c | 35 +++++++++++++++++++++++++++++++----
1 file changed, 31 insertions(+), 4 deletions(-)
--- NEW FILE libtiff-CVE-2009-2347.patch ---
diff -Naur tiff-3.9.2.orig/tools/tiff2rgba.c tiff-3.9.2/tools/tiff2rgba.c
--- tiff-3.9.2.orig/tools/tiff2rgba.c 2009-08-20 16:23:53.000000000 -0400
+++ tiff-3.9.2/tools/tiff2rgba.c 2009-12-03 12:19:07.000000000 -0500
@@ -125,6 +125,17 @@
return (0);
}
+static tsize_t
+multiply(tsize_t m1, tsize_t m2)
+{
+ tsize_t prod = m1 * m2;
+
+ if (m1 && prod / m1 != m2)
+ prod = 0; /* overflow */
+
+ return prod;
+}
+
static int
cvt_by_tile( TIFF *in, TIFF *out )
@@ -134,6 +145,7 @@
uint32 tile_width, tile_height;
uint32 row, col;
uint32 *wrk_line;
+ tsize_t raster_size;
int ok = 1;
TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &width);
@@ -151,7 +163,14 @@
/*
* Allocate tile buffer
*/
- raster = (uint32*)_TIFFmalloc(tile_width * tile_height * sizeof (uint32));
+ raster_size = multiply(multiply(tile_width, tile_height), sizeof (uint32));
+ if (!raster_size) {
+ TIFFError(TIFFFileName(in),
+ "Can't allocate buffer for raster of size %lux%lu",
+ (unsigned long) tile_width, (unsigned long) tile_height);
+ return (0);
+ }
+ raster = (uint32*)_TIFFmalloc(raster_size);
if (raster == 0) {
TIFFError(TIFFFileName(in), "No space for raster buffer");
return (0);
@@ -159,7 +178,7 @@
/*
* Allocate a scanline buffer for swapping during the vertical
- * mirroring pass.
+ * mirroring pass. (Request can't overflow given prior checks.)
*/
wrk_line = (uint32*)_TIFFmalloc(tile_width * sizeof (uint32));
if (!wrk_line) {
@@ -236,6 +255,7 @@
uint32 width, height; /* image width & height */
uint32 row;
uint32 *wrk_line;
+ tsize_t raster_size;
int ok = 1;
TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &width);
@@ -251,7 +271,14 @@
/*
* Allocate strip buffer
*/
- raster = (uint32*)_TIFFmalloc(width * rowsperstrip * sizeof (uint32));
+ raster_size = multiply(multiply(width, rowsperstrip), sizeof (uint32));
+ if (!raster_size) {
+ TIFFError(TIFFFileName(in),
+ "Can't allocate buffer for raster of size %lux%lu",
+ (unsigned long) width, (unsigned long) rowsperstrip);
+ return (0);
+ }
+ raster = (uint32*)_TIFFmalloc(raster_size);
if (raster == 0) {
TIFFError(TIFFFileName(in), "No space for raster buffer");
return (0);
@@ -259,7 +286,7 @@
/*
* Allocate a scanline buffer for swapping during the vertical
- * mirroring pass.
+ * mirroring pass. (Request can't overflow given prior checks.)
*/
wrk_line = (uint32*)_TIFFmalloc(width * sizeof (uint32));
if (!wrk_line) {
libtiff-acversion.patch:
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- NEW FILE libtiff-acversion.patch ---
diff -Naur tiff-3.9.2.orig/configure.ac tiff-3.9.2/configure.ac
--- tiff-3.9.2.orig/configure.ac 2009-11-04 12:11:20.000000000 -0500
+++ tiff-3.9.2/configure.ac 2009-12-03 12:52:41.000000000 -0500
@@ -24,7 +24,7 @@
dnl Process this file with autoconf to produce a configure script.
-AC_PREREQ(2.64)
+AC_PREREQ(2.63)
AC_INIT([LibTIFF Software],[3.9.2],[tiff at lists.maptools.org],[tiff])
AC_CONFIG_AUX_DIR(config)
AC_CONFIG_MACRO_DIR(m4)
libtiff-mantypo.patch:
tiffset.1 | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- NEW FILE libtiff-mantypo.patch ---
diff -Naur tiff-3.9.2.orig/man/tiffset.1 tiff-3.9.2/man/tiffset.1
--- tiff-3.9.2.orig/man/tiffset.1 2006-04-20 08:17:19.000000000 -0400
+++ tiff-3.9.2/man/tiffset.1 2009-12-03 12:11:58.000000000 -0500
@@ -60,7 +60,7 @@
``Anonymous'':
.RS
.nf
-tiffset \-s 305 Anonymous a.tif
+tiffset \-s 315 Anonymous a.tif
.fi
.RE
.PP
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/libtiff/devel/.cvsignore,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -p -r1.8 -r1.9
--- .cvsignore 26 Apr 2006 18:43:45 -0000 1.8
+++ .cvsignore 3 Dec 2009 18:42:07 -0000 1.9
@@ -1 +1 @@
-tiff-3.8.2.tar.gz
+tiff-3.9.2.tar.gz
Index: libtiff.spec
===================================================================
RCS file: /cvs/pkgs/rpms/libtiff/devel/libtiff.spec,v
retrieving revision 1.57
retrieving revision 1.58
diff -u -p -r1.57 -r1.58
--- libtiff.spec 16 Oct 2009 04:08:23 -0000 1.57
+++ libtiff.spec 3 Dec 2009 18:42:07 -0000 1.58
@@ -1,21 +1,21 @@
Summary: Library of functions for manipulating TIFF format image files
Name: libtiff
-Version: 3.8.2
-Release: 16%{?dist}
+Version: 3.9.2
+Release: 1%{?dist}
+
License: libtiff
Group: System Environment/Libraries
URL: http://www.remotesensing.org/libtiff/
Source: ftp://ftp.remotesensing.org/pub/libtiff/tiff-%{version}.tar.gz
-Patch0: tiffsplit-overflow.patch
-Patch1: libtiff-3.8.2-ormandy.patch
-Patch2: libtiff-3.8.2-CVE-2006-2193.patch
-Patch3: libtiff-3.8.2-mantypo.patch
-Patch4: libtiff-3.8.2-lzw-bugs.patch
-Patch5: libtiff-3.8.2-CVE-2009-2347.patch
+Patch1: libtiff-acversion.patch
+Patch2: libtiff-mantypo.patch
+Patch3: libtiff-CVE-2009-2347.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: zlib-devel libjpeg-devel
+BuildRequires: libtool automake autoconf
+
%define LIBVER %(echo %{version} | cut -f 1-2 -d .)
%description
@@ -51,15 +51,30 @@ The libtiff-static package contains the
Linking to static libraries is discouraged for most applications, but it is
necessary for some boot packages.
+%package tools
+Summary: Command-line utility programs for manipulating TIFF files
+Group: Development/Libraries
+Requires: %{name} = %{version}-%{release}
+
+%description tools
+This package contains command-line programs for manipulating TIFF format
+image files using the libtiff library.
+
%prep
%setup -q -n tiff-%{version}
-%patch0 -p1 -b .overflow
-%patch1 -p1 -b .ormandy
-%patch2 -p1 -b .CVE-2006-2193
-%patch3 -p1 -b .mantypo
-%patch4 -p1
-%patch5 -p1
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+
+# Use build system's libtool.m4, not the one in the package.
+rm -f libtool.m4
+
+libtoolize --force --copy
+aclocal -I . -I m4
+automake --add-missing --copy
+autoconf
+autoheader
%build
export CFLAGS="%{optflags} -fno-strict-aliasing"
@@ -71,7 +86,7 @@ LD_LIBRARY_PATH=$PWD:$LD_LIBRARY_PATH ma
%install
rm -rf $RPM_BUILD_ROOT
-%makeinstall
+make DESTDIR=$RPM_BUILD_ROOT install
# remove what we didn't want installed
rm $RPM_BUILD_ROOT%{_libdir}/*.la
@@ -141,10 +156,8 @@ rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root,0755)
%doc COPYRIGHT README RELEASE-DATE VERSION
-%{_bindir}/*
%{_libdir}/libtiff.so.*
%{_libdir}/libtiffxx.so.*
-%{_mandir}/man1/*
%files devel
%defattr(-,root,root,0755)
@@ -158,7 +171,21 @@ rm -rf $RPM_BUILD_ROOT
%defattr(-,root,root)
%{_libdir}/*.a
+%files tools
+%defattr(-,root,root,0755)
+%{_bindir}/*
+%{_mandir}/man1/*
+
%changelog
+* Thu Dec 3 2009 Tom Lane <tgl at redhat.com> 3.9.2-1
+- Update to libtiff 3.9.2; stop carrying a lot of old patches
+Resolves: #520734
+- Split command-line tools into libtiff-tools subpackage
+Resolves: #515170
+- Use build system's libtool instead of what package contains;
+ among other cleanup this gets rid of unwanted rpath specs in executables
+Related: #226049
+
* Thu Oct 15 2009 Tom Lane <tgl at redhat.com> 3.8.2-16
- add sparc/sparc64 to multilib header support
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/libtiff/devel/sources,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -p -r1.8 -r1.9
--- sources 26 Apr 2006 18:43:45 -0000 1.8
+++ sources 3 Dec 2009 18:42:07 -0000 1.9
@@ -1 +1 @@
-fbb6f446ea4ed18955e2714934e5b698 tiff-3.8.2.tar.gz
+93e56e421679c591de7552db13384cb8 tiff-3.9.2.tar.gz
--- libtiff-3.7.2-persample.patch DELETED ---
--- libtiff-3.8.2-CVE-2006-2193.patch DELETED ---
--- libtiff-3.8.2-CVE-2009-2347.patch DELETED ---
--- libtiff-3.8.2-lzw-bugs.patch DELETED ---
--- libtiff-3.8.2-mantypo.patch DELETED ---
--- libtiff-3.8.2-ormandy.patch DELETED ---
--- libtiff-v3.6.1-64bit.patch DELETED ---
--- tiffsplit-overflow.patch DELETED ---
More information about the fedora-extras-commits
mailing list