rpms/libtiff/devel libtiff-CVE-2009-2347.patch, NONE, 1.1 libtiff-acversion.patch, NONE, 1.1 libtiff-mantypo.patch, NONE, 1.1 .cvsignore, 1.8, 1.9 libtiff.spec, 1.57, 1.58 sources, 1.8, 1.9 libtiff-3.7.2-persample.patch, 1.1, NONE libtiff-3.8.2-CVE-2006-2193.patch, 1.1, NONE libtiff-3.8.2-CVE-2009-2347.patch, 1.1, NONE libtiff-3.8.2-lzw-bugs.patch, 1.2, NONE libtiff-3.8.2-mantypo.patch, 1.1, NONE libtiff-3.8.2-ormandy.patch, 1.1, NONE libtiff-v3.6.1-64bit.patch, 1.1, NONE tiffsplit-overflow.patch, 1.1, NONE

Tom Lane tgl at fedoraproject.org
Thu Dec 3 18:42:07 UTC 2009 

Author: tgl

Update of /cvs/pkgs/rpms/libtiff/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv31888

Modified Files:
	.cvsignore libtiff.spec sources 
Added Files:
	libtiff-CVE-2009-2347.patch libtiff-acversion.patch 
	libtiff-mantypo.patch 
Removed Files:
	libtiff-3.7.2-persample.patch 
	libtiff-3.8.2-CVE-2006-2193.patch 
	libtiff-3.8.2-CVE-2009-2347.patch libtiff-3.8.2-lzw-bugs.patch 
	libtiff-3.8.2-mantypo.patch libtiff-3.8.2-ormandy.patch 
	libtiff-v3.6.1-64bit.patch tiffsplit-overflow.patch 
Log Message:
Update to libtiff 3.9.2

libtiff-CVE-2009-2347.patch:
 tiff2rgba.c |   35 +++++++++++++++++++++++++++++++----
 1 file changed, 31 insertions(+), 4 deletions(-)

--- NEW FILE libtiff-CVE-2009-2347.patch ---
diff -Naur tiff-3.9.2.orig/tools/tiff2rgba.c tiff-3.9.2/tools/tiff2rgba.c
--- tiff-3.9.2.orig/tools/tiff2rgba.c	2009-08-20 16:23:53.000000000 -0400
+++ tiff-3.9.2/tools/tiff2rgba.c	2009-12-03 12:19:07.000000000 -0500
@@ -125,6 +125,17 @@
     return (0);
 }
 
+static tsize_t
+multiply(tsize_t m1, tsize_t m2)
+{
+    tsize_t prod = m1 * m2;
+
+    if (m1 && prod / m1 != m2)
+        prod = 0;		/* overflow */
+
+    return prod;
+}
+
 static int
 cvt_by_tile( TIFF *in, TIFF *out )
 
@@ -134,6 +145,7 @@
     uint32  tile_width, tile_height;
     uint32  row, col;
     uint32  *wrk_line;
+    tsize_t raster_size;
     int	    ok = 1;
 
     TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &width);
@@ -151,7 +163,14 @@
     /*
      * Allocate tile buffer
      */
-    raster = (uint32*)_TIFFmalloc(tile_width * tile_height * sizeof (uint32));
+    raster_size = multiply(multiply(tile_width, tile_height), sizeof (uint32));
+    if (!raster_size) {
+	TIFFError(TIFFFileName(in),
+		  "Can't allocate buffer for raster of size %lux%lu",
+		  (unsigned long) tile_width, (unsigned long) tile_height);
+	return (0);
+    }
+    raster = (uint32*)_TIFFmalloc(raster_size);
     if (raster == 0) {
         TIFFError(TIFFFileName(in), "No space for raster buffer");
         return (0);
@@ -159,7 +178,7 @@
 
     /*
      * Allocate a scanline buffer for swapping during the vertical
-     * mirroring pass.
+     * mirroring pass.  (Request can't overflow given prior checks.)
      */
     wrk_line = (uint32*)_TIFFmalloc(tile_width * sizeof (uint32));
     if (!wrk_line) {
@@ -236,6 +255,7 @@
     uint32  width, height;		/* image width & height */
     uint32  row;
     uint32  *wrk_line;
+    tsize_t raster_size;
     int	    ok = 1;
 
     TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &width);
@@ -251,7 +271,14 @@
     /*
      * Allocate strip buffer
      */
-    raster = (uint32*)_TIFFmalloc(width * rowsperstrip * sizeof (uint32));
+    raster_size = multiply(multiply(width, rowsperstrip), sizeof (uint32));
+    if (!raster_size) {
+	TIFFError(TIFFFileName(in),
+		  "Can't allocate buffer for raster of size %lux%lu",
+		  (unsigned long) width, (unsigned long) rowsperstrip);
+	return (0);
+    }
+    raster = (uint32*)_TIFFmalloc(raster_size);
     if (raster == 0) {
         TIFFError(TIFFFileName(in), "No space for raster buffer");
         return (0);
@@ -259,7 +286,7 @@
 
     /*
      * Allocate a scanline buffer for swapping during the vertical
-     * mirroring pass.
+     * mirroring pass.  (Request can't overflow given prior checks.)
      */
     wrk_line = (uint32*)_TIFFmalloc(width * sizeof (uint32));
     if (!wrk_line) {

libtiff-acversion.patch:
 configure.ac |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- NEW FILE libtiff-acversion.patch ---
diff -Naur tiff-3.9.2.orig/configure.ac tiff-3.9.2/configure.ac
--- tiff-3.9.2.orig/configure.ac	2009-11-04 12:11:20.000000000 -0500
+++ tiff-3.9.2/configure.ac	2009-12-03 12:52:41.000000000 -0500
@@ -24,7 +24,7 @@
 
 dnl Process this file with autoconf to produce a configure script.
 
-AC_PREREQ(2.64)
+AC_PREREQ(2.63)
 AC_INIT([LibTIFF Software],[3.9.2],[tiff at lists.maptools.org],[tiff])
 AC_CONFIG_AUX_DIR(config)
 AC_CONFIG_MACRO_DIR(m4)

libtiff-mantypo.patch:
 tiffset.1 |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- NEW FILE libtiff-mantypo.patch ---
diff -Naur tiff-3.9.2.orig/man/tiffset.1 tiff-3.9.2/man/tiffset.1
--- tiff-3.9.2.orig/man/tiffset.1	2006-04-20 08:17:19.000000000 -0400
+++ tiff-3.9.2/man/tiffset.1	2009-12-03 12:11:58.000000000 -0500
@@ -60,7 +60,7 @@
 ``Anonymous'':
 .RS
 .nf
-tiffset \-s 305 Anonymous a.tif
+tiffset \-s 315 Anonymous a.tif
 .fi
 .RE
 .PP


Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/libtiff/devel/.cvsignore,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -p -r1.8 -r1.9
--- .cvsignore	26 Apr 2006 18:43:45 -0000	1.8
+++ .cvsignore	3 Dec 2009 18:42:07 -0000	1.9
@@ -1 +1 @@
-tiff-3.8.2.tar.gz
+tiff-3.9.2.tar.gz


Index: libtiff.spec
===================================================================
RCS file: /cvs/pkgs/rpms/libtiff/devel/libtiff.spec,v
retrieving revision 1.57
retrieving revision 1.58
diff -u -p -r1.57 -r1.58
--- libtiff.spec	16 Oct 2009 04:08:23 -0000	1.57
+++ libtiff.spec	3 Dec 2009 18:42:07 -0000	1.58
@@ -1,21 +1,21 @@
 Summary: Library of functions for manipulating TIFF format image files
 Name: libtiff
-Version: 3.8.2
-Release: 16%{?dist}
+Version: 3.9.2
+Release: 1%{?dist}
+
 License: libtiff
 Group: System Environment/Libraries
 URL: http://www.remotesensing.org/libtiff/
 
 Source: ftp://ftp.remotesensing.org/pub/libtiff/tiff-%{version}.tar.gz
-Patch0: tiffsplit-overflow.patch
-Patch1: libtiff-3.8.2-ormandy.patch
-Patch2: libtiff-3.8.2-CVE-2006-2193.patch
-Patch3: libtiff-3.8.2-mantypo.patch
-Patch4: libtiff-3.8.2-lzw-bugs.patch
-Patch5: libtiff-3.8.2-CVE-2009-2347.patch
+Patch1: libtiff-acversion.patch
+Patch2: libtiff-mantypo.patch
+Patch3: libtiff-CVE-2009-2347.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 BuildRequires: zlib-devel libjpeg-devel
+BuildRequires: libtool automake autoconf
+
 %define LIBVER %(echo %{version} | cut -f 1-2 -d .)
 
 %description
@@ -51,15 +51,30 @@ The libtiff-static package contains the 
 Linking to static libraries is discouraged for most applications, but it is
 necessary for some boot packages.
 
+%package tools
+Summary: Command-line utility programs for manipulating TIFF files
+Group: Development/Libraries
+Requires: %{name} = %{version}-%{release}
+
+%description tools
+This package contains command-line programs for manipulating TIFF format
+image files using the libtiff library.
+
 %prep
 %setup -q -n tiff-%{version}
 
-%patch0 -p1 -b .overflow
-%patch1 -p1 -b .ormandy
-%patch2 -p1 -b .CVE-2006-2193
-%patch3 -p1 -b .mantypo
-%patch4 -p1
-%patch5 -p1
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+
+# Use build system's libtool.m4, not the one in the package.
+rm -f libtool.m4
+
+libtoolize --force  --copy
+aclocal -I . -I m4
+automake --add-missing --copy
+autoconf
+autoheader
 
 %build
 export CFLAGS="%{optflags} -fno-strict-aliasing"
@@ -71,7 +86,7 @@ LD_LIBRARY_PATH=$PWD:$LD_LIBRARY_PATH ma
 %install
 rm -rf $RPM_BUILD_ROOT
 
-%makeinstall
+make DESTDIR=$RPM_BUILD_ROOT install
 
 # remove what we didn't want installed
 rm $RPM_BUILD_ROOT%{_libdir}/*.la
@@ -141,10 +156,8 @@ rm -rf $RPM_BUILD_ROOT
 %files
 %defattr(-,root,root,0755)
 %doc COPYRIGHT README RELEASE-DATE VERSION
-%{_bindir}/*
 %{_libdir}/libtiff.so.*
 %{_libdir}/libtiffxx.so.*
-%{_mandir}/man1/*
 
 %files devel
 %defattr(-,root,root,0755)
@@ -158,7 +171,21 @@ rm -rf $RPM_BUILD_ROOT
 %defattr(-,root,root)
 %{_libdir}/*.a
 
+%files tools
+%defattr(-,root,root,0755)
+%{_bindir}/*
+%{_mandir}/man1/*
+
 %changelog
+* Thu Dec  3 2009 Tom Lane <tgl at redhat.com> 3.9.2-1
+- Update to libtiff 3.9.2; stop carrying a lot of old patches
+Resolves: #520734
+- Split command-line tools into libtiff-tools subpackage
+Resolves: #515170
+- Use build system's libtool instead of what package contains;
+  among other cleanup this gets rid of unwanted rpath specs in executables
+Related: #226049
+
 * Thu Oct 15 2009 Tom Lane <tgl at redhat.com> 3.8.2-16
 - add sparc/sparc64 to multilib header support
 


Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/libtiff/devel/sources,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -p -r1.8 -r1.9
--- sources	26 Apr 2006 18:43:45 -0000	1.8
+++ sources	3 Dec 2009 18:42:07 -0000	1.9
@@ -1 +1 @@
-fbb6f446ea4ed18955e2714934e5b698  tiff-3.8.2.tar.gz
+93e56e421679c591de7552db13384cb8  tiff-3.9.2.tar.gz


--- libtiff-3.7.2-persample.patch DELETED ---


--- libtiff-3.8.2-CVE-2006-2193.patch DELETED ---


--- libtiff-3.8.2-CVE-2009-2347.patch DELETED ---


--- libtiff-3.8.2-lzw-bugs.patch DELETED ---


--- libtiff-3.8.2-mantypo.patch DELETED ---


--- libtiff-3.8.2-ormandy.patch DELETED ---


--- libtiff-v3.6.1-64bit.patch DELETED ---


--- tiffsplit-overflow.patch DELETED ---

More information about the fedora-extras-commits mailing list