rpms/libtiff
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- fix CVE-2006-2193, tiff2pdf buffer overflow (#194362)

Browse Source 
- fix typo in man page for tiffset (#186297)
- use %%{?dist}
This commit is contained in:
Jindrich Novy 2006-09-05 12:04:37 +00:00
parent 068bae99f9
commit 37bad4e251
3 changed files with 32 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
libtiff-3.8.2-CVE-2006-2193.patch Normal file
View File

@ -0,0 +1,11 @@
--- tiff-3.8.2/tools/tiff2pdf.c.CVE-2006-2193 2006-03-21 17:42:51.000000000 +0100
+++ tiff-3.8.2/tools/tiff2pdf.c 2006-09-05 10:47:51.000000000 +0200
@@ -3668,7 +3668,7 @@
written += TIFFWriteFile(output, (tdata_t) "(", 1);
for (i=0;i<len;i++){
if((pdfstr[i]&0x80) || (pdfstr[i]==127) || (pdfstr[i]<32)){
- sprintf(buffer, "\\%.3o", pdfstr[i]);
+ snprintf(buffer, sizeof(buffer), "\\%.3o", (unsigned char) pdfstr[i]);
written += TIFFWriteFile(output, (tdata_t) buffer, 4);
} else {
switch (pdfstr[i]){

11
libtiff-3.8.2-mantypo.patch Normal file
View File

@ -0,0 +1,11 @@
--- tiff-3.8.2/man/tiffset.1.mantypo 2005-12-02 17:01:33.000000000 +0100
+++ tiff-3.8.2/man/tiffset.1 2006-09-05 10:10:02.000000000 +0200
@@ -60,7 +60,7 @@
"Anonymous":
.RS
.nf
-tiffset -s 305 Anonymous a.tif
+tiffset -s 315 Anonymous a.tif
.fi
.RE
.PP

11
libtiff.spec
View File

@ -1,12 +1,14 @@
Summary: Library of functions for manipulating TIFF format image files Summary: Library of functions for manipulating TIFF format image files
Name: libtiff Name: libtiff
Version: 3.8.2 Version: 3.8.2
Release: 5 Release: 6%{?dist}
License: distributable License: distributable
Group: System Environment/Libraries Group: System Environment/Libraries
Source: ftp://ftp.remotesensing.org/pub/libtiff/tiff-%{version}.tar.gz Source: ftp://ftp.remotesensing.org/pub/libtiff/tiff-%{version}.tar.gz
Patch0: tiffsplit-overflow.patch Patch0: tiffsplit-overflow.patch
Patch1: libtiff-3.8.2-ormandy.patch Patch1: libtiff-3.8.2-ormandy.patch
Patch2: libtiff-3.8.2-CVE-2006-2193.patch
Patch3: libtiff-3.8.2-mantypo.patch
URL: http://www.libtiff.org/ URL: http://www.libtiff.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: zlib-devel libjpeg-devel BuildRequires: zlib-devel libjpeg-devel
@ -39,6 +41,8 @@ install the libtiff package.
%setup -q -n tiff-%{version} %setup -q -n tiff-%{version}
%patch0 -p1 -b .overflow %patch0 -p1 -b .overflow
%patch1 -p1 -b .ormandy %patch1 -p1 -b .ormandy
%patch2 -p1 -b .CVE-2006-2193
%patch3 -p1 -b .mantypo
%build %build
%configure %configure
@ -111,6 +115,11 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man3/* %{_mandir}/man3/*
%changelog %changelog
* Tue Sep 5 2006 Jindrich Novy <jnovy@redhat.com> - 3.8.2-6
- fix CVE-2006-2193, tiff2pdf buffer overflow (#194362)
- fix typo in man page for tiffset (#186297)
- use %%{?dist}
* Mon Jul 24 2006 Matthias Clasen <mclasen@redhat.com> * Mon Jul 24 2006 Matthias Clasen <mclasen@redhat.com>
- Fix several vulnerabilities (CVE-2006-3460 CVE-2006-3461 - Fix several vulnerabilities (CVE-2006-3460 CVE-2006-3461
CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465) CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)