automatic version update by autodist [release 4.7.0-1mamba;Thu Sep 19 2024]
This commit is contained in:
parent
c266b98394
commit
0896fcef00
@ -1,18 +0,0 @@
|
|||||||
* SECURITY UPDATE: Arbitrary command execution with crafted TIF files.
|
|
||||||
* Add debian/patches/tiff2pdf-octal-printf.patch:
|
|
||||||
- tools/tiff2pdf.c: Fix buffer overflow due to wrong printf for octal
|
|
||||||
signed char (it printed a signed integer, which overflow the buffer and
|
|
||||||
was wrong anyway).
|
|
||||||
- CVE-2006-2193
|
|
||||||
|
|
||||||
--- tiff-3.8.2/tools/tiff2pdf.c 2006-03-21 17:42:51.000000000 +0100
|
|
||||||
+++ tiff-3.8.2/tools/tiff2pdf.c.fix 2006-06-15 17:00:23.000000000 +0200
|
|
||||||
@@ -3668,7 +3668,7 @@
|
|
||||||
written += TIFFWriteFile(output, (tdata_t) "(", 1);
|
|
||||||
for (i=0;i<len;i++){
|
|
||||||
if((pdfstr[i]&0x80) || (pdfstr[i]==127) || (pdfstr[i]<32)){
|
|
||||||
- sprintf(buffer, "\\%.3o", pdfstr[i]);
|
|
||||||
+ sprintf(buffer, "\\%.3hho", pdfstr[i]);
|
|
||||||
written += TIFFWriteFile(output, (tdata_t) buffer, 4);
|
|
||||||
} else {
|
|
||||||
switch (pdfstr[i]){
|
|
||||||
@ -1,22 +0,0 @@
|
|||||||
--- tiff-3.8.2/tools/tiffsplit.c 2005-12-07 10:48:33.000000000 +0100
|
|
||||||
+++ /tmp/tiffsplit.c 2006-06-07 16:33:25.000000000 +0200
|
|
||||||
@@ -60,14 +60,16 @@
|
|
||||||
fprintf(stderr, "usage: tiffsplit input.tif [prefix]\n");
|
|
||||||
return (-3);
|
|
||||||
}
|
|
||||||
- if (argc > 2)
|
|
||||||
- strcpy(fname, argv[2]);
|
|
||||||
+ if (argc > 2) {
|
|
||||||
+ strncpy(fname, argv[2], 1024);
|
|
||||||
+ fname[1024] = '\0';
|
|
||||||
+ }
|
|
||||||
in = TIFFOpen(argv[1], "r");
|
|
||||||
if (in != NULL) {
|
|
||||||
do {
|
|
||||||
char path[1024+1];
|
|
||||||
newfilename();
|
|
||||||
- strcpy(path, fname);
|
|
||||||
+ strncpy(path, fname, 1020);
|
|
||||||
strcat(path, ".tif");
|
|
||||||
out = TIFFOpen(path, TIFFIsBigEndian(in)?"wb":"wl");
|
|
||||||
if (out == NULL)
|
|
||||||
38
libtiff.spec
38
libtiff.spec
@ -1,19 +1,24 @@
|
|||||||
Name: libtiff
|
Name: libtiff
|
||||||
Version: 4.6.0
|
Version: 4.7.0
|
||||||
Release: 1mamba
|
Release: 1mamba
|
||||||
Summary: A library of functions for manipulating TIFF format image files
|
Summary: A library of functions for manipulating TIFF format image files
|
||||||
Group: System/Libraries
|
Group: System/Libraries
|
||||||
Vendor: openmamba
|
Vendor: openmamba
|
||||||
Distribution: openmamba
|
Distribution: openmamba
|
||||||
Packager: Silvan Calarco <silvan.calarco@mambasoft.it>
|
Packager: Silvan Calarco <silvan.calarco@mambasoft.it>
|
||||||
URL: http://www.libtiff.org/
|
URL: https://libtiff.gitlab.io/libtiff/
|
||||||
Source: http://download.osgeo.org/libtiff/tiff-%{version}.tar.gz
|
Source: http://download.osgeo.org/libtiff/tiff-%{version}.tar.gz
|
||||||
Patch0: %{name}-3.8.2-tiffsplit_overflow.patch
|
|
||||||
Patch1: %{name}-3.8.2-cve_2006_2193.patch
|
|
||||||
License: BSD
|
License: BSD
|
||||||
## AUTOBUILDREQ-BEGIN
|
## AUTOBUILDREQ-BEGIN
|
||||||
BuildRequires: glibc-devel
|
BuildRequires: glibc-devel
|
||||||
|
BuildRequires: libICE-devel
|
||||||
|
BuildRequires: libSM-devel
|
||||||
|
BuildRequires: libXi-devel
|
||||||
|
BuildRequires: libdeflate-devel
|
||||||
|
BuildRequires: libfreeglut-devel
|
||||||
BuildRequires: libgcc
|
BuildRequires: libgcc
|
||||||
|
BuildRequires: libglu-devel
|
||||||
|
BuildRequires: libglvnd-devel
|
||||||
BuildRequires: libjbig-devel
|
BuildRequires: libjbig-devel
|
||||||
BuildRequires: libjpeg-devel
|
BuildRequires: libjpeg-devel
|
||||||
BuildRequires: liblzma-devel
|
BuildRequires: liblzma-devel
|
||||||
@ -63,8 +68,6 @@ Command line tools for tiff files manipulation.
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n tiff-%{version}
|
%setup -q -n tiff-%{version}
|
||||||
#%patch0 -p1 -b .cve_2006_2656
|
|
||||||
#%patch1 -p1 -b .cve_2006_2193
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%configure \
|
%configure \
|
||||||
@ -89,8 +92,6 @@ rm -f %{buildroot}%{_mandir}/man1/tiffgt.*
|
|||||||
%clean
|
%clean
|
||||||
[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
|
[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
|
||||||
|
|
||||||
%post -p /sbin/ldconfig
|
|
||||||
%postun -p /sbin/ldconfig
|
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
@ -112,24 +113,21 @@ rm -f %{buildroot}%{_mandir}/man1/tiffgt.*
|
|||||||
|
|
||||||
%files -n tiff-utils
|
%files -n tiff-utils
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
%{_bindir}/tiffcp
|
%{_bindir}/fax2ps
|
||||||
%{_bindir}/tiffdump
|
%{_bindir}/fax2tiff
|
||||||
%{_bindir}/tiffinfo
|
%{_bindir}/pal2rgb
|
||||||
%{_bindir}/tiffset
|
%{_bindir}/ppm2tiff
|
||||||
%{_bindir}/tiffsplit
|
%{_bindir}/raw2tiff
|
||||||
|
%{_bindir}/tiff*
|
||||||
%if "%{stage1}" != "1"
|
%if "%{stage1}" != "1"
|
||||||
%exclude %{_mandir}/man1/tiffgt.*
|
%exclude %{_mandir}/man1/tiffgt.*
|
||||||
%endif
|
%endif
|
||||||
%{_mandir}/man1/*
|
%{_mandir}/man1/*
|
||||||
|
|
||||||
#%if "%{stage1}" != "1"
|
|
||||||
#%files -n tiffgt
|
|
||||||
#%defattr(-,root,root)
|
|
||||||
#%{_bindir}/tiffgt
|
|
||||||
#%{_mandir}/man1/tiffgt.*
|
|
||||||
#%endif
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Sep 19 2024 Automatic Build System <autodist@openmamba.org> 4.7.0-1mamba
|
||||||
|
- automatic version update by autodist
|
||||||
|
|
||||||
* Fri Sep 15 2023 Automatic Build System <autodist@mambasoft.it> 4.6.0-1mamba
|
* Fri Sep 15 2023 Automatic Build System <autodist@mambasoft.it> 4.6.0-1mamba
|
||||||
- automatic version update by autodist
|
- automatic version update by autodist
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user