From 36e9326d076949e46b660ca675690b47ec1b9c4d Mon Sep 17 00:00:00 2001 From: Jinkun Jang Date: Sat, 16 Mar 2013 01:10:26 +0900 Subject: [PATCH] merge with master --- debian/changelog | 1020 ++++++++++++++++++++-------- debian/patches/libtiff-CVE-2012-4447.patch | 40 ++ debian/patches/libtiff-CVE-2012-4564.patch | 86 +++ libtiff/tif_pixarlog.c | 18 +- packaging/libtiff.spec | 2 +- tools/ppm2tiff.c | 39 +- 6 files changed, 901 insertions(+), 304 deletions(-) create mode 100644 debian/patches/libtiff-CVE-2012-4447.patch create mode 100644 debian/patches/libtiff-CVE-2012-4564.patch diff --git a/debian/changelog b/debian/changelog index cb310f1..b0dca37 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,322 +1,748 @@ -libjpeg8 (8d-1) unstable; urgency=low +tiff (4.0.2-4) unstable; urgency=low - * The "Lucas" release - * New upstream release. closes: #655982 - * Apply Steve Langasek patch for multiarch support. closes: #636989 + * Fix CVE-2012-4447 & CVE-2012-4564 + * Git: external/libtiff + * Tag: tiff_4.0.2-4 - -- Bill Allombert Sun, 29 Jan 2012 19:51:29 +0100 + -- YoungHun Kim Fri, 25 Jan 2013 17:15:13 +0900 -libjpeg8 (8c-2) unstable; urgency=low +tiff (4.0.2-3) unstable; urgency=low - * The "Angèle" release - * debian/control: - - Bump standard version to 3.9.2. - - Remove article from synopsys - - Provides: libjpeg-dev - * Do not install .la files. closes: #621517 - * debian/rules: - - Add --disable-silent-rules to configure call. + * Uninstall /usr/bin/* + * Git: external/libtiff + * Tag: tiff_4.0.2-3 - -- Bill Allombert Thu, 07 Jul 2011 10:48:52 +0200 + -- YoungHun Kim Fri, 16 Nov 2012 17:46:50 +0900 -libjpeg8 (8c-1) unstable; urgency=low +tiff (4.0.2-2) unstable; urgency=low + + * fixes CVE-2012-3401 + * Git: external/libtiff + * Tag: tiff_4.0.2-2 + + -- YoungHun Kim Wed, 14 Nov 2012 18:32:45 +0900 + +tiff (4.0.2-1) unstable; urgency=low + + * Upgrade libtiff 4.0.2 + * Git: external/libtiff + * Tag: tiff_4.0.2-1 + + -- YoungHun Kim Tue, 06 Nov 2012 15:07:21 +0900 + +tiff (3.9.4-8) unstable; urgency=low + + * Update spec file for License + * Git: external/libtiff + * Tag: tiff_3.9.4-8 + + -- YoungHun Kim Thu, 18 Oct 2012 13:25:25 +0900 + +tiff (3.9.4-7) unstable; urgency=low + + * License file copied to /usr/share/license/ + * Git: external/libtiff + * Tag: tiff_3.9.4-7 + + -- YoungHun Kim Fri, 12 Oct 2012 16:53:28 +0900 + +tiff (3.9.4-6) unstable; urgency=low + + * Add manifest file + * Git: external/libtiff + * Tag: tiff_3.9.4-6 + + -- YoungHun Kim Thu, 20 Sep 2012 21:41:28 +0900 + +tiff (3.9.4-5+3slp2) unstable; urgency=low + + * Add libtiff.spec file + * Git: slp/unmodified/libtiff + * Tag: tiff_3.9.4-5+3slp2 + + -- YoungHun Kim Sat, 24 Mar 2012 02:21:47 +0900 + +tiff (3.9.4-5+2slp2) unstable; urgency=low + + * Remove unnecessary file + * Git: slp/unmodified/libtiff + * Tag: tiff_3.9.4-5+2slp2 + + -- Haejeong Kim Sat, 03 Mar 2012 16:56:10 +0900 + +tiff (3.9.4-5+1slp2) unstable; urgency=low + + * Git init + * Git: slp/unmodified/libtiff + * Tag: tiff_3.9.4-5+1slp2 + + -- YoungHun Kim Fri, 3 Feb 2012 14:02:47 +0900 + +tiff (3.9.4-5+squeeze3) stable-security; urgency=high + + * Redo CVE-2011-0192 to fix regression. (Closes: #630042) + + -- Jay Berkenbilt Fri, 24 Jun 2011 05:28:13 -0400 + +tiff (3.9.4-5+squeeze2) stable-security; urgency=high + + * CVE-2009-5022: Buffer overflow in OJPEG support. (Closes: #624287) + + -- Jay Berkenbilt Sat, 07 May 2011 10:21:28 -0400 + +tiff (3.9.4-5+squeeze1) stable-security; urgency=high + + * CVE-2011-0192: Buffer overflow in Fax4Decode + * CVE-2011-1167: Buffer overflow with thunder encoded files + + -- Jay Berkenbilt Sat, 02 Apr 2011 12:04:21 -0400 + +tiff (3.9.4-5) unstable; urgency=high + + * Incorporated fix to CVE-2010-3087, a potential denial of service + exploitable with a specially crafted TIFF file. (Closes: #600188) + + -- Jay Berkenbilt Sun, 17 Oct 2010 16:44:08 -0400 + +tiff (3.9.4-4) unstable; urgency=high + + * Incorporated fix to CVE-2010-2483, "fix crash on OOB reads in + putcontig8bitYCbCr11tile". (Closes: #595064) + + -- Jay Berkenbilt Sat, 02 Oct 2010 13:17:12 -0400 + +tiff (3.9.4-3) unstable; urgency=low + + * Updated control file to remove obsolete Conflicts/Replaces for ancient + packages. + * Empty dependency_libs in all .la files as part of the .la file. This + also resolves the problem of having hard-coded paths in the .la file. + (Closes: #509016) + * Updated standards version to 3.9.1. + + -- Jay Berkenbilt Sat, 14 Aug 2010 16:28:49 -0400 + +tiff (3.9.4-2) unstable; urgency=high + + * Incorporated patch to fix CVE-2010-2233, which fixes a specific + failure of tif_getimage on 64-bit platforms. + + -- Jay Berkenbilt Fri, 13 Aug 2010 20:16:29 -0400 + +tiff (3.9.4-1) unstable; urgency=low + + * New upstream release + + -- Jay Berkenbilt Fri, 18 Jun 2010 21:28:11 -0400 + +tiff (3.9.2-3) unstable; urgency=low + + * Depend on libjpeg-dev instead of libjpeg62-dev. (Closes: #569242) + * Change source format to '3.0 (quilt)' + * Update standards version to 3.8.4. No changes required. + + -- Jay Berkenbilt Wed, 10 Feb 2010 19:20:20 -0500 + +tiff (3.9.2-2) unstable; urgency=low + + * Include patch from upstream to fix problems with TIFFReadScanline() + and ycbcr-encoded JPEG images. (Closes: #510792) + * Fix some manual page spelling errors found by lintian. + + -- Jay Berkenbilt Sun, 10 Jan 2010 10:56:32 -0500 + +tiff (3.9.2-1) unstable; urgency=low + + * New upstream release + + -- Jay Berkenbilt Fri, 06 Nov 2009 22:52:06 -0500 + +tiff (3.9.1-1) unstable; urgency=low + + * New upstream release + + -- Jay Berkenbilt Fri, 28 Aug 2009 15:44:23 -0400 + +tiff (3.9.0-2) unstable; urgency=low + + * Fix critical bug that could cause corrupt files to be written in some + cases. (Closes: #543079) + + -- Jay Berkenbilt Fri, 28 Aug 2009 13:38:03 -0400 + +tiff (3.9.0-1) unstable; urgency=low + + * New upstream release. All previous security patches have been + integrated. + + -- Jay Berkenbilt Fri, 21 Aug 2009 11:40:49 -0400 + +tiff (3.9.0beta+deb1-1) experimental; urgency=low + + * New upstream release (binary compatible with 3.8.2) -- release based + on 3.9 branch from upstream CVS; see README.Debian for details. + (Closes: #537118) + * Updated standards to 3.8.3; no changes required. + * Stopped using tarball in tarball packaging. (Closes: #538565) + + -- Jay Berkenbilt Wed, 19 Aug 2009 20:33:10 -0400 + +tiff (3.8.2-13) unstable; urgency=high + + * Apply patches to fix CVE-2009-2347, which covers two integer overflow + conditions. + * LZW patch from last update addressed CVE-2009-2285. Renamed the patch + to make this clearer. + + -- Jay Berkenbilt Sun, 12 Jul 2009 18:03:33 -0400 + +tiff (3.8.2-12) unstable; urgency=low + + * Apply patch to fix crash in lzw decoder that can be caused by certain + invalid image files. (Closes: #534137) + * No longer ignore errors in preinst + * Fixed new lintian warnings; updated standards version to 3.8.2. + + -- Jay Berkenbilt Sun, 28 Jun 2009 13:17:44 -0400 + +tiff (3.8.2-11) unstable; urgency=high + + * Apply security patches (CVE-2008-2327) + * Convert patch system to quilt + * Create README.source + * Set standards version to 3.8.0 + + -- Jay Berkenbilt Sun, 17 Aug 2008 13:16:37 -0400 + +tiff (3.8.2-10+lenny1) testing-security; urgency=high + + * Apply patches from Drew Yao of Apple Product Security to fix + CVE-2008-2327, a potential buffer underflow in the LZW decoder + (tif_lzw.c). + + -- Jay Berkenbilt Sun, 17 Aug 2008 11:56:01 -0400 + +tiff (3.8.2-10) unstable; urgency=low + + * Fix segmentation fault on subsequent parts of a file with an invalid + directory tag. (Closes: #475489) + + -- Jay Berkenbilt Mon, 09 Jun 2008 11:02:53 -0400 + +tiff (3.8.2-9) unstable; urgency=low + + * Backported tiff2pdf from 4.0.0 beta 2. This fixes many tiff2pdf bugs, + though unfortunately none of the ones opened in the debian bug + database! + * Added upstream homepage to debian control file. + + -- Jay Berkenbilt Sat, 07 Jun 2008 22:52:27 -0400 + +tiff (3.8.2-8) unstable; urgency=low + + * Accepted tmpfile patch tiff2pdf to fix bug that has been fixed + upstream since upstream release appears stalled. Thanks Jesse Long. + (Closes: #419773) + * Update standards version to 3.7.3; no changes required. + * ${Source-Version} -> ${binary:Version} in control + * Split documentation into separate libtiff-doc package. (Closes: + #472189) + + -- Jay Berkenbilt Sat, 22 Mar 2008 12:30:38 -0400 + +tiff (3.8.2-7+etch1) stable-security; urgency=high + + * Apply patches from Drew Yao of Apple Product Security to fix + CVE-2008-2327, a potential buffer underflow in the LZW decoder + (tif_lzw.c). + + -- Jay Berkenbilt Sun, 17 Aug 2008 11:56:01 -0400 + +tiff (3.8.2-7) unstable; urgency=high + + * Replace empty directories in /usr/share/doc with links during package + upgrade. (Closes: #404631) + + -- Jay Berkenbilt Tue, 2 Jan 2007 15:50:50 -0500 + +tiff (3.8.2-6) unstable; urgency=high + + * Add watch file + * Tavis Ormandy of the Google Security Team discovered several problems + in the TIFF library. The Common Vulnerabilities and Exposures project + identifies the following issues: + - CVE-2006-3459: a stack buffer overflow via TIFFFetchShortPair() in + tif_dirread.c + - CVE-2006-3460: A heap overflow vulnerability was discovered in the + jpeg decoder + - CVE-2006-3461: A heap overflow exists in the PixarLog decoder + - CVE-2006-3462: The NeXT RLE decoder was also vulnerable to a heap + overflow + - CVE-2006-3463: An infinite loop was discovered in + EstimateStripByteCounts() + - CVE-2006-3464: Multiple unchecked arithmetic operations were + uncovered, including a number of the range checking operations + deisgned to ensure the offsets specified in tiff directories are + legitimate. + - A number of codepaths were uncovered where assertions did not hold + true, resulting in the client application calling abort() + - CVE-2006-3465: A flaw was also uncovered in libtiffs custom tag + support + + -- Jay Berkenbilt Mon, 31 Jul 2006 18:14:59 -0400 + +tiff (3.8.2-5) unstable; urgency=low + + * Fix logic error that caused -q flag to be ignored when doing jpeg + compression with tiff2pdf. (Closes: #373102) + + -- Jay Berkenbilt Mon, 19 Jun 2006 18:55:38 -0400 + +tiff (3.8.2-4) unstable; urgency=high + + * SECURITY UPDATE: Arbitrary command execution with crafted TIF files. + Thanks to Martin Pitt. (Closes: #371064) + * Add debian/patches/tiff2pdf-octal-printf.patch: + - tools/tiff2pdf.c: Fix buffer overflow due to wrong printf for octal + signed char (it printed a signed integer, which overflew the buffer and + was wrong anyway). + - CVE-2006-2193 + + -- Jay Berkenbilt Wed, 7 Jun 2006 17:52:12 -0400 + +tiff (3.8.2-3) unstable; urgency=high + + * SECURITY UPDATE: Arbitrary command execution with crafted long file + names. Thanks to Martin Pitt for forwarding this. + Add debian/patches/tiffsplit-fname-overflow.patch: + - tools/tiffsplit.c: Use snprintf instead of strcpy for copying the + user-specified file name into a statically sized buffer. + CVE-2006-2656. (Closes: #369819) + * Update standards version to 3.7.2. No changes required. + * Moved doc-base information to libtiff4 instead of libtiff4-dev. + + -- Jay Berkenbilt Thu, 1 Jun 2006 21:24:21 -0400 + +tiff (3.8.2-2) unstable; urgency=low + + * Fix build dependencies to get OpenGL utility libraries after new Xorg + packaging. (Closes: #365722) + * Updated standards version to 3.7.0; no changes required to package. + + -- Jay Berkenbilt Tue, 2 May 2006 10:10:45 -0400 + +tiff (3.8.2-1) unstable; urgency=low + + * New upstream release + + -- Jay Berkenbilt Tue, 28 Mar 2006 21:42:33 -0500 + +tiff (3.8.0-3) unstable; urgency=low + + * Switched build dependency from xlibmesa-gl-dev to libgl1-mesa-dev + (incorporating Ubunutu patch) + * Incorporated patch from upstream to fix handling of RGBA tiffs in + tiff2pdf. (Closes: #352849) + + -- Jay Berkenbilt Sun, 26 Feb 2006 13:21:17 -0500 + +tiff (3.8.0-2) unstable; urgency=low + + * Applied fixes from upstream to address a memory access violation + [CVE-2006-0405]. (Closes: #350715, #351223) + + -- Jay Berkenbilt Fri, 3 Feb 2006 21:48:39 -0500 + +tiff (3.8.0-1) unstable; urgency=low + + * New upstream release. (Closes: #349921) + * NOTE: The debian version of 3.8.0 includes a patch to correct a binary + incompatibility in the original 3.8.0 release. This libtiff package + is binary compatible with 3.7.4 and will be binary compatible with the + upcoming 3.8.1 release. + + -- Jay Berkenbilt Fri, 27 Jan 2006 21:38:58 -0500 + +tiff (3.7.4-1) unstable; urgency=low - * The "Mira" release * New upstream release - * debian/extra/jpegexiforient.1: - - Fix typo rigth/right and add missing comma. Thanks Calum Mackay. - closes: #608614 - * Add minimal patch GIF-patent-expired to document expiration of GIF patent. - Thanks Mathieu Malaterre. closes: #528585 - * debian/control: - - Bump standard version to 3.9.1. - * debian/shlibs: - - Change dependency to libjpeg8 (>= 8c) + * Fix typos in manual page (Closes: #327921, #327922, #327923, #327924) - -- Bill Allombert Tue, 15 Feb 2011 10:44:26 +0100 + -- Jay Berkenbilt Fri, 7 Oct 2005 10:25:49 -0400 -libjpeg8 (8b-1) unstable; urgency=low +tiff (3.7.3-1) unstable; urgency=low * New upstream release + * g++ 4.0 transition: libtiffxx0 is now libtiffxx0c2. - -- Bill Allombert Wed, 19 May 2010 20:47:31 +0200 + -- Jay Berkenbilt Sat, 9 Jul 2005 12:00:44 -0400 -libjpeg8 (8a-1) unstable; urgency=low +tiff (3.7.2-3) unstable; urgency=high - * New upstream bugfix release. - * debian/control: - - libjpeg8-dev: do not Provides libjpeg-dev since the transition has been - postponed. + * Fix for exploitable segmentation fault on files with bad BitsPerSample + values. (Closes: #309739) + [libtiff/tif_dirread.c, CAN-2005-1544] + Thanks to Martin Pitt for the report. - -- Bill Allombert Sat, 06 Mar 2010 11:37:27 +0100 + -- Jay Berkenbilt Thu, 19 May 2005 05:41:28 -0400 -libjpeg8 (8-2) unstable; urgency=low +tiff (3.7.2-2) unstable; urgency=high - * The "Juliette" release. - * debian/control: - - Bump standard version to 3.8.4. - - libjpeg8-dev now Provides libjpeg-dev. - - libjpeg8-dbg: remove Conflicts with libjpeg7-dbg and libjpeg62-dbg - since they no more share files now. + * Fix zero pagesize bug with tiff2ps -a2 and tiff2ps -a3. Thanks to + Patrice Fournier for the patch. (Closes: #303583) + * Note: uploading with urgency=high since this very small fix impacts + tools only (not the library), and we don't want to block tiff's many + reverse dependencies from transitioning to sarge. - -- Bill Allombert Sat, 06 Feb 2010 12:01:59 +0100 + -- Jay Berkenbilt Sun, 10 Apr 2005 10:12:37 -0400 -libjpeg8 (8-1) unstable; urgency=low +tiff (3.7.2-1) unstable; urgency=low - * The "Éloïse" release. * New upstream release - * Move to new source format 3.0 (quilt). Patches applied: - - use-autotools-dev: Use autotools-dev version of config.sub/.guess. - * debian/rules: - - Add -Wno-main to CFLAGS to avoid spurious warnings. - * debian/control: - - Bump standard version to 3.8.3. - - Add ${misc:Depends} - - -- Bill Allombert Sun, 10 Jan 2010 11:22:38 +0100 - -libjpeg7 (7-1) unstable; urgency=low - - * The "Yoan" release. - * New upstream release. closes: #535350 - - This release includes configure.ac and Makefile.am. closes: #346126 - - All patches merged upstream. - - Remove dpatch support. - * debian/control: - - Remove Build-Dependency on libtool and sharutils. - - Move libjpeg7-dbg to debug section. - - Bump standard version to 3.8.2. - * Skip test-suite if nocheck is set. closes: #451222 - - -- Bill Allombert Sun, 05 Jul 2009 15:29:27 +0200 - -libjpeg6b (6b-14) unstable; urgency=low - - * The "Lino" release. - * exifautotran: - - fix typo in manpage. closes: #376371, thanks Reuben Thomas. - - preserve file mode. closes: #383379, thanks Vincent Arkesteijn. - * debian/control, debian/rules, debian/compat: - + switch to debhelper v5 - + add libjpeg-dbg debugging package. - * debian/rules: remove - before "make clean" rules. - * Add patch 204_jpegtran_man to improve readability of manpage. - closes: #437453. Thanks Jorgen Grahn. - * jpegexiforient.1: Apply patch from Jorgen Grahn to improve formatting. - closes: #437446. - - -- Bill Allombert Thu, 16 Aug 2007 22:59:21 +0200 - -libjpeg6b (6b-13) unstable; urgency=low - - * The "If at first you don't succeed..." release. - * Change --enable-maxmem to 1024, following Guido advice. - This should fix the slowdowns with large files (for large < 1Gb): - closes: #356556, #365025, Thanks Nicolas. - If you hit performance problems, please set the JPEGMEM variable to - about half your available RAM, see jpegtran(1). - * Update libjpeg-progs README.Debian to reflect the new patch set and - the JPEGMEM feature. - * Bump standard version to 3.7.2. - - -- Bill Allombert Fri, 5 May 2006 19:14:25 +0200 - -libjpeg6b (6b-12) unstable; urgency=low - - * The "vote for me" release - * Bump standard version to 3.6.2. - * Run 'make test' instead of home-made test-suite. - * Switch to debhelper v4. - * libjpeg is now configured with --enable-maxmem=32. This limits the memory - usage to 32Mb and it can be overrided by JPEGMEM. Without this flag - JPEGMEM is ignored and there were no limits. - closes: #346023. Thanks C. Scott Ananian. - - -- Bill Allombert Thu, 2 Mar 2006 18:52:44 +0100 - -libjpeg6b (6b-11) unstable; urgency=high - - * The "Silencio" release - * exifautotran: Apply patch by Uwe Zeisberger to fix bad temporary file - handling. closes: #340079 - - -- Bill Allombert Sun, 20 Nov 2005 20:57:07 +0100 - -libjpeg6b (6b-10) unstable; urgency=low - - * The "timeout" release. - * Rebuild with current toolchain. - * Depends on libc-dev instead of libc6-dev. closes: #294696 - Thanks Joel Aelwyn for discussing thoroughly the matter. - * Instead of copying /usr/bin/libtool, we replace it by a script that - call libtool (using standard path search). Remarked by Jesus Climent. - * debian/control: remove pre-hamm cruft. - * Add jpegexiforient and jpegautotran by Guido Vollbeding - as proposed by Philip - Armstrong. closes: #257061. - * Run the test-suite at build time instead of shipping it in the package: - - /usr/share/doc/libjpeg-progs/tests: removed. - - debian/control: Add Build-Depends on sharutils for uuencode. - - debian/libjpeg-progs.dirs: removed. - - debian/libjpeg-progs.test: removed. - - -- Bill Allombert Tue, 1 Mar 2005 19:43:26 +0100 - -libjpeg6b (6b-9) unstable; urgency=low - - * The "I'm all for aggressive goals" release. - * Rebuild with new libtool. closes: #201943. - * patch 100_crop: Updated from Guido Vollbeding - to include patches 203_jpegtran_errmsg,204_perfect. - * patch 200_crop_man: Include 205_perfect_man. - * patches 203_jpegtran_errmsg, 204_perfect, 205_perfect_man: removed - * Add patch 203_rdppm: fix cjpeg issue with 16-bit PPM files. closes: #208937 - * Bump standard version to 3.6.1. - * Update debian/edit-patch. - - -- Bill Allombert Mon, 8 Sep 2003 16:22:08 +0200 - -libjpeg6b (6b-8) unstable; urgency=low - - * The "I *hate* when that happens" release. - * Move libjpeg62-dev to libdevel section. - * See debian/README.sources for detail about the (d)patch system. - * debian/rules: avoid to run configure twice. - * Add patches 204_perfect and 205_perfect_man. They implement the - -perfect jpegtran option as proposed by Mark W. Eichin. closes: #189027 - * Bump standard version to 3.5.10. - * Use /usr/bin/libtool instead of ldconfig-generated libtool, and remove - various libtool related kludges, including patch 301_configure. - closes: #195281. Thanks Robert Millan for the suggestion. - * Remove patch 302_makefile. Fix debian/rules instead. - - -- Bill Allombert Sat, 31 May 2003 16:16:59 +0200 - -libjpeg6b (6b-7) unstable; urgency=low - - * Rebuild with new gcc/new glibc/new debhelper. - * Add -g to build options according to new policy. - * Add support for DEB_BUILD_OPTIONS noopt. nostrip is handled by dh_strip. - * Bump standard version to 3.5.9. - * Extend description a bit (If you have a better one please email me!). - * Use dpatch to handle the patches. - - -- Bill Allombert Sun, 16 Mar 2003 12:19:36 +0100 - -libjpeg6b (6b-6) unstable; urgency=low - - * The "Try to break sarge before it even got a name" release - * jpegtran: better error messages when opening files. - closes: #147516 Thanks Mark W. Eichin. - * Add debian/patch dir with my patches. - * Add extern "C" if we are under C++. - closes: #113167 Thanks, Fredrik Jagenheim. - * Remove HAVE_STD{LIB,DEF}_H from jconfig.h since they are not used and - conflict with autoconf. closes: #109516 Thanks - * Add README.Debian in /usr/share/libjpeg62-dev - - -- Bill Allombert Mon, 3 Jun 2002 19:34:08 +0200 - -libjpeg6b (6b-5) unstable; urgency=low - - * jpeg-->JPEG in libjpeg-progs description. - * Add lib path to dh_shlibdeps to avoid warning. - * Apply patch from by - closes: #129412 Thanks, Colin Marquardt. - - -- Bill Allombert Mon, 20 May 2002 11:55:22 +0200 - -libjpeg6b (6b-4) unstable; urgency=low - - * Avoid bashism in debian/rules. - * Update libtool to 1.3.5. (1.4 will break). - closes: #52095 Thanks, - * Patch config.guess to use version in the autotools-dev package. - * Correct Section: field of libjpeg62 and libjpeg62-dev. - - -- Bill Allombert Tue, 20 Nov 2001 10:23:47 +0100 - -libjpeg6b (6b-3) unstable; urgency=low - - * The "Where is ltconfig ?" release. - * Remove jconfig.h in debian/rules clean and do some clean up. - * Install libjpeg.la per Policy 11.2. - * Remove duplicate wizard.doc file in libjpeg62-dev. - * Use dpkg-architecture instead of config.guess. - * Patch config.sub to use version in the autotools-dev package. - closes: #85558, #120039 - * Patch rdjpgcom.c to use locales for isprint check on comment chars. - closes: #116589 Thanks, Neal H Walfield - * Apply patch from by - closes: #114415 Thanks, - - -- Bill Allombert Tue, 13 Nov 2001 21:41:49 +0000 - -libjpeg6b (6b-2) unstable; urgency=low - - * New Maintainer. Mark, If you want back the package, just ask! - * Acknowledge previous NMU: - Jordi: closes: #74087, #24330, #24291 - Colin: closes: #80752 - Joel: closes: #25324, #27033, #28341 - * Write source location as a valid URL in debian/copyright. - closes: #118628 Thanks, Doug Porter . - * Fix formating of description of libjpeg-progs. - closes: #114378 Thanks, Colin Watson . - * Install jpegint.h header needed by some apps. closes: #100171 - * Remove unused/empty debian/postrm. - closes: #24849 Thanks, Adrian Bridgett . - * Install wizard.doc file. closes: #64807 Thanks . - * Fix libjpeg-progs test.sh. - * Fix lintian bugs: typo in copyright, emacs user info in changelog. - * Fix false lintian bug: unsafe ldconfig in postinst, by reformatting. - * Remove "-g" from CFLAGS per Policy 11.1, hoping m68k is fixed now. - * Remove libtool and Makefile in debian/rules clean. - * Fix the test system. As a side effect, - closes: #109195 Thanks Daniel Schepler - * Standards-Version is now 3.5.6. - - -- Bill Allombert Fri, 9 Nov 2001 22:40:16 +0100 - -libjpeg6b (6b-1.3) frozen unstable; urgency=low - - * Non-Maintainer Upload. - * Added Build-Depends. - * Gil Bahat did the rest of the changes. - * Close bug regarding non-standard jpegs not being processed - (closes: #74087). - * The output gifs are uncompressed, so have no UNISYS patent issues. - (closes: #24330, #24291). - * Standards-Version is now 3.0.0. - - -- Jordi Mallach Sat, 24 Feb 2001 22:17:38 +0100 - -libjpeg6b (6b-1.2) frozen unstable; urgency=low (HIGH for m68k) - - * Non-maintainer release. - * Recompile for m68k since existing djpeg binary claims all jpegs I have - are invalid (yet hamm djpeg has no problem with them). - Specifically, added "-O2 -g -Wall" to CFLAGS -- possible gcc bug? - - -- Chris Lawrence Tue, 10 Nov 1998 20:57:38 -0600 - -libjpeg6b (6b-1.1) frozen unstable; urgency=high - - * Non-maintainer release. - * Use upstream library soname (62). - * Removed libjpeg-gif package, as the source notes - that the GIF reading has been removed, and the GIFs written - do not infringe on the LZW patent. - - -- Joel Klecker Thu, 22 Oct 1998 05:49:48 -0700 - -libjpeg6b (6b-1) unstable; urgency=low - - * New binary packages for 6b + + -- Jay Berkenbilt Sat, 19 Mar 2005 14:51:06 -0500 + +tiff (3.7.1-4) unstable; urgency=low + + * Fix from upstream: include a better workaround for tiff files with + invalid strip byte counts. (Closes: #183268) + + -- Jay Berkenbilt Tue, 22 Feb 2005 19:20:14 -0500 + +tiff (3.7.1-3) unstable; urgency=low + + * Disable C++ new experimental interfaces for now; will reappear in a + future version in the separate libtiffxx0 package. + + -- Jay Berkenbilt Sat, 29 Jan 2005 13:32:37 -0500 + +tiff (3.7.1+pre3.7.2-1) experimental; urgency=low + * New upstream release + * Separate experimental C++ interface into separate libtiffxx library. + + -- Jay Berkenbilt Sat, 29 Jan 2005 13:03:19 -0500 + +tiff (3.7.1-2) unstable; urgency=low + + * Make -dev package depend upon other -dev packages referenced in the + .la file created by libtool. (Closes: #291136) + * tiff2ps: Allow one of -w and -h without the other. (Closes: #244247) + + -- Jay Berkenbilt Wed, 19 Jan 2005 10:45:00 -0500 + +tiff (3.7.1-1) unstable; urgency=low + + * New upstream release + * Correct error in doc-base file (Closes: #285652) + + -- Jay Berkenbilt Wed, 5 Jan 2005 16:54:12 -0500 + +tiff (3.7.0-2) experimental; urgency=low + + * Replace hard-coded libc6-dev dependency with something friendlier to + porters (libc6-dev | libc-dev). (Closes: #179727) + * Fixed upstream: proper netbsdelf*-gnu support in configure. Actually + fixed in 3.7.0-1 but left out of changelog. (Closes: #179728) + * Include opengl support; adds new libtiff-opengl package. (Closes: #219456) + * Fixed upstream: fax2ps now allows access to first page. (Closes: #244251) + + -- Jay Berkenbilt Sat, 11 Dec 2004 09:51:52 -0500 + +tiff (3.7.0-1) experimental; urgency=low + + * New upstream release (Closes: #276996) + * New maintainer (Thanks Joy!) + * Repackage using cdbs and simple-patchsys to fix some errors and + simplify patch management + * Fixed upstream: tiff2pdf ignores -z and -j (Closes: #280682) + * Fixed upstream: Memory leak in TIFFClientOpen (Closes: #256657) + + -- Jay Berkenbilt Fri, 26 Nov 2004 13:50:13 -0500 + +tiff (3.6.1-5) unstable; urgency=high + + * New maintainer (thanks Joy!) + * Applied patch by Dmitry V. Levin to fix a segmentation fault + [tools/tiffdump.c, CAN-2004-1183] + Thanks to Martin Schulze for forwarding the patch. + * Fixed section of -dev package (devel -> libdevel) + + -- Jay Berkenbilt Wed, 5 Jan 2005 16:27:26 -0500 + +tiff (3.6.1-4) unstable; urgency=high + + * Fix heap overflow security bug [CAN-2004-1308]. (Closes: #286815) + + -- Jay Berkenbilt Wed, 22 Dec 2004 10:20:52 -0500 + +tiff (3.6.1-3) unstable; urgency=medium + + * Patches from upstream to fix zero-size tile and integer overflow + problems created by previous security patches, closes: #276783. + * Added Jay Berkenbilt as co-maintainer. Jay thanks Joy for letting him + help and eventually take over maintenance of these packages! + + -- Josip Rodin Mon, 01 Nov 2004 12:28:27 +0100 + +tiff (3.6.1-2) unstable; urgency=low + + * Included security fixes for: + + CAN-2004-0803 + - libtiff/tif_luv.c + - libtiff/tif_next.c + - libtiff/tif_thunder.c + + CAN-2004-0804 (but this one is already applied upstream, it seems) + - libtiff/tif_dirread.c + + CAN-2004-0886 + - libtiff/tif_aux.c + - libtiff/tif_compress.c + - libtiff/tif_dir.c + - libtiff/tif_dirinfo.c + - libtiff/tif_dirread.c + - libtiff/tif_dirwrite.c + - libtiff/tif_extension.c + - libtiff/tif_fax3.c + - libtiff/tiffiop.h + - libtiff/tif_getimage.c + - libtiff/tif_luv.c + - libtiff/tif_pixarlog.c + - libtiff/tif_strip.c + - libtiff/tif_tile.c + - libtiff/tif_write.c + Thanks to Martin Schulze for forwarding the patches. + + -- Josip Rodin Thu, 14 Oct 2004 16:13:11 +0200 + +tiff (3.6.1-1.1) unstable; urgency=medium + + * Non-maintainer upload; thanks to Jay Berkenbilt for + preparing the patches + * Rename shared library and development packages to resolve accidental + upstream ABI change. Closes: #236247 + * Include patch from upstream to fix multistrip g3 fax bug. + Closes: #243405 + * Include LZW support. Closes: #260242, #248490 + * Fix URL in copyright file. Closes: #261357 + * Install missing documentation files. Closes: #261356 + + -- Steve Langasek Sun, 25 Jul 2004 10:28:06 -0400 + +tiff (3.6.1-1) unstable; urgency=low + + * New upstream version, closes: #231977. + * Slightly fixed up the static lib build rules so that the build process + does the normal stuff for the dynamic lib and then does the static with + the same tiffvers.h. + + -- Josip Rodin Mon, 23 Feb 2004 18:23:34 +0100 + +tiff (3.5.7-2) unstable; urgency=high + + * Added back the patch that used -src static/libtiff.a in the install + rule. Wonder how that disappeared... closes: #170914. + * Fake it's a GNU system in order for the configure script to use our + toolchain stuff on the NetBSD port, thanks to Joel Baker, closes: #130636. + + -- Josip Rodin Tue, 10 Dec 2002 17:18:28 +0100 + +tiff (3.5.7-1) unstable; urgency=low + + * New upstream version, closes: #144940. + * A whole new set of patches for the breakage in the build system :) + + -- Josip Rodin Sun, 6 Oct 2002 22:54:08 +0200 + +tiff (3.5.5-6) unstable; urgency=low + + * It appears that the general 64-bit detection code, isn't. + We have to include all of those three conditions, feh. + This really closes: #106706. + + -- Josip Rodin Wed, 8 Aug 2001 23:09:55 +0200 + +tiff (3.5.5-5) unstable; urgency=low + + * Changed two Alpha/Mips-isms into general 64-bit detection code, + patch from John Daily , closes: #106706. + * Patched man/Makefile.in to generate a manual page file for + TIFFClientOpen(3t), as a .so link to TIFFOpen(3t), closes: #99577. + * Used /usr/share/doc in the doc-base file, closes: #74122. + * Changed libtiff3g-dev's section back to devel, since graphics was, + according to elmo, "hysterical raisins". :)) + + -- Josip Rodin Fri, 27 Jul 2001 01:43:04 +0200 + +tiff (3.5.5-4) unstable; urgency=low + + * Updated config.* files, closes: #94696. + * Fixed libtiff3g-dev's section, closes: #85533. + + -- Josip Rodin Wed, 20 Jun 2001 18:29:24 +0200 + +tiff (3.5.5-3) unstable; urgency=low + + * Build shared library on Hurd, too, closes: #72482. + * Upped Standards-Version to 3.5.0. + + -- Josip Rodin Sat, 30 Sep 2000 17:42:13 +0200 + +tiff (3.5.5-2) unstable; urgency=low + + * Make `dynamic shared object' on Linux unconditionally, fixes the problem + with libc.so.6.1 on alpha, thanks Chris C. Chimelis. + + -- Josip Rodin Wed, 13 Sep 2000 21:44:00 +0200 + +tiff (3.5.5-1) unstable; urgency=low + + * New upstream version. + * The upstream build system sucks. There, I said it. Back to work now. :) + * Added a build dependencies on make (>= 3.77) (closes: #67747) and + debhelper. + * Standards-Version: 3.2.1: + + added DEB_BUILD_OPTIONS checks in debian/rules + + -- Josip Rodin Tue, 29 Aug 2000 14:06:02 +0200 + +tiff (3.5.4-5) frozen unstable; urgency=low + + * Fixed 16-bit/32-bit values bug in fax2ps from libtiff-tools, that + also breaks printing from hylafax, using provided oneliner patch + from Bernd Herd (accepted upstream), closes: #49232 and probably #62235. + + -- Josip Rodin Mon, 27 Mar 2000 17:12:10 +0200 + +tiff (3.5.4-4) frozen unstable; urgency=low + + * Weird dpkg-shlibdeps from dpkg 1.6.8-pre has done it again, this time + with libz.so, making the packages depend on zlib1 (instead of zlib1g). + Closes: #56134, #56137, #56140, #56155. + + -- Josip Rodin Tue, 25 Jan 2000 18:05:28 +0100 + +tiff (3.5.4-3) frozen unstable; urgency=low + + * Included libtiff.so file in libtiff3g-dev, dammit :( My eye hurts, + a lot, but this was easy to fix, thank goodness :) (closes: #55814). + This bugfix deserves to get into frozen because the bug cripples + libtiff3g-dev, a lot. + + -- Josip Rodin Fri, 21 Jan 2000 19:02:22 +0100 + +tiff (3.5.4-2) unstable; urgency=low + + * Fixed upstream build system to use ${DESTDIR}, and with that working, + created install: rule in debian/rules and used it. + * Fixed the way rules file gets the version from upstream sources, + and fixed dist/tiff.alpha, it didn't work. + * Removed README file from libtiff3g binary package, useless. + * Fixed configure script not to emit the wrong warning about + zlib/jpeg dirs not specified (they're in /usr/include, stupid :). + + -- Josip Rodin Thu, 30 Dec 1999 01:17:32 +0100 + +tiff (3.5.4-1) unstable; urgency=low + + * New upstream version, closes: #50338. + * Disabled libc5 build, it wouldn't compile. :( + + -- Josip Rodin Fri, 3 Dec 1999 20:49:25 +0100 + +tiff (3.5.2-4) unstable; urgency=low + + * Castrated the rules file, to make it actually work on !(i386 m68k). + Closes: #49316. + + -- Josip Rodin Sat, 6 Nov 1999 13:22:54 +0100 + +tiff (3.5.2-3) unstable; urgency=low + + * Removed sparc from the libtiff3 arches list, as BenC advised. + + -- Josip Rodin Fri, 29 Oct 1999 23:29:23 +0200 + +tiff (3.5.2-2) unstable; urgency=low + + * Changed Architecture: line for libtiff3 from "any" to "i386 m68k sparc" + as it is actually only built on those. Changed description a little bit. + * Minor fixes to the rules file. + + -- Josip Rodin Thu, 28 Oct 1999 14:00:02 +0200 + +tiff (3.5.2-1) unstable; urgency=low + + * New upstream version. + * Renamed source package to just "tiff", like upstream tarball name. + * New maintainer (thanks Guy!). Renewed packaging, with debhelper, + using Joey's nifty multi2 example, with several adjustments. + * Ditched libtiff3-altdev, nobody's using that and nobody should be + using that. Packaging for it still exists, it's just commented out. + * Uses doc-base for -dev docs now. Uncompressed HTML docs, 100kb space + saved is pointless when you can't use any links between documents. + + -- Josip Rodin Tue, 26 Oct 1999 16:20:46 +0200 + +libtiff3 (3.4beta037-8) unstable; urgency=low + + * Argh, same bug in the prerm, closes: #36990, #36850, #36855, + #36866, #36988. + + -- Guy Maor Sat, 1 May 1999 10:12:23 -0700 + +libtiff3 (3.4beta037-7) unstable; urgency=low + + * Don't error when dhelp is not installed, closes: #36879, #36922. + + -- Guy Maor Thu, 29 Apr 1999 19:17:55 -0700 + +libtiff3 (3.4beta037-6) unstable; urgency=low + + * Only build libc5 packages on appropriate archs, closes: #27083, #32007. + * Apply NMU patch, closes: #26413, #26887. + * Add dhelp support, closes: #35154. + * Recompile removes invalid dependency, closes: #30961. + + -- Guy Maor Sat, 24 Apr 1999 15:17:51 -0700 + +libtiff3 (3.4beta037-5.1) frozen unstable; urgency=low + + * NMU to not use install -s to strip static .a libraries. Fixes: #26413 + * Build with recent libjpeg. Fixes: #26887 + * Add Section: and Priority: headers to debian/control. + + -- Ben Gertzfield Mon, 26 Oct 1998 22:44:33 -0800 + +libtiff3 (3.4beta037-5) unstable; urgency=low + + * Explicit link with -lm (and don't need -lc now), fixes: #19167, #22180. + + -- Guy Maor Tue, 11 Aug 1998 22:27:56 -0700 + +libtiff3 (3.4beta037-4) unstable; urgency=low + + * libtiff3-tools conflicts & replaces with libtiff3-gif (13521,15107). + + -- Guy Maor Sun, 11 Jan 1998 13:09:28 -0800 + +libtiff3 (3.4beta037-3) unstable; urgency=low + + * New libjpegg contains shlibs file, so don't need shlibs.local. + * Compile with -D_REENTRANT. + * Add shlibs for libtiff3g (13423). + + -- Guy Maor Sat, 27 Sep 1997 13:17:45 -0500 + +libtiff3 (3.4beta037-2) unstable; urgency=low + + * Add libjpegg6a to shlibs.local to correct for broken dependency. + + -- Guy Maor Fri, 26 Sep 1997 11:23:55 -0500 + +libtiff3 (3.4beta037-1) unstable; urgency=low - -- Mark Mickan Tue, 7 Jul 1998 22:27:10 +0930 + * New upstream version, libc6 compile, policy 2.3.0.0 (5136, 7470, 7627, 8166 + 8312, 9479, 9492, 9531, 11700, 11702). + * Fix check for shared lib support (10805). -Local variables: -mode: debian-changelog -End: + -- Guy Maor Tue, 23 Sep 1997 16:55:56 -0500 diff --git a/debian/patches/libtiff-CVE-2012-4447.patch b/debian/patches/libtiff-CVE-2012-4447.patch new file mode 100644 index 0000000..ebf9a00 --- /dev/null +++ b/debian/patches/libtiff-CVE-2012-4447.patch @@ -0,0 +1,40 @@ +Upstream patch for CVE-2012-4447. + + +diff -Naur tiff-4.0.3.orig/libtiff/tif_pixarlog.c tiff-4.0.3/libtiff/tif_pixarlog.c +--- tiff-4.0.3.orig/libtiff/tif_pixarlog.c 2012-07-04 15:26:31.000000000 -0400 ++++ tiff-4.0.3/libtiff/tif_pixarlog.c 2012-12-12 16:43:18.931315699 -0500 +@@ -644,6 +644,20 @@ + return bytes; + } + ++static tmsize_t ++add_ms(tmsize_t m1, tmsize_t m2) ++{ ++ tmsize_t bytes = m1 + m2; ++ ++ /* if either input is zero, assume overflow already occurred */ ++ if (m1 == 0 || m2 == 0) ++ bytes = 0; ++ else if (bytes <= m1 || bytes <= m2) ++ bytes = 0; ++ ++ return bytes; ++} ++ + static int + PixarLogFixupTags(TIFF* tif) + { +@@ -671,9 +685,11 @@ + td->td_samplesperpixel : 1); + tbuf_size = multiply_ms(multiply_ms(multiply_ms(sp->stride, td->td_imagewidth), + td->td_rowsperstrip), sizeof(uint16)); ++ /* add one more stride in case input ends mid-stride */ ++ tbuf_size = add_ms(tbuf_size, sizeof(uint16) * sp->stride); + if (tbuf_size == 0) + return (0); /* TODO: this is an error return without error report through TIFFErrorExt */ +- sp->tbuf = (uint16 *) _TIFFmalloc(tbuf_size+sizeof(uint16)*sp->stride); ++ sp->tbuf = (uint16 *) _TIFFmalloc(tbuf_size); + if (sp->tbuf == NULL) + return (0); + if (sp->user_datafmt == PIXARLOGDATAFMT_UNKNOWN) diff --git a/debian/patches/libtiff-CVE-2012-4564.patch b/debian/patches/libtiff-CVE-2012-4564.patch new file mode 100644 index 0000000..3d7946c --- /dev/null +++ b/debian/patches/libtiff-CVE-2012-4564.patch @@ -0,0 +1,86 @@ +Upstream patch for CVE-2012-4564. + + +diff -Naur tiff-4.0.3.orig/tools/ppm2tiff.c tiff-4.0.3/tools/ppm2tiff.c +--- tiff-4.0.3.orig/tools/ppm2tiff.c 2010-04-10 15:22:34.000000000 -0400 ++++ tiff-4.0.3/tools/ppm2tiff.c 2012-12-12 16:43:18.932315708 -0500 +@@ -72,6 +72,17 @@ + exit(-2); + } + ++static tmsize_t ++multiply_ms(tmsize_t m1, tmsize_t m2) ++{ ++ tmsize_t bytes = m1 * m2; ++ ++ if (m1 && bytes / m1 != m2) ++ bytes = 0; ++ ++ return bytes; ++} ++ + int + main(int argc, char* argv[]) + { +@@ -79,7 +90,7 @@ + uint32 rowsperstrip = (uint32) -1; + double resolution = -1; + unsigned char *buf = NULL; +- tsize_t linebytes = 0; ++ tmsize_t linebytes = 0; + uint16 spp = 1; + uint16 bpp = 8; + TIFF *out; +@@ -89,6 +100,7 @@ + int c; + extern int optind; + extern char* optarg; ++ tmsize_t scanline_size; + + if (argc < 2) { + fprintf(stderr, "%s: Too few arguments\n", argv[0]); +@@ -221,7 +233,8 @@ + } + switch (bpp) { + case 1: +- linebytes = (spp * w + (8 - 1)) / 8; ++ /* if round-up overflows, result will be zero, OK */ ++ linebytes = (multiply_ms(spp, w) + (8 - 1)) / 8; + if (rowsperstrip == (uint32) -1) { + TIFFSetField(out, TIFFTAG_ROWSPERSTRIP, h); + } else { +@@ -230,15 +243,31 @@ + } + break; + case 8: +- linebytes = spp * w; ++ linebytes = multiply_ms(spp, w); + TIFFSetField(out, TIFFTAG_ROWSPERSTRIP, + TIFFDefaultStripSize(out, rowsperstrip)); + break; + } +- if (TIFFScanlineSize(out) > linebytes) ++ if (linebytes == 0) { ++ fprintf(stderr, "%s: scanline size overflow\n", infile); ++ (void) TIFFClose(out); ++ exit(-2); ++ } ++ scanline_size = TIFFScanlineSize(out); ++ if (scanline_size == 0) { ++ /* overflow - TIFFScanlineSize already printed a message */ ++ (void) TIFFClose(out); ++ exit(-2); ++ } ++ if (scanline_size < linebytes) + buf = (unsigned char *)_TIFFmalloc(linebytes); + else +- buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out)); ++ buf = (unsigned char *)_TIFFmalloc(scanline_size); ++ if (buf == NULL) { ++ fprintf(stderr, "%s: Not enough memory\n", infile); ++ (void) TIFFClose(out); ++ exit(-2); ++ } + if (resolution > 0) { + TIFFSetField(out, TIFFTAG_XRESOLUTION, resolution); + TIFFSetField(out, TIFFTAG_YRESOLUTION, resolution); diff --git a/libtiff/tif_pixarlog.c b/libtiff/tif_pixarlog.c index e583117..2793b22 100644 --- a/libtiff/tif_pixarlog.c +++ b/libtiff/tif_pixarlog.c @@ -644,6 +644,20 @@ multiply_ms(tmsize_t m1, tmsize_t m2) return bytes; } +static tmsize_t +add_ms(tmsize_t m1, tmsize_t m2) +{ + tmsize_t bytes = m1 + m2; + + /* if either input is zero, assume overflow already occurred */ + if (m1 == 0 || m2 == 0) + bytes = 0; + else if (bytes <= m1 || bytes <= m2) + bytes = 0; + + return bytes; +} + static int PixarLogFixupTags(TIFF* tif) { @@ -671,9 +685,11 @@ PixarLogSetupDecode(TIFF* tif) td->td_samplesperpixel : 1); tbuf_size = multiply_ms(multiply_ms(multiply_ms(sp->stride, td->td_imagewidth), td->td_rowsperstrip), sizeof(uint16)); + /* add one more stride in case input ends mid-stride */ + tbuf_size = add_ms(tbuf_size, sizeof(uint16) * sp->stride); if (tbuf_size == 0) return (0); /* TODO: this is an error return without error report through TIFFErrorExt */ - sp->tbuf = (uint16 *) _TIFFmalloc(tbuf_size+sizeof(uint16)*sp->stride); + sp->tbuf = (uint16 *) _TIFFmalloc(tbuf_size); if (sp->tbuf == NULL) return (0); if (sp->user_datafmt == PIXARLOGDATAFMT_UNKNOWN) diff --git a/packaging/libtiff.spec b/packaging/libtiff.spec index 286ff74..c5ff026 100644 --- a/packaging/libtiff.spec +++ b/packaging/libtiff.spec @@ -4,7 +4,7 @@ Group: Productivity/Graphics/Convertors AutoReqProv: on Url: http://www.remotesensing.org/libtiff/ Version: 4.0.2 -Release: 3 +Release: 4 Summary: Tools for Converting from and to the Tiff Format Source: %{name}-%{version}.tar.gz diff --git a/tools/ppm2tiff.c b/tools/ppm2tiff.c index f78d5d4..269751d 100644 --- a/tools/ppm2tiff.c +++ b/tools/ppm2tiff.c @@ -72,6 +72,17 @@ BadPPM(char* file) exit(-2); } +static tmsize_t +multiply_ms(tmsize_t m1, tmsize_t m2) +{ + tmsize_t bytes = m1 * m2; + + if (m1 && bytes / m1 != m2) + bytes = 0; + + return bytes; +} + int main(int argc, char* argv[]) { @@ -79,7 +90,7 @@ main(int argc, char* argv[]) uint32 rowsperstrip = (uint32) -1; double resolution = -1; unsigned char *buf = NULL; - tsize_t linebytes = 0; + tmsize_t linebytes = 0; uint16 spp = 1; uint16 bpp = 8; TIFF *out; @@ -89,6 +100,7 @@ main(int argc, char* argv[]) int c; extern int optind; extern char* optarg; + tmsize_t scanline_size; if (argc < 2) { fprintf(stderr, "%s: Too few arguments\n", argv[0]); @@ -221,7 +233,8 @@ main(int argc, char* argv[]) } switch (bpp) { case 1: - linebytes = (spp * w + (8 - 1)) / 8; + /* if round-up overflows, result will be zero, OK */ + linebytes = (multiply_ms(spp, w) + (8 - 1)) / 8; if (rowsperstrip == (uint32) -1) { TIFFSetField(out, TIFFTAG_ROWSPERSTRIP, h); } else { @@ -230,15 +243,31 @@ main(int argc, char* argv[]) } break; case 8: - linebytes = spp * w; + linebytes = multiply_ms(spp, w); TIFFSetField(out, TIFFTAG_ROWSPERSTRIP, TIFFDefaultStripSize(out, rowsperstrip)); break; } - if (TIFFScanlineSize(out) > linebytes) + if (linebytes == 0) { + fprintf(stderr, "%s: scanline size overflow\n", infile); + (void) TIFFClose(out); + exit(-2); + } + scanline_size = TIFFScanlineSize(out); + if (scanline_size == 0) { + /* overflow - TIFFScanlineSize already printed a message */ + (void) TIFFClose(out); + exit(-2); + } + if (scanline_size < linebytes) buf = (unsigned char *)_TIFFmalloc(linebytes); else - buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out)); + buf = (unsigned char *)_TIFFmalloc(scanline_size); + if (buf == NULL) { + fprintf(stderr, "%s: Not enough memory\n", infile); + (void) TIFFClose(out); + exit(-2); + } if (resolution > 0) { TIFFSetField(out, TIFFTAG_XRESOLUTION, resolution); TIFFSetField(out, TIFFTAG_YRESOLUTION, resolution); -- 2.7.4