Mercurial Mercurial > upstream > oracle > spec-files / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
7158160 Problem with gnome/libraries gnome-2-30-s11rr-sru S11SRU8_02
authoran230044
Mon, 14 May 2012 04:48:17 +0000
branchgnome-2-30-s11rr-sru
changeset 22422 cff59c39235f
parent 22417 696a931d7847
child 22455 dc1bd8fb1d7c
7158160 Problem with gnome/libraries
ChangeLog file | annotate | diff | comparison | revisions
patches/tiff-01-CVE-2012-1173.diff file | annotate | diff | comparison | revisions
specs/SUNWTiff.spec file | annotate | diff | comparison | revisions 
--- a/ChangeLog	Tue May 08 11:43:49 2012 +0000
+++ b/ChangeLog	Mon May 14 04:48:17 2012 +0000
@@ -1,3 +1,8 @@
+2012-05-14  Abhijit Nath <[email protected]>
+
+	* Added patches/tiff-01-CVE-2012-1173.diff
+	* Modified specs/SUNWTiff.spec to fix CR#7158160
+
 2012-04-09  Leon Sha  <[email protected]>
 
 	CR#7157311 Bump to 11.2.202.223.
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/tiff-01-CVE-2012-1173.diff	Mon May 14 04:48:17 2012 +0000
@@ -0,0 +1,66 @@
+--- libtiff/tif_getimage.c.orig	2012-04-19 08:49:47.367361776 +0100
++++ libtiff/tif_getimage.c	2012-04-19 09:42:41.967552598 +0100
+@@ -673,18 +673,24 @@
+ 	unsigned char* p2;
+ 	unsigned char* pa;
+ 	tsize_t tilesize;
++	tsize_t bufsize;
+ 	int32 fromskew, toskew;
+ 	int alpha = img->alpha;
+ 	uint32 nrow;
+ 	int ret = 1, flip;
+ 
+ 	tilesize = TIFFTileSize(tif);
+-	buf = (unsigned char*) _TIFFmalloc((alpha?4:3)*tilesize);
++	bufsize = TIFFSafeMultiply(tsize_t,alpha?4:3,tilesize);
++	if (bufsize == 0) {
++		TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer overflow in %s", "gtTileSeparate");
++		return (0);
++	}
++	buf = (unsigned char*) _TIFFmalloc(bufsize);
+ 	if (buf == 0) {
+ 		TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "No space for tile buffer");
+ 		return (0);
+ 	}
+-	_TIFFmemset(buf, 0, (alpha?4:3)*tilesize);
++	_TIFFmemset(buf, 0, bufsize);
+ 	p0 = buf;
+ 	p1 = p0 + tilesize;
+ 	p2 = p1 + tilesize;
+@@ -880,17 +886,23 @@
+ 	uint32 rowsperstrip, offset_row;
+ 	uint32 imagewidth = img->width;
+ 	tsize_t stripsize;
++	tsize_t bufsize;
+ 	int32 fromskew, toskew;
+ 	int alpha = img->alpha;
+ 	int ret = 1, flip;
+ 
+ 	stripsize = TIFFStripSize(tif);
+-	p0 = buf = (unsigned char *)_TIFFmalloc((alpha?4:3)*stripsize);
++	bufsize = TIFFSafeMultiply(tsize_t,alpha?4:3,stripsize);
++	if (bufsize == 0) {
++		TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer overflow in %s", "gtStripSeparate");
++		return (0);
++	}
++	p0 = buf = (unsigned char *)_TIFFmalloc(bufsize);
+ 	if (buf == 0) {
+ 		TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "No space for tile buffer");
+ 		return (0);
+ 	}
+-	_TIFFmemset(buf, 0, (alpha?4:3)*stripsize);
++	_TIFFmemset(buf, 0, bufsize);
+ 	p1 = p0 + stripsize;
+ 	p2 = p1 + stripsize;
+ 	pa = (alpha?(p2+stripsize):NULL);
+--- libtiff/tiffiop.h.orig	2012-04-19 08:50:17.752392827 +0100
++++ libtiff/tiffiop.h	2012-04-19 08:50:51.586979922 +0100
+@@ -246,7 +246,7 @@
+ #define	TIFFroundup(x, y) (TIFFhowmany(x,y)*(y))
+ 
+ /* Safe multiply which returns zero if there is an integer overflow */
+-#define TIFFSafeMultiply(t,v,m) ((((t)m != (t)0) && (((t)((v*m)/m)) == (t)v)) ? (t)(v*m) : (t)0)
++#define TIFFSafeMultiply(t,v,m) ((((t)(m) != (t)0) && (((t)(((v)*(m))/(m))) == (t)(v))) ? (t)((v)*(m)) : (t)0)
+ 
+ #define TIFFmax(A,B) ((A)>(B)?(A):(B))
+ #define TIFFmin(A,B) ((A)<(B)?(A):(B))
--- a/specs/SUNWTiff.spec	Tue May 08 11:43:49 2012 +0000
+++ b/specs/SUNWTiff.spec	Mon May 14 04:48:17 2012 +0000
@@ -3,7 +3,7 @@
 #
 # includes module(s): tiff
 #
-# Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2004, 2012, Oracle and/or its affiliates. All rights reserved.
 # This file and all modifications and additions to the pristine
 # package are under the same license as the package itself.
 #
@@ -28,23 +28,23 @@
 SUNW_BaseDir:            %{_prefix}
 SUNW_Copyright:          %{name}.copyright
 BuildRoot:               %{_tmppath}/%{name}-%{version}-build
+# date:2012-04-19 owner:padraig type:bug bugster:7158160
+Patch1: tiff-01-CVE-2012-1173.diff
 
 %include default-depend.inc
 %include desktop-incorporation.inc
-Requires: SUNWlibms
-Requires: SUNWzlib
-BuildRequires: SUNWjpg
+Requires: system/library/math
+Requires: library/zlib
+BuildRequires: image/library/libjpeg
 
 %package devel
 Summary:                 %{summary} - development files
 SUNW_BaseDir:            %{_prefix}
-%include default-depend.inc
-%include desktop-incorporation.inc
-Requires: SUNWTiff
 
 %prep
 %setup -c -n %name-%version
 cd tiff-%{tarball_version}
+%patch1 -p0
 gzcat %SOURCE1 | tar -xf -
 
 %ifarch amd64 sparcv9
@@ -147,6 +147,8 @@
 %{_mandir}/man3tiff/*
 
 %changelog
+* Thu May 10 2012 - [email protected]
+- Added patch tiff-01-CVE-2012-1173.
 * Thu Mar 17 2011 - [email protected]
 - Added patch tiff-01-CVE-2011-0192.diff & tiff-01-CVE-2011-1167.diff to fix security vulnerability CVE-2011-0192 & CVE-2011-1167. 
 * Thu Jul 29 2010 - [email protected]
upstream/oracle/spec-files