Compare commits
5 Commits
Author | SHA1 | Date |
---|---|---|
Fedora Release Engineering | 630aeaa46b | |
Bill Nottingham | db91d9de34 | |
Richard W.M. Jones | 2d7863ca7a | |
Richard W.M. Jones | c7be93b5e5 | |
Jesse Keating | 70446bd274 |
21
Makefile
21
Makefile
|
@ -1,21 +0,0 @@
|
||||||
# Makefile for source rpm: ocaml-camlimages
|
|
||||||
# $Id$
|
|
||||||
NAME := ocaml-camlimages
|
|
||||||
SPECFILE = $(firstword $(wildcard *.spec))
|
|
||||||
|
|
||||||
define find-makefile-common
|
|
||||||
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
|
|
||||||
endef
|
|
||||||
|
|
||||||
MAKEFILE_COMMON := $(shell $(find-makefile-common))
|
|
||||||
|
|
||||||
ifeq ($(MAKEFILE_COMMON),)
|
|
||||||
# attept a checkout
|
|
||||||
define checkout-makefile-common
|
|
||||||
test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
|
|
||||||
endef
|
|
||||||
|
|
||||||
MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
|
|
||||||
endif
|
|
||||||
|
|
||||||
include $(MAKEFILE_COMMON)
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
--- camlimages-3.0.1.old/src/tiffread.c 2007-01-18 10:29:57.000000000 +0000
|
||||||
|
+++ camlimages-3.0.1/src/tiffread.c 2009-10-16 10:26:53.841258260 +0100
|
||||||
|
@@ -21,6 +21,13 @@
|
||||||
|
#include <caml/memory.h>
|
||||||
|
#include <caml/fail.h>
|
||||||
|
|
||||||
|
+#include <limits.h>
|
||||||
|
+#define oversized(x, y) \
|
||||||
|
+ ((x) < 0 || (y) < 0 || ((y) != 0 && (x) > INT_MAX / (y)))
|
||||||
|
+
|
||||||
|
+#define failwith_oversized(lib) \
|
||||||
|
+ failwith("#lib error: image contains oversized or bogus width and height");
|
||||||
|
+
|
||||||
|
/* These are defined in caml/config.h */
|
||||||
|
#define int16 int16tiff
|
||||||
|
#define uint16 uint16tiff
|
||||||
|
@@ -64,6 +71,10 @@
|
||||||
|
TIFFGetField(tif, TIFFTAG_YRESOLUTION, &yres);
|
||||||
|
TIFFGetField(tif, TIFFTAG_PHOTOMETRIC, &photometric);
|
||||||
|
|
||||||
|
+ if (oversized (imagewidth, imagelength)) {
|
||||||
|
+ failwith_oversized("tiff");
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if( imagesample == 3 && photometric == PHOTOMETRIC_RGB ){
|
||||||
|
if( imagebits != 8 ){
|
||||||
|
failwith("Sorry, tiff rgb file must be 24bit-color");
|
|
@ -4,7 +4,7 @@
|
||||||
|
|
||||||
Name: ocaml-camlimages
|
Name: ocaml-camlimages
|
||||||
Version: 3.0.1
|
Version: 3.0.1
|
||||||
Release: 11%{?dist}
|
Release: 12%{?dist}.1
|
||||||
Summary: OCaml image processing library
|
Summary: OCaml image processing library
|
||||||
|
|
||||||
Group: Development/Libraries
|
Group: Development/Libraries
|
||||||
|
@ -20,6 +20,9 @@ Patch0: camlimages-3.0.1-display-module.patch
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=509531#c4
|
# https://bugzilla.redhat.com/show_bug.cgi?id=509531#c4
|
||||||
Patch1: camlimages-oversized-png-check-CVE-2009-2295.patch
|
Patch1: camlimages-oversized-png-check-CVE-2009-2295.patch
|
||||||
|
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=528732
|
||||||
|
Patch2: camlimages-oversized-tiff-check-CVE-2009-3296.patch
|
||||||
|
|
||||||
BuildRequires: ocaml >= 3.10.1
|
BuildRequires: ocaml >= 3.10.1
|
||||||
BuildRequires: ocaml-lablgtk-devel
|
BuildRequires: ocaml-lablgtk-devel
|
||||||
BuildRequires: ocaml-x11
|
BuildRequires: ocaml-x11
|
||||||
|
@ -67,6 +70,7 @@ Includes documentation provided by ocamldoc
|
||||||
# the examples/liv directory, so rename it:
|
# the examples/liv directory, so rename it:
|
||||||
%patch0 -p1
|
%patch0 -p1
|
||||||
%patch1 -p1
|
%patch1 -p1
|
||||||
|
%patch2 -p1
|
||||||
aclocal -I .
|
aclocal -I .
|
||||||
automake
|
automake
|
||||||
autoconf
|
autoconf
|
||||||
|
@ -112,6 +116,13 @@ rm -rf $RPM_BUILD_ROOT
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Oct 16 2009 Richard W.M. Jones <rjones@redhat.com> - 3.0.1-12.fc12.1
|
||||||
|
- ocaml-camlimages: TIFF reader multiple integer overflows
|
||||||
|
(CVE 2009-3296 / RHBZ#528732).
|
||||||
|
|
||||||
|
* Tue Sep 29 2009 Richard W.M. Jones <rjones@redhat.com> - 3.0.1-12
|
||||||
|
- Force rebuild against newer lablgtk.
|
||||||
|
|
||||||
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.0.1-11
|
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.0.1-11
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue