October 2009 - Ocaml-devel - Fedora Mailing-Lists

rpms/ocaml-camlimages/EL-4 camlimages-oversized-tiff-check-CVE-2009-3296.patch, NONE, 1.1 camlimages-oversized-png-check-CVE-2009-2295.patch, 1.2, 1.3 ocaml-camlimages.spec, 1.3, 1.4

by Richard W.M. Jones

Author: rjones Update of /cvs/pkgs/rpms/ocaml-camlimages/EL-4 In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv3755 Modified Files: camlimages-oversized-png-check-CVE-2009-2295.patch ocaml-camlimages.spec Added Files: camlimages-oversized-tiff-check-CVE-2009-3296.patch Log Message: * Fri Oct 16 2009 Richard W.M. Jones <rjones(a)redhat.com> - 2.2.0-9 - ocaml-camlimages: TIFF reader multiple integer overflows (CVE 2009-3296 / RHBZ#528732). camlimages-oversized-tiff-check-CVE-2009-3296.patch: tiffread.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) --- NEW FILE camlimages-oversized-tiff-check-CVE-2009-3296.patch --- --- camlimages-2.2.orig/tiff/tiffread.c 2004-09-21 22:56:44.000000000 +0100 +++ camlimages-2.2.tiff/tiff/tiffread.c 2009-10-16 10:47:32.515257997 +0100 @@ -18,6 +18,13 @@ #include <caml/memory.h> #include <caml/fail.h> +#include <limits.h> +#define oversized(x, y) \ + ((x) < 0 || (y) < 0 || ((y) != 0 && (x) > INT_MAX / (y))) + +#define failwith_oversized(lib) \ + failwith("#lib error: image contains oversized or bogus width and height"); + #if HAVE_TIFF /* These are defined in caml/config.h */ @@ -68,6 +75,10 @@ TIFFGetField(tif, TIFFTAG_YRESOLUTION, &yres); TIFFGetField(tif, TIFFTAG_PHOTOMETRIC, &photometric); + if (oversized (imagewidth, imagelength)) { + failwith_oversized("tiff"); + } + if( imagesample == 3 && photometric == PHOTOMETRIC_RGB ){ if( imagebits != 8 ){ failwith("Sorry, tiff rgb file must be 24bit-color"); @@ -156,6 +167,11 @@ TIFFGetField(tif, TIFFTAG_RESOLUTIONUNIT, &runit); TIFFGetField(tif, TIFFTAG_XRESOLUTION, &xres); TIFFGetField(tif, TIFFTAG_YRESOLUTION, &yres); + + if (oversized (imagewidth, imagelength)) { + failwith_oversized("tiff"); + } + if( imagesample != 3 || imagebits != 8 ) { failwith("tiff file is not in the 24 bit RGB format"); } camlimages-oversized-png-check-CVE-2009-2295.patch: pngread.c | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) Index: camlimages-oversized-png-check-CVE-2009-2295.patch =================================================================== RCS file: /cvs/pkgs/rpms/ocaml-camlimages/EL-4/camlimages-oversized-png-check-CVE-2009-2295.patch,v retrieving revision 1.2 retrieving revision 1.3 diff -u -p -r1.2 -r1.3 --- camlimages-oversized-png-check-CVE-2009-2295.patch 3 Jul 2009 18:28:47 -0000 1.2 +++ camlimages-oversized-png-check-CVE-2009-2295.patch 16 Oct 2009 09:51:57 -0000 1.3 @@ -1,28 +1,28 @@ ---- camlimages-3.0.1.orig/src/pngread.c 2007-01-18 10:29:57.000000000 +0000 -+++ camlimages-3.0.1.oversized/src/pngread.c 2009-07-03 15:51:00.000000000 +0100 -@@ -15,6 +15,8 @@ - #include "config.h" - #endif +--- camlimages-2.2.orig/png/pngread.c 2002-03-26 13:15:10.000000000 +0000 ++++ camlimages-2.2.png/png/pngread.c 2009-10-16 10:46:07.759508515 +0100 +@@ -13,6 +13,8 @@ + /***********************************************************************/ + #include <config.h> +#include <limits.h> + + #if HAVE_PNG #include <png.h> - - #include <caml/mlvalues.h> -@@ -26,6 +28,12 @@ + #endif +@@ -33,6 +35,12 @@ #define PNG_TAG_INDEX16 2 #define PNG_TAG_INDEX4 3 +/* Test if x or y are negative, or if multiplying x * y would cause an + * arithmetic overflow. + */ -+#define oversized(x, y) \ ++#define oversized(x, y) \ + ((x) < 0 || (y) < 0 || ((y) != 0 && (x) > INT_MAX / (y))) + value read_png_file_as_rgb24( name ) value name; { -@@ -81,6 +89,9 @@ +@@ -88,6 +96,9 @@ png_get_IHDR(png_ptr, info_ptr, &width, &height, &bit_depth, &color_type, &interlace_type, NULL, NULL); @@ -32,7 +32,7 @@ if ( color_type == PNG_COLOR_TYPE_GRAY || color_type == PNG_COLOR_TYPE_GRAY_ALPHA ) { png_set_gray_to_rgb(png_ptr); -@@ -102,10 +113,16 @@ +@@ -109,10 +120,16 @@ rowbytes = png_get_rowbytes(png_ptr, info_ptr); @@ -49,7 +49,7 @@ row_pointers = (png_bytep*) stat_alloc(sizeof(png_bytep) * height); res = alloc_tuple(3); -@@ -235,6 +252,9 @@ +@@ -242,6 +259,9 @@ png_get_IHDR(png_ptr, info_ptr, &width, &height, &bit_depth, &color_type, &interlace_type, NULL, NULL); @@ -59,7 +59,7 @@ if ( color_type == PNG_COLOR_TYPE_GRAY || color_type == PNG_COLOR_TYPE_GRAY_ALPHA ) { png_set_gray_to_rgb(png_ptr); -@@ -251,6 +271,9 @@ +@@ -258,6 +278,9 @@ rowbytes = png_get_rowbytes(png_ptr, info_ptr); @@ -69,10 +69,12 @@ /* fprintf(stderr, "pngread.c: actual loading\n"); fflush(stderr); */ -@@ -259,6 +282,9 @@ +@@ -265,7 +288,10 @@ + int i; png_bytep *row_pointers; char mesg[256]; - +- ++ + if (oversized (sizeof (png_bytep), height)) + failwith ("png error: image contains oversized or bogus height"); + Index: ocaml-camlimages.spec =================================================================== RCS file: /cvs/pkgs/rpms/ocaml-camlimages/EL-4/ocaml-camlimages.spec,v retrieving revision 1.3 retrieving revision 1.4 diff -u -p -r1.3 -r1.4 --- ocaml-camlimages.spec 3 Jul 2009 13:59:36 -0000 1.3 +++ ocaml-camlimages.spec 16 Oct 2009 09:51:57 -0000 1.4 @@ -13,6 +13,9 @@ Patch0: camlimages-2.2.0-stubdes # https://bugzilla.redhat.com/show_bug.cgi?id=509531#c4 Patch1: camlimages-oversized-png-check-CVE-2009-2295.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=528732 +Patch2: camlimages-oversized-tiff-check-CVE-2009-3296.patch + BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) # Excluding on ppc64 due to missing dependencies (Bug #239518) @@ -48,10 +51,8 @@ Includes documentation provided by ocaml %prep %setup -q -n camlimages-2.2 -a 1 %patch0 -p1 - -pushd png -%patch1 -p2 -popd +%patch1 -p1 +%patch2 -p1 sed -i -e 's|LIBRARYDIRS=ppm bmp xvthumb jpeg tiff gif png xpm ps graphics freetype|LIBRARYDIRS=%buildlibs|' Makefile.build.in @@ -82,6 +83,10 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Fri Oct 16 2009 Richard W.M. Jones <rjones(a)redhat.com> - 2.2.0-9 +- ocaml-camlimages: TIFF reader multiple integer overflows + (CVE 2009-3296 / RHBZ#528732). + * Fri Jul 3 2009 Richard W.M. Jones <rjones(a)redhat.com> - 2.2.0-8 - ocaml-camlimages: PNG reader multiple integer overflows (CVE 2009-2295 / RHBZ#509531).

14 years, 6 months

1
0
0 / 0

rpms/ocaml-camlimages/EL-5 camlimages-oversized-tiff-check-CVE-2009-3296.patch, NONE, 1.1 camlimages-oversized-png-check-CVE-2009-2295.patch, 1.2, 1.3 ocaml-camlimages.spec, 1.4, 1.5

by Richard W.M. Jones

Author: rjones Update of /cvs/pkgs/rpms/ocaml-camlimages/EL-5 In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv22975 Modified Files: camlimages-oversized-png-check-CVE-2009-2295.patch ocaml-camlimages.spec Added Files: camlimages-oversized-tiff-check-CVE-2009-3296.patch Log Message: * Fri Oct 16 2009 Richard W.M. Jones <rjones(a)redhat.com> - 2.2.0-11 - ocaml-camlimages: TIFF reader multiple integer overflows (CVE 2009-3296 / RHBZ#528732). camlimages-oversized-tiff-check-CVE-2009-3296.patch: tiffread.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) --- NEW FILE camlimages-oversized-tiff-check-CVE-2009-3296.patch --- --- camlimages-2.2.orig/tiff/tiffread.c 2004-09-21 22:56:44.000000000 +0100 +++ camlimages-2.2.tiff/tiff/tiffread.c 2009-10-16 10:47:32.515257997 +0100 @@ -18,6 +18,13 @@ #include <caml/memory.h> #include <caml/fail.h> +#include <limits.h> +#define oversized(x, y) \ + ((x) < 0 || (y) < 0 || ((y) != 0 && (x) > INT_MAX / (y))) + +#define failwith_oversized(lib) \ + failwith("#lib error: image contains oversized or bogus width and height"); + #if HAVE_TIFF /* These are defined in caml/config.h */ @@ -68,6 +75,10 @@ TIFFGetField(tif, TIFFTAG_YRESOLUTION, &yres); TIFFGetField(tif, TIFFTAG_PHOTOMETRIC, &photometric); + if (oversized (imagewidth, imagelength)) { + failwith_oversized("tiff"); + } + if( imagesample == 3 && photometric == PHOTOMETRIC_RGB ){ if( imagebits != 8 ){ failwith("Sorry, tiff rgb file must be 24bit-color"); @@ -156,6 +167,11 @@ TIFFGetField(tif, TIFFTAG_RESOLUTIONUNIT, &runit); TIFFGetField(tif, TIFFTAG_XRESOLUTION, &xres); TIFFGetField(tif, TIFFTAG_YRESOLUTION, &yres); + + if (oversized (imagewidth, imagelength)) { + failwith_oversized("tiff"); + } + if( imagesample != 3 || imagebits != 8 ) { failwith("tiff file is not in the 24 bit RGB format"); } camlimages-oversized-png-check-CVE-2009-2295.patch: pngread.c | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) Index: camlimages-oversized-png-check-CVE-2009-2295.patch =================================================================== RCS file: /cvs/pkgs/rpms/ocaml-camlimages/EL-5/camlimages-oversized-png-check-CVE-2009-2295.patch,v retrieving revision 1.2 retrieving revision 1.3 diff -u -p -r1.2 -r1.3 --- camlimages-oversized-png-check-CVE-2009-2295.patch 3 Jul 2009 18:28:47 -0000 1.2 +++ camlimages-oversized-png-check-CVE-2009-2295.patch 16 Oct 2009 09:49:59 -0000 1.3 @@ -1,28 +1,28 @@ ---- camlimages-3.0.1.orig/src/pngread.c 2007-01-18 10:29:57.000000000 +0000 -+++ camlimages-3.0.1.oversized/src/pngread.c 2009-07-03 15:51:00.000000000 +0100 -@@ -15,6 +15,8 @@ - #include "config.h" - #endif +--- camlimages-2.2.orig/png/pngread.c 2002-03-26 13:15:10.000000000 +0000 ++++ camlimages-2.2.png/png/pngread.c 2009-10-16 10:46:07.759508515 +0100 +@@ -13,6 +13,8 @@ + /***********************************************************************/ + #include <config.h> +#include <limits.h> + + #if HAVE_PNG #include <png.h> - - #include <caml/mlvalues.h> -@@ -26,6 +28,12 @@ + #endif +@@ -33,6 +35,12 @@ #define PNG_TAG_INDEX16 2 #define PNG_TAG_INDEX4 3 +/* Test if x or y are negative, or if multiplying x * y would cause an + * arithmetic overflow. + */ -+#define oversized(x, y) \ ++#define oversized(x, y) \ + ((x) < 0 || (y) < 0 || ((y) != 0 && (x) > INT_MAX / (y))) + value read_png_file_as_rgb24( name ) value name; { -@@ -81,6 +89,9 @@ +@@ -88,6 +96,9 @@ png_get_IHDR(png_ptr, info_ptr, &width, &height, &bit_depth, &color_type, &interlace_type, NULL, NULL); @@ -32,7 +32,7 @@ if ( color_type == PNG_COLOR_TYPE_GRAY || color_type == PNG_COLOR_TYPE_GRAY_ALPHA ) { png_set_gray_to_rgb(png_ptr); -@@ -102,10 +113,16 @@ +@@ -109,10 +120,16 @@ rowbytes = png_get_rowbytes(png_ptr, info_ptr); @@ -49,7 +49,7 @@ row_pointers = (png_bytep*) stat_alloc(sizeof(png_bytep) * height); res = alloc_tuple(3); -@@ -235,6 +252,9 @@ +@@ -242,6 +259,9 @@ png_get_IHDR(png_ptr, info_ptr, &width, &height, &bit_depth, &color_type, &interlace_type, NULL, NULL); @@ -59,7 +59,7 @@ if ( color_type == PNG_COLOR_TYPE_GRAY || color_type == PNG_COLOR_TYPE_GRAY_ALPHA ) { png_set_gray_to_rgb(png_ptr); -@@ -251,6 +271,9 @@ +@@ -258,6 +278,9 @@ rowbytes = png_get_rowbytes(png_ptr, info_ptr); @@ -69,10 +69,12 @@ /* fprintf(stderr, "pngread.c: actual loading\n"); fflush(stderr); */ -@@ -259,6 +282,9 @@ +@@ -265,7 +288,10 @@ + int i; png_bytep *row_pointers; char mesg[256]; - +- ++ + if (oversized (sizeof (png_bytep), height)) + failwith ("png error: image contains oversized or bogus height"); + Index: ocaml-camlimages.spec =================================================================== RCS file: /cvs/pkgs/rpms/ocaml-camlimages/EL-5/ocaml-camlimages.spec,v retrieving revision 1.4 retrieving revision 1.5 diff -u -p -r1.4 -r1.5 --- ocaml-camlimages.spec 3 Jul 2009 14:06:49 -0000 1.4 +++ ocaml-camlimages.spec 16 Oct 2009 09:49:59 -0000 1.5 @@ -1,6 +1,6 @@ Name: ocaml-camlimages Version: 2.2.0 -Release: 10%{?dist} +Release: 11%{?dist} Summary: OCaml image processing library Group: Development/Libraries @@ -13,6 +13,9 @@ Patch0: camlimages-2.2.0-stubdes # https://bugzilla.redhat.com/show_bug.cgi?id=509531#c4 Patch1: camlimages-oversized-png-check-CVE-2009-2295.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=528732 +Patch2: camlimages-oversized-tiff-check-CVE-2009-3296.patch + BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: ocaml-lablgtk libpng-devel libjpeg-devel ocaml @@ -45,10 +48,8 @@ Includes documentation provided by ocaml %prep %setup -q -n camlimages-2.2 -a 1 %patch0 -p1 - -pushd png -%patch1 -p2 -popd +%patch1 -p1 +%patch2 -p1 sed -i -e 's|LIBRARYDIRS=ppm bmp xvthumb jpeg tiff gif png xpm ps graphics freetype|LIBRARYDIRS=%buildlibs|' Makefile.build.in @@ -79,6 +80,10 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Fri Oct 16 2009 Richard W.M. Jones <rjones(a)redhat.com> - 2.2.0-11 +- ocaml-camlimages: TIFF reader multiple integer overflows + (CVE 2009-3296 / RHBZ#528732). + * Fri Jul 3 2009 Richard W.M. Jones <rjones(a)redhat.com> - 2.2.0-10 - ocaml-camlimages: PNG reader multiple integer overflows (CVE 2009-2295 / RHBZ#509531).

14 years, 6 months

1
0
0 / 0

rpms/ocaml-camlimages/F-10 camlimages-oversized-tiff-check-CVE-2009-3296.patch, NONE, 1.1 ocaml-camlimages.spec, 1.12, 1.13

by Richard W.M. Jones

Author: rjones Update of /cvs/pkgs/rpms/ocaml-camlimages/F-10 In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv28679 Modified Files: ocaml-camlimages.spec Added Files: camlimages-oversized-tiff-check-CVE-2009-3296.patch Log Message: * Fri Oct 16 2009 Richard W.M. Jones <rjones(a)redhat.com> - 3.0.1-3.fc10.3 - ocaml-camlimages: TIFF reader multiple integer overflows (CVE 2009-3296 / RHBZ#528732). camlimages-oversized-tiff-check-CVE-2009-3296.patch: tiffread.c | 11 +++++++++++ 1 file changed, 11 insertions(+) --- NEW FILE camlimages-oversized-tiff-check-CVE-2009-3296.patch --- --- camlimages-3.0.1.old/src/tiffread.c 2007-01-18 10:29:57.000000000 +0000 +++ camlimages-3.0.1/src/tiffread.c 2009-10-16 10:26:53.841258260 +0100 @@ -21,6 +21,13 @@ #include <caml/memory.h> #include <caml/fail.h> +#include <limits.h> +#define oversized(x, y) \ + ((x) < 0 || (y) < 0 || ((y) != 0 && (x) > INT_MAX / (y))) + +#define failwith_oversized(lib) \ + failwith("#lib error: image contains oversized or bogus width and height"); + /* These are defined in caml/config.h */ #define int16 int16tiff #define uint16 uint16tiff @@ -64,6 +71,10 @@ TIFFGetField(tif, TIFFTAG_YRESOLUTION, &yres); TIFFGetField(tif, TIFFTAG_PHOTOMETRIC, &photometric); + if (oversized (imagewidth, imagelength)) { + failwith_oversized("tiff"); + } + if( imagesample == 3 && photometric == PHOTOMETRIC_RGB ){ if( imagebits != 8 ){ failwith("Sorry, tiff rgb file must be 24bit-color"); Index: ocaml-camlimages.spec =================================================================== RCS file: /cvs/pkgs/rpms/ocaml-camlimages/F-10/ocaml-camlimages.spec,v retrieving revision 1.12 retrieving revision 1.13 diff -u -p -r1.12 -r1.13 --- ocaml-camlimages.spec 3 Jul 2009 18:30:05 -0000 1.12 +++ ocaml-camlimages.spec 16 Oct 2009 09:39:25 -0000 1.13 @@ -4,7 +4,7 @@ Name: ocaml-camlimages Version: 3.0.1 -Release: 3%{?dist}.2 +Release: 3%{?dist}.3 Summary: OCaml image processing library Group: Development/Libraries @@ -19,6 +19,9 @@ Patch0: camlimages-3.0.1-display # https://bugzilla.redhat.com/show_bug.cgi?id=509531#c4 Patch1: camlimages-oversized-png-check-CVE-2009-2295.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=528732 +Patch2: camlimages-oversized-tiff-check-CVE-2009-3296.patch + BuildRequires: ocaml >= 3.10.1 BuildRequires: ocaml-lablgtk-devel BuildRequires: ocaml-x11 @@ -66,6 +69,7 @@ Includes documentation provided by ocaml # the examples/liv directory, so rename it: %patch0 -p1 %patch1 -p1 +%patch2 -p1 aclocal -I . automake autoconf @@ -111,6 +115,10 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Fri Oct 16 2009 Richard W.M. Jones <rjones(a)redhat.com> - 3.0.1-3.fc10.3 +- ocaml-camlimages: TIFF reader multiple integer overflows + (CVE 2009-3296 / RHBZ#528732). + * Fri Jul 3 2009 Richard W.M. Jones <rjones(a)redhat.com> - 3.0.1-3.fc10.2 - ocaml-camlimages: PNG reader multiple integer overflows (CVE 2009-2295 / RHBZ#509531).

14 years, 6 months

1
0
0 / 0

rpms/ocaml-camlimages/F-11 camlimages-oversized-tiff-check-CVE-2009-3296.patch, NONE, 1.1 ocaml-camlimages.spec, 1.16, 1.17

by Richard W.M. Jones

Author: rjones Update of /cvs/pkgs/rpms/ocaml-camlimages/F-11 In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv12043 Modified Files: ocaml-camlimages.spec Added Files: camlimages-oversized-tiff-check-CVE-2009-3296.patch Log Message: * Fri Oct 16 2009 Richard W.M. Jones <rjones(a)redhat.com> - 3.0.1-7.fc11.3 - ocaml-camlimages: TIFF reader multiple integer overflows (CVE 2009-3296 / RHBZ#528732). camlimages-oversized-tiff-check-CVE-2009-3296.patch: tiffread.c | 11 +++++++++++ 1 file changed, 11 insertions(+) --- NEW FILE camlimages-oversized-tiff-check-CVE-2009-3296.patch --- --- camlimages-3.0.1.old/src/tiffread.c 2007-01-18 10:29:57.000000000 +0000 +++ camlimages-3.0.1/src/tiffread.c 2009-10-16 10:26:53.841258260 +0100 @@ -21,6 +21,13 @@ #include <caml/memory.h> #include <caml/fail.h> +#include <limits.h> +#define oversized(x, y) \ + ((x) < 0 || (y) < 0 || ((y) != 0 && (x) > INT_MAX / (y))) + +#define failwith_oversized(lib) \ + failwith("#lib error: image contains oversized or bogus width and height"); + /* These are defined in caml/config.h */ #define int16 int16tiff #define uint16 uint16tiff @@ -64,6 +71,10 @@ TIFFGetField(tif, TIFFTAG_YRESOLUTION, &yres); TIFFGetField(tif, TIFFTAG_PHOTOMETRIC, &photometric); + if (oversized (imagewidth, imagelength)) { + failwith_oversized("tiff"); + } + if( imagesample == 3 && photometric == PHOTOMETRIC_RGB ){ if( imagebits != 8 ){ failwith("Sorry, tiff rgb file must be 24bit-color"); Index: ocaml-camlimages.spec =================================================================== RCS file: /cvs/pkgs/rpms/ocaml-camlimages/F-11/ocaml-camlimages.spec,v retrieving revision 1.16 retrieving revision 1.17 diff -u -p -r1.16 -r1.17 --- ocaml-camlimages.spec 3 Jul 2009 18:30:05 -0000 1.16 +++ ocaml-camlimages.spec 16 Oct 2009 09:36:24 -0000 1.17 @@ -4,7 +4,7 @@ Name: ocaml-camlimages Version: 3.0.1 -Release: 7%{?dist}.2 +Release: 7%{?dist}.3 Summary: OCaml image processing library Group: Development/Libraries @@ -19,6 +19,9 @@ Patch0: camlimages-3.0.1-display # https://bugzilla.redhat.com/show_bug.cgi?id=509531#c4 Patch1: camlimages-oversized-png-check-CVE-2009-2295.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=528732 +Patch2: camlimages-oversized-tiff-check-CVE-2009-3296.patch + BuildRequires: ocaml >= 3.10.1 BuildRequires: ocaml-lablgtk-devel BuildRequires: ocaml-x11 @@ -66,6 +69,7 @@ Includes documentation provided by ocaml # the examples/liv directory, so rename it: %patch0 -p1 %patch1 -p1 +%patch2 -p1 aclocal -I . automake autoconf @@ -111,6 +115,10 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Fri Oct 16 2009 Richard W.M. Jones <rjones(a)redhat.com> - 3.0.1-7.fc11.3 +- ocaml-camlimages: TIFF reader multiple integer overflows + (CVE 2009-3296 / RHBZ#528732). + * Fri Jul 3 2009 Richard W.M. Jones <rjones(a)redhat.com> - 3.0.1-7.fc11.2 - ocaml-camlimages: PNG reader multiple integer overflows (CVE 2009-2295 / RHBZ#509531).

14 years, 6 months

1
0
0 / 0

rpms/ocaml-camlimages/F-12 camlimages-oversized-tiff-check-CVE-2009-3296.patch, NONE, 1.1 ocaml-camlimages.spec, 1.20, 1.21

by Richard W.M. Jones

Author: rjones Update of /cvs/pkgs/rpms/ocaml-camlimages/F-12 In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv5530 Modified Files: ocaml-camlimages.spec Added Files: camlimages-oversized-tiff-check-CVE-2009-3296.patch Log Message: * Fri Oct 16 2009 Richard W.M. Jones <rjones(a)redhat.com> - 3.0.1-12.fc12.1 - ocaml-camlimages: TIFF reader multiple integer overflows (CVE 2009-3296 / RHBZ#528732). camlimages-oversized-tiff-check-CVE-2009-3296.patch: tiffread.c | 11 +++++++++++ 1 file changed, 11 insertions(+) --- NEW FILE camlimages-oversized-tiff-check-CVE-2009-3296.patch --- --- camlimages-3.0.1.old/src/tiffread.c 2007-01-18 10:29:57.000000000 +0000 +++ camlimages-3.0.1/src/tiffread.c 2009-10-16 10:26:53.841258260 +0100 @@ -21,6 +21,13 @@ #include <caml/memory.h> #include <caml/fail.h> +#include <limits.h> +#define oversized(x, y) \ + ((x) < 0 || (y) < 0 || ((y) != 0 && (x) > INT_MAX / (y))) + +#define failwith_oversized(lib) \ + failwith("#lib error: image contains oversized or bogus width and height"); + /* These are defined in caml/config.h */ #define int16 int16tiff #define uint16 uint16tiff @@ -64,6 +71,10 @@ TIFFGetField(tif, TIFFTAG_YRESOLUTION, &yres); TIFFGetField(tif, TIFFTAG_PHOTOMETRIC, &photometric); + if (oversized (imagewidth, imagelength)) { + failwith_oversized("tiff"); + } + if( imagesample == 3 && photometric == PHOTOMETRIC_RGB ){ if( imagebits != 8 ){ failwith("Sorry, tiff rgb file must be 24bit-color"); Index: ocaml-camlimages.spec =================================================================== RCS file: /cvs/pkgs/rpms/ocaml-camlimages/F-12/ocaml-camlimages.spec,v retrieving revision 1.20 retrieving revision 1.21 diff -u -p -r1.20 -r1.21 --- ocaml-camlimages.spec 29 Sep 2009 15:12:40 -0000 1.20 +++ ocaml-camlimages.spec 16 Oct 2009 09:33:42 -0000 1.21 @@ -4,7 +4,7 @@ Name: ocaml-camlimages Version: 3.0.1 -Release: 12%{?dist} +Release: 12%{?dist}.1 Summary: OCaml image processing library Group: Development/Libraries @@ -20,6 +20,9 @@ Patch0: camlimages-3.0.1-display # https://bugzilla.redhat.com/show_bug.cgi?id=509531#c4 Patch1: camlimages-oversized-png-check-CVE-2009-2295.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=528732 +Patch2: camlimages-oversized-tiff-check-CVE-2009-3296.patch + BuildRequires: ocaml >= 3.10.1 BuildRequires: ocaml-lablgtk-devel BuildRequires: ocaml-x11 @@ -67,6 +70,7 @@ Includes documentation provided by ocaml # the examples/liv directory, so rename it: %patch0 -p1 %patch1 -p1 +%patch2 -p1 aclocal -I . automake autoconf @@ -112,6 +116,10 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Fri Oct 16 2009 Richard W.M. Jones <rjones(a)redhat.com> - 3.0.1-12.fc12.1 +- ocaml-camlimages: TIFF reader multiple integer overflows + (CVE 2009-3296 / RHBZ#528732). + * Tue Sep 29 2009 Richard W.M. Jones <rjones(a)redhat.com> - 3.0.1-12 - Force rebuild against newer lablgtk.

14 years, 6 months

1
0
0 / 0

rpms/ocaml-camlimages/devel ocaml-camlimages.spec,1.21,1.22

by Richard W.M. Jones

Author: rjones Update of /cvs/pkgs/rpms/ocaml-camlimages/devel In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv4858 Modified Files: ocaml-camlimages.spec Log Message: Force rebuild. Index: ocaml-camlimages.spec =================================================================== RCS file: /cvs/pkgs/rpms/ocaml-camlimages/devel/ocaml-camlimages.spec,v retrieving revision 1.21 retrieving revision 1.22 diff -u -p -r1.21 -r1.22 --- ocaml-camlimages.spec 16 Oct 2009 09:30:27 -0000 1.21 +++ ocaml-camlimages.spec 16 Oct 2009 09:31:31 -0000 1.22 @@ -4,7 +4,7 @@ Name: ocaml-camlimages Version: 3.0.1 -Release: 13%{?dist} +Release: 14%{?dist} Summary: OCaml image processing library Group: Development/Libraries @@ -116,7 +116,7 @@ rm -rf $RPM_BUILD_ROOT %changelog -* Fri Oct 16 2009 Richard W.M. Jones <rjones(a)redhat.com> - 3.0.1-13 +* Fri Oct 16 2009 Richard W.M. Jones <rjones(a)redhat.com> - 3.0.1-14 - ocaml-camlimages: TIFF reader multiple integer overflows (CVE 2009-3296 / RHBZ#528732).

14 years, 6 months

1
0
0 / 0

rpms/ocaml-camlimages/devel camlimages-oversized-tiff-check-CVE-2009-3296.patch, NONE, 1.1 ocaml-camlimages.spec, 1.20, 1.21

by Richard W.M. Jones

Author: rjones Update of /cvs/pkgs/rpms/ocaml-camlimages/devel In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv4505 Modified Files: ocaml-camlimages.spec Added Files: camlimages-oversized-tiff-check-CVE-2009-3296.patch Log Message: - ocaml-camlimages: TIFF reader multiple integer overflows (CVE 2009-3296 / RHBZ#528732). camlimages-oversized-tiff-check-CVE-2009-3296.patch: tiffread.c | 11 +++++++++++ 1 file changed, 11 insertions(+) --- NEW FILE camlimages-oversized-tiff-check-CVE-2009-3296.patch --- --- camlimages-3.0.1.old/src/tiffread.c 2007-01-18 10:29:57.000000000 +0000 +++ camlimages-3.0.1/src/tiffread.c 2009-10-16 10:26:53.841258260 +0100 @@ -21,6 +21,13 @@ #include <caml/memory.h> #include <caml/fail.h> +#include <limits.h> +#define oversized(x, y) \ + ((x) < 0 || (y) < 0 || ((y) != 0 && (x) > INT_MAX / (y))) + +#define failwith_oversized(lib) \ + failwith("#lib error: image contains oversized or bogus width and height"); + /* These are defined in caml/config.h */ #define int16 int16tiff #define uint16 uint16tiff @@ -64,6 +71,10 @@ TIFFGetField(tif, TIFFTAG_YRESOLUTION, &yres); TIFFGetField(tif, TIFFTAG_PHOTOMETRIC, &photometric); + if (oversized (imagewidth, imagelength)) { + failwith_oversized("tiff"); + } + if( imagesample == 3 && photometric == PHOTOMETRIC_RGB ){ if( imagebits != 8 ){ failwith("Sorry, tiff rgb file must be 24bit-color"); Index: ocaml-camlimages.spec =================================================================== RCS file: /cvs/pkgs/rpms/ocaml-camlimages/devel/ocaml-camlimages.spec,v retrieving revision 1.20 retrieving revision 1.21 diff -u -p -r1.20 -r1.21 --- ocaml-camlimages.spec 29 Sep 2009 15:13:31 -0000 1.20 +++ ocaml-camlimages.spec 16 Oct 2009 09:30:27 -0000 1.21 @@ -4,7 +4,7 @@ Name: ocaml-camlimages Version: 3.0.1 -Release: 12%{?dist} +Release: 13%{?dist} Summary: OCaml image processing library Group: Development/Libraries @@ -20,6 +20,9 @@ Patch0: camlimages-3.0.1-display # https://bugzilla.redhat.com/show_bug.cgi?id=509531#c4 Patch1: camlimages-oversized-png-check-CVE-2009-2295.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=528732 +Patch2: camlimages-oversized-tiff-check-CVE-2009-3296.patch + BuildRequires: ocaml >= 3.10.1 BuildRequires: ocaml-lablgtk-devel BuildRequires: ocaml-x11 @@ -67,6 +70,7 @@ Includes documentation provided by ocaml # the examples/liv directory, so rename it: %patch0 -p1 %patch1 -p1 +%patch2 -p1 aclocal -I . automake autoconf @@ -112,6 +116,10 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Fri Oct 16 2009 Richard W.M. Jones <rjones(a)redhat.com> - 3.0.1-13 +- ocaml-camlimages: TIFF reader multiple integer overflows + (CVE 2009-3296 / RHBZ#528732). + * Tue Sep 29 2009 Richard W.M. Jones <rjones(a)redhat.com> - 3.0.1-12 - Force rebuild against newer lablgtk.

14 years, 6 months

1
0
0 / 0

New OCaml packages needing review

by Richard W.M. Jones

https://bugzilla.redhat.com/show_bug.cgi?id=445068 ocaml-bin-prot - Read and write OCaml values in a type-safe binary protocol - Updated today to the latest upstream version. https://bugzilla.redhat.com/show_bug.cgi?id=528461 ocaml-fieldslib - OCaml library for folding over record fields - A brand new library / syntax extension from Jane St for performing multiple operations over records. https://bugzilla.redhat.com/show_bug.cgi?id=445074 ocaml-janest-core - Many and various enhancements to the OCaml standard library - Jane St released new upstream version 0.6.0 of their 'Core' library, with renewed emphasis on performance and consistency. https://bugzilla.redhat.com/show_bug.cgi?id=528454 ocaml-batteries - OCaml Batteries Included - OCaml "Batteries Included" is another contender for an enhanced standard library. Slides from this year's OCaml Users Conference are here: https://forge.ocamlcore.org/docman/view.php/77/36/batteries-included.pdf https://bugzilla.redhat.com/show_bug.cgi?id=487080 jocaml - Join-calculus extension of Objective Caml (This needs work from the package submitter) https://bugzilla.redhat.com/show_bug.cgi?id=526034 ocaml-xmlm - OCaml library for streaming XML input and output Slightly baffling library for parsing XML stream. TBH I couldn't work out how to use this one ... Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones New in Fedora 11: Fedora Windows cross-compiler. Compile Windows programs, test, and build Windows installers. Over 70 libraries supprt'd http://fedoraproject.org/wiki/MinGW http://www.annexia.org/fedora_mingw

14 years, 6 months

1
0
0 / 0

rpms/ocaml-lwt/devel ocaml-lwt.spec,1.9,1.10

by Richard W.M. Jones

Author: rjones Update of /cvs/pkgs/rpms/ocaml-lwt/devel In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv18815 Modified Files: ocaml-lwt.spec Log Message: Missing BR on camlp4. Index: ocaml-lwt.spec =================================================================== RCS file: /cvs/pkgs/rpms/ocaml-lwt/devel/ocaml-lwt.spec,v retrieving revision 1.9 retrieving revision 1.10 diff -u -p -r1.9 -r1.10 --- ocaml-lwt.spec 12 Oct 2009 08:39:50 -0000 1.9 +++ ocaml-lwt.spec 12 Oct 2009 08:50:06 -0000 1.10 @@ -3,7 +3,7 @@ Name: ocaml-lwt Version: 2.0.0 -Release: 0.1.rc1%{?dist} +Release: 0.2.rc1%{?dist} Summary: OCaml lightweight thread library Group: Development/Libraries @@ -16,6 +16,7 @@ ExcludeArch: sparc64 s390 s390x BuildRequires: ocaml >= 3.10.0 BuildRequires: ocaml-findlib-devel BuildRequires: ocaml-ocamldoc +BuildRequires: ocaml-camlp4-devel BuildRequires: ocaml-ssl >= 0.4.0 BuildRequires: ocaml-react >= 0.9.0 BuildRequires: chrpath @@ -93,8 +94,9 @@ rm -rf $RPM_BUILD_ROOT %changelog -* Mon Oct 12 2009 Richard W.M. Jones <rjones(a)redhat.com> - 2.0.0-0.1.rc1.fc13 +* Mon Oct 12 2009 Richard W.M. Jones <rjones(a)redhat.com> - 2.0.0-0.2.rc1.fc13 - ocaml-react is now in Fedora, so build this package. +- Missing BR on camlp4. * Thu Oct 8 2009 Richard W.M. Jones <rjones(a)redhat.com> - 2.0.0-0.rc1.fc13 - New upstream version 2.0.0+rc1.

14 years, 6 months

1
0
0 / 0

rpms/ocaml-lwt/devel ocaml-lwt.spec,1.8,1.9

by Richard W.M. Jones

Author: rjones Update of /cvs/pkgs/rpms/ocaml-lwt/devel In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv14846 Modified Files: ocaml-lwt.spec Log Message: ocaml-react is now in Fedora, so build this package. Index: ocaml-lwt.spec =================================================================== RCS file: /cvs/pkgs/rpms/ocaml-lwt/devel/ocaml-lwt.spec,v retrieving revision 1.8 retrieving revision 1.9 diff -u -p -r1.8 -r1.9 --- ocaml-lwt.spec 8 Oct 2009 12:42:49 -0000 1.8 +++ ocaml-lwt.spec 12 Oct 2009 08:39:50 -0000 1.9 @@ -3,7 +3,7 @@ Name: ocaml-lwt Version: 2.0.0 -Release: 0.rc1%{?dist} +Release: 0.1.rc1%{?dist} Summary: OCaml lightweight thread library Group: Development/Libraries @@ -93,6 +93,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Mon Oct 12 2009 Richard W.M. Jones <rjones(a)redhat.com> - 2.0.0-0.1.rc1.fc13 +- ocaml-react is now in Fedora, so build this package. + * Thu Oct 8 2009 Richard W.M. Jones <rjones(a)redhat.com> - 2.0.0-0.rc1.fc13 - New upstream version 2.0.0+rc1. - NB. This cannot be built as it depends on new package ocaml-react

14 years, 6 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

Ocaml-devel October 2009