forked from pool/wxWidgets-3_2
Compare commits
1 Commits
| Author | SHA256 | Date | |
|---|---|---|---|
| 3e98252e49 |
@@ -1,3 +1,19 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Sep 1 17:28:12 UTC 2025 - Cliff Zhao <qzhao@suse.com>
|
||||||
|
|
||||||
|
- Add wxWidgets-3_2_CVE-2025-9165.patch:
|
||||||
|
Backport ed14128 from libtiff upstream, tiffcmp: fix memory leak
|
||||||
|
when second file cannot be opened.
|
||||||
|
(CVE-2025-9165, bsc#1248328)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Sep 1 10:07:46 UTC 2025 - Cliff Zhao <qzhao@suse.com>
|
||||||
|
|
||||||
|
- Add wxWidgets-3_2_CVE-2025-8851.patch:
|
||||||
|
Backport 8a7a48d from libtiff upstream, Attempt to address tiffcrop
|
||||||
|
Coverity scan issues 1605444.
|
||||||
|
(CVE-2025-8851, bsc#1248279)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu May 29 17:11:39 UTC 2025 - Antonio Larrosa <alarrosa@suse.com>
|
Thu May 29 17:11:39 UTC 2025 - Antonio Larrosa <alarrosa@suse.com>
|
||||||
|
|
||||||
|
|||||||
@@ -83,6 +83,8 @@ Source6: wxpython-mkdiff.sh
|
|||||||
Patch0: soversion.diff
|
Patch0: soversion.diff
|
||||||
Patch1: autoconf-2_72.diff
|
Patch1: autoconf-2_72.diff
|
||||||
Patch2: textfiletest-fix-file-exists.diff
|
Patch2: textfiletest-fix-file-exists.diff
|
||||||
|
Patch3: wxWidgets-3_2_CVE-2025-8851.patch
|
||||||
|
Patch4: wxWidgets-3_2_CVE-2025-9165.patch
|
||||||
%if "%flavor" == "doc"
|
%if "%flavor" == "doc"
|
||||||
BuildRequires: doxygen
|
BuildRequires: doxygen
|
||||||
BuildRequires: fdupes
|
BuildRequires: fdupes
|
||||||
@@ -401,8 +403,6 @@ WX_SKIP_DOXYGEN_VERSION_CHECK=1 ./regen.sh html
|
|||||||
|
|
||||||
%else
|
%else
|
||||||
autoconf -f -i
|
autoconf -f -i
|
||||||
rm -Rf src/tiff
|
|
||||||
|
|
||||||
# NOTE: gnome-vfs is deprecated. Disabled by default upstream.
|
# NOTE: gnome-vfs is deprecated. Disabled by default upstream.
|
||||||
#
|
#
|
||||||
# With 2.9.1:
|
# With 2.9.1:
|
||||||
|
|||||||
62
wxWidgets-3_2_CVE-2025-8851.patch
Normal file
62
wxWidgets-3_2_CVE-2025-8851.patch
Normal file
@@ -0,0 +1,62 @@
|
|||||||
|
From 8a7a48d7a645992ca83062b3a1873c951661e2b3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Lee Howard <faxguy@howardsilvan.com>
|
||||||
|
Date: Sun, 11 Aug 2024 16:01:07 +0000
|
||||||
|
Subject: [PATCH] Attempt to address tiffcrop Coverity scan issues 1605444,
|
||||||
|
1605445, and 1605449.
|
||||||
|
|
||||||
|
---
|
||||||
|
tools/tiffcrop.c | 17 ++++++++++++-----
|
||||||
|
1 file changed, 12 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
--- a/src/tiff/tools/tiffcrop.c
|
||||||
|
+++ b/src/tiff/tools/tiffcrop.c
|
||||||
|
@@ -4902,7 +4902,14 @@
|
||||||
|
buff = srcbuffs[s];
|
||||||
|
strip = (s * strips_per_sample) + j;
|
||||||
|
bytes_read = TIFFReadEncodedStrip (in, strip, buff, stripsize);
|
||||||
|
- rows_this_strip = bytes_read / src_rowsize;
|
||||||
|
+ if (bytes_read < 0)
|
||||||
|
+ {
|
||||||
|
+ rows_this_strip = 0;
|
||||||
|
+ }
|
||||||
|
+ else
|
||||||
|
+ {
|
||||||
|
+ rows_this_strip = bytes_read / src_rowsize;
|
||||||
|
+ }
|
||||||
|
if (bytes_read < 0 && !ignore)
|
||||||
|
{
|
||||||
|
TIFFError(TIFFFileName(in),
|
||||||
|
@@ -5276,14 +5283,14 @@
|
||||||
|
rmargin = (uint32)(crop->margins[3] * scale * xres);
|
||||||
|
}
|
||||||
|
|
||||||
|
- if ((lmargin + rmargin) > image->width)
|
||||||
|
+ if (lmargin == 0xFFFFFFFFU || rmargin == 0xFFFFFFFFU || (lmargin + rmargin) > image->width)
|
||||||
|
{
|
||||||
|
TIFFError("computeInputPixelOffsets", "Combined left and right margins exceed image width");
|
||||||
|
lmargin = (uint32) 0;
|
||||||
|
rmargin = (uint32) 0;
|
||||||
|
return (-1);
|
||||||
|
}
|
||||||
|
- if ((tmargin + bmargin) > image->length)
|
||||||
|
+ if (tmargin == 0xFFFFFFFFU || bmargin == 0xFFFFFFFFU || (tmargin + bmargin) > image->length)
|
||||||
|
{
|
||||||
|
TIFFError("computeInputPixelOffsets", "Combined top and bottom margins exceed image length");
|
||||||
|
tmargin = (uint32) 0;
|
||||||
|
@@ -5728,14 +5735,14 @@
|
||||||
|
vmargin = (uint32)(page->vmargin * scale * ((image->bps + 7)/ 8));
|
||||||
|
}
|
||||||
|
|
||||||
|
- if ((hmargin * 2.0) > (pwidth * page->hres))
|
||||||
|
+ if (hmargin == 0xFFFFFFFFU || (hmargin * 2.0) > (pwidth * page->hres))
|
||||||
|
{
|
||||||
|
TIFFError("computeOutputPixelOffsets",
|
||||||
|
"Combined left and right margins exceed page width");
|
||||||
|
hmargin = (uint32) 0;
|
||||||
|
return (-1);
|
||||||
|
}
|
||||||
|
- if ((vmargin * 2.0) > (plength * page->vres))
|
||||||
|
+ if (vmargin == 0xFFFFFFFFU || (vmargin * 2.0) > (plength * page->vres))
|
||||||
|
{
|
||||||
|
TIFFError("computeOutputPixelOffsets",
|
||||||
|
"Combined top and bottom margins exceed page length");
|
||||||
23
wxWidgets-3_2_CVE-2025-9165.patch
Normal file
23
wxWidgets-3_2_CVE-2025-9165.patch
Normal file
@@ -0,0 +1,23 @@
|
|||||||
|
From ed141286a37f6e5ddafb5069347ff5d587e7a4e0 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Su_Laus <sulau@freenet.de>
|
||||||
|
Date: Fri, 8 Aug 2025 21:35:30 +0200
|
||||||
|
Subject: [PATCH] tiffcmp: fix memory leak when second file cannot be opened.
|
||||||
|
|
||||||
|
Closes #728, #729
|
||||||
|
---
|
||||||
|
tools/tiffcmp.c | 3 +++
|
||||||
|
1 file changed, 3 insertions(+)
|
||||||
|
|
||||||
|
--- a/src/tiff/tools/tiffcmp.c
|
||||||
|
+++ b/src/tiff/tools/tiffcmp.c
|
||||||
|
@@ -108,7 +108,10 @@
|
||||||
|
return (2);
|
||||||
|
tif2 = TIFFOpen(argv[optind+1], "r");
|
||||||
|
if (tif2 == NULL)
|
||||||
|
+ {
|
||||||
|
+ TIFFClose(tif1);
|
||||||
|
return (2);
|
||||||
|
+ }
|
||||||
|
dirnum = 0;
|
||||||
|
while (tiffcmp(tif1, tif2)) {
|
||||||
|
if (!TIFFReadDirectory(tif1)) {
|
||||||
Reference in New Issue
Block a user