forked from pool/wxWidgets-3_2
Compare commits
1 Commits
| Author | SHA256 | Date | |
|---|---|---|---|
| 3e98252e49 |
@@ -1,3 +1,19 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Sep 1 17:28:12 UTC 2025 - Cliff Zhao <qzhao@suse.com>
|
||||
|
||||
- Add wxWidgets-3_2_CVE-2025-9165.patch:
|
||||
Backport ed14128 from libtiff upstream, tiffcmp: fix memory leak
|
||||
when second file cannot be opened.
|
||||
(CVE-2025-9165, bsc#1248328)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Sep 1 10:07:46 UTC 2025 - Cliff Zhao <qzhao@suse.com>
|
||||
|
||||
- Add wxWidgets-3_2_CVE-2025-8851.patch:
|
||||
Backport 8a7a48d from libtiff upstream, Attempt to address tiffcrop
|
||||
Coverity scan issues 1605444.
|
||||
(CVE-2025-8851, bsc#1248279)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu May 29 17:11:39 UTC 2025 - Antonio Larrosa <alarrosa@suse.com>
|
||||
|
||||
|
||||
@@ -83,6 +83,8 @@ Source6: wxpython-mkdiff.sh
|
||||
Patch0: soversion.diff
|
||||
Patch1: autoconf-2_72.diff
|
||||
Patch2: textfiletest-fix-file-exists.diff
|
||||
Patch3: wxWidgets-3_2_CVE-2025-8851.patch
|
||||
Patch4: wxWidgets-3_2_CVE-2025-9165.patch
|
||||
%if "%flavor" == "doc"
|
||||
BuildRequires: doxygen
|
||||
BuildRequires: fdupes
|
||||
@@ -401,8 +403,6 @@ WX_SKIP_DOXYGEN_VERSION_CHECK=1 ./regen.sh html
|
||||
|
||||
%else
|
||||
autoconf -f -i
|
||||
rm -Rf src/tiff
|
||||
|
||||
# NOTE: gnome-vfs is deprecated. Disabled by default upstream.
|
||||
#
|
||||
# With 2.9.1:
|
||||
|
||||
62
wxWidgets-3_2_CVE-2025-8851.patch
Normal file
62
wxWidgets-3_2_CVE-2025-8851.patch
Normal file
@@ -0,0 +1,62 @@
|
||||
From 8a7a48d7a645992ca83062b3a1873c951661e2b3 Mon Sep 17 00:00:00 2001
|
||||
From: Lee Howard <faxguy@howardsilvan.com>
|
||||
Date: Sun, 11 Aug 2024 16:01:07 +0000
|
||||
Subject: [PATCH] Attempt to address tiffcrop Coverity scan issues 1605444,
|
||||
1605445, and 1605449.
|
||||
|
||||
---
|
||||
tools/tiffcrop.c | 17 ++++++++++++-----
|
||||
1 file changed, 12 insertions(+), 5 deletions(-)
|
||||
|
||||
--- a/src/tiff/tools/tiffcrop.c
|
||||
+++ b/src/tiff/tools/tiffcrop.c
|
||||
@@ -4902,7 +4902,14 @@
|
||||
buff = srcbuffs[s];
|
||||
strip = (s * strips_per_sample) + j;
|
||||
bytes_read = TIFFReadEncodedStrip (in, strip, buff, stripsize);
|
||||
- rows_this_strip = bytes_read / src_rowsize;
|
||||
+ if (bytes_read < 0)
|
||||
+ {
|
||||
+ rows_this_strip = 0;
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ rows_this_strip = bytes_read / src_rowsize;
|
||||
+ }
|
||||
if (bytes_read < 0 && !ignore)
|
||||
{
|
||||
TIFFError(TIFFFileName(in),
|
||||
@@ -5276,14 +5283,14 @@
|
||||
rmargin = (uint32)(crop->margins[3] * scale * xres);
|
||||
}
|
||||
|
||||
- if ((lmargin + rmargin) > image->width)
|
||||
+ if (lmargin == 0xFFFFFFFFU || rmargin == 0xFFFFFFFFU || (lmargin + rmargin) > image->width)
|
||||
{
|
||||
TIFFError("computeInputPixelOffsets", "Combined left and right margins exceed image width");
|
||||
lmargin = (uint32) 0;
|
||||
rmargin = (uint32) 0;
|
||||
return (-1);
|
||||
}
|
||||
- if ((tmargin + bmargin) > image->length)
|
||||
+ if (tmargin == 0xFFFFFFFFU || bmargin == 0xFFFFFFFFU || (tmargin + bmargin) > image->length)
|
||||
{
|
||||
TIFFError("computeInputPixelOffsets", "Combined top and bottom margins exceed image length");
|
||||
tmargin = (uint32) 0;
|
||||
@@ -5728,14 +5735,14 @@
|
||||
vmargin = (uint32)(page->vmargin * scale * ((image->bps + 7)/ 8));
|
||||
}
|
||||
|
||||
- if ((hmargin * 2.0) > (pwidth * page->hres))
|
||||
+ if (hmargin == 0xFFFFFFFFU || (hmargin * 2.0) > (pwidth * page->hres))
|
||||
{
|
||||
TIFFError("computeOutputPixelOffsets",
|
||||
"Combined left and right margins exceed page width");
|
||||
hmargin = (uint32) 0;
|
||||
return (-1);
|
||||
}
|
||||
- if ((vmargin * 2.0) > (plength * page->vres))
|
||||
+ if (vmargin == 0xFFFFFFFFU || (vmargin * 2.0) > (plength * page->vres))
|
||||
{
|
||||
TIFFError("computeOutputPixelOffsets",
|
||||
"Combined top and bottom margins exceed page length");
|
||||
23
wxWidgets-3_2_CVE-2025-9165.patch
Normal file
23
wxWidgets-3_2_CVE-2025-9165.patch
Normal file
@@ -0,0 +1,23 @@
|
||||
From ed141286a37f6e5ddafb5069347ff5d587e7a4e0 Mon Sep 17 00:00:00 2001
|
||||
From: Su_Laus <sulau@freenet.de>
|
||||
Date: Fri, 8 Aug 2025 21:35:30 +0200
|
||||
Subject: [PATCH] tiffcmp: fix memory leak when second file cannot be opened.
|
||||
|
||||
Closes #728, #729
|
||||
---
|
||||
tools/tiffcmp.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
--- a/src/tiff/tools/tiffcmp.c
|
||||
+++ b/src/tiff/tools/tiffcmp.c
|
||||
@@ -108,7 +108,10 @@
|
||||
return (2);
|
||||
tif2 = TIFFOpen(argv[optind+1], "r");
|
||||
if (tif2 == NULL)
|
||||
+ {
|
||||
+ TIFFClose(tif1);
|
||||
return (2);
|
||||
+ }
|
||||
dirnum = 0;
|
||||
while (tiffcmp(tif1, tif2)) {
|
||||
if (!TIFFReadDirectory(tif1)) {
|
||||
Reference in New Issue
Block a user