From 00fc33643dd957ef66711f46cbd15430f14e595f6bc9291d116e6e34914d784c Mon Sep 17 00:00:00 2001 From: Pedro Monreal Gonzalez Date: Sun, 4 Feb 2024 14:54:09 +0000 Subject: [PATCH] Accepting request 1143652 from home:pgajdos - added patches fix CVE-2017-5849 [bsc#1022790], CVE-2017-5849 [bsc#1022791] + netpbm-use-byrow-when-needed.patch OBS-URL: https://build.opensuse.org/request/show/1143652 OBS-URL: https://build.opensuse.org/package/show/graphics/netpbm?expand=0&rev=147 --- netpbm-use-byrow-when-needed.patch | 77 ++++++++++++++++++++++++++++++ netpbm.changes | 7 +++ netpbm.spec | 2 + 3 files changed, 86 insertions(+) create mode 100644 netpbm-use-byrow-when-needed.patch diff --git a/netpbm-use-byrow-when-needed.patch b/netpbm-use-byrow-when-needed.patch new file mode 100644 index 0000000..b0eadd0 --- /dev/null +++ b/netpbm-use-byrow-when-needed.patch @@ -0,0 +1,77 @@ +Index: netpbm-11.5.2/converter/other/tifftopnm.c +=================================================================== +--- netpbm-11.5.2.orig/converter/other/tifftopnm.c ++++ netpbm-11.5.2/converter/other/tifftopnm.c +@@ -1393,7 +1393,7 @@ convertRasterByRows(pnmOut * const + + + +-static void ++static int + warnBrokenTiffLibrary(TIFF * const tiffP) { + + /* TIFF library bug: +@@ -1423,6 +1423,7 @@ warnBrokenTiffLibrary(TIFF * const tiffP + + unsigned short tiffOrientation; + int fldPresent; ++ int broken = false; + fldPresent = TIFFGetField(tiffP, TIFFTAG_ORIENTATION, &tiffOrientation); + if (fldPresent) { + switch (tiffOrientation) { +@@ -1432,10 +1433,12 @@ warnBrokenTiffLibrary(TIFF * const tiffP + case ORIENTATION_LEFTBOT: + pm_message("WARNING: This TIFF image has an orientation that " + "most TIFF libraries convert incorrectly. " +- "Use -byrow to circumvent."); ++ "Using -byrow to circumvent."); ++ broken = true; + break; + } + } ++ return broken; + } + + +@@ -1562,8 +1565,6 @@ convertRasterInMemory(pnmOut * + if (verbose) + pm_message("Converting in memory ..."); + +- warnBrokenTiffLibrary(tif); +- + ok = TIFFRGBAImageOK(tif, emsg); + if (!ok) { + pm_message("%s", emsg); +@@ -1662,7 +1663,7 @@ convertImage(TIFF * const ti + xelval maxval; + xel colormap[MAXCOLORS]; + unsigned short fillorder; +- bool flipOk, noflipOk; ++ bool flipOk, noflipOk, byrow; + pnmOut pnmOut; + + readDirectory(tifP, cmdline.headerdump, &tiffDir); +@@ -1674,15 +1675,21 @@ convertImage(TIFF * const ti + + pm_message("writing %s file", pnm_formattypenm(format)); + ++ byrow = cmdline.byrow; ++ if (warnBrokenTiffLibrary(tifP)) { ++ /* force byrow true: http://bugzilla.maptools.org/show_bug.cgi?id=2654#c9 */ ++ byrow = true; ++ } ++ + pnmOut_init(imageoutFileP, alphaFileP, tiffDir.width, tiffDir.height, + tiffDir.orientation, maxval, format, maxval, +- cmdline.byrow, cmdline.orientraw, ++ byrow, cmdline.orientraw, + cmdline.verbose, + &flipOk, &noflipOk, + &pnmOut); + + convertRaster(&pnmOut, tifP, tiffDir, maxval, +- fillorder, colormap, cmdline.byrow, flipOk, noflipOk, ++ fillorder, colormap, byrow, flipOk, noflipOk, + cmdline.verbose); + + pnmOut_term(&pnmOut, cmdline.verbose); diff --git a/netpbm.changes b/netpbm.changes index 0bc3edf..ce8f5e7 100644 --- a/netpbm.changes +++ b/netpbm.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Fri Feb 2 14:11:02 UTC 2024 - pgajdos@suse.com + +- added patches + fix CVE-2017-5849 [bsc#1022790], CVE-2017-5849 [bsc#1022791] + + netpbm-use-byrow-when-needed.patch + ------------------------------------------------------------------- Wed Jan 31 14:59:08 UTC 2024 - pgajdos@suse.com diff --git a/netpbm.spec b/netpbm.spec index 6f4bb46..1450a9c 100644 --- a/netpbm.spec +++ b/netpbm.spec @@ -42,6 +42,8 @@ Patch4: %{name}-gcc-warnings.patch Patch5: makeman-py3.patch # bsc#1144255 disable jpeg2k support due to removal of jasper Patch8: netpbm-disable-jasper.patch +# CVE-2017-5849 [bsc#1022790], CVE-2017-5849 [bsc#1022791] +Patch9: netpbm-use-byrow-when-needed.patch BuildRequires: flex BuildRequires: libjpeg-devel BuildRequires: libpng-devel