pool/tiff
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- security update

Browse Source 
* CVE-2019-6128 [bsc#1121626]
    + tiff-CVE-2019-6128.patch

OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=136
This commit is contained in:
Michael Vetter 2019-02-04 14:42:48 +00:00 committed by Git OBS Bridge
parent 6232377d76
commit 0164724f55
3 changed files with 61 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
tiff-CVE-2019-6128.patch Normal file
View File

@ -0,0 +1,49 @@
From 0c74a9f49b8d7a36b17b54a7428b3526d20f88a8 Mon Sep 17 00:00:00 2001
From: Scott Gayou <github.scott@gmail.com>
Date: Wed, 23 Jan 2019 15:03:53 -0500
Subject: [PATCH] Fix for simple memory leak that was assigned CVE-2019-6128.
pal2rgb failed to free memory on a few errors. This was reported
here: http://bugzilla.maptools.org/show_bug.cgi?id=2836.
---
tools/pal2rgb.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/tools/pal2rgb.c b/tools/pal2rgb.c
index 01d8502e..9492f1cf 100644
--- a/tools/pal2rgb.c
+++ b/tools/pal2rgb.c
@@ -118,12 +118,14 @@ main(int argc, char* argv[])
shortv != PHOTOMETRIC_PALETTE) {
fprintf(stderr, "%s: Expecting a palette image.\n",
argv[optind]);
+ (void) TIFFClose(in);
return (-1);
}
if (!TIFFGetField(in, TIFFTAG_COLORMAP, &rmap, &gmap, &bmap)) {
fprintf(stderr,
"%s: No colormap (not a valid palette image).\n",
argv[optind]);
+ (void) TIFFClose(in);
return (-1);
}
bitspersample = 0;
@@ -131,11 +133,14 @@ main(int argc, char* argv[])
if (bitspersample != 8) {
fprintf(stderr, "%s: Sorry, can only handle 8-bit images.\n",
argv[optind]);
+ (void) TIFFClose(in);
return (-1);
}
out = TIFFOpen(argv[optind+1], "w");
- if (out == NULL)
+ if (out == NULL) {
+ (void) TIFFClose(in);
return (-2);
+ }
cpTags(in, out);
TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &imagewidth);
TIFFGetField(in, TIFFTAG_IMAGELENGTH, &imagelength);
--
2.18.1

7
tiff.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Mon Feb 4 14:04:09 UTC 2019 - mvetter@suse.com
- security update
* CVE-2019-6128 [bsc#1121626]
+ tiff-CVE-2019-6128.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jan 30 12:47:58 UTC 2019 - Petr Gajdos <pgajdos@suse.com> Wed Jan 30 12:47:58 UTC 2019 - Petr Gajdos <pgajdos@suse.com>

6
tiff.spec
View File

@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9) # license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative. # published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/ # Please submit bugfixes or comments via http://bugs.opensuse.org/
# #
@ -35,6 +35,9 @@ Patch1: tiff-4.0.3-compress-warning.patch
# https://gitlab.com/libtiff/libtiff/merge_requests/44 # https://gitlab.com/libtiff/libtiff/merge_requests/44
Patch2: tiff-CVE-2018-12900.patch Patch2: tiff-CVE-2018-12900.patch
Patch3: tiff-CVE-2018-17000,19210.patch Patch3: tiff-CVE-2018-17000,19210.patch
# http://bugzilla.maptools.org/show_bug.cgi?id=2836
# https://gitlab.com/libtiff/libtiff/merge_requests/50
Patch4: tiff-CVE-2019-6128.patch
BuildRequires: gcc-c++ BuildRequires: gcc-c++
BuildRequires: libjbig-devel BuildRequires: libjbig-devel
BuildRequires: libjpeg-devel BuildRequires: libjpeg-devel
@ -75,6 +78,7 @@ the libtiff library.
%patch1 -p1 %patch1 -p1
%patch2 -p1 %patch2 -p1
%patch3 -p1 %patch3 -p1
%patch4 -p1
%build %build
CFLAGS="%{optflags} -fPIE" CFLAGS="%{optflags} -fPIE"