Accepting request 353435 from graphics

bsc#942690 OBS-URL: https://build.opensuse.org/request/show/353435 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tiff?expand=0&rev=56
2016-01-15 09:40:28 +00:00 · 2016-01-15 09:40:28 +00:00 · 10e66b71ad
commit 10e66b71ad
parent 9b86b1fd5e 616d19b8b7
3 changed files with 47 additions and 4 deletions
--- a/tiff-4.0.4-uninitialized_mem_NeXTDecode.patch
+++ b/tiff-4.0.4-uninitialized_mem_NeXTDecode.patch
@ -0,0 +1,36 @@
+--- libtiff/tif_next.c	29 Dec 2014 12:09:11 -0000	1.16
+++ libtiff/tif_next.c	27 Dec 2015 16:55:20 -0000	1.17
+@@ -37,7 +37,7 @@
+ 	case 0:	op[0]  = (unsigned char) ((v) << 6); break;	\
+ 	case 1:	op[0] |= (v) << 4; break;	\
+ 	case 2:	op[0] |= (v) << 2; break;	\
+-	case 3:	*op++ |= (v);	   break;	\
+	case 3:	*op++ |= (v);	   op_offset++; break;	\
+ 	}					\
+ }
+ 
+@@ -106,6 +106,7 @@
+ 			uint32 imagewidth = tif->tif_dir.td_imagewidth;
+             if( isTiled(tif) )
+                 imagewidth = tif->tif_dir.td_tilewidth;
+            tmsize_t op_offset = 0;
+ 
+ 			/*
+ 			 * The scanline is composed of a sequence of constant
+@@ -122,10 +123,15 @@
+ 				 * bounds, potentially resulting in a security
+ 				 * issue.
+ 				 */
+-				while (n-- > 0 && npixels < imagewidth)
+				while (n-- > 0 && npixels < imagewidth && op_offset < scanline)
+ 					SETPIXEL(op, grey);
+ 				if (npixels >= imagewidth)
+ 					break;
+                if (op_offset >= scanline ) {
+                    TIFFErrorExt(tif->tif_clientdata, module, "Invalid data for scanline %ld",
+                        (long) tif->tif_row);
+                    return (0);
+                }
+ 				if (cc == 0)
+ 					goto bad;
+ 				n = *bp++, cc--;
--- a/tiff.changes
+++ b/tiff.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon Jan 11 13:53:42 UTC 2016 - kstreitova@suse.com
+
+- add tiff-4.0.4-uninitialized_mem_NeXTDecode.patch to fix
+  uninitialized memory in NeXTDecode (upstream bug #2508)
+  [bnc#942690]
+
 -------------------------------------------------------------------
 Tue Dec  8 15:55:30 UTC 2015 - p.drouand@gmail.com

--- a/tiff.spec
+++ b/tiff.spec
@ -1,7 +1,7 @@
 #
 # spec file for package tiff
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -29,13 +29,12 @@ Source3:        baselibs.conf
 Patch0:         tiff-4.0.3-seek.patch
 # http://bugzilla.maptools.org/show_bug.cgi?id=2442
 Patch1:         tiff-4.0.3-compress-warning.patch
+# http://bugzilla.maptools.org/show_bug.cgi?id=2508
+Patch2:         tiff-4.0.4-uninitialized_mem_NeXTDecode.patch
 BuildRequires:  gcc-c++
 BuildRequires:  libjpeg-devel
 BuildRequires:  libtool
 BuildRequires:  zlib-devel
-# FYI: this issue is solved another way
-# http://bugzilla.maptools.org/show_bug.cgi?id=1985#c1
-# Patch9:         tiff-%{version}-lzw-CVE-2009-2285.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %if 0%{?suse_version} > 1030
 BuildRequires:  lzma-devel
@ -94,6 +93,7 @@ the libtiff library.
 %setup -q
 %patch0 -p1
 %patch1 -p1
+%patch2

 %build
 CFLAGS="%{optflags} -fPIE"