- security update

* CVE-2019-7663 [bsc#1125113]
    + tiff-CVE-2019-7663.patch

OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=137
This commit is contained in:
Michael Vetter 2019-02-12 14:47:56 +00:00 committed by Git OBS Bridge
parent 0164724f55
commit 219d98803d
3 changed files with 60 additions and 0 deletions

48
tiff-CVE-2019-7663.patch Normal file
View File

@ -0,0 +1,48 @@
Index: tiff-4.0.10/libtiff/tif_dirwrite.c
===================================================================
--- tiff-4.0.10.orig/libtiff/tif_dirwrite.c
+++ tiff-4.0.10/libtiff/tif_dirwrite.c
@@ -1896,12 +1896,14 @@ TIFFWriteDirectoryTagTransferfunction(TI
n=3;
if (n==3)
{
- if (!_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[2],m*sizeof(uint16)))
+ if (tif->tif_dir.td_transferfunction[2] == NULL ||
+ !_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[2],m*sizeof(uint16)))
n=2;
}
if (n==2)
{
- if (!_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[1],m*sizeof(uint16)))
+ if (tif->tif_dir.td_transferfunction[1] == NULL ||
+ !_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[1],m*sizeof(uint16)))
n=1;
}
if (n==0)
Index: tiff-4.0.10/tools/tiffcp.c
===================================================================
--- tiff-4.0.10.orig/tools/tiffcp.c
+++ tiff-4.0.10/tools/tiffcp.c
@@ -1408,7 +1408,7 @@ DECLAREreadFunc(readSeparateTilesIntoBuf
int status = 1;
uint32 imagew = TIFFRasterScanlineSize(in);
uint32 tilew = TIFFTileRowSize(in);
- int iskew = imagew - tilew*spp;
+ int iskew;
tsize_t tilesize = TIFFTileSize(in);
tdata_t tilebuf;
uint8* bufp = (uint8*) buf;
@@ -1416,6 +1416,13 @@ DECLAREreadFunc(readSeparateTilesIntoBuf
uint32 row;
uint16 bps = 0, bytes_per_sample;
+ if (spp > (0x7fffffff / tilew))
+ {
+ TIFFError(TIFFFileName(in), "Error, cannot handle that much samples per tile row (Tile Width * Samples/Pixel)");
+ return 0;
+ }
+ iskew = imagew - tilew*spp;
+
tilebuf = _TIFFmalloc(tilesize);
if (tilebuf == 0)
return 0;

View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Tue Feb 12 15:36:02 UTC 2019 - mvetter@suse.com
- security update
* CVE-2019-7663 [bsc#1125113]
+ tiff-CVE-2019-7663.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Feb 4 14:04:09 UTC 2019 - mvetter@suse.com Mon Feb 4 14:04:09 UTC 2019 - mvetter@suse.com

View File

@ -38,6 +38,10 @@ Patch3: tiff-CVE-2018-17000,19210.patch
# http://bugzilla.maptools.org/show_bug.cgi?id=2836 # http://bugzilla.maptools.org/show_bug.cgi?id=2836
# https://gitlab.com/libtiff/libtiff/merge_requests/50 # https://gitlab.com/libtiff/libtiff/merge_requests/50
Patch4: tiff-CVE-2019-6128.patch Patch4: tiff-CVE-2019-6128.patch
# http://bugzilla.maptools.org/show_bug.cgi?id=2833
# https://gitlab.com/libtiff/libtiff/merge_requests/54
# https://gitlab.com/libtiff/libtiff/merge_requests/60
Patch5: tiff-CVE-2019-7663.patch
BuildRequires: gcc-c++ BuildRequires: gcc-c++
BuildRequires: libjbig-devel BuildRequires: libjbig-devel
BuildRequires: libjpeg-devel BuildRequires: libjpeg-devel
@ -79,6 +83,7 @@ the libtiff library.
%patch2 -p1 %patch2 -p1
%patch3 -p1 %patch3 -p1
%patch4 -p1 %patch4 -p1
%patch5 -p1
%build %build
CFLAGS="%{optflags} -fPIE" CFLAGS="%{optflags} -fPIE"