pool/tiff
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 614252 from home:pgajdos

Browse Source 
- security update
  * CVE-2018-8905 [bsc#1086408]
    + tiff-CVE-2018-8905.patch

OBS-URL: https://build.opensuse.org/request/show/614252
OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=121
This commit is contained in:
Ismail Dönmez 2018-06-05 13:04:45 +00:00 committed by Git OBS Bridge
parent 3dcdb2c325
commit 338f91dbdc
3 changed files with 47 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
tiff-CVE-2018-8905.patch Normal file
View File

@ -0,0 +1,38 @@
diff --git a/libtiff/tif_lzw.c b/libtiff/tif_lzw.c
index 4ccb443..94d85e3 100644
--- a/libtiff/tif_lzw.c
+++ b/libtiff/tif_lzw.c
@@ -602,6 +602,7 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s)
char *tp;
unsigned char *bp;
int code, nbits;
+ int len;
long nextbits, nextdata, nbitsmask;
code_t *codep, *free_entp, *maxcodep, *oldcodep;
@@ -753,13 +754,18 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s)
} while (--occ);
break;
}
- assert(occ >= codep->length);
- op += codep->length;
- occ -= codep->length;
- tp = op;
+ len = codep->length;
+ tp = op + len;
do {
- *--tp = codep->value;
- } while( (codep = codep->next) != NULL );
+ int t;
+ --tp;
+ t = codep->value;
+ codep = codep->next;
+ *tp = (char)t;
+ } while (codep && tp > op);
+ assert(occ >= len);
+ op += len;
+ occ -= len;
} else {
*op++ = (char)code;
occ--;

7
tiff.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Tue Jun 5 12:21:02 UTC 2018 - pgajdos@suse.com
- security update
* CVE-2018-8905 [bsc#1086408]
+ tiff-CVE-2018-8905.patch
-------------------------------------------------------------------
Mon Jun 4 15:12:15 UTC 2018 - pgajdos@suse.com

2
tiff.spec
View File

@ -36,6 +36,7 @@ Patch4: tiff-CVE-2018-10963.patch
Patch5: tiff-CVE-2017-18013.patch
Patch6: tiff-CVE-2018-7456.patch
Patch7: tiff-CVE-2017-11613.patch
Patch8: tiff-CVE-2018-8905.patch
BuildRequires: gcc-c++
BuildRequires: libjpeg-devel
@ -105,6 +106,7 @@ the libtiff library.
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%build
CFLAGS="%{optflags} -fPIE"