diff --git a/tiff-4.0.6-CVE-2014-8128.patch b/tiff-4.0.6-CVE-2014-8128.patch new file mode 100644 index 0000000..8b750ef --- /dev/null +++ b/tiff-4.0.6-CVE-2014-8128.patch @@ -0,0 +1,18 @@ +--- libtiff/tif_dirinfo.c 12 Dec 2015 18:04:26 -0000 1.124 ++++ libtiff/tif_dirinfo.c 12 Jan 2016 15:01:21 -0000 +@@ -87,6 +87,7 @@ + { TIFFTAG_DATETIME, 20, 20, TIFF_ASCII, 0, TIFF_SETGET_ASCII, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 1, 0, "DateTime", NULL }, + { TIFFTAG_ARTIST, -1, -1, TIFF_ASCII, 0, TIFF_SETGET_ASCII, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 1, 0, "Artist", NULL }, + { TIFFTAG_HOSTCOMPUTER, -1, -1, TIFF_ASCII, 0, TIFF_SETGET_ASCII, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 1, 0, "HostComputer", NULL }, ++ { TIFFTAG_PREDICTOR, 1, 1, TIFF_SHORT, 0, TIFF_SETGET_UINT16, TIFF_SETGET_UINT16, FIELD_CODEC+0, FALSE, FALSE, "Predictor", NULL }, + { TIFFTAG_WHITEPOINT, 2, 2, TIFF_RATIONAL, 0, TIFF_SETGET_C0_FLOAT, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 1, 0, "WhitePoint", NULL }, + { TIFFTAG_PRIMARYCHROMATICITIES, 6, 6, TIFF_RATIONAL, 0, TIFF_SETGET_C0_FLOAT, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 1, 0, "PrimaryChromaticities", NULL }, + { TIFFTAG_COLORMAP, -1, -1, TIFF_SHORT, 0, TIFF_SETGET_OTHER, TIFF_SETGET_UNDEFINED, FIELD_COLORMAP, 1, 0, "ColorMap", NULL }, +@@ -95,6 +96,7 @@ + { TIFFTAG_TILELENGTH, 1, 1, TIFF_LONG, 0, TIFF_SETGET_UINT32, TIFF_SETGET_UNDEFINED, FIELD_TILEDIMENSIONS, 0, 0, "TileLength", NULL }, + { TIFFTAG_TILEOFFSETS, -1, 1, TIFF_LONG8, 0, TIFF_SETGET_UNDEFINED, TIFF_SETGET_UNDEFINED, FIELD_STRIPOFFSETS, 0, 0, "TileOffsets", NULL }, + { TIFFTAG_TILEBYTECOUNTS, -1, 1, TIFF_LONG8, 0, TIFF_SETGET_UNDEFINED, TIFF_SETGET_UNDEFINED, FIELD_STRIPBYTECOUNTS, 0, 0, "TileByteCounts", NULL }, ++ { TIFFTAG_CONSECUTIVEBADFAXLINES, 1, 1, TIFF_LONG, 0, TIFF_SETGET_UINT32, TIFF_SETGET_UINT32, FIELD_CODEC+2, TRUE, FALSE, "ConsecutiveBadFaxLines", NULL }, + { TIFFTAG_SUBIFD, -1, -1, TIFF_IFD8, 0, TIFF_SETGET_C16_IFD8, TIFF_SETGET_UNDEFINED, FIELD_SUBIFD, 1, 1, "SubIFD", &tiffFieldArray }, + { TIFFTAG_INKSET, 1, 1, TIFF_SHORT, 0, TIFF_SETGET_UINT16, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0, "InkSet", NULL }, + { TIFFTAG_INKNAMES, -1, -1, TIFF_ASCII, 0, TIFF_SETGET_C16_ASCII, TIFF_SETGET_UNDEFINED, FIELD_INKNAMES, 1, 1, "InkNames", NULL }, diff --git a/tiff.changes b/tiff.changes index 9b70785..6dacae8 100644 --- a/tiff.changes +++ b/tiff.changes @@ -1,9 +1,18 @@ +------------------------------------------------------------------- +Wed Jan 13 17:03:31 UTC 2016 - fstrba@suse.com + +- Added patch: + * tiff-4.0.6-CVE-2014-8128.patch + - fix CVE-2014-8128: Out-of-bounds Write in the thumbnail and + tiffcmp tools (upsteam bug #2499) [bsc#960341] + ------------------------------------------------------------------- Mon Jan 11 13:53:42 UTC 2016 - kstreitova@suse.com -- add tiff-4.0.4-uninitialized_mem_NeXTDecode.patch to fix - uninitialized memory in NeXTDecode (upstream bug #2508) - [bnc#942690] +- Added patch: + * tiff-4.0.4-uninitialized_mem_NeXTDecode.patch + - fix uninitialized memory in NeXTDecode (upstream bug #2508) + [bsc#942690] ------------------------------------------------------------------- Tue Dec 8 15:55:30 UTC 2015 - p.drouand@gmail.com diff --git a/tiff.spec b/tiff.spec index 0137efb..1c45ad4 100644 --- a/tiff.spec +++ b/tiff.spec @@ -31,6 +31,8 @@ Patch0: tiff-4.0.3-seek.patch Patch1: tiff-4.0.3-compress-warning.patch # http://bugzilla.maptools.org/show_bug.cgi?id=2508 Patch2: tiff-4.0.4-uninitialized_mem_NeXTDecode.patch +# http://bugzilla.maptools.org/show_bug.cgi?id=2499 +Patch3: tiff-4.0.6-CVE-2014-8128.patch BuildRequires: gcc-c++ BuildRequires: libjpeg-devel BuildRequires: libtool @@ -94,6 +96,7 @@ the libtiff library. %patch0 -p1 %patch1 -p1 %patch2 +%patch3 %build CFLAGS="%{optflags} -fPIE"