Accepting request 614015 from home:pgajdos

- security update * CVE-2017-11613 [bsc#1082332] + tiff-CVE-2017-11613.patch OBS-URL: https://build.opensuse.org/request/show/614015 OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=120
2018-06-04 15:31:10 +00:00 · 2018-06-04 15:31:10 +00:00 · 3dcdb2c325
commit 3dcdb2c325
parent e68189b3a7
3 changed files with 30 additions and 0 deletions
--- a/tiff-CVE-2017-11613.patch
+++ b/tiff-CVE-2017-11613.patch
@ -0,0 +1,21 @@
+Index: tiff-4.0.9/libtiff/tif_dirread.c
+===================================================================
+--- tiff-4.0.9.orig/libtiff/tif_dirread.c	2018-06-04 16:49:48.940452546 +0200
+++ tiff-4.0.9/libtiff/tif_dirread.c	2018-06-04 16:50:18.572859131 +0200
+@@ -5760,6 +5760,16 @@ ChopUpSingleUncompressedStrip(TIFF* tif)
+         if( nstrips == 0 )
+             return;
+ 
+        /* If we are going to allocate a lot of memory, make sure that the */
+        /* file is as big as needed */
+        if( tif->tif_mode == O_RDONLY &&
+            nstrips > 1000000 &&
+            (offset >= TIFFGetFileSize(tif) ||
+             stripbytes > (TIFFGetFileSize(tif) - offset) / (nstrips - 1)) )
+        {
+            return;
+        }
+
+ 	newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
+ 				"for chopped \"StripByteCounts\" array");
+ 	newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
--- a/tiff.changes
+++ b/tiff.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon Jun  4 15:12:15 UTC 2018 - pgajdos@suse.com
+
+- security update
+  * CVE-2017-11613 [bsc#1082332]
+    + tiff-CVE-2017-11613.patch
+
 -------------------------------------------------------------------
 Mon Jun  4 12:55:54 UTC 2018 - pgajdos@suse.com

--- a/tiff.spec
+++ b/tiff.spec
@ -35,6 +35,7 @@ Patch3:         tiff-4.0.9-bsc1081690-CVE-2018-5784.patch
 Patch4:         tiff-CVE-2018-10963.patch
 Patch5:         tiff-CVE-2017-18013.patch
 Patch6:         tiff-CVE-2018-7456.patch
+Patch7:         tiff-CVE-2017-11613.patch

 BuildRequires:  gcc-c++
 BuildRequires:  libjpeg-devel
@ -103,6 +104,7 @@ the libtiff library.
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
+%patch7 -p1

 %build
 CFLAGS="%{optflags} -fPIE"