Accepting request 614015 from home:pgajdos
- security update
* CVE-2017-11613 [bsc#1082332]
+ tiff-CVE-2017-11613.patch
OBS-URL: https://build.opensuse.org/request/show/614015
OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=120
This commit is contained in:
Ismail Dönmez
Git OBS Bridge
parent
e68189b3a7
commit
3dcdb2c325
21
tiff-CVE-2017-11613.patch
Normal file
21
tiff-CVE-2017-11613.patch
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
Index: tiff-4.0.9/libtiff/tif_dirread.c
|
||||||
|
===================================================================
|
||||||
|
--- tiff-4.0.9.orig/libtiff/tif_dirread.c 2018-06-04 16:49:48.940452546 +0200
|
||||||
|
+++ tiff-4.0.9/libtiff/tif_dirread.c 2018-06-04 16:50:18.572859131 +0200
|
||||||
|
@@ -5760,6 +5760,16 @@ ChopUpSingleUncompressedStrip(TIFF* tif)
|
||||||
|
if( nstrips == 0 )
|
||||||
|
return;
|
||||||
|
|
||||||
|
+ /* If we are going to allocate a lot of memory, make sure that the */
|
||||||
|
+ /* file is as big as needed */
|
||||||
|
+ if( tif->tif_mode == O_RDONLY &&
|
||||||
|
+ nstrips > 1000000 &&
|
||||||
|
+ (offset >= TIFFGetFileSize(tif) ||
|
||||||
|
+ stripbytes > (TIFFGetFileSize(tif) - offset) / (nstrips - 1)) )
|
||||||
|
+ {
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
|
||||||
|
"for chopped \"StripByteCounts\" array");
|
||||||
|
newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
|
||||||
@ -1,3 +1,10 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Jun 4 15:12:15 UTC 2018 - pgajdos@suse.com
|
||||||
|
|
||||||
|
- security update
|
||||||
|
* CVE-2017-11613 [bsc#1082332]
|
||||||
|
+ tiff-CVE-2017-11613.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Jun 4 12:55:54 UTC 2018 - pgajdos@suse.com
|
Mon Jun 4 12:55:54 UTC 2018 - pgajdos@suse.com
|
||||||
|
|
||||||
|
|||||||
@ -35,6 +35,7 @@ Patch3: tiff-4.0.9-bsc1081690-CVE-2018-5784.patch
|
|||||||
Patch4: tiff-CVE-2018-10963.patch
|
Patch4: tiff-CVE-2018-10963.patch
|
||||||
Patch5: tiff-CVE-2017-18013.patch
|
Patch5: tiff-CVE-2017-18013.patch
|
||||||
Patch6: tiff-CVE-2018-7456.patch
|
Patch6: tiff-CVE-2018-7456.patch
|
||||||
|
Patch7: tiff-CVE-2017-11613.patch
|
||||||
|
|
||||||
BuildRequires: gcc-c++
|
BuildRequires: gcc-c++
|
||||||
BuildRequires: libjpeg-devel
|
BuildRequires: libjpeg-devel
|
||||||
@ -103,6 +104,7 @@ the libtiff library.
|
|||||||
%patch4 -p1
|
%patch4 -p1
|
||||||
%patch5 -p1
|
%patch5 -p1
|
||||||
%patch6 -p1
|
%patch6 -p1
|
||||||
|
%patch7 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
CFLAGS="%{optflags} -fPIE"
|
CFLAGS="%{optflags} -fPIE"
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user