pool/tiff
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 648691 from home:pgajdos

Browse Source 
- security update
  * CVE-2018-12900 [bsc#1099257]
    + tiff-CVE-2018-12900.patch

OBS-URL: https://build.opensuse.org/request/show/648691
OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=130
This commit is contained in:
Michael Vetter 2018-11-13 09:27:32 +00:00 committed by Git OBS Bridge
parent 8d04a2b496
commit 477879b0e1
3 changed files with 29 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
tiff-CVE-2018-12900.patch Normal file
View File

@ -0,0 +1,17 @@
Index: tiff-4.0.10/tools/tiffcp.c
===================================================================
--- tiff-4.0.10.orig/tools/tiffcp.c 2018-10-13 15:58:55.180101778 +0200
+++ tiff-4.0.10/tools/tiffcp.c 2018-11-12 17:00:52.706128841 +0100
@@ -1435,6 +1435,12 @@ DECLAREreadFunc(readSeparateTilesIntoBuf
status = 0;
goto done;
}
+ if (0xFFFFFFFF / tilew < spp)
+ {
+ TIFFError(TIFFFileName(in), "Error, either TileWidth (%u) or BitsPerSample (%u) is too large", tilew, bps);
+ status = 0;
+ goto done;
+ }
bytes_per_sample = bps/8;
for (row = 0; row < imagelength; row += tl) {

7
tiff.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Tue Nov 13 08:18:54 UTC 2018 - Petr Gajdos <pgajdos@suse.com>
- security update
* CVE-2018-12900 [bsc#1099257]
+ tiff-CVE-2018-12900.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Nov 12 11:37:11 UTC 2018 - Petr Gajdos <pgajdos@suse.com> Mon Nov 12 11:37:11 UTC 2018 - Petr Gajdos <pgajdos@suse.com>

7
tiff.spec
View File

@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9) # license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative. # published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/ # Please submit bugfixes or comments via https://bugs.opensuse.org/
# #
@ -32,7 +32,9 @@ Source3: baselibs.conf
Patch0: tiff-4.0.3-seek.patch Patch0: tiff-4.0.3-seek.patch
# http://bugzilla.maptools.org/show_bug.cgi?id=2442 # http://bugzilla.maptools.org/show_bug.cgi?id=2442
Patch1: tiff-4.0.3-compress-warning.patch Patch1: tiff-4.0.3-compress-warning.patch
# http://bugzilla.maptools.org/show_bug.cgi?id=2798
# https://gitlab.com/libtiff/libtiff/merge_requests/44
Patch2: tiff-CVE-2018-12900.patch
BuildRequires: gcc-c++ BuildRequires: gcc-c++
BuildRequires: libjpeg-devel BuildRequires: libjpeg-devel
BuildRequires: libtool BuildRequires: libtool
@ -95,6 +97,7 @@ the libtiff library.
%setup -q %setup -q
%patch0 -p1 %patch0 -p1
%patch1 -p1 %patch1 -p1
%patch2 -p1
%build %build
CFLAGS="%{optflags} -fPIE" CFLAGS="%{optflags} -fPIE"