diff --git a/tiff-4.0.6-nextdecode-oob.patch b/tiff-4.0.4-uninitialized_mem_NeXTDecode.patch similarity index 85% rename from tiff-4.0.6-nextdecode-oob.patch rename to tiff-4.0.4-uninitialized_mem_NeXTDecode.patch index 263abc1..1c4b9ef 100644 --- a/tiff-4.0.6-nextdecode-oob.patch +++ b/tiff-4.0.4-uninitialized_mem_NeXTDecode.patch @@ -1,5 +1,5 @@ --- libtiff/tif_next.c 29 Dec 2014 12:09:11 -0000 1.16 -+++ libtiff/tif_next.c 27 Dec 2015 17:14:52 -0000 1.18 ++++ libtiff/tif_next.c 27 Dec 2015 16:55:20 -0000 1.17 @@ -37,7 +37,7 @@ case 0: op[0] = (unsigned char) ((v) << 6); break; \ case 1: op[0] |= (v) << 4; break; \ @@ -9,14 +9,14 @@ } \ } -@@ -103,6 +103,7 @@ - } - default: { - uint32 npixels = 0, grey; -+ tmsize_t op_offset = 0; +@@ -106,6 +106,7 @@ uint32 imagewidth = tif->tif_dir.td_imagewidth; if( isTiled(tif) ) imagewidth = tif->tif_dir.td_tilewidth; ++ tmsize_t op_offset = 0; + + /* + * The scanline is composed of a sequence of constant @@ -122,10 +123,15 @@ * bounds, potentially resulting in a security * issue. diff --git a/tiff.changes b/tiff.changes index 1ba2d68..9b70785 100644 --- a/tiff.changes +++ b/tiff.changes @@ -1,11 +1,9 @@ ------------------------------------------------------------------- -Mon Jan 11 09:48:49 UTC 2016 - fstrba@suse.com +Mon Jan 11 13:53:42 UTC 2016 - kstreitova@suse.com -- Added patch: - * tiff-4.0.6-nextdecode-oob.patch - - Fix potential out-of-bound write in NeXTDecode() triggered by - http://lcamtuf.coredump.cx/afl/vulns/libtiff5.tif (#2508, - bsc#942690) +- add tiff-4.0.4-uninitialized_mem_NeXTDecode.patch to fix + uninitialized memory in NeXTDecode (upstream bug #2508) + [bnc#942690] ------------------------------------------------------------------- Tue Dec 8 15:55:30 UTC 2015 - p.drouand@gmail.com diff --git a/tiff.spec b/tiff.spec index bbb68b0..0137efb 100644 --- a/tiff.spec +++ b/tiff.spec @@ -30,14 +30,11 @@ Patch0: tiff-4.0.3-seek.patch # http://bugzilla.maptools.org/show_bug.cgi?id=2442 Patch1: tiff-4.0.3-compress-warning.patch # http://bugzilla.maptools.org/show_bug.cgi?id=2508 -Patch2: tiff-4.0.6-nextdecode-oob.patch +Patch2: tiff-4.0.4-uninitialized_mem_NeXTDecode.patch BuildRequires: gcc-c++ BuildRequires: libjpeg-devel BuildRequires: libtool BuildRequires: zlib-devel -# FYI: this issue is solved another way -# http://bugzilla.maptools.org/show_bug.cgi?id=1985#c1 -# Patch9: tiff-%{version}-lzw-CVE-2009-2285.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %if 0%{?suse_version} > 1030 BuildRequires: lzma-devel @@ -96,7 +93,7 @@ the libtiff library. %setup -q %patch0 -p1 %patch1 -p1 -%patch2 -p0 +%patch2 %build CFLAGS="%{optflags} -fPIE"