pool/tiff
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 449993 from graphics

Browse Source 
CVE-2017-5225

OBS-URL: https://build.opensuse.org/request/show/449993
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tiff?expand=0&rev=64
This commit is contained in:
Dominique Leuenberger 2017-01-18 20:29:04 +00:00 committed by Git OBS Bridge
commit 87c6419082
3 changed files with 67 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
tiff-4.0.7-CVE-2017-5225.patch Normal file
View File

@ -0,0 +1,54 @@
--- tiff-4.0.7/tools/tiffcp.c 2016-10-12 03:45:17.405273596 +0200
+++ tiff-4.0.7/tools/tiffcp.c 2017-01-13 10:56:23.389485957 +0100
@@ -592,7 +592,7 @@
static int
tiffcp(TIFF* in, TIFF* out)
{
- uint16 bitspersample, samplesperpixel = 1;
+ uint16 bitspersample = 1, samplesperpixel = 1;
uint16 input_compression, input_photometric = PHOTOMETRIC_MINISBLACK;
copyFunc cf;
uint32 width, length;
@@ -1068,6 +1068,16 @@
register uint32 n;
uint32 row;
tsample_t s;
+ uint16 bps = 0;
+
+ (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
+ if( bps != 8 )
+ {
+ TIFFError(TIFFFileName(in),
+ "Error, can only handle BitsPerSample=8 in %s",
+ "cpContig2SeparateByRow");
+ return 0;
+ }
inbuf = _TIFFmalloc(scanlinesizein);
outbuf = _TIFFmalloc(scanlinesizeout);
@@ -1121,6 +1131,16 @@
register uint32 n;
uint32 row;
tsample_t s;
+ uint16 bps = 0;
+
+ (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
+ if( bps != 8 )
+ {
+ TIFFError(TIFFFileName(in),
+ "Error, can only handle BitsPerSample=8 in %s",
+ "cpSeparate2ContigByRow");
+ return 0;
+ }
inbuf = _TIFFmalloc(scanlinesizein);
outbuf = _TIFFmalloc(scanlinesizeout);
@@ -1763,7 +1783,7 @@
uint32 w, l, tw, tl;
int bychunk;
- (void) TIFFGetField(in, TIFFTAG_PLANARCONFIG, &shortv);
+ (void) TIFFGetFieldDefaulted(in, TIFFTAG_PLANARCONFIG, &shortv);
if (shortv != config && bitspersample != 8 && samplesperpixel > 1) {
fprintf(stderr,
"%s: Cannot handle different planar configuration w/ bits/sample != 8\n",

8
tiff.changes
View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Fri Jan 13 10:03:25 UTC 2017 - fstrba@suse.com
- Added patch:
* tiff-4.0.7-CVE-2017-5225.patch
- Upstream fix for CVE-2017-5225, bsc#1019611: heap buffer
overflow in tools/tiffcp via a crafted BitsPerSample value
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Dec 19 10:09:38 UTC 2016 - jengelh@inai.de Mon Dec 19 10:09:38 UTC 2016 - jengelh@inai.de

6
tiff.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package tiff # spec file for package tiff
# #
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -31,6 +31,9 @@ Patch0: tiff-4.0.3-seek.patch
Patch1: tiff-4.0.3-compress-warning.patch Patch1: tiff-4.0.3-compress-warning.patch
# http://bugzilla.maptools.org/show_bug.cgi?id=2508 # http://bugzilla.maptools.org/show_bug.cgi?id=2508
Patch3: tiff-4.0.7-CVE-2015-7554.patch Patch3: tiff-4.0.7-CVE-2015-7554.patch
# http://bugzilla.maptools.org/show_bug.cgi?id=2656 and
# http://bugzilla.maptools.org/show_bug.cgi?id=2657
Patch4: tiff-4.0.7-CVE-2017-5225.patch
BuildRequires: gcc-c++ BuildRequires: gcc-c++
BuildRequires: libjpeg-devel BuildRequires: libjpeg-devel
@ -95,6 +98,7 @@ the libtiff library.
%patch0 -p1 %patch0 -p1
%patch1 -p1 %patch1 -p1
%patch3 %patch3
%patch4 -p1
%build %build
CFLAGS="%{optflags} -fPIE" CFLAGS="%{optflags} -fPIE"