Accepting request 643138 from graphics

OBS-URL: https://build.opensuse.org/request/show/643138
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tiff?expand=0&rev=75

tiff-CVE-2018-17100.patch

@@ -0,0 +1,27 @@
+Index: tiff-4.0.9/tools/ppm2tiff.c
+===================================================================
+--- tiff-4.0.9.orig/tools/ppm2tiff.c	2018-10-17 12:25:05.271940872 +0200
++++ tiff-4.0.9/tools/ppm2tiff.c	2018-10-17 12:26:15.468262130 +0200
+@@ -72,15 +72,16 @@ BadPPM(char* file)
+ 	exit(-2);
+ }
+ 
++
++#define TIFF_SIZE_T_MAX ((size_t) ~ ((size_t)0))
++#define TIFF_TMSIZE_T_MAX (tmsize_t)(TIFF_SIZE_T_MAX >> 1)
++
+ static tmsize_t
+ multiply_ms(tmsize_t m1, tmsize_t m2)
+ {
+-	tmsize_t bytes = m1 * m2;
+-
+-	if (m1 && bytes / m1 != m2)
+-		bytes = 0;
+-
+-	return bytes;
++        if( m1 == 0 || m2 > TIFF_TMSIZE_T_MAX / m1 )
++            return 0;
++        return m1 * m2;
+ }
+ 
+ int

tiff-CVE-2018-17101.patch

@@ -0,0 +1,58 @@
+diff --git a/tools/pal2rgb.c b/tools/pal2rgb.c
+index 01fcf941..01d8502e 100644
+--- a/tools/pal2rgb.c
++++ b/tools/pal2rgb.c
+@@ -402,7 +402,23 @@ cpTags(TIFF* in, TIFF* out)
+ {
+     struct cpTag *p;
+     for (p = tags; p < &tags[NTAGS]; p++)
+-	cpTag(in, out, p->tag, p->count, p->type);
++    {
++        if( p->tag == TIFFTAG_GROUP3OPTIONS )
++        {
++            uint16 compression;
++            if( !TIFFGetField(in, TIFFTAG_COMPRESSION, &compression) ||
++                    compression != COMPRESSION_CCITTFAX3 )
++                continue;
++        }
++        if( p->tag == TIFFTAG_GROUP4OPTIONS )
++        {
++            uint16 compression;
++            if( !TIFFGetField(in, TIFFTAG_COMPRESSION, &compression) ||
++                    compression != COMPRESSION_CCITTFAX4 )
++                continue;
++        }
++        cpTag(in, out, p->tag, p->count, p->type);
++    }
+ }
+ #undef NTAGS
+ 
+diff --git a/tools/tiff2bw.c b/tools/tiff2bw.c
+index 05faba87..5bef3142 100644
+--- a/tools/tiff2bw.c
++++ b/tools/tiff2bw.c
+@@ -450,7 +450,23 @@ cpTags(TIFF* in, TIFF* out)
+ {
+     struct cpTag *p;
+     for (p = tags; p < &tags[NTAGS]; p++)
+-	cpTag(in, out, p->tag, p->count, p->type);
++    {
++        if( p->tag == TIFFTAG_GROUP3OPTIONS )
++        {
++            uint16 compression;
++            if( !TIFFGetField(in, TIFFTAG_COMPRESSION, &compression) ||
++                    compression != COMPRESSION_CCITTFAX3 )
++                continue;
++        }
++        if( p->tag == TIFFTAG_GROUP4OPTIONS )
++        {
++            uint16 compression;
++            if( !TIFFGetField(in, TIFFTAG_COMPRESSION, &compression) ||
++                    compression != COMPRESSION_CCITTFAX4 )
++                continue;
++        }
++        cpTag(in, out, p->tag, p->count, p->type);
++    }
+ }
+ #undef NTAGS
+ 

tiff.changes

@@ -1,3 +1,24 @@
+-------------------------------------------------------------------
+Fri Oct 19 07:02:18 UTC 2018 - Petr Gajdos <pgajdos@suse.com>
+
+- security update
+  * CVE-2018-17795 [bsc#1110358]
+    % tiff-4.0.9-bsc1046077-CVE-2017-9935.patch renamed to
+      tiff-CVE-2017-9935,CVE-2018-17795.patch
+  * CVE-2018-16335 [bsc#1106853]
+    % tiff-CVE-2017-11613.patch renamed to
+      tiff-CVE-2017-11613,CVE-2018-16335,15209.patch
+- add a possibility to build with ASAN
+
+-------------------------------------------------------------------
+Wed Oct 17 11:29:07 UTC 2018 - Petr Gajdos <pgajdos@suse.com>
+
+- security update
+  * CVE-2018-17100 [bsc#1108637]
+    + tiff-CVE-2018-17100.patch
+  * CVE-2018-17101 [bsc#1108627]
+    + tiff-CVE-2018-17101.patch
+
 -------------------------------------------------------------------
 Fri Aug 24 11:43:53 UTC 2018 - pgajdos@suse.com
 

tiff.spec

@@ -12,10 +12,12 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
+%define         asan_build 0
+
 Name:           tiff
 Version:        4.0.9
 Release:        0
@@ -30,14 +32,16 @@ Patch0:         tiff-4.0.3-seek.patch
 # http://bugzilla.maptools.org/show_bug.cgi?id=2442
 Patch1:         tiff-4.0.3-compress-warning.patch
 # Contained in upstream repo. See bsc#1046077 for commit IDs.
-Patch2:         tiff-4.0.9-bsc1046077-CVE-2017-9935.patch
+Patch2:         tiff-CVE-2017-9935,CVE-2018-17795.patch
 Patch3:         tiff-4.0.9-bsc1081690-CVE-2018-5784.patch
 Patch4:         tiff-CVE-2018-10963.patch
 Patch5:         tiff-CVE-2017-18013.patch
 Patch6:         tiff-CVE-2018-7456.patch
-Patch7:         tiff-CVE-2017-11613.patch
+Patch7:         tiff-CVE-2017-11613,CVE-2018-16335,15209.patch
 Patch8:         tiff-CVE-2018-8905.patch
 Patch9:         tiff-CVE-2018-10779.patch
+Patch10:        tiff-CVE-2018-17100.patch
+Patch11:        tiff-CVE-2018-17101.patch
 
 BuildRequires:  gcc-c++
 BuildRequires:  libjpeg-devel
@@ -109,10 +113,15 @@ the libtiff library.
 %patch7 -p1
 %patch8 -p1
 %patch9 -p1
+%patch10 -p1
+%patch11 -p1
 
 %build
 CFLAGS="%{optflags} -fPIE"
 %configure --disable-static
+%if %{asan_build}
+find -name Makefile | xargs sed -i 's/\(^CFLAGS.*\)/\1 -fsanitize=address/'
+%endif
 make %{?_smp_mflags} LDFLAGS="-pie"
 
 %install
@@ -137,6 +146,10 @@ for tool in pal2rgb; do
 done
 
 %check
+%if %{asan_build}
+# ASAN needs /proc to be mounted
+exit 0
+%endif
 for i in tools test; do
 	(cd $i && make %{?_smp_mflags} check)
 done