pool/tiff
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 642627 from home:pgajdos

Browse Source 
- security update
  * CVE-2018-17100 [bsc#1108637]
    + tiff-CVE-2018-17100.patch
  * CVE-2018-17101 [bsc#1108627]
    + tiff-CVE-2018-17101.patch

OBS-URL: https://build.opensuse.org/request/show/642627
OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=125
This commit is contained in:
Ismail Dönmez 2018-10-17 11:39:01 +00:00 committed by Git OBS Bridge
parent 9835a6513f
commit ee295f46b9
4 changed files with 99 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
tiff-CVE-2018-17100.patch Normal file
View File

@ -0,0 +1,27 @@
Index: tiff-4.0.9/tools/ppm2tiff.c
===================================================================
--- tiff-4.0.9.orig/tools/ppm2tiff.c 2018-10-17 12:25:05.271940872 +0200
+++ tiff-4.0.9/tools/ppm2tiff.c 2018-10-17 12:26:15.468262130 +0200
@@ -72,15 +72,16 @@ BadPPM(char* file)
exit(-2);
}
+
+#define TIFF_SIZE_T_MAX ((size_t) ~ ((size_t)0))
+#define TIFF_TMSIZE_T_MAX (tmsize_t)(TIFF_SIZE_T_MAX >> 1)
+
static tmsize_t
multiply_ms(tmsize_t m1, tmsize_t m2)
{
- tmsize_t bytes = m1 * m2;
-
- if (m1 && bytes / m1 != m2)
- bytes = 0;
-
- return bytes;
+ if( m1 == 0 || m2 > TIFF_TMSIZE_T_MAX / m1 )
+ return 0;
+ return m1 * m2;
}
int

58
tiff-CVE-2018-17101.patch Normal file
View File

@ -0,0 +1,58 @@
diff --git a/tools/pal2rgb.c b/tools/pal2rgb.c
index 01fcf941..01d8502e 100644
--- a/tools/pal2rgb.c
+++ b/tools/pal2rgb.c
@@ -402,7 +402,23 @@ cpTags(TIFF* in, TIFF* out)
{
struct cpTag *p;
for (p = tags; p < &tags[NTAGS]; p++)
- cpTag(in, out, p->tag, p->count, p->type);
+ {
+ if( p->tag == TIFFTAG_GROUP3OPTIONS )
+ {
+ uint16 compression;
+ if( !TIFFGetField(in, TIFFTAG_COMPRESSION, &compression) ||
+ compression != COMPRESSION_CCITTFAX3 )
+ continue;
+ }
+ if( p->tag == TIFFTAG_GROUP4OPTIONS )
+ {
+ uint16 compression;
+ if( !TIFFGetField(in, TIFFTAG_COMPRESSION, &compression) ||
+ compression != COMPRESSION_CCITTFAX4 )
+ continue;
+ }
+ cpTag(in, out, p->tag, p->count, p->type);
+ }
}
#undef NTAGS
diff --git a/tools/tiff2bw.c b/tools/tiff2bw.c
index 05faba87..5bef3142 100644
--- a/tools/tiff2bw.c
+++ b/tools/tiff2bw.c
@@ -450,7 +450,23 @@ cpTags(TIFF* in, TIFF* out)
{
struct cpTag *p;
for (p = tags; p < &tags[NTAGS]; p++)
- cpTag(in, out, p->tag, p->count, p->type);
+ {
+ if( p->tag == TIFFTAG_GROUP3OPTIONS )
+ {
+ uint16 compression;
+ if( !TIFFGetField(in, TIFFTAG_COMPRESSION, &compression) ||
+ compression != COMPRESSION_CCITTFAX3 )
+ continue;
+ }
+ if( p->tag == TIFFTAG_GROUP4OPTIONS )
+ {
+ uint16 compression;
+ if( !TIFFGetField(in, TIFFTAG_COMPRESSION, &compression) ||
+ compression != COMPRESSION_CCITTFAX4 )
+ continue;
+ }
+ cpTag(in, out, p->tag, p->count, p->type);
+ }
}
#undef NTAGS

9
tiff.changes
View File

@ -1,3 +1,12 @@
-------------------------------------------------------------------
Wed Oct 17 11:29:07 UTC 2018 - Petr Gajdos <pgajdos@suse.com>
- security update
* CVE-2018-17100 [bsc#1108637]
+ tiff-CVE-2018-17100.patch
* CVE-2018-17101 [bsc#1108627]
+ tiff-CVE-2018-17101.patch
-------------------------------------------------------------------
Fri Aug 24 11:43:53 UTC 2018 - pgajdos@suse.com

6
tiff.spec
View File

@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
@ -38,6 +38,8 @@ Patch6: tiff-CVE-2018-7456.patch
Patch7: tiff-CVE-2017-11613.patch
Patch8: tiff-CVE-2018-8905.patch
Patch9: tiff-CVE-2018-10779.patch
Patch10: tiff-CVE-2018-17100.patch
Patch11: tiff-CVE-2018-17101.patch
BuildRequires: gcc-c++
BuildRequires: libjpeg-devel
@ -109,6 +111,8 @@ the libtiff library.
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%build
CFLAGS="%{optflags} -fPIE"