pool/tiff
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 610255 from graphics

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/610255
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tiff?expand=0&rev=72
This commit is contained in:
Dominique Leuenberger 2018-05-19 13:41:47 +00:00 committed by Git OBS Bridge
commit f36f0f0149
4 changed files with 58 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
tiff-CVE-2017-18013.patch Normal file
View File

@ -0,0 +1,21 @@
--- a/libtiff/tif_print.c
+++ b/libtiff/tif_print.c
@@ -665,13 +665,13 @@ TIFFPrintDirectory(TIFF* tif, FILE* fd, long flags)
#if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
fprintf(fd, " %3lu: [%8I64u, %8I64u]\n",
(unsigned long) s,
- (unsigned __int64) td->td_stripoffset[s],
- (unsigned __int64) td->td_stripbytecount[s]);
+ td->td_stripoffset ? (unsigned __int64) td->td_stripoffset[s] : 0,
+ td->td_stripbytecount ? (unsigned __int64) td->td_stripbytecount[s] : 0);
#else
fprintf(fd, " %3lu: [%8llu, %8llu]\n",
(unsigned long) s,
- (unsigned long long) td->td_stripoffset[s],
- (unsigned long long) td->td_stripbytecount[s]);
+ td->td_stripoffset ? (unsigned long long) td->td_stripoffset[s] : 0,
+ td->td_stripbytecount ? (unsigned long long) td->td_stripbytecount[s] : 0);
#endif
}
}

19
tiff-CVE-2018-10963.patch Normal file
View File

@ -0,0 +1,19 @@
diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
index 2430de6..c15a28d 100644
--- a/libtiff/tif_dirwrite.c
+++ b/libtiff/tif_dirwrite.c
@@ -695,8 +695,11 @@ TIFFWriteDirectorySec(TIFF* tif, int isimage, int imagedone, uint64* pdiroff)
}
break;
default:
- assert(0); /* we should never get here */
- break;
+ TIFFErrorExt(tif->tif_clientdata,module,
+ "Cannot write tag %d (%s)",
+ TIFFFieldTag(o),
+ o->field_name ? o->field_name : "unknown");
+ goto bad;
}
}
}

14
tiff.changes
View File

@ -1,3 +1,17 @@
-------------------------------------------------------------------
Fri May 18 09:18:26 UTC 2018 - pgajdos@suse.com
- security update
* CVE-2017-18013 [bsc#1074317]
+ tiff-CVE-2017-18013.patch
-------------------------------------------------------------------
Tue May 15 12:26:45 UTC 2018 - pgajdos@suse.com
- security update
* CVE-2018-10963 [bsc#1092949]
+ tiff-CVE-2018-10963.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Feb 20 16:18:33 UTC 2018 - mvetter@suse.com Tue Feb 20 16:18:33 UTC 2018 - mvetter@suse.com

4
tiff.spec
View File

@ -32,6 +32,8 @@ Patch1: tiff-4.0.3-compress-warning.patch
# Contained in upstream repo. See bsc#1046077 for commit IDs. # Contained in upstream repo. See bsc#1046077 for commit IDs.
Patch2: tiff-4.0.9-bsc1046077-CVE-2017-9935.patch Patch2: tiff-4.0.9-bsc1046077-CVE-2017-9935.patch
Patch3: tiff-4.0.9-bsc1081690-CVE-2018-5784.patch Patch3: tiff-4.0.9-bsc1081690-CVE-2018-5784.patch
Patch4: tiff-CVE-2018-10963.patch
Patch5: tiff-CVE-2017-18013.patch
BuildRequires: gcc-c++ BuildRequires: gcc-c++
BuildRequires: libjpeg-devel BuildRequires: libjpeg-devel
@ -97,6 +99,8 @@ the libtiff library.
%patch1 -p1 %patch1 -p1
%patch2 -p1 %patch2 -p1
%patch3 -p1 %patch3 -p1
%patch4 -p1
%patch5 -p1
%build %build
CFLAGS="%{optflags} -fPIE" CFLAGS="%{optflags} -fPIE"