Petr Gajdos
daa5f36cc1
CVE-2014-8129, CVE-2014-8130, CVE-2015-1547
bnc#914890, bnc#916925, bnc#916927
+ erouault.2856.patch
+ erouault.2857.patch
+ erouault.2858.patch
+ erouault.2859.patch
+ erouault.2860.patch
+ erouault.2861.patch
+ erouault.2862.patch
+ erouault.2863.patch
+ erouault.2876.patch
+ bfriesen.2805.patch
+ tiff-handle-TIFFTAG_CONSECUTIVEBADFAXLINES.patch
+ tiff-handle-TIFFTAG_PREDICTOR.patch
+ tiff-dither-malloc-check.patch
OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=65
86 lines
2.8 KiB
Diff
86 lines
2.8 KiB
Diff
---------------------
|
|
PatchSet 2860
|
|
Date: 2014/12/21 20:52:42
|
|
Author: erouault
|
|
Branch: HEAD
|
|
Tag: (none)
|
|
Log:
|
|
* tools/thumbnail.c, tools/tiffcmp.c: only read/write TIFFTAG_GROUP3OPTIONS
|
|
or TIFFTAG_GROUP4OPTIONS if compression is COMPRESSION_CCITTFAX3 or
|
|
COMPRESSION_CCITTFAX4
|
|
http://bugzilla.maptools.org/show_bug.cgi?id=2493 (CVE-2014-8128)
|
|
|
|
Members:
|
|
ChangeLog:1.964->1.965
|
|
tools/thumbnail.c:1.17->1.18
|
|
tools/tiffcmp.c:1.16->1.17
|
|
|
|
|
|
Index: libtiff/tools/thumbnail.c
|
|
diff -u libtiff/tools/thumbnail.c:1.17 libtiff/tools/thumbnail.c:1.18
|
|
--- libtiff/tools/thumbnail.c:1.17 Sun Dec 7 17:33:06 2014
|
|
+++ libtiff/tools/thumbnail.c Sun Dec 21 13:52:42 2014
|
|
@@ -274,7 +274,26 @@
|
|
{
|
|
struct cpTag *p;
|
|
for (p = tags; p < &tags[NTAGS]; p++)
|
|
- cpTag(in, out, p->tag, p->count, p->type);
|
|
+ {
|
|
+ /* Horrible: but TIFFGetField() expects 2 arguments to be passed */
|
|
+ /* if we request a tag that is defined in a codec, but that codec */
|
|
+ /* isn't used */
|
|
+ if( p->tag == TIFFTAG_GROUP3OPTIONS )
|
|
+ {
|
|
+ uint16 compression;
|
|
+ if( !TIFFGetField(in, TIFFTAG_COMPRESSION, &compression) ||
|
|
+ compression != COMPRESSION_CCITTFAX3 )
|
|
+ continue;
|
|
+ }
|
|
+ if( p->tag == TIFFTAG_GROUP4OPTIONS )
|
|
+ {
|
|
+ uint16 compression;
|
|
+ if( !TIFFGetField(in, TIFFTAG_COMPRESSION, &compression) ||
|
|
+ compression != COMPRESSION_CCITTFAX4 )
|
|
+ continue;
|
|
+ }
|
|
+ cpTag(in, out, p->tag, p->count, p->type);
|
|
+ }
|
|
}
|
|
#undef NTAGS
|
|
|
|
Index: libtiff/tools/tiffcmp.c
|
|
diff -u libtiff/tools/tiffcmp.c:1.16 libtiff/tools/tiffcmp.c:1.17
|
|
--- libtiff/tools/tiffcmp.c:1.16 Wed Mar 10 13:56:50 2010
|
|
+++ libtiff/tools/tiffcmp.c Sun Dec 21 13:52:42 2014
|
|
@@ -260,6 +260,7 @@
|
|
static int
|
|
cmptags(TIFF* tif1, TIFF* tif2)
|
|
{
|
|
+ uint16 compression1, compression2;
|
|
CmpLongField(TIFFTAG_SUBFILETYPE, "SubFileType");
|
|
CmpLongField(TIFFTAG_IMAGEWIDTH, "ImageWidth");
|
|
CmpLongField(TIFFTAG_IMAGELENGTH, "ImageLength");
|
|
@@ -276,8 +277,20 @@
|
|
CmpShortField(TIFFTAG_SAMPLEFORMAT, "SampleFormat");
|
|
CmpFloatField(TIFFTAG_XRESOLUTION, "XResolution");
|
|
CmpFloatField(TIFFTAG_YRESOLUTION, "YResolution");
|
|
- CmpLongField(TIFFTAG_GROUP3OPTIONS, "Group3Options");
|
|
- CmpLongField(TIFFTAG_GROUP4OPTIONS, "Group4Options");
|
|
+ if( TIFFGetField(tif1, TIFFTAG_COMPRESSION, &compression1) &&
|
|
+ compression1 == COMPRESSION_CCITTFAX3 &&
|
|
+ TIFFGetField(tif2, TIFFTAG_COMPRESSION, &compression2) &&
|
|
+ compression2 == COMPRESSION_CCITTFAX3 )
|
|
+ {
|
|
+ CmpLongField(TIFFTAG_GROUP3OPTIONS, "Group3Options");
|
|
+ }
|
|
+ if( TIFFGetField(tif1, TIFFTAG_COMPRESSION, &compression1) &&
|
|
+ compression1 == COMPRESSION_CCITTFAX4 &&
|
|
+ TIFFGetField(tif2, TIFFTAG_COMPRESSION, &compression2) &&
|
|
+ compression2 == COMPRESSION_CCITTFAX4 )
|
|
+ {
|
|
+ CmpLongField(TIFFTAG_GROUP4OPTIONS, "Group4Options");
|
|
+ }
|
|
CmpShortField(TIFFTAG_RESOLUTIONUNIT, "ResolutionUnit");
|
|
CmpShortField(TIFFTAG_PLANARCONFIG, "PlanarConfiguration");
|
|
CmpLongField(TIFFTAG_ROWSPERSTRIP, "RowsPerStrip");
|