diff --git a/libtiff-CVE-2014-9655.patch b/libtiff-CVE-2014-9655.patch new file mode 100644 index 0000000..e80edd7 --- /dev/null +++ b/libtiff-CVE-2014-9655.patch @@ -0,0 +1,68 @@ +diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c +index a85273c..5e0cf92 100644 +--- a/libtiff/tif_getimage.c ++++ b/libtiff/tif_getimage.c +@@ -1852,10 +1852,10 @@ DECLAREContigPutFunc(putcontig8bitYCbCr42tile) + + (void) y; + fromskew = (fromskew * 10) / 4; +- if ((h & 3) == 0 && (w & 1) == 0) { ++ if ((w & 3) == 0 && (h & 1) == 0) { + for (; h >= 2; h -= 2) { + x = w>>2; +- do { ++ while(x>0) { + int32 Cb = pp[8]; + int32 Cr = pp[9]; + +@@ -1870,7 +1870,8 @@ DECLAREContigPutFunc(putcontig8bitYCbCr42tile) + + cp += 4, cp1 += 4; + pp += 10; +- } while (--x); ++ x--; ++ } + cp += incr, cp1 += incr; + pp += fromskew; + } +@@ -2031,7 +2032,7 @@ DECLAREContigPutFunc(putcontig8bitYCbCr21tile) + fromskew = (fromskew * 4) / 2; + do { + x = w>>1; +- do { ++ while(x>0) { + int32 Cb = pp[2]; + int32 Cr = pp[3]; + +@@ -2040,7 +2041,8 @@ DECLAREContigPutFunc(putcontig8bitYCbCr21tile) + + cp += 2; + pp += 4; +- } while (--x); ++ x--; ++ } + + if( (w&1) != 0 ) + { +diff --git a/libtiff/tif_next.c b/libtiff/tif_next.c +index 524e127..a6f4577 100644 +--- a/libtiff/tif_next.c ++++ b/libtiff/tif_next.c +@@ -71,7 +71,7 @@ NeXTDecode(TIFF* tif, uint8* buf, tmsize_t occ, uint16 s) + TIFFErrorExt(tif->tif_clientdata, module, "Fractional scanlines cannot be read"); + return (0); + } +- for (row = buf; occ > 0; occ -= scanline, row += scanline) { ++ for (row = buf; cc > 0 && occ > 0; occ -= scanline, row += scanline) { + n = *bp++, cc--; + switch (n) { + case LITERALROW: +@@ -90,6 +90,8 @@ NeXTDecode(TIFF* tif, uint8* buf, tmsize_t occ, uint16 s) + * The scanline has a literal span that begins at some + * offset. + */ ++ if( cc < 4 ) ++ goto bad; + off = (bp[0] * 256) + bp[1]; + n = (bp[2] * 256) + bp[3]; + if (cc < 4+n || off+n > scanline) diff --git a/libtiff.spec b/libtiff.spec index cd2bc2e..2ac8255 100644 --- a/libtiff.spec +++ b/libtiff.spec @@ -1,27 +1,27 @@ -Summary: Library of functions for manipulating TIFF format image files -Name: libtiff -Version: 4.0.3 -Release: 19%{?dist} +Summary: Library of functions for manipulating TIFF format image files +Name: libtiff +Version: 4.0.3 +Release: 20%{?dist} +License: libtiff +Group: System Environment/Libraries +URL: http://www.remotesensing.org/libtiff/ -License: libtiff -Group: System Environment/Libraries -URL: http://www.remotesensing.org/libtiff/ +Source: ftp://ftp.remotesensing.org/pub/libtiff/tiff-%{version}.tar.gz -Source: ftp://ftp.remotesensing.org/pub/libtiff/tiff-%{version}.tar.gz - -Patch0: libtiff-am-version.patch -Patch1: libtiff-CVE-2012-4447.patch -Patch2: libtiff-CVE-2012-4564.patch -Patch3: libtiff-printdir-width.patch -Patch4: libtiff-jpeg-test.patch -Patch5: libtiff-CVE-2013-1960.patch -Patch6: libtiff-CVE-2013-1961.patch -Patch7: libtiff-manpage-update.patch -Patch8: libtiff-CVE-2013-4231.patch -Patch9: libtiff-CVE-2013-4232.patch -Patch10: libtiff-CVE-2013-4244.patch -Patch11: libtiff-make-check.patch -Patch12: libtiff-CVE-2013-4243.patch +Patch0: libtiff-am-version.patch +Patch1: libtiff-CVE-2012-4447.patch +Patch2: libtiff-CVE-2012-4564.patch +Patch3: libtiff-printdir-width.patch +Patch4: libtiff-jpeg-test.patch +Patch5: libtiff-CVE-2013-1960.patch +Patch6: libtiff-CVE-2013-1961.patch +Patch7: libtiff-manpage-update.patch +Patch8: libtiff-CVE-2013-4231.patch +Patch9: libtiff-CVE-2013-4232.patch +Patch10: libtiff-CVE-2013-4244.patch +Patch11: libtiff-make-check.patch +Patch12: libtiff-CVE-2013-4243.patch +Patch13: libtiff-CVE-2014-9655.patch BuildRequires: zlib-devel libjpeg-devel jbigkit-devel BuildRequires: libtool automake autoconf pkgconfig @@ -36,10 +36,10 @@ The libtiff package should be installed if you need to manipulate TIFF format image files. %package devel -Summary: Development tools for programs which will use the libtiff library -Group: Development/Libraries -Requires: %{name}%{?_isa} = %{version}-%{release} -Requires: pkgconfig%{?_isa} +Summary: Development tools for programs which will use the libtiff library +Group: Development/Libraries +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: pkgconfig%{?_isa} %description devel This package contains the header files and documentation necessary for @@ -51,9 +51,9 @@ image files, you should install this package. You'll also need to install the libtiff package. %package static -Summary: Static TIFF image format file library -Group: Development/Libraries -Requires: %{name}-devel%{?_isa} = %{version}-%{release} +Summary: Static TIFF image format file library +Group: Development/Libraries +Requires: %{name}-devel%{?_isa} = %{version}-%{release} %description static The libtiff-static package contains the statically linkable version of libtiff. @@ -61,9 +61,9 @@ Linking to static libraries is discouraged for most applications, but it is necessary for some boot packages. %package tools -Summary: Command-line utility programs for manipulating TIFF files -Group: Development/Libraries -Requires: %{name}%{?_isa} = %{version}-%{release} +Summary: Command-line utility programs for manipulating TIFF files +Group: Development/Libraries +Requires: %{name}%{?_isa} = %{version}-%{release} %description tools This package contains command-line programs for manipulating TIFF format @@ -85,6 +85,7 @@ image files using the libtiff library. %patch10 -p1 %patch11 -p1 %patch12 -p1 +%patch13 -p1 # Use build system's libtool.m4, not the one in the package. rm -f libtool.m4 @@ -190,6 +191,9 @@ find html -name 'Makefile*' | xargs rm %{_mandir}/man1/* %changelog +* Tue May 19 2015 Petr Hracek - 4.0.3-20 +- CVE-2014-9655 and CVE-2015-1547 #1190710 + * Sat May 02 2015 Kalev Lember - 4.0.3-19 - Rebuilt for GCC 5 C++11 ABI change