CVE-2014-9655 and CVE-2015-1547 #1190710
Signed-off-by: Petr Hracek <phracek@redhat.com>
This commit is contained in:
Petr Hracek
parent
0012e06ddb
commit
37199ad8a2
68
libtiff-CVE-2014-9655.patch
Normal file
68
libtiff-CVE-2014-9655.patch
Normal file
@ -0,0 +1,68 @@
|
|||||||
|
diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c
|
||||||
|
index a85273c..5e0cf92 100644
|
||||||
|
--- a/libtiff/tif_getimage.c
|
||||||
|
+++ b/libtiff/tif_getimage.c
|
||||||
|
@@ -1852,10 +1852,10 @@ DECLAREContigPutFunc(putcontig8bitYCbCr42tile)
|
||||||
|
|
||||||
|
(void) y;
|
||||||
|
fromskew = (fromskew * 10) / 4;
|
||||||
|
- if ((h & 3) == 0 && (w & 1) == 0) {
|
||||||
|
+ if ((w & 3) == 0 && (h & 1) == 0) {
|
||||||
|
for (; h >= 2; h -= 2) {
|
||||||
|
x = w>>2;
|
||||||
|
- do {
|
||||||
|
+ while(x>0) {
|
||||||
|
int32 Cb = pp[8];
|
||||||
|
int32 Cr = pp[9];
|
||||||
|
|
||||||
|
@@ -1870,7 +1870,8 @@ DECLAREContigPutFunc(putcontig8bitYCbCr42tile)
|
||||||
|
|
||||||
|
cp += 4, cp1 += 4;
|
||||||
|
pp += 10;
|
||||||
|
- } while (--x);
|
||||||
|
+ x--;
|
||||||
|
+ }
|
||||||
|
cp += incr, cp1 += incr;
|
||||||
|
pp += fromskew;
|
||||||
|
}
|
||||||
|
@@ -2031,7 +2032,7 @@ DECLAREContigPutFunc(putcontig8bitYCbCr21tile)
|
||||||
|
fromskew = (fromskew * 4) / 2;
|
||||||
|
do {
|
||||||
|
x = w>>1;
|
||||||
|
- do {
|
||||||
|
+ while(x>0) {
|
||||||
|
int32 Cb = pp[2];
|
||||||
|
int32 Cr = pp[3];
|
||||||
|
|
||||||
|
@@ -2040,7 +2041,8 @@ DECLAREContigPutFunc(putcontig8bitYCbCr21tile)
|
||||||
|
|
||||||
|
cp += 2;
|
||||||
|
pp += 4;
|
||||||
|
- } while (--x);
|
||||||
|
+ x--;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
if( (w&1) != 0 )
|
||||||
|
{
|
||||||
|
diff --git a/libtiff/tif_next.c b/libtiff/tif_next.c
|
||||||
|
index 524e127..a6f4577 100644
|
||||||
|
--- a/libtiff/tif_next.c
|
||||||
|
+++ b/libtiff/tif_next.c
|
||||||
|
@@ -71,7 +71,7 @@ NeXTDecode(TIFF* tif, uint8* buf, tmsize_t occ, uint16 s)
|
||||||
|
TIFFErrorExt(tif->tif_clientdata, module, "Fractional scanlines cannot be read");
|
||||||
|
return (0);
|
||||||
|
}
|
||||||
|
- for (row = buf; occ > 0; occ -= scanline, row += scanline) {
|
||||||
|
+ for (row = buf; cc > 0 && occ > 0; occ -= scanline, row += scanline) {
|
||||||
|
n = *bp++, cc--;
|
||||||
|
switch (n) {
|
||||||
|
case LITERALROW:
|
||||||
|
@@ -90,6 +90,8 @@ NeXTDecode(TIFF* tif, uint8* buf, tmsize_t occ, uint16 s)
|
||||||
|
* The scanline has a literal span that begins at some
|
||||||
|
* offset.
|
||||||
|
*/
|
||||||
|
+ if( cc < 4 )
|
||||||
|
+ goto bad;
|
||||||
|
off = (bp[0] * 256) + bp[1];
|
||||||
|
n = (bp[2] * 256) + bp[3];
|
||||||
|
if (cc < 4+n || off+n > scanline)
|
||||||
68
libtiff.spec
68
libtiff.spec
@ -1,27 +1,27 @@
|
|||||||
Summary: Library of functions for manipulating TIFF format image files
|
Summary: Library of functions for manipulating TIFF format image files
|
||||||
Name: libtiff
|
Name: libtiff
|
||||||
Version: 4.0.3
|
Version: 4.0.3
|
||||||
Release: 19%{?dist}
|
Release: 20%{?dist}
|
||||||
|
License: libtiff
|
||||||
|
Group: System Environment/Libraries
|
||||||
|
URL: http://www.remotesensing.org/libtiff/
|
||||||
|
|
||||||
License: libtiff
|
Source: ftp://ftp.remotesensing.org/pub/libtiff/tiff-%{version}.tar.gz
|
||||||
Group: System Environment/Libraries
|
|
||||||
URL: http://www.remotesensing.org/libtiff/
|
|
||||||
|
|
||||||
Source: ftp://ftp.remotesensing.org/pub/libtiff/tiff-%{version}.tar.gz
|
Patch0: libtiff-am-version.patch
|
||||||
|
Patch1: libtiff-CVE-2012-4447.patch
|
||||||
Patch0: libtiff-am-version.patch
|
Patch2: libtiff-CVE-2012-4564.patch
|
||||||
Patch1: libtiff-CVE-2012-4447.patch
|
Patch3: libtiff-printdir-width.patch
|
||||||
Patch2: libtiff-CVE-2012-4564.patch
|
Patch4: libtiff-jpeg-test.patch
|
||||||
Patch3: libtiff-printdir-width.patch
|
Patch5: libtiff-CVE-2013-1960.patch
|
||||||
Patch4: libtiff-jpeg-test.patch
|
Patch6: libtiff-CVE-2013-1961.patch
|
||||||
Patch5: libtiff-CVE-2013-1960.patch
|
Patch7: libtiff-manpage-update.patch
|
||||||
Patch6: libtiff-CVE-2013-1961.patch
|
Patch8: libtiff-CVE-2013-4231.patch
|
||||||
Patch7: libtiff-manpage-update.patch
|
Patch9: libtiff-CVE-2013-4232.patch
|
||||||
Patch8: libtiff-CVE-2013-4231.patch
|
Patch10: libtiff-CVE-2013-4244.patch
|
||||||
Patch9: libtiff-CVE-2013-4232.patch
|
Patch11: libtiff-make-check.patch
|
||||||
Patch10: libtiff-CVE-2013-4244.patch
|
Patch12: libtiff-CVE-2013-4243.patch
|
||||||
Patch11: libtiff-make-check.patch
|
Patch13: libtiff-CVE-2014-9655.patch
|
||||||
Patch12: libtiff-CVE-2013-4243.patch
|
|
||||||
|
|
||||||
BuildRequires: zlib-devel libjpeg-devel jbigkit-devel
|
BuildRequires: zlib-devel libjpeg-devel jbigkit-devel
|
||||||
BuildRequires: libtool automake autoconf pkgconfig
|
BuildRequires: libtool automake autoconf pkgconfig
|
||||||
@ -36,10 +36,10 @@ The libtiff package should be installed if you need to manipulate TIFF
|
|||||||
format image files.
|
format image files.
|
||||||
|
|
||||||
%package devel
|
%package devel
|
||||||
Summary: Development tools for programs which will use the libtiff library
|
Summary: Development tools for programs which will use the libtiff library
|
||||||
Group: Development/Libraries
|
Group: Development/Libraries
|
||||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||||
Requires: pkgconfig%{?_isa}
|
Requires: pkgconfig%{?_isa}
|
||||||
|
|
||||||
%description devel
|
%description devel
|
||||||
This package contains the header files and documentation necessary for
|
This package contains the header files and documentation necessary for
|
||||||
@ -51,9 +51,9 @@ image files, you should install this package. You'll also need to
|
|||||||
install the libtiff package.
|
install the libtiff package.
|
||||||
|
|
||||||
%package static
|
%package static
|
||||||
Summary: Static TIFF image format file library
|
Summary: Static TIFF image format file library
|
||||||
Group: Development/Libraries
|
Group: Development/Libraries
|
||||||
Requires: %{name}-devel%{?_isa} = %{version}-%{release}
|
Requires: %{name}-devel%{?_isa} = %{version}-%{release}
|
||||||
|
|
||||||
%description static
|
%description static
|
||||||
The libtiff-static package contains the statically linkable version of libtiff.
|
The libtiff-static package contains the statically linkable version of libtiff.
|
||||||
@ -61,9 +61,9 @@ Linking to static libraries is discouraged for most applications, but it is
|
|||||||
necessary for some boot packages.
|
necessary for some boot packages.
|
||||||
|
|
||||||
%package tools
|
%package tools
|
||||||
Summary: Command-line utility programs for manipulating TIFF files
|
Summary: Command-line utility programs for manipulating TIFF files
|
||||||
Group: Development/Libraries
|
Group: Development/Libraries
|
||||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||||
|
|
||||||
%description tools
|
%description tools
|
||||||
This package contains command-line programs for manipulating TIFF format
|
This package contains command-line programs for manipulating TIFF format
|
||||||
@ -85,6 +85,7 @@ image files using the libtiff library.
|
|||||||
%patch10 -p1
|
%patch10 -p1
|
||||||
%patch11 -p1
|
%patch11 -p1
|
||||||
%patch12 -p1
|
%patch12 -p1
|
||||||
|
%patch13 -p1
|
||||||
|
|
||||||
# Use build system's libtool.m4, not the one in the package.
|
# Use build system's libtool.m4, not the one in the package.
|
||||||
rm -f libtool.m4
|
rm -f libtool.m4
|
||||||
@ -190,6 +191,9 @@ find html -name 'Makefile*' | xargs rm
|
|||||||
%{_mandir}/man1/*
|
%{_mandir}/man1/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue May 19 2015 Petr Hracek <phracek@redhat.com> - 4.0.3-20
|
||||||
|
- CVE-2014-9655 and CVE-2015-1547 #1190710
|
||||||
|
|
||||||
* Sat May 02 2015 Kalev Lember <kalevlember@gmail.com> - 4.0.3-19
|
* Sat May 02 2015 Kalev Lember <kalevlember@gmail.com> - 4.0.3-19
|
||||||
- Rebuilt for GCC 5 C++11 ABI change
|
- Rebuilt for GCC 5 C++11 ABI change
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user