rpms/libtiff
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import libtiff-4.0.9-15.el8

Browse Source
This commit is contained in:
CentOS Sources 2019-11-05 14:03:30 -05:00 committed by Andrew Lukoshko
parent cb12b3dbf7
commit cee0d49ecf
2 changed files with 56 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
SOURCES/libtiff-CVE-2018-12900.patch Normal file
View File

@ -0,0 +1,47 @@
From 775b0d85eab499ccf577e72ec202eb4c6fb37197 Mon Sep 17 00:00:00 2001
From: Thomas Bernard <miniupnp@free.fr>
Date: Mon, 11 Feb 2019 10:05:33 +0100
Subject: [PATCH] check that (Tile Width)*(Samples/Pixel) do no overflow
fixes bug 2833
---
tools/tiffcp.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/tools/tiffcp.c b/tools/tiffcp.c
index 489459a..0c66229 100644
--- a/tools/tiffcp.c
+++ b/tools/tiffcp.c
@@ -43,6 +43,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <limits.h>
#include <ctype.h>
@@ -1391,7 +1392,7 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer)
int status = 1;
uint32 imagew = TIFFRasterScanlineSize(in);
uint32 tilew = TIFFTileRowSize(in);
- int iskew = imagew - tilew*spp;
+ int iskew;
tsize_t tilesize = TIFFTileSize(in);
tdata_t tilebuf;
uint8* bufp = (uint8*) buf;
@@ -1399,6 +1400,12 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer)
uint32 row;
uint16 bps = 0, bytes_per_sample;
+ if (tilew && spp > (INT_MAX / tilew))
+ {
+ TIFFError(TIFFFileName(in), "Error, cannot handle that much samples per tile row (Tile Width * Samples/Pixel)");
+ return 0;
+ }
+ iskew = imagew - tilew*spp;
tilebuf = _TIFFmalloc(tilesize);
if (tilebuf == 0)
return 0;
--
2.21.0

10
SPECS/libtiff.spec
View File

@ -1,7 +1,7 @@
Summary: Library of functions for manipulating TIFF format image files Summary: Library of functions for manipulating TIFF format image files
Name: libtiff Name: libtiff
Version: 4.0.9 Version: 4.0.9
Release: 13%{?dist} Release: 15%{?dist}
License: libtiff License: libtiff
Group: System Environment/Libraries Group: System Environment/Libraries
URL: http://www.simplesystems.org/libtiff/ URL: http://www.simplesystems.org/libtiff/
@ -20,6 +20,7 @@ Patch8: libtiff-CVE-2018-17100.patch
Patch9: libtiff-coverity.patch Patch9: libtiff-coverity.patch
Patch10: libtiff-CVE-2018-18557.patch Patch10: libtiff-CVE-2018-18557.patch
Patch11: libtiff-CVE-2018-18661.patch Patch11: libtiff-CVE-2018-18661.patch
Patch12: libtiff-CVE-2018-12900.patch
BuildRequires: gcc, gcc-c++ BuildRequires: gcc, gcc-c++
BuildRequires: zlib-devel libjpeg-devel jbigkit-devel BuildRequires: zlib-devel libjpeg-devel jbigkit-devel
@ -83,6 +84,7 @@ image files using the libtiff library.
%patch9 -p1 %patch9 -p1
%patch10 -p1 %patch10 -p1
%patch11 -p1 %patch11 -p1
%patch12 -p1
# Use build system's libtool.m4, not the one in the package. # Use build system's libtool.m4, not the one in the package.
rm -f libtool.m4 rm -f libtool.m4
@ -186,6 +188,12 @@ find html -name 'Makefile*' | xargs rm
%{_mandir}/man1/* %{_mandir}/man1/*
%changelog %changelog
* Wed Jun 12 2019 Nikola Forró <nforro@redhat.com> - 4.0.9-15
- Fix DIVIDE_BY_ZERO in patch for CVE-2018-12900 (#1595579)
* Thu Jun 06 2019 Nikola Forró <nforro@redhat.com> - 4.0.9-14
- Fix CVE-2018-12900 (#1595579)
* Thu Dec 13 2018 Nikola Forró <nforro@redhat.com> - 4.0.9-13 * Thu Dec 13 2018 Nikola Forró <nforro@redhat.com> - 4.0.9-13
- Fix compiler warning introduced by patch for CVE-2018-18661 - Fix compiler warning introduced by patch for CVE-2018-18661