import libtiff-4.0.9-21.el8
This commit is contained in:
CentOS Sources
Stepan Oksanichenko
parent
fc3854500b
commit
fee48b4a43
89
SOURCES/libtiff-CVE-2020-19131.patch
Normal file
89
SOURCES/libtiff-CVE-2020-19131.patch
Normal file
@ -0,0 +1,89 @@
|
|||||||
|
From b64713005e6110c36265750435cfa641d3a9281f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Thomas Bernard <miniupnp@free.fr>
|
||||||
|
Date: Mon, 11 Feb 2019 23:08:25 +0100
|
||||||
|
Subject: [PATCH] tiffcrop.c: fix invertImage() for bps 2 and 4
|
||||||
|
|
||||||
|
too much bytes were processed, causing a heap buffer overrun
|
||||||
|
http://bugzilla.maptools.org/show_bug.cgi?id=2831
|
||||||
|
the loop counter must be
|
||||||
|
for (col = 0; col < width; col += 8 / bps)
|
||||||
|
|
||||||
|
Also the values were not properly calculated. It should be
|
||||||
|
255-x, 15-x, 3-x for bps 8, 4, 2.
|
||||||
|
|
||||||
|
But anyway it is easyer to invert all bits as 255-x = ~x, etc.
|
||||||
|
(substracting from a binary number composed of all 1 is like inverting
|
||||||
|
the bits)
|
||||||
|
---
|
||||||
|
tools/tiffcrop.c | 37 ++++++-------------------------------
|
||||||
|
1 file changed, 6 insertions(+), 31 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
|
||||||
|
index 3862b1c..a612914 100644
|
||||||
|
--- a/tools/tiffcrop.c
|
||||||
|
+++ b/tools/tiffcrop.c
|
||||||
|
@@ -9142,7 +9142,6 @@ static int
|
||||||
|
invertImage(uint16 photometric, uint16 spp, uint16 bps, uint32 width, uint32 length, unsigned char *work_buff)
|
||||||
|
{
|
||||||
|
uint32 row, col;
|
||||||
|
- unsigned char bytebuff1, bytebuff2, bytebuff3, bytebuff4;
|
||||||
|
unsigned char *src;
|
||||||
|
uint16 *src_uint16;
|
||||||
|
uint32 *src_uint32;
|
||||||
|
@@ -9172,7 +9171,7 @@ invertImage(uint16 photometric, uint16 spp, uint16 bps, uint32 width, uint32 len
|
||||||
|
for (row = 0; row < length; row++)
|
||||||
|
for (col = 0; col < width; col++)
|
||||||
|
{
|
||||||
|
- *src_uint32 = (uint32)0xFFFFFFFF - *src_uint32;
|
||||||
|
+ *src_uint32 = ~(*src_uint32);
|
||||||
|
src_uint32++;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
@@ -9180,39 +9179,15 @@ invertImage(uint16 photometric, uint16 spp, uint16 bps, uint32 width, uint32 len
|
||||||
|
for (row = 0; row < length; row++)
|
||||||
|
for (col = 0; col < width; col++)
|
||||||
|
{
|
||||||
|
- *src_uint16 = (uint16)0xFFFF - *src_uint16;
|
||||||
|
+ *src_uint16 = ~(*src_uint16);
|
||||||
|
src_uint16++;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
- case 8: for (row = 0; row < length; row++)
|
||||||
|
- for (col = 0; col < width; col++)
|
||||||
|
- {
|
||||||
|
- *src = (uint8)255 - *src;
|
||||||
|
- src++;
|
||||||
|
- }
|
||||||
|
- break;
|
||||||
|
- case 4: for (row = 0; row < length; row++)
|
||||||
|
- for (col = 0; col < width; col++)
|
||||||
|
- {
|
||||||
|
- bytebuff1 = 16 - (uint8)(*src & 240 >> 4);
|
||||||
|
- bytebuff2 = 16 - (*src & 15);
|
||||||
|
- *src = bytebuff1 << 4 & bytebuff2;
|
||||||
|
- src++;
|
||||||
|
- }
|
||||||
|
- break;
|
||||||
|
- case 2: for (row = 0; row < length; row++)
|
||||||
|
- for (col = 0; col < width; col++)
|
||||||
|
- {
|
||||||
|
- bytebuff1 = 4 - (uint8)(*src & 192 >> 6);
|
||||||
|
- bytebuff2 = 4 - (uint8)(*src & 48 >> 4);
|
||||||
|
- bytebuff3 = 4 - (uint8)(*src & 12 >> 2);
|
||||||
|
- bytebuff4 = 4 - (uint8)(*src & 3);
|
||||||
|
- *src = (bytebuff1 << 6) || (bytebuff2 << 4) || (bytebuff3 << 2) || bytebuff4;
|
||||||
|
- src++;
|
||||||
|
- }
|
||||||
|
- break;
|
||||||
|
+ case 8:
|
||||||
|
+ case 4:
|
||||||
|
+ case 2:
|
||||||
|
case 1: for (row = 0; row < length; row++)
|
||||||
|
- for (col = 0; col < width; col += 8 /(spp * bps))
|
||||||
|
+ for (col = 0; col < width; col += 8 / bps)
|
||||||
|
{
|
||||||
|
*src = ~(*src);
|
||||||
|
src++;
|
||||||
|
--
|
||||||
|
2.32.0
|
||||||
|
|
||||||
@ -1,7 +1,7 @@
|
|||||||
Summary: Library of functions for manipulating TIFF format image files
|
Summary: Library of functions for manipulating TIFF format image files
|
||||||
Name: libtiff
|
Name: libtiff
|
||||||
Version: 4.0.9
|
Version: 4.0.9
|
||||||
Release: 20%{?dist}
|
Release: 21%{?dist}
|
||||||
License: libtiff
|
License: libtiff
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
URL: http://www.simplesystems.org/libtiff/
|
URL: http://www.simplesystems.org/libtiff/
|
||||||
@ -26,6 +26,7 @@ Patch14: libtiff-CVE-2019-17546.patch
|
|||||||
Patch15: libtiff-CVE-2020-35521_CVE-2020-35522.patch
|
Patch15: libtiff-CVE-2020-35521_CVE-2020-35522.patch
|
||||||
Patch16: libtiff-CVE-2020-35523.patch
|
Patch16: libtiff-CVE-2020-35523.patch
|
||||||
Patch17: libtiff-CVE-2020-35524.patch
|
Patch17: libtiff-CVE-2020-35524.patch
|
||||||
|
Patch18: libtiff-CVE-2020-19131.patch
|
||||||
|
|
||||||
BuildRequires: gcc, gcc-c++
|
BuildRequires: gcc, gcc-c++
|
||||||
BuildRequires: zlib-devel libjpeg-devel jbigkit-devel
|
BuildRequires: zlib-devel libjpeg-devel jbigkit-devel
|
||||||
@ -95,6 +96,7 @@ image files using the libtiff library.
|
|||||||
%patch15 -p1
|
%patch15 -p1
|
||||||
%patch16 -p1
|
%patch16 -p1
|
||||||
%patch17 -p1
|
%patch17 -p1
|
||||||
|
%patch18 -p1
|
||||||
|
|
||||||
# Use build system's libtool.m4, not the one in the package.
|
# Use build system's libtool.m4, not the one in the package.
|
||||||
rm -f libtool.m4
|
rm -f libtool.m4
|
||||||
@ -198,6 +200,9 @@ find html -name 'Makefile*' | xargs rm
|
|||||||
%{_mandir}/man1/*
|
%{_mandir}/man1/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Sep 29 2021 Nikola Forró <nforro@redhat.com> - 4.0.9-21
|
||||||
|
- Fix CVE-2020-19131 (#2006535)
|
||||||
|
|
||||||
* Thu Apr 29 2021 Nikola Forró <nforro@redhat.com> - 4.0.9-20
|
* Thu Apr 29 2021 Nikola Forró <nforro@redhat.com> - 4.0.9-20
|
||||||
- Rebuild for fixed binutils (#1954437)
|
- Rebuild for fixed binutils (#1954437)
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user