Change-Id: I990947cfa81f7b51c4dd68a5ddd19d163f717b90
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/4204
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Xiaolin Li <xiaolinl@vmware.com>
1 | 1 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,25 @@ |
0 |
+From f91ca83a21a6a583050e5a5755ce1441b2bf1d7e Mon Sep 17 00:00:00 2001 |
|
1 |
+From: Even Rouault <even.rouault@spatialys.com> |
|
2 |
+Date: Wed, 23 Aug 2017 13:21:41 +0000 |
|
3 |
+Subject: [PATCH] * libtiff/tif_dirwrite.c: replace assertion related to not |
|
4 |
+ finding the SubIFD tag by runtime check. Fixes |
|
5 |
+ http://bugzilla.maptools.org/show_bug.cgi?id=2727 Reported by team OWL337 |
|
6 |
+ |
|
7 |
+diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c |
|
8 |
+index 38edb3fb..a85f0627 100644 |
|
9 |
+--- a/libtiff/tif_dirwrite.c |
|
10 |
+@@ -821,7 +821,12 @@ TIFFWriteDirectorySec(TIFF* tif, int isimage, int imagedone, uint64* pdiroff) |
|
11 |
+ TIFFDirEntry* nb; |
|
12 |
+ for (na=0, nb=dir; ; na++, nb++) |
|
13 |
+ { |
|
14 |
+- assert(na<ndir); |
|
15 |
++ if( na == ndir ) |
|
16 |
++ { |
|
17 |
++ TIFFErrorExt(tif->tif_clientdata,module, |
|
18 |
++ "Cannot find SubIFD tag"); |
|
19 |
++ goto bad; |
|
20 |
++ } |
|
21 |
+ if (nb->tdir_tag==TIFFTAG_SUBIFD) |
|
22 |
+ break; |
|
23 |
+ } |
0 | 24 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,28 @@ |
0 |
+From b6af137bf9ef852f1a48a50a5afb88f9e9da01cc Mon Sep 17 00:00:00 2001 |
|
1 |
+From: Even Rouault <even.rouault@spatialys.com> |
|
2 |
+Date: Wed, 23 Aug 2017 13:33:42 +0000 |
|
3 |
+Subject: [PATCH] * libtiff/tif_dirwrite.c: replace assertion to tag value not |
|
4 |
+ fitting on uint32 when selecting the value of SubIFD tag by runtime check (in |
|
5 |
+ TIFFWriteDirectoryTagSubifd()). Fixes |
|
6 |
+ http://bugzilla.maptools.org/show_bug.cgi?id=2728 Reported by team OWL337 |
|
7 |
+ |
|
8 |
+diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c |
|
9 |
+index a85f0627..cad0a498 100644 |
|
10 |
+--- a/libtiff/tif_dirwrite.c |
|
11 |
+@@ -1949,7 +1949,14 @@ TIFFWriteDirectoryTagSubifd(TIFF* tif, uint32* ndir, TIFFDirEntry* dir) |
|
12 |
+ for (p=0; p < tif->tif_dir.td_nsubifd; p++) |
|
13 |
+ { |
|
14 |
+ assert(pa != 0); |
|
15 |
+- assert(*pa <= 0xFFFFFFFFUL); |
|
16 |
++ |
|
17 |
++ /* Could happen if an classicTIFF has a SubIFD of type LONG8 (which is illegal) */ |
|
18 |
++ if( *pa > 0xFFFFFFFFUL) |
|
19 |
++ { |
|
20 |
++ TIFFErrorExt(tif->tif_clientdata,module,"Illegal value for SubIFD tag"); |
|
21 |
++ _TIFFfree(o); |
|
22 |
++ return(0); |
|
23 |
++ } |
|
24 |
+ *pb++=(uint32)(*pa++); |
|
25 |
+ } |
|
26 |
+ n=TIFFWriteDirectoryTagCheckedIfdArray(tif,ndir,dir,TIFFTAG_SUBIFD,tif->tif_dir.td_nsubifd,o); |
... | ... |
@@ -1,7 +1,7 @@ |
1 | 1 |
Summary: TIFF libraries and associated utilities. |
2 | 2 |
Name: libtiff |
3 | 3 |
Version: 4.0.8 |
4 |
-Release: 5%{?dist} |
|
4 |
+Release: 6%{?dist} |
|
5 | 5 |
License: libtiff |
6 | 6 |
URL: http://www.simplesystems.org/libtiff/ |
7 | 7 |
Group: System Environment/Libraries |
... | ... |
@@ -16,6 +16,8 @@ Patch2: libtiff-CVE-2017-10688.patch |
16 | 16 |
Patch3: libtiff-4.0.8-CVE-2017-9936.patch |
17 | 17 |
Patch4: libtiff-4.0.8-CVE-2017-11335.patch |
18 | 18 |
Patch5: libtiff-4.0.8-CVE-2017-12944.patch |
19 |
+Patch6: libtiff-4.0.8-CVE-2017-13726.patch |
|
20 |
+Patch7: libtiff-4.0.8-CVE-2017-13727.patch |
|
19 | 21 |
BuildRequires: libjpeg-turbo-devel |
20 | 22 |
Requires: libjpeg-turbo |
21 | 23 |
%description |
... | ... |
@@ -36,6 +38,8 @@ It contains the libraries and header files to create applications |
36 | 36 |
%patch3 -p1 |
37 | 37 |
%patch4 -p1 |
38 | 38 |
%patch5 -p1 |
39 |
+%patch6 -p1 |
|
40 |
+%patch7 -p1 |
|
39 | 41 |
%build |
40 | 42 |
%configure \ |
41 | 43 |
--disable-static |
... | ... |
@@ -69,6 +73,8 @@ make %{?_smp_mflags} -k check |
69 | 69 |
%{_datadir}/man/man3/* |
70 | 70 |
|
71 | 71 |
%changelog |
72 |
+* Mon Nov 27 2017 Xiaolin Li <xiaolinl@vmware.com> 4.0.8-6 |
|
73 |
+- Added patches for CVE-2017-13726, CVE-2017-13727 |
|
72 | 74 |
* Mon Nov 13 2017 Dheeraj Shetty <dheerajs@vmware.com> 4.0.8-5 |
73 | 75 |
- Patch : CVE-2017-12944 |
74 | 76 |
* Fri Oct 13 2017 Alexey Makhalov <amakhalov@vmware.com> 4.0.8-4 |