Browse code
Patch libtiff for CVE-2017-17095
Change-Id: I2c5941a7349128eda577607cbba76705d3c54581
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/4788
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Xiaolin Li <xiaolinl@vmware.com>
DheerajSShetty authored on 2018/02/15 07:45:44Showing 2 changed files
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,28 @@ |
| 0 |
+diff --git a/tools/pal2rgb.c b/tools/pal2rgb.c |
|
| 1 |
+index 0423598..01fcf94 100644 |
|
| 2 |
+--- a/tools/pal2rgb.c |
|
| 3 |
+@@ -182,8 +182,21 @@ main(int argc, char* argv[]) |
|
| 4 |
+ { unsigned char *ibuf, *obuf;
|
|
| 5 |
+ register unsigned char* pp; |
|
| 6 |
+ register uint32 x; |
|
| 7 |
+- ibuf = (unsigned char*)_TIFFmalloc(TIFFScanlineSize(in)); |
|
| 8 |
+- obuf = (unsigned char*)_TIFFmalloc(TIFFScanlineSize(out)); |
|
| 9 |
++ tmsize_t tss_in = TIFFScanlineSize(in); |
|
| 10 |
++ tmsize_t tss_out = TIFFScanlineSize(out); |
|
| 11 |
++ if (tss_out / tss_in < 3) {
|
|
| 12 |
++ /* |
|
| 13 |
++ * BUG 2750: The following code does not know about chroma |
|
| 14 |
++ * subsampling of JPEG data. It assumes that the output buffer is 3x |
|
| 15 |
++ * the length of the input buffer due to exploding the palette into |
|
| 16 |
++ * RGB tuples. If this assumption is incorrect, it could lead to a |
|
| 17 |
++ * buffer overflow. Go ahead and fail now to prevent that. |
|
| 18 |
++ */ |
|
| 19 |
++ fprintf(stderr, "Could not determine correct image size for output. Exiting.\n"); |
|
| 20 |
++ return -1; |
|
| 21 |
++ } |
|
| 22 |
++ ibuf = (unsigned char*)_TIFFmalloc(tss_in); |
|
| 23 |
++ obuf = (unsigned char*)_TIFFmalloc(tss_out); |
|
| 24 |
+ switch (config) {
|
|
| 25 |
+ case PLANARCONFIG_CONTIG: |
|
| 26 |
+ for (row = 0; row < imagelength; row++) {
|
| ... | ... |
@@ -1,7 +1,7 @@ |
| 1 | 1 |
Summary: TIFF libraries and associated utilities. |
| 2 | 2 |
Name: libtiff |
| 3 | 3 |
Version: 4.0.9 |
| 4 |
-Release: 2%{?dist}
|
|
| 4 |
+Release: 3%{?dist}
|
|
| 5 | 5 |
License: libtiff |
| 6 | 6 |
URL: http://www.simplesystems.org/libtiff/ |
| 7 | 7 |
Group: System Environment/Libraries |
| ... | ... |
@@ -12,6 +12,7 @@ Source0: http://download.osgeo.org/%{name}/tiff-%{version}.tar.gz
|
| 12 | 12 |
# patches: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/ |
| 13 | 13 |
Patch0: libtiff-4.0.9-CVE-2017-18013.patch |
| 14 | 14 |
Patch1: libtiff-4.0.9-CVE-2017-9935.patch |
| 15 |
+Patch2: libtiff-4.0.9-CVE-2017-17095.patch |
|
| 15 | 16 |
BuildRequires: libjpeg-turbo-devel |
| 16 | 17 |
Requires: libjpeg-turbo |
| 17 | 18 |
%description |
| ... | ... |
@@ -28,6 +29,7 @@ It contains the libraries and header files to create applications |
| 28 | 28 |
%setup -q -n tiff-%{version}
|
| 29 | 29 |
%patch0 -p1 |
| 30 | 30 |
%patch1 -p1 |
| 31 |
+%patch2 -p1 |
|
| 31 | 32 |
%build |
| 32 | 33 |
%configure \ |
| 33 | 34 |
--disable-static |
| ... | ... |
@@ -61,6 +63,8 @@ make %{?_smp_mflags} -k check
|
| 61 | 61 |
%{_datadir}/man/man3/*
|
| 62 | 62 |
|
| 63 | 63 |
%changelog |
| 64 |
+* Wed Feb 14 2018 Dheeraj Shetty <dheerajs@vmware.com> 4.0.9-3 |
|
| 65 |
+- Patch for CVE-2017-17095 |
|
| 64 | 66 |
* Wed Jan 31 2018 Dheeraj Shetty <dheerajs@vmware.com> 4.0.9-2 |
| 65 | 67 |
- Repatched CVE-2017-9935 |
| 66 | 68 |
* Wed Jan 17 2018 Dheeraj Shetty <dheerajs@vmware.com> 4.0.9-1 |