Browse code
Bug 1921157:[CVE-2017-11335] package : libtiff branch :2.0 Bug 1914892:[CVE-2017-9936] package : libtiff branch :2.0
Change-Id: If3e90fc7443bfdb02edcc019a9fb4df05d749803
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/3467
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Sharath George
harishspqr authored on 2017/08/10 07:12:52Showing 3 changed files
- SPECS/libtiff/libtiff-4.0.8-CVE-2017-11335.patch
- SPECS/libtiff/libtiff-4.0.8-CVE-2017-9936.patch
- SPECS/libtiff/libtiff.spec
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,18 @@ |
| 0 |
+diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c |
|
| 1 |
+index db196e04..cd1e2358 100644 |
|
| 2 |
+--- a/tools/tiff2pdf.c |
|
| 3 |
+@@ -1737,7 +1737,12 @@ void t2p_read_tiff_data(T2P* t2p, TIFF* input){
|
|
| 4 |
+ return; |
|
| 5 |
+ |
|
| 6 |
+ t2p->pdf_transcode = T2P_TRANSCODE_ENCODE; |
|
| 7 |
+- if(t2p->pdf_nopassthrough==0){
|
|
| 8 |
++ /* It seems that T2P_TRANSCODE_RAW mode doesn't support separate->contig */ |
|
| 9 |
++ /* conversion. At least t2p_read_tiff_size and t2p_read_tiff_size_tile */ |
|
| 10 |
++ /* do not take into account the number of samples, and thus */ |
|
| 11 |
++ /* that can cause heap buffer overflows such as in */ |
|
| 12 |
++ /* http://bugzilla.maptools.org/show_bug.cgi?id=2715 */ |
|
| 13 |
++ if(t2p->pdf_nopassthrough==0 && t2p->tiff_planar!=PLANARCONFIG_SEPARATE){
|
|
| 14 |
+ #ifdef CCITT_SUPPORT |
|
| 15 |
+ if(t2p->tiff_compression==COMPRESSION_CCITTFAX4 |
|
| 16 |
+ ){
|
| ... | ... |
@@ -1,7 +1,7 @@ |
| 1 | 1 |
Summary: TIFF libraries and associated utilities. |
| 2 | 2 |
Name: libtiff |
| 3 | 3 |
Version: 4.0.8 |
| 4 |
-Release: 2%{?dist}
|
|
| 4 |
+Release: 3%{?dist}
|
|
| 5 | 5 |
License: libtiff |
| 6 | 6 |
URL: http://www.simplesystems.org/libtiff/ |
| 7 | 7 |
Group: System Environment/Libraries |
| ... | ... |
@@ -13,6 +13,8 @@ Source0: http://download.osgeo.org/%{name}/tiff-%{version}.tar.gz
|
| 13 | 13 |
Patch0: libtiff-4.0.6-CVE-2015-7554.patch |
| 14 | 14 |
Patch1: libtiff-4.0.6-CVE-2015-1547.patch |
| 15 | 15 |
Patch2: libtiff-CVE-2017-10688.patch |
| 16 |
+Patch3: libtiff-4.0.8-CVE-2017-9936.patch |
|
| 17 |
+Patch4: libtiff-4.0.8-CVE-2017-11335.patch |
|
| 16 | 18 |
BuildRequires: libjpeg-turbo-devel |
| 17 | 19 |
Requires: libjpeg-turbo |
| 18 | 20 |
%description |
| ... | ... |
@@ -30,7 +32,8 @@ It contains the libraries and header files to create applications |
| 30 | 30 |
%patch0 -p1 |
| 31 | 31 |
%patch1 -p1 |
| 32 | 32 |
%patch2 -p1 |
| 33 |
- |
|
| 33 |
+%patch3 -p1 |
|
| 34 |
+%patch4 -p1 |
|
| 34 | 35 |
%build |
| 35 | 36 |
./configure \ |
| 36 | 37 |
--prefix=%{_prefix} \
|
| ... | ... |
@@ -65,6 +68,8 @@ make %{?_smp_mflags} -k check
|
| 65 | 65 |
%{_datadir}/man/man3/*
|
| 66 | 66 |
|
| 67 | 67 |
%changelog |
| 68 |
+* Wed Aug 09 2017 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 4.0.8-3 |
|
| 69 |
+- Added patch for CVE-2017-9936, CVE-2017-11335 |
|
| 68 | 70 |
* Tue Jul 11 2017 Divya Thaluru <dthaluru@vmware.com> 4.0.8-2 |
| 69 | 71 |
- Applied patch for CVE-2017-10688 |
| 70 | 72 |
* Wed Jun 07 2017 Xiaolin Li <xiaolinl@vmware.com> 4.0.8-1 |