Browse code
libtiff : fix CVE-2017-18013
Change-Id: Iba0410eaf3aa799a0740abb496f363aec7d6e9fa
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/4644
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Anish Swaminathan <anishs@vmware.com>
xiaolin-vmware authored on 2018/01/13 03:29:59Showing 2 changed files
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,34 @@ |
| 0 |
+From c6f41df7b581402dfba3c19a1e3df4454c551a01 Mon Sep 17 00:00:00 2001 |
|
| 1 |
+From: Even Rouault <even.rouault@spatialys.com> |
|
| 2 |
+Date: Sun, 31 Dec 2017 15:09:41 +0100 |
|
| 3 |
+Subject: [PATCH] libtiff/tif_print.c: TIFFPrintDirectory(): fix null pointer dereference on corrupted file. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2770 |
|
| 4 |
+ |
|
| 5 |
+--- |
|
| 6 |
+ libtiff/tif_print.c | 8 ++++---- |
|
| 7 |
+ 1 file changed, 4 insertions(+), 4 deletions(-) |
|
| 8 |
+ |
|
| 9 |
+diff --git a/libtiff/tif_print.c b/libtiff/tif_print.c |
|
| 10 |
+index 9959d35..8deceb2 100644 |
|
| 11 |
+--- a/libtiff/tif_print.c |
|
| 12 |
+@@ -665,13 +665,13 @@ TIFFPrintDirectory(TIFF* tif, FILE* fd, long flags) |
|
| 13 |
+ #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) |
|
| 14 |
+ fprintf(fd, " %3lu: [%8I64u, %8I64u]\n", |
|
| 15 |
+ (unsigned long) s, |
|
| 16 |
+- (unsigned __int64) td->td_stripoffset[s], |
|
| 17 |
+- (unsigned __int64) td->td_stripbytecount[s]); |
|
| 18 |
++ td->td_stripoffset ? (unsigned __int64) td->td_stripoffset[s] : 0, |
|
| 19 |
++ td->td_stripbytecount ? (unsigned __int64) td->td_stripbytecount[s] : 0); |
|
| 20 |
+ #else |
|
| 21 |
+ fprintf(fd, " %3lu: [%8llu, %8llu]\n", |
|
| 22 |
+ (unsigned long) s, |
|
| 23 |
+- (unsigned long long) td->td_stripoffset[s], |
|
| 24 |
+- (unsigned long long) td->td_stripbytecount[s]); |
|
| 25 |
++ td->td_stripoffset ? (unsigned long long) td->td_stripoffset[s] : 0, |
|
| 26 |
++ td->td_stripbytecount ? (unsigned long long) td->td_stripbytecount[s] : 0); |
|
| 27 |
+ #endif |
|
| 28 |
+ } |
|
| 29 |
+ } |
|
| 30 |
+-- |
|
| 31 |
+libgit2 0.26.0 |
|
| 32 |
+ |
| ... | ... |
@@ -1,7 +1,7 @@ |
| 1 | 1 |
Summary: TIFF libraries and associated utilities. |
| 2 | 2 |
Name: libtiff |
| 3 | 3 |
Version: 4.0.8 |
| 4 |
-Release: 7%{?dist}
|
|
| 4 |
+Release: 8%{?dist}
|
|
| 5 | 5 |
License: libtiff |
| 6 | 6 |
URL: http://www.simplesystems.org/libtiff/ |
| 7 | 7 |
Group: System Environment/Libraries |
| ... | ... |
@@ -19,6 +19,7 @@ Patch5: libtiff-4.0.8-CVE-2017-12944.patch |
| 19 | 19 |
Patch6: libtiff-4.0.8-CVE-2017-13726.patch |
| 20 | 20 |
Patch7: libtiff-4.0.8-CVE-2017-13727.patch |
| 21 | 21 |
Patch8: libtiff-4.0.8-CVE-2017-9935.patch |
| 22 |
+Patch9: libtiff-4.0.8-CVE-2017-18013.patch |
|
| 22 | 23 |
BuildRequires: libjpeg-turbo-devel |
| 23 | 24 |
Requires: libjpeg-turbo |
| 24 | 25 |
%description |
| ... | ... |
@@ -42,6 +43,7 @@ It contains the libraries and header files to create applications |
| 42 | 42 |
%patch6 -p1 |
| 43 | 43 |
%patch7 -p1 |
| 44 | 44 |
%patch8 -p1 |
| 45 |
+%patch9 -p1 |
|
| 45 | 46 |
%build |
| 46 | 47 |
%configure \ |
| 47 | 48 |
--disable-static |
| ... | ... |
@@ -75,6 +77,8 @@ make %{?_smp_mflags} -k check
|
| 75 | 75 |
%{_datadir}/man/man3/*
|
| 76 | 76 |
|
| 77 | 77 |
%changelog |
| 78 |
+* Fri Jan 12 2018 Xiaolin Li <xiaolinl@vmware.com> 4.0.8-8 |
|
| 79 |
+- Added patch for CVE-2017-18013 |
|
| 78 | 80 |
* Mon Dec 11 2017 Xiaolin Li <xiaolinl@vmware.com> 4.0.8-7 |
| 79 | 81 |
- Added patch for CVE-2017-9935 |
| 80 | 82 |
* Mon Nov 27 2017 Xiaolin Li <xiaolinl@vmware.com> 4.0.8-6 |