Change-Id: I5bdbc5abd128f5433f9363a1da0b61e7d16c199b
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/2361
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Anish Swaminathan <anishs@vmware.com>
1 | 1 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,11 @@ |
0 |
+--- a/tools/tiffcrop.c 2016-11-18 19:45:30.000000000 -0800 |
|
1 |
+@@ -3698,7 +3698,7 @@ static int readContigStripsIntoBuffer (T |
|
2 |
+ (unsigned long) strip, (unsigned long)rows); |
|
3 |
+ return 0; |
|
4 |
+ } |
|
5 |
+- bufp += bytes_read; |
|
6 |
++ bufp += stripsize; |
|
7 |
+ } |
|
8 |
+ |
|
9 |
+ return 1; |
0 | 10 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,29 @@ |
0 |
+--- a/tools/tiffcp.c 2017-04-10 16:05:52.888619200 -0700 |
|
1 |
+@@ -1183,7 +1183,7 @@ bad: |
|
2 |
+ |
|
3 |
+ static void |
|
4 |
+ cpStripToTile(uint8* out, uint8* in, |
|
5 |
+- uint32 rows, uint32 cols, int outskew, int inskew) |
|
6 |
++ uint32 rows, uint32 cols, int outskew, int64 inskew) |
|
7 |
+ { |
|
8 |
+ while (rows-- > 0) { |
|
9 |
+ uint32 j = cols; |
|
10 |
+@@ -1340,7 +1340,7 @@ DECLAREreadFunc(readContigTilesIntoBuffe |
|
11 |
+ tdata_t tilebuf; |
|
12 |
+ uint32 imagew = TIFFScanlineSize(in); |
|
13 |
+ uint32 tilew = TIFFTileRowSize(in); |
|
14 |
+- int iskew = imagew - tilew; |
|
15 |
++ int64 iskew = (int64)imagew - (int64)tilew; |
|
16 |
+ uint8* bufp = (uint8*) buf; |
|
17 |
+ uint32 tw, tl; |
|
18 |
+ uint32 row; |
|
19 |
+@@ -1368,7 +1368,7 @@ DECLAREreadFunc(readContigTilesIntoBuffe |
|
20 |
+ status = 0; |
|
21 |
+ goto done; |
|
22 |
+ } |
|
23 |
+- if (colb + tilew > imagew) { |
|
24 |
++ if (colb > iskew) { |
|
25 |
+ uint32 width = imagew - colb; |
|
26 |
+ uint32 oskew = tilew - width; |
|
27 |
+ cpStripToTile(bufp + colb, |
0 | 28 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,11 @@ |
0 |
+--- a/tools/tiff2pdf.c 2016-11-12 08:58:10.000000000 -0800 |
|
1 |
+@@ -2895,7 +2895,7 @@ tsize_t t2p_readwrite_pdf_image_tile(T2P |
|
2 |
+ return(0); |
|
3 |
+ } |
|
4 |
+ if(TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt) != 0) { |
|
5 |
+- if (count >= 4) { |
|
6 |
++ if (count > 4) { |
|
7 |
+ /* Ignore EOI marker of JpegTables */ |
|
8 |
+ _TIFFmemcpy(buffer, jpt, count - 2); |
|
9 |
+ bufferoffset += count - 2; |
... | ... |
@@ -1,7 +1,7 @@ |
1 | 1 |
Summary: TIFF libraries and associated utilities. |
2 | 2 |
Name: libtiff |
3 | 3 |
Version: 4.0.7 |
4 |
-Release: 2%{?dist} |
|
4 |
+Release: 3%{?dist} |
|
5 | 5 |
License: libtiff |
6 | 6 |
URL: http://www.remotesensing.org/libtiff |
7 | 7 |
Group: System Environment/Libraries |
... | ... |
@@ -12,6 +12,9 @@ Source0: http://download.osgeo.org/%{name}/tiff-%{version}.tar.gz |
12 | 12 |
Patch0: libtiff-4.0.6-CVE-2015-7554.patch |
13 | 13 |
Patch1: libtiff-4.0.6-CVE-2015-1547.patch |
14 | 14 |
Patch2: libtiff-4.0.7-CVE-2017-5225.patch |
15 |
+Patch3: libtiff-4.0.7-CVE-2016-10092.patch |
|
16 |
+Patch4: libtiff-4.0.7-CVE-2016-10093.patch |
|
17 |
+Patch5: libtiff-4.0.7-CVE-2016-10094.patch |
|
15 | 18 |
BuildRequires: libjpeg-turbo-devel |
16 | 19 |
Requires: libjpeg-turbo |
17 | 20 |
%description |
... | ... |
@@ -29,6 +32,9 @@ It contains the libraries and header files to create applications |
29 | 29 |
%patch0 -p1 |
30 | 30 |
%patch1 -p1 |
31 | 31 |
%patch2 -p1 |
32 |
+%patch3 -p1 |
|
33 |
+%patch4 -p1 |
|
34 |
+%patch5 -p1 |
|
32 | 35 |
|
33 | 36 |
%build |
34 | 37 |
./configure \ |
... | ... |
@@ -64,6 +70,8 @@ make %{?_smp_mflags} -k check |
64 | 64 |
%{_datadir}/man/man3/* |
65 | 65 |
|
66 | 66 |
%changelog |
67 |
+* Mon Apr 10 2017 Dheeraj Shetty <dheerajs@vmware.com> 4.0.7-3 |
|
68 |
+- Patch : CVE-2016-10092, CVE-2016-10093, CVE-2016-10094 |
|
67 | 69 |
* Thu Jan 19 2017 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 4.0.7-2 |
68 | 70 |
- Patch : CVE-2017-5225 |
69 | 71 |
* Thu Nov 24 2016 Alexey Makhalov <amakhalov@vmware.com> 4.0.7-1 |