Change-Id: I5739dde36159b9bd4693a3babd0108377b0c6bf6
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/4789
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Xiaolin Li <xiaolinl@vmware.com>
1 | 1 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,28 @@ |
0 |
+diff --git a/tools/pal2rgb.c b/tools/pal2rgb.c |
|
1 |
+index 0423598..01fcf94 100644 |
|
2 |
+--- a/tools/pal2rgb.c |
|
3 |
+@@ -182,8 +182,21 @@ main(int argc, char* argv[]) |
|
4 |
+ { unsigned char *ibuf, *obuf; |
|
5 |
+ register unsigned char* pp; |
|
6 |
+ register uint32 x; |
|
7 |
+- ibuf = (unsigned char*)_TIFFmalloc(TIFFScanlineSize(in)); |
|
8 |
+- obuf = (unsigned char*)_TIFFmalloc(TIFFScanlineSize(out)); |
|
9 |
++ tmsize_t tss_in = TIFFScanlineSize(in); |
|
10 |
++ tmsize_t tss_out = TIFFScanlineSize(out); |
|
11 |
++ if (tss_out / tss_in < 3) { |
|
12 |
++ /* |
|
13 |
++ * BUG 2750: The following code does not know about chroma |
|
14 |
++ * subsampling of JPEG data. It assumes that the output buffer is 3x |
|
15 |
++ * the length of the input buffer due to exploding the palette into |
|
16 |
++ * RGB tuples. If this assumption is incorrect, it could lead to a |
|
17 |
++ * buffer overflow. Go ahead and fail now to prevent that. |
|
18 |
++ */ |
|
19 |
++ fprintf(stderr, "Could not determine correct image size for output. Exiting.\n"); |
|
20 |
++ return -1; |
|
21 |
++ } |
|
22 |
++ ibuf = (unsigned char*)_TIFFmalloc(tss_in); |
|
23 |
++ obuf = (unsigned char*)_TIFFmalloc(tss_out); |
|
24 |
+ switch (config) { |
|
25 |
+ case PLANARCONFIG_CONTIG: |
|
26 |
+ for (row = 0; row < imagelength; row++) { |
... | ... |
@@ -1,7 +1,7 @@ |
1 | 1 |
Summary: TIFF libraries and associated utilities. |
2 | 2 |
Name: libtiff |
3 | 3 |
Version: 4.0.9 |
4 |
-Release: 2%{?dist} |
|
4 |
+Release: 3%{?dist} |
|
5 | 5 |
License: libtiff |
6 | 6 |
URL: http://www.simplesystems.org/libtiff/ |
7 | 7 |
Group: System Environment/Libraries |
... | ... |
@@ -11,6 +11,7 @@ Source0: http://download.osgeo.org/%{name}/tiff-%{version}.tar.gz |
11 | 11 |
%define sha1 tiff=87d4543579176cc568668617c22baceccd568296 |
12 | 12 |
Patch0: libtiff-4.0.9-CVE-2017-18013.patch |
13 | 13 |
Patch1: libtiff-4.0.9-CVE-2017-9935.patch |
14 |
+Patch2: libtiff-4.0.9-CVE-2017-17095.patch |
|
14 | 15 |
BuildRequires: libjpeg-turbo-devel |
15 | 16 |
Requires: libjpeg-turbo |
16 | 17 |
%description |
... | ... |
@@ -27,6 +28,7 @@ It contains the libraries and header files to create applications |
27 | 27 |
%setup -q -n tiff-%{version} |
28 | 28 |
%patch0 -p1 |
29 | 29 |
%patch1 -p1 |
30 |
+%patch2 -p1 |
|
30 | 31 |
%build |
31 | 32 |
%configure \ |
32 | 33 |
--disable-static |
... | ... |
@@ -60,6 +62,8 @@ make %{?_smp_mflags} -k check |
60 | 60 |
%{_datadir}/man/man3/* |
61 | 61 |
|
62 | 62 |
%changelog |
63 |
+* Wed Feb 14 2018 Dheeraj Shetty <dheerajs@vmware.com> 4.0.9-3 |
|
64 |
+- Patch for CVE-2017-17095 |
|
63 | 65 |
* Wed Jan 31 2018 Dheeraj Shetty <dheerajs@vmware.com> 4.0.9-2 |
64 | 66 |
- Repatched CVE-2017-9935 |
65 | 67 |
* Wed Jan 17 2018 Dheeraj Shetty <dheerajs@vmware.com> 4.0.9-1 |