Change-Id: I87eb0b4ec501b74be75116d48b862d99693e2d76
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/3226
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Xiaolin Li <xiaolinl@vmware.com>
1 | 1 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,66 @@ |
0 |
+From 6173a57d39e04d68b139f8c1aa499a24dbe74ba1 Mon Sep 17 00:00:00 2001 |
|
1 |
+From: Even Rouault <even.rouault@spatialys.com> |
|
2 |
+Date: Fri, 30 Jun 2017 17:29:44 +0000 |
|
3 |
+Subject: [PATCH] * libtiff/tif_dirwrite.c: in |
|
4 |
+ TIFFWriteDirectoryTagCheckedXXXX() functions associated with LONG8/SLONG8 |
|
5 |
+ data type, replace assertion that the file is BigTIFF, by a non-fatal error. |
|
6 |
+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2712 Reported by team |
|
7 |
+ OWL337 |
|
8 |
+ |
|
9 |
+--- |
|
10 |
+ ChangeLog | 8 ++++++++ |
|
11 |
+ libtiff/tif_dirwrite.c | 20 ++++++++++++++++---- |
|
12 |
+ 2 files changed, 24 insertions(+), 4 deletions(-) |
|
13 |
+ |
|
14 |
+diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c |
|
15 |
+index 2967da58..8d6686ba 100644 |
|
16 |
+--- a/libtiff/tif_dirwrite.c |
|
17 |
+@@ -2111,7 +2111,10 @@ TIFFWriteDirectoryTagCheckedLong8(TIFF* tif, uint32* ndir, TIFFDirEntry* dir, ui |
|
18 |
+ { |
|
19 |
+ uint64 m; |
|
20 |
+ assert(sizeof(uint64)==8); |
|
21 |
+- assert(tif->tif_flags&TIFF_BIGTIFF); |
|
22 |
++ if( !(tif->tif_flags&TIFF_BIGTIFF) ) { |
|
23 |
++ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","LONG8 not allowed for ClassicTIFF"); |
|
24 |
++ return(0); |
|
25 |
++ } |
|
26 |
+ m=value; |
|
27 |
+ if (tif->tif_flags&TIFF_SWAB) |
|
28 |
+ TIFFSwabLong8(&m); |
|
29 |
+@@ -2124,7 +2127,10 @@ TIFFWriteDirectoryTagCheckedLong8Array(TIFF* tif, uint32* ndir, TIFFDirEntry* di |
|
30 |
+ { |
|
31 |
+ assert(count<0x20000000); |
|
32 |
+ assert(sizeof(uint64)==8); |
|
33 |
+- assert(tif->tif_flags&TIFF_BIGTIFF); |
|
34 |
++ if( !(tif->tif_flags&TIFF_BIGTIFF) ) { |
|
35 |
++ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","LONG8 not allowed for ClassicTIFF"); |
|
36 |
++ return(0); |
|
37 |
++ } |
|
38 |
+ if (tif->tif_flags&TIFF_SWAB) |
|
39 |
+ TIFFSwabArrayOfLong8(value,count); |
|
40 |
+ return(TIFFWriteDirectoryTagData(tif,ndir,dir,tag,TIFF_LONG8,count,count*8,value)); |
|
41 |
+@@ -2136,7 +2142,10 @@ TIFFWriteDirectoryTagCheckedSlong8(TIFF* tif, uint32* ndir, TIFFDirEntry* dir, u |
|
42 |
+ { |
|
43 |
+ int64 m; |
|
44 |
+ assert(sizeof(int64)==8); |
|
45 |
+- assert(tif->tif_flags&TIFF_BIGTIFF); |
|
46 |
++ if( !(tif->tif_flags&TIFF_BIGTIFF) ) { |
|
47 |
++ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","SLONG8 not allowed for ClassicTIFF"); |
|
48 |
++ return(0); |
|
49 |
++ } |
|
50 |
+ m=value; |
|
51 |
+ if (tif->tif_flags&TIFF_SWAB) |
|
52 |
+ TIFFSwabLong8((uint64*)(&m)); |
|
53 |
+@@ -2149,7 +2158,10 @@ TIFFWriteDirectoryTagCheckedSlong8Array(TIFF* tif, uint32* ndir, TIFFDirEntry* d |
|
54 |
+ { |
|
55 |
+ assert(count<0x20000000); |
|
56 |
+ assert(sizeof(int64)==8); |
|
57 |
+- assert(tif->tif_flags&TIFF_BIGTIFF); |
|
58 |
++ if( !(tif->tif_flags&TIFF_BIGTIFF) ) { |
|
59 |
++ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","SLONG8 not allowed for ClassicTIFF"); |
|
60 |
++ return(0); |
|
61 |
++ } |
|
62 |
+ if (tif->tif_flags&TIFF_SWAB) |
|
63 |
+ TIFFSwabArrayOfLong8((uint64*)value,count); |
|
64 |
+ return(TIFFWriteDirectoryTagData(tif,ndir,dir,tag,TIFF_SLONG8,count,count*8,value)); |
... | ... |
@@ -1,7 +1,7 @@ |
1 | 1 |
Summary: TIFF libraries and associated utilities. |
2 | 2 |
Name: libtiff |
3 | 3 |
Version: 4.0.8 |
4 |
-Release: 1%{?dist} |
|
4 |
+Release: 2%{?dist} |
|
5 | 5 |
License: libtiff |
6 | 6 |
URL: http://www.simplesystems.org/libtiff/ |
7 | 7 |
Group: System Environment/Libraries |
... | ... |
@@ -12,6 +12,7 @@ Source0: http://download.osgeo.org/%{name}/tiff-%{version}.tar.gz |
12 | 12 |
# patches: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/ |
13 | 13 |
Patch0: libtiff-4.0.6-CVE-2015-7554.patch |
14 | 14 |
Patch1: libtiff-4.0.6-CVE-2015-1547.patch |
15 |
+Patch2: libtiff-CVE-2017-10688.patch |
|
15 | 16 |
BuildRequires: libjpeg-turbo-devel |
16 | 17 |
Requires: libjpeg-turbo |
17 | 18 |
%description |
... | ... |
@@ -28,6 +29,7 @@ It contains the libraries and header files to create applications |
28 | 28 |
%setup -q -n tiff-%{version} |
29 | 29 |
%patch0 -p1 |
30 | 30 |
%patch1 -p1 |
31 |
+%patch2 -p1 |
|
31 | 32 |
|
32 | 33 |
%build |
33 | 34 |
./configure \ |
... | ... |
@@ -63,6 +65,8 @@ make %{?_smp_mflags} -k check |
63 | 63 |
%{_datadir}/man/man3/* |
64 | 64 |
|
65 | 65 |
%changelog |
66 |
+* Tue Jul 11 2017 Divya Thaluru <dthaluru@vmware.com> 4.0.8-2 |
|
67 |
+- Applied patch for CVE-2017-10688 |
|
66 | 68 |
* Wed Jun 07 2017 Xiaolin Li <xiaolinl@vmware.com> 4.0.8-1 |
67 | 69 |
- Updated to version 4.0.8. |
68 | 70 |
* Tue May 16 2017 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 4.0.7-4 |