Hello community, here is the log from the commit of package tiff for openSUSE:Factory checked in at 2017-01-18 21:29:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tiff (Old) and /work/SRC/openSUSE:Factory/.tiff.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tiff" Changes: -------- --- /work/SRC/openSUSE:Factory/tiff/tiff.changes 2016-12-26 21:42:06.751542974 +0100 +++ /work/SRC/openSUSE:Factory/.tiff.new/tiff.changes 2017-01-18 21:29:07.168245821 +0100 @@ -1,0 +2,8 @@ +Fri Jan 13 10:03:25 UTC 2017 - [email protected] + +- Added patch: + * tiff-4.0.7-CVE-2017-5225.patch + - Upstream fix for CVE-2017-5225, bsc#1019611: heap buffer + overflow in tools/tiffcp via a crafted BitsPerSample value + +------------------------------------------------------------------- New: ---- tiff-4.0.7-CVE-2017-5225.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tiff.spec ++++++ --- /var/tmp/diff_new_pack.OOm5Or/_old 2017-01-18 21:29:07.836151364 +0100 +++ /var/tmp/diff_new_pack.OOm5Or/_new 2017-01-18 21:29:07.836151364 +0100 @@ -1,7 +1,7 @@ # # spec file for package tiff # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -31,6 +31,9 @@ Patch1: tiff-4.0.3-compress-warning.patch # http://bugzilla.maptools.org/show_bug.cgi?id=2508 Patch3: tiff-4.0.7-CVE-2015-7554.patch +# http://bugzilla.maptools.org/show_bug.cgi?id=2656 and +# http://bugzilla.maptools.org/show_bug.cgi?id=2657 +Patch4: tiff-4.0.7-CVE-2017-5225.patch BuildRequires: gcc-c++ BuildRequires: libjpeg-devel @@ -95,6 +98,7 @@ %patch0 -p1 %patch1 -p1 %patch3 +%patch4 -p1 %build CFLAGS="%{optflags} -fPIE" ++++++ tiff-4.0.7-CVE-2017-5225.patch ++++++ --- tiff-4.0.7/tools/tiffcp.c 2016-10-12 03:45:17.405273596 +0200 +++ tiff-4.0.7/tools/tiffcp.c 2017-01-13 10:56:23.389485957 +0100 @@ -592,7 +592,7 @@ static int tiffcp(TIFF* in, TIFF* out) { - uint16 bitspersample, samplesperpixel = 1; + uint16 bitspersample = 1, samplesperpixel = 1; uint16 input_compression, input_photometric = PHOTOMETRIC_MINISBLACK; copyFunc cf; uint32 width, length; @@ -1068,6 +1068,16 @@ register uint32 n; uint32 row; tsample_t s; + uint16 bps = 0; + + (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps); + if( bps != 8 ) + { + TIFFError(TIFFFileName(in), + "Error, can only handle BitsPerSample=8 in %s", + "cpContig2SeparateByRow"); + return 0; + } inbuf = _TIFFmalloc(scanlinesizein); outbuf = _TIFFmalloc(scanlinesizeout); @@ -1121,6 +1131,16 @@ register uint32 n; uint32 row; tsample_t s; + uint16 bps = 0; + + (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps); + if( bps != 8 ) + { + TIFFError(TIFFFileName(in), + "Error, can only handle BitsPerSample=8 in %s", + "cpSeparate2ContigByRow"); + return 0; + } inbuf = _TIFFmalloc(scanlinesizein); outbuf = _TIFFmalloc(scanlinesizeout); @@ -1763,7 +1783,7 @@ uint32 w, l, tw, tl; int bychunk; - (void) TIFFGetField(in, TIFFTAG_PLANARCONFIG, &shortv); + (void) TIFFGetFieldDefaulted(in, TIFFTAG_PLANARCONFIG, &shortv); if (shortv != config && bitspersample != 8 && samplesperpixel > 1) { fprintf(stderr, "%s: Cannot handle different planar configuration w/ bits/sample != 8\n",
