Hello community,
here is the log from the commit of package tiff for openSUSE:Factory checked in
at 2018-05-19 15:41:47
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/tiff (Old)
and /work/SRC/openSUSE:Factory/.tiff.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tiff"
Sat May 19 15:41:47 2018 rev:72 rq:610255 version:4.0.9
Changes:
--------
--- /work/SRC/openSUSE:Factory/tiff/tiff.changes 2018-02-25
12:20:53.726736559 +0100
+++ /work/SRC/openSUSE:Factory/.tiff.new/tiff.changes 2018-05-19
15:41:51.451963956 +0200
@@ -1,0 +2,14 @@
+Fri May 18 09:18:26 UTC 2018 - pgaj...@suse.com
+
+- security update
+ * CVE-2017-18013 [bsc#1074317]
+ + tiff-CVE-2017-18013.patch
+
+-------------------------------------------------------------------
+Tue May 15 12:26:45 UTC 2018 - pgaj...@suse.com
+
+- security update
+ * CVE-2018-10963 [bsc#1092949]
+ + tiff-CVE-2018-10963.patch
+
+-------------------------------------------------------------------
New:
----
tiff-CVE-2017-18013.patch
tiff-CVE-2018-10963.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ tiff.spec ++++++
--- /var/tmp/diff_new_pack.5OMCSN/_old 2018-05-19 15:41:52.251934688 +0200
+++ /var/tmp/diff_new_pack.5OMCSN/_new 2018-05-19 15:41:52.251934688 +0200
@@ -32,6 +32,8 @@
# Contained in upstream repo. See bsc#1046077 for commit IDs.
Patch2: tiff-4.0.9-bsc1046077-CVE-2017-9935.patch
Patch3: tiff-4.0.9-bsc1081690-CVE-2018-5784.patch
+Patch4: tiff-CVE-2018-10963.patch
+Patch5: tiff-CVE-2017-18013.patch
BuildRequires: gcc-c++
BuildRequires: libjpeg-devel
@@ -97,6 +99,8 @@
%patch1 -p1
%patch2 -p1
%patch3 -p1
+%patch4 -p1
+%patch5 -p1
%build
CFLAGS="%{optflags} -fPIE"
++++++ tiff-CVE-2017-18013.patch ++++++
--- a/libtiff/tif_print.c
+++ b/libtiff/tif_print.c
@@ -665,13 +665,13 @@ TIFFPrintDirectory(TIFF* tif, FILE* fd, long flags)
#if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
fprintf(fd, " %3lu: [%8I64u, %8I64u]\n",
(unsigned long) s,
- (unsigned __int64) td->td_stripoffset[s],
- (unsigned __int64) td->td_stripbytecount[s]);
+ td->td_stripoffset ? (unsigned __int64)
td->td_stripoffset[s] : 0,
+ td->td_stripbytecount ? (unsigned __int64)
td->td_stripbytecount[s] : 0);
#else
fprintf(fd, " %3lu: [%8llu, %8llu]\n",
(unsigned long) s,
- (unsigned long long) td->td_stripoffset[s],
- (unsigned long long) td->td_stripbytecount[s]);
+ td->td_stripoffset ? (unsigned long long)
td->td_stripoffset[s] : 0,
+ td->td_stripbytecount ? (unsigned long long)
td->td_stripbytecount[s] : 0);
#endif
}
}
++++++ tiff-CVE-2018-10963.patch ++++++
diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
index 2430de6..c15a28d 100644
--- a/libtiff/tif_dirwrite.c
+++ b/libtiff/tif_dirwrite.c
@@ -695,8 +695,11 @@ TIFFWriteDirectorySec(TIFF* tif, int isimage, int
imagedone, uint64* pdiroff)
}
break;
default:
- assert(0); /*
we should never get here */
- break;
+
TIFFErrorExt(tif->tif_clientdata,module,
+
"Cannot write tag %d (%s)",
+
TIFFFieldTag(o),
+
o->field_name ? o->field_name : "unknown");
+ goto bad;
}
}
}
