Hello community, here is the log from the commit of package tiff for openSUSE:Factory checked in at 2018-09-11 17:10:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tiff (Old) and /work/SRC/openSUSE:Factory/.tiff.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tiff" Tue Sep 11 17:10:49 2018 rev:74 rq:631401 version:4.0.9 Changes: -------- --- /work/SRC/openSUSE:Factory/tiff/tiff.changes 2018-06-08 23:20:01.558180325 +0200 +++ /work/SRC/openSUSE:Factory/.tiff.new/tiff.changes 2018-09-11 17:10:52.348005826 +0200 @@ -1,0 +2,12 @@ +Fri Aug 24 11:43:53 UTC 2018 - pgaj...@suse.com + +- remove pal2rgb tool [bsc#1071031] + +------------------------------------------------------------------- +Wed Aug 15 15:10:32 UTC 2018 - pgaj...@suse.com + +- security update + * CVE-2018-10779 [bsc#1092480] + + tiff-CVE-2018-10779.patch + +------------------------------------------------------------------- New: ---- tiff-CVE-2018-10779.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tiff.spec ++++++ --- /var/tmp/diff_new_pack.v3hOIn/_old 2018-09-11 17:10:53.156004570 +0200 +++ /var/tmp/diff_new_pack.v3hOIn/_new 2018-09-11 17:10:53.160004564 +0200 @@ -37,6 +37,7 @@ Patch6: tiff-CVE-2018-7456.patch Patch7: tiff-CVE-2017-11613.patch Patch8: tiff-CVE-2018-8905.patch +Patch9: tiff-CVE-2018-10779.patch BuildRequires: gcc-c++ BuildRequires: libjpeg-devel @@ -107,6 +108,7 @@ %patch6 -p1 %patch7 -p1 %patch8 -p1 +%patch9 -p1 %build CFLAGS="%{optflags} -fPIE" @@ -127,6 +129,12 @@ rm -rf %{buildroot}%{_datadir}/doc/tiff* find %{buildroot} -type f -name "*.la" -delete -print find html -name "Makefile*" | xargs rm +# remove pal2rgb, bsc#1071031 +for tool in pal2rgb; do + rm %{buildroot}%{_bindir}/$tool + rm %{buildroot}%{_mandir}/man1/$tool.1 + rm html/man/$tool.1.html +done %check for i in tools test; do ++++++ tiff-CVE-2018-10779.patch ++++++ diff --git a/libtiff/tif_write.c b/libtiff/tif_write.c index 586f6fdff66a7a0c1864dbe1e2c5831602b055ce..a31ecd12c133ac18bed6bfbc97fcbad5e19a3257 100644 --- a/libtiff/tif_write.c +++ b/libtiff/tif_write.c @@ -538,9 +538,11 @@ TIFFSetupStrips(TIFF* tif) if (td->td_planarconfig == PLANARCONFIG_SEPARATE) td->td_stripsperimage /= td->td_samplesperpixel; td->td_stripoffset = (uint64 *) - _TIFFmalloc(td->td_nstrips * sizeof (uint64)); + _TIFFCheckMalloc(tif, td->td_nstrips, sizeof (uint64), + "for \"StripOffsets\" array"); td->td_stripbytecount = (uint64 *) - _TIFFmalloc(td->td_nstrips * sizeof (uint64)); + _TIFFCheckMalloc(tif, td->td_nstrips, sizeof (uint64), + "for \"StripByteCounts\" array"); if (td->td_stripoffset == NULL || td->td_stripbytecount == NULL) return (0); /*