epienbro pushed to mingw-libtiff (f22). "Fix CVE-2014-9655 and CVE-2015-1547 (RHBZ #1190712)"
notifications at fedoraproject.org
notifications at fedoraproject.org
Fri Apr 24 16:05:00 UTC 2015
>From 95e563f0b045ff562c4bb4fab9ceec4e78901058 Mon Sep 17 00:00:00 2001
From: Erik van Pienbroek <epienbro at fedoraproject.org>
Date: Fri, 24 Apr 2015 18:04:35 +0200
Subject: Fix CVE-2014-9655 and CVE-2015-1547 (RHBZ #1190712)
diff --git a/libtiff-CVE-2014-9655.patch b/libtiff-CVE-2014-9655.patch
new file mode 100644
index 0000000..de90114
--- /dev/null
+++ b/libtiff-CVE-2014-9655.patch
@@ -0,0 +1,34 @@
+commit 26d8e9052f2226508d076f390162afb04d737bec
+Author: erouault <erouault>
+Date: Sat Dec 27 15:20:42 2014 +0000
+
+ * libtiff/tif_dir.c: in TIFFDefaultDirectory(), reset any already existing
+ extented tags installed by user code through the extender mechaninm before
+ calling the extender callback (GDAL #5054)
+
+diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c
+index ab43a28..1a413df 100644
+--- a/libtiff/tif_dir.c
++++ b/libtiff/tif_dir.c
+@@ -1322,8 +1322,20 @@ TIFFDefaultDirectory(TIFF* tif)
+ tif->tif_tagmethods.printdir = NULL;
+ /*
+ * Give client code a chance to install their own
+- * tag extensions & methods, prior to compression overloads.
++ * tag extensions & methods, prior to compression overloads,
++ * but do some prior cleanup first. (http://trac.osgeo.org/gdal/ticket/5054)
+ */
++ if (tif->tif_nfieldscompat > 0) {
++ uint32 i;
++
++ for (i = 0; i < tif->tif_nfieldscompat; i++) {
++ if (tif->tif_fieldscompat[i].allocated_size)
++ _TIFFfree(tif->tif_fieldscompat[i].fields);
++ }
++ _TIFFfree(tif->tif_fieldscompat);
++ tif->tif_nfieldscompat = 0;
++ tif->tif_fieldscompat = NULL;
++ }
+ if (_TIFFextender)
+ (*_TIFFextender)(tif);
+ (void) TIFFSetField(tif, TIFFTAG_COMPRESSION, COMPRESSION_NONE);
diff --git a/mingw-libtiff.spec b/mingw-libtiff.spec
index a809e4e..af82b06 100644
--- a/mingw-libtiff.spec
+++ b/mingw-libtiff.spec
@@ -3,7 +3,7 @@
Summary: MinGW Windows port of the LibTIFF library
Name: mingw-libtiff
Version: 4.0.3
-Release: 5%{?dist}
+Release: 6%{?dist}
License: libtiff
Group: System Environment/Libraries
URL: http://www.remotesensing.org/libtiff/
@@ -19,6 +19,10 @@ Patch5: libtiff-CVE-2013-4232.patch
Patch6: libtiff-CVE-2013-4244.patch
Patch7: libtiff-CVE-2013-4243.patch
+# Also fixes CVE-2015-1547 according to
+# https://bugzilla.redhat.com/show_bug.cgi?id=1190709#c3
+Patch8: libtiff-CVE-2014-9655.patch
+
BuildArch: noarch
BuildRequires: mingw32-zlib
@@ -102,6 +106,7 @@ Static version of the MinGW Windows LibTIFF library.
%patch5 -p1
%patch6 -p1
%patch7 -p1
+%patch8 -p1
%build
@@ -158,6 +163,9 @@ find $RPM_BUILD_ROOT -name "*.la" -delete
%changelog
+* Fri Apr 24 2015 Erik van Pienbroek <epienbro at fedoraproject.org> - 4.0.3-6
+- Fix CVE-2014-9655 and CVE-2015-1547 (RHBZ #1190712)
+
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 4.0.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/mingw-libtiff.git/commit/?h=f22&id=95e563f0b045ff562c4bb4fab9ceec4e78901058
More information about the scm-commits
mailing list