Fix CVE-2014-9655 and CVE-2015-1547 (RHBZ #1190712)

10 years ago · 95e563f0b0
parent 3d48eae287
commit 95e563f0b0
2 changed files with 43 additions and 1 deletions
--- a/libtiff-CVE-2014-9655.patch
+++ b/libtiff-CVE-2014-9655.patch
@ -0,0 +1,34 @@
+commit 26d8e9052f2226508d076f390162afb04d737bec
+Author: erouault <erouault>
+Date:   Sat Dec 27 15:20:42 2014 +0000
+
+    * libtiff/tif_dir.c: in TIFFDefaultDirectory(), reset any already existing
+    extented tags installed by user code through the extender mechaninm before
+    calling the extender callback (GDAL #5054)
+
+diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c
+index ab43a28..1a413df 100644
+--- a/libtiff/tif_dir.c
+++ b/libtiff/tif_dir.c
+@@ -1322,8 +1322,20 @@ TIFFDefaultDirectory(TIFF* tif)
+ 	tif->tif_tagmethods.printdir = NULL;
+ 	/*
+ 	 *  Give client code a chance to install their own
+-	 *  tag extensions & methods, prior to compression overloads.
+	 *  tag extensions & methods, prior to compression overloads,
+	 *  but do some prior cleanup first. (http://trac.osgeo.org/gdal/ticket/5054)
+ 	 */
+	if (tif->tif_nfieldscompat > 0) {
+		uint32 i;
+
+		for (i = 0; i < tif->tif_nfieldscompat; i++) {
+				if (tif->tif_fieldscompat[i].allocated_size)
+						_TIFFfree(tif->tif_fieldscompat[i].fields);
+		}
+		_TIFFfree(tif->tif_fieldscompat);
+		tif->tif_nfieldscompat = 0;
+		tif->tif_fieldscompat = NULL;
+	}
+ 	if (_TIFFextender)
+ 		(*_TIFFextender)(tif);
+ 	(void) TIFFSetField(tif, TIFFTAG_COMPRESSION, COMPRESSION_NONE);
--- a/mingw-libtiff.spec
+++ b/mingw-libtiff.spec
@ -3,7 +3,7 @@
 Summary:        MinGW Windows port of the LibTIFF library
 Name:           mingw-libtiff
 Version:        4.0.3
-Release:        5%{?dist}
+Release:        6%{?dist}
 License:        libtiff
 Group:          System Environment/Libraries
 URL:            http://www.remotesensing.org/libtiff/
@ -19,6 +19,10 @@ Patch5:         libtiff-CVE-2013-4232.patch
 Patch6:         libtiff-CVE-2013-4244.patch
 Patch7:         libtiff-CVE-2013-4243.patch

+# Also fixes CVE-2015-1547 according to
+# https://bugzilla.redhat.com/show_bug.cgi?id=1190709#c3
+Patch8:         libtiff-CVE-2014-9655.patch
+
 BuildArch:      noarch

 BuildRequires:  mingw32-zlib
@ -102,6 +106,7 @@ Static version of the MinGW Windows LibTIFF library.
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
+%patch8 -p1


 %build
@ -158,6 +163,9 @@ find $RPM_BUILD_ROOT -name "*.la" -delete


 %changelog
+* Fri Apr 24 2015 Erik van Pienbroek <epienbro@fedoraproject.org> - 4.0.3-6
+- Fix CVE-2014-9655 and CVE-2015-1547 (RHBZ #1190712)
+
 * Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.0.3-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild