From 143c1c65c941abd8d4e1b753398c07d497d9a682 Mon Sep 17 00:00:00 2001 From: dongyuzhen Date: Sat, 2 Apr 2022 15:29:47 +0800 Subject: [PATCH] modify libtiff.spec --- fix-raw2tiff-floating-point-exception.patch | 34 +++++++++++++++++++++ libtiff.spec | 33 +++++++++++++------- 2 files changed, 56 insertions(+), 11 deletions(-) create mode 100644 fix-raw2tiff-floating-point-exception.patch diff --git a/fix-raw2tiff-floating-point-exception.patch b/fix-raw2tiff-floating-point-exception.patch new file mode 100644 index 0000000..ca217c8 --- /dev/null +++ b/fix-raw2tiff-floating-point-exception.patch @@ -0,0 +1,34 @@ +From 42f499986d3c8a1dce55db7d97d501f8e9dfc8f6 Mon Sep 17 00:00:00 2001 +From: t.feng +Date: Mon, 13 Dec 2021 21:03:13 +0800 +Subject: [PATCH] fix raw2tiff floating point exception + +if we input illegal nbands, like: +raw2tiff -b :2 test.raw test.tif +we got: +Floating point exception (core dumped) +so, check nbands before guessSize + +--- + tools/raw2tiff.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/tools/raw2tiff.c b/tools/raw2tiff.c +index dfee715..3a6f00e 100644 +--- a/tools/raw2tiff.c ++++ b/tools/raw2tiff.c +@@ -209,6 +209,11 @@ main(int argc, char* argv[]) + return (EXIT_FAILURE); + } + ++ if (nbands == 0) { ++ fprintf(stderr, "The number of bands is illegal.\n"); ++ return (-1); ++ } ++ + if (guessSize(fd, dtype, hdr_size, nbands, swab, &width, &length) < 0) + return EXIT_FAILURE; + +-- +2.27.0 + diff --git a/libtiff.spec b/libtiff.spec index 468030e..76319c1 100644 --- a/libtiff.spec +++ b/libtiff.spec @@ -1,6 +1,6 @@ Name: libtiff Version: 4.3.0 -Release: 9 +Release: 12 Summary: TIFF Library and Utilities License: libtiff URL: https://www.simplesystems.org/libtiff/ @@ -18,6 +18,8 @@ Patch6008: backport-CVE-2022-0865.patch Patch6009: backport-CVE-2022-0909.patch Patch6010: backport-CVE-2022-0924.patch +Patch9000: fix-raw2tiff-floating-point-exception.patch + BuildRequires: gcc gcc-c++ zlib-devel libjpeg-devel jbigkit-devel BuildRequires: libtool automake autoconf pkgconfig @@ -137,41 +139,50 @@ find html -name 'Makefile*' | xargs rm %exclude %{_datadir}/html/man/tiffgt.1.html %changelog -* Fri Apr 01 2022 dongyuzhen - 4.3.0-9 +* Fri Apr 01 2022 dongyuzhen - 4.3.0-12 - fix CVE-2022-0909,CVE-2022-0924 -* Tue Mar 29 2022 yangcheng - 4.3.0-8 +* Tue Mar 29 2022 yangcheng - 4.3.0-11 - fix CVE-2022-0865 -* Mon Mar 28 2022 yangcheng - 4.3.0-7 +* Mon Mar 28 2022 yangcheng - 4.3.0-10 - fix CVE-2022-0907 -* Tue Mar 22 2022 yangcheng - 4.3.0-6 +* Tue Mar 22 2022 yangcheng - 4.3.0-9 - Type:cve - ID:CVE-2022-0908 - SUG:NA - DESC:fix CVE-2022-0908 -* Thu Mar 17 2022 wangkerong - 4.3.0-5 +* Thu Mar 17 2022 wangkerong - 4.3.0-8 - Type:cve - ID:CVE-2022-0891 - SUG:NA - DESC:fix CVE-2022-0891 -* Tue Mar 08 2022 dongyuzhen - 4.3.0-4 +* Tue Mar 08 2022 dongyuzhen - 4.3.0-7 - Type:cves - ID:CVE-2022-22844 - SUG:NA - DESC:fix CVE-2022-22844 -* Wed Feb 23 2022 liuyumeng -4.3.0-3 +* Wed Feb 23 2022 liuyumeng - 4.3.0-6 - Type:cves -- ID:CVE-2022-0561CVE-2022-0562 +- ID:CVE-2022-0561 CVE-2022-0562 - SUG:NA - DESC:fix CVE-2022-0561 CVE-2022-0562 -* Mon Dec 13 2021 liuyumeng - 4.3.0-2 -- fix incorrect writing when unpacking +* Fri Dec 24 2021 liuyumeng - 4.3.0-5 +- fix the dependency package connot find TIFF_SSIZE_T in tiffio.h + +* Wed Dec 15 2021 liuyumeng - 4.3.0-4 +- fix raw2tiff floating point exception + +* Mon Dec 13 2021 liuyumeng - 4.3.0-3 +- fix incorrect writing when unpacking in spec + +* Mon Dec 06 2021 liuyumeng - 4.3.0-2 +- fix the date in the changelog * Fri Dec 03 2021 liuyumeng - 4.3.0-1 - update to libtiff-4.3.0-1