Fix CVE-2016-5684 (#1381517)

2016-10-04 16:50:21 +02:00 · 2016-10-04 16:50:21 +02:00 · 11c1e1f46b
parent 91896c5baa
commit 11c1e1f46b
2 changed files with 35 additions and 5 deletions
--- a/FreeImage-3.17.0_CVE-2016-5684.patch
+++ b/FreeImage-3.17.0_CVE-2016-5684.patch
@ -0,0 +1,24 @@
+diff -rupN FreeImage/Source/FreeImage/PluginXPM.cpp FreeImage-new/Source/FreeImage/PluginXPM.cpp
+--- FreeImage/Source/FreeImage/PluginXPM.cpp	2015-03-02 02:07:08.000000000 +0100
+++ FreeImage-new/Source/FreeImage/PluginXPM.cpp	2016-10-04 16:40:11.975271194 +0200
+@@ -181,6 +181,11 @@ Load(FreeImageIO *io, fi_handle handle,
+ 		}
+ 		free(str);
+ 
+		// check info string
+		if((width <= 0) || (height <= 0) || (colors <= 0) || (cpp <= 0)) {
+			throw "Improperly formed info string";
+		}
+
+         if (colors > 256) {
+ 			dib = FreeImage_AllocateHeader(header_only, width, height, 24, FI_RGBA_RED_MASK, FI_RGBA_GREEN_MASK, FI_RGBA_BLUE_MASK);
+ 		} else {
+@@ -193,7 +198,7 @@ Load(FreeImageIO *io, fi_handle handle,
+ 			FILE_RGBA rgba;
+ 
+ 			str = ReadString(io, handle);
+-			if(!str)
+			if(!str || (strlen(str) < (size_t)cpp))
+ 				throw "Error reading color strings";
+ 
+ 			std::string chrs(str,cpp); //create a string for the color chars using the first cpp chars
--- a/freeimage.spec
+++ b/freeimage.spec
@ -3,7 +3,7 @@

 Name:           freeimage
 Version:        3.17.0
-Release:        6%{?dist}
+Release:        7%{?dist}
 Summary:        Multi-format image decoder library

 # freeimage is tripple-licensed, see
@ -18,6 +18,8 @@ Patch0:         FreeImage-3.17.0_unbundle.patch
 Patch1:         FreeImage-3.17.0_doxygen.patch
 # Fix CVE-2015-0852 (#1257859)
 Patch2:         FreeImage-3.17.0_CVE-2015-0852.patch
+# Fix CVE-2016-5684 (#1381517)
+Patch3:         FreeImage-3.17.0_CVE-2016-5684.patch

 BuildRequires:  doxygen
 BuildRequires:  jxrlib-devel
@ -67,6 +69,7 @@ developing applications that use %{name}-plus.
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1

 # remove all included libs to make sure these don't get used during compile
 rm -r Source/Lib* Source/ZLib Source/OpenEXR
@ -88,11 +91,11 @@ done
 sh ./gensrclist.sh
 sh ./genfipsrclist.sh
 %ifarch %{power64} %{mips32}
-make -f Makefile.gnu %{?_smp_mflags} CFLAGS="%{optflags} -fPIC" CXXFLAGS="%{optflags} -fPIC" LDFLAGS="%{__global_ldflags}"
-make -f Makefile.fip %{?_smp_mflags} CFLAGS="%{optflags} -fPIC" CXXFLAGS="%{optflags} -fPIC" LDFLAGS="%{__global_ldflags}"
+%make_build -f Makefile.gnu CFLAGS="%{optflags} -fPIC" CXXFLAGS="%{optflags} -fPIC" LDFLAGS="%{__global_ldflags}"
+%make_build -f Makefile.fip CFLAGS="%{optflags} -fPIC" CXXFLAGS="%{optflags} -fPIC" LDFLAGS="%{__global_ldflags}"
 %else
-make -f Makefile.gnu %{?_smp_mflags} CFLAGS="%{optflags}" CXXFLAGS="%{optflags}" LDFLAGS="%{__global_ldflags}"
-make -f Makefile.fip %{?_smp_mflags} CFLAGS="%{optflags}" CXXFLAGS="%{optflags}" LDFLAGS="%{__global_ldflags}"
+%make_build -f Makefile.gnu CFLAGS="%{optflags}" CXXFLAGS="%{optflags}" LDFLAGS="%{__global_ldflags}"
+%make_build -f Makefile.fip CFLAGS="%{optflags}" CXXFLAGS="%{optflags}" LDFLAGS="%{__global_ldflags}"
 %endif

 pushd Wrapper/FreeImagePlus/doc
@ -146,6 +149,9 @@ ldconfig -n %{buildroot}%{_libdir}


 %changelog
+* Tue Oct 04 2016 Sandro Mani <manisandro@gmail.com> - 3.17.0-7
+- Fix CVE-2016-5684 (rhbz#1381517)
+
 * Fri Aug 12 2016 Michal Toman <mtoman@fedoraproject.org> - 3.17.0-6
 - -fPIC on 32-bit MIPS