OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tiff?expand=0&rev=10

tiff-3.8.2-bnc444079.patch

@@ -0,0 +1,11 @@
+--- libtiff/tif_dirread.c
++++ libtiff/tif_dirread.c
+@@ -870,7 +870,7 @@
+ 
+ 	register TIFFDirEntry *dp;
+ 	register TIFFDirectory *td = &tif->tif_dir;
+-	uint16 i;
++	uint32 i;
+ 
+ 	if (td->td_stripbytecount)
+ 		_TIFFfree(td->td_stripbytecount);

tiff.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Feb  4 15:49:04 CET 2009 - nadvornik@suse.cz
+
+- fixed an endless loop on invalid images 
+  (bnc#444079) CVE-2008-1586
+
 -------------------------------------------------------------------
 Tue Jan 13 16:19:37 CET 2009 - olh@suse.de
 

tiff.spec

@@ -29,7 +29,7 @@ Obsoletes:      tiff-64bit
 #
 Url:            http://www.remotesensing.org/libtiff/
 Version:        3.8.2
-Release:        139
+Release:        142
 Summary:        Tools for Converting from and to the Tiff  Format
 Source:         tiff-%{version}.tar.bz2
 Source1:        jpegint.h
@@ -40,6 +40,7 @@ Patch4:         tiff-%{version}-tiffsplit-CVE-2006-2656.patch
 Patch5:         tiff-%{version}-tif_lzw.c-CVE-2008-2327.patch
 Patch6:         tiff-%{version}-tif_lzw.c-CVE-2008-2327-2.patch
 Patch7:         tiff-am.patch
+Patch8:         tiff-3.8.2-bnc444079.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -102,6 +103,7 @@ the libtiff library.
 %patch5
 %patch6
 %patch7
+%patch8
 cp %{S:1} libtiff
 find -type d -name "CVS" | xargs rm -rfv
 find -type d | xargs chmod 755
@@ -152,6 +154,9 @@ rm -rf $RPM_BUILD_ROOT
 %doc %{_mandir}/man3/*
 
 %changelog
+* Wed Feb 04 2009 nadvornik@suse.cz
+- fixed an endless loop on invalid images
+  (bnc#444079) CVE-2008-1586
 * Tue Jan 13 2009 olh@suse.de
 - obsolete old libtiff-64bit on ppc64 (bnc#437293)
 * Wed Jan 07 2009 olh@suse.de