- fixed CVE-2012-3401 [bnc#770816]

OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=49
2012-07-23 09:53:22 +00:00 · 2012-07-23 09:53:22 +00:00 · 37fb09c0a4
commit 37fb09c0a4
parent 71da80349e
3 changed files with 19 additions and 0 deletions
--- a/tiff-4.0.2-CVE-2012-3401.patch
+++ b/tiff-4.0.2-CVE-2012-3401.patch
@ -0,0 +1,12 @@
+Index: tools/tiff2pdf.c
+===================================================================
+--- tools/tiff2pdf.c.orig
+++ tools/tiff2pdf.c
+@@ -1066,6 +1066,7 @@ void t2p_read_tiff_init(T2P* t2p, TIFF*
+ 				"Can't set directory %u of input file %s", 
+ 				i,
+ 				TIFFFileName(input));
+                       t2p->t2p_error = T2P_ERR_ERROR;
+ 			return;
+ 		}
+ 		if(TIFFGetField(input, TIFFTAG_PAGENUMBER, &pagen, &paged)){
--- a/tiff.changes
+++ b/tiff.changes
@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Mon Jul 23 09:52:50 UTC 2012 - pgajdos@suse.com
+
+-  fixed CVE-2012-3401 [bnc#770816]
+
 -------------------------------------------------------------------
 Thu Jun 28 10:16:29 UTC 2012 - meissner@suse.com

--- a/tiff.spec
+++ b/tiff.spec
@ -50,6 +50,7 @@ Patch2:         tiff-%{version}-seek.patch
 Patch3:         tiff-%{version}-tiff2pdf-colors.patch
 Patch9:         tiff-%{version}-dont-fancy-upsampling.patch
 Patch10:        tiff-bigendian.patch
+Patch11:        tiff-%{version}-CVE-2012-3401.patch
 # FYI: this issue is solved another way
 # http://bugzilla.maptools.org/show_bug.cgi?id=1985#c1
 # Patch9:         tiff-%{version}-lzw-CVE-2009-2285.patch
@ -97,6 +98,7 @@ the libtiff library.
 %patch3 -p1
 %patch9 -p1
 %patch10 -p1
+%patch11

 %build
 %configure --disable-static --with-pic