From 3dac520e7fca56794c4c1daa113fca85bcea0037d17459e9346036732c3160dd Mon Sep 17 00:00:00 2001
From: Petr Gajdos <pgajdos@suse.com>
Date: Thu, 3 Mar 2011 08:30:27 +0000
Subject: [PATCH] - fixed buffer overflow [bnc#672510]   * CVE-2011-0192.patch

OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=25
---
 tiff-3.9.4-CVE-2011-0192.patch | 15 +++++++++++++++
 tiff.changes                   |  6 ++++++
 tiff.spec                      |  2 ++
 3 files changed, 23 insertions(+)
 create mode 100644 tiff-3.9.4-CVE-2011-0192.patch

diff --git a/tiff-3.9.4-CVE-2011-0192.patch b/tiff-3.9.4-CVE-2011-0192.patch
new file mode 100644
index 0000000..0ec65ab
--- /dev/null
+++ b/tiff-3.9.4-CVE-2011-0192.patch
@@ -0,0 +1,15 @@
+Index: libtiff/tif_fax3.h
+===================================================================
+--- libtiff/tif_fax3.h.orig
++++ libtiff/tif_fax3.h
+@@ -478,6 +478,10 @@ done1d:									\
+ 	    break;							\
+ 	case S_VL:							\
+ 	    CHECK_b1;							\
++            if (b1 <= (int) (a0 + TabEnt->Param)) {                     \
++              unexpected("VL", a0);                                     \
++              goto eol2d;                                               \
++            }                                                           \
+ 	    SETVALUE(b1 - a0 - TabEnt->Param);				\
+ 	    b1 -= *--pb;						\
+ 	    break;							\
diff --git a/tiff.changes b/tiff.changes
index 8c94679..7e83737 100644
--- a/tiff.changes
+++ b/tiff.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Feb 17 15:40:54 CET 2011 - pgajdos@suse.cz
+
+- fixed buffer overflow [bnc#672510]
+  * CVE-2011-0192.patch
+
 -------------------------------------------------------------------
 Mon Sep  6 14:56:09 CEST 2010 - pgajdos@suse.cz
 
diff --git a/tiff.spec b/tiff.spec
index ed542a2..8c3466d 100644
--- a/tiff.spec
+++ b/tiff.spec
@@ -40,6 +40,7 @@ Patch6:         tiff-%{version}-oob-read.patch
 Patch7:         tiff-%{version}-getimage-64bit.patch
 Patch8:         tiff-%{version}-scanlinesize.patch
 Patch9:         tiff-%{version}-dont-fancy-upsampling.patch
+Patch10:        tiff-%{version}-CVE-2011-0192.patch
 # FYI: this issue is solved another way
 # http://bugzilla.maptools.org/show_bug.cgi?id=1985#c1
 # Patch9:         tiff-%{version}-lzw-CVE-2009-2285.patch
@@ -105,6 +106,7 @@ the libtiff library.
 %patch7 -p1
 %patch8 -p1
 %patch9 -p1
+%patch10
 find -type d -name "CVS" | xargs rm -rfv
 find -type d | xargs chmod 755