- fixed buffer overflow [bnc#672510]

* CVE-2011-0192.patch

OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=25

tiff-3.9.4-CVE-2011-0192.patch

@@ -0,0 +1,15 @@
+Index: libtiff/tif_fax3.h
+===================================================================
+--- libtiff/tif_fax3.h.orig
++++ libtiff/tif_fax3.h
+@@ -478,6 +478,10 @@ done1d:									\
+ 	    break;							\
+ 	case S_VL:							\
+ 	    CHECK_b1;							\
++            if (b1 <= (int) (a0 + TabEnt->Param)) {                     \
++              unexpected("VL", a0);                                     \
++              goto eol2d;                                               \
++            }                                                           \
+ 	    SETVALUE(b1 - a0 - TabEnt->Param);				\
+ 	    b1 -= *--pb;						\
+ 	    break;							\

tiff.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Feb 17 15:40:54 CET 2011 - pgajdos@suse.cz
+
+- fixed buffer overflow [bnc#672510]
+  * CVE-2011-0192.patch
+
 -------------------------------------------------------------------
 Mon Sep  6 14:56:09 CEST 2010 - pgajdos@suse.cz
 

tiff.spec

@@ -40,6 +40,7 @@ Patch6:         tiff-%{version}-oob-read.patch
 Patch7:         tiff-%{version}-getimage-64bit.patch
 Patch8:         tiff-%{version}-scanlinesize.patch
 Patch9:         tiff-%{version}-dont-fancy-upsampling.patch
+Patch10:        tiff-%{version}-CVE-2011-0192.patch
 # FYI: this issue is solved another way
 # http://bugzilla.maptools.org/show_bug.cgi?id=1985#c1
 # Patch9:         tiff-%{version}-lzw-CVE-2009-2285.patch
@@ -105,6 +106,7 @@ the libtiff library.
 %patch7 -p1
 %patch8 -p1
 %patch9 -p1
+%patch10
 find -type d -name "CVS" | xargs rm -rfv
 find -type d | xargs chmod 755