- updated to 3.9.4: fixes CVE-2010-2065 -- obsoletes

* integer-overflow.patch
  * NULL-deref.patch
- fixes CVE-2010-2067

OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=21

tiff-3.9.2.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c8952149cbcd937ac620f913981dc0ffc7db79696c2f0d559b71d5cd51721e6e
-size 1160792

tiff-3.9.4-getimage-64bit.patch

@@ -0,0 +1,41 @@
+diff -Naur tiff-3.9.2.orig/libtiff/tif_getimage.c tiff-3.9.2/libtiff/tif_getimage.c
+--- tiff-3.9.2.orig/libtiff/tif_getimage.c	2009-08-30 12:21:46.000000000 -0400
++++ tiff-3.9.2/libtiff/tif_getimage.c	2010-06-10 15:07:28.000000000 -0400
+@@ -1846,6 +1846,7 @@
+ DECLAREContigPutFunc(putcontig8bitYCbCr22tile)
+ {
+ 	uint32* cp2;
++	int32 incr = 2*toskew+w;
+ 	(void) y;
+ 	fromskew = (fromskew / 2) * 6;
+ 	cp2 = cp+w+toskew;
+@@ -1872,8 +1873,8 @@
+ 			cp2 ++ ;
+ 			pp += 6;
+ 		}
+-		cp += toskew*2+w;
+-		cp2 += toskew*2+w;
++		cp += incr;
++		cp2 += incr;
+ 		pp += fromskew;
+ 		h-=2;
+ 	}
+@@ -1939,6 +1940,7 @@
+ DECLAREContigPutFunc(putcontig8bitYCbCr12tile)
+ {
+ 	uint32* cp2;
++	int32 incr = 2*toskew+w;
+ 	(void) y;
+ 	fromskew = (fromskew / 2) * 4;
+ 	cp2 = cp+w+toskew;
+@@ -1953,8 +1955,8 @@
+ 			cp2 ++;
+ 			pp += 4;
+ 		} while (--x);
+-		cp += toskew*2+w;
+-		cp2 += toskew*2+w;
++		cp += incr;
++		cp2 += incr;
+ 		pp += fromskew;
+ 		h-=2;
+ 	}

tiff-3.9.4-oob-read.patch

@@ -0,0 +1,12 @@
+diff -Naur tiff-3.9.2.orig/libtiff/tif_getimage.c tiff-3.9.2/libtiff/tif_getimage.c
+--- tiff-3.9.2.orig/libtiff/tif_getimage.c	2009-08-30 12:21:46.000000000 -0400
++++ tiff-3.9.2/libtiff/tif_getimage.c	2010-06-11 12:06:47.000000000 -0400
+@@ -2397,7 +2397,7 @@
+ 			}
+ 			break;
+ 		case PHOTOMETRIC_YCBCR:
+-			if (img->bitspersample == 8)
++			if ((img->bitspersample==8) && (img->samplesperpixel==3))
+ 			{
+ 				if (initYCbCrConversion(img)!=0)
+ 				{

tiff-3.9.4.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a2102a511ebee0d99d769e70efe017c7a114cd17c98f338dd5e073a6b61cd6ba
+size 1116882

tiff.changes

@@ -1,3 +1,23 @@
+-------------------------------------------------------------------
+Mon Jul 12 16:36:48 CEST 2010 - pgajdos@suse.cz
+
+- updated to 3.9.4: fixes CVE-2010-2065 -- obsoletes
+  * integer-overflow.patch
+  * NULL-deref.patch
+- fixes CVE-2010-2067
+
+-------------------------------------------------------------------
+Wed Jun 23 10:32:01 CEST 2010 - pgajdos@suse.cz
+
+- fixed CVE-2010-2065
+  * integer-overflow.patch
+  * NULL-deref.patch
+-  fixed out of bounds read
+  * oob-read.patch
+-  fixed CVE-2010-2233
+  * getimage-64bit.patch
+- [bnc#612879]
+
 -------------------------------------------------------------------
 Mon Apr 26 15:07:09 CEST 2010 - pgajdos@suse.cz
 

tiff.spec

@@ -28,14 +28,16 @@ Obsoletes:      tiff-64bit
 %endif
 #
 Url:            http://www.remotesensing.org/libtiff/
-Version:        3.9.2
-Release:        3
+Version:        3.9.4
+Release:        4
 Summary:        Tools for Converting from and to the Tiff  Format
 Source:         tiff-%{version}.tar.bz2
 Source2:        README.SUSE
 Source3:        baselibs.conf
 Patch2:         tiff-%{version}-seek.patch
 Patch3:         tiff-%{version}-tiff2pdf-colors.patch
+Patch6:         tiff-%{version}-oob-read.patch
+Patch7:         tiff-%{version}-getimage-64bit.patch
 # FYI: this issue is solved another way
 # http://bugzilla.maptools.org/show_bug.cgi?id=1985#c1
 # Patch9:         tiff-%{version}-lzw-CVE-2009-2285.patch
@@ -97,6 +99,8 @@ the libtiff library.
 %setup -q 
 %patch2
 %patch3 -p1
+%patch6 -p1
+%patch7 -p1
 find -type d -name "CVS" | xargs rm -rfv
 find -type d | xargs chmod 755