Accepting request 197585 from graphics

- security update * CVE-2013-4232.patch [bnc#834477] * CVE-2013-4231.patch [bnc#834477] * CVE-2013-4244.patch [bnc#834788] * CVE-2013-4243.patch [bnc#834779] OBS-URL: https://build.opensuse.org/request/show/197585 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tiff?expand=0&rev=48
2013-09-08 11:06:02 +00:00 · 2013-09-08 11:06:02 +00:00 · 9ba678361b
commit 9ba678361b
parent 290d032531 af0fd61018
6 changed files with 108 additions and 0 deletions
--- a/tiff-4.0.3-CVE-2013-4231.patch
+++ b/tiff-4.0.3-CVE-2013-4231.patch
@ -0,0 +1,19 @@
+Index: gif2tiff.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/tools/gif2tiff.c,v
+retrieving revision 1.12
+diff -u -r1.12 gif2tiff.c
+--- tools/gif2tiff.c	15 Dec 2010 00:22:44 -0000	1.12
+++ tools/gif2tiff.c	13 Aug 2013 08:25:38 -0000
+@@ -333,6 +333,10 @@
+     int status = 1;
+ 
+     datasize = getc(infile);
+
+    if (datasize > 12)
+        return 0;
+
+     clear = 1 << datasize;
+     eoi = clear + 1;
+     avail = clear + 2;
+
--- a/tiff-4.0.3-CVE-2013-4232.patch
+++ b/tiff-4.0.3-CVE-2013-4232.patch
@ -0,0 +1,16 @@
+Index: tiff2pdf.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v
+retrieving revision 1.71
+diff -u -r1.71 tiff2pdf.c
+--- tools/tiff2pdf.c	2 May 2013 14:54:08 -0000	1.71
+++ toolstiff2pdf.c	13 Aug 2013 04:45:40 -0000
+@@ -2462,6 +2462,7 @@
+ 					TIFFFileName(input));
+ 				t2p->t2p_error = T2P_ERR_ERROR;
+ 			  _TIFFfree(buffer);
+                          return(0);
+ 			} else {
+ 				buffer=samplebuffer;
+ 				t2p->tiff_datasize *= t2p->tiff_samplesperpixel;
+
--- a/tiff-4.0.3-CVE-2013-4243.patch
+++ b/tiff-4.0.3-CVE-2013-4243.patch
@ -0,0 +1,37 @@
+Index: tools/gif2tiff.c
+===================================================================
+--- tools/gif2tiff.c.orig
+++ tools/gif2tiff.c
+@@ -280,6 +280,10 @@ readgifimage(char* mode)
+         fprintf(stderr, "no colormap present for image\n");
+         return (0);
+     }
+    if (width == 0 || height == 0) {
+        fprintf(stderr, "Invalid value of width or height\n");
+        return(0);
+    }
+     if ((raster = (unsigned char*) _TIFFmalloc(width*height+EXTRAFUDGE)) == NULL) {
+         fprintf(stderr, "not enough memory for image\n");
+         return (0);
+@@ -406,6 +410,10 @@ process(register int code, unsigned char
+             fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear);
+             return 0;
+         }
+        if (*fill >= raster + width*height) {
+            fprintf(stderr, "raster full before eoi code\n");
+            return 0;
+        }
+ 	*(*fill)++ = suffix[code];
+ 	firstchar = oldcode = code;
+ 	return 1;
+@@ -436,6 +444,10 @@ process(register int code, unsigned char
+     }
+     oldcode = incode;
+     do {
+        if (*fill >= raster + width*height) {
+            fprintf(stderr, "raster full before eoi code\n");
+            return 0;
+        }
+ 	*(*fill)++ = *--stackp;
+     } while (stackp > stack);
+     return 1;
--- a/tiff-4.0.3-CVE-2013-4244.patch
+++ b/tiff-4.0.3-CVE-2013-4244.patch
@ -0,0 +1,19 @@
+Index: gif2tiff.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/tools/gif2tiff.c,v
+retrieving revision 1.12
+diff -u -r1.12 gif2tiff.c
+--- tools/gif2tiff.c	15 Dec 2010 00:22:44 -0000	1.12
+++ tools/gif2tiff.c	14 Aug 2013 04:28:07 -0000
+@@ -398,6 +398,10 @@
+     }
+ 
+     if (oldcode == -1) {
+        if (code >= clear) {
+            fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear);
+            return 0;
+        }
+ 	*(*fill)++ = suffix[code];
+ 	firstchar = oldcode = code;
+ 	return 1;
+
--- a/tiff.changes
+++ b/tiff.changes
@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Wed Aug 21 12:57:57 UTC 2013 - pgajdos@suse.com
+
+- security update
+  * CVE-2013-4232.patch [bnc#834477]
+  * CVE-2013-4231.patch [bnc#834477]
+  * CVE-2013-4244.patch [bnc#834788]
+  * CVE-2013-4243.patch [bnc#834779]
+
 -------------------------------------------------------------------
 Wed Jun 26 10:48:50 UTC 2013 - pgajdos@suse.com

--- a/tiff.spec
+++ b/tiff.spec
@ -56,6 +56,10 @@ Patch5:         tiff-%{version}-CVE-2013-1960.patch
 Patch6:         tiff-%{version}-double-free.patch
 # http://bugzilla.maptools.org/show_bug.cgi?id=2442
 Patch7:         tiff-%{version}-compress-warning.patch
+Patch8:         tiff-4.0.3-CVE-2013-4232.patch
+Patch9:         tiff-4.0.3-CVE-2013-4231.patch
+Patch10:        tiff-4.0.3-CVE-2013-4244.patch
+Patch11:        tiff-4.0.3-CVE-2013-4243.patch
 # FYI: this issue is solved another way
 # http://bugzilla.maptools.org/show_bug.cgi?id=1985#c1
 # Patch9:         tiff-%{version}-lzw-CVE-2009-2285.patch
@ -107,6 +111,10 @@ the libtiff library.
 %patch5
 %patch6
 %patch7 -p1
+%patch8
+%patch9
+%patch10
+%patch11

 %build
 %configure --disable-static --with-pic