- security update

* CVE-2013-4232.patch [bnc#834477]
  * CVE-2013-4231.patch [bnc#834477]
  * CVE-2013-4244.patch [bnc#834788]
  * CVE-2013-4243.patch [bnc#834779]

OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=60

tiff-4.0.3-CVE-2013-4231.patch

@@ -0,0 +1,19 @@
+Index: gif2tiff.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/tools/gif2tiff.c,v
+retrieving revision 1.12
+diff -u -r1.12 gif2tiff.c
+--- tools/gif2tiff.c	15 Dec 2010 00:22:44 -0000	1.12
++++ tools/gif2tiff.c	13 Aug 2013 08:25:38 -0000
+@@ -333,6 +333,10 @@
+     int status = 1;
+ 
+     datasize = getc(infile);
++
++    if (datasize > 12)
++        return 0;
++
+     clear = 1 << datasize;
+     eoi = clear + 1;
+     avail = clear + 2;
+

tiff-4.0.3-CVE-2013-4232.patch

@@ -0,0 +1,16 @@
+Index: tiff2pdf.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v
+retrieving revision 1.71
+diff -u -r1.71 tiff2pdf.c
+--- tools/tiff2pdf.c	2 May 2013 14:54:08 -0000	1.71
++++ toolstiff2pdf.c	13 Aug 2013 04:45:40 -0000
+@@ -2462,6 +2462,7 @@
+ 					TIFFFileName(input));
+ 				t2p->t2p_error = T2P_ERR_ERROR;
+ 			  _TIFFfree(buffer);
++                          return(0);
+ 			} else {
+ 				buffer=samplebuffer;
+ 				t2p->tiff_datasize *= t2p->tiff_samplesperpixel;
+

tiff-4.0.3-CVE-2013-4243.patch

@@ -0,0 +1,19 @@
+Index: gif2tiff.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/tools/gif2tiff.c,v
+retrieving revision 1.12
+diff -u -r1.12 gif2tiff.c
+--- tools/gif2tiff.c	15 Dec 2010 00:22:44 -0000	1.12
++++ tools/gif2tiff.c	14 Aug 2013 04:43:31 -0000
+@@ -280,6 +280,10 @@
+         fprintf(stderr, "no colormap present for image\n");
+         return (0);
+     }
++    if (width == 0 || height == 0) {
++        fprintf(stderr, "Invalid value of width or height\n");
++        return(0);
++    }
+     if ((raster = (unsigned char*) _TIFFmalloc(width*height+EXTRAFUDGE)) == NULL) {
+         fprintf(stderr, "not enough memory for image\n");
+         return (0);
+

tiff-4.0.3-CVE-2013-4244.patch

@@ -0,0 +1,19 @@
+Index: gif2tiff.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/tools/gif2tiff.c,v
+retrieving revision 1.12
+diff -u -r1.12 gif2tiff.c
+--- tools/gif2tiff.c	15 Dec 2010 00:22:44 -0000	1.12
++++ tools/gif2tiff.c	14 Aug 2013 04:28:07 -0000
+@@ -398,6 +398,10 @@
+     }
+ 
+     if (oldcode == -1) {
++        if (code >= clear) {
++            fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear);
++            return 0;
++        }
+ 	*(*fill)++ = suffix[code];
+ 	firstchar = oldcode = code;
+ 	return 1;
+

tiff.changes

@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Wed Aug 21 12:57:57 UTC 2013 - pgajdos@suse.com
+
+- security update
+  * CVE-2013-4232.patch [bnc#834477]
+  * CVE-2013-4231.patch [bnc#834477]
+  * CVE-2013-4244.patch [bnc#834788]
+  * CVE-2013-4243.patch [bnc#834779]
+
 -------------------------------------------------------------------
 Wed Jun 26 10:48:50 UTC 2013 - pgajdos@suse.com
 

tiff.spec

@@ -56,6 +56,10 @@ Patch5:         tiff-%{version}-CVE-2013-1960.patch
 Patch6:         tiff-%{version}-double-free.patch
 # http://bugzilla.maptools.org/show_bug.cgi?id=2442
 Patch7:         tiff-%{version}-compress-warning.patch
+Patch8:         tiff-4.0.3-CVE-2013-4232.patch
+Patch9:         tiff-4.0.3-CVE-2013-4231.patch
+Patch10:        tiff-4.0.3-CVE-2013-4244.patch
+Patch11:        tiff-4.0.3-CVE-2013-4243.patch
 # FYI: this issue is solved another way
 # http://bugzilla.maptools.org/show_bug.cgi?id=1985#c1
 # Patch9:         tiff-%{version}-lzw-CVE-2009-2285.patch
@@ -107,6 +111,10 @@ the libtiff library.
 %patch5
 %patch6
 %patch7 -p1
+%patch8
+%patch9
+%patch10
+%patch11
 
 %build
 %configure --disable-static --with-pic