OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=80

tiff-4.0.6-CVE-2016-3186.patch

@@ -0,0 +1,11 @@
+--- tiff-4.0.6/tools/gif2tiff.c	2016-04-06 15:43:01.586048341 +0200
++++ tiff-4.0.6/tools/gif2tiff.c	2016-04-06 15:48:05.523207710 +0200
+@@ -349,7 +349,7 @@
+     int status = 1;
+ 
+     (void) getc(infile);
+-    while ((count = getc(infile)) && count <= 255)
++    while ((count = getc(infile)) && count > 0 && count <= 255)
+         if (fread(buf, 1, count, infile) != (size_t) count) {
+             fprintf(stderr, "short read from file %s (%s)\n",
+                     filename, strerror(errno));

tiff.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Wed Apr  6 13:56:19 UTC 2016 - fstrba@suse.com
+
+- Added patch:
+  * tiff-4.0.6-CVE-2016-3186.patch
+    - fix CVE-2016-3186: buffer overflow in gif2tiff [bsc#973340]
+
 -------------------------------------------------------------------
 Mon Feb  1 08:01:19 UTC 2016 - fstrba@suse.com
 

tiff.spec

@@ -35,6 +35,8 @@ Patch2:         tiff-4.0.4-uninitialized_mem_NeXTDecode.patch
 Patch3:         tiff-4.0.6-CVE-2015-7554.patch
 # http://bugzilla.maptools.org/show_bug.cgi?id=2522
 Patch4:         tiff-4.0.6-CVE-2015-8782.patch
+# 
+Patch5:         tiff-4.0.6-CVE-2016-3186.patch
 BuildRequires:  gcc-c++
 BuildRequires:  libjpeg-devel
 BuildRequires:  libtool
@@ -100,6 +102,7 @@ the libtiff library.
 %patch2
 %patch3
 %patch4 -p1
+%patch5 -p1
 
 %build
 CFLAGS="%{optflags} -fPIE"