From 6fc618af42c275ebd69046cbccc5cfbfd42d49b0 Mon Sep 17 00:00:00 2001
From: Petr Hracek <phracek@redhat.com>
Date: Mon, 2 Sep 2013 10:30:35 +0200
Subject: [PATCH] Added upstream patches for CVE-2013-4244 (#996468)

---
 libtiff-CVE-2013-4244.patch | 15 +++++++++++++++
 libtiff.spec                |  8 +++++++-
 2 files changed, 22 insertions(+), 1 deletion(-)
 create mode 100644 libtiff-CVE-2013-4244.patch

diff --git a/libtiff-CVE-2013-4244.patch b/libtiff-CVE-2013-4244.patch
new file mode 100644
index 0000000..792e076
--- /dev/null
+++ b/libtiff-CVE-2013-4244.patch
@@ -0,0 +1,15 @@
+diff --git a/tools/gif2tiff.c b/tools/gif2tiff.c
+index 375b152..2731273 100644
+--- a/tools/gif2tiff.c
++++ b/tools/gif2tiff.c
+@@ -402,6 +402,10 @@ process(register int code, unsigned char** fill)
+     }
+ 
+     if (oldcode == -1) {
++        if (code >= clear) {
++            fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear);
++            return 0;
++        }
+ 	*(*fill)++ = suffix[code];
+ 	firstchar = oldcode = code;
+ 	return 1;
diff --git a/libtiff.spec b/libtiff.spec
index 8609bce..fff1a53 100644
--- a/libtiff.spec
+++ b/libtiff.spec
@@ -1,7 +1,7 @@
 Summary: Library of functions for manipulating TIFF format image files
 Name: libtiff
 Version: 4.0.3
-Release: 9%{?dist}
+Release: 10%{?dist}
 
 License: libtiff
 Group: System Environment/Libraries
@@ -19,6 +19,7 @@ Patch6: libtiff-CVE-2013-1961.patch
 Patch7: libtiff-manpage-update.patch
 Patch8: libtiff-CVE-2013-4231.patch
 Patch9: libtiff-CVE-2013-4232.patch
+Patch10: libtiff-CVE-2013-4244.patch
 
 BuildRequires: zlib-devel libjpeg-devel jbigkit-devel
 BuildRequires: libtool automake autoconf pkgconfig
@@ -79,6 +80,7 @@ image files using the libtiff library.
 %patch7 -p1
 %patch8 -p1
 %patch9 -p1
+%patch10 -p1
 
 # Use build system's libtool.m4, not the one in the package.
 rm -f libtool.m4
@@ -182,6 +184,10 @@ find html -name 'Makefile*' | xargs rm
 %{_mandir}/man1/*
 
 %changelog
+* Mon Aug 19 2013 Petr Hracek <phracek@redhat.com> 4.0.3-10
+- Add upstream patches for CVE-2013-4244
+Resolves: #996468
+
 * Wed Aug 14 2013 Petr Hracek <phracek@redhat.com> 4.0.3-9
 - Add upstream patches for CVE-2013-4231 CVE-2013-4232
 Resolves: #995965 #995975