File erouault.2860.patch of Package tiff.openSUSE_13.2_Update

---------------------
PatchSet 2860 
Date: 2014/12/21 20:52:42
Author: erouault
Branch: HEAD
Tag: (none) 
Log:
* tools/thumbnail.c, tools/tiffcmp.c: only read/write TIFFTAG_GROUP3OPTIONS
or TIFFTAG_GROUP4OPTIONS if compression is COMPRESSION_CCITTFAX3 or
COMPRESSION_CCITTFAX4
http://bugzilla.maptools.org/show_bug.cgi?id=2493 (CVE-2014-8128)

Members: 
	ChangeLog:1.964->1.965 
	tools/thumbnail.c:1.17->1.18 
	tools/tiffcmp.c:1.16->1.17 


Index: libtiff/tools/thumbnail.c
diff -u libtiff/tools/thumbnail.c:1.17 libtiff/tools/thumbnail.c:1.18
--- libtiff/tools/thumbnail.c:1.17	Sun Dec  7 17:33:06 2014
+++ libtiff/tools/thumbnail.c	Sun Dec 21 13:52:42 2014
@@ -274,7 +274,26 @@
 {
     struct cpTag *p;
     for (p = tags; p < &tags[NTAGS]; p++)
-	cpTag(in, out, p->tag, p->count, p->type);
+	{
+		/* Horrible: but TIFFGetField() expects 2 arguments to be passed */
+		/* if we request a tag that is defined in a codec, but that codec */
+		/* isn't used */
+		if( p->tag == TIFFTAG_GROUP3OPTIONS )
+		{
+			uint16 compression;
+			if( !TIFFGetField(in, TIFFTAG_COMPRESSION, &compression) ||
+				compression != COMPRESSION_CCITTFAX3 )
+				continue;
+		}
+		if( p->tag == TIFFTAG_GROUP4OPTIONS )
+		{
+			uint16 compression;
+			if( !TIFFGetField(in, TIFFTAG_COMPRESSION, &compression) ||
+				compression != COMPRESSION_CCITTFAX4 )
+				continue;
+		}
+		cpTag(in, out, p->tag, p->count, p->type);
+	}
 }
 #undef NTAGS
 
Index: libtiff/tools/tiffcmp.c
diff -u libtiff/tools/tiffcmp.c:1.16 libtiff/tools/tiffcmp.c:1.17
--- libtiff/tools/tiffcmp.c:1.16	Wed Mar 10 13:56:50 2010
+++ libtiff/tools/tiffcmp.c	Sun Dec 21 13:52:42 2014
@@ -260,6 +260,7 @@
 static int
 cmptags(TIFF* tif1, TIFF* tif2)
 {
+	uint16 compression1, compression2;
 	CmpLongField(TIFFTAG_SUBFILETYPE,	"SubFileType");
 	CmpLongField(TIFFTAG_IMAGEWIDTH,	"ImageWidth");
 	CmpLongField(TIFFTAG_IMAGELENGTH,	"ImageLength");
@@ -276,8 +277,20 @@
 	CmpShortField(TIFFTAG_SAMPLEFORMAT,	"SampleFormat");
 	CmpFloatField(TIFFTAG_XRESOLUTION,	"XResolution");
 	CmpFloatField(TIFFTAG_YRESOLUTION,	"YResolution");
-	CmpLongField(TIFFTAG_GROUP3OPTIONS,	"Group3Options");
-	CmpLongField(TIFFTAG_GROUP4OPTIONS,	"Group4Options");
+	if( TIFFGetField(tif1, TIFFTAG_COMPRESSION, &compression1) &&
+		compression1 == COMPRESSION_CCITTFAX3 &&
+		TIFFGetField(tif2, TIFFTAG_COMPRESSION, &compression2) &&
+		compression2 == COMPRESSION_CCITTFAX3 )
+	{
+		CmpLongField(TIFFTAG_GROUP3OPTIONS,	"Group3Options");
+	}
+	if( TIFFGetField(tif1, TIFFTAG_COMPRESSION, &compression1) &&
+		compression1 == COMPRESSION_CCITTFAX4 &&
+		TIFFGetField(tif2, TIFFTAG_COMPRESSION, &compression2) &&
+		compression2 == COMPRESSION_CCITTFAX4 )
+	{
+		CmpLongField(TIFFTAG_GROUP4OPTIONS,	"Group4Options");
+	}
 	CmpShortField(TIFFTAG_RESOLUTIONUNIT,	"ResolutionUnit");
 	CmpShortField(TIFFTAG_PLANARCONFIG,	"PlanarConfiguration");
 	CmpLongField(TIFFTAG_ROWSPERSTRIP,	"RowsPerStrip");