diff options
author | rtr <rtr@pkgsrc.org> | 2008-09-06 02:17:45 +0000 |
---|---|---|
committer | rtr <rtr@pkgsrc.org> | 2008-09-06 02:17:45 +0000 |
commit | 38cc1bbaad35f63d75380e276753aeceddb37e0f (patch) | |
tree | cd549686cac8bd418a632ee1500acd3a9b4c8360 | |
parent | 3786acf2fc9bfffaf53f6d9caee15721de51e596 (diff) | |
download | pkgsrc-38cc1bbaad35f63d75380e276753aeceddb37e0f.tar.gz |
pullup ticket #2510 - requested by tron
tiff: security patch
revisions pulled up:
pkgsrc/graphics/tiff/Makefile 1.86
pkgsrc/graphics/tiff/distinfo 1.41
pkgsrc/graphics/tiff/patches/patch-ac 1.19
Module Name: pkgsrc
Committed By: tron
Date: Sat Aug 30 08:12:45 UTC 2008
Modified Files:
pkgsrc/graphics/tiff: Makefile distinfo
Added Files:
pkgsrc/graphics/tiff/patches: patch-ac
Log Message:
Apply Debian's fix for the security vulnerability reported in
CVE-2008-2327. Bump package revision.
-rw-r--r-- | graphics/tiff/Makefile | 4 | ||||
-rw-r--r-- | graphics/tiff/distinfo | 3 | ||||
-rw-r--r-- | graphics/tiff/patches/patch-ac | 60 |
3 files changed, 64 insertions, 3 deletions
diff --git a/graphics/tiff/Makefile b/graphics/tiff/Makefile index 282ccba36de..7937aea3e83 100644 --- a/graphics/tiff/Makefile +++ b/graphics/tiff/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.85 2006/11/02 18:00:43 joerg Exp $ +# $NetBSD: Makefile,v 1.85.16.1 2008/09/06 02:17:45 rtr Exp $ DISTNAME= tiff-3.8.2 -PKGREVISION= 3 +PKGREVISION= 4 CATEGORIES= graphics MASTER_SITES= ftp://ftp.remotesensing.org/pub/libtiff/ \ http://libtiff.maptools.org/dl/ diff --git a/graphics/tiff/distinfo b/graphics/tiff/distinfo index 791216f14ff..f46cf972610 100644 --- a/graphics/tiff/distinfo +++ b/graphics/tiff/distinfo @@ -1,10 +1,11 @@ -$NetBSD: distinfo,v 1.40 2006/08/03 15:17:49 taca Exp $ +$NetBSD: distinfo,v 1.40.18.1 2008/09/06 02:17:45 rtr Exp $ SHA1 (tiff-3.8.2.tar.gz) = 549e67b6a15b42bfcd72fe17cda7c9a198a393eb RMD160 (tiff-3.8.2.tar.gz) = 1b4d825e3be08764e953fc58246d0c25ab4dd17d Size (tiff-3.8.2.tar.gz) = 1336295 bytes SHA1 (patch-aa) = edac79a6f3b61e9fc787fe14f750d88023a29bfa SHA1 (patch-ab) = b517cb8bc2212d3e6c5a70db1bdf45b85b78fc72 +SHA1 (patch-ac) = 14a6651b51c788a7e75666fbf9ead2415748a610 SHA1 (patch-at) = 4006ed90f6ab88aff30e2537d613a1b44b5c7347 SHA1 (patch-au) = c53ed7521c3918081526ad63cd0c1c45c9a0b9ff SHA1 (patch-av) = 38852ef5028f6c0ad7a3e5497248f264f0cb7366 diff --git a/graphics/tiff/patches/patch-ac b/graphics/tiff/patches/patch-ac new file mode 100644 index 00000000000..126cd35e2e8 --- /dev/null +++ b/graphics/tiff/patches/patch-ac @@ -0,0 +1,60 @@ +$NetBSD: patch-ac,v 1.18.22.1 2008/09/06 02:17:45 rtr Exp $ + +--- libtiff/tif_lzw.c.orig 2006-03-21 16:42:50.000000000 +0000 ++++ libtiff/tif_lzw.c 2008-08-30 09:03:37.000000000 +0100 +@@ -237,6 +237,13 @@ + sp->dec_codetab[code].length = 1; + sp->dec_codetab[code].next = NULL; + } while (code--); ++ /* ++ * Zero-out the unused entries ++ */ ++ _TIFFmemset(&sp->dec_codetab[CODE_CLEAR], 0, ++ (CODE_FIRST-CODE_CLEAR)*sizeof (code_t)); ++ ++ + } + return (1); + } +@@ -408,12 +415,20 @@ + break; + if (code == CODE_CLEAR) { + free_entp = sp->dec_codetab + CODE_FIRST; ++ _TIFFmemset(free_entp, 0, (CSIZE-CODE_FIRST)*sizeof (code_t)); + nbits = BITS_MIN; + nbitsmask = MAXCODE(BITS_MIN); + maxcodep = sp->dec_codetab + nbitsmask-1; + NextCode(tif, sp, bp, code, GetNextCode); + if (code == CODE_EOI) + break; ++ if (code == CODE_CLEAR) { ++ TIFFErrorExt(tif->tif_clientdata, tif->tif_name, ++ "LZWDecode: Corrupted LZW table at scanline %d", ++ tif->tif_row); ++ return (0); ++ } ++ + *op++ = (char)code, occ--; + oldcodep = sp->dec_codetab + code; + continue; +@@ -604,12 +619,20 @@ + break; + if (code == CODE_CLEAR) { + free_entp = sp->dec_codetab + CODE_FIRST; ++ _TIFFmemset(free_entp, 0, (CSIZE-CODE_FIRST)*sizeof (code_t)); + nbits = BITS_MIN; + nbitsmask = MAXCODE(BITS_MIN); + maxcodep = sp->dec_codetab + nbitsmask; + NextCode(tif, sp, bp, code, GetNextCodeCompat); + if (code == CODE_EOI) + break; ++ if (code == CODE_CLEAR) { ++ TIFFErrorExt(tif->tif_clientdata, tif->tif_name, ++ "LZWDecode: Corrupted LZW table at scanline %d", ++ tif->tif_row); ++ return (0); ++ } ++ + *op++ = code, occ--; + oldcodep = sp->dec_codetab + code; + continue; |