pullup ticket #2510 - requested by tron

tiff: security patch

revisions pulled up:
pkgsrc/graphics/tiff/Makefile		1.86
pkgsrc/graphics/tiff/distinfo		1.41
pkgsrc/graphics/tiff/patches/patch-ac	1.19

   Module Name:    pkgsrc
   Committed By:   tron
   Date:           Sat Aug 30 08:12:45 UTC 2008

   Modified Files:
   pkgsrc/graphics/tiff: Makefile distinfo
   Added Files:
   pkgsrc/graphics/tiff/patches: patch-ac

   Log Message:
   Apply Debian's fix for the security vulnerability reported in
   CVE-2008-2327. Bump package revision.

3 files changed, 64 insertions, 3 deletions

diff --git a/graphics/tiff/Makefile b/graphics/tiff/Makefile
index 282ccba36de..7937aea3e83 100644
--- a/graphics/tiff/Makefile
+++ b/graphics/tiff/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.85 2006/11/02 18:00:43 joerg Exp $
+# $NetBSD: Makefile,v 1.85.16.1 2008/09/06 02:17:45 rtr Exp $
 
 DISTNAME=	tiff-3.8.2
-PKGREVISION=	3
+PKGREVISION=	4
 CATEGORIES=	graphics
 MASTER_SITES=	ftp://ftp.remotesensing.org/pub/libtiff/ \
 		http://libtiff.maptools.org/dl/
diff --git a/graphics/tiff/distinfo b/graphics/tiff/distinfo
index 791216f14ff..f46cf972610 100644
--- a/graphics/tiff/distinfo
+++ b/graphics/tiff/distinfo
@@ -1,10 +1,11 @@
-$NetBSD: distinfo,v 1.40 2006/08/03 15:17:49 taca Exp $
+$NetBSD: distinfo,v 1.40.18.1 2008/09/06 02:17:45 rtr Exp $
 
 SHA1 (tiff-3.8.2.tar.gz) = 549e67b6a15b42bfcd72fe17cda7c9a198a393eb
 RMD160 (tiff-3.8.2.tar.gz) = 1b4d825e3be08764e953fc58246d0c25ab4dd17d
 Size (tiff-3.8.2.tar.gz) = 1336295 bytes
 SHA1 (patch-aa) = edac79a6f3b61e9fc787fe14f750d88023a29bfa
 SHA1 (patch-ab) = b517cb8bc2212d3e6c5a70db1bdf45b85b78fc72
+SHA1 (patch-ac) = 14a6651b51c788a7e75666fbf9ead2415748a610
 SHA1 (patch-at) = 4006ed90f6ab88aff30e2537d613a1b44b5c7347
 SHA1 (patch-au) = c53ed7521c3918081526ad63cd0c1c45c9a0b9ff
 SHA1 (patch-av) = 38852ef5028f6c0ad7a3e5497248f264f0cb7366
diff --git a/graphics/tiff/patches/patch-ac b/graphics/tiff/patches/patch-ac
new file mode 100644
index 00000000000..126cd35e2e8
--- /dev/null
+++ b/graphics/tiff/patches/patch-ac
@@ -0,0 +1,60 @@
+$NetBSD: patch-ac,v 1.18.22.1 2008/09/06 02:17:45 rtr Exp $
+
+--- libtiff/tif_lzw.c.orig	2006-03-21 16:42:50.000000000 +0000
++++ libtiff/tif_lzw.c	2008-08-30 09:03:37.000000000 +0100
+@@ -237,6 +237,13 @@
+                     sp->dec_codetab[code].length = 1;
+                     sp->dec_codetab[code].next = NULL;
+                 } while (code--);
++                /*
++                 * Zero-out the unused entries
++                 */
++                 _TIFFmemset(&sp->dec_codetab[CODE_CLEAR], 0,
++                 (CODE_FIRST-CODE_CLEAR)*sizeof (code_t));
++
++
+ 	}
+ 	return (1);
+ }
+@@ -408,12 +415,20 @@
+ 			break;
+ 		if (code == CODE_CLEAR) {
+ 			free_entp = sp->dec_codetab + CODE_FIRST;
++			 _TIFFmemset(free_entp, 0, (CSIZE-CODE_FIRST)*sizeof (code_t));
+ 			nbits = BITS_MIN;
+ 			nbitsmask = MAXCODE(BITS_MIN);
+ 			maxcodep = sp->dec_codetab + nbitsmask-1;
+ 			NextCode(tif, sp, bp, code, GetNextCode);
+ 			if (code == CODE_EOI)
+ 				break;
++			 if (code == CODE_CLEAR) {
++				 TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
++				 "LZWDecode: Corrupted LZW table at scanline %d",
++				 tif->tif_row);
++				 return (0);
++			 }
++
+ 			*op++ = (char)code, occ--;
+ 			oldcodep = sp->dec_codetab + code;
+ 			continue;
+@@ -604,12 +619,20 @@
+ 			break;
+ 		if (code == CODE_CLEAR) {
+ 			free_entp = sp->dec_codetab + CODE_FIRST;
++			 _TIFFmemset(free_entp, 0, (CSIZE-CODE_FIRST)*sizeof (code_t));
+ 			nbits = BITS_MIN;
+ 			nbitsmask = MAXCODE(BITS_MIN);
+ 			maxcodep = sp->dec_codetab + nbitsmask;
+ 			NextCode(tif, sp, bp, code, GetNextCodeCompat);
+ 			if (code == CODE_EOI)
+ 				break;
++			 if (code == CODE_CLEAR) {
++				 TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
++				 "LZWDecode: Corrupted LZW table at scanline %d",
++				 tif->tif_row);
++				 return (0);
++			 }
++
+ 			*op++ = code, occ--;
+ 			oldcodep = sp->dec_codetab + code;
+ 			continue;