diff options
| author | snj <snj> | 2006-06-09 07:29:35 +0000 |
|---|---|---|
| committer | snj <snj> | 2006-06-09 07:29:35 +0000 |
| commit | 3a3d4fd2803a8733242c88e5412b8a4fb289e5b3 (patch) | |
| tree | 42702221b4bbaddc592b1610de9262a622db60c7 | |
| parent | 1d597d392beea0ba9f2063bc088eb73110587dd9 (diff) | |
| download | pkgsrc-3a3d4fd2803a8733242c88e5412b8a4fb289e5b3.tar.gz | |
Pullup ticket 1694 - requested by salo
security update/fix for tiff
Revisions pulled up:
- pkgsrc/graphics/tiff/Makefile 1.79, 1.80, 1.82
- pkgsrc/graphics/tiff/distinfo 1.37-1.38
- pkgsrc/graphics/tiff/PLIST 1.10
- pkgsrc/graphics/tiff/patches/patch-au 1.5
Module Name: pkgsrc
Committed By: drochner
Date: Fri Mar 31 14:31:03 UTC 2006
Modified Files:
pkgsrc/graphics/tiff: Makefile distinfo
Log Message:
update to 3.8.2
changes: bugfixes
---
Module Name: pkgsrc
Committed By: uebayasi
Date: Wed Apr 5 07:04:18 UTC 2006
Modified Files:
pkgsrc/graphics/tiff: Makefile PLIST
Log Message:
A missing entry in PLIST, found by ftp://ftp.NetBSD.org/pub/pkgsrc/misc/kristerw
/pkgstat/i386-2.1/20060404.0711/graphics/tiff/.broken.html.
Reviewed By: reed
---
Module Name: pkgsrc
Committed By: salo
Date: Thu Jun 8 11:05:14 UTC 2006
Modified Files:
pkgsrc/graphics/tiff: Makefile distinfo
Added Files:
pkgsrc/graphics/tiff/patches: patch-au
Log Message:
Security fix for CVE-2006-2193:
"A vulnerability in LibTIFF can be exploited by malicious people to
cause a DoS (Denial of Service) and potentially compromise a user's
system.
The vulnerability is caused due to a boundary error within tiff2pdf
when handling a TIFF file with a "DocumentName" tag that contains
UTF-8 characters. This can be exploited to cause a stack-based buffer
overflow and may allow arbitrary code execution."
http://secunia.com/advisories/20488/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2193
Patch from Ubuntu.
| -rw-r--r-- | graphics/tiff/Makefile | 5 | ||||
| -rw-r--r-- | graphics/tiff/PLIST | 3 | ||||
| -rw-r--r-- | graphics/tiff/distinfo | 9 | ||||
| -rw-r--r-- | graphics/tiff/patches/patch-au | 15 |
4 files changed, 25 insertions, 7 deletions
diff --git a/graphics/tiff/Makefile b/graphics/tiff/Makefile index 2ce207291b8..0ce584c1690 100644 --- a/graphics/tiff/Makefile +++ b/graphics/tiff/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.78 2006/03/14 14:08:30 drochner Exp $ +# $NetBSD: Makefile,v 1.78.2.1 2006/06/09 07:29:35 snj Exp $ -DISTNAME= tiff-3.8.1 +DISTNAME= tiff-3.8.2 +PKGREVISION= 2 CATEGORIES= graphics MASTER_SITES= ftp://ftp.remotesensing.org/pub/libtiff/ \ http://libtiff.maptools.org/dl/ diff --git a/graphics/tiff/PLIST b/graphics/tiff/PLIST index a4cd4230972..8edb1bfb0e5 100644 --- a/graphics/tiff/PLIST +++ b/graphics/tiff/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.9 2006/03/14 14:08:30 drochner Exp $ +@comment $NetBSD: PLIST,v 1.9.2.1 2006/06/09 07:29:35 snj Exp $ bin/bmp2tiff bin/fax2ps bin/fax2tiff @@ -221,6 +221,7 @@ share/doc/tiff/html/v3.7.3.html share/doc/tiff/html/v3.7.4.html share/doc/tiff/html/v3.8.0.html share/doc/tiff/html/v3.8.1.html +share/doc/tiff/html/v3.8.2.html @dirrm share/doc/tiff/html/man @dirrm share/doc/tiff/html/images @dirrm share/doc/tiff/html diff --git a/graphics/tiff/distinfo b/graphics/tiff/distinfo index fb70ff9784e..c175a83a760 100644 --- a/graphics/tiff/distinfo +++ b/graphics/tiff/distinfo @@ -1,8 +1,9 @@ -$NetBSD: distinfo,v 1.36 2006/03/14 14:08:30 drochner Exp $ +$NetBSD: distinfo,v 1.36.2.1 2006/06/09 07:29:35 snj Exp $ -SHA1 (tiff-3.8.1.tar.gz) = 9c18739ec11ec508a0523c3f7e92698660083d00 -RMD160 (tiff-3.8.1.tar.gz) = c99e3e9f1f7ec6c3ac5387e4d3759e3b31bb6ef2 -Size (tiff-3.8.1.tar.gz) = 1334739 bytes +SHA1 (tiff-3.8.2.tar.gz) = 549e67b6a15b42bfcd72fe17cda7c9a198a393eb +RMD160 (tiff-3.8.2.tar.gz) = 1b4d825e3be08764e953fc58246d0c25ab4dd17d +Size (tiff-3.8.2.tar.gz) = 1336295 bytes SHA1 (patch-aa) = edac79a6f3b61e9fc787fe14f750d88023a29bfa SHA1 (patch-ab) = b517cb8bc2212d3e6c5a70db1bdf45b85b78fc72 SHA1 (patch-at) = 4006ed90f6ab88aff30e2537d613a1b44b5c7347 +SHA1 (patch-au) = c53ed7521c3918081526ad63cd0c1c45c9a0b9ff diff --git a/graphics/tiff/patches/patch-au b/graphics/tiff/patches/patch-au new file mode 100644 index 00000000000..391e5d6aea9 --- /dev/null +++ b/graphics/tiff/patches/patch-au @@ -0,0 +1,15 @@ +$NetBSD: patch-au,v 1.4.4.1 2006/06/09 07:29:35 snj Exp $ + +Security fix for CVE-2006-2193, from Ubuntu. + +--- tools/tiff2pdf.c.orig 2006-03-21 17:42:51.000000000 +0100 ++++ tools/tiff2pdf.c 2006-06-08 12:39:11.000000000 +0200 +@@ -3668,7 +3668,7 @@ + written += TIFFWriteFile(output, (tdata_t) "(", 1); + for (i=0;i<len;i++){ + if((pdfstr[i]&0x80) || (pdfstr[i]==127) || (pdfstr[i]<32)){ +- sprintf(buffer, "\\%.3o", pdfstr[i]); ++ sprintf(buffer, "\\%.3hho", pdfstr[i]); + written += TIFFWriteFile(output, (tdata_t) buffer, 4); + } else { + switch (pdfstr[i]){ |