diff options
author | sbd <sbd> | 2011-03-13 21:10:18 +0000 |
---|---|---|
committer | sbd <sbd> | 2011-03-13 21:10:18 +0000 |
commit | 8b2af12fa4ec6fd99b703f5fac1abc8620b33f60 (patch) | |
tree | d6109478d342f153736747f81ffdda67cc17e01b | |
parent | 7e21ca736c5f2a658c71f5f803eb1c92c8021149 (diff) | |
download | pkgsrc-8b2af12fa4ec6fd99b703f5fac1abc8620b33f60.tar.gz |
Pullup ticket #3388 - requested by tron
Security update for graphic/tiff
Revisions pulled up:
- graphics/tiff/Makefile 1.99
- graphics/tiff/distinfo 1.50
- graphics/tiff/patches/patch-SA43593 1.1
---
Module Name: pkgsrc
Committed By: tron
Date: Sat Mar 12 16:10:43 UTC 2011
Modified Files:
pkgsrc/graphics/tiff: Makefile distinfo
Added Files:
pkgsrc/graphics/tiff/patches: patch-SA43593
Log Message:
Add fix for vulnerability reported in SA43593 taken from the
"libtiff" CVS repository.
-rw-r--r-- | graphics/tiff/Makefile | 4 | ||||
-rw-r--r-- | graphics/tiff/distinfo | 3 | ||||
-rw-r--r-- | graphics/tiff/patches/patch-SA43593 | 20 |
3 files changed, 24 insertions, 3 deletions
diff --git a/graphics/tiff/Makefile b/graphics/tiff/Makefile index b62f032d218..2e82f505746 100644 --- a/graphics/tiff/Makefile +++ b/graphics/tiff/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.98 2010/12/23 11:44:46 dsainty Exp $ +# $NetBSD: Makefile,v 1.98.2.1 2011/03/13 21:10:18 sbd Exp $ DISTNAME= tiff-3.9.4 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= graphics MASTER_SITES= ftp://ftp.remotesensing.org/pub/libtiff/ \ http://libtiff.maptools.org/dl/ diff --git a/graphics/tiff/distinfo b/graphics/tiff/distinfo index 92a8e3875ab..ebd32a2fcf0 100644 --- a/graphics/tiff/distinfo +++ b/graphics/tiff/distinfo @@ -1,8 +1,9 @@ -$NetBSD: distinfo,v 1.49 2010/08/04 17:48:22 tron Exp $ +$NetBSD: distinfo,v 1.49.4.1 2011/03/13 21:10:18 sbd Exp $ SHA1 (tiff-3.9.4.tar.gz) = a4e32d55afbbcabd0391a9c89995e8e8a19961de RMD160 (tiff-3.9.4.tar.gz) = 3e0a74b6294297c16fb983ad68056a1dfbbdb1de Size (tiff-3.9.4.tar.gz) = 1436968 bytes +SHA1 (patch-SA43593) = d24ff27a7a2e659c632d5a5fb720a908915e8595 SHA1 (patch-aa) = 0ed02eb18454f4d91bf2fad6b9262bc442cd0822 SHA1 (patch-ab) = 66101ec437ff222d629120e52e2011ea5b36dca0 SHA1 (patch-ac) = 7211eebf68e73790ac1263efb16943e59cbffa95 diff --git a/graphics/tiff/patches/patch-SA43593 b/graphics/tiff/patches/patch-SA43593 new file mode 100644 index 00000000000..76a5f913b04 --- /dev/null +++ b/graphics/tiff/patches/patch-SA43593 @@ -0,0 +1,20 @@ +$NetBSD: patch-SA43593,v 1.1.2.2 2011/03/13 21:10:19 sbd Exp $ + +Fix heap-based buffer overflow which causes the vulnerability reported +in SA43593. Patch taken from the "libtiff" CVS repository. + +--- libtiff/tif_fax3.h 8 Jun 2010 18:50:42 -0000 1.5.2.1 ++++ libtiff/tif_fax3.h 10 Mar 2011 20:22:33 -0000 1.5.2.3 +@@ -478,6 +478,12 @@ + break; \ + case S_VL: \ + CHECK_b1; \ ++ if (b1 <= (int) (a0 + TabEnt->Param)) { \ ++ if (b1 < (int) (a0 + TabEnt->Param) || pa != thisrun) { \ ++ unexpected("VL", a0); \ ++ goto eol2d; \ ++ } \ ++ } \ + SETVALUE(b1 - a0 - TabEnt->Param); \ + b1 -= *--pb; \ + break; \ |