diff options
| author | he <he@pkgsrc.org> | 2017-05-06 21:37:16 +0000 |
|---|---|---|
| committer | he <he@pkgsrc.org> | 2017-05-06 21:37:16 +0000 |
| commit | 3a2e9448bd3528b4e3ab93322ded0f98c40f1814 (patch) | |
| tree | 516b5e76680f897d2c53f61a025886c37108a501 | |
| parent | 4137fd22bde3c5984d45c63535408aa62c18a360 (diff) | |
| download | pkgsrc-3a2e9448bd3528b4e3ab93322ded0f98c40f1814.tar.gz | |
Fix CVE-2016-10268, ref.
http://bugzilla.maptools.org/show_bug.cgi?id=2598
https://github.com/vadz/libtiff/commit/5397a417e61258c69209904e652a1f409ec3b9df
Bump PKGREVISION.
| -rw-r--r-- | graphics/tiff/Makefile | 4 | ||||
| -rw-r--r-- | graphics/tiff/distinfo | 4 | ||||
| -rw-r--r-- | graphics/tiff/patches/patch-tools_tiffcp.c | 17 |
3 files changed, 20 insertions, 5 deletions
diff --git a/graphics/tiff/Makefile b/graphics/tiff/Makefile index df6bc1cc868..db113f8f92e 100644 --- a/graphics/tiff/Makefile +++ b/graphics/tiff/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.132 2017/05/06 21:29:16 he Exp $ +# $NetBSD: Makefile,v 1.133 2017/05/06 21:37:16 he Exp $ DISTNAME= tiff-4.0.7 -PKGREVISION= 8 +PKGREVISION= 9 CATEGORIES= graphics MASTER_SITES= ftp://download.osgeo.org/libtiff/ diff --git a/graphics/tiff/distinfo b/graphics/tiff/distinfo index 433269fc207..85b196b96af 100644 --- a/graphics/tiff/distinfo +++ b/graphics/tiff/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.78 2017/05/06 21:29:16 he Exp $ +$NetBSD: distinfo,v 1.79 2017/05/06 21:37:16 he Exp $ SHA1 (tiff-4.0.7.tar.gz) = 2c1b64478e88f93522a42dd5271214a0e5eae648 RMD160 (tiff-4.0.7.tar.gz) = 582e19c31e7f29d9ed36995dcad7ad68802cbadb @@ -21,5 +21,5 @@ SHA1 (patch-libtiff_tif_win32.c) = 1ea9dcb6618c40b9de3e8d2a81914355f2111fdc SHA1 (patch-libtiff_tiffio.h) = e0efa9e1246e07dbb3a69d626988a18f12ba9d3c SHA1 (patch-man_Makefile.in) = ff073529c9d3ab98a03efa7d98c3263c1782482f SHA1 (patch-tools_tiff2pdf.c) = ce7a3e77c27ad3cabaa33b5da61cbd1b27f187d1 -SHA1 (patch-tools_tiffcp.c) = 42573d15fc66655a09e9227213b0929238f7e651 +SHA1 (patch-tools_tiffcp.c) = bd6abd9dc6e044ff04d761d999fabfb0919ba0db SHA1 (patch-tools_tiffcrop.c) = 1d729028fb8c05de958424234d5cc2808acc9b25 diff --git a/graphics/tiff/patches/patch-tools_tiffcp.c b/graphics/tiff/patches/patch-tools_tiffcp.c index 63ee22c61b0..ea1eb05cd56 100644 --- a/graphics/tiff/patches/patch-tools_tiffcp.c +++ b/graphics/tiff/patches/patch-tools_tiffcp.c @@ -1,4 +1,4 @@ -$NetBSD: patch-tools_tiffcp.c,v 1.2 2017/05/05 20:06:03 he Exp $ +$NetBSD: patch-tools_tiffcp.c,v 1.3 2017/05/06 21:37:16 he Exp $ CVE-2017-5225 http://bugzilla.maptools.org/show_bug.cgi?id=2656 @@ -11,6 +11,12 @@ CVE-2016-10093 http://bugzilla.maptools.org/show_bug.cgi?id=2610 https://github.com/vadz/libtiff/commit/787c0ee906430b772f33ca50b97b8b5ca070faec +and + +CVE-2016-10268 +http://bugzilla.maptools.org/show_bug.cgi?id=2598 +https://github.com/vadz/libtiff/commit/5397a417e61258c69209904e652a1f409ec3b9df + --- tools/tiffcp.c.orig 2016-10-12 01:45:17.000000000 +0000 +++ tools/tiffcp.c @@ -592,7 +592,7 @@ static copyFunc pickCopyFunc(TIFF*, TIFF @@ -22,6 +28,15 @@ https://github.com/vadz/libtiff/commit/787c0ee906430b772f33ca50b97b8b5ca070faec uint16 input_compression, input_photometric = PHOTOMETRIC_MINISBLACK; copyFunc cf; uint32 width, length; +@@ -985,7 +985,7 @@ DECLAREcpFunc(cpDecodedStrips) + tstrip_t s, ns = TIFFNumberOfStrips(in); + uint32 row = 0; + _TIFFmemset(buf, 0, stripsize); +- for (s = 0; s < ns; s++) { ++ for (s = 0; s < ns && row < imagelength; s++) { + tsize_t cc = (row + rowsperstrip > imagelength) ? + TIFFVStripSize(in, imagelength - row) : stripsize; + if (TIFFReadEncodedStrip(in, s, buf, cc) < 0 @@ -1068,6 +1068,16 @@ DECLAREcpFunc(cpContig2SeparateByRow) register uint32 n; uint32 row; |