diff options
| author | drochner <drochner@pkgsrc.org> | 2011-03-30 18:39:04 +0000 |
|---|---|---|
| committer | drochner <drochner@pkgsrc.org> | 2011-03-30 18:39:04 +0000 |
| commit | 280a749958d978c4695b0316d6d27a8c095a45c2 (patch) | |
| tree | 1b96d75bb7fa81fa3cd48ae3db2b26708accc0a4 /geography | |
| parent | e2782e02c85fd42073d9d5c7168df8a4b586b9a9 (diff) | |
| download | pkgsrc-280a749958d978c4695b0316d6d27a8c095a45c2.tar.gz | |
apply the fix for SA43593 also to gdal's bundled libtiff
(just copied from pkgsrc/tiff)
bump PKGREV (this was also necessary for the recent update
of xerces-c which changed the shlib name)
Diffstat (limited to 'geography')
| -rw-r--r-- | geography/gdal-lib/Makefile | 4 | ||||
| -rw-r--r-- | geography/gdal-lib/distinfo | 3 | ||||
| -rw-r--r-- | geography/gdal-lib/patches/patch-SA43593 | 20 |
3 files changed, 24 insertions, 3 deletions
diff --git a/geography/gdal-lib/Makefile b/geography/gdal-lib/Makefile index 4ecef818df3..00501a9f426 100644 --- a/geography/gdal-lib/Makefile +++ b/geography/gdal-lib/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.37 2011/03/09 16:33:20 drochner Exp $ +# $NetBSD: Makefile,v 1.38 2011/03/30 18:39:04 drochner Exp $ DISTNAME= gdal-1.8.0 PKGNAME= gdal-lib-1.8.0 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= geography MASTER_SITES= http://download.osgeo.org/gdal/ diff --git a/geography/gdal-lib/distinfo b/geography/gdal-lib/distinfo index 37028fb3575..a006c57878d 100644 --- a/geography/gdal-lib/distinfo +++ b/geography/gdal-lib/distinfo @@ -1,6 +1,7 @@ -$NetBSD: distinfo,v 1.14 2011/02/10 03:45:09 brook Exp $ +$NetBSD: distinfo,v 1.15 2011/03/30 18:39:05 drochner Exp $ SHA1 (gdal-1.8.0.tar.gz) = e5a2802933054050c6fb0b0a0e1f46b5dd195b0a RMD160 (gdal-1.8.0.tar.gz) = 0e116f41b23ff5b44c692f56459facab332c6201 Size (gdal-1.8.0.tar.gz) = 8837824 bytes +SHA1 (patch-SA43593) = 896b39c25d819e40c8d774ae6a04653df1645eea SHA1 (patch-ab) = 2d13b396a79883d41751148762ad10839e6e18dc diff --git a/geography/gdal-lib/patches/patch-SA43593 b/geography/gdal-lib/patches/patch-SA43593 new file mode 100644 index 00000000000..7172cc0fadd --- /dev/null +++ b/geography/gdal-lib/patches/patch-SA43593 @@ -0,0 +1,20 @@ +$NetBSD: patch-SA43593,v 1.1 2011/03/30 18:39:05 drochner Exp $ + +Fix heap-based buffer overflow which causes the vulnerability reported +in SA43593. Patch taken from the "libtiff" CVS repository. + +--- frmts/gtiff/libtiff/tif_fax3.h 8 Jun 2010 18:50:42 -0000 1.5.2.1 ++++ frmts/gtiff/libtiff/tif_fax3.h 10 Mar 2011 20:22:33 -0000 1.5.2.3 +@@ -478,6 +478,12 @@ + break; \ + case S_VL: \ + CHECK_b1; \ ++ if (b1 <= (int) (a0 + TabEnt->Param)) { \ ++ if (b1 < (int) (a0 + TabEnt->Param) || pa != thisrun) { \ ++ unexpected("VL", a0); \ ++ goto eol2d; \ ++ } \ ++ } \ + SETVALUE(b1 - a0 - TabEnt->Param); \ + b1 -= *--pb; \ + break; \ |