diff options
author | tron <tron> | 2008-08-30 08:12:45 +0000 |
---|---|---|
committer | tron <tron> | 2008-08-30 08:12:45 +0000 |
commit | 1413a90d895827a421313ab4ec289f45752681c3 (patch) | |
tree | d87dd1de7a7d33ca316c2a964321a2346c2f33e0 /graphics/tiff | |
parent | 9951f987f2aca81d41e5f47e5309e38832ee5bf8 (diff) | |
download | pkgsrc-1413a90d895827a421313ab4ec289f45752681c3.tar.gz |
Apply Debian's fix for the security vulnerability reported in
CVE-2008-2327. Bump package revision.
Diffstat (limited to 'graphics/tiff')
-rw-r--r-- | graphics/tiff/Makefile | 4 | ||||
-rw-r--r-- | graphics/tiff/distinfo | 3 | ||||
-rw-r--r-- | graphics/tiff/patches/patch-ac | 60 |
3 files changed, 64 insertions, 3 deletions
diff --git a/graphics/tiff/Makefile b/graphics/tiff/Makefile index 282ccba36de..3efccbe88c3 100644 --- a/graphics/tiff/Makefile +++ b/graphics/tiff/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.85 2006/11/02 18:00:43 joerg Exp $ +# $NetBSD: Makefile,v 1.86 2008/08/30 08:12:45 tron Exp $ DISTNAME= tiff-3.8.2 -PKGREVISION= 3 +PKGREVISION= 4 CATEGORIES= graphics MASTER_SITES= ftp://ftp.remotesensing.org/pub/libtiff/ \ http://libtiff.maptools.org/dl/ diff --git a/graphics/tiff/distinfo b/graphics/tiff/distinfo index 791216f14ff..122c32ebbcf 100644 --- a/graphics/tiff/distinfo +++ b/graphics/tiff/distinfo @@ -1,10 +1,11 @@ -$NetBSD: distinfo,v 1.40 2006/08/03 15:17:49 taca Exp $ +$NetBSD: distinfo,v 1.41 2008/08/30 08:12:45 tron Exp $ SHA1 (tiff-3.8.2.tar.gz) = 549e67b6a15b42bfcd72fe17cda7c9a198a393eb RMD160 (tiff-3.8.2.tar.gz) = 1b4d825e3be08764e953fc58246d0c25ab4dd17d Size (tiff-3.8.2.tar.gz) = 1336295 bytes SHA1 (patch-aa) = edac79a6f3b61e9fc787fe14f750d88023a29bfa SHA1 (patch-ab) = b517cb8bc2212d3e6c5a70db1bdf45b85b78fc72 +SHA1 (patch-ac) = 14a6651b51c788a7e75666fbf9ead2415748a610 SHA1 (patch-at) = 4006ed90f6ab88aff30e2537d613a1b44b5c7347 SHA1 (patch-au) = c53ed7521c3918081526ad63cd0c1c45c9a0b9ff SHA1 (patch-av) = 38852ef5028f6c0ad7a3e5497248f264f0cb7366 diff --git a/graphics/tiff/patches/patch-ac b/graphics/tiff/patches/patch-ac new file mode 100644 index 00000000000..56038e96193 --- /dev/null +++ b/graphics/tiff/patches/patch-ac @@ -0,0 +1,60 @@ +$NetBSD: patch-ac,v 1.19 2008/08/30 08:12:45 tron Exp $ + +--- libtiff/tif_lzw.c.orig 2006-03-21 16:42:50.000000000 +0000 ++++ libtiff/tif_lzw.c 2008-08-30 09:03:37.000000000 +0100 +@@ -237,6 +237,13 @@ + sp->dec_codetab[code].length = 1; + sp->dec_codetab[code].next = NULL; + } while (code--); ++ /* ++ * Zero-out the unused entries ++ */ ++ _TIFFmemset(&sp->dec_codetab[CODE_CLEAR], 0, ++ (CODE_FIRST-CODE_CLEAR)*sizeof (code_t)); ++ ++ + } + return (1); + } +@@ -408,12 +415,20 @@ + break; + if (code == CODE_CLEAR) { + free_entp = sp->dec_codetab + CODE_FIRST; ++ _TIFFmemset(free_entp, 0, (CSIZE-CODE_FIRST)*sizeof (code_t)); + nbits = BITS_MIN; + nbitsmask = MAXCODE(BITS_MIN); + maxcodep = sp->dec_codetab + nbitsmask-1; + NextCode(tif, sp, bp, code, GetNextCode); + if (code == CODE_EOI) + break; ++ if (code == CODE_CLEAR) { ++ TIFFErrorExt(tif->tif_clientdata, tif->tif_name, ++ "LZWDecode: Corrupted LZW table at scanline %d", ++ tif->tif_row); ++ return (0); ++ } ++ + *op++ = (char)code, occ--; + oldcodep = sp->dec_codetab + code; + continue; +@@ -604,12 +619,20 @@ + break; + if (code == CODE_CLEAR) { + free_entp = sp->dec_codetab + CODE_FIRST; ++ _TIFFmemset(free_entp, 0, (CSIZE-CODE_FIRST)*sizeof (code_t)); + nbits = BITS_MIN; + nbitsmask = MAXCODE(BITS_MIN); + maxcodep = sp->dec_codetab + nbitsmask; + NextCode(tif, sp, bp, code, GetNextCodeCompat); + if (code == CODE_EOI) + break; ++ if (code == CODE_CLEAR) { ++ TIFFErrorExt(tif->tif_clientdata, tif->tif_name, ++ "LZWDecode: Corrupted LZW table at scanline %d", ++ tif->tif_row); ++ return (0); ++ } ++ + *op++ = code, occ--; + oldcodep = sp->dec_codetab + code; + continue; |