diff options
| author | tez <tez@pkgsrc.org> | 2018-06-21 23:11:04 +0000 |
|---|---|---|
| committer | tez <tez@pkgsrc.org> | 2018-06-21 23:11:04 +0000 |
| commit | e068abc0c735ac4a32e54fed5ef82adadc3abcde (patch) | |
| tree | 0008138278cf2c8422de99dc18dbe7bb0fc4baba /graphics/tiff | |
| parent | be8d03d67e00480f8a088fe7d472c4f8325f2d9e (diff) | |
| download | pkgsrc-e068abc0c735ac4a32e54fed5ef82adadc3abcde.tar.gz | |
tiff: fix for CVE-2018-8905
from https://gitlab.com/libtiff/libtiff/commit/58a898cb4459055bb488ca815c23b880c242a27d
Diffstat (limited to 'graphics/tiff')
| -rw-r--r-- | graphics/tiff/Makefile | 4 | ||||
| -rw-r--r-- | graphics/tiff/distinfo | 3 | ||||
| -rw-r--r-- | graphics/tiff/patches/patch-CVE-2018-8905 | 40 |
3 files changed, 44 insertions, 3 deletions
diff --git a/graphics/tiff/Makefile b/graphics/tiff/Makefile index fb7aa148301..cbc0f4798ee 100644 --- a/graphics/tiff/Makefile +++ b/graphics/tiff/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.140 2018/01/16 23:52:06 tez Exp $ +# $NetBSD: Makefile,v 1.141 2018/06/21 23:11:04 tez Exp $ DISTNAME= tiff-4.0.9 -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES= graphics MASTER_SITES= ftp://download.osgeo.org/libtiff/ diff --git a/graphics/tiff/distinfo b/graphics/tiff/distinfo index b3514bbf036..c563fb3afb5 100644 --- a/graphics/tiff/distinfo +++ b/graphics/tiff/distinfo @@ -1,9 +1,10 @@ -$NetBSD: distinfo,v 1.89 2018/01/16 23:52:06 tez Exp $ +$NetBSD: distinfo,v 1.90 2018/06/21 23:11:04 tez Exp $ SHA1 (tiff-4.0.9.tar.gz) = 87d4543579176cc568668617c22baceccd568296 RMD160 (tiff-4.0.9.tar.gz) = ab5b3b7297e79344775b1e70c4d54c90c06836a3 SHA512 (tiff-4.0.9.tar.gz) = 04f3d5eefccf9c1a0393659fe27f3dddd31108c401ba0dc587bca152a1c1f6bc844ba41622ff5572da8cc278593eff8c402b44e7af0a0090e91d326c2d79f6cd Size (tiff-4.0.9.tar.gz) = 2305681 bytes SHA1 (patch-CVE-2017-9935) = d33f3311e5bb96bf415f894237ab4dfcfafd2610 +SHA1 (patch-CVE-2018-8905) = 3a7081957ff2f4d6e777df5a9609ba89eecd8fbc SHA1 (patch-configure) = a0032133f06b6ac92bbf52349fabe83f74ea14a6 SHA1 (patch-tools_pal2rgb.c) = f91652e8013940c162add870ceb9845e2730bc2c diff --git a/graphics/tiff/patches/patch-CVE-2018-8905 b/graphics/tiff/patches/patch-CVE-2018-8905 new file mode 100644 index 00000000000..5df66525568 --- /dev/null +++ b/graphics/tiff/patches/patch-CVE-2018-8905 @@ -0,0 +1,40 @@ +$NetBSD: patch-CVE-2018-8905,v 1.1 2018/06/21 23:11:04 tez Exp $ + +fix CVE-2018-8905 from https://gitlab.com/libtiff/libtiff/commit/58a898cb4459055bb488ca815c23b880c242a27d + + +--- libtiff/tif_lzw.c.orig 2017-07-11 13:27:35.000000000 +0000 ++++ libtiff/tif_lzw.c +@@ -604,6 +604,7 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, t + char *tp; + unsigned char *bp; + int code, nbits; ++ int len; + long nextbits, nextdata, nbitsmask; + code_t *codep, *free_entp, *maxcodep, *oldcodep; + +@@ -755,13 +756,18 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, t + } while (--occ); + break; + } +- assert(occ >= codep->length); +- op += codep->length; +- occ -= codep->length; +- tp = op; ++ len = codep->length; ++ tp = op + len; + do { +- *--tp = codep->value; +- } while( (codep = codep->next) != NULL ); ++ int t; ++ --tp; ++ t = codep->value; ++ codep = codep->next; ++ *tp = (char)t; ++ } while (codep && tp > op); ++ assert(occ >= len); ++ op += len; ++ occ -= len; + } else { + *op++ = (char)code; + occ--; |