diff options
author | he <he@pkgsrc.org> | 2017-05-06 20:34:40 +0000 |
---|---|---|
committer | he <he@pkgsrc.org> | 2017-05-06 20:34:40 +0000 |
commit | 006e5b77928bf638b879d721116878fadfeb8a91 (patch) | |
tree | 58ead49ccbdcda48f1febf6f2e100a87dbc7afae /graphics | |
parent | 3cb72268f8dbb4969ce04932f0ae58955a107305 (diff) | |
download | pkgsrc-006e5b77928bf638b879d721116878fadfeb8a91.tar.gz |
Fix CVE-2016-10094, ref. http://bugzilla.maptools.org/show_bug.cgi?id=2640
and https://github.com/vadz/libtiff/commit/c7153361a4041260719b340f73f2f76
Bump PKGREVISION.
Diffstat (limited to 'graphics')
-rw-r--r-- | graphics/tiff/Makefile | 4 | ||||
-rw-r--r-- | graphics/tiff/distinfo | 3 | ||||
-rw-r--r-- | graphics/tiff/patches/patch-tools_tiff2pdf.c | 16 |
3 files changed, 20 insertions, 3 deletions
diff --git a/graphics/tiff/Makefile b/graphics/tiff/Makefile index 2197fa80358..2df4cd7007e 100644 --- a/graphics/tiff/Makefile +++ b/graphics/tiff/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.129 2017/05/05 20:14:05 sevan Exp $ +# $NetBSD: Makefile,v 1.130 2017/05/06 20:34:40 he Exp $ DISTNAME= tiff-4.0.7 -PKGREVISION= 5 +PKGREVISION= 6 CATEGORIES= graphics MASTER_SITES= ftp://download.osgeo.org/libtiff/ diff --git a/graphics/tiff/distinfo b/graphics/tiff/distinfo index 5e924a9f053..52c343a827b 100644 --- a/graphics/tiff/distinfo +++ b/graphics/tiff/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.75 2017/05/05 20:14:05 sevan Exp $ +$NetBSD: distinfo,v 1.76 2017/05/06 20:34:40 he Exp $ SHA1 (tiff-4.0.7.tar.gz) = 2c1b64478e88f93522a42dd5271214a0e5eae648 RMD160 (tiff-4.0.7.tar.gz) = 582e19c31e7f29d9ed36995dcad7ad68802cbadb @@ -17,5 +17,6 @@ SHA1 (patch-libtiff_tif_unix.c) = c8312771e567f90de0f77ac8eb66ed5c36e35617 SHA1 (patch-libtiff_tif_win32.c) = 1ea9dcb6618c40b9de3e8d2a81914355f2111fdc SHA1 (patch-libtiff_tiffio.h) = e0efa9e1246e07dbb3a69d626988a18f12ba9d3c SHA1 (patch-man_Makefile.in) = ff073529c9d3ab98a03efa7d98c3263c1782482f +SHA1 (patch-tools_tiff2pdf.c) = ce7a3e77c27ad3cabaa33b5da61cbd1b27f187d1 SHA1 (patch-tools_tiffcp.c) = 42573d15fc66655a09e9227213b0929238f7e651 SHA1 (patch-tools_tiffcrop.c) = 1d729028fb8c05de958424234d5cc2808acc9b25 diff --git a/graphics/tiff/patches/patch-tools_tiff2pdf.c b/graphics/tiff/patches/patch-tools_tiff2pdf.c new file mode 100644 index 00000000000..3aaba95844d --- /dev/null +++ b/graphics/tiff/patches/patch-tools_tiff2pdf.c @@ -0,0 +1,16 @@ +$NetBSD: patch-tools_tiff2pdf.c,v 1.3 2017/05/06 20:34:40 he Exp $ + +Fix CVE-2016-10094, ref. http://bugzilla.maptools.org/show_bug.cgi?id=2640 +and https://github.com/vadz/libtiff/commit/c7153361a4041260719b340f73f2f76 + +--- tools/tiff2pdf.c.orig 2016-11-12 14:58:09.000000000 +0000 ++++ tools/tiff2pdf.c +@@ -2895,7 +2895,7 @@ tsize_t t2p_readwrite_pdf_image_tile(T2P + return(0); + } + if(TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt) != 0) { +- if (count >= 4) { ++ if (count > 4) { + /* Ignore EOI marker of JpegTables */ + _TIFFmemcpy(buffer, jpt, count - 2); + bufferoffset += count - 2; |