From 0822502ebe6d94eaf5371bf12d31d9dcf88fa61e Mon Sep 17 00:00:00 2001 From: wiz Date: Thu, 19 Jul 2012 21:41:45 +0000 Subject: Fix CVE-2012-3401, buffer overflow in tiff2pdf. Bump PKGREVISION. --- graphics/tiff/Makefile | 3 ++- graphics/tiff/distinfo | 3 ++- graphics/tiff/patches/patch-tools_tiff2pdf.c | 14 ++++++++++++++ 3 files changed, 18 insertions(+), 2 deletions(-) create mode 100644 graphics/tiff/patches/patch-tools_tiff2pdf.c (limited to 'graphics/tiff') diff --git a/graphics/tiff/Makefile b/graphics/tiff/Makefile index e8696a03395..efbc88fe335 100644 --- a/graphics/tiff/Makefile +++ b/graphics/tiff/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.105 2012/06/20 21:07:14 wiz Exp $ +# $NetBSD: Makefile,v 1.106 2012/07/19 21:41:45 wiz Exp $ DISTNAME= tiff-4.0.2 +PKGREVISION= 1 CATEGORIES= graphics MASTER_SITES= ftp://ftp.remotesensing.org/pub/libtiff/ \ http://libtiff.maptools.org/dl/ diff --git a/graphics/tiff/distinfo b/graphics/tiff/distinfo index 06aa5d39271..13abffb3b86 100644 --- a/graphics/tiff/distinfo +++ b/graphics/tiff/distinfo @@ -1,6 +1,7 @@ -$NetBSD: distinfo,v 1.56 2012/06/20 21:07:14 wiz Exp $ +$NetBSD: distinfo,v 1.57 2012/07/19 21:41:45 wiz Exp $ SHA1 (tiff-4.0.2.tar.gz) = d84b7b33a6cfb3d15ca386c8c16b05047f8b5352 RMD160 (tiff-4.0.2.tar.gz) = 520c5a6d17d1b0c3957e3889b66eadce0accf53f Size (tiff-4.0.2.tar.gz) = 2022814 bytes SHA1 (patch-configure) = 0e86c6d69783333c03d6241e1824f68602f3c732 +SHA1 (patch-tools_tiff2pdf.c) = bb2099fce1907e27ff646cf5f33ff3d275e5515a diff --git a/graphics/tiff/patches/patch-tools_tiff2pdf.c b/graphics/tiff/patches/patch-tools_tiff2pdf.c new file mode 100644 index 00000000000..7cfe7943acf --- /dev/null +++ b/graphics/tiff/patches/patch-tools_tiff2pdf.c @@ -0,0 +1,14 @@ +$NetBSD: patch-tools_tiff2pdf.c,v 1.1 2012/07/19 21:41:45 wiz Exp $ + +CVE-2012-3401, buffer overflow in tiff2pdf + +--- tools/tiff2pdf.c.orig 2012-06-15 21:51:54.000000000 +0000 ++++ tools/tiff2pdf.c +@@ -1066,6 +1066,7 @@ void t2p_read_tiff_init(T2P* t2p, TIFF* + "Can't set directory %u of input file %s", + i, + TIFFFileName(input)); ++ t2p->t2p_error = T2P_ERR_ERROR; + return; + } + if(TIFFGetField(input, TIFFTAG_PAGENUMBER, &pagen, &paged)){ -- cgit v1.2.3