pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2008Q2]: pkgsrc/graphics/tiff pullup ticket #2510 - requested ...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/afbc74d04c86
branches:  pkgsrc-2008Q2
changeset: 544312:afbc74d04c86
user:      rtr <rtr%pkgsrc.org@localhost>
date:      Sat Sep 06 02:17:45 2008 +0000

description:
pullup ticket #2510 - requested by tron
tiff: security patch

revisions pulled up:
pkgsrc/graphics/tiff/Makefile           1.86
pkgsrc/graphics/tiff/distinfo           1.41
pkgsrc/graphics/tiff/patches/patch-ac   1.19

   Module Name:    pkgsrc
   Committed By:   tron
   Date:           Sat Aug 30 08:12:45 UTC 2008

   Modified Files:
   pkgsrc/graphics/tiff: Makefile distinfo
   Added Files:
   pkgsrc/graphics/tiff/patches: patch-ac

   Log Message:
   Apply Debian's fix for the security vulnerability reported in
   CVE-2008-2327. Bump package revision.

diffstat:

 graphics/tiff/Makefile         |   4 +-
 graphics/tiff/distinfo         |   3 +-
 graphics/tiff/patches/patch-ac |  60 ++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 64 insertions(+), 3 deletions(-)

diffs (93 lines):

diff -r 69c61afab9b1 -r afbc74d04c86 graphics/tiff/Makefile
--- a/graphics/tiff/Makefile    Fri Sep 05 12:27:12 2008 +0000
+++ b/graphics/tiff/Makefile    Sat Sep 06 02:17:45 2008 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.85 2006/11/02 18:00:43 joerg Exp $
+# $NetBSD: Makefile,v 1.85.16.1 2008/09/06 02:17:45 rtr Exp $
 
 DISTNAME=      tiff-3.8.2
-PKGREVISION=   3
+PKGREVISION=   4
 CATEGORIES=    graphics
 MASTER_SITES=  ftp://ftp.remotesensing.org/pub/libtiff/ \
                http://libtiff.maptools.org/dl/
diff -r 69c61afab9b1 -r afbc74d04c86 graphics/tiff/distinfo
--- a/graphics/tiff/distinfo    Fri Sep 05 12:27:12 2008 +0000
+++ b/graphics/tiff/distinfo    Sat Sep 06 02:17:45 2008 +0000
@@ -1,10 +1,11 @@
-$NetBSD: distinfo,v 1.40 2006/08/03 15:17:49 taca Exp $
+$NetBSD: distinfo,v 1.40.18.1 2008/09/06 02:17:45 rtr Exp $
 
 SHA1 (tiff-3.8.2.tar.gz) = 549e67b6a15b42bfcd72fe17cda7c9a198a393eb
 RMD160 (tiff-3.8.2.tar.gz) = 1b4d825e3be08764e953fc58246d0c25ab4dd17d
 Size (tiff-3.8.2.tar.gz) = 1336295 bytes
 SHA1 (patch-aa) = edac79a6f3b61e9fc787fe14f750d88023a29bfa
 SHA1 (patch-ab) = b517cb8bc2212d3e6c5a70db1bdf45b85b78fc72
+SHA1 (patch-ac) = 14a6651b51c788a7e75666fbf9ead2415748a610
 SHA1 (patch-at) = 4006ed90f6ab88aff30e2537d613a1b44b5c7347
 SHA1 (patch-au) = c53ed7521c3918081526ad63cd0c1c45c9a0b9ff
 SHA1 (patch-av) = 38852ef5028f6c0ad7a3e5497248f264f0cb7366
diff -r 69c61afab9b1 -r afbc74d04c86 graphics/tiff/patches/patch-ac
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/tiff/patches/patch-ac    Sat Sep 06 02:17:45 2008 +0000
@@ -0,0 +1,60 @@
+$NetBSD: patch-ac,v 1.18.22.1 2008/09/06 02:17:45 rtr Exp $
+
+--- libtiff/tif_lzw.c.orig     2006-03-21 16:42:50.000000000 +0000
++++ libtiff/tif_lzw.c  2008-08-30 09:03:37.000000000 +0100
+@@ -237,6 +237,13 @@
+                     sp->dec_codetab[code].length = 1;
+                     sp->dec_codetab[code].next = NULL;
+                 } while (code--);
++                /*
++                 * Zero-out the unused entries
++                 */
++                 _TIFFmemset(&sp->dec_codetab[CODE_CLEAR], 0,
++                 (CODE_FIRST-CODE_CLEAR)*sizeof (code_t));
++
++
+       }
+       return (1);
+ }
+@@ -408,12 +415,20 @@
+                       break;
+               if (code == CODE_CLEAR) {
+                       free_entp = sp->dec_codetab + CODE_FIRST;
++                       _TIFFmemset(free_entp, 0, (CSIZE-CODE_FIRST)*sizeof (code_t));
+                       nbits = BITS_MIN;
+                       nbitsmask = MAXCODE(BITS_MIN);
+                       maxcodep = sp->dec_codetab + nbitsmask-1;
+                       NextCode(tif, sp, bp, code, GetNextCode);
+                       if (code == CODE_EOI)
+                               break;
++                       if (code == CODE_CLEAR) {
++                               TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
++                               "LZWDecode: Corrupted LZW table at scanline %d",
++                               tif->tif_row);
++                               return (0);
++                       }
++
+                       *op++ = (char)code, occ--;
+                       oldcodep = sp->dec_codetab + code;
+                       continue;
+@@ -604,12 +619,20 @@
+                       break;
+               if (code == CODE_CLEAR) {
+                       free_entp = sp->dec_codetab + CODE_FIRST;
++                       _TIFFmemset(free_entp, 0, (CSIZE-CODE_FIRST)*sizeof (code_t));
+                       nbits = BITS_MIN;
+                       nbitsmask = MAXCODE(BITS_MIN);
+                       maxcodep = sp->dec_codetab + nbitsmask;
+                       NextCode(tif, sp, bp, code, GetNextCodeCompat);
+                       if (code == CODE_EOI)
+                               break;
++                       if (code == CODE_CLEAR) {
++                               TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
++                               "LZWDecode: Corrupted LZW table at scanline %d",
++                               tif->tif_row);
++                               return (0);
++                       }
++
+                       *op++ = code, occ--;
+                       oldcodep = sp->dec_codetab + code;
+                       continue;



Home | Main Index | Thread Index | Old Index