pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/graphics/tiff
Module Name: pkgsrc
Committed By: tez
Date: Thu Jun 21 23:11:04 UTC 2018
Modified Files:
pkgsrc/graphics/tiff: Makefile distinfo
Added Files:
pkgsrc/graphics/tiff/patches: patch-CVE-2018-8905
Log Message:
tiff: fix for CVE-2018-8905
from https://gitlab.com/libtiff/libtiff/commit/58a898cb4459055bb488ca815c23b880c242a27d
To generate a diff of this commit:
cvs rdiff -u -r1.140 -r1.141 pkgsrc/graphics/tiff/Makefile
cvs rdiff -u -r1.89 -r1.90 pkgsrc/graphics/tiff/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/graphics/tiff/patches/patch-CVE-2018-8905
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/graphics/tiff/Makefile
diff -u pkgsrc/graphics/tiff/Makefile:1.140 pkgsrc/graphics/tiff/Makefile:1.141
--- pkgsrc/graphics/tiff/Makefile:1.140 Tue Jan 16 23:52:06 2018
+++ pkgsrc/graphics/tiff/Makefile Thu Jun 21 23:11:04 2018
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.140 2018/01/16 23:52:06 tez Exp $
+# $NetBSD: Makefile,v 1.141 2018/06/21 23:11:04 tez Exp $
DISTNAME= tiff-4.0.9
-PKGREVISION= 2
+PKGREVISION= 3
CATEGORIES= graphics
MASTER_SITES= ftp://download.osgeo.org/libtiff/
Index: pkgsrc/graphics/tiff/distinfo
diff -u pkgsrc/graphics/tiff/distinfo:1.89 pkgsrc/graphics/tiff/distinfo:1.90
--- pkgsrc/graphics/tiff/distinfo:1.89 Tue Jan 16 23:52:06 2018
+++ pkgsrc/graphics/tiff/distinfo Thu Jun 21 23:11:04 2018
@@ -1,9 +1,10 @@
-$NetBSD: distinfo,v 1.89 2018/01/16 23:52:06 tez Exp $
+$NetBSD: distinfo,v 1.90 2018/06/21 23:11:04 tez Exp $
SHA1 (tiff-4.0.9.tar.gz) = 87d4543579176cc568668617c22baceccd568296
RMD160 (tiff-4.0.9.tar.gz) = ab5b3b7297e79344775b1e70c4d54c90c06836a3
SHA512 (tiff-4.0.9.tar.gz) = 04f3d5eefccf9c1a0393659fe27f3dddd31108c401ba0dc587bca152a1c1f6bc844ba41622ff5572da8cc278593eff8c402b44e7af0a0090e91d326c2d79f6cd
Size (tiff-4.0.9.tar.gz) = 2305681 bytes
SHA1 (patch-CVE-2017-9935) = d33f3311e5bb96bf415f894237ab4dfcfafd2610
+SHA1 (patch-CVE-2018-8905) = 3a7081957ff2f4d6e777df5a9609ba89eecd8fbc
SHA1 (patch-configure) = a0032133f06b6ac92bbf52349fabe83f74ea14a6
SHA1 (patch-tools_pal2rgb.c) = f91652e8013940c162add870ceb9845e2730bc2c
Added files:
Index: pkgsrc/graphics/tiff/patches/patch-CVE-2018-8905
diff -u /dev/null pkgsrc/graphics/tiff/patches/patch-CVE-2018-8905:1.1
--- /dev/null Thu Jun 21 23:11:04 2018
+++ pkgsrc/graphics/tiff/patches/patch-CVE-2018-8905 Thu Jun 21 23:11:04 2018
@@ -0,0 +1,40 @@
+$NetBSD: patch-CVE-2018-8905,v 1.1 2018/06/21 23:11:04 tez Exp $
+
+fix CVE-2018-8905 from https://gitlab.com/libtiff/libtiff/commit/58a898cb4459055bb488ca815c23b880c242a27d
+
+
+--- libtiff/tif_lzw.c.orig 2017-07-11 13:27:35.000000000 +0000
++++ libtiff/tif_lzw.c
+@@ -604,6 +604,7 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, t
+ char *tp;
+ unsigned char *bp;
+ int code, nbits;
++ int len;
+ long nextbits, nextdata, nbitsmask;
+ code_t *codep, *free_entp, *maxcodep, *oldcodep;
+
+@@ -755,13 +756,18 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, t
+ } while (--occ);
+ break;
+ }
+- assert(occ >= codep->length);
+- op += codep->length;
+- occ -= codep->length;
+- tp = op;
++ len = codep->length;
++ tp = op + len;
+ do {
+- *--tp = codep->value;
+- } while( (codep = codep->next) != NULL );
++ int t;
++ --tp;
++ t = codep->value;
++ codep = codep->next;
++ *tp = (char)t;
++ } while (codep && tp > op);
++ assert(occ >= len);
++ op += len;
++ occ -= len;
+ } else {
+ *op++ = (char)code;
+ occ--;
Home |
Main Index |
Thread Index |
Old Index