pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/graphics/tiff tiff: fix for CVE-2018-8905
details: https://anonhg.NetBSD.org/pkgsrc/rev/20f71f29772d
branches: trunk
changeset: 309678:20f71f29772d
user: tez <tez%pkgsrc.org@localhost>
date: Thu Jun 21 23:11:04 2018 +0000
description:
tiff: fix for CVE-2018-8905
from https://gitlab.com/libtiff/libtiff/commit/58a898cb4459055bb488ca815c23b880c242a27d
diffstat:
graphics/tiff/Makefile | 4 +-
graphics/tiff/distinfo | 3 +-
graphics/tiff/patches/patch-CVE-2018-8905 | 40 +++++++++++++++++++++++++++++++
3 files changed, 44 insertions(+), 3 deletions(-)
diffs (72 lines):
diff -r 7cda5a82dfd4 -r 20f71f29772d graphics/tiff/Makefile
--- a/graphics/tiff/Makefile Thu Jun 21 23:10:50 2018 +0000
+++ b/graphics/tiff/Makefile Thu Jun 21 23:11:04 2018 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.140 2018/01/16 23:52:06 tez Exp $
+# $NetBSD: Makefile,v 1.141 2018/06/21 23:11:04 tez Exp $
DISTNAME= tiff-4.0.9
-PKGREVISION= 2
+PKGREVISION= 3
CATEGORIES= graphics
MASTER_SITES= ftp://download.osgeo.org/libtiff/
diff -r 7cda5a82dfd4 -r 20f71f29772d graphics/tiff/distinfo
--- a/graphics/tiff/distinfo Thu Jun 21 23:10:50 2018 +0000
+++ b/graphics/tiff/distinfo Thu Jun 21 23:11:04 2018 +0000
@@ -1,9 +1,10 @@
-$NetBSD: distinfo,v 1.89 2018/01/16 23:52:06 tez Exp $
+$NetBSD: distinfo,v 1.90 2018/06/21 23:11:04 tez Exp $
SHA1 (tiff-4.0.9.tar.gz) = 87d4543579176cc568668617c22baceccd568296
RMD160 (tiff-4.0.9.tar.gz) = ab5b3b7297e79344775b1e70c4d54c90c06836a3
SHA512 (tiff-4.0.9.tar.gz) = 04f3d5eefccf9c1a0393659fe27f3dddd31108c401ba0dc587bca152a1c1f6bc844ba41622ff5572da8cc278593eff8c402b44e7af0a0090e91d326c2d79f6cd
Size (tiff-4.0.9.tar.gz) = 2305681 bytes
SHA1 (patch-CVE-2017-9935) = d33f3311e5bb96bf415f894237ab4dfcfafd2610
+SHA1 (patch-CVE-2018-8905) = 3a7081957ff2f4d6e777df5a9609ba89eecd8fbc
SHA1 (patch-configure) = a0032133f06b6ac92bbf52349fabe83f74ea14a6
SHA1 (patch-tools_pal2rgb.c) = f91652e8013940c162add870ceb9845e2730bc2c
diff -r 7cda5a82dfd4 -r 20f71f29772d graphics/tiff/patches/patch-CVE-2018-8905
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/tiff/patches/patch-CVE-2018-8905 Thu Jun 21 23:11:04 2018 +0000
@@ -0,0 +1,40 @@
+$NetBSD: patch-CVE-2018-8905,v 1.1 2018/06/21 23:11:04 tez Exp $
+
+fix CVE-2018-8905 from https://gitlab.com/libtiff/libtiff/commit/58a898cb4459055bb488ca815c23b880c242a27d
+
+
+--- libtiff/tif_lzw.c.orig 2017-07-11 13:27:35.000000000 +0000
++++ libtiff/tif_lzw.c
+@@ -604,6 +604,7 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, t
+ char *tp;
+ unsigned char *bp;
+ int code, nbits;
++ int len;
+ long nextbits, nextdata, nbitsmask;
+ code_t *codep, *free_entp, *maxcodep, *oldcodep;
+
+@@ -755,13 +756,18 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, t
+ } while (--occ);
+ break;
+ }
+- assert(occ >= codep->length);
+- op += codep->length;
+- occ -= codep->length;
+- tp = op;
++ len = codep->length;
++ tp = op + len;
+ do {
+- *--tp = codep->value;
+- } while( (codep = codep->next) != NULL );
++ int t;
++ --tp;
++ t = codep->value;
++ codep = codep->next;
++ *tp = (char)t;
++ } while (codep && tp > op);
++ assert(occ >= len);
++ op += len;
++ occ -= len;
+ } else {
+ *op++ = (char)code;
+ occ--;
Home |
Main Index |
Thread Index |
Old Index