pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/graphics/tiff Apply fix for CVE-2016-10093
details: https://anonhg.NetBSD.org/pkgsrc/rev/48547c0d077b
branches: trunk
changeset: 362132:48547c0d077b
user: he <he%pkgsrc.org@localhost>
date: Fri May 05 20:06:02 2017 +0000
description:
Apply fix for CVE-2016-10093
http://bugzilla.maptools.org/show_bug.cgi?id=2610
https://github.com/vadz/libtiff/commit/787c0ee906430b772f33ca50b97b8b5ca070faec
Bump PKGREVISION.
diffstat:
graphics/tiff/Makefile | 4 +-
graphics/tiff/distinfo | 4 +-
graphics/tiff/patches/patch-tools_tiffcp.c | 35 +++++++++++++++++++++++++++++-
3 files changed, 38 insertions(+), 5 deletions(-)
diffs (84 lines):
diff -r 0b109fe9197e -r 48547c0d077b graphics/tiff/Makefile
--- a/graphics/tiff/Makefile Fri May 05 19:28:23 2017 +0000
+++ b/graphics/tiff/Makefile Fri May 05 20:06:02 2017 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.127 2017/05/05 19:16:57 he Exp $
+# $NetBSD: Makefile,v 1.128 2017/05/05 20:06:02 he Exp $
DISTNAME= tiff-4.0.7
-PKGREVISION= 3
+PKGREVISION= 4
CATEGORIES= graphics
MASTER_SITES= ftp://download.osgeo.org/libtiff/
diff -r 0b109fe9197e -r 48547c0d077b graphics/tiff/distinfo
--- a/graphics/tiff/distinfo Fri May 05 19:28:23 2017 +0000
+++ b/graphics/tiff/distinfo Fri May 05 20:06:02 2017 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.73 2017/05/05 19:28:23 he Exp $
+$NetBSD: distinfo,v 1.74 2017/05/05 20:06:02 he Exp $
SHA1 (tiff-4.0.7.tar.gz) = 2c1b64478e88f93522a42dd5271214a0e5eae648
RMD160 (tiff-4.0.7.tar.gz) = 582e19c31e7f29d9ed36995dcad7ad68802cbadb
@@ -15,5 +15,5 @@
SHA1 (patch-libtiff_tif_win32.c) = 1ea9dcb6618c40b9de3e8d2a81914355f2111fdc
SHA1 (patch-libtiff_tiffio.h) = e0efa9e1246e07dbb3a69d626988a18f12ba9d3c
SHA1 (patch-man_Makefile.in) = ff073529c9d3ab98a03efa7d98c3263c1782482f
-SHA1 (patch-tools_tiffcp.c) = fa4846cfb5a52eedfb6dc4ed1306f45e3988ddc3
+SHA1 (patch-tools_tiffcp.c) = 42573d15fc66655a09e9227213b0929238f7e651
SHA1 (patch-tools_tiffcrop.c) = 68ccbde2dc447dfbfb3e15a5c9cfaf2538f27e60
diff -r 0b109fe9197e -r 48547c0d077b graphics/tiff/patches/patch-tools_tiffcp.c
--- a/graphics/tiff/patches/patch-tools_tiffcp.c Fri May 05 19:28:23 2017 +0000
+++ b/graphics/tiff/patches/patch-tools_tiffcp.c Fri May 05 20:06:02 2017 +0000
@@ -1,10 +1,16 @@
-$NetBSD: patch-tools_tiffcp.c,v 1.1 2017/05/03 23:00:59 sevan Exp $
+$NetBSD: patch-tools_tiffcp.c,v 1.2 2017/05/05 20:06:03 he Exp $
CVE-2017-5225
http://bugzilla.maptools.org/show_bug.cgi?id=2656
http://bugzilla.maptools.org/show_bug.cgi?id=2657
https://github.com/vadz/libtiff/commit/5c080298d59efa53264d7248bbe3a04660db6ef7
+and
+
+CVE-2016-10093
+http://bugzilla.maptools.org/show_bug.cgi?id=2610
+https://github.com/vadz/libtiff/commit/787c0ee906430b772f33ca50b97b8b5ca070faec
+
--- tools/tiffcp.c.orig 2016-10-12 01:45:17.000000000 +0000
+++ tools/tiffcp.c
@@ -592,7 +592,7 @@ static copyFunc pickCopyFunc(TIFF*, TIFF
@@ -50,6 +56,33 @@
inbuf = _TIFFmalloc(scanlinesizein);
outbuf = _TIFFmalloc(scanlinesizeout);
+@@ -1163,7 +1183,7 @@ bad:
+
+ static void
+ cpStripToTile(uint8* out, uint8* in,
+- uint32 rows, uint32 cols, int outskew, int inskew)
++ uint32 rows, uint32 cols, int outskew, int64 inskew)
+ {
+ while (rows-- > 0) {
+ uint32 j = cols;
+@@ -1320,7 +1340,7 @@ DECLAREreadFunc(readContigTilesIntoBuffe
+ tdata_t tilebuf;
+ uint32 imagew = TIFFScanlineSize(in);
+ uint32 tilew = TIFFTileRowSize(in);
+- int iskew = imagew - tilew;
++ int64 iskew = (int64)imagew - (int64)tilew;
+ uint8* bufp = (uint8*) buf;
+ uint32 tw, tl;
+ uint32 row;
+@@ -1348,7 +1368,7 @@ DECLAREreadFunc(readContigTilesIntoBuffe
+ status = 0;
+ goto done;
+ }
+- if (colb + tilew > imagew) {
++ if (colb > iskew) {
+ uint32 width = imagew - colb;
+ uint32 oskew = tilew - width;
+ cpStripToTile(bufp + colb,
@@ -1763,7 +1783,7 @@ pickCopyFunc(TIFF* in, TIFF* out, uint16
uint32 w, l, tw, tl;
int bychunk;
Home |
Main Index |
Thread Index |
Old Index