pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/graphics/tiff tiff: add my own patch for CVE-2017-17095.
details: https://anonhg.NetBSD.org/pkgsrc/rev/769da3aef850
branches: trunk
changeset: 372337:769da3aef850
user: maya <maya%pkgsrc.org@localhost>
date: Sun Dec 03 09:07:06 2017 +0000
description:
tiff: add my own patch for CVE-2017-17095.
bump PKGREVISION
diffstat:
graphics/tiff/Makefile | 4 ++--
graphics/tiff/distinfo | 3 ++-
graphics/tiff/patches/patch-tools_pal2rgb.c | 23 +++++++++++++++++++++++
3 files changed, 27 insertions(+), 3 deletions(-)
diffs (53 lines):
diff -r 2cdacab68ad6 -r 769da3aef850 graphics/tiff/Makefile
--- a/graphics/tiff/Makefile Sun Dec 03 08:50:02 2017 +0000
+++ b/graphics/tiff/Makefile Sun Dec 03 09:07:06 2017 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.138 2017/11/19 16:31:04 he Exp $
+# $NetBSD: Makefile,v 1.139 2017/12/03 09:07:06 maya Exp $
DISTNAME= tiff-4.0.9
-#PKGREVISION= 1
+PKGREVISION= 1
CATEGORIES= graphics
MASTER_SITES= ftp://download.osgeo.org/libtiff/
diff -r 2cdacab68ad6 -r 769da3aef850 graphics/tiff/distinfo
--- a/graphics/tiff/distinfo Sun Dec 03 08:50:02 2017 +0000
+++ b/graphics/tiff/distinfo Sun Dec 03 09:07:06 2017 +0000
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.87 2017/11/19 16:31:04 he Exp $
+$NetBSD: distinfo,v 1.88 2017/12/03 09:07:06 maya Exp $
SHA1 (tiff-4.0.9.tar.gz) = 87d4543579176cc568668617c22baceccd568296
RMD160 (tiff-4.0.9.tar.gz) = ab5b3b7297e79344775b1e70c4d54c90c06836a3
SHA512 (tiff-4.0.9.tar.gz) = 04f3d5eefccf9c1a0393659fe27f3dddd31108c401ba0dc587bca152a1c1f6bc844ba41622ff5572da8cc278593eff8c402b44e7af0a0090e91d326c2d79f6cd
Size (tiff-4.0.9.tar.gz) = 2305681 bytes
SHA1 (patch-configure) = a0032133f06b6ac92bbf52349fabe83f74ea14a6
+SHA1 (patch-tools_pal2rgb.c) = f91652e8013940c162add870ceb9845e2730bc2c
diff -r 2cdacab68ad6 -r 769da3aef850 graphics/tiff/patches/patch-tools_pal2rgb.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/tiff/patches/patch-tools_pal2rgb.c Sun Dec 03 09:07:06 2017 +0000
@@ -0,0 +1,23 @@
+$NetBSD: patch-tools_pal2rgb.c,v 1.1 2017/12/03 09:07:06 maya Exp $
+
+CVE-2017-17095 Heap-based buffer overflow bug in pal2rgb
+
+--- tools/pal2rgb.c.orig 2015-08-28 22:17:08.172200823 +0000
++++ tools/pal2rgb.c
+@@ -39,6 +39,7 @@
+ # include "libport.h"
+ #endif
+
++#include "tiffiop.h"
+ #include "tiffio.h"
+
+ #define streq(a,b) (strcmp(a,b) == 0)
+@@ -185,7 +186,7 @@
+ register unsigned char* pp;
+ register uint32 x;
+ ibuf = (unsigned char*)_TIFFmalloc(TIFFScanlineSize(in));
+- obuf = (unsigned char*)_TIFFmalloc(TIFFScanlineSize(out));
++ obuf = (unsigned char*)_TIFFmalloc(TIFFSafeMultiply(tmsize_t, imagewidth, 3*sizeof(short)));
+ switch (config) {
+ case PLANARCONFIG_CONTIG:
+ for (row = 0; row < imagelength; row++) {
Home |
Main Index |
Thread Index |
Old Index