[pkgsrc/trunk]: pkgsrc/graphics/tiff Security fix:

[salo <salo%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/ab4ed566a9b4
branches:  trunk
changeset: 493691:ab4ed566a9b4
user:      salo <salo%pkgsrc.org@localhost>
date:      Thu May 12 12:53:21 2005 +0000

description:
Security fix:

"A vulnerability in libTIFF was found, it can be potentially exploited by
 malicious people to compromise a vulnerable system."

http://secunia.com/advisories/15320/
http://bugzilla.remotesensing.org/show_bug.cgi?id=843

Bump PKGREVISION, patch from libtiff cvs repository.

diffstat:

 graphics/tiff/Makefile         |   3 +-
 graphics/tiff/buildlink3.mk    |   4 +-
 graphics/tiff/distinfo         |   3 +-
 graphics/tiff/patches/patch-ad |  64 ++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 70 insertions(+), 4 deletions(-)

diffs (112 lines):

diff -r 43ffcdf6355c -r ab4ed566a9b4 graphics/tiff/Makefile
--- a/graphics/tiff/Makefile    Thu May 12 11:09:09 2005 +0000
+++ b/graphics/tiff/Makefile    Thu May 12 12:53:21 2005 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.68 2005/04/11 21:46:09 tv Exp $
+# $NetBSD: Makefile,v 1.69 2005/05/12 12:53:21 salo Exp $
 
 DISTNAME=      tiff-3.7.2
+PKGREVISION=   1
 CATEGORIES=    graphics
 MASTER_SITES=  ftp://ftp.remotesensing.org/pub/libtiff/ \
                http://libtiff.maptools.org/dl/
diff -r 43ffcdf6355c -r ab4ed566a9b4 graphics/tiff/buildlink3.mk
--- a/graphics/tiff/buildlink3.mk       Thu May 12 11:09:09 2005 +0000
+++ b/graphics/tiff/buildlink3.mk       Thu May 12 12:53:21 2005 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.11 2005/01/11 05:29:55 jlam Exp $
+# $NetBSD: buildlink3.mk,v 1.12 2005/05/12 12:53:21 salo Exp $
 
 BUILDLINK_DEPTH:=      ${BUILDLINK_DEPTH}+
 TIFF_BUILDLINK3_MK:=   ${TIFF_BUILDLINK3_MK}+
@@ -12,7 +12,7 @@
 
 .if !empty(TIFF_BUILDLINK3_MK:M+)
 BUILDLINK_DEPENDS.tiff+=       tiff>=3.6.1
-BUILDLINK_RECOMMENDED.tiff+=   tiff>=3.7.1nb1
+BUILDLINK_RECOMMENDED.tiff+=   tiff>=3.7.2nb1
 BUILDLINK_PKGSRCDIR.tiff?=     ../../graphics/tiff
 .endif # TIFF_BUILDLINK3_MK
 
diff -r 43ffcdf6355c -r ab4ed566a9b4 graphics/tiff/distinfo
--- a/graphics/tiff/distinfo    Thu May 12 11:09:09 2005 +0000
+++ b/graphics/tiff/distinfo    Thu May 12 12:53:21 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.28 2005/05/07 00:47:29 toshii Exp $
+$NetBSD: distinfo,v 1.29 2005/05/12 12:53:21 salo Exp $
 
 SHA1 (tiff-3.7.2.tar.gz) = 0eb69e88bf6c430160ad2897cd0ae637d507ed66
 RMD160 (tiff-3.7.2.tar.gz) = fb156e17f55b1d565adbc5247f01d836d5f25824
@@ -6,3 +6,4 @@
 SHA1 (patch-aa) = 06ecb34e5eeae5650020b456dddd40c8b9fe9647
 SHA1 (patch-ab) = 0363e36d8c7575b4a55fee587aa4d92ee6c6db0b
 SHA1 (patch-ac) = 80c0abc2e8111a9b7608514cce239c8195e44cee
+SHA1 (patch-ad) = 2e448a0491c4137820ec81cf566cf1962fab6045
diff -r 43ffcdf6355c -r ab4ed566a9b4 graphics/tiff/patches/patch-ad
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/tiff/patches/patch-ad    Thu May 12 12:53:21 2005 +0000
@@ -0,0 +1,64 @@
+$NetBSD: patch-ad,v 1.14 2005/05/12 12:53:21 salo Exp $
+
+--- libtiff/tif_dirread.c.orig 2005-03-05 10:06:00.000000000 +0100
++++ libtiff/tif_dirread.c      2005-05-12 14:38:22.000000000 +0200
+@@ -1310,12 +1310,16 @@
+               uint16 buf[10];
+               uint16* v = buf;
+ 
+-              if (samples > NITEMS(buf))
+-                      v = (uint16*) CheckMalloc(tif, samples, sizeof(uint16),
++        if (dir->tdir_count > NITEMS(buf))
++            v = (uint16*) CheckMalloc(tif, dir->tdir_count, sizeof(uint16),
+                                                 "to fetch per-sample values");
+               if (v && TIFFFetchShortArray(tif, dir, v)) {
+                       uint16 i;
+-                      for (i = 1; i < samples; i++)
++            int check_count = dir->tdir_count;
++            if( samples < check_count )
++                check_count = samples;
++
++            for (i = 1; i < check_count; i++)
+                               if (v[i] != v[0]) {
+                                       TIFFError(tif->tif_name,
+               "Cannot handle different per-sample values for field \"%s\"",
+@@ -1347,12 +1351,16 @@
+               uint32 buf[10];
+               uint32* v = buf;
+ 
+-              if (samples > NITEMS(buf))
+-                      v = (uint32*) CheckMalloc(tif, samples, sizeof(uint32),
++        if (dir->tdir_count > NITEMS(buf))
++            v = (uint32*) CheckMalloc(tif, dir->tdir_count, sizeof(uint32),
+                                                 "to fetch per-sample values");
+               if (v && TIFFFetchLongArray(tif, dir, v)) {
+                       uint16 i;
+-                      for (i = 1; i < samples; i++)
++            int check_count = dir->tdir_count;
++
++            if( samples < check_count )
++                check_count = samples;
++            for (i = 1; i < check_count; i++)
+                               if (v[i] != v[0]) {
+                                       TIFFError(tif->tif_name,
+               "Cannot handle different per-sample values for field \"%s\"",
+@@ -1384,12 +1392,16 @@
+               double buf[10];
+               double* v = buf;
+ 
+-              if (samples > NITEMS(buf))
+-                      v = (double*) CheckMalloc(tif, samples, sizeof (double),
++        if (dir->tdir_count > NITEMS(buf))
++            v = (double*) CheckMalloc(tif, dir->tdir_count, sizeof (double),
+                                                 "to fetch per-sample values");
+               if (v && TIFFFetchAnyArray(tif, dir, v)) {
+                       uint16 i;
+-                      for (i = 1; i < samples; i++)
++            int check_count = dir->tdir_count;
++            if( samples < check_count )
++                check_count = samples;
++
++            for (i = 1; i < check_count; i++)
+                               if (v[i] != v[0]) {
+                                       TIFFError(tif->tif_name,
+               "Cannot handle different per-sample values for field \"%s\"",