pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/graphics/tiff Fix CVE-2016-10268, ref.
details: https://anonhg.NetBSD.org/pkgsrc/rev/561024b93f94
branches: trunk
changeset: 362160:561024b93f94
user: he <he%pkgsrc.org@localhost>
date: Sat May 06 21:37:16 2017 +0000
description:
Fix CVE-2016-10268, ref.
http://bugzilla.maptools.org/show_bug.cgi?id=2598
https://github.com/vadz/libtiff/commit/5397a417e61258c69209904e652a1f409ec3b9df
Bump PKGREVISION.
diffstat:
graphics/tiff/Makefile | 4 ++--
graphics/tiff/distinfo | 4 ++--
graphics/tiff/patches/patch-tools_tiffcp.c | 17 ++++++++++++++++-
3 files changed, 20 insertions(+), 5 deletions(-)
diffs (67 lines):
diff -r 586db558efef -r 561024b93f94 graphics/tiff/Makefile
--- a/graphics/tiff/Makefile Sat May 06 21:29:16 2017 +0000
+++ b/graphics/tiff/Makefile Sat May 06 21:37:16 2017 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.132 2017/05/06 21:29:16 he Exp $
+# $NetBSD: Makefile,v 1.133 2017/05/06 21:37:16 he Exp $
DISTNAME= tiff-4.0.7
-PKGREVISION= 8
+PKGREVISION= 9
CATEGORIES= graphics
MASTER_SITES= ftp://download.osgeo.org/libtiff/
diff -r 586db558efef -r 561024b93f94 graphics/tiff/distinfo
--- a/graphics/tiff/distinfo Sat May 06 21:29:16 2017 +0000
+++ b/graphics/tiff/distinfo Sat May 06 21:37:16 2017 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.78 2017/05/06 21:29:16 he Exp $
+$NetBSD: distinfo,v 1.79 2017/05/06 21:37:16 he Exp $
SHA1 (tiff-4.0.7.tar.gz) = 2c1b64478e88f93522a42dd5271214a0e5eae648
RMD160 (tiff-4.0.7.tar.gz) = 582e19c31e7f29d9ed36995dcad7ad68802cbadb
@@ -21,5 +21,5 @@
SHA1 (patch-libtiff_tiffio.h) = e0efa9e1246e07dbb3a69d626988a18f12ba9d3c
SHA1 (patch-man_Makefile.in) = ff073529c9d3ab98a03efa7d98c3263c1782482f
SHA1 (patch-tools_tiff2pdf.c) = ce7a3e77c27ad3cabaa33b5da61cbd1b27f187d1
-SHA1 (patch-tools_tiffcp.c) = 42573d15fc66655a09e9227213b0929238f7e651
+SHA1 (patch-tools_tiffcp.c) = bd6abd9dc6e044ff04d761d999fabfb0919ba0db
SHA1 (patch-tools_tiffcrop.c) = 1d729028fb8c05de958424234d5cc2808acc9b25
diff -r 586db558efef -r 561024b93f94 graphics/tiff/patches/patch-tools_tiffcp.c
--- a/graphics/tiff/patches/patch-tools_tiffcp.c Sat May 06 21:29:16 2017 +0000
+++ b/graphics/tiff/patches/patch-tools_tiffcp.c Sat May 06 21:37:16 2017 +0000
@@ -1,4 +1,4 @@
-$NetBSD: patch-tools_tiffcp.c,v 1.2 2017/05/05 20:06:03 he Exp $
+$NetBSD: patch-tools_tiffcp.c,v 1.3 2017/05/06 21:37:16 he Exp $
CVE-2017-5225
http://bugzilla.maptools.org/show_bug.cgi?id=2656
@@ -11,6 +11,12 @@
http://bugzilla.maptools.org/show_bug.cgi?id=2610
https://github.com/vadz/libtiff/commit/787c0ee906430b772f33ca50b97b8b5ca070faec
+and
+
+CVE-2016-10268
+http://bugzilla.maptools.org/show_bug.cgi?id=2598
+https://github.com/vadz/libtiff/commit/5397a417e61258c69209904e652a1f409ec3b9df
+
--- tools/tiffcp.c.orig 2016-10-12 01:45:17.000000000 +0000
+++ tools/tiffcp.c
@@ -592,7 +592,7 @@ static copyFunc pickCopyFunc(TIFF*, TIFF
@@ -22,6 +28,15 @@
uint16 input_compression, input_photometric = PHOTOMETRIC_MINISBLACK;
copyFunc cf;
uint32 width, length;
+@@ -985,7 +985,7 @@ DECLAREcpFunc(cpDecodedStrips)
+ tstrip_t s, ns = TIFFNumberOfStrips(in);
+ uint32 row = 0;
+ _TIFFmemset(buf, 0, stripsize);
+- for (s = 0; s < ns; s++) {
++ for (s = 0; s < ns && row < imagelength; s++) {
+ tsize_t cc = (row + rowsperstrip > imagelength) ?
+ TIFFVStripSize(in, imagelength - row) : stripsize;
+ if (TIFFReadEncodedStrip(in, s, buf, cc) < 0
@@ -1068,6 +1068,16 @@ DECLAREcpFunc(cpContig2SeparateByRow)
register uint32 n;
uint32 row;
Home |
Main Index |
Thread Index |
Old Index