pkgsrc-changes: CVS commit: [pkgsrc-2004Q4] pkgsrc/graphics/tiff

Subject: CVS commit: [pkgsrc-2004Q4] pkgsrc/graphics/tiff
To: None <pkgsrc-changes@NetBSD.org>
From: Soren Jacobsen <snj@netbsd.org>
List: pkgsrc-changes
Date: 12/22/2004 08:31:29

Module Name:	pkgsrc
Committed By:	snj
Date:		Wed Dec 22 08:31:29 UTC 2004

Modified Files:
	pkgsrc/graphics/tiff [pkgsrc-2004Q4]: Makefile buildlink3.mk distinfo
	pkgsrc/graphics/tiff/patches [pkgsrc-2004Q4]: patch-ag patch-ao

Log Message:
Pullup ticket 174 - requested by Jeremy C. Reed
security fix for tiff

Module Name:    pkgsrc
Committed By:   reed
Date:           Wed Dec 22 03:57:15 UTC 2004

Modified Files:
        pkgsrc/graphics/tiff: Makefile buildlink3.mk distinfo
        pkgsrc/graphics/tiff/patches: patch-ag patch-ao

Log Message:
patch-ag and patch-ao already had security fixes for CESA-2004-006.
But now these are improved in response to
 iDEFENSE Security Advisory 12.21.04
 www.idefense.com/application/poi/display?id=173&type=vulnerabilities
 libtiff STRIPOFFSETS Integer Overflow Vulnerability
 December 21, 2004

This fix (in two files) was from that advisory and also seen
in tiff 3.7.1.

PKGREVISION is bumped to 6 and BUILDLINK_RECOMMENDED is adjusted for
this possible security issue. Other packages depending on this are not
bumped.


To generate a diff of this commit:
cvs rdiff -r1.59 -r1.59.2.1 pkgsrc/graphics/tiff/Makefile
cvs rdiff -r1.8 -r1.8.2.1 pkgsrc/graphics/tiff/buildlink3.mk
cvs rdiff -r1.18 -r1.18.2.1 pkgsrc/graphics/tiff/distinfo
cvs rdiff -r1.7 -r1.7.2.1 pkgsrc/graphics/tiff/patches/patch-ag
cvs rdiff -r1.1 -r1.1.4.1 pkgsrc/graphics/tiff/patches/patch-ao

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.