Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11]) by www.NetBSD.org (Postfix) with ESMTP id BE18763BA9C for ; Wed, 4 Aug 2010 21:23:41 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 0) id 5F41D63B101; Wed, 4 Aug 2010 21:23:41 +0000 (UTC) Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd]) by mail.netbsd.org (Postfix) with ESMTP id 2B47D63B100 for ; Wed, 4 Aug 2010 21:23:40 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id 189AE175DD; Wed, 4 Aug 2010 21:23:40 +0000 (UTC) MIME-Version: 1.0 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain Date: Wed, 4 Aug 2010 21:23:40 +0000 From: "S.P.Zeidler" Subject: CVS commit: [pkgsrc-2010Q2] pkgsrc/graphics/tiff To: pkgsrc-changes@NetBSD.org Reply-To: spz@netbsd.org X-Mailer: log_accum Message-Id: <20100804212340.189AE175DD@cvs.netbsd.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: list Module Name: pkgsrc Committed By: spz Date: Wed Aug 4 21:23:39 UTC 2010 Modified Files: pkgsrc/graphics/tiff [pkgsrc-2010Q2]: Makefile distinfo Added Files: pkgsrc/graphics/tiff/patches [pkgsrc-2010Q2]: patch-aa patch-ab patch-ac patch-ad patch-ae Log Message: Pullup ticket 3197 - requested by tron security patches Revisions pulled up: - pkgsrc/graphics/tiff/Makefile 1.97 - pkgsrc/graphics/tiff/distinfo 1.49 Files added: pkgsrc/graphics/tiff/patches/patch-aa pkgsrc/graphics/tiff/patches/patch-ab pkgsrc/graphics/tiff/patches/patch-ac pkgsrc/graphics/tiff/patches/patch-ad pkgsrc/graphics/tiff/patches/patch-ae ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: tron Date: Wed Aug 4 17:48:22 UTC 2010 Modified Files: pkgsrc/graphics/tiff: Makefile distinfo Added Files: pkgsrc/graphics/tiff/patches: patch-aa patch-ab patch-ac patch-ad patch-ae Log Message: Add patches from either libtiff's or Red Hat's Bugzilla which fix the following vulnerabilities: - CVE-2010-2233 - CVE-2010-2482 - CVE-2010-2483 - CVE-2010-2595 - CVE-2010-2597 There is no patch for CVE-2010-2596 yet. But it is low risk (an assertion gets triggered) and cannot be exploited after the above vulnerabilities are fixed (at least if I understood correctly). No butcher was involved in fixing this package. To generate a diff of this commit: cvs rdiff -u -r1.96 -r1.97 pkgsrc/graphics/tiff/Makefile cvs rdiff -u -r1.48 -r1.49 pkgsrc/graphics/tiff/distinfo cvs rdiff -u -r0 -r1.19 pkgsrc/graphics/tiff/patches/patch-aa cvs rdiff -u -r0 -r1.20 pkgsrc/graphics/tiff/patches/patch-ab cvs rdiff -u -r0 -r1.22 pkgsrc/graphics/tiff/patches/patch-ac cvs rdiff -u -r0 -r1.16 pkgsrc/graphics/tiff/patches/patch-ad cvs rdiff -u -r0 -r1.11 pkgsrc/graphics/tiff/patches/patch-ae To generate a diff of this commit: cvs rdiff -u -r1.96 -r1.96.2.1 pkgsrc/graphics/tiff/Makefile cvs rdiff -u -r1.48 -r1.48.2.1 pkgsrc/graphics/tiff/distinfo cvs rdiff -u -r0 -r1.19.2.2 pkgsrc/graphics/tiff/patches/patch-aa cvs rdiff -u -r0 -r1.20.2.2 pkgsrc/graphics/tiff/patches/patch-ab cvs rdiff -u -r0 -r1.22.2.2 pkgsrc/graphics/tiff/patches/patch-ac cvs rdiff -u -r0 -r1.16.2.2 pkgsrc/graphics/tiff/patches/patch-ad cvs rdiff -u -r0 -r1.11.2.2 pkgsrc/graphics/tiff/patches/patch-ae Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.