Add fix for vulnerability reported in SA43593 taken from the "libtiff" CVS repository.diff -r1.98 -r1.99 pkgsrc/graphics/tiff/Makefile
(tron)
@@ -1,17 +1,17 @@ | @@ -1,17 +1,17 @@ | |||
1 | # $NetBSD: Makefile,v 1.98 2010/12/23 11:44:46 dsainty Exp $ | 1 | # $NetBSD: Makefile,v 1.99 2011/03/12 16:10:42 tron Exp $ | |
2 | 2 | |||
3 | DISTNAME= tiff-3.9.4 | 3 | DISTNAME= tiff-3.9.4 | |
4 | PKGREVISION= 1 | 4 | PKGREVISION= 2 | |
5 | CATEGORIES= graphics | 5 | CATEGORIES= graphics | |
6 | MASTER_SITES= ftp://ftp.remotesensing.org/pub/libtiff/ \ | 6 | MASTER_SITES= ftp://ftp.remotesensing.org/pub/libtiff/ \ | |
7 | http://libtiff.maptools.org/dl/ | 7 | http://libtiff.maptools.org/dl/ | |
8 | 8 | |||
9 | MAINTAINER= pkgsrc-users@NetBSD.org | 9 | MAINTAINER= pkgsrc-users@NetBSD.org | |
10 | HOMEPAGE= http://www.remotesensing.org/libtiff/ | 10 | HOMEPAGE= http://www.remotesensing.org/libtiff/ | |
11 | COMMENT= Library and tools for reading and writing TIFF data files | 11 | COMMENT= Library and tools for reading and writing TIFF data files | |
12 | 12 | |||
13 | EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} | 13 | EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} | |
14 | 14 | |||
15 | PKG_INSTALLATION_TYPES= overwrite pkgviews | 15 | PKG_INSTALLATION_TYPES= overwrite pkgviews | |
16 | PKG_DESTDIR_SUPPORT= user-destdir | 16 | PKG_DESTDIR_SUPPORT= user-destdir | |
17 | 17 |
@@ -1,10 +1,11 @@ | @@ -1,10 +1,11 @@ | |||
1 | $NetBSD: distinfo,v 1.49 2010/08/04 17:48:22 tron Exp $ | 1 | $NetBSD: distinfo,v 1.50 2011/03/12 16:10:42 tron Exp $ | |
2 | 2 | |||
3 | SHA1 (tiff-3.9.4.tar.gz) = a4e32d55afbbcabd0391a9c89995e8e8a19961de | 3 | SHA1 (tiff-3.9.4.tar.gz) = a4e32d55afbbcabd0391a9c89995e8e8a19961de | |
4 | RMD160 (tiff-3.9.4.tar.gz) = 3e0a74b6294297c16fb983ad68056a1dfbbdb1de | 4 | RMD160 (tiff-3.9.4.tar.gz) = 3e0a74b6294297c16fb983ad68056a1dfbbdb1de | |
5 | Size (tiff-3.9.4.tar.gz) = 1436968 bytes | 5 | Size (tiff-3.9.4.tar.gz) = 1436968 bytes | |
6 | SHA1 (patch-SA43593) = d24ff27a7a2e659c632d5a5fb720a908915e8595 | |||
6 | SHA1 (patch-aa) = 0ed02eb18454f4d91bf2fad6b9262bc442cd0822 | 7 | SHA1 (patch-aa) = 0ed02eb18454f4d91bf2fad6b9262bc442cd0822 | |
7 | SHA1 (patch-ab) = 66101ec437ff222d629120e52e2011ea5b36dca0 | 8 | SHA1 (patch-ab) = 66101ec437ff222d629120e52e2011ea5b36dca0 | |
8 | SHA1 (patch-ac) = 7211eebf68e73790ac1263efb16943e59cbffa95 | 9 | SHA1 (patch-ac) = 7211eebf68e73790ac1263efb16943e59cbffa95 | |
9 | SHA1 (patch-ad) = bae790a9309967f874987f1da57e5f93a67094e1 | 10 | SHA1 (patch-ad) = bae790a9309967f874987f1da57e5f93a67094e1 | |
10 | SHA1 (patch-ae) = 33dd5e9307a55273e9aaacdd7f5f9aea51aa5adc | 11 | SHA1 (patch-ae) = 33dd5e9307a55273e9aaacdd7f5f9aea51aa5adc |
$NetBSD: patch-SA43593,v 1.1 2011/03/12 16:10:43 tron Exp $
Fix heap-based buffer overflow which causes the vulnerability reported
in SA43593. Patch taken from the "libtiff" CVS repository.
--- libtiff/tif_fax3.h 8 Jun 2010 18:50:42 -0000 1.5.2.1
+++ libtiff/tif_fax3.h 10 Mar 2011 20:22:33 -0000 1.5.2.3
@@ -478,6 +478,12 @@
break; \
case S_VL: \
CHECK_b1; \
+ if (b1 <= (int) (a0 + TabEnt->Param)) { \
+ if (b1 < (int) (a0 + TabEnt->Param) || pa != thisrun) { \
+ unexpected("VL", a0); \
+ goto eol2d; \
+ } \
+ } \
SETVALUE(b1 - a0 - TabEnt->Param); \
b1 -= *--pb; \
break; \