Sat Mar 12 16:10:43 2011 UTC ()
Add fix for vulnerability reported in SA43593 taken from the
"libtiff" CVS repository.


(tron)
diff -r1.98 -r1.99 pkgsrc/graphics/tiff/Makefile
diff -r1.49 -r1.50 pkgsrc/graphics/tiff/distinfo
diff -r0 -r1.1 pkgsrc/graphics/tiff/patches/patch-SA43593
cvs diff -r1.98 -r1.99 pkgsrc/graphics/tiff/Makefile (expand / switch to unified diff)

--- pkgsrc/graphics/tiff/Makefile 2010/12/23 11:44:46 1.98
+++ pkgsrc/graphics/tiff/Makefile 2011/03/12 16:10:42 1.99
@@ -1,17 +1,17 @@ @@ -1,17 +1,17 @@
1# $NetBSD: Makefile,v 1.98 2010/12/23 11:44:46 dsainty Exp $ 1# $NetBSD: Makefile,v 1.99 2011/03/12 16:10:42 tron Exp $
2 2
3DISTNAME= tiff-3.9.4 3DISTNAME= tiff-3.9.4
4PKGREVISION= 1 4PKGREVISION= 2
5CATEGORIES= graphics 5CATEGORIES= graphics
6MASTER_SITES= ftp://ftp.remotesensing.org/pub/libtiff/ \ 6MASTER_SITES= ftp://ftp.remotesensing.org/pub/libtiff/ \
7 http://libtiff.maptools.org/dl/ 7 http://libtiff.maptools.org/dl/
8 8
9MAINTAINER= pkgsrc-users@NetBSD.org 9MAINTAINER= pkgsrc-users@NetBSD.org
10HOMEPAGE= http://www.remotesensing.org/libtiff/ 10HOMEPAGE= http://www.remotesensing.org/libtiff/
11COMMENT= Library and tools for reading and writing TIFF data files 11COMMENT= Library and tools for reading and writing TIFF data files
12 12
13EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} 13EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX}
14 14
15PKG_INSTALLATION_TYPES= overwrite pkgviews 15PKG_INSTALLATION_TYPES= overwrite pkgviews
16PKG_DESTDIR_SUPPORT= user-destdir 16PKG_DESTDIR_SUPPORT= user-destdir
17 17
cvs diff -r1.49 -r1.50 pkgsrc/graphics/tiff/distinfo (expand / switch to unified diff)

--- pkgsrc/graphics/tiff/distinfo 2010/08/04 17:48:22 1.49
+++ pkgsrc/graphics/tiff/distinfo 2011/03/12 16:10:42 1.50
@@ -1,10 +1,11 @@ @@ -1,10 +1,11 @@
1$NetBSD: distinfo,v 1.49 2010/08/04 17:48:22 tron Exp $ 1$NetBSD: distinfo,v 1.50 2011/03/12 16:10:42 tron Exp $
2 2
3SHA1 (tiff-3.9.4.tar.gz) = a4e32d55afbbcabd0391a9c89995e8e8a19961de 3SHA1 (tiff-3.9.4.tar.gz) = a4e32d55afbbcabd0391a9c89995e8e8a19961de
4RMD160 (tiff-3.9.4.tar.gz) = 3e0a74b6294297c16fb983ad68056a1dfbbdb1de 4RMD160 (tiff-3.9.4.tar.gz) = 3e0a74b6294297c16fb983ad68056a1dfbbdb1de
5Size (tiff-3.9.4.tar.gz) = 1436968 bytes 5Size (tiff-3.9.4.tar.gz) = 1436968 bytes
 6SHA1 (patch-SA43593) = d24ff27a7a2e659c632d5a5fb720a908915e8595
6SHA1 (patch-aa) = 0ed02eb18454f4d91bf2fad6b9262bc442cd0822 7SHA1 (patch-aa) = 0ed02eb18454f4d91bf2fad6b9262bc442cd0822
7SHA1 (patch-ab) = 66101ec437ff222d629120e52e2011ea5b36dca0 8SHA1 (patch-ab) = 66101ec437ff222d629120e52e2011ea5b36dca0
8SHA1 (patch-ac) = 7211eebf68e73790ac1263efb16943e59cbffa95 9SHA1 (patch-ac) = 7211eebf68e73790ac1263efb16943e59cbffa95
9SHA1 (patch-ad) = bae790a9309967f874987f1da57e5f93a67094e1 10SHA1 (patch-ad) = bae790a9309967f874987f1da57e5f93a67094e1
10SHA1 (patch-ae) = 33dd5e9307a55273e9aaacdd7f5f9aea51aa5adc 11SHA1 (patch-ae) = 33dd5e9307a55273e9aaacdd7f5f9aea51aa5adc
File Added: pkgsrc/graphics/tiff/patches/Attic/patch-SA43593
$NetBSD: patch-SA43593,v 1.1 2011/03/12 16:10:43 tron Exp $

Fix heap-based buffer overflow which causes the vulnerability reported
in SA43593. Patch taken from the "libtiff" CVS repository.

--- libtiff/tif_fax3.h	8 Jun 2010 18:50:42 -0000	1.5.2.1
+++ libtiff/tif_fax3.h	10 Mar 2011 20:22:33 -0000	1.5.2.3
@@ -478,6 +478,12 @@
 	    break;							\
 	case S_VL:							\
 	    CHECK_b1;							\
+	    if (b1 <= (int) (a0 + TabEnt->Param)) {			\
+		if (b1 < (int) (a0 + TabEnt->Param) || pa != thisrun) {	\
+		    unexpected("VL", a0);				\
+		    goto eol2d;						\
+		}							\
+	    }								\
 	    SETVALUE(b1 - a0 - TabEnt->Param);				\
 	    b1 -= *--pb;						\
 	    break;							\