Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Pullup ticket #3388 - requested by tron
Security update for graphic/tiff Revisions pulled up: - graphics/tiff/Makefile 1.99 - graphics/tiff/distinfo 1.50 - graphics/tiff/patches/patch-SA43593 1.1 --- Module Name: pkgsrc Committed By: tron Date: Sat Mar 12 16:10:43 UTC 2011 Modified Files: pkgsrc/graphics/tiff: Makefile distinfo Added Files: pkgsrc/graphics/tiff/patches: patch-SA43593 Log Message: Add fix for vulnerability reported in SA43593 taken from the "libtiff" CVS repository.
- Loading branch information
sbd
committed
Mar 13, 2011
1 parent
aa3000e
commit 1c0d576
Showing
3 changed files
with
24 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
$NetBSD: patch-SA43593,v 1.1.2.2 2011/03/13 21:10:19 sbd Exp $ | ||
|
||
Fix heap-based buffer overflow which causes the vulnerability reported | ||
in SA43593. Patch taken from the "libtiff" CVS repository. | ||
|
||
--- libtiff/tif_fax3.h 8 Jun 2010 18:50:42 -0000 1.5.2.1 | ||
+++ libtiff/tif_fax3.h 10 Mar 2011 20:22:33 -0000 1.5.2.3 | ||
@@ -478,6 +478,12 @@ | ||
break; \ | ||
case S_VL: \ | ||
CHECK_b1; \ | ||
+ if (b1 <= (int) (a0 + TabEnt->Param)) { \ | ||
+ if (b1 < (int) (a0 + TabEnt->Param) || pa != thisrun) { \ | ||
+ unexpected("VL", a0); \ | ||
+ goto eol2d; \ | ||
+ } \ | ||
+ } \ | ||
SETVALUE(b1 - a0 - TabEnt->Param); \ | ||
b1 -= *--pb; \ | ||
break; \ |