head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.4
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.2
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.1.0.8
	pkgsrc-2011Q4-base:1.1
	pkgsrc-2011Q3:1.1.0.6
	pkgsrc-2011Q3-base:1.1
	pkgsrc-2011Q2:1.1.0.4
	pkgsrc-2011Q2-base:1.1
	pkgsrc-2011Q1:1.1.0.2
	pkgsrc-2011Q1-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2012.03.07.16.17.05;	author adam;	state dead;
branches;
next	1.1;

1.1
date	2011.03.30.18.39.05;	author drochner;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Changes 1.9.0:
* New GDAL drivers: ACE2, CTG, E00GRID, ECRGTOC, GRASSASCIIGrid, GTA, NGSGEOID,
  SNODAS, WebP, ZMap
* New OGR drivers:  ARCGEN, CouchDB, DWG, EDIGEO, FileGDB, Geomedia, GFT,
  IDRISI, MDB, SEGUKOOA, SEGY, SVG, XLS
* Significantly improved drivers: NetCDF
* Encoding support for shapefile/dbf
* RFC 35: Delete, reorder and alter field definitions of OGR layers
* RFC 37: Add mechanism to provide user data to CPLErrorHandler
* gdalsrsinfo: new supported utility to report SRS in various form
  (supercedes testepsg)
@
text
@$NetBSD: patch-SA43593,v 1.1 2011/03/30 18:39:05 drochner Exp $

Fix heap-based buffer overflow which causes the vulnerability reported
in SA43593. Patch taken from the "libtiff" CVS repository.

--- frmts/gtiff/libtiff/tif_fax3.h	8 Jun 2010 18:50:42 -0000	1.5.2.1
+++ frmts/gtiff/libtiff/tif_fax3.h	10 Mar 2011 20:22:33 -0000	1.5.2.3
@@@@ -478,6 +478,12 @@@@
 	    break;							\
 	case S_VL:							\
 	    CHECK_b1;							\
+	    if (b1 <= (int) (a0 + TabEnt->Param)) {			\
+		if (b1 < (int) (a0 + TabEnt->Param) || pa != thisrun) {	\
+		    unexpected("VL", a0);				\
+		    goto eol2d;						\
+		}							\
+	    }								\
 	    SETVALUE(b1 - a0 - TabEnt->Param);				\
 	    b1 -= *--pb;						\
 	    break;							\
@


1.1
log
@apply the fix for SA43593 also to gdal's bundled libtiff
(just copied from pkgsrc/tiff)
bump PKGREV (this was also necessary for the recent update
of xerces-c which changed the shlib name)
@
text
@d1 1
a1 1
$NetBSD: patch-SA43593,v 1.1 2011/03/12 16:10:43 tron Exp $
@