head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.8 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.6 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.2.0.4 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q2:1.2.0.2 pkgsrc-2011Q2-base:1.2 pkgsrc-2011Q1:1.1.0.2 pkgsrc-2011Q1-base:1.1; locks; strict; comment @# @; 1.2 date 2011.04.12.08.57.57; author wiz; state dead; branches; next 1.1; 1.1 date 2011.03.31.11.05.45; author drochner; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2011.06.14.11.52.02; author tron; state dead; branches; next ; desc @@ 1.2 log @Update to 3.9.5: Many bugs and security issues are resolved in this stable release. @ text @$NetBSD: patch-CVE-2011-1167,v 1.1 2011/03/31 11:05:45 drochner Exp $ --- libtiff/tif_thunder.c.orig 2010-06-08 18:50:43.000000000 +0000 +++ libtiff/tif_thunder.c @@@@ -25,6 +25,7 @@@@ */ #include "tiffiop.h" +#include #ifdef THUNDER_SUPPORT /* * TIFF Library. @@@@ -55,12 +56,32 @@@@ static const int twobitdeltas[4] = { 0, 1, 0, -1 }; static const int threebitdeltas[8] = { 0, 1, 2, 3, 0, -3, -2, -1 }; -#define SETPIXEL(op, v) { \ - lastpixel = (v) & 0xf; \ - if (npixels++ & 1) \ - *op++ |= lastpixel; \ - else \ +#define SETPIXEL(op, v) { \ + lastpixel = (v) & 0xf; \ + if ( npixels < maxpixels ) \ + { \ + if (npixels++ & 1) \ + *op++ |= lastpixel; \ + else \ op[0] = (tidataval_t) (lastpixel << 4); \ + } \ +} + +static int +ThunderSetupDecode(TIFF* tif) +{ + static const char module[] = "ThunderSetupDecode"; + + if( tif->tif_dir.td_bitspersample != 4 ) + { + TIFFErrorExt(tif->tif_clientdata, module, + "Wrong bitspersample value (%d), Thunder decoder only supports 4bits per sample.", + (int) tif->tif_dir.td_bitspersample ); + return 0; + } + + + return (1); } static int @@@@ -142,7 +163,8 @@@@ ThunderDecodeRow(TIFF* tif, tidata_t buf occ -= tif->tif_scanlinesize; row += tif->tif_scanlinesize; } - return (1); + + return (1); } int @@@@ -151,6 +173,7 @@@@ TIFFInitThunderScan(TIFF* tif, int schem (void) scheme; tif->tif_decoderow = ThunderDecodeRow; tif->tif_decodestrip = ThunderDecodeRow; + tif->tif_setupdecode = ThunderSetupDecode; return (1); } #endif /* THUNDER_SUPPORT */ @@@@ -163,3 +186,4 @@@@ TIFFInitThunderScan(TIFF* tif, int schem * fill-column: 78 * End: */ + @ 1.1 log @add patch from upstream (http://bugzilla.maptools.org/show_bug.cgi?id=2300) to fix possible buffer overflow in the "thunder" decoder (CVE-2011-1167) bump PKGREV @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @Pullup ticket #3456 - requested by wiz graphics/tiff: security update Revisions pulled up: - graphics/tiff/Makefile 1.101 - graphics/tiff/distinfo 1.52 - graphics/tiff/patches/patch-CVE-2011-1167 deleted - graphics/tiff/patches/patch-SA43593 deleted - graphics/tiff/patches/patch-aa deleted - graphics/tiff/patches/patch-ab deleted - graphics/tiff/patches/patch-ac deleted - graphics/tiff/patches/patch-ad deleted - graphics/tiff/patches/patch-ae deleted --- Module Name: pkgsrc Committed By: wiz Date: Tue Apr 12 08:57:57 UTC 2011 Modified Files: pkgsrc/graphics/tiff: Makefile distinfo Removed Files: pkgsrc/graphics/tiff/patches: patch-CVE-2011-1167 patch-SA43593 patch-aa patch-ab patch-ac patch-ad patch-ae Log Message: Update to 3.9.5: Many bugs and security issues are resolved in this stable release. @ text @d1 1 a1 1 $NetBSD: patch-CVE-2011-1167,v 1.1 2011/03/31 11:05:45 drochner Exp $ @