head	1.2;
access;
symbols
	pkgsrc-2014Q4:1.1.0.18
	pkgsrc-2014Q4-base:1.1
	pkgsrc-2014Q3:1.1.0.16
	pkgsrc-2014Q3-base:1.1
	pkgsrc-2014Q2:1.1.0.14
	pkgsrc-2014Q2-base:1.1
	pkgsrc-2014Q1:1.1.0.12
	pkgsrc-2014Q1-base:1.1
	pkgsrc-2013Q4:1.1.0.10
	pkgsrc-2013Q4-base:1.1
	pkgsrc-2013Q3:1.1.0.8
	pkgsrc-2013Q3-base:1.1
	pkgsrc-2013Q2:1.1.0.6
	pkgsrc-2013Q2-base:1.1
	pkgsrc-2013Q1:1.1.0.4
	pkgsrc-2013Q1-base:1.1
	pkgsrc-2012Q4:1.1.0.2
	pkgsrc-2012Q4-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2015.03.29.14.47.03;	author bsiegert;	state dead;
branches;
next	1.1;
commitid	3mL0zkxEOwrPMvfy;

1.1
date	2012.11.05.12.41.48;	author drochner;	state Exp;
branches;
next	;


desc
@@


1.2
log
@SECURITY: Update libtiff to 4.0.4beta to fix
CVE-2014-8127
CVE-2014-8128
CVE-2014-8129
CVE-2014-8130 (likely)

Remaining unfixed vulnerabilities: CVE-2014-9655, CVE-2015-1547 (but
these are unfixed upstream AFAICS).

ok wiz
@
text
@$NetBSD: patch-CVE-2012-4564,v 1.1 2012/11/05 12:41:48 drochner Exp $

see https://bugzilla.redhat.com/show_bug.cgi?id=871700

--- tools/ppm2tiff.c.orig	2010-04-10 19:22:34.000000000 +0000
+++ tools/ppm2tiff.c
@@@@ -89,6 +89,7 @@@@ main(int argc, char* argv[])
 	int c;
 	extern int optind;
 	extern char* optarg;
+	tmsize_t scanline_size;
 
 	if (argc < 2) {
 	    fprintf(stderr, "%s: Too few arguments\n", argv[0]);
@@@@ -237,8 +238,16 @@@@ main(int argc, char* argv[])
 	}
 	if (TIFFScanlineSize(out) > linebytes)
 		buf = (unsigned char *)_TIFFmalloc(linebytes);
-	else
-		buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
+	else {
+		scanline_size = TIFFScanlineSize(out);
+		if (scanline_size != 0)
+			buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
+		else {
+			fprintf(stderr, "%s: scanline size overflow\n",infile);
+			(void) TIFFClose(out);
+			exit(-2);
+		}
+	}
 	if (resolution > 0) {
 		TIFFSetField(out, TIFFTAG_XRESOLUTION, resolution);
 		TIFFSetField(out, TIFFTAG_YRESOLUTION, resolution);
@


1.1
log
@add patch from Redhat bug #871700 to fix a possible buffer overflow
due to integer overflow in the ppm2tiff cmd line tool (CVE-2012-4564)
bump PKGREV
@
text
@d1 1
a1 1
$NetBSD$
@