head	1.2;
access;
symbols
	pkgsrc-2014Q4:1.1.0.12
	pkgsrc-2014Q4-base:1.1
	pkgsrc-2014Q3:1.1.0.10
	pkgsrc-2014Q3-base:1.1
	pkgsrc-2014Q2:1.1.0.8
	pkgsrc-2014Q2-base:1.1
	pkgsrc-2014Q1:1.1.0.6
	pkgsrc-2014Q1-base:1.1
	pkgsrc-2013Q4:1.1.0.4
	pkgsrc-2013Q4-base:1.1
	pkgsrc-2013Q3:1.1.0.2
	pkgsrc-2013Q3-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2015.03.29.14.47.03;	author bsiegert;	state dead;
branches;
next	1.1;
commitid	3mL0zkxEOwrPMvfy;

1.1
date	2013.08.15.14.58.46;	author drochner;	state Exp;
branches;
next	;
commitid	xpKPqsphRhJPQy1x;


desc
@@


1.2
log
@SECURITY: Update libtiff to 4.0.4beta to fix
CVE-2014-8127
CVE-2014-8128
CVE-2014-8129
CVE-2014-8130 (likely)

Remaining unfixed vulnerabilities: CVE-2014-9655, CVE-2015-1547 (but
these are unfixed upstream AFAICS).

ok wiz
@
text
@$NetBSD: patch-CVE-2013-4231,v 1.1 2013/08/15 14:58:46 drochner Exp $

see http://bugzilla.maptools.org/show_bug.cgi?id=2450

also fixes CVE-2013-4244
see https://bugzilla.redhat.com/show_bug.cgi?id=996468

--- tools/gif2tiff.c.orig	2010-12-15 03:52:53.000000000 +0000
+++ tools/gif2tiff.c
@@@@ -333,6 +333,10 @@@@ readraster(void)
     int status = 1;
 
     datasize = getc(infile);
+
+    if (datasize > 12)
+	return 0;
+
     clear = 1 << datasize;
     eoi = clear + 1;
     avail = clear + 2;
@@@@ -398,6 +402,10 @@@@ process(register int code, unsigned char
     }
 
     if (oldcode == -1) {
+	if (code >= clear) {
+	    fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear);
+	    return 0;
+	}
 	*(*fill)++ = suffix[code];
 	firstchar = oldcode = code;
 	return 1;
@


1.1
log
@add patches from upstream CVS and Redhat bugzilla to fix buffer overflow
and use-after-free problems in the "gif2tiff" and "tiff2pdf"
command line tools (the library is not affected)
(CVE-2013-4231, CVE-2013-4232, CVE-2013-4244)
bump PKGREV
@
text
@d1 1
a1 1
$NetBSD$
@