head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.8 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.6 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.2.0.4 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q2:1.2.0.2 pkgsrc-2011Q2-base:1.2 pkgsrc-2011Q1:1.1.0.4 pkgsrc-2011Q1-base:1.1 pkgsrc-2010Q4:1.1.0.2; locks; strict; comment @# @; 1.2 date 2011.04.12.08.57.57; author wiz; state dead; branches; next 1.1; 1.1 date 2011.03.12.16.10.43; author tron; state Exp; branches 1.1.2.1 1.1.4.1; next ; 1.1.2.1 date 2011.03.12.16.10.43; author sbd; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2011.03.13.21.10.19; author sbd; state Exp; branches; next ; 1.1.4.1 date 2011.06.14.11.52.02; author tron; state dead; branches; next ; desc @@ 1.2 log @Update to 3.9.5: Many bugs and security issues are resolved in this stable release. @ text @$NetBSD: patch-SA43593,v 1.1 2011/03/12 16:10:43 tron Exp $ Fix heap-based buffer overflow which causes the vulnerability reported in SA43593. Patch taken from the "libtiff" CVS repository. --- libtiff/tif_fax3.h 8 Jun 2010 18:50:42 -0000 1.5.2.1 +++ libtiff/tif_fax3.h 10 Mar 2011 20:22:33 -0000 1.5.2.3 @@@@ -478,6 +478,12 @@@@ break; \ case S_VL: \ CHECK_b1; \ + if (b1 <= (int) (a0 + TabEnt->Param)) { \ + if (b1 < (int) (a0 + TabEnt->Param) || pa != thisrun) { \ + unexpected("VL", a0); \ + goto eol2d; \ + } \ + } \ SETVALUE(b1 - a0 - TabEnt->Param); \ b1 -= *--pb; \ break; \ @ 1.1 log @Add fix for vulnerability reported in SA43593 taken from the "libtiff" CVS repository. @ text @d1 1 a1 1 $NetBSD$ @ 1.1.4.1 log @Pullup ticket #3456 - requested by wiz graphics/tiff: security update Revisions pulled up: - graphics/tiff/Makefile 1.101 - graphics/tiff/distinfo 1.52 - graphics/tiff/patches/patch-CVE-2011-1167 deleted - graphics/tiff/patches/patch-SA43593 deleted - graphics/tiff/patches/patch-aa deleted - graphics/tiff/patches/patch-ab deleted - graphics/tiff/patches/patch-ac deleted - graphics/tiff/patches/patch-ad deleted - graphics/tiff/patches/patch-ae deleted --- Module Name: pkgsrc Committed By: wiz Date: Tue Apr 12 08:57:57 UTC 2011 Modified Files: pkgsrc/graphics/tiff: Makefile distinfo Removed Files: pkgsrc/graphics/tiff/patches: patch-CVE-2011-1167 patch-SA43593 patch-aa patch-ab patch-ac patch-ad patch-ae Log Message: Update to 3.9.5: Many bugs and security issues are resolved in this stable release. @ text @d1 1 a1 1 $NetBSD: patch-SA43593,v 1.1 2011/03/12 16:10:43 tron Exp $ @ 1.1.2.1 log @file patch-SA43593 was added on branch pkgsrc-2010Q4 on 2011-03-13 21:10:19 +0000 @ text @d1 20 @ 1.1.2.2 log @Pullup ticket #3388 - requested by tron Security update for graphic/tiff Revisions pulled up: - graphics/tiff/Makefile 1.99 - graphics/tiff/distinfo 1.50 - graphics/tiff/patches/patch-SA43593 1.1 --- Module Name: pkgsrc Committed By: tron Date: Sat Mar 12 16:10:43 UTC 2011 Modified Files: pkgsrc/graphics/tiff: Makefile distinfo Added Files: pkgsrc/graphics/tiff/patches: patch-SA43593 Log Message: Add fix for vulnerability reported in SA43593 taken from the "libtiff" CVS repository. @ text @a0 20 $NetBSD$ Fix heap-based buffer overflow which causes the vulnerability reported in SA43593. Patch taken from the "libtiff" CVS repository. --- libtiff/tif_fax3.h 8 Jun 2010 18:50:42 -0000 1.5.2.1 +++ libtiff/tif_fax3.h 10 Mar 2011 20:22:33 -0000 1.5.2.3 @@@@ -478,6 +478,12 @@@@ break; \ case S_VL: \ CHECK_b1; \ + if (b1 <= (int) (a0 + TabEnt->Param)) { \ + if (b1 < (int) (a0 + TabEnt->Param) || pa != thisrun) { \ + unexpected("VL", a0); \ + goto eol2d; \ + } \ + } \ SETVALUE(b1 - a0 - TabEnt->Param); \ b1 -= *--pb; \ break; \ @