diff options
| author |   Steve Arnold <nerdboy@gentoo.org> | 2010-07-18 21:18:15 +0000 |
|---|---|---|
| committer | Steve Arnold <nerdboy@gentoo.org> | 2010-07-18 21:18:15 +0000 |
| commit | b645ae3a1bcd35b5527d694e0e6db1907b68515d (patch) | |
| tree | bd7ba8c739b6a0dd869572b3355e044546a1e1c0 /media-libs/tiff | |
| parent | Fix from upstream for hang with symlinks/-k #327641. Fix from upstream for s... (diff) | |
| download | gentoo-2-b645ae3a1bcd35b5527d694e0e6db1907b68515d.tar.gz gentoo-2-b645ae3a1bcd35b5527d694e0e6db1907b68515d.tar.bz2 gentoo-2-b645ae3a1bcd35b5527d694e0e6db1907b68515d.zip | |
Updated oldest version for CVE-2010-1411.
(Portage version: 2.2_rc67/cvs/Linux x86_64)
Diffstat (limited to 'media-libs/tiff')
| -rw-r--r-- | media-libs/tiff/ChangeLog | 7 | ||||
| -rw-r--r-- | media-libs/tiff/files/tiff-3.9.2-CVE-2010-1411.patch | 35 | ||||
| -rw-r--r-- | media-libs/tiff/tiff-3.9.2-r1.ebuild | 5 |
3 files changed, 44 insertions, 3 deletions
diff --git a/media-libs/tiff/ChangeLog b/media-libs/tiff/ChangeLog index 400b3cfb7a89..09be24cbe798 100644 --- a/media-libs/tiff/ChangeLog +++ b/media-libs/tiff/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for media-libs/tiff # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/media-libs/tiff/ChangeLog,v 1.159 2010/07/03 22:52:56 ssuominen Exp $ +# $Header: /var/cvsroot/gentoo-x86/media-libs/tiff/ChangeLog,v 1.160 2010/07/18 21:18:15 nerdboy Exp $ + + 18 Jul 2010; Steve Arnold <nerdboy@gentoo.org> tiff-3.9.2-r1.ebuild, + +files/tiff-3.9.2-CVE-2010-1411.patch: + Updated oldest version for CVE-2010-1411 (as long as it's still in the + tree...) 03 Jul 2010; Samuli Suominen <ssuominen@gentoo.org> tiff-3.9.4.ebuild: ppc64 stable wrt security #324885 diff --git a/media-libs/tiff/files/tiff-3.9.2-CVE-2010-1411.patch b/media-libs/tiff/files/tiff-3.9.2-CVE-2010-1411.patch new file mode 100644 index 000000000000..7de456578c76 --- /dev/null +++ b/media-libs/tiff/files/tiff-3.9.2-CVE-2010-1411.patch @@ -0,0 +1,35 @@ +--- libtiff/tif_fax3.c.orig 2010-05-13 19:36:08.995479161 +0200 ++++ libtiff/tif_fax3.c 2010-05-13 19:48:04.215467428 +0200 +@@ -42,6 +42,7 @@ + #define G3CODES + #include "t4.h" + #include <stdio.h> ++#include <stdint.h> + + /* + * Compression+decompression state blocks are +@@ -493,9 +494,21 @@ + td->td_compression == COMPRESSION_CCITTFAX4 + ); + +- nruns = needsRefLine ? 2*TIFFroundup(rowpixels,32) : rowpixels; ++ uint64_t val64 = rowpixels; ++ if (needsRefLine) ++ { ++ val64 = 2*TIFFroundup(rowpixels,32); ++ if (val64 > 0xffffffff) ++ return (0); ++ } ++ nruns = (val64 &0xffffffff); + nruns += 3; +- dsp->runs = (uint32*) _TIFFCheckMalloc(tif, 2*nruns, sizeof (uint32), ++ ++ val64 = 2*nruns+3; ++ if (val64 > 0xffffffff) ++ return (0); ++ ++ dsp->runs = (uint32*) _TIFFCheckMalloc(tif, (val64 & 0xffffffff), sizeof (uint32), + "for Group 3/4 run arrays"); + if (dsp->runs == NULL) + return (0); + diff --git a/media-libs/tiff/tiff-3.9.2-r1.ebuild b/media-libs/tiff/tiff-3.9.2-r1.ebuild index 4daa626b6203..eb238e22ad11 100644 --- a/media-libs/tiff/tiff-3.9.2-r1.ebuild +++ b/media-libs/tiff/tiff-3.9.2-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2010 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/media-libs/tiff/tiff-3.9.2-r1.ebuild,v 1.7 2010/03/09 21:46:10 josejx Exp $ +# $Header: /var/cvsroot/gentoo-x86/media-libs/tiff/tiff-3.9.2-r1.ebuild,v 1.8 2010/07/18 21:18:15 nerdboy Exp $ EAPI=2 inherit eutils libtool @@ -20,7 +20,8 @@ DEPEND="jpeg? ( >=media-libs/jpeg-6b:0 ) src_prepare() { epatch "${FILESDIR}"/${PN}-3.8.2-CVE-2009-2285.patch \ - "${FILESDIR}"/${P}-CVE-2009-2347.patch + "${FILESDIR}"/${P}-CVE-2009-2347.patch \ + "${FILESDIR}"/${P}-CVE-2010-1411.patch elibtoolize } |