Security fix for CVE-2011-0192: buffer overflow in Fax4Decode.

2011-03-19 18:41:05 +00:00 · 2011-03-19 18:41:05 +00:00 · d5d6a98846
commit d5d6a98846
parent 5e26d029f0
2 changed files with 21 additions and 1 deletions
--- a/graphics/tiff/Makefile
+++ b/graphics/tiff/Makefile
@ -1,8 +1,9 @@
-# $OpenBSD: Makefile,v 1.57 2010/11/17 08:05:16 espie Exp $
+# $OpenBSD: Makefile,v 1.58 2011/03/19 18:41:05 jasper Exp $

 COMMENT=	tools and library routines for working with TIFF images

 DISTNAME=	tiff-3.9.4
+REVISION=	0
 SHARED_LIBS=	tiff	38.3	# 39.4
 SHARED_LIBS+=	tiffxx	39.3	# 39.4
 CATEGORIES=	graphics
--- a/graphics/tiff/patches/patch-libtiff_tif_fax3_h
+++ b/graphics/tiff/patches/patch-libtiff_tif_fax3_h
@ -0,0 +1,19 @@
+$OpenBSD: patch-libtiff_tif_fax3_h,v 1.1 2011/03/19 18:41:05 jasper Exp $
+
+Security fix for CVE-2011-0192: buffer overflow in Fax4Decode.
+
+Patch from Apple via Debian.
+
+--- libtiff/tif_fax3.h.orig	Tue Jun  8 20:50:42 2010
+++ libtiff/tif_fax3.h	Sat Mar 19 19:33:12 2011
+@@ -478,6 +478,10 @@ done1d:									\
+ 	    break;							\
+ 	case S_VL:							\
+ 	    CHECK_b1;							\
+	    if (b1 <= (int) (a0 + TabEnt->Param)) {			\
+		unexpected("VL", a0);					\
+		goto eol2d;						\
+	    }								\
+ 	    SETVALUE(b1 - a0 - TabEnt->Param);				\
+ 	    b1 -= *--pb;						\
+ 	    break;							\