CVS commit: pkgsrc/graphics/tiff

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/graphics/tiff
From: "Havard Eidnes" <he%netbsd.org@localhost>
Date: Sun, 7 May 2017 21:52:16 +0000

Module Name:    pkgsrc
Committed By:   he
Date:           Sun May  7 21:52:16 UTC 2017

Modified Files:
        pkgsrc/graphics/tiff: Makefile distinfo
        pkgsrc/graphics/tiff/patches: patch-libtiff_tif_ojpeg.c

Log Message:
Fix CVE-2016-10267 ref.
http://bugzilla.maptools.org/show_bug.cgi?id=2611
https://github.com/vadz/libtiff/commit/43bc256d8ae44b92d2734a3c5bc73957a4d7c1ec
Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -u -r1.134 -r1.135 pkgsrc/graphics/tiff/Makefile
cvs rdiff -u -r1.80 -r1.81 pkgsrc/graphics/tiff/distinfo
cvs rdiff -u -r1.1 -r1.2 \
    pkgsrc/graphics/tiff/patches/patch-libtiff_tif_ojpeg.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/graphics/tiff/Makefile
diff -u pkgsrc/graphics/tiff/Makefile:1.134 pkgsrc/graphics/tiff/Makefile:1.135
--- pkgsrc/graphics/tiff/Makefile:1.134 Sun May  7 21:32:30 2017
+++ pkgsrc/graphics/tiff/Makefile       Sun May  7 21:52:16 2017
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.134 2017/05/07 21:32:30 he Exp $
+# $NetBSD: Makefile,v 1.135 2017/05/07 21:52:16 he Exp $
 
 DISTNAME=      tiff-4.0.7
-PKGREVISION=   10
+PKGREVISION=   11
 CATEGORIES=    graphics
 MASTER_SITES=  ftp://download.osgeo.org/libtiff/
 

Index: pkgsrc/graphics/tiff/distinfo
diff -u pkgsrc/graphics/tiff/distinfo:1.80 pkgsrc/graphics/tiff/distinfo:1.81
--- pkgsrc/graphics/tiff/distinfo:1.80  Sun May  7 21:32:30 2017
+++ pkgsrc/graphics/tiff/distinfo       Sun May  7 21:52:16 2017
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.80 2017/05/07 21:32:30 he Exp $
+$NetBSD: distinfo,v 1.81 2017/05/07 21:52:16 he Exp $
 
 SHA1 (tiff-4.0.7.tar.gz) = 2c1b64478e88f93522a42dd5271214a0e5eae648
 RMD160 (tiff-4.0.7.tar.gz) = 582e19c31e7f29d9ed36995dcad7ad68802cbadb
@@ -14,7 +14,7 @@ SHA1 (patch-libtiff_tif_dirread.c) = f6d
 SHA1 (patch-libtiff_tif_dirwrite.c) = 07ccbf8cf210b95d5ca7710cc2982368783b4dcb
 SHA1 (patch-libtiff_tif_getimage.c) = 267b555c8b043d0a835db4d46ef65131776601e6
 SHA1 (patch-libtiff_tif_jpeg.c) = 1049b7b243e9e145886bcac8e68e5e7889337ebc
-SHA1 (patch-libtiff_tif_ojpeg.c) = 6447168e952bb80a1a8272c2c27bb0ce3ccf6939
+SHA1 (patch-libtiff_tif_ojpeg.c) = 1c43555434525157c1783de4802af4508c5113a4
 SHA1 (patch-libtiff_tif_read.c) = d43b10fa74a51da21f44abb7bd0251b88e8a702b
 SHA1 (patch-libtiff_tif_unix.c) = c8312771e567f90de0f77ac8eb66ed5c36e35617
 SHA1 (patch-libtiff_tif_win32.c) = 1ea9dcb6618c40b9de3e8d2a81914355f2111fdc

Index: pkgsrc/graphics/tiff/patches/patch-libtiff_tif_ojpeg.c
diff -u pkgsrc/graphics/tiff/patches/patch-libtiff_tif_ojpeg.c:1.1 pkgsrc/graphics/tiff/patches/patch-libtiff_tif_ojpeg.c:1.2
--- pkgsrc/graphics/tiff/patches/patch-libtiff_tif_ojpeg.c:1.1  Wed May  3 23:00:59 2017
+++ pkgsrc/graphics/tiff/patches/patch-libtiff_tif_ojpeg.c      Sun May  7 21:52:16 2017
@@ -1,13 +1,48 @@
-$NetBSD: patch-libtiff_tif_ojpeg.c,v 1.1 2017/05/03 23:00:59 sevan Exp $
+$NetBSD: patch-libtiff_tif_ojpeg.c,v 1.2 2017/05/07 21:52:16 he Exp $
 
 CVE-2017-7594
 http://bugzilla.maptools.org/show_bug.cgi?id=2659
 https://github.com/vadz/libtiff/commit/8283e4d1b7e5
 https://github.com/vadz/libtiff/commit/2ea32f7372b6
 
---- libtiff/tif_ojpeg.c.orig   2017-05-03 22:08:50.000000000 +0000
+CVE-2016-10267
+http://bugzilla.maptools.org/show_bug.cgi?id=2611
+https://github.com/vadz/libtiff/commit/43bc256d8ae44b92d2734a3c5bc73957a4d7c1ec
+
+--- libtiff/tif_ojpeg.c.orig   2016-09-08 13:23:57.000000000 +0000
 +++ libtiff/tif_ojpeg.c
-@@ -1782,7 +1782,10 @@ OJPEGReadHeaderInfoSecTablesQTable(TIFF*
+@@ -244,6 +244,7 @@ typedef enum {
+ 
+ typedef struct {
+       TIFF* tif;
++      int decoder_ok;
+       #ifndef LIBJPEG_ENCAP_EXTERNAL
+       JMP_BUF exit_jmpbuf;
+       #endif
+@@ -722,6 +723,7 @@ OJPEGPreDecode(TIFF* tif, uint16 s)
+               }
+               sp->write_curstrile++;
+       }
++      sp->decoder_ok = 1;
+       return(1);
+ }
+ 
+@@ -784,8 +786,14 @@ OJPEGPreDecodeSkipScanlines(TIFF* tif)
+ static int
+ OJPEGDecode(TIFF* tif, uint8* buf, tmsize_t cc, uint16 s)
+ {
++      static const char module[]="OJPEGDecode";
+       OJPEGState* sp=(OJPEGState*)tif->tif_data;
+       (void)s;
++      if( !sp->decoder_ok )
++      {
++          TIFFErrorExt(tif->tif_clientdata,module,"Cannot decode: decoder not correctly initialized");
++          return 0;
++        }
+       if (sp->libjpeg_jpeg_query_style==0)
+       {
+               if (OJPEGDecodeRaw(tif,buf,cc)==0)
+@@ -1782,7 +1790,10 @@ OJPEGReadHeaderInfoSecTablesQTable(TIFF*
                        TIFFSeekFile(tif,sp->qtable_offset[m],SEEK_SET); 
                        p=(uint32)TIFFReadFile(tif,&ob[sizeof(uint32)+5],64);
                        if (p!=64)
@@ -18,7 +53,7 @@ https://github.com/vadz/libtiff/commit/2
                        sp->qtable[m]=ob;
                        sp->sof_tq[m]=m;
                }
-@@ -1846,7 +1849,10 @@ OJPEGReadHeaderInfoSecTablesDcTable(TIFF
+@@ -1846,7 +1857,10 @@ OJPEGReadHeaderInfoSecTablesDcTable(TIFF
                                rb[sizeof(uint32)+5+n]=o[n];
                        p=(uint32)TIFFReadFile(tif,&(rb[sizeof(uint32)+21]),q);
                        if (p!=q)
@@ -29,7 +64,7 @@ https://github.com/vadz/libtiff/commit/2
                        sp->dctable[m]=rb;
                        sp->sos_tda[m]=(m<<4);
                }
-@@ -1910,7 +1916,10 @@ OJPEGReadHeaderInfoSecTablesAcTable(TIFF
+@@ -1910,7 +1924,10 @@ OJPEGReadHeaderInfoSecTablesAcTable(TIFF
                                rb[sizeof(uint32)+5+n]=o[n];
                        p=(uint32)TIFFReadFile(tif,&(rb[sizeof(uint32)+21]),q);
                        if (p!=q)

Prev by Date: CVS commit: pkgsrc/graphics/tiff
Next by Date: CVS commit: pkgsrc/www/py-django
Previous by Thread: CVS commit: pkgsrc/graphics/tiff
Next by Thread: CVS commit: pkgsrc/www/py-django
Indexes:

Home | Main Index | Thread Index | Old Index