pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/graphics/tiff
Module Name: pkgsrc
Committed By: wiz
Date: Thu Aug 14 10:02:22 UTC 2025
Modified Files:
pkgsrc/graphics/tiff: Makefile distinfo
Added Files:
pkgsrc/graphics/tiff/patches: patch-libtiff_tif__read.c
patch-tools_thumbnail.c patch-tools_tiff2pdf.c
patch-tools_tiffdither.c patch-tools_tiffmedian.c
Log Message:
tiff: add upstream patches for three CVEs
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.168 -r1.169 pkgsrc/graphics/tiff/Makefile
cvs rdiff -u -r1.108 -r1.109 pkgsrc/graphics/tiff/distinfo
cvs rdiff -u -r0 -r1.3 pkgsrc/graphics/tiff/patches/patch-libtiff_tif__read.c
cvs rdiff -u -r0 -r1.1 pkgsrc/graphics/tiff/patches/patch-tools_thumbnail.c \
pkgsrc/graphics/tiff/patches/patch-tools_tiffdither.c \
pkgsrc/graphics/tiff/patches/patch-tools_tiffmedian.c
cvs rdiff -u -r0 -r1.5 pkgsrc/graphics/tiff/patches/patch-tools_tiff2pdf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/graphics/tiff/Makefile
diff -u pkgsrc/graphics/tiff/Makefile:1.168 pkgsrc/graphics/tiff/Makefile:1.169
--- pkgsrc/graphics/tiff/Makefile:1.168 Thu Apr 24 14:14:40 2025
+++ pkgsrc/graphics/tiff/Makefile Thu Aug 14 10:02:21 2025
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.168 2025/04/24 14:14:40 wiz Exp $
+# $NetBSD: Makefile,v 1.169 2025/08/14 10:02:21 wiz Exp $
VERSION_BASE= 4.7.0
# Accomodate testing unreleased versions.
VERSION_RC=
DISTNAME= tiff-${VERSION_BASE}${VERSION_RC}
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= graphics
MASTER_SITES= https://download.osgeo.org/libtiff/
Index: pkgsrc/graphics/tiff/distinfo
diff -u pkgsrc/graphics/tiff/distinfo:1.108 pkgsrc/graphics/tiff/distinfo:1.109
--- pkgsrc/graphics/tiff/distinfo:1.108 Wed Sep 18 11:39:36 2024
+++ pkgsrc/graphics/tiff/distinfo Thu Aug 14 10:02:21 2025
@@ -1,6 +1,11 @@
-$NetBSD: distinfo,v 1.108 2024/09/18 11:39:36 gdt Exp $
+$NetBSD: distinfo,v 1.109 2025/08/14 10:02:21 wiz Exp $
BLAKE2s (tiff-4.7.0.tar.gz) = 6daf895aab5da61e4d9058a39659ec629a4172794938e5c42b70a457ba2be691
SHA512 (tiff-4.7.0.tar.gz) = a77a050d1d8777c6d86077c3c26e8d35f98717fe14bb3c049e2b82fbfbb374e96f83a0c1ff67ffb21591a9a7abf0d3e18c3d7695c96939326cc19a9712dd2492
Size (tiff-4.7.0.tar.gz) = 3896583 bytes
SHA1 (patch-configure) = 48c3f6103e35049e0bd4a5f32a508cd9439c1f3f
+SHA1 (patch-libtiff_tif__read.c) = e359cb86d87f7bf035fa917c64ec32594ed2cd1b
+SHA1 (patch-tools_thumbnail.c) = a0909b38fe41ee21f98f4b31a0c7d5fefff2b6f9
+SHA1 (patch-tools_tiff2pdf.c) = a8f9424eec7dbde0cd72efe502704cff35cdd2c7
+SHA1 (patch-tools_tiffdither.c) = d7c5fd6177c9949ed0b45cbffcca4bf5b7bade60
+SHA1 (patch-tools_tiffmedian.c) = 053704977f7b3ffe0b8f46b496aa985927c1ab51
Added files:
Index: pkgsrc/graphics/tiff/patches/patch-libtiff_tif__read.c
diff -u /dev/null pkgsrc/graphics/tiff/patches/patch-libtiff_tif__read.c:1.3
--- /dev/null Thu Aug 14 10:02:22 2025
+++ pkgsrc/graphics/tiff/patches/patch-libtiff_tif__read.c Thu Aug 14 10:02:21 2025
@@ -0,0 +1,63 @@
+$NetBSD: patch-libtiff_tif__read.c,v 1.3 2025/08/14 10:02:21 wiz Exp $
+
+Fix for CVE-2024-13978.
+https://gitlab.com/libtiff/libtiff/-/merge_requests/667
+
+--- libtiff/tif_read.c.orig 2024-08-15 21:16:11.000000000 +0000
++++ libtiff/tif_read.c
+@@ -466,7 +466,9 @@ int TIFFReadScanline(TIFF *tif, void *bu
+ }
+ else
+ {
+- memset(buf, 0, (size_t)tif->tif_scanlinesize);
++ /* See TIFFReadEncodedStrip comment regarding TIFFTAG_FAXFILLFUNC. */
++ if (buf)
++ memset(buf, 0, (size_t)tif->tif_scanlinesize);
+ }
+ return (e > 0 ? 1 : -1);
+ }
+@@ -554,7 +556,10 @@ tmsize_t TIFFReadEncodedStrip(TIFF *tif,
+ stripsize = size;
+ if (!TIFFFillStrip(tif, strip))
+ {
+- memset(buf, 0, (size_t)stripsize);
++ /* The output buf may be NULL, in particular if TIFFTAG_FAXFILLFUNC
++ is being used. Thus, memset must be conditional on buf not NULL. */
++ if (buf)
++ memset(buf, 0, (size_t)stripsize);
+ return ((tmsize_t)(-1));
+ }
+ if ((*tif->tif_decodestrip)(tif, buf, stripsize, plane) <= 0)
+@@ -976,7 +981,9 @@ tmsize_t TIFFReadEncodedTile(TIFF *tif,
+ size = tilesize;
+ if (!TIFFFillTile(tif, tile))
+ {
+- memset(buf, 0, (size_t)size);
++ /* See TIFFReadEncodedStrip comment regarding TIFFTAG_FAXFILLFUNC. */
++ if (buf)
++ memset(buf, 0, (size_t)size);
+ return ((tmsize_t)(-1));
+ }
+ else if ((*tif->tif_decodetile)(tif, (uint8_t *)buf, size,
+@@ -1569,7 +1576,9 @@ int TIFFReadFromUserBuffer(TIFF *tif, ui
+ if (!TIFFStartTile(tif, strile))
+ {
+ ret = 0;
+- memset(outbuf, 0, (size_t)outsize);
++ /* See related TIFFReadEncodedStrip comment. */
++ if (outbuf)
++ memset(outbuf, 0, (size_t)outsize);
+ }
+ else if (!(*tif->tif_decodetile)(
+ tif, (uint8_t *)outbuf, outsize,
+@@ -1596,7 +1605,9 @@ int TIFFReadFromUserBuffer(TIFF *tif, ui
+ if (!TIFFStartStrip(tif, strile))
+ {
+ ret = 0;
+- memset(outbuf, 0, (size_t)outsize);
++ /* See related TIFFReadEncodedStrip comment. */
++ if (outbuf)
++ memset(outbuf, 0, (size_t)outsize);
+ }
+ else if (!(*tif->tif_decodestrip)(
+ tif, (uint8_t *)outbuf, outsize,
Index: pkgsrc/graphics/tiff/patches/patch-tools_thumbnail.c
diff -u /dev/null pkgsrc/graphics/tiff/patches/patch-tools_thumbnail.c:1.1
--- /dev/null Thu Aug 14 10:02:22 2025
+++ pkgsrc/graphics/tiff/patches/patch-tools_thumbnail.c Thu Aug 14 10:02:21 2025
@@ -0,0 +1,24 @@
+$NetBSD: patch-tools_thumbnail.c,v 1.1 2025/08/14 10:02:21 wiz Exp $
+
+Fix for CVE-2025-8177.
+https://gitlab.com/libtiff/libtiff/-/merge_requests/737
+
+--- tools/thumbnail.c.orig 2024-08-15 21:16:14.000000000 +0000
++++ tools/thumbnail.c
+@@ -620,7 +620,15 @@ static void setrow(uint8_t *row, uint32_
+ }
+ acc += bits[*src & mask1];
+ }
+- *row++ = cmap[(255 * acc) / area];
++ if (255 * acc / area < 256)
++ {
++ *row++ = cmap[(255 * acc) / area];
++ }
++ else
++ {
++ fprintf(stderr, "acc=%d, area=%d\n", acc, area);
++ *row++ = cmap[0];
++ }
+ }
+ }
+
Index: pkgsrc/graphics/tiff/patches/patch-tools_tiffdither.c
diff -u /dev/null pkgsrc/graphics/tiff/patches/patch-tools_tiffdither.c:1.1
--- /dev/null Thu Aug 14 10:02:22 2025
+++ pkgsrc/graphics/tiff/patches/patch-tools_tiffdither.c Thu Aug 14 10:02:21 2025
@@ -0,0 +1,25 @@
+$NetBSD: patch-tools_tiffdither.c,v 1.1 2025/08/14 10:02:21 wiz Exp $
+
+Fix for CVE-2025-8176.
+https://gitlab.com/libtiff/libtiff/-/merge_requests/727/diffs
+
+--- tools/tiffdither.c.orig 2024-08-15 21:16:11.000000000 +0000
++++ tools/tiffdither.c
+@@ -98,7 +98,7 @@ static int fsdither(TIFF *in, TIFF *out)
+ nextptr = nextline;
+ for (j = 0; j < imagewidth; ++j)
+ *nextptr++ = *inptr++;
+- for (i = 1; i < imagelength; ++i)
++ for (i = 0; i < imagelength; ++i)
+ {
+ tmpptr = thisline;
+ thisline = nextline;
+@@ -146,7 +146,7 @@ static int fsdither(TIFF *in, TIFF *out)
+ nextptr[0] += v / 16;
+ }
+ }
+- if (TIFFWriteScanline(out, outline, i - 1, 0) < 0)
++ if (TIFFWriteScanline(out, outline, i, 0) < 0)
+ goto skip_on_error;
+ }
+ goto exit_label;
Index: pkgsrc/graphics/tiff/patches/patch-tools_tiffmedian.c
diff -u /dev/null pkgsrc/graphics/tiff/patches/patch-tools_tiffmedian.c:1.1
--- /dev/null Thu Aug 14 10:02:22 2025
+++ pkgsrc/graphics/tiff/patches/patch-tools_tiffmedian.c Thu Aug 14 10:02:21 2025
@@ -0,0 +1,37 @@
+$NetBSD: patch-tools_tiffmedian.c,v 1.1 2025/08/14 10:02:21 wiz Exp $
+
+Fix for CVE-2025-8176.
+https://gitlab.com/libtiff/libtiff/-/merge_requests/727/diffs
+
+--- tools/tiffmedian.c.orig 2024-08-15 21:16:11.000000000 +0000
++++ tools/tiffmedian.c
+@@ -414,7 +414,10 @@ static void get_histogram(TIFF *in, Colo
+ for (i = 0; i < imagelength; i++)
+ {
+ if (TIFFReadScanline(in, inputline, i, 0) <= 0)
+- break;
++ {
++ fprintf(stderr, "Error reading scanline\n");
++ exit(EXIT_FAILURE);
++ }
+ inptr = inputline;
+ for (j = imagewidth; j-- > 0;)
+ {
+@@ -917,7 +920,7 @@ static void quant_fsdither(TIFF *in, TIF
+ outline = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
+
+ GetInputLine(in, 0, goto bad); /* get first line */
+- for (i = 1; i <= imagelength; ++i)
++ for (i = 0; i < imagelength; ++i)
+ {
+ SWAP(short *, thisline, nextline);
+ lastline = (i >= imax);
+@@ -997,7 +1000,7 @@ static void quant_fsdither(TIFF *in, TIF
+ nextptr += 3;
+ }
+ }
+- if (TIFFWriteScanline(out, outline, i - 1, 0) < 0)
++ if (TIFFWriteScanline(out, outline, i, 0) < 0)
+ break;
+ }
+ bad:
Index: pkgsrc/graphics/tiff/patches/patch-tools_tiff2pdf.c
diff -u /dev/null pkgsrc/graphics/tiff/patches/patch-tools_tiff2pdf.c:1.5
--- /dev/null Thu Aug 14 10:02:22 2025
+++ pkgsrc/graphics/tiff/patches/patch-tools_tiff2pdf.c Thu Aug 14 10:02:21 2025
@@ -0,0 +1,32 @@
+$NetBSD: patch-tools_tiff2pdf.c,v 1.5 2025/08/14 10:02:21 wiz Exp $
+
+Fix for CVE-2024-13978.
+https://gitlab.com/libtiff/libtiff/-/merge_requests/667
+
+--- tools/tiff2pdf.c.orig 2024-08-15 21:16:14.000000000 +0000
++++ tools/tiff2pdf.c
+@@ -1371,8 +1371,24 @@ void t2p_read_tiff_init(T2P *t2p, TIFF *
+ t2p->pdf_xrefcount += (t2p->tiff_tiles[i].tiles_tilecount - 1) * 2;
+ TIFFGetField(input, TIFFTAG_TILEWIDTH,
+ &(t2p->tiff_tiles[i].tiles_tilewidth));
++ if (t2p->tiff_tiles[i].tiles_tilewidth < 1)
++ {
++ TIFFError(TIFF2PDF_MODULE, "Invalid tile width (%d), %s",
++ t2p->tiff_tiles[i].tiles_tilewidth,
++ TIFFFileName(input));
++ t2p->t2p_error = T2P_ERR_ERROR;
++ return;
++ }
+ TIFFGetField(input, TIFFTAG_TILELENGTH,
+ &(t2p->tiff_tiles[i].tiles_tilelength));
++ if (t2p->tiff_tiles[i].tiles_tilelength < 1)
++ {
++ TIFFError(TIFF2PDF_MODULE, "Invalid tile length (%d), %s",
++ t2p->tiff_tiles[i].tiles_tilelength,
++ TIFFFileName(input));
++ t2p->t2p_error = T2P_ERR_ERROR;
++ return;
++ }
+ t2p->tiff_tiles[i].tiles_tiles = (T2P_TILE *)_TIFFmalloc(
+ TIFFSafeMultiply(tmsize_t, t2p->tiff_tiles[i].tiles_tilecount,
+ sizeof(T2P_TILE)));
Home |
Main Index |
Thread Index |
Old Index