[pkgsrc/trunk]: pkgsrc/graphics/tiff Fix CVE-2016-10268, ref.

[he <he%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/561024b93f94
branches:  trunk
changeset: 362160:561024b93f94
user:      he <he%pkgsrc.org@localhost>
date:      Sat May 06 21:37:16 2017 +0000

description:
Fix CVE-2016-10268, ref.
http://bugzilla.maptools.org/show_bug.cgi?id=2598
https://github.com/vadz/libtiff/commit/5397a417e61258c69209904e652a1f409ec3b9df
Bump PKGREVISION.

diffstat:

 graphics/tiff/Makefile                     |   4 ++--
 graphics/tiff/distinfo                     |   4 ++--
 graphics/tiff/patches/patch-tools_tiffcp.c |  17 ++++++++++++++++-
 3 files changed, 20 insertions(+), 5 deletions(-)

diffs (67 lines):

diff -r 586db558efef -r 561024b93f94 graphics/tiff/Makefile
--- a/graphics/tiff/Makefile    Sat May 06 21:29:16 2017 +0000
+++ b/graphics/tiff/Makefile    Sat May 06 21:37:16 2017 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.132 2017/05/06 21:29:16 he Exp $
+# $NetBSD: Makefile,v 1.133 2017/05/06 21:37:16 he Exp $
 
 DISTNAME=      tiff-4.0.7
-PKGREVISION=   8
+PKGREVISION=   9
 CATEGORIES=    graphics
 MASTER_SITES=  ftp://download.osgeo.org/libtiff/
 
diff -r 586db558efef -r 561024b93f94 graphics/tiff/distinfo
--- a/graphics/tiff/distinfo    Sat May 06 21:29:16 2017 +0000
+++ b/graphics/tiff/distinfo    Sat May 06 21:37:16 2017 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.78 2017/05/06 21:29:16 he Exp $
+$NetBSD: distinfo,v 1.79 2017/05/06 21:37:16 he Exp $
 
 SHA1 (tiff-4.0.7.tar.gz) = 2c1b64478e88f93522a42dd5271214a0e5eae648
 RMD160 (tiff-4.0.7.tar.gz) = 582e19c31e7f29d9ed36995dcad7ad68802cbadb
@@ -21,5 +21,5 @@
 SHA1 (patch-libtiff_tiffio.h) = e0efa9e1246e07dbb3a69d626988a18f12ba9d3c
 SHA1 (patch-man_Makefile.in) = ff073529c9d3ab98a03efa7d98c3263c1782482f
 SHA1 (patch-tools_tiff2pdf.c) = ce7a3e77c27ad3cabaa33b5da61cbd1b27f187d1
-SHA1 (patch-tools_tiffcp.c) = 42573d15fc66655a09e9227213b0929238f7e651
+SHA1 (patch-tools_tiffcp.c) = bd6abd9dc6e044ff04d761d999fabfb0919ba0db
 SHA1 (patch-tools_tiffcrop.c) = 1d729028fb8c05de958424234d5cc2808acc9b25
diff -r 586db558efef -r 561024b93f94 graphics/tiff/patches/patch-tools_tiffcp.c
--- a/graphics/tiff/patches/patch-tools_tiffcp.c        Sat May 06 21:29:16 2017 +0000
+++ b/graphics/tiff/patches/patch-tools_tiffcp.c        Sat May 06 21:37:16 2017 +0000
@@ -1,4 +1,4 @@
-$NetBSD: patch-tools_tiffcp.c,v 1.2 2017/05/05 20:06:03 he Exp $
+$NetBSD: patch-tools_tiffcp.c,v 1.3 2017/05/06 21:37:16 he Exp $
 
 CVE-2017-5225
 http://bugzilla.maptools.org/show_bug.cgi?id=2656
@@ -11,6 +11,12 @@
 http://bugzilla.maptools.org/show_bug.cgi?id=2610
 https://github.com/vadz/libtiff/commit/787c0ee906430b772f33ca50b97b8b5ca070faec
 
+and
+
+CVE-2016-10268
+http://bugzilla.maptools.org/show_bug.cgi?id=2598
+https://github.com/vadz/libtiff/commit/5397a417e61258c69209904e652a1f409ec3b9df
+
 --- tools/tiffcp.c.orig        2016-10-12 01:45:17.000000000 +0000
 +++ tools/tiffcp.c
 @@ -592,7 +592,7 @@ static     copyFunc pickCopyFunc(TIFF*, TIFF
@@ -22,6 +28,15 @@
        uint16 input_compression, input_photometric = PHOTOMETRIC_MINISBLACK;
        copyFunc cf;
        uint32 width, length;
+@@ -985,7 +985,7 @@ DECLAREcpFunc(cpDecodedStrips)
+               tstrip_t s, ns = TIFFNumberOfStrips(in);
+               uint32 row = 0;
+               _TIFFmemset(buf, 0, stripsize);
+-              for (s = 0; s < ns; s++) {
++              for (s = 0; s < ns && row < imagelength; s++) {
+                       tsize_t cc = (row + rowsperstrip > imagelength) ?
+                           TIFFVStripSize(in, imagelength - row) : stripsize;
+                       if (TIFFReadEncodedStrip(in, s, buf, cc) < 0
 @@ -1068,6 +1068,16 @@ DECLAREcpFunc(cpContig2SeparateByRow)
        register uint32 n;
        uint32 row;