[pkgsrc/trunk]: pkgsrc/graphics/tiff Fix CVE-2016-10094, ref. http://bugzilla...

[he <he%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/798355393be8
branches:  trunk
changeset: 362156:798355393be8
user:      he <he%pkgsrc.org@localhost>
date:      Sat May 06 20:34:40 2017 +0000

description:
Fix CVE-2016-10094, ref. http://bugzilla.maptools.org/show_bug.cgi?id=2640
and https://github.com/vadz/libtiff/commit/c7153361a4041260719b340f73f2f76
Bump PKGREVISION.

diffstat:

 graphics/tiff/Makefile                       |   4 ++--
 graphics/tiff/distinfo                       |   3 ++-
 graphics/tiff/patches/patch-tools_tiff2pdf.c |  16 ++++++++++++++++
 3 files changed, 20 insertions(+), 3 deletions(-)

diffs (49 lines):

diff -r 97c9c9fcc5ce -r 798355393be8 graphics/tiff/Makefile
--- a/graphics/tiff/Makefile    Sat May 06 18:20:17 2017 +0000
+++ b/graphics/tiff/Makefile    Sat May 06 20:34:40 2017 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.129 2017/05/05 20:14:05 sevan Exp $
+# $NetBSD: Makefile,v 1.130 2017/05/06 20:34:40 he Exp $
 
 DISTNAME=      tiff-4.0.7
-PKGREVISION=   5
+PKGREVISION=   6
 CATEGORIES=    graphics
 MASTER_SITES=  ftp://download.osgeo.org/libtiff/
 
diff -r 97c9c9fcc5ce -r 798355393be8 graphics/tiff/distinfo
--- a/graphics/tiff/distinfo    Sat May 06 18:20:17 2017 +0000
+++ b/graphics/tiff/distinfo    Sat May 06 20:34:40 2017 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.75 2017/05/05 20:14:05 sevan Exp $
+$NetBSD: distinfo,v 1.76 2017/05/06 20:34:40 he Exp $
 
 SHA1 (tiff-4.0.7.tar.gz) = 2c1b64478e88f93522a42dd5271214a0e5eae648
 RMD160 (tiff-4.0.7.tar.gz) = 582e19c31e7f29d9ed36995dcad7ad68802cbadb
@@ -17,5 +17,6 @@
 SHA1 (patch-libtiff_tif_win32.c) = 1ea9dcb6618c40b9de3e8d2a81914355f2111fdc
 SHA1 (patch-libtiff_tiffio.h) = e0efa9e1246e07dbb3a69d626988a18f12ba9d3c
 SHA1 (patch-man_Makefile.in) = ff073529c9d3ab98a03efa7d98c3263c1782482f
+SHA1 (patch-tools_tiff2pdf.c) = ce7a3e77c27ad3cabaa33b5da61cbd1b27f187d1
 SHA1 (patch-tools_tiffcp.c) = 42573d15fc66655a09e9227213b0929238f7e651
 SHA1 (patch-tools_tiffcrop.c) = 1d729028fb8c05de958424234d5cc2808acc9b25
diff -r 97c9c9fcc5ce -r 798355393be8 graphics/tiff/patches/patch-tools_tiff2pdf.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/tiff/patches/patch-tools_tiff2pdf.c      Sat May 06 20:34:40 2017 +0000
@@ -0,0 +1,16 @@
+$NetBSD: patch-tools_tiff2pdf.c,v 1.3 2017/05/06 20:34:40 he Exp $
+
+Fix CVE-2016-10094, ref. http://bugzilla.maptools.org/show_bug.cgi?id=2640
+and https://github.com/vadz/libtiff/commit/c7153361a4041260719b340f73f2f76
+
+--- tools/tiff2pdf.c.orig      2016-11-12 14:58:09.000000000 +0000
++++ tools/tiff2pdf.c
+@@ -2895,7 +2895,7 @@ tsize_t t2p_readwrite_pdf_image_tile(T2P
+                               return(0);
+                       }
+                       if(TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt) != 0) {
+-                              if (count >= 4) {
++                              if (count > 4) {
+                     /* Ignore EOI marker of JpegTables */
+                                       _TIFFmemcpy(buffer, jpt, count - 2);
+                                       bufferoffset += count - 2;