[pkgsrc/trunk]: pkgsrc/graphics/tiff Fix CVE-2016-10266 ref.

[he <he%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/78a4456e0ffa
branches:  trunk
changeset: 362177:78a4456e0ffa
user:      he <he%pkgsrc.org@localhost>
date:      Sun May 07 21:32:30 2017 +0000

description:
Fix CVE-2016-10266 ref.
http://bugzilla.maptools.org/show_bug.cgi?id=2596
https://github.com/vadz/libtiff/commit/438274f938e046d33cb0e1230b41da32ffe223e1
Bump PKGREVISION.

diffstat:

 graphics/tiff/Makefile                         |   4 ++--
 graphics/tiff/distinfo                         |   5 +++--
 graphics/tiff/patches/patch-libtiff_tif_read.c |  17 +++++++++++++++--
 graphics/tiff/patches/patch-libtiff_tiffiop.h  |  19 +++++++++++++++++++
 4 files changed, 39 insertions(+), 6 deletions(-)

diffs (90 lines):

diff -r 0896a98bed5d -r 78a4456e0ffa graphics/tiff/Makefile
--- a/graphics/tiff/Makefile    Sun May 07 21:21:01 2017 +0000
+++ b/graphics/tiff/Makefile    Sun May 07 21:32:30 2017 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.133 2017/05/06 21:37:16 he Exp $
+# $NetBSD: Makefile,v 1.134 2017/05/07 21:32:30 he Exp $
 
 DISTNAME=      tiff-4.0.7
-PKGREVISION=   9
+PKGREVISION=   10
 CATEGORIES=    graphics
 MASTER_SITES=  ftp://download.osgeo.org/libtiff/
 
diff -r 0896a98bed5d -r 78a4456e0ffa graphics/tiff/distinfo
--- a/graphics/tiff/distinfo    Sun May 07 21:21:01 2017 +0000
+++ b/graphics/tiff/distinfo    Sun May 07 21:32:30 2017 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.79 2017/05/06 21:37:16 he Exp $
+$NetBSD: distinfo,v 1.80 2017/05/07 21:32:30 he Exp $
 
 SHA1 (tiff-4.0.7.tar.gz) = 2c1b64478e88f93522a42dd5271214a0e5eae648
 RMD160 (tiff-4.0.7.tar.gz) = 582e19c31e7f29d9ed36995dcad7ad68802cbadb
@@ -15,10 +15,11 @@
 SHA1 (patch-libtiff_tif_getimage.c) = 267b555c8b043d0a835db4d46ef65131776601e6
 SHA1 (patch-libtiff_tif_jpeg.c) = 1049b7b243e9e145886bcac8e68e5e7889337ebc
 SHA1 (patch-libtiff_tif_ojpeg.c) = 6447168e952bb80a1a8272c2c27bb0ce3ccf6939
-SHA1 (patch-libtiff_tif_read.c) = 85674d2e222846e3971301ce2fb7ebe02f54b9b2
+SHA1 (patch-libtiff_tif_read.c) = d43b10fa74a51da21f44abb7bd0251b88e8a702b
 SHA1 (patch-libtiff_tif_unix.c) = c8312771e567f90de0f77ac8eb66ed5c36e35617
 SHA1 (patch-libtiff_tif_win32.c) = 1ea9dcb6618c40b9de3e8d2a81914355f2111fdc
 SHA1 (patch-libtiff_tiffio.h) = e0efa9e1246e07dbb3a69d626988a18f12ba9d3c
+SHA1 (patch-libtiff_tiffiop.h) = 1100e55483da58037fa3f4168fffdfcbc5407456
 SHA1 (patch-man_Makefile.in) = ff073529c9d3ab98a03efa7d98c3263c1782482f
 SHA1 (patch-tools_tiff2pdf.c) = ce7a3e77c27ad3cabaa33b5da61cbd1b27f187d1
 SHA1 (patch-tools_tiffcp.c) = bd6abd9dc6e044ff04d761d999fabfb0919ba0db
diff -r 0896a98bed5d -r 78a4456e0ffa graphics/tiff/patches/patch-libtiff_tif_read.c
--- a/graphics/tiff/patches/patch-libtiff_tif_read.c    Sun May 07 21:21:01 2017 +0000
+++ b/graphics/tiff/patches/patch-libtiff_tif_read.c    Sun May 07 21:32:30 2017 +0000
@@ -1,4 +1,4 @@
-$NetBSD: patch-libtiff_tif_read.c,v 1.1 2017/05/03 23:00:59 sevan Exp $
+$NetBSD: patch-libtiff_tif_read.c,v 1.2 2017/05/07 21:32:30 he Exp $
 
 CVE-2017-7593
 http://bugzilla.maptools.org/show_bug.cgi?id=2651
@@ -7,8 +7,21 @@
 CVE-2017-7602
 https://github.com/vadz/libtiff/commit/66e7bd59520996740e4df5495a830b42fae48bc4
 
---- libtiff/tif_read.c.orig    2017-05-03 22:31:30.000000000 +0000
+CVE-2016-10266
+http://bugzilla.maptools.org/show_bug.cgi?id=2596
+https://github.com/vadz/libtiff/commit/438274f938e046d33cb0e1230b41da32ffe223e1
+
+--- libtiff/tif_read.c.orig    2016-07-13 13:28:17.000000000 +0000
 +++ libtiff/tif_read.c
+@@ -346,7 +346,7 @@ TIFFReadEncodedStrip(TIFF* tif, uint32 s
+       rowsperstrip=td->td_rowsperstrip;
+       if (rowsperstrip>td->td_imagelength)
+               rowsperstrip=td->td_imagelength;
+-      stripsperplane=((td->td_imagelength+rowsperstrip-1)/rowsperstrip);
++      stripsperplane= TIFFhowmany_32_maxuint_compat(td->td_imagelength, rowsperstrip);
+       stripinplane=(strip%stripsperplane);
+       plane=(uint16)(strip/stripsperplane);
+       rows=td->td_imagelength-stripinplane*rowsperstrip;
 @@ -420,16 +420,25 @@ TIFFReadRawStrip1(TIFF* tif, uint32 stri
                        return ((tmsize_t)(-1));
                }
diff -r 0896a98bed5d -r 78a4456e0ffa graphics/tiff/patches/patch-libtiff_tiffiop.h
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/tiff/patches/patch-libtiff_tiffiop.h     Sun May 07 21:32:30 2017 +0000
@@ -0,0 +1,19 @@
+$NetBSD: patch-libtiff_tiffiop.h,v 1.3 2017/05/07 21:32:30 he Exp $
+
+CVE-2016-10266
+http://bugzilla.maptools.org/show_bug.cgi?id=2596
+https://github.com/vadz/libtiff/commit/438274f938e046d33cb0e1230b41da32ffe223e1
+
+--- libtiff/tiffiop.h.orig     2016-01-24 15:39:51.000000000 +0000
++++ libtiff/tiffiop.h
+@@ -250,6 +250,10 @@ struct tiff {
+ #define TIFFhowmany_32(x, y) (((uint32)x < (0xffffffff - (uint32)(y-1))) ? \
+                          ((((uint32)(x))+(((uint32)(y))-1))/((uint32)(y))) : \
+                          0U)
++/* Variant of TIFFhowmany_32() that doesn't return 0 if x close to MAXUINT. */
++/* Caution: TIFFhowmany_32_maxuint_compat(x,y)*y might overflow */
++#define TIFFhowmany_32_maxuint_compat(x, y) \
++                         (((uint32)(x) / (uint32)(y)) + ((((uint32)(x) % (uint32)(y)) != 0) ? 1 : 0))
+ #define TIFFhowmany8_32(x) (((x)&0x07)?((uint32)(x)>>3)+1:(uint32)(x)>>3)
+ #define TIFFroundup_32(x, y) (TIFFhowmany_32(x,y)*(y))
+ #define TIFFhowmany_64(x, y) ((((uint64)(x))+(((uint64)(y))-1))/((uint64)(y)))