pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/graphics/tiff Update tiff to version 4.0.8.
details: https://anonhg.NetBSD.org/pkgsrc/rev/e4cf8a4dfe2e
branches: trunk
changeset: 362970:e4cf8a4dfe2e
user: he <he%pkgsrc.org@localhost>
date: Mon May 29 13:44:05 2017 +0000
description:
Update tiff to version 4.0.8.
Pkgsrc changes:
* Adapt PLIST, remove patches for now-integrated bugfixes.
As the release announcement says:
All of the changes are bug and security fixes.
Upstream changes:
CHANGES IN LIBTIFF:
* libtiff/tif_getimage.c, libtiff/tif_open.c: add parenthesis to
fix cppcheck clarifyCalculation warnings * libtiff/tif_predict.c,
libtiff/tif_print.c: fix printf unsigned vs signed formatting
(cppcheck invalidPrintfArgType_uint warnings)
* libtiff/tif_read.c, libtiff/tiffiop.h: fix uint32 overflow in
TIFFReadEncodedStrip() that caused an integer division by zero.
Reported by Agostino Sarubbo. Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2596
* libtiff/tif_pixarlog.c, libtiff/tif_luv.c: fix heap-based buffer
overflow on generation of PixarLog / LUV compressed files, with
ColorMap, TransferFunction attached and nasty plays with
bitspersample. The fix for LUV has not been tested, but suffers
from the same kind of issue of PixarLog. Reported by Agostino
Sarubbo. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2604
* libtiff/tif_strip.c: revert the change in TIFFNumberOfStrips()
done for http://bugzilla.maptools.org/show_bug.cgi?id=2587 /
CVE-2016-9273 since the above change is a better fix that makes
it unnecessary.
* libtiff/tif_dirread.c: modify ChopUpSingleUncompressedStrip()
to instanciate compute ntrips as TIFFhowmany_32(td->td_imagelength,
rowsperstrip), instead of a logic based on the total size of
data. Which is faulty is the total size of data is not sufficient
to fill the whole image, and thus results in reading outside of
the StripByCounts/StripOffsets arrays when using TIFFReadScanline().
Reported by Agostino Sarubbo. Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2608.
* libtiff/tif_ojpeg.c: make OJPEGDecode() early exit in case of
failure in OJPEGPreDecode(). This will avoid a divide by zero,
and potential other issues. Reported by Agostino Sarubbo. Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2611
* libtiff/tif_write.c: fix misleading indentation as warned by GCC.
* libtiff/tif_fax3.h: revert change done on 2016-01-09 that made
Param member of TIFFFaxTabEnt structure a uint16 to reduce size
of the binary. It happens that the Hylafax software uses the
tables that follow this typedef (TIFFFaxMainTable, TIFFFaxWhiteTable,
TIFFFaxBlackTable), although they are not in a public libtiff
header. Raised by Lee Howard. Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2636
* libtiff/tiffio.h, libtiff/tif_getimage.c: add TIFFReadRGBAStripExt()
and TIFFReadRGBATileExt() variants of the functions without ext,
with an extra argument to control the stop_on_error behaviour.
* libtiff/tif_getimage.c: fix potential memory leaks in error code
path of TIFFRGBAImageBegin(). Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2627
* libtiff/tif_jpeg.c: increase libjpeg max memory usable to 10 MB
instead of libjpeg 1MB default. This helps when creating files
with "big" tile, without using libjpeg temporary files. Related
to https://trac.osgeo.org/gdal/ticket/6757
* libtiff/tif_jpeg.c: avoid integer division by zero in
JPEGSetupEncode() when horizontal or vertical sampling is set
to 0. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2653
* libtiff/tif_dirwrite.c: in TIFFWriteDirectoryTagCheckedRational,
replace assertion by runtime check to error out if passed value
is strictly negative. Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2535
* libtiff/tif_dirread.c: avoid division by floating point 0 in
TIFFReadDirEntryCheckedRational() and
TIFFReadDirEntryCheckedSrational(), and return 0 in that case
(instead of infinity as before presumably) Apparently some
sanitizers do not like those divisions by zero. Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2644
* libtiff/tif_dir.c, tif_dirread.c, tif_dirwrite.c: implement
various clampings of double to other data types to avoid undefined
behaviour if the output range isn't big enough to hold the input
value. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2643
http://bugzilla.maptools.org/show_bug.cgi?id=2642
http://bugzilla.maptools.org/show_bug.cgi?id=2646
http://bugzilla.maptools.org/show_bug.cgi?id=2647
* libtiff/tif_jpeg.c: validate BitsPerSample in JPEGSetupEncode()
to avoid undefined behaviour caused by invalid shift exponent.
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2648
* libtiff/tif_read.c: avoid potential undefined behaviour on signed
integer addition in TIFFReadRawStrip1() in isMapped() case.
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2650
* libtiff/tif_getimage.c: add explicit uint32 cast in putagreytile
to avoid UndefinedBehaviorSanitizer warning. Patch by Nicol?s
Pe?a. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2658
* libtiff/tif_read.c: TIFFReadBufferSetup(): use _TIFFcalloc() to
zero initialize tif_rawdata. Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2651
* libtiff/tiffio.h, tif_unix.c, tif_win32.c, tif_vms.c: add _TIFFcalloc()
* libtiff/tif_luv.c, tif_lzw.c, tif_packbits.c: return 0 in Encode
functions instead of -1 when TIFFFlushData1() fails. Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2130
* libtiff/tif_ojpeg.c: fix leak in OJPEGReadHeaderInfoSecTablesQTable,
OJPEGReadHeaderInfoSecTablesDcTable and
OJPEGReadHeaderInfoSecTablesAcTable when read fails. Patch by
Nicol?s Pe?a. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2659
* libtiff/tif_jpeg.c: only run JPEGFixupTagsSubsampling() if the
YCbCrSubsampling tag is not explicitly present. This helps a
bit to reduce the I/O amount when the tag is present (especially
on cloud hosted files).
* libtiff/tif_lzw.c: in LZWPostEncode(), increase, if necessary,
the code bit-width after flushing the remaining code and before
emitting the EOI code. Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=1982
* libtiff/tif_pixarlog.c: fix memory leak in error code path of
PixarLogSetupDecode(). Patch by Nicol?s Pe?a. Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2665
* libtiff/tif_fax3.c, tif_predict.c, tif_getimage.c: fix GCC 7
-Wimplicit-fallthrough warnings.
* libtiff/tif_dirread.c: fix memory leak in non DEFER_STRILE_LOAD
mode (ie default) when there is both a StripOffsets and TileOffsets
tag, or a StripByteCounts and TileByteCounts Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2689
* libtiff/tif_ojpeg.c: fix potential memory leak in
OJPEGReadHeaderInfoSecTablesQTable, OJPEGReadHeaderInfoSecTablesDcTable
and OJPEGReadHeaderInfoSecTablesAcTable Patch by Nicol?s Pe?a.
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2670
* libtiff/tif_fax3.c: avoid crash in Fax3Close() on empty file.
Patch by Alan Coopersmith + complement by myself. Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2673
* libtiff/tif_read.c: TIFFFillStrip(): add limitation to the number
of bytes read in case td_stripbytecount[strip] is bigger than
reasonable, so as to avoid excessive memory allocation.
* libtiff/tif_zip.c, tif_pixarlog.c, tif_predict.c: fix memory
leak when the underlying codec (ZIP, PixarLog) succeeds its
setupdecode() method, but PredictorSetup fails. Credit to OSS-Fuzz
(locally run, on GDAL)
* libtiff/tif_read.c: TIFFFillStrip() and TIFFFillTile(): avoid
excessive memory allocation in case of shorten files. Only
effective on 64 bit builds and non-mapped cases. Credit to
OSS-Fuzz (locally run, on GDAL)
* libtiff/tif_read.c: TIFFFillStripPartial() / TIFFSeek(), avoid
potential integer overflows with read_ahead in CHUNKY_STRIP_READ_SUPPORT
mode. Should especially occur on 32 bit platforms.
* libtiff/tif_read.c: TIFFFillStripPartial(): avoid excessive
memory allocation in case of shorten files. Only effective on
64 bit builds. Credit to OSS-Fuzz (locally run, on GDAL)
* libtiff/tif_read.c: update tif_rawcc in CHUNKY_STRIP_READ_SUPPORT
mode with tif_rawdataloaded when calling TIFFStartStrip() or
TIFFFillStripPartial(). This avoids reading beyond tif_rawdata
when bytecount > tif_rawdatasize. Fixes
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1545.
Credit to OSS-Fuzz
* libtiff/tif_color.c: avoid potential int32 overflow in
TIFFYCbCrToRGBInit() Fixes
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1533 Credit
to OSS-Fuzz
* libtiff/tif_pixarlog.c, tif_luv.c: avoid potential int32 overflows
in multiply_ms() and add_ms(). Fixes
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1558 Credit
to OSS-Fuzz
* libtiff/tif_packbits.c: fix out-of-buffer read in PackBitsDecode()
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1563
Credit to OSS-Fuzz
* libtiff/tif_luv.c: LogL16InitState(): avoid excessive memory
allocation when RowsPerStrip tag is missing. Credit to OSS-Fuzz
(locally run, on GDAL)
* libtiff/tif_lzw.c: update dec_bitsleft at beginning of LZWDecode(),
and update tif_rawcc at end of LZWDecode(). This is needed to
properly work with the latest chnges in tif_read.c in
CHUNKY_STRIP_READ_SUPPORT mode.
* libtiff/tif_pixarlog.c: PixarLogDecode(): resync tif_rawcp with
next_in and tif_rawcc with avail_in at beginning and end of
function, similarly to what is done in LZWDecode(). Likely needed
so that it works properly with latest chnges in tif_read.c in
CHUNKY_STRIP_READ_SUPPORT mode. But untested...
* libtiff/tif_getimage.c: initYCbCrConversion(): add basic validation
of luma and refBlackWhite coefficients (just check they are not
NaN for now), to avoid potential float to int overflows. Fixes
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1663 Credit
to OSS Fuzz
* libtiff/tif_read.c: _TIFFVSetField(): fix outside range cast of
double to float. Credit to Google Autofuzz project
* libtiff/tif_getimage.c: initYCbCrConversion(): check luma[1] is
not zero to avoid division by zero. Fixes
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1665 Credit
to OSS Fuzz
* libtiff/tif_read.c: _TIFFVSetField(): fix outside range cast of
double to float. Credit to Google Autofuzz project
* libtiff/tif_getimage.c: initYCbCrConversion(): check luma[1] is
not zero to avoid division by zero. Fixes
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1665 Credit
to OSS Fuzz
* libtiff/tif_getimage.c: initYCbCrConversion(): stricter validation
for refBlackWhite coefficients values. To avoid invalid float->int32
conversion. Fixes
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1718 Credit
to OSS Fuzz
CHANGES IN THE TOOLS:
* tools/fax2tiff.c (main): Applied patch by J?rg Ahrens to fix
passing client data for Win32 builds using tif_win32.c
(USE_WIN32_FILEIO defined) for file I/O. Patch was provided via
email on November 20, 2016.
* tools/tiffcp.c: avoid uint32 underflow in cpDecodedStrips that
can cause various issues, such as buffer overflows in the library.
Reported by Agostino Sarubbo. Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2598
* tools/tiffcrop.c: fix readContigStripsIntoBuffer() in -i (ignore)
mode so that the output buffer is correctly incremented to avoid
write outside bounds. Reported by Agostino Sarubbo. Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2620
* tools/tiffcrop.c: add 3 extra bytes at end of strip buffer in
readSeparateStripsIntoBuffer() to avoid read outside of heap
allocated buffer. Reported by Agostino Sarubbo. Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2621
* tools/tiffcrop.c: fix integer division by zero when BitsPerSample
is missing. Reported by Agostino Sarubbo. Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2619
* tools/tiffinfo.c: fix null pointer dereference in -r mode when
the image has no StripByteCount tag. Reported by Agostino Sarubbo.
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2594
* tools/tiffcp.c: avoid potential division by zero is BitsPerSamples
tag is missing. Reported by Agostino Sarubbo. Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2597
* tools/tif_dir.c: when TIFFGetField(, TIFFTAG_NUMBEROFINKS, ) is
called, limit the return number of inks to SamplesPerPixel, so
that code that parses ink names doesn't go past the end of the
buffer. Reported by Agostino Sarubbo. Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2599
* tools/tiffcp.c: avoid potential division by zero is BitsPerSamples
tag is missing. Reported by Agostino Sarubbo. Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2607
* tools/tiffcp.c: fix uint32 underflow/overflow that can cause
heap-based buffer overflow. Reported by Agostino Sarubbo. Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2610
* tools/tiffcp.c: replace assert( (bps % 8) == 0 ) by a non assert
check. Reported by Agostino Sarubbo. Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2605
* tools/tiff2ps.c: fix 2 heap-based buffer overflows (in PSDataBW
and PSDataColorContig). Reported by Agostino Sarubbo. Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2633 and
http://bugzilla.maptools.org/show_bug.cgi?id=2634.
* tools/tiff2pdf.c: prevent heap-based buffer overflow in -j mode
on a paletted image. Note: this fix errors out before the overflow
happens. There could probably be a better fix. Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2635
* tools/tiff2pdf.c: fix wrong usage of memcpy() that can trigger
unspecified behaviour. Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2638
* tools/tiff2pdf.c: avoid potential invalid memory read in
t2p_writeproc. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2639
* tools/tiff2pdf.c: avoid potential heap-based overflow in
t2p_readwrite_pdf_image_tile(). Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2640
* tools/tiffcrop.c: remove extraneous TIFFClose() in error code
path, that caused double free. Related to
http://bugzilla.maptools.org/show_bug.cgi?id=2535
* tools/tiffcp.c: error out cleanly in cpContig2SeparateByRow and
cpSeparate2ContigByRow if BitsPerSample != 8 to avoid heap based
overflow. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2656
and http://bugzilla.maptools.org/show_bug.cgi?id=2657
* tools/raw2tiff.c: avoid integer division by zero. Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2631
* tools/tiff2ps.c: call TIFFClose() in error code paths.
* tools/fax2tiff.c: emit appropriate message if the input file is
empty. Patch by Alan Coopersmith. Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2672
* tools/tiff2bw.c: close TIFF handle in error code path. Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2677
diffstat:
graphics/tiff/Makefile | 5 +-
graphics/tiff/PLIST | 3 +-
graphics/tiff/distinfo | 29 +--
graphics/tiff/patches/patch-html_man_Makefile.in | 15 -
graphics/tiff/patches/patch-libtiff_tif__luv.c | 56 -----
graphics/tiff/patches/patch-libtiff_tif__pixarlog.c | 41 ----
graphics/tiff/patches/patch-libtiff_tif__strip.c | 24 --
graphics/tiff/patches/patch-libtiff_tif_dir.c | 63 ------
graphics/tiff/patches/patch-libtiff_tif_dirread.c | 122 ------------
graphics/tiff/patches/patch-libtiff_tif_dirwrite.c | 192 --------------------
graphics/tiff/patches/patch-libtiff_tif_getimage.c | 17 -
graphics/tiff/patches/patch-libtiff_tif_jpeg.c | 31 ---
graphics/tiff/patches/patch-libtiff_tif_ojpeg.c | 77 --------
graphics/tiff/patches/patch-libtiff_tif_read.c | 70 -------
graphics/tiff/patches/patch-libtiff_tif_unix.c | 23 --
graphics/tiff/patches/patch-libtiff_tif_win32.c | 23 --
graphics/tiff/patches/patch-libtiff_tiffio.h | 16 -
graphics/tiff/patches/patch-libtiff_tiffiop.h | 19 -
graphics/tiff/patches/patch-man_Makefile.in | 16 -
graphics/tiff/patches/patch-tools_tiff2pdf.c | 16 -
graphics/tiff/patches/patch-tools_tiffcp.c | 109 -----------
graphics/tiff/patches/patch-tools_tiffcrop.c | 28 --
22 files changed, 9 insertions(+), 986 deletions(-)
diffs (truncated from 1097 to 300 lines):
diff -r e0f127bca330 -r e4cf8a4dfe2e graphics/tiff/Makefile
--- a/graphics/tiff/Makefile Mon May 29 13:23:41 2017 +0000
+++ b/graphics/tiff/Makefile Mon May 29 13:44:05 2017 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.135 2017/05/07 21:52:16 he Exp $
+# $NetBSD: Makefile,v 1.136 2017/05/29 13:44:05 he Exp $
-DISTNAME= tiff-4.0.7
-PKGREVISION= 11
+DISTNAME= tiff-4.0.8
CATEGORIES= graphics
MASTER_SITES= ftp://download.osgeo.org/libtiff/
diff -r e0f127bca330 -r e4cf8a4dfe2e graphics/tiff/PLIST
--- a/graphics/tiff/PLIST Mon May 29 13:23:41 2017 +0000
+++ b/graphics/tiff/PLIST Mon May 29 13:44:05 2017 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.23 2016/11/23 13:51:29 he Exp $
+@comment $NetBSD: PLIST,v 1.24 2017/05/29 13:44:05 he Exp $
bin/fax2ps
bin/fax2tiff
bin/pal2rgb
@@ -232,4 +232,5 @@
share/doc/tiff/html/v4.0.4beta.html
share/doc/tiff/html/v4.0.5.html
share/doc/tiff/html/v4.0.6.html
+share/doc/tiff/html/v4.0.7.html
share/doc/tiff/html/v${PKGVERSION}.html
diff -r e0f127bca330 -r e4cf8a4dfe2e graphics/tiff/distinfo
--- a/graphics/tiff/distinfo Mon May 29 13:23:41 2017 +0000
+++ b/graphics/tiff/distinfo Mon May 29 13:44:05 2017 +0000
@@ -1,26 +1,7 @@
-$NetBSD: distinfo,v 1.81 2017/05/07 21:52:16 he Exp $
+$NetBSD: distinfo,v 1.82 2017/05/29 13:44:05 he Exp $
-SHA1 (tiff-4.0.7.tar.gz) = 2c1b64478e88f93522a42dd5271214a0e5eae648
-RMD160 (tiff-4.0.7.tar.gz) = 582e19c31e7f29d9ed36995dcad7ad68802cbadb
-SHA512 (tiff-4.0.7.tar.gz) = 941357bdd5f947cdca41a1d31ae14b3fadc174ae5dce7b7981dbe58f61995f575ac2e97a7cc4fcc435184012017bec0920278263490464644f2cdfad9a6c5ddc
-Size (tiff-4.0.7.tar.gz) = 2076392 bytes
+SHA1 (tiff-4.0.8.tar.gz) = 88717c97480a7976c94d23b6d9ed4ac74715267f
+RMD160 (tiff-4.0.8.tar.gz) = 0d8bc26c98035810c73b8f876f76dc48efba7da8
+SHA512 (tiff-4.0.8.tar.gz) = 5d010ec4ce37aca733f7ab7db9f432987b0cd21664bd9d99452a146833c40f0d1e7309d1870b0395e947964134d5cfeb1366181e761fe353ad585803ff3d6be6
+Size (tiff-4.0.8.tar.gz) = 2065574 bytes
SHA1 (patch-configure) = a0032133f06b6ac92bbf52349fabe83f74ea14a6
-SHA1 (patch-html_man_Makefile.in) = 705604e2a3065da192e7354a4a9cdcd16bd6823d
-SHA1 (patch-libtiff_tif__luv.c) = c2e8ce7474119ffa02d226932ad6c8c2b230062c
-SHA1 (patch-libtiff_tif__pixarlog.c) = ad16681cf3fcb5fded048eb70c0a93f1b6447147
-SHA1 (patch-libtiff_tif__strip.c) = f7dc7b24378d0541a8f3bcc3cad78ea2d6ae14d7
-SHA1 (patch-libtiff_tif_dir.c) = 28c45b95cedeebe005b44b45393d66f61e0ea6f7
-SHA1 (patch-libtiff_tif_dirread.c) = f6d442da817457d7ac801a3005e21c357ac31f8a
-SHA1 (patch-libtiff_tif_dirwrite.c) = 07ccbf8cf210b95d5ca7710cc2982368783b4dcb
-SHA1 (patch-libtiff_tif_getimage.c) = 267b555c8b043d0a835db4d46ef65131776601e6
-SHA1 (patch-libtiff_tif_jpeg.c) = 1049b7b243e9e145886bcac8e68e5e7889337ebc
-SHA1 (patch-libtiff_tif_ojpeg.c) = 1c43555434525157c1783de4802af4508c5113a4
-SHA1 (patch-libtiff_tif_read.c) = d43b10fa74a51da21f44abb7bd0251b88e8a702b
-SHA1 (patch-libtiff_tif_unix.c) = c8312771e567f90de0f77ac8eb66ed5c36e35617
-SHA1 (patch-libtiff_tif_win32.c) = 1ea9dcb6618c40b9de3e8d2a81914355f2111fdc
-SHA1 (patch-libtiff_tiffio.h) = e0efa9e1246e07dbb3a69d626988a18f12ba9d3c
-SHA1 (patch-libtiff_tiffiop.h) = 1100e55483da58037fa3f4168fffdfcbc5407456
-SHA1 (patch-man_Makefile.in) = ff073529c9d3ab98a03efa7d98c3263c1782482f
-SHA1 (patch-tools_tiff2pdf.c) = ce7a3e77c27ad3cabaa33b5da61cbd1b27f187d1
-SHA1 (patch-tools_tiffcp.c) = bd6abd9dc6e044ff04d761d999fabfb0919ba0db
-SHA1 (patch-tools_tiffcrop.c) = 1d729028fb8c05de958424234d5cc2808acc9b25
diff -r e0f127bca330 -r e4cf8a4dfe2e graphics/tiff/patches/patch-html_man_Makefile.in
--- a/graphics/tiff/patches/patch-html_man_Makefile.in Mon May 29 13:23:41 2017 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,15 +0,0 @@
-$NetBSD: patch-html_man_Makefile.in,v 1.1 2016/11/23 13:51:29 he Exp $
-
-Don't install man pages for binaries which we leave uninstalled.
-
---- html/man/Makefile.in.orig 2016-11-19 17:40:21.000000000 +0000
-+++ html/man/Makefile.in
-@@ -383,8 +383,6 @@ docfiles = \
- pal2rgb.1.html \
- ppm2tiff.1.html \
- raw2tiff.1.html \
-- rgb2ycbcr.1.html \
-- thumbnail.1.html \
- tiff2bw.1.html \
- tiff2pdf.1.html \
- tiff2ps.1.html \
diff -r e0f127bca330 -r e4cf8a4dfe2e graphics/tiff/patches/patch-libtiff_tif__luv.c
--- a/graphics/tiff/patches/patch-libtiff_tif__luv.c Mon May 29 13:23:41 2017 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,56 +0,0 @@
-$NetBSD: patch-libtiff_tif__luv.c,v 1.1 2017/05/06 21:02:00 he Exp $
-
-Fix CVE-2016-10269, ref. http://bugzilla.maptools.org/show_bug.cgi?id=2604
-and
-https://github.com/vadz/libtiff/commit/1044b43637fa7f70fb19b93593777b78bd20da86
-
---- libtiff/tif_luv.c.orig 2016-09-08 13:23:57.000000000 +0000
-+++ libtiff/tif_luv.c
-@@ -158,6 +158,7 @@
- typedef struct logLuvState LogLuvState;
-
- struct logLuvState {
-+ int encoder_state; /* 1 if encoder correctly initialized */
- int user_datafmt; /* user data format */
- int encode_meth; /* encoding method */
- int pixel_size; /* bytes per pixel */
-@@ -1552,6 +1553,7 @@ LogLuvSetupEncode(TIFF* tif)
- td->td_photometric, "must be either LogLUV or LogL");
- break;
- }
-+ sp->encoder_state = 1;
- return (1);
- notsupported:
- TIFFErrorExt(tif->tif_clientdata, module,
-@@ -1563,19 +1565,27 @@ notsupported:
- static void
- LogLuvClose(TIFF* tif)
- {
-+ LogLuvState* sp = (LogLuvState*) tif->tif_data;
- TIFFDirectory *td = &tif->tif_dir;
-
-+ assert(sp != 0);
- /*
- * For consistency, we always want to write out the same
- * bitspersample and sampleformat for our TIFF file,
- * regardless of the data format being used by the application.
- * Since this routine is called after tags have been set but
- * before they have been recorded in the file, we reset them here.
-+ * Note: this is really a nasty approach. See PixarLogClose
- */
-- td->td_samplesperpixel =
-- (td->td_photometric == PHOTOMETRIC_LOGL) ? 1 : 3;
-- td->td_bitspersample = 16;
-- td->td_sampleformat = SAMPLEFORMAT_INT;
-+ if( sp->encoder_state )
-+ {
-+ /* See PixarLogClose. Might avoid issues with tags whose size depends
-+ * on those below, but not completely sure this is enough. */
-+ td->td_samplesperpixel =
-+ (td->td_photometric == PHOTOMETRIC_LOGL) ? 1 : 3;
-+ td->td_bitspersample = 16;
-+ td->td_sampleformat = SAMPLEFORMAT_INT;
-+ }
- }
-
- static void
diff -r e0f127bca330 -r e4cf8a4dfe2e graphics/tiff/patches/patch-libtiff_tif__pixarlog.c
--- a/graphics/tiff/patches/patch-libtiff_tif__pixarlog.c Mon May 29 13:23:41 2017 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,41 +0,0 @@
-$NetBSD: patch-libtiff_tif__pixarlog.c,v 1.1 2017/05/06 21:02:00 he Exp $
-
-Fix CVE-2016-10269, ref. http://bugzilla.maptools.org/show_bug.cgi?id=2604
-and
-https://github.com/vadz/libtiff/commit/1044b43637fa7f70fb19b93593777b78bd20da86
-
---- libtiff/tif_pixarlog.c.orig 2016-09-23 22:56:06.000000000 +0000
-+++ libtiff/tif_pixarlog.c
-@@ -1233,8 +1233,10 @@ PixarLogPostEncode(TIFF* tif)
- static void
- PixarLogClose(TIFF* tif)
- {
-+ PixarLogState* sp = (PixarLogState*) tif->tif_data;
- TIFFDirectory *td = &tif->tif_dir;
-
-+ assert(sp != 0);
- /* In a really sneaky (and really incorrect, and untruthful, and
- * troublesome, and error-prone) maneuver that completely goes against
- * the spirit of TIFF, and breaks TIFF, on close, we covertly
-@@ -1243,8 +1245,19 @@ PixarLogClose(TIFF* tif)
- * readers that don't know about PixarLog, or how to set
- * the PIXARLOGDATFMT pseudo-tag.
- */
-- td->td_bitspersample = 8;
-- td->td_sampleformat = SAMPLEFORMAT_UINT;
-+
-+ if (sp->state&PLSTATE_INIT) {
-+ /* We test the state to avoid an issue such as in
-+ * http://bugzilla.maptools.org/show_bug.cgi?id=2604
-+ * What appends in that case is that the bitspersample is 1 and
-+ * a TransferFunction is set. The size of the TransferFunction
-+ * depends on 1<<bitspersample. So if we increase it, an access
-+ * out of the buffer will happen at directory flushing.
-+ * Another option would be to clear those targs.
-+ */
-+ td->td_bitspersample = 8;
-+ td->td_sampleformat = SAMPLEFORMAT_UINT;
-+ }
- }
-
- static void
diff -r e0f127bca330 -r e4cf8a4dfe2e graphics/tiff/patches/patch-libtiff_tif__strip.c
--- a/graphics/tiff/patches/patch-libtiff_tif__strip.c Mon May 29 13:23:41 2017 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,24 +0,0 @@
-$NetBSD: patch-libtiff_tif__strip.c,v 1.1 2017/05/06 21:29:16 he Exp $
-
-Fix CVE-2016-10270, ref.
-http://bugzilla.maptools.org/show_bug.cgi?id=2608
-https://github.com/vadz/libtiff/commit/9a72a69e035ee70ff5c41541c8c61cd97990d018
-
---- libtiff/tif_strip.c.orig 2016-11-10 02:12:36.000000000 +0000
-+++ libtiff/tif_strip.c
-@@ -63,15 +63,6 @@ TIFFNumberOfStrips(TIFF* tif)
- TIFFDirectory *td = &tif->tif_dir;
- uint32 nstrips;
-
-- /* If the value was already computed and store in td_nstrips, then return it,
-- since ChopUpSingleUncompressedStrip might have altered and resized the
-- since the td_stripbytecount and td_stripoffset arrays to the new value
-- after the initial affectation of td_nstrips = TIFFNumberOfStrips() in
-- tif_dirread.c ~line 3612.
-- See http://bugzilla.maptools.org/show_bug.cgi?id=2587 */
-- if( td->td_nstrips )
-- return td->td_nstrips;
--
- nstrips = (td->td_rowsperstrip == (uint32) -1 ? 1 :
- TIFFhowmany_32(td->td_imagelength, td->td_rowsperstrip));
- if (td->td_planarconfig == PLANARCONFIG_SEPARATE)
diff -r e0f127bca330 -r e4cf8a4dfe2e graphics/tiff/patches/patch-libtiff_tif_dir.c
--- a/graphics/tiff/patches/patch-libtiff_tif_dir.c Mon May 29 13:23:41 2017 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,63 +0,0 @@
-$NetBSD: patch-libtiff_tif_dir.c,v 1.1 2017/05/05 20:14:05 sevan Exp $
-
-CVE-2017-7596
-CVE-2017-7597
-CVE-2017-7599
-CVE-2017-7600
-https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490
-
---- libtiff/tif_dir.c.orig 2016-10-29 23:03:18.000000000 +0000
-+++ libtiff/tif_dir.c
-@@ -31,6 +31,7 @@
- * (and also some miscellaneous stuff)
- */
- #include "tiffiop.h"
-+#include <float.h>
-
- /*
- * These are used in the backwards compatibility code...
-@@ -154,6 +155,15 @@ bad:
- return (0);
- }
-
-+static float TIFFClampDoubleToFloat( double val )
-+{
-+ if( val > FLT_MAX )
-+ return FLT_MAX;
-+ if( val < -FLT_MAX )
-+ return -FLT_MAX;
-+ return (float)val;
-+}
-+
- static int
- _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap)
- {
-@@ -312,13 +322,13 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va
- dblval = va_arg(ap, double);
- if( dblval < 0 )
- goto badvaluedouble;
-- td->td_xresolution = (float) dblval;
-+ td->td_xresolution = TIFFClampDoubleToFloat( dblval );
- break;
- case TIFFTAG_YRESOLUTION:
- dblval = va_arg(ap, double);
- if( dblval < 0 )
- goto badvaluedouble;
-- td->td_yresolution = (float) dblval;
-+ td->td_yresolution = TIFFClampDoubleToFloat( dblval );
- break;
- case TIFFTAG_PLANARCONFIG:
- v = (uint16) va_arg(ap, uint16_vap);
-@@ -327,10 +337,10 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va
- td->td_planarconfig = (uint16) v;
- break;
- case TIFFTAG_XPOSITION:
-- td->td_xposition = (float) va_arg(ap, double);
-+ td->td_xposition = TIFFClampDoubleToFloat( va_arg(ap, double) );
- break;
- case TIFFTAG_YPOSITION:
-- td->td_yposition = (float) va_arg(ap, double);
-+ td->td_yposition = TIFFClampDoubleToFloat( va_arg(ap, double) );
- break;
- case TIFFTAG_RESOLUTIONUNIT:
- v = (uint16) va_arg(ap, uint16_vap);
diff -r e0f127bca330 -r e4cf8a4dfe2e graphics/tiff/patches/patch-libtiff_tif_dirread.c
--- a/graphics/tiff/patches/patch-libtiff_tif_dirread.c Mon May 29 13:23:41 2017 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,122 +0,0 @@
-$NetBSD: patch-libtiff_tif_dirread.c,v 1.3 2017/05/06 21:29:16 he Exp $
-
-CVE-2017-7596
-CVE-2017-7597
-CVE-2017-7598
-CVE-2017-7599
-CVE-2017-7600
-https://github.com/vadz/libtiff/commit/3cfd62d77c2a7e147a05bd678524c345fa9c2bb8
-https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490
-
-and
-
-CVE-2016-10270
-http://bugzilla.maptools.org/show_bug.cgi?id=2608
Home |
Main Index |
Thread Index |
Old Index