pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2018Q3]: pkgsrc/graphics/tiff Pullup ticket #5881 - requested ...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/21001a375668
branches:  pkgsrc-2018Q3
changeset: 408386:21001a375668
user:      spz <spz%pkgsrc.org@localhost>
date:      Thu Nov 22 05:50:52 2018 +0000

description:
Pullup ticket #5881 - requested by maya
graphics/tiff: security update

Revisions pulled up:
- graphics/tiff/Makefile                                        1.144
- graphics/tiff/PLIST                                           1.26
- graphics/tiff/distinfo                                        1.93
- graphics/tiff/patches/patch-CVE-2017-11613                    deleted
- graphics/tiff/patches/patch-CVE-2017-18013                    deleted
- graphics/tiff/patches/patch-CVE-2017-9935                     deleted
- graphics/tiff/patches/patch-CVE-2018-10963                    deleted
- graphics/tiff/patches/patch-CVE-2018-17100                    deleted
- graphics/tiff/patches/patch-CVE-2018-17101                    deleted
- graphics/tiff/patches/patch-CVE-2018-5784                     deleted
- graphics/tiff/patches/patch-CVE-2018-8905                     deleted
- graphics/tiff/patches/patch-libtiff_tif__jbig.c               deleted
- graphics/tiff/patches/patch-libtiff_tif__read.c               deleted
- graphics/tiff/patches/patch-tools_pal2rgb.c                   deleted

-------------------------------------------------------------------
   Module Name: pkgsrc
   Committed By:        maya
   Date:                Sat Nov 10 21:14:54 UTC 2018

   Modified Files:
        pkgsrc/graphics/tiff: Makefile PLIST distinfo
   Removed Files:
        pkgsrc/graphics/tiff/patches: patch-CVE-2017-11613 patch-CVE-2017-18013
            patch-CVE-2017-9935 patch-CVE-2018-10963 patch-CVE-2018-17100
            patch-CVE-2018-17101 patch-CVE-2018-5784 patch-CVE-2018-8905
            patch-libtiff_tif__jbig.c patch-libtiff_tif__read.c
            patch-tools_pal2rgb.c

   Log Message:
   tiff: update to 4.0.10

   It has been a year since the previous release.  This is the first
   release made from the Git repository at
   https://gitlab.com/libtiff/libtiff using a collaborative process.

   Since the previous release, a number of security issues have been
   fixed, and some significant new features have been added.

   This release adds support for Zstd and WebP compression algorithms.
   In their own way, each of these compression algorithms is highly
   complimentary to TIFF.

   Zstd provides improved compression and decompression speed vs zlib's
   Deflate as well as a broader range of compression ratios.  Zstd is
   developed by Facebook and the implementation continues to be improved.

   WebP is optimized for small/medium 8-bit images while offering
   improved compression performance vs traditional JPEG.  WebP works well
   in strips or tiles to compress large images down to very small files,
   while preserving a good looking image.  WebP is developed by Google,
   and its implementation continues to be improved.

   Due to Adobe's TIFF tag registration interface going off-line, we have
   had to assign our own tags for Zstd and WebP.


   To generate a diff of this commit:
   cvs rdiff -u -r1.143 -r1.144 pkgsrc/graphics/tiff/Makefile
   cvs rdiff -u -r1.25 -r1.26 pkgsrc/graphics/tiff/PLIST
   cvs rdiff -u -r1.92 -r1.93 pkgsrc/graphics/tiff/distinfo
   cvs rdiff -u -r1.1 -r0 pkgsrc/graphics/tiff/patches/patch-CVE-2017-11613 \
       pkgsrc/graphics/tiff/patches/patch-CVE-2017-18013 \
       pkgsrc/graphics/tiff/patches/patch-CVE-2017-9935 \
       pkgsrc/graphics/tiff/patches/patch-CVE-2018-10963 \
       pkgsrc/graphics/tiff/patches/patch-CVE-2018-17100 \
       pkgsrc/graphics/tiff/patches/patch-CVE-2018-17101 \
       pkgsrc/graphics/tiff/patches/patch-CVE-2018-5784 \
       pkgsrc/graphics/tiff/patches/patch-CVE-2018-8905 \
       pkgsrc/graphics/tiff/patches/patch-libtiff_tif__jbig.c \
       pkgsrc/graphics/tiff/patches/patch-libtiff_tif__read.c \
       pkgsrc/graphics/tiff/patches/patch-tools_pal2rgb.c

diffstat:

 graphics/tiff/Makefile                          |    7 +-
 graphics/tiff/PLIST                             |    8 +-
 graphics/tiff/distinfo                          |   21 +---
 graphics/tiff/patches/patch-CVE-2017-11613      |  113 ----------------------
 graphics/tiff/patches/patch-CVE-2017-18013      |   24 ----
 graphics/tiff/patches/patch-CVE-2017-9935       |  119 ------------------------
 graphics/tiff/patches/patch-CVE-2018-10963      |   20 ----
 graphics/tiff/patches/patch-CVE-2018-17100      |   30 ------
 graphics/tiff/patches/patch-CVE-2018-17101      |   56 -----------
 graphics/tiff/patches/patch-CVE-2018-5784       |  110 ----------------------
 graphics/tiff/patches/patch-CVE-2018-8905       |   40 --------
 graphics/tiff/patches/patch-libtiff_tif__jbig.c |   77 ---------------
 graphics/tiff/patches/patch-libtiff_tif__read.c |   23 ----
 graphics/tiff/patches/patch-tools_pal2rgb.c     |   23 ----
 14 files changed, 12 insertions(+), 659 deletions(-)

diffs (truncated from 755 to 300 lines):

diff -r 3f7a9dd0f55b -r 21001a375668 graphics/tiff/Makefile
--- a/graphics/tiff/Makefile    Thu Nov 22 05:45:13 2018 +0000
+++ b/graphics/tiff/Makefile    Thu Nov 22 05:50:52 2018 +0000
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.141.4.2 2018/10/29 14:49:32 bsiegert Exp $
+# $NetBSD: Makefile,v 1.141.4.3 2018/11/22 05:50:52 spz Exp $
 
-DISTNAME=      tiff-4.0.9
-PKGREVISION=   5
+DISTNAME=      tiff-4.0.10
 CATEGORIES=    graphics
-MASTER_SITES=  ftp://download.osgeo.org/libtiff/
+MASTER_SITES=  https://download.osgeo.org/libtiff/
 
 MAINTAINER=    pkgsrc-users%NetBSD.org@localhost
 HOMEPAGE=      http://simplesystems.org/libtiff/
diff -r 3f7a9dd0f55b -r 21001a375668 graphics/tiff/PLIST
--- a/graphics/tiff/PLIST       Thu Nov 22 05:45:13 2018 +0000
+++ b/graphics/tiff/PLIST       Thu Nov 22 05:50:52 2018 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.25 2017/11/19 16:31:04 he Exp $
+@comment $NetBSD: PLIST,v 1.25.8.1 2018/11/22 05:50:52 spz Exp $
 bin/fax2ps
 bin/fax2tiff
 bin/pal2rgb
@@ -90,8 +90,7 @@
 man/man3/libtiff.3
 share/doc/tiff/COPYRIGHT
 share/doc/tiff/ChangeLog
-share/doc/tiff/README
-share/doc/tiff/README.vms
+share/doc/tiff/README.md
 share/doc/tiff/RELEASE-DATE
 share/doc/tiff/TODO
 share/doc/tiff/VERSION
@@ -226,6 +225,7 @@
 share/doc/tiff/html/v3.9.2.html
 share/doc/tiff/html/v4.0.0.html
 share/doc/tiff/html/v4.0.1.html
+share/doc/tiff/html/v${PKGVERSION}.html
 share/doc/tiff/html/v4.0.2.html
 share/doc/tiff/html/v4.0.3.html
 share/doc/tiff/html/v4.0.4.html
@@ -234,4 +234,4 @@
 share/doc/tiff/html/v4.0.6.html
 share/doc/tiff/html/v4.0.7.html
 share/doc/tiff/html/v4.0.8.html
-share/doc/tiff/html/v${PKGVERSION}.html
+share/doc/tiff/html/v4.0.9.html
diff -r 3f7a9dd0f55b -r 21001a375668 graphics/tiff/distinfo
--- a/graphics/tiff/distinfo    Thu Nov 22 05:45:13 2018 +0000
+++ b/graphics/tiff/distinfo    Thu Nov 22 05:50:52 2018 +0000
@@ -1,18 +1,7 @@
-$NetBSD: distinfo,v 1.90.4.2 2018/10/29 14:49:32 bsiegert Exp $
+$NetBSD: distinfo,v 1.90.4.3 2018/11/22 05:50:52 spz Exp $
 
-SHA1 (tiff-4.0.9.tar.gz) = 87d4543579176cc568668617c22baceccd568296
-RMD160 (tiff-4.0.9.tar.gz) = ab5b3b7297e79344775b1e70c4d54c90c06836a3
-SHA512 (tiff-4.0.9.tar.gz) = 04f3d5eefccf9c1a0393659fe27f3dddd31108c401ba0dc587bca152a1c1f6bc844ba41622ff5572da8cc278593eff8c402b44e7af0a0090e91d326c2d79f6cd
-Size (tiff-4.0.9.tar.gz) = 2305681 bytes
-SHA1 (patch-CVE-2017-11613) = 76db7d185ef5b82e7136ce451432e3e4b0cc5c12
-SHA1 (patch-CVE-2017-18013) = ebfdfb964aeafb3d8af2f7ad151270d8133f3e96
-SHA1 (patch-CVE-2017-9935) = d33f3311e5bb96bf415f894237ab4dfcfafd2610
-SHA1 (patch-CVE-2018-10963) = 564b65546c0e63a00d87ef9bb9d9cc8c5ca5a4ee
-SHA1 (patch-CVE-2018-17100) = 85290ca7d806087e640b1a6f5c3de5dda9c2060e
-SHA1 (patch-CVE-2018-17101) = 02039854f7c79d5937d585ca3e6355a7f41b7d1a
-SHA1 (patch-CVE-2018-5784) = 26e2c196b4150958dd37b33c1900c5baa6188661
-SHA1 (patch-CVE-2018-8905) = 3a7081957ff2f4d6e777df5a9609ba89eecd8fbc
+SHA1 (tiff-4.0.10.tar.gz) = c783b80f05cdacf282aa022dc5f5b0ede5e021ae
+RMD160 (tiff-4.0.10.tar.gz) = b25cc4002f2493e71763d0a465a50e9d6ee2aff0
+SHA512 (tiff-4.0.10.tar.gz) = d213e5db09fd56b8977b187c5a756f60d6e3e998be172550c2892dbdb4b2a8e8c750202bc863fe27d0d1c577ab9de1710d15e9f6ed665aadbfd857525a81eea8
+Size (tiff-4.0.10.tar.gz) = 2402867 bytes
 SHA1 (patch-configure) = a0032133f06b6ac92bbf52349fabe83f74ea14a6
-SHA1 (patch-libtiff_tif__jbig.c) = feb404c5c70c0f4f10fa53351fab4db163bbccf3
-SHA1 (patch-libtiff_tif__read.c) = a69f7a462e0dfe6b01240816ed546d7e381044e8
-SHA1 (patch-tools_pal2rgb.c) = f91652e8013940c162add870ceb9845e2730bc2c
diff -r 3f7a9dd0f55b -r 21001a375668 graphics/tiff/patches/patch-CVE-2017-11613
--- a/graphics/tiff/patches/patch-CVE-2017-11613        Thu Nov 22 05:45:13 2018 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,113 +0,0 @@
-$NetBSD: patch-CVE-2017-11613,v 1.1.2.2 2018/10/29 14:49:32 bsiegert Exp $
-
-patch for CVE-2017-11613 taken from upstream git repo
-
---- libtiff/tif_dirread.c.orig 2017-09-16 19:07:56.000000000 +0000
-+++ libtiff/tif_dirread.c
-@@ -167,6 +167,7 @@ static int TIFFFetchStripThing(TIFF* tif
- static int TIFFFetchSubjectDistance(TIFF*, TIFFDirEntry*);
- static void ChopUpSingleUncompressedStrip(TIFF*);
- static uint64 TIFFReadUInt64(const uint8 *value);
-+static int _TIFFGetMaxColorChannels(uint16 photometric);
- 
- static int _TIFFFillStrilesInternal( TIFF *tif, int loadStripByteCount );
- 
-@@ -3507,6 +3508,35 @@ static void TIFFReadDirEntryOutputErr(TI
- }
- 
- /*
-+ * Return the maximum number of color channels specified for a given photometric
-+ * type. 0 is returned if photometric type isn't supported or no default value
-+ * is defined by the specification.
-+ */
-+static int _TIFFGetMaxColorChannels( uint16 photometric )
-+{
-+    switch (photometric) {
-+      case PHOTOMETRIC_PALETTE:
-+      case PHOTOMETRIC_MINISWHITE:
-+      case PHOTOMETRIC_MINISBLACK:
-+          return 1;
-+      case PHOTOMETRIC_YCBCR:
-+      case PHOTOMETRIC_RGB:
-+      case PHOTOMETRIC_CIELAB:
-+          return 3;
-+      case PHOTOMETRIC_SEPARATED:
-+      case PHOTOMETRIC_MASK:
-+          return 4;
-+      case PHOTOMETRIC_LOGL:
-+      case PHOTOMETRIC_LOGLUV:
-+      case PHOTOMETRIC_CFA:
-+      case PHOTOMETRIC_ITULAB:
-+      case PHOTOMETRIC_ICCLAB:
-+      default:
-+          return 0;
-+    }
-+}
-+      
-+/*
-  * Read the next TIFF directory from a file and convert it to the internal
-  * format. We read directories sequentially.
-  */
-@@ -3522,6 +3552,7 @@ TIFFReadDirectory(TIFF* tif)
-       uint32 fii=FAILED_FII;
-         toff_t nextdiroff;
-     int bitspersample_read = FALSE;
-+      int color_channels;
- 
-       tif->tif_diroff=tif->tif_nextdiroff;
-       if (!TIFFCheckDirOffset(tif,tif->tif_nextdiroff))
-@@ -4026,6 +4057,37 @@ TIFFReadDirectory(TIFF* tif)
-                       }
-               }
-       }
-+
-+      /*
-+       * Make sure all non-color channels are extrasamples.
-+       * If it's not the case, define them as such.
-+       */
-+      color_channels = _TIFFGetMaxColorChannels(tif->tif_dir.td_photometric);
-+      if (color_channels && tif->tif_dir.td_samplesperpixel - tif->tif_dir.td_extrasamples > color_channels) {
-+              uint16 old_extrasamples;
-+              uint16 *new_sampleinfo;
-+
-+              TIFFWarningExt(tif->tif_clientdata,module, "Sum of Photometric type-related "
-+                  "color channels and ExtraSamples doesn't match SamplesPerPixel. "
-+                  "Defining non-color channels as ExtraSamples.");
-+
-+              old_extrasamples = tif->tif_dir.td_extrasamples;
-+              tif->tif_dir.td_extrasamples = (tif->tif_dir.td_samplesperpixel - color_channels);
-+
-+              // sampleinfo should contain information relative to these new extra samples
-+              new_sampleinfo = (uint16*) _TIFFcalloc(tif->tif_dir.td_extrasamples, sizeof(uint16));
-+              if (!new_sampleinfo) {
-+                  TIFFErrorExt(tif->tif_clientdata, module, "Failed to allocate memory for "
-+                              "temporary new sampleinfo array (%d 16 bit elements)",
-+                              tif->tif_dir.td_extrasamples);
-+                  goto bad;
-+              }
-+
-+              memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16));
-+              _TIFFsetShortArray(&tif->tif_dir.td_sampleinfo, new_sampleinfo, tif->tif_dir.td_extrasamples);
-+              _TIFFfree(new_sampleinfo);
-+      }
-+
-       /*
-        * Verify Palette image has a Colormap.
-        */
-@@ -5698,6 +5760,16 @@ ChopUpSingleUncompressedStrip(TIFF* tif)
-         if( nstrips == 0 )
-             return;
- 
-+        /* If we are going to allocate a lot of memory, make sure that the */
-+      /* file is as big as needed */
-+      if( tif->tif_mode == O_RDONLY &&
-+          nstrips > 1000000 &&
-+          (offset >= TIFFGetFileSize(tif) ||
-+           stripbytes > (TIFFGetFileSize(tif) - offset) / (nstrips - 1)) )
-+      {
-+          return;
-+      }
-+
-       newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
-                               "for chopped \"StripByteCounts\" array");
-       newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
diff -r 3f7a9dd0f55b -r 21001a375668 graphics/tiff/patches/patch-CVE-2017-18013
--- a/graphics/tiff/patches/patch-CVE-2017-18013        Thu Nov 22 05:45:13 2018 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,24 +0,0 @@
-$NetBSD: patch-CVE-2017-18013,v 1.1.2.2 2018/10/29 14:49:32 bsiegert Exp $
-
-patch for patch-CVE-2017-18013 from upstream git repo
-
---- libtiff/tif_print.c.orig   2016-11-25 17:26:23.000000000 +0000
-+++ libtiff/tif_print.c        2018-10-09 17:35:21.544815948 +0000
-@@ -667,13 +667,13 @@
- #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
-                       fprintf(fd, "    %3lu: [%8I64u, %8I64u]\n",
-                           (unsigned long) s,
--                          (unsigned __int64) td->td_stripoffset[s],
--                          (unsigned __int64) td->td_stripbytecount[s]);
-+                          td->td_stripoffset ? (unsigned __int64) td->td_stripoffset[s] : 0,
-+                          td->td_stripbytecount ? (unsigned __int64) td->td_stripbytecount[s] : 0);
- #else
-                       fprintf(fd, "    %3lu: [%8llu, %8llu]\n",
-                           (unsigned long) s,
--                          (unsigned long long) td->td_stripoffset[s],
--                          (unsigned long long) td->td_stripbytecount[s]);
-+                          td->td_stripoffset ? (unsigned long long) td->td_stripoffset[s] : 0,
-+                          td->td_stripbytecount ? (unsigned long long) td->td_stripbytecount[s] : 0);
- #endif
-       }
- }
diff -r 3f7a9dd0f55b -r 21001a375668 graphics/tiff/patches/patch-CVE-2017-9935
--- a/graphics/tiff/patches/patch-CVE-2017-9935 Thu Nov 22 05:45:13 2018 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,119 +0,0 @@
-$NetBSD: patch-CVE-2017-9935,v 1.1 2018/01/16 23:52:06 tez Exp $
-
-Patch for cve-2017-9935 from upstream git repo
-
-
---- libtiff/tif_dir.c.orig
-+++ libtiff/tif_dir.c
-@@ -1065,6 +1065,9 @@ 
-                       if (td->td_samplesperpixel - td->td_extrasamples > 1) {
-                               *va_arg(ap, uint16**) = td->td_transferfunction[1];
-                               *va_arg(ap, uint16**) = td->td_transferfunction[2];
-+                      } else {
-+                              *va_arg(ap, uint16**) = NULL;
-+                              *va_arg(ap, uint16**) = NULL;
-                       }
-                       break;
-               case TIFFTAG_REFERENCEBLACKWHITE:
-
---- tools/tiff2pdf.c.orig      2017-10-29 18:50:41.000000000 +0000
-+++ tools/tiff2pdf.c
-@@ -237,7 +237,7 @@ typedef struct {
-       float tiff_whitechromaticities[2];
-       float tiff_primarychromaticities[6];
-       float tiff_referenceblackwhite[2];
--      float* tiff_transferfunction[3];
-+      uint16* tiff_transferfunction[3];
-       int pdf_image_interpolate;      /* 0 (default) : do not interpolate,
-                                          1 : interpolate */
-       uint16 tiff_transferfunctioncount;
-@@ -1047,6 +1047,8 @@ void t2p_read_tiff_init(T2P* t2p, TIFF*
-       uint16 pagen=0;
-       uint16 paged=0;
-       uint16 xuint16=0;
-+      uint16 tiff_transferfunctioncount=0;
-+      uint16* tiff_transferfunction[3];
- 
-       directorycount=TIFFNumberOfDirectories(input);
-       t2p->tiff_pages = (T2P_PAGE*) _TIFFmalloc(TIFFSafeMultiply(tmsize_t,directorycount,sizeof(T2P_PAGE)));
-@@ -1147,26 +1149,48 @@ void t2p_read_tiff_init(T2P* t2p, TIFF*
-                 }
- #endif
-               if (TIFFGetField(input, TIFFTAG_TRANSFERFUNCTION,
--                                 &(t2p->tiff_transferfunction[0]),
--                                 &(t2p->tiff_transferfunction[1]),
--                                 &(t2p->tiff_transferfunction[2]))) {
--                      if((t2p->tiff_transferfunction[1] != (float*) NULL) &&
--                           (t2p->tiff_transferfunction[2] != (float*) NULL) &&
--                           (t2p->tiff_transferfunction[1] !=
--                            t2p->tiff_transferfunction[0])) {
--                              t2p->tiff_transferfunctioncount = 3;
--                              t2p->tiff_pages[i].page_extra += 4;
--                              t2p->pdf_xrefcount += 4;
--                      } else {
--                              t2p->tiff_transferfunctioncount = 1;
--                              t2p->tiff_pages[i].page_extra += 2;
--                              t2p->pdf_xrefcount += 2;
--                      }
--                      if(t2p->pdf_minorversion < 2)
--                              t2p->pdf_minorversion = 2;
-+                                 &(tiff_transferfunction[0]),
-+                                 &(tiff_transferfunction[1]),
-+                                 &(tiff_transferfunction[2]))) {
-+
-+                        if((tiff_transferfunction[1] != (uint16*) NULL) &&
-+                           (tiff_transferfunction[2] != (uint16*) NULL)
-+                          ) {
-+                            tiff_transferfunctioncount=3;
-+                        } else {
-+                            tiff_transferfunctioncount=1;
-+                        }
-                 } else {
--                      t2p->tiff_transferfunctioncount=0;
-+                      tiff_transferfunctioncount=0;
-               }
-+



Home | Main Index | Thread Index | Old Index