CVS commit: pkgsrc/graphics/tiff

["Havard Eidnes" <he%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   he
Date:           Sat May  6 20:34:40 UTC 2017

Modified Files:
        pkgsrc/graphics/tiff: Makefile distinfo
Added Files:
        pkgsrc/graphics/tiff/patches: patch-tools_tiff2pdf.c

Log Message:
Fix CVE-2016-10094, ref. http://bugzilla.maptools.org/show_bug.cgi?id=2640
and https://github.com/vadz/libtiff/commit/c7153361a4041260719b340f73f2f76
Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -u -r1.129 -r1.130 pkgsrc/graphics/tiff/Makefile
cvs rdiff -u -r1.75 -r1.76 pkgsrc/graphics/tiff/distinfo
cvs rdiff -u -r0 -r1.3 pkgsrc/graphics/tiff/patches/patch-tools_tiff2pdf.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/graphics/tiff/Makefile
diff -u pkgsrc/graphics/tiff/Makefile:1.129 pkgsrc/graphics/tiff/Makefile:1.130
--- pkgsrc/graphics/tiff/Makefile:1.129 Fri May  5 20:14:05 2017
+++ pkgsrc/graphics/tiff/Makefile       Sat May  6 20:34:40 2017
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.129 2017/05/05 20:14:05 sevan Exp $
+# $NetBSD: Makefile,v 1.130 2017/05/06 20:34:40 he Exp $
 
 DISTNAME=      tiff-4.0.7
-PKGREVISION=   5
+PKGREVISION=   6
 CATEGORIES=    graphics
 MASTER_SITES=  ftp://download.osgeo.org/libtiff/
 

Index: pkgsrc/graphics/tiff/distinfo
diff -u pkgsrc/graphics/tiff/distinfo:1.75 pkgsrc/graphics/tiff/distinfo:1.76
--- pkgsrc/graphics/tiff/distinfo:1.75  Fri May  5 20:14:05 2017
+++ pkgsrc/graphics/tiff/distinfo       Sat May  6 20:34:40 2017
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.75 2017/05/05 20:14:05 sevan Exp $
+$NetBSD: distinfo,v 1.76 2017/05/06 20:34:40 he Exp $
 
 SHA1 (tiff-4.0.7.tar.gz) = 2c1b64478e88f93522a42dd5271214a0e5eae648
 RMD160 (tiff-4.0.7.tar.gz) = 582e19c31e7f29d9ed36995dcad7ad68802cbadb
@@ -17,5 +17,6 @@ SHA1 (patch-libtiff_tif_unix.c) = c83127
 SHA1 (patch-libtiff_tif_win32.c) = 1ea9dcb6618c40b9de3e8d2a81914355f2111fdc
 SHA1 (patch-libtiff_tiffio.h) = e0efa9e1246e07dbb3a69d626988a18f12ba9d3c
 SHA1 (patch-man_Makefile.in) = ff073529c9d3ab98a03efa7d98c3263c1782482f
+SHA1 (patch-tools_tiff2pdf.c) = ce7a3e77c27ad3cabaa33b5da61cbd1b27f187d1
 SHA1 (patch-tools_tiffcp.c) = 42573d15fc66655a09e9227213b0929238f7e651
 SHA1 (patch-tools_tiffcrop.c) = 1d729028fb8c05de958424234d5cc2808acc9b25

Added files:

Index: pkgsrc/graphics/tiff/patches/patch-tools_tiff2pdf.c
diff -u /dev/null pkgsrc/graphics/tiff/patches/patch-tools_tiff2pdf.c:1.3
--- /dev/null   Sat May  6 20:34:40 2017
+++ pkgsrc/graphics/tiff/patches/patch-tools_tiff2pdf.c Sat May  6 20:34:40 2017
@@ -0,0 +1,16 @@
+$NetBSD: patch-tools_tiff2pdf.c,v 1.3 2017/05/06 20:34:40 he Exp $
+
+Fix CVE-2016-10094, ref. http://bugzilla.maptools.org/show_bug.cgi?id=2640
+and https://github.com/vadz/libtiff/commit/c7153361a4041260719b340f73f2f76
+
+--- tools/tiff2pdf.c.orig      2016-11-12 14:58:09.000000000 +0000
++++ tools/tiff2pdf.c
+@@ -2895,7 +2895,7 @@ tsize_t t2p_readwrite_pdf_image_tile(T2P
+                               return(0);
+                       }
+                       if(TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt) != 0) {
+-                              if (count >= 4) {
++                              if (count > 4) {
+                     /* Ignore EOI marker of JpegTables */
+                                       _TIFFmemcpy(buffer, jpt, count - 2);
+                                       bufferoffset += count - 2;