CVS commit: pkgsrc/graphics/tiff

["Havard Eidnes" <he%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   he
Date:           Sun May  7 21:32:30 UTC 2017

Modified Files:
        pkgsrc/graphics/tiff: Makefile distinfo
        pkgsrc/graphics/tiff/patches: patch-libtiff_tif_read.c
Added Files:
        pkgsrc/graphics/tiff/patches: patch-libtiff_tiffiop.h

Log Message:
Fix CVE-2016-10266 ref.
http://bugzilla.maptools.org/show_bug.cgi?id=2596
https://github.com/vadz/libtiff/commit/438274f938e046d33cb0e1230b41da32ffe223e1
Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -u -r1.133 -r1.134 pkgsrc/graphics/tiff/Makefile
cvs rdiff -u -r1.79 -r1.80 pkgsrc/graphics/tiff/distinfo
cvs rdiff -u -r1.1 -r1.2 \
    pkgsrc/graphics/tiff/patches/patch-libtiff_tif_read.c
cvs rdiff -u -r0 -r1.3 pkgsrc/graphics/tiff/patches/patch-libtiff_tiffiop.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/graphics/tiff/Makefile
diff -u pkgsrc/graphics/tiff/Makefile:1.133 pkgsrc/graphics/tiff/Makefile:1.134
--- pkgsrc/graphics/tiff/Makefile:1.133 Sat May  6 21:37:16 2017
+++ pkgsrc/graphics/tiff/Makefile       Sun May  7 21:32:30 2017
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.133 2017/05/06 21:37:16 he Exp $
+# $NetBSD: Makefile,v 1.134 2017/05/07 21:32:30 he Exp $
 
 DISTNAME=      tiff-4.0.7
-PKGREVISION=   9
+PKGREVISION=   10
 CATEGORIES=    graphics
 MASTER_SITES=  ftp://download.osgeo.org/libtiff/
 

Index: pkgsrc/graphics/tiff/distinfo
diff -u pkgsrc/graphics/tiff/distinfo:1.79 pkgsrc/graphics/tiff/distinfo:1.80
--- pkgsrc/graphics/tiff/distinfo:1.79  Sat May  6 21:37:16 2017
+++ pkgsrc/graphics/tiff/distinfo       Sun May  7 21:32:30 2017
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.79 2017/05/06 21:37:16 he Exp $
+$NetBSD: distinfo,v 1.80 2017/05/07 21:32:30 he Exp $
 
 SHA1 (tiff-4.0.7.tar.gz) = 2c1b64478e88f93522a42dd5271214a0e5eae648
 RMD160 (tiff-4.0.7.tar.gz) = 582e19c31e7f29d9ed36995dcad7ad68802cbadb
@@ -15,10 +15,11 @@ SHA1 (patch-libtiff_tif_dirwrite.c) = 07
 SHA1 (patch-libtiff_tif_getimage.c) = 267b555c8b043d0a835db4d46ef65131776601e6
 SHA1 (patch-libtiff_tif_jpeg.c) = 1049b7b243e9e145886bcac8e68e5e7889337ebc
 SHA1 (patch-libtiff_tif_ojpeg.c) = 6447168e952bb80a1a8272c2c27bb0ce3ccf6939
-SHA1 (patch-libtiff_tif_read.c) = 85674d2e222846e3971301ce2fb7ebe02f54b9b2
+SHA1 (patch-libtiff_tif_read.c) = d43b10fa74a51da21f44abb7bd0251b88e8a702b
 SHA1 (patch-libtiff_tif_unix.c) = c8312771e567f90de0f77ac8eb66ed5c36e35617
 SHA1 (patch-libtiff_tif_win32.c) = 1ea9dcb6618c40b9de3e8d2a81914355f2111fdc
 SHA1 (patch-libtiff_tiffio.h) = e0efa9e1246e07dbb3a69d626988a18f12ba9d3c
+SHA1 (patch-libtiff_tiffiop.h) = 1100e55483da58037fa3f4168fffdfcbc5407456
 SHA1 (patch-man_Makefile.in) = ff073529c9d3ab98a03efa7d98c3263c1782482f
 SHA1 (patch-tools_tiff2pdf.c) = ce7a3e77c27ad3cabaa33b5da61cbd1b27f187d1
 SHA1 (patch-tools_tiffcp.c) = bd6abd9dc6e044ff04d761d999fabfb0919ba0db

Index: pkgsrc/graphics/tiff/patches/patch-libtiff_tif_read.c
diff -u pkgsrc/graphics/tiff/patches/patch-libtiff_tif_read.c:1.1 pkgsrc/graphics/tiff/patches/patch-libtiff_tif_read.c:1.2
--- pkgsrc/graphics/tiff/patches/patch-libtiff_tif_read.c:1.1   Wed May  3 23:00:59 2017
+++ pkgsrc/graphics/tiff/patches/patch-libtiff_tif_read.c       Sun May  7 21:32:30 2017
@@ -1,4 +1,4 @@
-$NetBSD: patch-libtiff_tif_read.c,v 1.1 2017/05/03 23:00:59 sevan Exp $
+$NetBSD: patch-libtiff_tif_read.c,v 1.2 2017/05/07 21:32:30 he Exp $
 
 CVE-2017-7593
 http://bugzilla.maptools.org/show_bug.cgi?id=2651
@@ -7,8 +7,21 @@ https://github.com/vadz/libtiff/commit/d
 CVE-2017-7602
 https://github.com/vadz/libtiff/commit/66e7bd59520996740e4df5495a830b42fae48bc4
 
---- libtiff/tif_read.c.orig    2017-05-03 22:31:30.000000000 +0000
+CVE-2016-10266
+http://bugzilla.maptools.org/show_bug.cgi?id=2596
+https://github.com/vadz/libtiff/commit/438274f938e046d33cb0e1230b41da32ffe223e1
+
+--- libtiff/tif_read.c.orig    2016-07-13 13:28:17.000000000 +0000
 +++ libtiff/tif_read.c
+@@ -346,7 +346,7 @@ TIFFReadEncodedStrip(TIFF* tif, uint32 s
+       rowsperstrip=td->td_rowsperstrip;
+       if (rowsperstrip>td->td_imagelength)
+               rowsperstrip=td->td_imagelength;
+-      stripsperplane=((td->td_imagelength+rowsperstrip-1)/rowsperstrip);
++      stripsperplane= TIFFhowmany_32_maxuint_compat(td->td_imagelength, rowsperstrip);
+       stripinplane=(strip%stripsperplane);
+       plane=(uint16)(strip/stripsperplane);
+       rows=td->td_imagelength-stripinplane*rowsperstrip;
 @@ -420,16 +420,25 @@ TIFFReadRawStrip1(TIFF* tif, uint32 stri
                        return ((tmsize_t)(-1));
                }

Added files:

Index: pkgsrc/graphics/tiff/patches/patch-libtiff_tiffiop.h
diff -u /dev/null pkgsrc/graphics/tiff/patches/patch-libtiff_tiffiop.h:1.3
--- /dev/null   Sun May  7 21:32:30 2017
+++ pkgsrc/graphics/tiff/patches/patch-libtiff_tiffiop.h        Sun May  7 21:32:30 2017
@@ -0,0 +1,19 @@
+$NetBSD: patch-libtiff_tiffiop.h,v 1.3 2017/05/07 21:32:30 he Exp $
+
+CVE-2016-10266
+http://bugzilla.maptools.org/show_bug.cgi?id=2596
+https://github.com/vadz/libtiff/commit/438274f938e046d33cb0e1230b41da32ffe223e1
+
+--- libtiff/tiffiop.h.orig     2016-01-24 15:39:51.000000000 +0000
++++ libtiff/tiffiop.h
+@@ -250,6 +250,10 @@ struct tiff {
+ #define TIFFhowmany_32(x, y) (((uint32)x < (0xffffffff - (uint32)(y-1))) ? \
+                          ((((uint32)(x))+(((uint32)(y))-1))/((uint32)(y))) : \
+                          0U)
++/* Variant of TIFFhowmany_32() that doesn't return 0 if x close to MAXUINT. */
++/* Caution: TIFFhowmany_32_maxuint_compat(x,y)*y might overflow */
++#define TIFFhowmany_32_maxuint_compat(x, y) \
++                         (((uint32)(x) / (uint32)(y)) + ((((uint32)(x) % (uint32)(y)) != 0) ? 1 : 0))
+ #define TIFFhowmany8_32(x) (((x)&0x07)?((uint32)(x)>>3)+1:(uint32)(x)>>3)
+ #define TIFFroundup_32(x, y) (TIFFhowmany_32(x,y)*(y))
+ #define TIFFhowmany_64(x, y) ((((uint64)(x))+(((uint64)(y))-1))/((uint64)(y)))