diff options
| author | maya <maya@pkgsrc.org> | 2018-11-10 21:14:53 +0000 |
|---|---|---|
| committer | maya <maya@pkgsrc.org> | 2018-11-10 21:14:53 +0000 |
| commit | 410c720b14a38e0083f7171921abbac64485fbc7 (patch) | |
| tree | d0799568d4286309b8920e38f8058925913d177d | |
| parent | e60d579d49d9c873034e058149f0a0ba8aee4411 (diff) | |
| download | pkgsrc-410c720b14a38e0083f7171921abbac64485fbc7.tar.gz | |
tiff: update to 4.0.10
It has been a year since the previous release. This is the first
release made from the Git repository at
https://gitlab.com/libtiff/libtiff using a collaborative process.
Since the previous release, a number of security issues have been
fixed, and some significant new features have been added.
This release adds support for Zstd and WebP compression algorithms.
In their own way, each of these compression algorithms is highly
complimentary to TIFF.
Zstd provides improved compression and decompression speed vs zlib's
Deflate as well as a broader range of compression ratios. Zstd is
developed by Facebook and the implementation continues to be improved.
WebP is optimized for small/medium 8-bit images while offering
improved compression performance vs traditional JPEG. WebP works well
in strips or tiles to compress large images down to very small files,
while preserving a good looking image. WebP is developed by Google,
and its implementation continues to be improved.
Due to Adobe's TIFF tag registration interface going off-line, we have
had to assign our own tags for Zstd and WebP.
| -rw-r--r-- | graphics/tiff/Makefile | 7 | ||||
| -rw-r--r-- | graphics/tiff/PLIST | 8 | ||||
| -rw-r--r-- | graphics/tiff/distinfo | 21 | ||||
| -rw-r--r-- | graphics/tiff/patches/patch-CVE-2017-11613 | 113 | ||||
| -rw-r--r-- | graphics/tiff/patches/patch-CVE-2017-18013 | 24 | ||||
| -rw-r--r-- | graphics/tiff/patches/patch-CVE-2017-9935 | 119 | ||||
| -rw-r--r-- | graphics/tiff/patches/patch-CVE-2018-10963 | 20 | ||||
| -rw-r--r-- | graphics/tiff/patches/patch-CVE-2018-17100 | 30 | ||||
| -rw-r--r-- | graphics/tiff/patches/patch-CVE-2018-17101 | 56 | ||||
| -rw-r--r-- | graphics/tiff/patches/patch-CVE-2018-5784 | 110 | ||||
| -rw-r--r-- | graphics/tiff/patches/patch-CVE-2018-8905 | 40 | ||||
| -rw-r--r-- | graphics/tiff/patches/patch-libtiff_tif__jbig.c | 77 | ||||
| -rw-r--r-- | graphics/tiff/patches/patch-libtiff_tif__read.c | 23 | ||||
| -rw-r--r-- | graphics/tiff/patches/patch-tools_pal2rgb.c | 23 |
14 files changed, 12 insertions, 659 deletions
diff --git a/graphics/tiff/Makefile b/graphics/tiff/Makefile index 151545919eb..c739afff4a6 100644 --- a/graphics/tiff/Makefile +++ b/graphics/tiff/Makefile @@ -1,9 +1,8 @@ -# $NetBSD: Makefile,v 1.143 2018/10/28 09:45:07 spz Exp $ +# $NetBSD: Makefile,v 1.144 2018/11/10 21:14:53 maya Exp $ -DISTNAME= tiff-4.0.9 -PKGREVISION= 5 +DISTNAME= tiff-4.0.10 CATEGORIES= graphics -MASTER_SITES= ftp://download.osgeo.org/libtiff/ +MASTER_SITES= https://download.osgeo.org/libtiff/ MAINTAINER= pkgsrc-users@NetBSD.org HOMEPAGE= http://simplesystems.org/libtiff/ diff --git a/graphics/tiff/PLIST b/graphics/tiff/PLIST index 442bf8655a7..2a96854bf56 100644 --- a/graphics/tiff/PLIST +++ b/graphics/tiff/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.25 2017/11/19 16:31:04 he Exp $ +@comment $NetBSD: PLIST,v 1.26 2018/11/10 21:14:53 maya Exp $ bin/fax2ps bin/fax2tiff bin/pal2rgb @@ -90,8 +90,7 @@ man/man3/TIFFtile.3 man/man3/libtiff.3 share/doc/tiff/COPYRIGHT share/doc/tiff/ChangeLog -share/doc/tiff/README -share/doc/tiff/README.vms +share/doc/tiff/README.md share/doc/tiff/RELEASE-DATE share/doc/tiff/TODO share/doc/tiff/VERSION @@ -226,6 +225,7 @@ share/doc/tiff/html/v3.9.1.html share/doc/tiff/html/v3.9.2.html share/doc/tiff/html/v4.0.0.html share/doc/tiff/html/v4.0.1.html +share/doc/tiff/html/v${PKGVERSION}.html share/doc/tiff/html/v4.0.2.html share/doc/tiff/html/v4.0.3.html share/doc/tiff/html/v4.0.4.html @@ -234,4 +234,4 @@ share/doc/tiff/html/v4.0.5.html share/doc/tiff/html/v4.0.6.html share/doc/tiff/html/v4.0.7.html share/doc/tiff/html/v4.0.8.html -share/doc/tiff/html/v${PKGVERSION}.html +share/doc/tiff/html/v4.0.9.html diff --git a/graphics/tiff/distinfo b/graphics/tiff/distinfo index c4b272ccb74..5abafc2bffe 100644 --- a/graphics/tiff/distinfo +++ b/graphics/tiff/distinfo @@ -1,18 +1,7 @@ -$NetBSD: distinfo,v 1.92 2018/10/28 09:45:07 spz Exp $ +$NetBSD: distinfo,v 1.93 2018/11/10 21:14:53 maya Exp $ -SHA1 (tiff-4.0.9.tar.gz) = 87d4543579176cc568668617c22baceccd568296 -RMD160 (tiff-4.0.9.tar.gz) = ab5b3b7297e79344775b1e70c4d54c90c06836a3 -SHA512 (tiff-4.0.9.tar.gz) = 04f3d5eefccf9c1a0393659fe27f3dddd31108c401ba0dc587bca152a1c1f6bc844ba41622ff5572da8cc278593eff8c402b44e7af0a0090e91d326c2d79f6cd -Size (tiff-4.0.9.tar.gz) = 2305681 bytes -SHA1 (patch-CVE-2017-11613) = 76db7d185ef5b82e7136ce451432e3e4b0cc5c12 -SHA1 (patch-CVE-2017-18013) = ebfdfb964aeafb3d8af2f7ad151270d8133f3e96 -SHA1 (patch-CVE-2017-9935) = d33f3311e5bb96bf415f894237ab4dfcfafd2610 -SHA1 (patch-CVE-2018-10963) = 564b65546c0e63a00d87ef9bb9d9cc8c5ca5a4ee -SHA1 (patch-CVE-2018-17100) = 85290ca7d806087e640b1a6f5c3de5dda9c2060e -SHA1 (patch-CVE-2018-17101) = 02039854f7c79d5937d585ca3e6355a7f41b7d1a -SHA1 (patch-CVE-2018-5784) = 26e2c196b4150958dd37b33c1900c5baa6188661 -SHA1 (patch-CVE-2018-8905) = 3a7081957ff2f4d6e777df5a9609ba89eecd8fbc +SHA1 (tiff-4.0.10.tar.gz) = c783b80f05cdacf282aa022dc5f5b0ede5e021ae +RMD160 (tiff-4.0.10.tar.gz) = b25cc4002f2493e71763d0a465a50e9d6ee2aff0 +SHA512 (tiff-4.0.10.tar.gz) = d213e5db09fd56b8977b187c5a756f60d6e3e998be172550c2892dbdb4b2a8e8c750202bc863fe27d0d1c577ab9de1710d15e9f6ed665aadbfd857525a81eea8 +Size (tiff-4.0.10.tar.gz) = 2402867 bytes SHA1 (patch-configure) = a0032133f06b6ac92bbf52349fabe83f74ea14a6 -SHA1 (patch-libtiff_tif__jbig.c) = feb404c5c70c0f4f10fa53351fab4db163bbccf3 -SHA1 (patch-libtiff_tif__read.c) = a69f7a462e0dfe6b01240816ed546d7e381044e8 -SHA1 (patch-tools_pal2rgb.c) = f91652e8013940c162add870ceb9845e2730bc2c diff --git a/graphics/tiff/patches/patch-CVE-2017-11613 b/graphics/tiff/patches/patch-CVE-2017-11613 deleted file mode 100644 index 3097d623c78..00000000000 --- a/graphics/tiff/patches/patch-CVE-2017-11613 +++ /dev/null @@ -1,113 +0,0 @@ -$NetBSD: patch-CVE-2017-11613,v 1.1 2018/10/28 09:45:07 spz Exp $ - -patch for CVE-2017-11613 taken from upstream git repo - ---- libtiff/tif_dirread.c.orig 2017-09-16 19:07:56.000000000 +0000 -+++ libtiff/tif_dirread.c -@@ -167,6 +167,7 @@ static int TIFFFetchStripThing(TIFF* tif - static int TIFFFetchSubjectDistance(TIFF*, TIFFDirEntry*); - static void ChopUpSingleUncompressedStrip(TIFF*); - static uint64 TIFFReadUInt64(const uint8 *value); -+static int _TIFFGetMaxColorChannels(uint16 photometric); - - static int _TIFFFillStrilesInternal( TIFF *tif, int loadStripByteCount ); - -@@ -3507,6 +3508,35 @@ static void TIFFReadDirEntryOutputErr(TI - } - - /* -+ * Return the maximum number of color channels specified for a given photometric -+ * type. 0 is returned if photometric type isn't supported or no default value -+ * is defined by the specification. -+ */ -+static int _TIFFGetMaxColorChannels( uint16 photometric ) -+{ -+ switch (photometric) { -+ case PHOTOMETRIC_PALETTE: -+ case PHOTOMETRIC_MINISWHITE: -+ case PHOTOMETRIC_MINISBLACK: -+ return 1; -+ case PHOTOMETRIC_YCBCR: -+ case PHOTOMETRIC_RGB: -+ case PHOTOMETRIC_CIELAB: -+ return 3; -+ case PHOTOMETRIC_SEPARATED: -+ case PHOTOMETRIC_MASK: -+ return 4; -+ case PHOTOMETRIC_LOGL: -+ case PHOTOMETRIC_LOGLUV: -+ case PHOTOMETRIC_CFA: -+ case PHOTOMETRIC_ITULAB: -+ case PHOTOMETRIC_ICCLAB: -+ default: -+ return 0; -+ } -+} -+ -+/* - * Read the next TIFF directory from a file and convert it to the internal - * format. We read directories sequentially. - */ -@@ -3522,6 +3552,7 @@ TIFFReadDirectory(TIFF* tif) - uint32 fii=FAILED_FII; - toff_t nextdiroff; - int bitspersample_read = FALSE; -+ int color_channels; - - tif->tif_diroff=tif->tif_nextdiroff; - if (!TIFFCheckDirOffset(tif,tif->tif_nextdiroff)) -@@ -4026,6 +4057,37 @@ TIFFReadDirectory(TIFF* tif) - } - } - } -+ -+ /* -+ * Make sure all non-color channels are extrasamples. -+ * If it's not the case, define them as such. -+ */ -+ color_channels = _TIFFGetMaxColorChannels(tif->tif_dir.td_photometric); -+ if (color_channels && tif->tif_dir.td_samplesperpixel - tif->tif_dir.td_extrasamples > color_channels) { -+ uint16 old_extrasamples; -+ uint16 *new_sampleinfo; -+ -+ TIFFWarningExt(tif->tif_clientdata,module, "Sum of Photometric type-related " -+ "color channels and ExtraSamples doesn't match SamplesPerPixel. " -+ "Defining non-color channels as ExtraSamples."); -+ -+ old_extrasamples = tif->tif_dir.td_extrasamples; -+ tif->tif_dir.td_extrasamples = (tif->tif_dir.td_samplesperpixel - color_channels); -+ -+ // sampleinfo should contain information relative to these new extra samples -+ new_sampleinfo = (uint16*) _TIFFcalloc(tif->tif_dir.td_extrasamples, sizeof(uint16)); -+ if (!new_sampleinfo) { -+ TIFFErrorExt(tif->tif_clientdata, module, "Failed to allocate memory for " -+ "temporary new sampleinfo array (%d 16 bit elements)", -+ tif->tif_dir.td_extrasamples); -+ goto bad; -+ } -+ -+ memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16)); -+ _TIFFsetShortArray(&tif->tif_dir.td_sampleinfo, new_sampleinfo, tif->tif_dir.td_extrasamples); -+ _TIFFfree(new_sampleinfo); -+ } -+ - /* - * Verify Palette image has a Colormap. - */ -@@ -5698,6 +5760,16 @@ ChopUpSingleUncompressedStrip(TIFF* tif) - if( nstrips == 0 ) - return; - -+ /* If we are going to allocate a lot of memory, make sure that the */ -+ /* file is as big as needed */ -+ if( tif->tif_mode == O_RDONLY && -+ nstrips > 1000000 && -+ (offset >= TIFFGetFileSize(tif) || -+ stripbytes > (TIFFGetFileSize(tif) - offset) / (nstrips - 1)) ) -+ { -+ return; -+ } -+ - newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64), - "for chopped \"StripByteCounts\" array"); - newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64), diff --git a/graphics/tiff/patches/patch-CVE-2017-18013 b/graphics/tiff/patches/patch-CVE-2017-18013 deleted file mode 100644 index 755fd323193..00000000000 --- a/graphics/tiff/patches/patch-CVE-2017-18013 +++ /dev/null @@ -1,24 +0,0 @@ -$NetBSD: patch-CVE-2017-18013,v 1.1 2018/10/28 09:45:07 spz Exp $ - -patch for patch-CVE-2017-18013 from upstream git repo - ---- libtiff/tif_print.c.orig 2016-11-25 17:26:23.000000000 +0000 -+++ libtiff/tif_print.c 2018-10-09 17:35:21.544815948 +0000 -@@ -667,13 +667,13 @@ - #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) - fprintf(fd, " %3lu: [%8I64u, %8I64u]\n", - (unsigned long) s, -- (unsigned __int64) td->td_stripoffset[s], -- (unsigned __int64) td->td_stripbytecount[s]); -+ td->td_stripoffset ? (unsigned __int64) td->td_stripoffset[s] : 0, -+ td->td_stripbytecount ? (unsigned __int64) td->td_stripbytecount[s] : 0); - #else - fprintf(fd, " %3lu: [%8llu, %8llu]\n", - (unsigned long) s, -- (unsigned long long) td->td_stripoffset[s], -- (unsigned long long) td->td_stripbytecount[s]); -+ td->td_stripoffset ? (unsigned long long) td->td_stripoffset[s] : 0, -+ td->td_stripbytecount ? (unsigned long long) td->td_stripbytecount[s] : 0); - #endif - } - } diff --git a/graphics/tiff/patches/patch-CVE-2017-9935 b/graphics/tiff/patches/patch-CVE-2017-9935 deleted file mode 100644 index dbfe53aa0f1..00000000000 --- a/graphics/tiff/patches/patch-CVE-2017-9935 +++ /dev/null @@ -1,119 +0,0 @@ -$NetBSD: patch-CVE-2017-9935,v 1.1 2018/01/16 23:52:06 tez Exp $ - -Patch for cve-2017-9935 from upstream git repo - - ---- libtiff/tif_dir.c.orig -+++ libtiff/tif_dir.c -@@ -1065,6 +1065,9 @@ - if (td->td_samplesperpixel - td->td_extrasamples > 1) { - *va_arg(ap, uint16**) = td->td_transferfunction[1]; - *va_arg(ap, uint16**) = td->td_transferfunction[2]; -+ } else { -+ *va_arg(ap, uint16**) = NULL; -+ *va_arg(ap, uint16**) = NULL; - } - break; - case TIFFTAG_REFERENCEBLACKWHITE: - ---- tools/tiff2pdf.c.orig 2017-10-29 18:50:41.000000000 +0000 -+++ tools/tiff2pdf.c -@@ -237,7 +237,7 @@ typedef struct { - float tiff_whitechromaticities[2]; - float tiff_primarychromaticities[6]; - float tiff_referenceblackwhite[2]; -- float* tiff_transferfunction[3]; -+ uint16* tiff_transferfunction[3]; - int pdf_image_interpolate; /* 0 (default) : do not interpolate, - 1 : interpolate */ - uint16 tiff_transferfunctioncount; -@@ -1047,6 +1047,8 @@ void t2p_read_tiff_init(T2P* t2p, TIFF* - uint16 pagen=0; - uint16 paged=0; - uint16 xuint16=0; -+ uint16 tiff_transferfunctioncount=0; -+ uint16* tiff_transferfunction[3]; - - directorycount=TIFFNumberOfDirectories(input); - t2p->tiff_pages = (T2P_PAGE*) _TIFFmalloc(TIFFSafeMultiply(tmsize_t,directorycount,sizeof(T2P_PAGE))); -@@ -1147,26 +1149,48 @@ void t2p_read_tiff_init(T2P* t2p, TIFF* - } - #endif - if (TIFFGetField(input, TIFFTAG_TRANSFERFUNCTION, -- &(t2p->tiff_transferfunction[0]), -- &(t2p->tiff_transferfunction[1]), -- &(t2p->tiff_transferfunction[2]))) { -- if((t2p->tiff_transferfunction[1] != (float*) NULL) && -- (t2p->tiff_transferfunction[2] != (float*) NULL) && -- (t2p->tiff_transferfunction[1] != -- t2p->tiff_transferfunction[0])) { -- t2p->tiff_transferfunctioncount = 3; -- t2p->tiff_pages[i].page_extra += 4; -- t2p->pdf_xrefcount += 4; -- } else { -- t2p->tiff_transferfunctioncount = 1; -- t2p->tiff_pages[i].page_extra += 2; -- t2p->pdf_xrefcount += 2; -- } -- if(t2p->pdf_minorversion < 2) -- t2p->pdf_minorversion = 2; -+ &(tiff_transferfunction[0]), -+ &(tiff_transferfunction[1]), -+ &(tiff_transferfunction[2]))) { -+ -+ if((tiff_transferfunction[1] != (uint16*) NULL) && -+ (tiff_transferfunction[2] != (uint16*) NULL) -+ ) { -+ tiff_transferfunctioncount=3; -+ } else { -+ tiff_transferfunctioncount=1; -+ } - } else { -- t2p->tiff_transferfunctioncount=0; -+ tiff_transferfunctioncount=0; - } -+ -+ if (i > 0){ -+ if (tiff_transferfunctioncount != t2p->tiff_transferfunctioncount){ -+ TIFFError( -+ TIFF2PDF_MODULE, -+ "Different transfer function on page %d", -+ i); -+ t2p->t2p_error = T2P_ERR_ERROR; -+ return; -+ } -+ } -+ -+ t2p->tiff_transferfunctioncount = tiff_transferfunctioncount; -+ t2p->tiff_transferfunction[0] = tiff_transferfunction[0]; -+ t2p->tiff_transferfunction[1] = tiff_transferfunction[1]; -+ t2p->tiff_transferfunction[2] = tiff_transferfunction[2]; -+ if(tiff_transferfunctioncount == 3){ -+ t2p->tiff_pages[i].page_extra += 4; -+ t2p->pdf_xrefcount += 4; -+ if(t2p->pdf_minorversion < 2) -+ t2p->pdf_minorversion = 2; -+ } else if (tiff_transferfunctioncount == 1){ -+ t2p->tiff_pages[i].page_extra += 2; -+ t2p->pdf_xrefcount += 2; -+ if(t2p->pdf_minorversion < 2) -+ t2p->pdf_minorversion = 2; -+ } -+ - if( TIFFGetField( - input, - TIFFTAG_ICCPROFILE, -@@ -1827,10 +1851,9 @@ void t2p_read_tiff_data(T2P* t2p, TIFF* - &(t2p->tiff_transferfunction[0]), - &(t2p->tiff_transferfunction[1]), - &(t2p->tiff_transferfunction[2]))) { -- if((t2p->tiff_transferfunction[1] != (float*) NULL) && -- (t2p->tiff_transferfunction[2] != (float*) NULL) && -- (t2p->tiff_transferfunction[1] != -- t2p->tiff_transferfunction[0])) { -+ if((t2p->tiff_transferfunction[1] != (uint16*) NULL) && -+ (t2p->tiff_transferfunction[2] != (uint16*) NULL) -+ ) { - t2p->tiff_transferfunctioncount=3; - } else { - t2p->tiff_transferfunctioncount=1; diff --git a/graphics/tiff/patches/patch-CVE-2018-10963 b/graphics/tiff/patches/patch-CVE-2018-10963 deleted file mode 100644 index 1305c24a45a..00000000000 --- a/graphics/tiff/patches/patch-CVE-2018-10963 +++ /dev/null @@ -1,20 +0,0 @@ -$NetBSD: patch-CVE-2018-10963,v 1.1 2018/10/28 09:45:07 spz Exp $ - -patch for CVE-2018-10963 from upstream git repo - ---- libtiff/tif_dirwrite.c.orig 2017-08-29 13:39:48.000000000 +0000 -+++ libtiff/tif_dirwrite.c -@@ -697,8 +697,11 @@ TIFFWriteDirectorySec(TIFF* tif, int isi - } - break; - default: -- assert(0); /* we should never get here */ -- break; -+ TIFFErrorExt(tif->tif_clientdata,module, -+ "Cannot write tag %d (%s)", -+ TIFFFieldTag(o), -+ o->field_name ? o->field_name : "unknown"); -+ goto bad; - } - } - } diff --git a/graphics/tiff/patches/patch-CVE-2018-17100 b/graphics/tiff/patches/patch-CVE-2018-17100 deleted file mode 100644 index d7b01b89640..00000000000 --- a/graphics/tiff/patches/patch-CVE-2018-17100 +++ /dev/null @@ -1,30 +0,0 @@ -$NetBSD: patch-CVE-2018-17100,v 1.1 2018/10/28 09:45:07 spz Exp $ - -Patch for CVE-2018-17100 from upstream git repo - ---- tools/ppm2tiff.c.orig 2015-08-28 22:17:08.000000000 +0000 -+++ tools/ppm2tiff.c 2018-10-09 17:20:10.068567016 +0000 -@@ -72,16 +72,17 @@ - exit(-2); - } - -+#define TIFF_SIZE_T_MAX ((size_t) ~ ((size_t)0)) -+#define TIFF_TMSIZE_T_MAX (tmsize_t)(TIFF_SIZE_T_MAX >> 1) -+ - static tmsize_t - multiply_ms(tmsize_t m1, tmsize_t m2) - { -- tmsize_t bytes = m1 * m2; -- -- if (m1 && bytes / m1 != m2) -- bytes = 0; -+ if( m1 == 0 || m2 > TIFF_TMSIZE_T_MAX / m1 ) -+ return 0; - -- return bytes; --} -+ return m1 * m2; -+} - - int - main(int argc, char* argv[]) diff --git a/graphics/tiff/patches/patch-CVE-2018-17101 b/graphics/tiff/patches/patch-CVE-2018-17101 deleted file mode 100644 index 76fc917f66e..00000000000 --- a/graphics/tiff/patches/patch-CVE-2018-17101 +++ /dev/null @@ -1,56 +0,0 @@ -$NetBSD: patch-CVE-2018-17101,v 1.1 2018/10/28 09:45:07 spz Exp $ - -Patch for CVE-2018-17101 from upstream git repo - ---- tools/pal2rgb.c.orig 2015-08-28 22:17:08.000000000 +0000 -+++ tools/pal2rgb.c -@@ -391,7 +392,23 @@ cpTags(TIFF* in, TIFF* out) - { - struct cpTag *p; - for (p = tags; p < &tags[NTAGS]; p++) -+ { -+ if( p->tag == TIFFTAG_GROUP3OPTIONS ) -+ { -+ uint16 compression; -+ if( !TIFFGetField(in, TIFFTAG_COMPRESSION, &compression) || -+ compression != COMPRESSION_CCITTFAX3 ) -+ continue; -+ } -+ if( p->tag == TIFFTAG_GROUP4OPTIONS ) -+ { -+ uint16 compression; -+ if( !TIFFGetField(in, TIFFTAG_COMPRESSION, &compression) || -+ compression != COMPRESSION_CCITTFAX4 ) -+ continue; -+ } - cpTag(in, out, p->tag, p->count, p->type); -+ } - } - #undef NTAGS - ---- tools/tiff2bw.c.orig 2017-11-01 13:41:58.000000000 +0000 -+++ tools/tiff2bw.c -@@ -452,7 +452,23 @@ cpTags(TIFF* in, TIFF* out) - { - struct cpTag *p; - for (p = tags; p < &tags[NTAGS]; p++) -+ { -+ if( p->tag == TIFFTAG_GROUP3OPTIONS ) -+ { -+ uint16 compression; -+ if( !TIFFGetField(in, TIFFTAG_COMPRESSION, &compression) || -+ compression != COMPRESSION_CCITTFAX3 ) -+ continue; -+ } -+ if( p->tag == TIFFTAG_GROUP4OPTIONS ) -+ { -+ uint16 compression; -+ if( !TIFFGetField(in, TIFFTAG_COMPRESSION, &compression) || -+ compression != COMPRESSION_CCITTFAX4 ) -+ continue; -+ } - cpTag(in, out, p->tag, p->count, p->type); -+ } - } - #undef NTAGS - diff --git a/graphics/tiff/patches/patch-CVE-2018-5784 b/graphics/tiff/patches/patch-CVE-2018-5784 deleted file mode 100644 index 5f56b4d7d68..00000000000 --- a/graphics/tiff/patches/patch-CVE-2018-5784 +++ /dev/null @@ -1,110 +0,0 @@ -$NetBSD: patch-CVE-2018-5784,v 1.1 2018/10/28 09:45:07 spz Exp $ - -patch for patch-CVE-2018-5784 from upstream git repo - ---- contrib/addtiffo/tif_overview.c.orig 2015-05-30 21:11:52.000000000 +0000 -+++ contrib/addtiffo/tif_overview.c -@@ -65,6 +65,8 @@ - # define MAX(a,b) ((a>b) ? a : b) - #endif - -+#define TIFF_DIR_MAX 65534 -+ - void TIFFBuildOverviews( TIFF *, int, int *, int, const char *, - int (*)(double,void*), void * ); - -@@ -91,6 +93,9 @@ uint32 TIFF_WriteOverview( TIFF *hTIFF, - { - toff_t nBaseDirOffset; - toff_t nOffset; -+ tdir_t iNumDir; -+ -+ - - (void) bUseSubIFDs; - -@@ -147,7 +152,16 @@ uint32 TIFF_WriteOverview( TIFF *hTIFF, - return 0; - - TIFFWriteDirectory( hTIFF ); -- TIFFSetDirectory( hTIFF, (tdir_t) (TIFFNumberOfDirectories(hTIFF)-1) ); -+ iNumDir = TIFFNumberOfDirectories(hTIFF); -+ if( iNumDir > TIFF_DIR_MAX ) -+ { -+ TIFFErrorExt( TIFFClientdata(hTIFF), -+ "TIFF_WriteOverview", -+ "File `%s' has too many directories.\n", -+ TIFFFileName(hTIFF) ); -+ exit(-1); -+ } -+ TIFFSetDirectory( hTIFF, (tdir_t) (iNumDir - 1) ); - - nOffset = TIFFCurrentDirOffset( hTIFF ); - ---- tools/tiff2pdf.c.orig 2017-10-29 18:50:41.000000000 +0000 -+++ tools/tiff2pdf.c -@@ -68,6 +68,8 @@ extern int getopt(int, char**, char*); - - #define PS_UNIT_SIZE 72.0F - -+#define TIFF_DIR_MAX 65534 -+ - /* This type is of PDF color spaces. */ - typedef enum { - T2P_CS_BILEVEL = 0x01, /* Bilevel, black and white */ -@@ -1047,10 +1049,18 @@ void t2p_read_tiff_init(T2P* t2p, TIFF* - uint16 pagen=0; - uint16 paged=0; - uint16 xuint16=0; - uint16 tiff_transferfunctioncount=0; - uint16* tiff_transferfunction[3]; - - directorycount=TIFFNumberOfDirectories(input); -+ if(directorycount > TIFF_DIR_MAX) { -+ TIFFError( -+ TIFF2PDF_MODULE, -+ "TIFF contains too many directories, %s", -+ TIFFFileName(input)); -+ t2p->t2p_error = T2P_ERR_ERROR; -+ return; -+ } - t2p->tiff_pages = (T2P_PAGE*) _TIFFmalloc(TIFFSafeMultiply(tmsize_t,directorycount,sizeof(T2P_PAGE))); - if(t2p->tiff_pages==NULL){ - TIFFError( - ---- tools/tiffcrop.c.orig 2017-01-15 16:00:09.000000000 +0000 -+++ tools/tiffcrop.c -@@ -217,6 +217,8 @@ extern int getopt(int argc, char * const - #define DUMP_TEXT 1 - #define DUMP_RAW 2 - -+#define TIFF_DIR_MAX 65534 -+ - /* Offsets into buffer for margins and fixed width and length segments */ - struct offset { - uint32 tmargin; -@@ -2233,7 +2235,7 @@ main(int argc, char* argv[]) - pageNum = -1; - else - total_images = 0; -- /* read multiple input files and write to output file(s) */ -+ /* Read multiple input files and write to output file(s) */ - while (optind < argc - 1) - { - in = TIFFOpen (argv[optind], "r"); -@@ -2241,7 +2243,14 @@ main(int argc, char* argv[]) - return (-3); - - /* If only one input file is specified, we can use directory count */ -- total_images = TIFFNumberOfDirectories(in); -+ total_images = TIFFNumberOfDirectories(in); -+ if (total_images > TIFF_DIR_MAX) -+ { -+ TIFFError (TIFFFileName(in), "File contains too many directories"); -+ if (out != NULL) -+ (void) TIFFClose(out); -+ return (1); -+ } - if (image_count == 0) - { - dirnum = 0; diff --git a/graphics/tiff/patches/patch-CVE-2018-8905 b/graphics/tiff/patches/patch-CVE-2018-8905 deleted file mode 100644 index 5df66525568..00000000000 --- a/graphics/tiff/patches/patch-CVE-2018-8905 +++ /dev/null @@ -1,40 +0,0 @@ -$NetBSD: patch-CVE-2018-8905,v 1.1 2018/06/21 23:11:04 tez Exp $ - -fix CVE-2018-8905 from https://gitlab.com/libtiff/libtiff/commit/58a898cb4459055bb488ca815c23b880c242a27d - - ---- libtiff/tif_lzw.c.orig 2017-07-11 13:27:35.000000000 +0000 -+++ libtiff/tif_lzw.c -@@ -604,6 +604,7 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, t - char *tp; - unsigned char *bp; - int code, nbits; -+ int len; - long nextbits, nextdata, nbitsmask; - code_t *codep, *free_entp, *maxcodep, *oldcodep; - -@@ -755,13 +756,18 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, t - } while (--occ); - break; - } -- assert(occ >= codep->length); -- op += codep->length; -- occ -= codep->length; -- tp = op; -+ len = codep->length; -+ tp = op + len; - do { -- *--tp = codep->value; -- } while( (codep = codep->next) != NULL ); -+ int t; -+ --tp; -+ t = codep->value; -+ codep = codep->next; -+ *tp = (char)t; -+ } while (codep && tp > op); -+ assert(occ >= len); -+ op += len; -+ occ -= len; - } else { - *op++ = (char)code; - occ--; diff --git a/graphics/tiff/patches/patch-libtiff_tif__jbig.c b/graphics/tiff/patches/patch-libtiff_tif__jbig.c deleted file mode 100644 index 38c4bb59ccc..00000000000 --- a/graphics/tiff/patches/patch-libtiff_tif__jbig.c +++ /dev/null @@ -1,77 +0,0 @@ -$NetBSD: patch-libtiff_tif__jbig.c,v 1.1 2018/10/25 22:58:05 maya Exp $ - -From 681748ec2f5ce88da5f9fa6831e1653e46af8a66 (CVE-2018-18557) - -JBIGDecode doesn't check if the user provided buffer is large enough -to store the JBIG decoded image, which can potentially cause out-of-bounds -write in the buffer. -This issue was reported and analyzed by Thomas Dullien. - -Also fixes a (harmless) potential use of uninitialized memory when -tif->tif_rawsize > tif->tif_rawcc - ---- libtiff/tif_jbig.c.orig 2017-06-30 13:27:54.399206925 +0000 -+++ libtiff/tif_jbig.c -@@ -53,17 +53,18 @@ static int JBIGDecode(TIFF* tif, uint8* - struct jbg_dec_state decoder; - int decodeStatus = 0; - unsigned char* pImage = NULL; -- (void) size, (void) s; -+ unsigned long decodedSize; -+ (void) s; - - if (isFillOrder(tif, tif->tif_dir.td_fillorder)) - { -- TIFFReverseBits(tif->tif_rawdata, tif->tif_rawdatasize); -+ TIFFReverseBits(tif->tif_rawcp, tif->tif_rawcc); - } - - jbg_dec_init(&decoder); - - #if defined(HAVE_JBG_NEWLEN) -- jbg_newlen(tif->tif_rawdata, (size_t)tif->tif_rawdatasize); -+ jbg_newlen(tif->tif_rawcp, (size_t)tif->tif_rawcc); - /* - * I do not check the return status of jbg_newlen because even if this - * function fails it does not necessarily mean that decoding the image -@@ -76,8 +77,8 @@ static int JBIGDecode(TIFF* tif, uint8* - */ - #endif /* HAVE_JBG_NEWLEN */ - -- decodeStatus = jbg_dec_in(&decoder, (unsigned char*)tif->tif_rawdata, -- (size_t)tif->tif_rawdatasize, NULL); -+ decodeStatus = jbg_dec_in(&decoder, (unsigned char*)tif->tif_rawcp, -+ (size_t)tif->tif_rawcc, NULL); - if (JBG_EOK != decodeStatus) - { - /* -@@ -98,9 +99,28 @@ static int JBIGDecode(TIFF* tif, uint8* - return 0; - } - -+ decodedSize = jbg_dec_getsize(&decoder); -+ if( (tmsize_t)decodedSize < size ) -+ { -+ TIFFWarningExt(tif->tif_clientdata, "JBIG", -+ "Only decoded %lu bytes, whereas %lu requested", -+ decodedSize, (unsigned long)size); -+ } -+ else if( (tmsize_t)decodedSize > size ) -+ { -+ TIFFErrorExt(tif->tif_clientdata, "JBIG", -+ "Decoded %lu bytes, whereas %lu were requested", -+ decodedSize, (unsigned long)size); -+ jbg_dec_free(&decoder); -+ return 0; -+ } - pImage = jbg_dec_getimage(&decoder, 0); -- _TIFFmemcpy(buffer, pImage, jbg_dec_getsize(&decoder)); -+ _TIFFmemcpy(buffer, pImage, decodedSize); - jbg_dec_free(&decoder); -+ -+ tif->tif_rawcp += tif->tif_rawcc; -+ tif->tif_rawcc = 0; -+ - return 1; - } - diff --git a/graphics/tiff/patches/patch-libtiff_tif__read.c b/graphics/tiff/patches/patch-libtiff_tif__read.c deleted file mode 100644 index 10e0a9d4c17..00000000000 --- a/graphics/tiff/patches/patch-libtiff_tif__read.c +++ /dev/null @@ -1,23 +0,0 @@ -$NetBSD: patch-libtiff_tif__read.c,v 1.1 2018/10/25 22:58:05 maya Exp $ - -And in case libtiff is compiled with CHUNKY_STRIP_READ_SUPPORT, make sure -that whole strip data is provided to JBIGDecode() - -Part of commit 681748ec2f5ce88da5f9fa6831e1653e46af8a66 which fixes -CVE-2018-18557 - ---- libtiff/tif_read.c.orig 2017-11-18 14:42:21.664534434 +0000 -+++ libtiff/tif_read.c -@@ -348,6 +348,12 @@ TIFFSeek(TIFF* tif, uint32 row, uint16 s - return 0; - whole_strip = tif->tif_dir.td_stripbytecount[strip] < 10 - || isMapped(tif); -+ if( td->td_compression == COMPRESSION_JBIG ) -+ { -+ /* Ideally plugins should have a way to declare they don't support -+ * chunk strip */ -+ whole_strip = 1; -+ } - #else - whole_strip = 1; - #endif diff --git a/graphics/tiff/patches/patch-tools_pal2rgb.c b/graphics/tiff/patches/patch-tools_pal2rgb.c deleted file mode 100644 index 43506087056..00000000000 --- a/graphics/tiff/patches/patch-tools_pal2rgb.c +++ /dev/null @@ -1,23 +0,0 @@ -$NetBSD: patch-tools_pal2rgb.c,v 1.1 2017/12/03 09:07:06 maya Exp $ - -CVE-2017-17095 Heap-based buffer overflow bug in pal2rgb - ---- tools/pal2rgb.c.orig 2015-08-28 22:17:08.172200823 +0000 -+++ tools/pal2rgb.c -@@ -39,6 +39,7 @@ - # include "libport.h" - #endif - -+#include "tiffiop.h" - #include "tiffio.h" - - #define streq(a,b) (strcmp(a,b) == 0) -@@ -185,7 +186,7 @@ - register unsigned char* pp; - register uint32 x; - ibuf = (unsigned char*)_TIFFmalloc(TIFFScanlineSize(in)); -- obuf = (unsigned char*)_TIFFmalloc(TIFFScanlineSize(out)); -+ obuf = (unsigned char*)_TIFFmalloc(TIFFSafeMultiply(tmsize_t, imagewidth, 3*sizeof(short))); - switch (config) { - case PLANARCONFIG_CONTIG: - for (row = 0; row < imagelength; row++) { |