diff options
author | wiz <wiz> | 2012-06-20 21:07:14 +0000 |
---|---|---|
committer | wiz <wiz> | 2012-06-20 21:07:14 +0000 |
commit | 07430e75502c8ac23df27abc440b766658b0f4d6 (patch) | |
tree | 4c20cb98a9680a1e74b37b8e02e74fd8ff4d4646 /graphics/tiff | |
parent | 448b510080f0f0923d3e7e0b2e63f733619abad3 (diff) | |
download | pkgsrc-07430e75502c8ac23df27abc440b766658b0f4d6.tar.gz |
Update to 4.0.2 for CVE-2012-2113.
* tif_getimage.c: added support for _SEPARATED CMYK images.
* tif_getimage.c: Added support for greyscale + alpha.
* Added TIFFCreateCustomDirectory() and TIFFCreateEXIFDirectory()
functions.
* tif_print.c: Lots of fixes around printing corrupt or hostile input.
* Improve handling of corrupt ycbcrsubsampling values.
* tif_unix.c: use strerror to get meaningful error messages.
* tif_jpeg.c: fix serious bugs in JPEGDecodeRaw().
* tif_jpeg.c: Fix size overflow (zdi-can-1221,CVE-2012-1173).
Diffstat (limited to 'graphics/tiff')
-rw-r--r-- | graphics/tiff/Makefile | 5 | ||||
-rw-r--r-- | graphics/tiff/PLIST | 4 | ||||
-rw-r--r-- | graphics/tiff/distinfo | 10 | ||||
-rw-r--r-- | graphics/tiff/patches/patch-libtiff_tif__getimage.c | 60 | ||||
-rw-r--r-- | graphics/tiff/patches/patch-libtiff_tiffiop.h | 15 |
5 files changed, 9 insertions, 85 deletions
diff --git a/graphics/tiff/Makefile b/graphics/tiff/Makefile index 69b7abae6f8..e8696a03395 100644 --- a/graphics/tiff/Makefile +++ b/graphics/tiff/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.104 2012/04/10 14:13:04 taca Exp $ +# $NetBSD: Makefile,v 1.105 2012/06/20 21:07:14 wiz Exp $ -DISTNAME= tiff-4.0.1 -PKGREVISION= 1 +DISTNAME= tiff-4.0.2 CATEGORIES= graphics MASTER_SITES= ftp://ftp.remotesensing.org/pub/libtiff/ \ http://libtiff.maptools.org/dl/ diff --git a/graphics/tiff/PLIST b/graphics/tiff/PLIST index 781b8a444e0..086ceff1bf8 100644 --- a/graphics/tiff/PLIST +++ b/graphics/tiff/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.15 2012/02/21 13:03:00 drochner Exp $ +@comment $NetBSD: PLIST,v 1.16 2012/06/20 21:07:14 wiz Exp $ bin/bmp2tiff bin/fax2ps bin/fax2tiff @@ -231,3 +231,5 @@ share/doc/tiff/html/v3.9.0beta.html share/doc/tiff/html/v3.9.1.html share/doc/tiff/html/v3.9.2.html share/doc/tiff/html/v4.0.0.html +share/doc/tiff/html/v4.0.1.html +share/doc/tiff/html/v${PKGVERSION}.html diff --git a/graphics/tiff/distinfo b/graphics/tiff/distinfo index fb72d178956..06aa5d39271 100644 --- a/graphics/tiff/distinfo +++ b/graphics/tiff/distinfo @@ -1,8 +1,6 @@ -$NetBSD: distinfo,v 1.55 2012/04/10 14:13:04 taca Exp $ +$NetBSD: distinfo,v 1.56 2012/06/20 21:07:14 wiz Exp $ -SHA1 (tiff-4.0.1.tar.gz) = 8baf382231c9051a1b3eb294581289aa21447171 -RMD160 (tiff-4.0.1.tar.gz) = abf98ab277edaee302b432dbcecfe68061dd91dc -Size (tiff-4.0.1.tar.gz) = 1991580 bytes +SHA1 (tiff-4.0.2.tar.gz) = d84b7b33a6cfb3d15ca386c8c16b05047f8b5352 +RMD160 (tiff-4.0.2.tar.gz) = 520c5a6d17d1b0c3957e3889b66eadce0accf53f +Size (tiff-4.0.2.tar.gz) = 2022814 bytes SHA1 (patch-configure) = 0e86c6d69783333c03d6241e1824f68602f3c732 -SHA1 (patch-libtiff_tif__getimage.c) = fc1f63b669fb8871935d4bf12e09dc1c78150f91 -SHA1 (patch-libtiff_tiffiop.h) = 8729e474106a0edce4284004f6f6d95b97c4a544 diff --git a/graphics/tiff/patches/patch-libtiff_tif__getimage.c b/graphics/tiff/patches/patch-libtiff_tif__getimage.c deleted file mode 100644 index 813df6c76ed..00000000000 --- a/graphics/tiff/patches/patch-libtiff_tif__getimage.c +++ /dev/null @@ -1,60 +0,0 @@ -$NetBSD: patch-libtiff_tif__getimage.c,v 1.1 2012/04/10 14:13:04 taca Exp $ - -Fix for CVE-2012-1173 from upstream. - ---- libtiff/tif_getimage.c.orig 2011-02-25 03:34:02.000000000 +0000 -+++ libtiff/tif_getimage.c -@@ -692,6 +692,7 @@ gtTileSeparate(TIFFRGBAImage* img, uint3 - unsigned char* p2; - unsigned char* pa; - tmsize_t tilesize; -+ tmsize_t bufsize; - int32 fromskew, toskew; - int alpha = img->alpha; - uint32 nrow; -@@ -699,12 +700,17 @@ gtTileSeparate(TIFFRGBAImage* img, uint3 - int colorchannels; - - tilesize = TIFFTileSize(tif); -- buf = (unsigned char*) _TIFFmalloc((alpha?4:3)*tilesize); -+ bufsize = TIFFSafeMultiply(tmsize_t,alpha?4:3,tilesize); -+ if (bufsize == 0) { -+ TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer overflow in %s", "gtTileSeparate"); -+ return (0); -+ } -+ buf = (unsigned char*) _TIFFmalloc(bufsize); - if (buf == 0) { - TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "%s", "No space for tile buffer"); - return (0); - } -- _TIFFmemset(buf, 0, (alpha?4:3)*tilesize); -+ _TIFFmemset(buf, 0, bufsize); - p0 = buf; - p1 = p0 + tilesize; - p2 = p1 + tilesize; -@@ -917,17 +923,23 @@ gtStripSeparate(TIFFRGBAImage* img, uint - uint32 rowsperstrip, offset_row; - uint32 imagewidth = img->width; - tmsize_t stripsize; -+ tmsize_t bufsize; - int32 fromskew, toskew; - int alpha = img->alpha; - int ret = 1, flip, colorchannels; - - stripsize = TIFFStripSize(tif); -- p0 = buf = (unsigned char *)_TIFFmalloc((alpha?4:3)*stripsize); -+ bufsize = TIFFSafeMultiply(tmsize_t,alpha?4:3,stripsize); -+ if (bufsize == 0) { -+ TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer overflow in %s", "gtStripSeparate"); -+ return (0); -+ } -+ p0 = buf = (unsigned char *)_TIFFmalloc(bufsize); - if (buf == 0) { - TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "No space for tile buffer"); - return (0); - } -- _TIFFmemset(buf, 0, (alpha?4:3)*stripsize); -+ _TIFFmemset(buf, 0, bufsize); - p1 = p0 + stripsize; - p2 = p1 + stripsize; - pa = (alpha?(p2+stripsize):NULL); diff --git a/graphics/tiff/patches/patch-libtiff_tiffiop.h b/graphics/tiff/patches/patch-libtiff_tiffiop.h deleted file mode 100644 index 39141dada5d..00000000000 --- a/graphics/tiff/patches/patch-libtiff_tiffiop.h +++ /dev/null @@ -1,15 +0,0 @@ -$NetBSD: patch-libtiff_tiffiop.h,v 1.1 2012/04/10 14:13:04 taca Exp $ - -Fix for CVE-2012-1173 from upstream. - ---- libtiff/tiffiop.h.orig 2011-02-19 16:26:09.000000000 +0000 -+++ libtiff/tiffiop.h -@@ -250,7 +250,7 @@ struct tiff { - #define TIFFroundup_64(x, y) (TIFFhowmany_64(x,y)*(y)) - - /* Safe multiply which returns zero if there is an integer overflow */ --#define TIFFSafeMultiply(t,v,m) ((((t)m != (t)0) && (((t)((v*m)/m)) == (t)v)) ? (t)(v*m) : (t)0) -+#define TIFFSafeMultiply(t,v,m) ((((t)(m) != (t)0) && (((t)(((v)*(m))/(m))) == (t)(v))) ? (t)((v)*(m)) : (t)0) - - #define TIFFmax(A,B) ((A)>(B)?(A):(B)) - #define TIFFmin(A,B) ((A)<(B)?(A):(B)) |