Fix CVE-2016-10267 ref.

http://bugzilla.maptools.org/show_bug.cgi?id=2611 https://github.com/vadz/libtiff/commit/43bc256d8ae44b92d2734a3c5bc73957a4d7c1ec Bump PKGREVISION.
author: he <he@pkgsrc.org> 2017-05-07 21:52:16 +0000
committer: he <he@pkgsrc.org> 2017-05-07 21:52:16 +0000
commit: ba4c71d6afe00f5de1b0f53cdc7bf048ca33cc3b (patch)
tree: a27a976ba6a0472032ecd9f2e466fe4a2f56b666 /graphics
parent: 83f3e8d3b86aecaa7dbdf6b9f907bbd73f639726 (diff)
download: pkgsrc-ba4c71d6afe00f5de1b0f53cdc7bf048ca33cc3b.tar.gz
3 files changed, 44 insertions, 9 deletions
diff --git a/graphics/tiff/Makefile b/graphics/tiff/Makefile
index 994755e23d8..7b72869c129 100644
--- a/graphics/tiff/Makefile
+++ b/graphics/tiff/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.134 2017/05/07 21:32:30 he Exp $
+# $NetBSD: Makefile,v 1.135 2017/05/07 21:52:16 he Exp $
 
 DISTNAME=	tiff-4.0.7
-PKGREVISION=	10
+PKGREVISION=	11
 CATEGORIES=	graphics
 MASTER_SITES=	ftp://download.osgeo.org/libtiff/
 
diff --git a/graphics/tiff/distinfo b/graphics/tiff/distinfo
index 9ed58d88de9..038719daafd 100644
--- a/graphics/tiff/distinfo
+++ b/graphics/tiff/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.80 2017/05/07 21:32:30 he Exp $
+$NetBSD: distinfo,v 1.81 2017/05/07 21:52:16 he Exp $
 
 SHA1 (tiff-4.0.7.tar.gz) = 2c1b64478e88f93522a42dd5271214a0e5eae648
 RMD160 (tiff-4.0.7.tar.gz) = 582e19c31e7f29d9ed36995dcad7ad68802cbadb
@@ -14,7 +14,7 @@ SHA1 (patch-libtiff_tif_dirread.c) = f6d442da817457d7ac801a3005e21c357ac31f8a
 SHA1 (patch-libtiff_tif_dirwrite.c) = 07ccbf8cf210b95d5ca7710cc2982368783b4dcb
 SHA1 (patch-libtiff_tif_getimage.c) = 267b555c8b043d0a835db4d46ef65131776601e6
 SHA1 (patch-libtiff_tif_jpeg.c) = 1049b7b243e9e145886bcac8e68e5e7889337ebc
-SHA1 (patch-libtiff_tif_ojpeg.c) = 6447168e952bb80a1a8272c2c27bb0ce3ccf6939
+SHA1 (patch-libtiff_tif_ojpeg.c) = 1c43555434525157c1783de4802af4508c5113a4
 SHA1 (patch-libtiff_tif_read.c) = d43b10fa74a51da21f44abb7bd0251b88e8a702b
 SHA1 (patch-libtiff_tif_unix.c) = c8312771e567f90de0f77ac8eb66ed5c36e35617
 SHA1 (patch-libtiff_tif_win32.c) = 1ea9dcb6618c40b9de3e8d2a81914355f2111fdc
diff --git a/graphics/tiff/patches/patch-libtiff_tif_ojpeg.c b/graphics/tiff/patches/patch-libtiff_tif_ojpeg.c
index a27697b31e4..6a59d1f7de2 100644
--- a/graphics/tiff/patches/patch-libtiff_tif_ojpeg.c
+++ b/graphics/tiff/patches/patch-libtiff_tif_ojpeg.c
@@ -1,13 +1,48 @@
-$NetBSD: patch-libtiff_tif_ojpeg.c,v 1.1 2017/05/03 23:00:59 sevan Exp $
+$NetBSD: patch-libtiff_tif_ojpeg.c,v 1.2 2017/05/07 21:52:16 he Exp $
 
 CVE-2017-7594
 http://bugzilla.maptools.org/show_bug.cgi?id=2659
 https://github.com/vadz/libtiff/commit/8283e4d1b7e5
 https://github.com/vadz/libtiff/commit/2ea32f7372b6
 
---- libtiff/tif_ojpeg.c.orig	2017-05-03 22:08:50.000000000 +0000
+CVE-2016-10267
+http://bugzilla.maptools.org/show_bug.cgi?id=2611
+https://github.com/vadz/libtiff/commit/43bc256d8ae44b92d2734a3c5bc73957a4d7c1ec
+
+--- libtiff/tif_ojpeg.c.orig	2016-09-08 13:23:57.000000000 +0000
 +++ libtiff/tif_ojpeg.c
-@@ -1782,7 +1782,10 @@ OJPEGReadHeaderInfoSecTablesQTable(TIFF*
+@@ -244,6 +244,7 @@ typedef enum {
+ 
+ typedef struct {
+ 	TIFF* tif;
++	int decoder_ok;
+ 	#ifndef LIBJPEG_ENCAP_EXTERNAL
+ 	JMP_BUF exit_jmpbuf;
+ 	#endif
+@@ -722,6 +723,7 @@ OJPEGPreDecode(TIFF* tif, uint16 s)
+ 		}
+ 		sp->write_curstrile++;
+ 	}
++	sp->decoder_ok = 1;
+ 	return(1);
+ }
+ 
+@@ -784,8 +786,14 @@ OJPEGPreDecodeSkipScanlines(TIFF* tif)
+ static int
+ OJPEGDecode(TIFF* tif, uint8* buf, tmsize_t cc, uint16 s)
+ {
++	static const char module[]="OJPEGDecode";
+ 	OJPEGState* sp=(OJPEGState*)tif->tif_data;
+ 	(void)s;
++	if( !sp->decoder_ok )
++	{
++	    TIFFErrorExt(tif->tif_clientdata,module,"Cannot decode: decoder not correctly initialized");
++	    return 0;
++        }
+ 	if (sp->libjpeg_jpeg_query_style==0)
+ 	{
+ 		if (OJPEGDecodeRaw(tif,buf,cc)==0)
+@@ -1782,7 +1790,10 @@ OJPEGReadHeaderInfoSecTablesQTable(TIFF*
  			TIFFSeekFile(tif,sp->qtable_offset[m],SEEK_SET); 
  			p=(uint32)TIFFReadFile(tif,&ob[sizeof(uint32)+5],64);
  			if (p!=64)
@@ -18,7 +53,7 @@ https://github.com/vadz/libtiff/commit/2ea32f7372b6
  			sp->qtable[m]=ob;
  			sp->sof_tq[m]=m;
  		}
-@@ -1846,7 +1849,10 @@ OJPEGReadHeaderInfoSecTablesDcTable(TIFF
+@@ -1846,7 +1857,10 @@ OJPEGReadHeaderInfoSecTablesDcTable(TIFF
  				rb[sizeof(uint32)+5+n]=o[n];
  			p=(uint32)TIFFReadFile(tif,&(rb[sizeof(uint32)+21]),q);
  			if (p!=q)
@@ -29,7 +64,7 @@ https://github.com/vadz/libtiff/commit/2ea32f7372b6
  			sp->dctable[m]=rb;
  			sp->sos_tda[m]=(m<<4);
  		}
-@@ -1910,7 +1916,10 @@ OJPEGReadHeaderInfoSecTablesAcTable(TIFF
+@@ -1910,7 +1924,10 @@ OJPEGReadHeaderInfoSecTablesAcTable(TIFF
  				rb[sizeof(uint32)+5+n]=o[n];
  			p=(uint32)TIFFReadFile(tif,&(rb[sizeof(uint32)+21]),q);
  			if (p!=q)
author	he <he@pkgsrc.org>	2017-05-07 21:52:16 +0000
committer	he <he@pkgsrc.org>	2017-05-07 21:52:16 +0000
commit	ba4c71d6afe00f5de1b0f53cdc7bf048ca33cc3b (patch)
tree	a27a976ba6a0472032ecd9f2e466fe4a2f56b666 /graphics
parent	83f3e8d3b86aecaa7dbdf6b9f907bbd73f639726 (diff)
download	pkgsrc-ba4c71d6afe00f5de1b0f53cdc7bf048ca33cc3b.tar.gz