Update tiff to version 4.0.9.

Pkgsrc changes: * Adapt PLIST, remove patches for now-integrated bugfixes. Upstream changes: * Many changes related to security & stability. See the source's ChangeLog for the details.
author: he <he@pkgsrc.org> 2017-11-19 16:31:04 +0000
committer: he <he@pkgsrc.org> 2017-11-19 16:31:04 +0000
commit: 3002bec2ca8b53c2ea6f72e5367addcfc899b778 (patch)
tree: 9ef48f1ae9578242b12605b2e31ffa8d1ebc7e46 /graphics
parent: 0df2ddfd850a5da8fc0fe082c5c021d014aa2fdc (diff)
download: pkgsrc-3002bec2ca8b53c2ea6f72e5367addcfc899b778.tar.gz
6 files changed, 10 insertions, 192 deletions
diff --git a/graphics/tiff/Makefile b/graphics/tiff/Makefile
index 7c124773047..956898f5b4c 100644
--- a/graphics/tiff/Makefile
+++ b/graphics/tiff/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.137 2017/06/21 01:08:33 tez Exp $
+# $NetBSD: Makefile,v 1.138 2017/11/19 16:31:04 he Exp $
 
-DISTNAME=	tiff-4.0.8
-PKGREVISION=	1
+DISTNAME=	tiff-4.0.9
+#PKGREVISION=	1
 CATEGORIES=	graphics
 MASTER_SITES=	ftp://download.osgeo.org/libtiff/
 
diff --git a/graphics/tiff/PLIST b/graphics/tiff/PLIST
index a193dcb60ed..442bf8655a7 100644
--- a/graphics/tiff/PLIST
+++ b/graphics/tiff/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.24 2017/05/29 13:44:05 he Exp $
+@comment $NetBSD: PLIST,v 1.25 2017/11/19 16:31:04 he Exp $
 bin/fax2ps
 bin/fax2tiff
 bin/pal2rgb
@@ -233,4 +233,5 @@ share/doc/tiff/html/v4.0.4beta.html
 share/doc/tiff/html/v4.0.5.html
 share/doc/tiff/html/v4.0.6.html
 share/doc/tiff/html/v4.0.7.html
+share/doc/tiff/html/v4.0.8.html
 share/doc/tiff/html/v${PKGVERSION}.html
diff --git a/graphics/tiff/distinfo b/graphics/tiff/distinfo
index 14cd4cc9a96..b8aadb45679 100644
--- a/graphics/tiff/distinfo
+++ b/graphics/tiff/distinfo
@@ -1,10 +1,7 @@
-$NetBSD: distinfo,v 1.86 2017/06/21 02:47:45 pgoyette Exp $
+$NetBSD: distinfo,v 1.87 2017/11/19 16:31:04 he Exp $
 
-SHA1 (tiff-4.0.8.tar.gz) = 88717c97480a7976c94d23b6d9ed4ac74715267f
-RMD160 (tiff-4.0.8.tar.gz) = 0d8bc26c98035810c73b8f876f76dc48efba7da8
-SHA512 (tiff-4.0.8.tar.gz) = 5d010ec4ce37aca733f7ab7db9f432987b0cd21664bd9d99452a146833c40f0d1e7309d1870b0395e947964134d5cfeb1366181e761fe353ad585803ff3d6be6
-Size (tiff-4.0.8.tar.gz) = 2065574 bytes
+SHA1 (tiff-4.0.9.tar.gz) = 87d4543579176cc568668617c22baceccd568296
+RMD160 (tiff-4.0.9.tar.gz) = ab5b3b7297e79344775b1e70c4d54c90c06836a3
+SHA512 (tiff-4.0.9.tar.gz) = 04f3d5eefccf9c1a0393659fe27f3dddd31108c401ba0dc587bca152a1c1f6bc844ba41622ff5572da8cc278593eff8c402b44e7af0a0090e91d326c2d79f6cd
+Size (tiff-4.0.9.tar.gz) = 2305681 bytes
 SHA1 (patch-configure) = a0032133f06b6ac92bbf52349fabe83f74ea14a6
-SHA1 (patch-libtiff_tif_dir.h) = 50f565eac6a7157a7c99923f4b3ffaf31b021644
-SHA1 (patch-libtiff_tif_dirinfo.c) = cd0e4da46f62d888128e558c16ebcc6a867274df
-SHA1 (patch-libtiff_tif_dirread.c) = d98b5cb0ceca8f5923c015b09f04da3b8af094e5
diff --git a/graphics/tiff/patches/patch-libtiff_tif_dir.h b/graphics/tiff/patches/patch-libtiff_tif_dir.h
deleted file mode 100644
index 5394f4f7a37..00000000000
--- a/graphics/tiff/patches/patch-libtiff_tif_dir.h
+++ /dev/null
@@ -1,25 +0,0 @@
-$NetBSD: patch-libtiff_tif_dir.h,v 1.3 2017/06/21 02:47:45 pgoyette Exp $
-
-fix CVE-2014-8128, CVE-2016-5318, CVE-2015-7554 & CVE-2016-10095
-per http://bugzilla.maptools.org/show_bug.cgi?id=2580
-
-also CVE-2017-9147
-(http://bugzilla.maptools.org/show_bug.cgi?id=2693)
-
-
-Index: tif_dir.h
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.h,v
-retrieving revision 1.54
-retrieving revision 1.55
-diff -w -u -b -r1.54 -r1.55
---- libtiff/tif_dir.h.orig	18 Feb 2011 20:53:05 -0000	1.54
-+++ libtiff/tif_dir.h	1 Jun 2017 12:44:04 -0000	1.55
-@@ -291,6 +291,7 @@
- extern int _TIFFMergeFields(TIFF*, const TIFFField[], uint32);
- extern const TIFFField* _TIFFFindOrRegisterField(TIFF *, uint32, TIFFDataType);
- extern  TIFFField* _TIFFCreateAnonField(TIFF *, uint32, TIFFDataType);
-+extern int _TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag);
- 
- #if defined(__cplusplus)
- }
diff --git a/graphics/tiff/patches/patch-libtiff_tif_dirinfo.c b/graphics/tiff/patches/patch-libtiff_tif_dirinfo.c
deleted file mode 100644
index 1e9a4f64e9a..00000000000
--- a/graphics/tiff/patches/patch-libtiff_tif_dirinfo.c
+++ /dev/null
@@ -1,127 +0,0 @@
-$NetBSD: patch-libtiff_tif_dirinfo.c,v 1.3 2017/06/21 02:47:45 pgoyette Exp $
-
-fix CVE-2014-8128, CVE-2016-5318, CVE-2015-7554 & CVE-2016-10095
-per http://bugzilla.maptools.org/show_bug.cgi?id=2580
-
-also CVE-2017-9147 
-(http://bugzilla.maptools.org/show_bug.cgi?id=2693)
-
-
-Index: tif_dirinfo.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirinfo.c,v
-retrieving revision 1.126
-retrieving revision 1.127
-diff -w -u -b -r1.126 -r1.127
---- libtiff/tif_dirinfo.c.orig	18 Nov 2016 02:52:13 -0000	1.126
-+++ libtiff/tif_dirinfo.c	1 Jun 2017 12:44:04 -0000	1.127
-@@ -956,6 +956,109 @@
- 	return 0;
- }
- 
-+int
-+_TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag)
-+{
-+	/* Filter out non-codec specific tags */
-+	switch (tag) {
-+	    /* Shared tags */
-+	    case TIFFTAG_PREDICTOR:
-+	    /* JPEG tags */
-+	    case TIFFTAG_JPEGTABLES:
-+	    /* OJPEG tags */
-+	    case TIFFTAG_JPEGIFOFFSET:
-+	    case TIFFTAG_JPEGIFBYTECOUNT:
-+	    case TIFFTAG_JPEGQTABLES:
-+	    case TIFFTAG_JPEGDCTABLES:
-+	    case TIFFTAG_JPEGACTABLES:
-+	    case TIFFTAG_JPEGPROC:
-+	    case TIFFTAG_JPEGRESTARTINTERVAL:
-+	    /* CCITT* */
-+	    case TIFFTAG_BADFAXLINES:
-+	    case TIFFTAG_CLEANFAXDATA:
-+	    case TIFFTAG_CONSECUTIVEBADFAXLINES:
-+	    case TIFFTAG_GROUP3OPTIONS:
-+	    case TIFFTAG_GROUP4OPTIONS:
-+		break;
-+	    default:
-+		return 1;
-+	}
-+	/* Check if codec specific tags are allowed for the current
-+	 * compression scheme (codec) */
-+	switch (tif->tif_dir.td_compression) {
-+	    case COMPRESSION_LZW:
-+		if (tag == TIFFTAG_PREDICTOR)
-+		    return 1;
-+		break;
-+	    case COMPRESSION_PACKBITS:
-+		/* No codec-specific tags */
-+		break;
-+	    case COMPRESSION_THUNDERSCAN:
-+		/* No codec-specific tags */
-+		break;
-+	    case COMPRESSION_NEXT:
-+		/* No codec-specific tags */
-+		break;
-+	    case COMPRESSION_JPEG:
-+		if (tag == TIFFTAG_JPEGTABLES)
-+		    return 1;
-+		break;
-+	    case COMPRESSION_OJPEG:
-+		switch (tag) {
-+		    case TIFFTAG_JPEGIFOFFSET:
-+		    case TIFFTAG_JPEGIFBYTECOUNT:
-+		    case TIFFTAG_JPEGQTABLES:
-+		    case TIFFTAG_JPEGDCTABLES:
-+		    case TIFFTAG_JPEGACTABLES:
-+		    case TIFFTAG_JPEGPROC:
-+		    case TIFFTAG_JPEGRESTARTINTERVAL:
-+			return 1;
-+		}
-+		break;
-+	    case COMPRESSION_CCITTRLE:
-+	    case COMPRESSION_CCITTRLEW:
-+	    case COMPRESSION_CCITTFAX3:
-+	    case COMPRESSION_CCITTFAX4:
-+		switch (tag) {
-+		    case TIFFTAG_BADFAXLINES:
-+		    case TIFFTAG_CLEANFAXDATA:
-+		    case TIFFTAG_CONSECUTIVEBADFAXLINES:
-+			return 1;
-+		    case TIFFTAG_GROUP3OPTIONS:
-+			if (tif->tif_dir.td_compression == COMPRESSION_CCITTFAX3)
-+			    return 1;
-+			break;
-+		    case TIFFTAG_GROUP4OPTIONS:
-+			if (tif->tif_dir.td_compression == COMPRESSION_CCITTFAX4)
-+			    return 1;
-+			break;
-+		}
-+		break;
-+	    case COMPRESSION_JBIG:
-+		/* No codec-specific tags */
-+		break;
-+	    case COMPRESSION_DEFLATE:
-+	    case COMPRESSION_ADOBE_DEFLATE:
-+		if (tag == TIFFTAG_PREDICTOR)
-+		    return 1;
-+		break;
-+	   case COMPRESSION_PIXARLOG:
-+		if (tag == TIFFTAG_PREDICTOR)
-+		    return 1;
-+		break;
-+	    case COMPRESSION_SGILOG:
-+	    case COMPRESSION_SGILOG24:
-+		/* No codec-specific tags */
-+		break;
-+	    case COMPRESSION_LZMA:
-+		if (tag == TIFFTAG_PREDICTOR)
-+		    return 1;
-+		break;
-+
-+	}
-+	return 0;
-+}
-+
- /* vim: set ts=8 sts=8 sw=8 noet: */
- 
- /*
diff --git a/graphics/tiff/patches/patch-libtiff_tif_dirread.c b/graphics/tiff/patches/patch-libtiff_tif_dirread.c
deleted file mode 100644
index dc6f2ecc009..00000000000
--- a/graphics/tiff/patches/patch-libtiff_tif_dirread.c
+++ /dev/null
@@ -1,28 +0,0 @@
-$NetBSD: patch-libtiff_tif_dirread.c,v 1.7 2017/06/21 02:47:45 pgoyette Exp $
-
-fix CVE-2014-8128, CVE-2016-5318, CVE-2015-7554 & CVE-2016-10095
-per http://bugzilla.maptools.org/show_bug.cgi?id=2580
-
-also CVE-2017-9147 
-(http://bugzilla.maptools.org/show_bug.cgi?id=2693)
-
-
-Index: tif_dirread.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v
-retrieving revision 1.208
-retrieving revision 1.209
-diff -w -u -b -r1.208 -r1.209
---- libtiff/tif_dirread.c.orig	27 Apr 2017 15:46:22 -0000	1.208
-+++ libtiff/tif_dirread.c	1 Jun 2017 12:44:04 -0000	1.209
-@@ -3580,6 +3580,10 @@
- 							goto bad;
- 						dp->tdir_tag=IGNORE;
- 						break;
-+                                        default:
-+                                            if( !_TIFFCheckFieldIsValidForCodec(tif, dp->tdir_tag) )
-+                                                dp->tdir_tag=IGNORE;
-+                                            break;
- 				}
- 			}
- 		}
author	he <he@pkgsrc.org>	2017-11-19 16:31:04 +0000
committer	he <he@pkgsrc.org>	2017-11-19 16:31:04 +0000
commit	3002bec2ca8b53c2ea6f72e5367addcfc899b778 (patch)
tree	9ef48f1ae9578242b12605b2e31ffa8d1ebc7e46 /graphics
parent	0df2ddfd850a5da8fc0fe082c5c021d014aa2fdc (diff)
download	pkgsrc-3002bec2ca8b53c2ea6f72e5367addcfc899b778.tar.gz