summaryrefslogtreecommitdiff
path: root/graphics/tiff
diff options
context:
space:
mode:
Diffstat (limited to 'graphics/tiff')
-rw-r--r--graphics/tiff/Makefile5
-rw-r--r--graphics/tiff/PLIST18
-rw-r--r--graphics/tiff/distinfo11
-rw-r--r--graphics/tiff/patches/patch-libtiff_tif_luv.c162
4 files changed, 9 insertions, 187 deletions
diff --git a/graphics/tiff/Makefile b/graphics/tiff/Makefile
index 82946b3f54a..8a8a1590fa3 100644
--- a/graphics/tiff/Makefile
+++ b/graphics/tiff/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.123 2016/10/08 06:20:39 adam Exp $
+# $NetBSD: Makefile,v 1.124 2016/11/22 15:19:54 wiz Exp $
-DISTNAME= tiff-4.0.6
-PKGREVISION= 1
+DISTNAME= tiff-4.0.7
CATEGORIES= graphics
MASTER_SITES= ftp://download.osgeo.org/libtiff/
diff --git a/graphics/tiff/PLIST b/graphics/tiff/PLIST
index d4877aa42d3..a594e7a1248 100644
--- a/graphics/tiff/PLIST
+++ b/graphics/tiff/PLIST
@@ -1,14 +1,9 @@
-@comment $NetBSD: PLIST,v 1.21 2015/09/13 09:27:08 wiz Exp $
-bin/bmp2tiff
+@comment $NetBSD: PLIST,v 1.22 2016/11/22 15:19:54 wiz Exp $
bin/fax2ps
bin/fax2tiff
-bin/gif2tiff
bin/pal2rgb
bin/ppm2tiff
-bin/ras2tiff
bin/raw2tiff
-bin/rgb2ycbcr
-bin/thumbnail
bin/tiff2bw
bin/tiff2pdf
bin/tiff2ps
@@ -30,16 +25,12 @@ include/tiffvers.h
lib/libtiff.la
lib/libtiffxx.la
lib/pkgconfig/libtiff-4.pc
-man/man1/bmp2tiff.1
man/man1/fax2ps.1
man/man1/fax2tiff.1
-man/man1/gif2tiff.1
man/man1/pal2rgb.1
man/man1/ppm2tiff.1
-man/man1/ras2tiff.1
man/man1/raw2tiff.1
man/man1/rgb2ycbcr.1
-man/man1/sgi2tiff.1
man/man1/thumbnail.1
man/man1/tiff2bw.1
man/man1/tiff2pdf.1
@@ -55,7 +46,6 @@ man/man1/tiffinfo.1
man/man1/tiffmedian.1
man/man1/tiffset.1
man/man1/tiffsplit.1
-man/man1/tiffsv.1
man/man3/TIFFClose.3
man/man3/TIFFDataWidth.3
man/man3/TIFFError.3
@@ -177,18 +167,14 @@ share/doc/tiff/html/man/TIFFsize.3tiff.html
share/doc/tiff/html/man/TIFFstrip.3tiff.html
share/doc/tiff/html/man/TIFFswab.3tiff.html
share/doc/tiff/html/man/TIFFtile.3tiff.html
-share/doc/tiff/html/man/bmp2tiff.1.html
share/doc/tiff/html/man/fax2ps.1.html
share/doc/tiff/html/man/fax2tiff.1.html
-share/doc/tiff/html/man/gif2tiff.1.html
share/doc/tiff/html/man/index.html
share/doc/tiff/html/man/libtiff.3tiff.html
share/doc/tiff/html/man/pal2rgb.1.html
share/doc/tiff/html/man/ppm2tiff.1.html
-share/doc/tiff/html/man/ras2tiff.1.html
share/doc/tiff/html/man/raw2tiff.1.html
share/doc/tiff/html/man/rgb2ycbcr.1.html
-share/doc/tiff/html/man/sgi2tiff.1.html
share/doc/tiff/html/man/thumbnail.1.html
share/doc/tiff/html/man/tiff2bw.1.html
share/doc/tiff/html/man/tiff2pdf.1.html
@@ -204,7 +190,6 @@ share/doc/tiff/html/man/tiffinfo.1.html
share/doc/tiff/html/man/tiffmedian.1.html
share/doc/tiff/html/man/tiffset.1.html
share/doc/tiff/html/man/tiffsplit.1.html
-share/doc/tiff/html/man/tiffsv.1.html
share/doc/tiff/html/misc.html
share/doc/tiff/html/support.html
share/doc/tiff/html/tools.html
@@ -251,3 +236,4 @@ share/doc/tiff/html/v4.0.4.html
share/doc/tiff/html/v4.0.4beta.html
share/doc/tiff/html/v4.0.5.html
share/doc/tiff/html/v4.0.6.html
+share/doc/tiff/html/v${PKGVERSION}.html
diff --git a/graphics/tiff/distinfo b/graphics/tiff/distinfo
index 782b16014dd..d6baac58fb5 100644
--- a/graphics/tiff/distinfo
+++ b/graphics/tiff/distinfo
@@ -1,8 +1,7 @@
-$NetBSD: distinfo,v 1.69 2016/03/22 21:50:13 tez Exp $
+$NetBSD: distinfo,v 1.70 2016/11/22 15:19:54 wiz Exp $
-SHA1 (tiff-4.0.6.tar.gz) = 280e27704eaca5f592b82e71ac0c78b87395e2de
-RMD160 (tiff-4.0.6.tar.gz) = 3d5d6951a36baf32ab0e0958d3b4a9413b7f2e07
-SHA512 (tiff-4.0.6.tar.gz) = 2c8dbaaaab9f82a7722bfe8cb6fcfcf67472beb692f1b7dafaf322759e7016dad1bc58457c0f03db50aa5bd088fef2b37358fcbc1524e20e9e14a9620373fdf8
-Size (tiff-4.0.6.tar.gz) = 2192991 bytes
+SHA1 (tiff-4.0.7.tar.gz) = 2c1b64478e88f93522a42dd5271214a0e5eae648
+RMD160 (tiff-4.0.7.tar.gz) = 582e19c31e7f29d9ed36995dcad7ad68802cbadb
+SHA512 (tiff-4.0.7.tar.gz) = 941357bdd5f947cdca41a1d31ae14b3fadc174ae5dce7b7981dbe58f61995f575ac2e97a7cc4fcc435184012017bec0920278263490464644f2cdfad9a6c5ddc
+Size (tiff-4.0.7.tar.gz) = 2076392 bytes
SHA1 (patch-configure) = a0032133f06b6ac92bbf52349fabe83f74ea14a6
-SHA1 (patch-libtiff_tif_luv.c) = dacf0ac8943e02dac1cd618af979aec5d760d855
diff --git a/graphics/tiff/patches/patch-libtiff_tif_luv.c b/graphics/tiff/patches/patch-libtiff_tif_luv.c
deleted file mode 100644
index c891fc231b7..00000000000
--- a/graphics/tiff/patches/patch-libtiff_tif_luv.c
+++ /dev/null
@@ -1,162 +0,0 @@
-$NetBSD: patch-libtiff_tif_luv.c,v 1.1 2016/03/22 21:50:13 tez Exp $
-
-Fix for CVE-2015-8781, CVE-2015-8782, CVE-2015-8783 from:
- https://github.com/vadz/libtiff/commit/aaab5c3c9d2a2c6984f23ccbc79702610439bc65.diff
-
---- libtiff/tif_luv.c.orig
-+++ libtiff/tif_luv.c
-@@ -202,7 +202,11 @@ LogL16Decode(TIFF* tif, uint8* op, tmsize_t occ, uint16 s)
- if (sp->user_datafmt == SGILOGDATAFMT_16BIT)
- tp = (int16*) op;
- else {
-- assert(sp->tbuflen >= npixels);
-+ if(sp->tbuflen < npixels) {
-+ TIFFErrorExt(tif->tif_clientdata, module,
-+ "Translation buffer too short");
-+ return (0);
-+ }
- tp = (int16*) sp->tbuf;
- }
- _TIFFmemset((void*) tp, 0, npixels*sizeof (tp[0]));
-@@ -211,9 +215,11 @@ LogL16Decode(TIFF* tif, uint8* op, tmsize_t occ, uint16 s)
- cc = tif->tif_rawcc;
- /* get each byte string */
- for (shft = 2*8; (shft -= 8) >= 0; ) {
-- for (i = 0; i < npixels && cc > 0; )
-+ for (i = 0; i < npixels && cc > 0; ) {
- if (*bp >= 128) { /* run */
-- rc = *bp++ + (2-128); /* TODO: potential input buffer overrun when decoding corrupt or truncated data */
-+ if( cc < 2 )
-+ break;
-+ rc = *bp++ + (2-128);
- b = (int16)(*bp++ << shft);
- cc -= 2;
- while (rc-- && i < npixels)
-@@ -223,6 +229,7 @@ LogL16Decode(TIFF* tif, uint8* op, tmsize_t occ, uint16 s)
- while (--cc && rc-- && i < npixels)
- tp[i++] |= (int16)*bp++ << shft;
- }
-+ }
- if (i != npixels) {
- #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
- TIFFErrorExt(tif->tif_clientdata, module,
-@@ -268,13 +275,17 @@ LogLuvDecode24(TIFF* tif, uint8* op, tmsize_t occ, uint16 s)
- if (sp->user_datafmt == SGILOGDATAFMT_RAW)
- tp = (uint32 *)op;
- else {
-- assert(sp->tbuflen >= npixels);
-+ if(sp->tbuflen < npixels) {
-+ TIFFErrorExt(tif->tif_clientdata, module,
-+ "Translation buffer too short");
-+ return (0);
-+ }
- tp = (uint32 *) sp->tbuf;
- }
- /* copy to array of uint32 */
- bp = (unsigned char*) tif->tif_rawcp;
- cc = tif->tif_rawcc;
-- for (i = 0; i < npixels && cc > 0; i++) {
-+ for (i = 0; i < npixels && cc >= 3; i++) {
- tp[i] = bp[0] << 16 | bp[1] << 8 | bp[2];
- bp += 3;
- cc -= 3;
-@@ -325,7 +336,11 @@ LogLuvDecode32(TIFF* tif, uint8* op, tmsize_t occ, uint16 s)
- if (sp->user_datafmt == SGILOGDATAFMT_RAW)
- tp = (uint32*) op;
- else {
-- assert(sp->tbuflen >= npixels);
-+ if(sp->tbuflen < npixels) {
-+ TIFFErrorExt(tif->tif_clientdata, module,
-+ "Translation buffer too short");
-+ return (0);
-+ }
- tp = (uint32*) sp->tbuf;
- }
- _TIFFmemset((void*) tp, 0, npixels*sizeof (tp[0]));
-@@ -334,11 +349,13 @@ LogLuvDecode32(TIFF* tif, uint8* op, tmsize_t occ, uint16 s)
- cc = tif->tif_rawcc;
- /* get each byte string */
- for (shft = 4*8; (shft -= 8) >= 0; ) {
-- for (i = 0; i < npixels && cc > 0; )
-+ for (i = 0; i < npixels && cc > 0; ) {
- if (*bp >= 128) { /* run */
-+ if( cc < 2 )
-+ break;
- rc = *bp++ + (2-128);
- b = (uint32)*bp++ << shft;
-- cc -= 2; /* TODO: potential input buffer overrun when decoding corrupt or truncated data */
-+ cc -= 2;
- while (rc-- && i < npixels)
- tp[i++] |= b;
- } else { /* non-run */
-@@ -346,6 +363,7 @@ LogLuvDecode32(TIFF* tif, uint8* op, tmsize_t occ, uint16 s)
- while (--cc && rc-- && i < npixels)
- tp[i++] |= (uint32)*bp++ << shft;
- }
-+ }
- if (i != npixels) {
- #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
- TIFFErrorExt(tif->tif_clientdata, module,
-@@ -413,6 +431,7 @@ LogLuvDecodeTile(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
- static int
- LogL16Encode(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
- {
-+ static const char module[] = "LogL16Encode";
- LogLuvState* sp = EncoderState(tif);
- int shft;
- tmsize_t i;
-@@ -433,7 +452,11 @@ LogL16Encode(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
- tp = (int16*) bp;
- else {
- tp = (int16*) sp->tbuf;
-- assert(sp->tbuflen >= npixels);
-+ if(sp->tbuflen < npixels) {
-+ TIFFErrorExt(tif->tif_clientdata, module,
-+ "Translation buffer too short");
-+ return (0);
-+ }
- (*sp->tfunc)(sp, bp, npixels);
- }
- /* compress each byte string */
-@@ -506,6 +529,7 @@ LogL16Encode(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
- static int
- LogLuvEncode24(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
- {
-+ static const char module[] = "LogLuvEncode24";
- LogLuvState* sp = EncoderState(tif);
- tmsize_t i;
- tmsize_t npixels;
-@@ -521,7 +545,11 @@ LogLuvEncode24(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
- tp = (uint32*) bp;
- else {
- tp = (uint32*) sp->tbuf;
-- assert(sp->tbuflen >= npixels);
-+ if(sp->tbuflen < npixels) {
-+ TIFFErrorExt(tif->tif_clientdata, module,
-+ "Translation buffer too short");
-+ return (0);
-+ }
- (*sp->tfunc)(sp, bp, npixels);
- }
- /* write out encoded pixels */
-@@ -553,6 +581,7 @@ LogLuvEncode24(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
- static int
- LogLuvEncode32(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
- {
-+ static const char module[] = "LogLuvEncode32";
- LogLuvState* sp = EncoderState(tif);
- int shft;
- tmsize_t i;
-@@ -574,7 +603,11 @@ LogLuvEncode32(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
- tp = (uint32*) bp;
- else {
- tp = (uint32*) sp->tbuf;
-- assert(sp->tbuflen >= npixels);
-+ if(sp->tbuflen < npixels) {
-+ TIFFErrorExt(tif->tif_clientdata, module,
-+ "Translation buffer too short");
-+ return (0);
-+ }
- (*sp->tfunc)(sp, bp, npixels);
- }
- /* compress each byte string */
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-03 16:43:07 +0000