diff options
Diffstat (limited to 'graphics/tiff')
-rw-r--r-- | graphics/tiff/Makefile | 5 | ||||
-rw-r--r-- | graphics/tiff/PLIST | 18 | ||||
-rw-r--r-- | graphics/tiff/distinfo | 11 | ||||
-rw-r--r-- | graphics/tiff/patches/patch-libtiff_tif_luv.c | 162 |
4 files changed, 9 insertions, 187 deletions
diff --git a/graphics/tiff/Makefile b/graphics/tiff/Makefile index 82946b3f54a..8a8a1590fa3 100644 --- a/graphics/tiff/Makefile +++ b/graphics/tiff/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.123 2016/10/08 06:20:39 adam Exp $ +# $NetBSD: Makefile,v 1.124 2016/11/22 15:19:54 wiz Exp $ -DISTNAME= tiff-4.0.6 -PKGREVISION= 1 +DISTNAME= tiff-4.0.7 CATEGORIES= graphics MASTER_SITES= ftp://download.osgeo.org/libtiff/ diff --git a/graphics/tiff/PLIST b/graphics/tiff/PLIST index d4877aa42d3..a594e7a1248 100644 --- a/graphics/tiff/PLIST +++ b/graphics/tiff/PLIST @@ -1,14 +1,9 @@ -@comment $NetBSD: PLIST,v 1.21 2015/09/13 09:27:08 wiz Exp $ -bin/bmp2tiff +@comment $NetBSD: PLIST,v 1.22 2016/11/22 15:19:54 wiz Exp $ bin/fax2ps bin/fax2tiff -bin/gif2tiff bin/pal2rgb bin/ppm2tiff -bin/ras2tiff bin/raw2tiff -bin/rgb2ycbcr -bin/thumbnail bin/tiff2bw bin/tiff2pdf bin/tiff2ps @@ -30,16 +25,12 @@ include/tiffvers.h lib/libtiff.la lib/libtiffxx.la lib/pkgconfig/libtiff-4.pc -man/man1/bmp2tiff.1 man/man1/fax2ps.1 man/man1/fax2tiff.1 -man/man1/gif2tiff.1 man/man1/pal2rgb.1 man/man1/ppm2tiff.1 -man/man1/ras2tiff.1 man/man1/raw2tiff.1 man/man1/rgb2ycbcr.1 -man/man1/sgi2tiff.1 man/man1/thumbnail.1 man/man1/tiff2bw.1 man/man1/tiff2pdf.1 @@ -55,7 +46,6 @@ man/man1/tiffinfo.1 man/man1/tiffmedian.1 man/man1/tiffset.1 man/man1/tiffsplit.1 -man/man1/tiffsv.1 man/man3/TIFFClose.3 man/man3/TIFFDataWidth.3 man/man3/TIFFError.3 @@ -177,18 +167,14 @@ share/doc/tiff/html/man/TIFFsize.3tiff.html share/doc/tiff/html/man/TIFFstrip.3tiff.html share/doc/tiff/html/man/TIFFswab.3tiff.html share/doc/tiff/html/man/TIFFtile.3tiff.html -share/doc/tiff/html/man/bmp2tiff.1.html share/doc/tiff/html/man/fax2ps.1.html share/doc/tiff/html/man/fax2tiff.1.html -share/doc/tiff/html/man/gif2tiff.1.html share/doc/tiff/html/man/index.html share/doc/tiff/html/man/libtiff.3tiff.html share/doc/tiff/html/man/pal2rgb.1.html share/doc/tiff/html/man/ppm2tiff.1.html -share/doc/tiff/html/man/ras2tiff.1.html share/doc/tiff/html/man/raw2tiff.1.html share/doc/tiff/html/man/rgb2ycbcr.1.html -share/doc/tiff/html/man/sgi2tiff.1.html share/doc/tiff/html/man/thumbnail.1.html share/doc/tiff/html/man/tiff2bw.1.html share/doc/tiff/html/man/tiff2pdf.1.html @@ -204,7 +190,6 @@ share/doc/tiff/html/man/tiffinfo.1.html share/doc/tiff/html/man/tiffmedian.1.html share/doc/tiff/html/man/tiffset.1.html share/doc/tiff/html/man/tiffsplit.1.html -share/doc/tiff/html/man/tiffsv.1.html share/doc/tiff/html/misc.html share/doc/tiff/html/support.html share/doc/tiff/html/tools.html @@ -251,3 +236,4 @@ share/doc/tiff/html/v4.0.4.html share/doc/tiff/html/v4.0.4beta.html share/doc/tiff/html/v4.0.5.html share/doc/tiff/html/v4.0.6.html +share/doc/tiff/html/v${PKGVERSION}.html diff --git a/graphics/tiff/distinfo b/graphics/tiff/distinfo index 782b16014dd..d6baac58fb5 100644 --- a/graphics/tiff/distinfo +++ b/graphics/tiff/distinfo @@ -1,8 +1,7 @@ -$NetBSD: distinfo,v 1.69 2016/03/22 21:50:13 tez Exp $ +$NetBSD: distinfo,v 1.70 2016/11/22 15:19:54 wiz Exp $ -SHA1 (tiff-4.0.6.tar.gz) = 280e27704eaca5f592b82e71ac0c78b87395e2de -RMD160 (tiff-4.0.6.tar.gz) = 3d5d6951a36baf32ab0e0958d3b4a9413b7f2e07 -SHA512 (tiff-4.0.6.tar.gz) = 2c8dbaaaab9f82a7722bfe8cb6fcfcf67472beb692f1b7dafaf322759e7016dad1bc58457c0f03db50aa5bd088fef2b37358fcbc1524e20e9e14a9620373fdf8 -Size (tiff-4.0.6.tar.gz) = 2192991 bytes +SHA1 (tiff-4.0.7.tar.gz) = 2c1b64478e88f93522a42dd5271214a0e5eae648 +RMD160 (tiff-4.0.7.tar.gz) = 582e19c31e7f29d9ed36995dcad7ad68802cbadb +SHA512 (tiff-4.0.7.tar.gz) = 941357bdd5f947cdca41a1d31ae14b3fadc174ae5dce7b7981dbe58f61995f575ac2e97a7cc4fcc435184012017bec0920278263490464644f2cdfad9a6c5ddc +Size (tiff-4.0.7.tar.gz) = 2076392 bytes SHA1 (patch-configure) = a0032133f06b6ac92bbf52349fabe83f74ea14a6 -SHA1 (patch-libtiff_tif_luv.c) = dacf0ac8943e02dac1cd618af979aec5d760d855 diff --git a/graphics/tiff/patches/patch-libtiff_tif_luv.c b/graphics/tiff/patches/patch-libtiff_tif_luv.c deleted file mode 100644 index c891fc231b7..00000000000 --- a/graphics/tiff/patches/patch-libtiff_tif_luv.c +++ /dev/null @@ -1,162 +0,0 @@ -$NetBSD: patch-libtiff_tif_luv.c,v 1.1 2016/03/22 21:50:13 tez Exp $ - -Fix for CVE-2015-8781, CVE-2015-8782, CVE-2015-8783 from: - https://github.com/vadz/libtiff/commit/aaab5c3c9d2a2c6984f23ccbc79702610439bc65.diff - ---- libtiff/tif_luv.c.orig -+++ libtiff/tif_luv.c -@@ -202,7 +202,11 @@ LogL16Decode(TIFF* tif, uint8* op, tmsize_t occ, uint16 s) - if (sp->user_datafmt == SGILOGDATAFMT_16BIT) - tp = (int16*) op; - else { -- assert(sp->tbuflen >= npixels); -+ if(sp->tbuflen < npixels) { -+ TIFFErrorExt(tif->tif_clientdata, module, -+ "Translation buffer too short"); -+ return (0); -+ } - tp = (int16*) sp->tbuf; - } - _TIFFmemset((void*) tp, 0, npixels*sizeof (tp[0])); -@@ -211,9 +215,11 @@ LogL16Decode(TIFF* tif, uint8* op, tmsize_t occ, uint16 s) - cc = tif->tif_rawcc; - /* get each byte string */ - for (shft = 2*8; (shft -= 8) >= 0; ) { -- for (i = 0; i < npixels && cc > 0; ) -+ for (i = 0; i < npixels && cc > 0; ) { - if (*bp >= 128) { /* run */ -- rc = *bp++ + (2-128); /* TODO: potential input buffer overrun when decoding corrupt or truncated data */ -+ if( cc < 2 ) -+ break; -+ rc = *bp++ + (2-128); - b = (int16)(*bp++ << shft); - cc -= 2; - while (rc-- && i < npixels) -@@ -223,6 +229,7 @@ LogL16Decode(TIFF* tif, uint8* op, tmsize_t occ, uint16 s) - while (--cc && rc-- && i < npixels) - tp[i++] |= (int16)*bp++ << shft; - } -+ } - if (i != npixels) { - #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) - TIFFErrorExt(tif->tif_clientdata, module, -@@ -268,13 +275,17 @@ LogLuvDecode24(TIFF* tif, uint8* op, tmsize_t occ, uint16 s) - if (sp->user_datafmt == SGILOGDATAFMT_RAW) - tp = (uint32 *)op; - else { -- assert(sp->tbuflen >= npixels); -+ if(sp->tbuflen < npixels) { -+ TIFFErrorExt(tif->tif_clientdata, module, -+ "Translation buffer too short"); -+ return (0); -+ } - tp = (uint32 *) sp->tbuf; - } - /* copy to array of uint32 */ - bp = (unsigned char*) tif->tif_rawcp; - cc = tif->tif_rawcc; -- for (i = 0; i < npixels && cc > 0; i++) { -+ for (i = 0; i < npixels && cc >= 3; i++) { - tp[i] = bp[0] << 16 | bp[1] << 8 | bp[2]; - bp += 3; - cc -= 3; -@@ -325,7 +336,11 @@ LogLuvDecode32(TIFF* tif, uint8* op, tmsize_t occ, uint16 s) - if (sp->user_datafmt == SGILOGDATAFMT_RAW) - tp = (uint32*) op; - else { -- assert(sp->tbuflen >= npixels); -+ if(sp->tbuflen < npixels) { -+ TIFFErrorExt(tif->tif_clientdata, module, -+ "Translation buffer too short"); -+ return (0); -+ } - tp = (uint32*) sp->tbuf; - } - _TIFFmemset((void*) tp, 0, npixels*sizeof (tp[0])); -@@ -334,11 +349,13 @@ LogLuvDecode32(TIFF* tif, uint8* op, tmsize_t occ, uint16 s) - cc = tif->tif_rawcc; - /* get each byte string */ - for (shft = 4*8; (shft -= 8) >= 0; ) { -- for (i = 0; i < npixels && cc > 0; ) -+ for (i = 0; i < npixels && cc > 0; ) { - if (*bp >= 128) { /* run */ -+ if( cc < 2 ) -+ break; - rc = *bp++ + (2-128); - b = (uint32)*bp++ << shft; -- cc -= 2; /* TODO: potential input buffer overrun when decoding corrupt or truncated data */ -+ cc -= 2; - while (rc-- && i < npixels) - tp[i++] |= b; - } else { /* non-run */ -@@ -346,6 +363,7 @@ LogLuvDecode32(TIFF* tif, uint8* op, tmsize_t occ, uint16 s) - while (--cc && rc-- && i < npixels) - tp[i++] |= (uint32)*bp++ << shft; - } -+ } - if (i != npixels) { - #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) - TIFFErrorExt(tif->tif_clientdata, module, -@@ -413,6 +431,7 @@ LogLuvDecodeTile(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s) - static int - LogL16Encode(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s) - { -+ static const char module[] = "LogL16Encode"; - LogLuvState* sp = EncoderState(tif); - int shft; - tmsize_t i; -@@ -433,7 +452,11 @@ LogL16Encode(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s) - tp = (int16*) bp; - else { - tp = (int16*) sp->tbuf; -- assert(sp->tbuflen >= npixels); -+ if(sp->tbuflen < npixels) { -+ TIFFErrorExt(tif->tif_clientdata, module, -+ "Translation buffer too short"); -+ return (0); -+ } - (*sp->tfunc)(sp, bp, npixels); - } - /* compress each byte string */ -@@ -506,6 +529,7 @@ LogL16Encode(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s) - static int - LogLuvEncode24(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s) - { -+ static const char module[] = "LogLuvEncode24"; - LogLuvState* sp = EncoderState(tif); - tmsize_t i; - tmsize_t npixels; -@@ -521,7 +545,11 @@ LogLuvEncode24(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s) - tp = (uint32*) bp; - else { - tp = (uint32*) sp->tbuf; -- assert(sp->tbuflen >= npixels); -+ if(sp->tbuflen < npixels) { -+ TIFFErrorExt(tif->tif_clientdata, module, -+ "Translation buffer too short"); -+ return (0); -+ } - (*sp->tfunc)(sp, bp, npixels); - } - /* write out encoded pixels */ -@@ -553,6 +581,7 @@ LogLuvEncode24(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s) - static int - LogLuvEncode32(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s) - { -+ static const char module[] = "LogLuvEncode32"; - LogLuvState* sp = EncoderState(tif); - int shft; - tmsize_t i; -@@ -574,7 +603,11 @@ LogLuvEncode32(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s) - tp = (uint32*) bp; - else { - tp = (uint32*) sp->tbuf; -- assert(sp->tbuflen >= npixels); -+ if(sp->tbuflen < npixels) { -+ TIFFErrorExt(tif->tif_clientdata, module, -+ "Translation buffer too short"); -+ return (0); -+ } - (*sp->tfunc)(sp, bp, npixels); - } - /* compress each byte string */ |