| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
Requested by solo@.
|
|
"Some vulnerabilities have been reported in libTIFF, which can be
exploited by malicious people to cause a DoS (Denial of Service)
or potentially compromise a vulnerable system.
The vulnerabilities are caused due to various heap and integer
overflows when processing TIFF images and can be exploited via
a specially crafted TIFF image.
Successful exploitation allows crashing applications linked against
libTIFF and may also allow execution of arbitrary code."
http://secunia.com/advisories/21304/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3465
Patches from Tavis Ormandy, Google Security Team via SUSE.
Bump PKGREVISION.
|
|
and add a new helper target and script, "show-buildlink3", that outputs
a listing of the buildlink3.mk files included as well as the depth at
which they are included.
For example, "make show-buildlink3" in fonts/Xft2 displays:
zlib
fontconfig
iconv
zlib
freetype2
expat
freetype2
Xrender
renderproto
|
|
of the order in which buildlink3.mk files are (recursively) included
by a package Makefile.
|
|
were detected and tiffgt was built.
No change to package.
(TODO: do not install the tiffgt manual pages. Maybe install separate
tiffgt package if needed.)
|
|
"A vulnerability in LibTIFF can be exploited by malicious people to
cause a DoS (Denial of Service) and potentially compromise a user's
system.
The vulnerability is caused due to a boundary error within tiff2pdf
when handling a TIFF file with a "DocumentName" tag that contains
UTF-8 characters. This can be exploited to cause a stack-based buffer
overflow and may allow arbitrary code execution."
http://secunia.com/advisories/20488/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2193
Patch from Ubuntu.
|
|
|
|
RECOMMENDED is removed. It becomes ABI_DEPENDS.
BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo.
BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo.
BUILDLINK_DEPENDS does not change.
IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS
which defaults to "yes".
Added to obsolete.mk checking for IGNORE_RECOMMENDED.
I did not manually go through and fix any aesthetic tab/spacing issues.
I have tested the above patch on DragonFly building and packaging
subversion and pkglint and their many dependencies.
I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I
have used IGNORE_RECOMMENDED for a long time). I have been an active user
of IGNORE_RECOMMENDED since it was available.
As suggested, I removed the documentation sentences suggesting bumping for
"security" issues.
As discussed on tech-pkg.
I will commit to revbump, pkglint, pkg_install, createbuildlink separately.
Note that if you use wip, it will fail! I will commit to pkgsrc-wip
later (within day).
|
|
/pkgstat/i386-2.1/20060404.0711/graphics/tiff/.broken.html.
Reviewed By: reed
|
|
changes: bugfixes
|
|
changes:
-many bugfixes
-support PBM files in ppm2tiff
-Added ability to create multipage TIFFs in bmp2tiff
|
|
developer is officially maintaining the package.
The rationale for changing this from "tech-pkg" to "pkgsrc-users" is
that it implies that any user can try to maintain the package (by
submitting patches to the mailing list). Since the folks most likely
to care about the package are the folks that want to use it or are
already using it, this would leverage the energy of users who aren't
developers.
|
|
around a problem caused by a bash'ism in the configure script.
Fix the script instead.
No functional change.
|
|
the inclusion of tiffio.h from C++ as seen in digikam.
Bump revision.
|
|
MAJOR CHANGES:
* Read-only support for custom directories (e.g. EXIF directory).
* Preliminary support for MS MDI format.
----------------------------------------------------------------------------------------
CHANGES IN THE SOFTWARE CONFIGURATION:
* Make the default strip size configurable via the
--with-default-strip-size and STRIP_SIZE_DEFAULT options.
----------------------------------------------------------------------------------------
CHANGES IN LIBTIFF:
* tiffio.h: Added VC_EXTRALEAN definition before including
windows.h, to reduce the compile time.
* tif_jpeg.c: Improve compilation under MinGW.
* {tif_aux.c, tif_dir.c, tif_dir.h, tif_dirwrite.c, tif_print.c,
tif_getimage.c}: Make InkSet, NumberOfInks, DotRange and StoNits tags
custom.
* {tif_aux.c, tif_dir.c, tif_dir.h, tif_print.c}: Make WhitePoint tag
custom.
* tiffio.h: fixed typo that potentially resulted in redefininition of
USE_WIN32_FILEIO
* {tif_dir.c, tif_dir.h, tif_print.c}: Make RichTIFFIPTC, Photoshop and
ICCProfile tags custom.
* libtiff/*, contrib/*: Added 'dual-mode' error handling, enabling newer
code to get context indicator in error handler and still remain
compatible with older code: Done TIFFError calls everywhere
except in tools.
* tiffinfo.c: Print EXIF directory contents if exist.
* {tif_dirinfo.c, tif_dirread.c, tif_dir.h, tif_dir.c}: Custom
directory read-only support.
* {tif_aux.c, tif_dirinfo.c, tif_dirread.c, tif_dir.h, tif_dir.c,
tif_print.c}: Make YCbCrCoefficients and ReferenceBlackWhite tags
custom.
* tif_dirread.c: One more workaround for broken StripByteCounts tag.
Handle the case when StripByteCounts array filled with completely wrong
values.
* tif_dirinfo.c: Release file descriptor in case of failure in
the TIFFOpenW() function as per bug
http://bugzilla.remotesensing.org/show_bug.cgi?id=1003
* tif_dirinfo.c: Correctly yse bsearch() and lfind() functions
as per bug http://bugzilla.remotesensing.org/show_bug.cgi?id=1008
* tif_open.c, tiff.h, tiffdump.c: Incorporate preliminary support for MS
MDI format.
http://bugzilla.remotesensing.org/show_bug.cgi?id=1002
* libtiff.def, tiffiop.h, tiffio.h: Made TIFFFreeDirectory public.
* /tif_dirinfo.c: Make XResolution, YResolution and ResolutionUnit tags
modifiable during write process. As per bug
http://bugzilla.remotesensing.org/show_bug.cgi?id=977
* if_dirread.c: Don't try and split single strips into "0" strips in
ChopUpSingleUncompressedStrip. This happens in some degenerate
cases (like 1x1 files with stripbytecounts==0 (gtsmall.jp2 embed tiff)
* tif_fax3.c: changed 'at scanline ...' style warning/errors with
incorrect use of tif_row, to 'at line ... of strip/tile ...'
style.
CHANGES IN THE TOOLS:
* tiffcp.c: Added many error reporting messages; fixed integer
overflow as per bug
http://bugzilla.remotesensing.org/show_bug.cgi?id=789
* tiffcp.c: Return non-zero status when reading fails.
* fax2tiff.c: Properly calculate sizes of temporary arrays as
per bug http://bugzilla.remotesensing.org/show_bug.cgi?id=943
* fax2tiff.c: Added option '-r' to set RowsPerStrip parameter as per bug
http://bugzilla.remotesensing.org/show_bug.cgi?id=944
* tiffdump.c: Fixed typeshift and typemask arrays initialization problem
as per bug
http://bugzilla.remotesensing.org/show_bug.cgi?id=946
* bmp2tiff.c: Fixed possible integer overflow error as per bug
http://bugzilla.remotesensing.org/show_bug.cgi?id=965
* tiffsplit.c: Copy fax related fields over splitted parts as
per bug http://bugzilla.remotesensing.org/show_bug.cgi?id=983
* tiffdump.c: Fixed crash when reading malformed tags.
* tiff2pdf.c: Added missed 'break' statement as per bug
http://bugzilla.remotesensing.org/show_bug.cgi?id=932
|
|
MAJOR CHANGES:
* Fixed important bug in custom tags handling code..
------------------------------------------------
CHANGES IN THE SOFTWARE CONFIGURATION:
* Applied patch from Patrick Welche (all scripts moved in the 'config'
and 'm4' directories).
* SConstruct, libtiff/SConstruct: Added the first very preliminary
support for SCons software building tool (http://www.scons.org/). This
is experimental infrastructure and it will exist along with the
autotools stuff.
* port/lfind.c: Added lfind() replacement module.
------------------------------------------------
CHANGES IN LIBTIFF:
* tif_dir.c: When prefreeing tv->value in TIFFSetFieldV also set it to
NULL to avoid double free when re-setting custom string fields as per:
http://bugzilla.remotesensing.org/show_bug.cgi?id=922
* tif_dir.c: Fixed up support for swapping "double complex" values (128
bits as 2 64 bits doubles). GDAL gcore tests now pass on bigendian
(macosx) system.
* libtiff/{tif_dirread.c, tif_dirinfo.c}: Do not upcast BYTEs to SHORTs
in the TIFFFetchByteArray(). Remove TIFFFetchExtraSamples() function,
use TIFFFetchNormalTag() instead as per bug
http://bugzilla.remotesensing.org/show_bug.cgi?id=831 Remove
TIFFFetchExtraSamples() function, use TIFFFetchNormalTag() instead.
* tif_print.c: Fixed printing of the BYTE and SBYTE arrays.
* tif_write.c: Do not check the PlanarConfiguration field in the
TIFFWriteCheck() function in case of single band images (as per TIFF
spec).
* libtiff/{tif_dir.c, tif_dir.h, tif_dirinfo.c, tif_print.c}: Make
FieldOfViewCotangent, MatrixWorldToScreen, MatrixWorldToCamera,
ImageFullWidth, ImageFullLength and PrimaryChromaticities tags custom.
------------------------------------------------
CHANGES IN THE TOOLS:
* tiffcp.c: Fixed WhitePoint tag copying.
------------------------------------------------
CHANGES IN THE CONTRIB AREA:
* tiffdump.c: Added support for TIFF_IFD datatype.
* addtiffo/{tif_overview.c, tif_ovrcache.c, tif_ovrcache.h}: Make
overviews working for contiguous images.
|
|
|
|
Many bugfixes and several new features. The runtime endianness check
has been replaced with the compile time one. Support has been added
for the new predictor type (floating point predictor) defined at the
TIFF Technical Note 3, for custom tags passed by value, and for all
DNG tags.
|
|
sunpro-cxx wrapper now.
|
|
and libCstd when building with sunpro.
ok'd by jlam@
|
|
user settable variable. Set PKG_SUGGESTED_OPTIONS instead. Also,
make use of PKG_OPTIONS_LEGACY_VARS.
Reviewed by wiz.
|
|
"A vulnerability in libTIFF was found, it can be potentially exploited by
malicious people to compromise a vulnerable system."
http://secunia.com/advisories/15320/
http://bugzilla.remotesensing.org/show_bug.cgi?id=843
Bump PKGREVISION, patch from libtiff cvs repository.
|
|
don't define __LP64__. This is basically same as patch-ab rev. 1.13,
which was probably removed by mistake.
|
|
|
|
from libtiff CVS to fix the build on Darwin.
|
|
Package changes:
Put options in options.mk, and retire support for USE_GIF; turn on
the lzw option by default (since USE_GIF was on by default).
C++ library's name changed, to be in sync with tiff distribution's name
for it (libtiffcxx -> libtiffxx).
Changes in 3.7.2:
Maintainance [sic] release. Many bugfixes in the build
environment and compatibility improvements.
|
|
|
|
that fixes a bug where docked TIFF icons in WindowMaker have a black
background rather than a transparent background. Ride the previous
PKGREVISION bump to 3. This fixes PR pkg/28989.
|
|
of $(CXX) so that applications needing libtiff don't also need to be
linked against $(CXX). Bump the PKGREVISION to 3. This should fix
PR pkg/28961.
|
|
with no objects. libtiffcxx.la now correctly builds using tif_stream.lo.
Bump the PKGREVISION to 2.
|
|
It's meant to be used directly in place of libtiff.so, i.e. instead
of linking against -ltiff, you link against -ltiffcxx. It also leaves
libtiff.so as a plain C-linkage library again, as it was in tiff-3.6.x,
and avoids needing to patch tiff-using packages to link using the C++
compiler. Bump the PKGREVISION to 1.
|
|
configure script. Remove this from CONFIGURE_ARGS.
|
|
bsd.options.mk framework. The USE_GIF option is now called "lzw" and
is enabled by default.
|
|
Remove OpenWindows workaround in pkgsrc for this.
Too many changes to include here.
See http://www.remotesensing.org/libtiff/v3.7.1.html
and http://www.remotesensing.org/libtiff/v3.7.0.html
and previous change files for changes information.
tiff-3.7.1 now includes the lzw compression code again.
It also uses autoconf and libtool now.
A new tool is bmp2tiff.
Docs are placed under share/doc/tiff/html instead of share/doc/html/tiff.
Many manpage symlinks are now missing. (This was reported to tiff list.)
|
|
But now these are improved in response to
iDEFENSE Security Advisory 12.21.04
www.idefense.com/application/poi/display?id=173&type=vulnerabilities
libtiff STRIPOFFSETS Integer Overflow Vulnerability
December 21, 2004
This fix (in two files) was from that advisory and also seen
in tiff 3.7.1.
PKGREVISION is bumped to 6 and BUILDLINK_RECOMMENDED is adjusted for
this possible security issue. Other packages depending on this are not
bumped.
|
|
to 'yes'. (In behalf of jlam@, who can't commit this ATM.)
|
|
include fixes for CESA-2004-006. Bump package revision.
|
|
|
|
|
|
Add /old/ to end of master site URL.
This was reported by Georg Schwarz on tech-pkg
and also by Ian Harding via PR #27278.
Note that this is insecure version of tiff!
|
|
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
|
|
All library names listed by *.la files no longer need to be listed
in the PLIST, e.g., instead of:
lib/libfoo.a
lib/libfoo.la
lib/libfoo.so
lib/libfoo.so.0
lib/libfoo.so.0.1
one simply needs:
lib/libfoo.la
and bsd.pkg.mk will automatically ensure that the additional library
names are listed in the installed package +CONTENTS file.
Also make LIBTOOLIZE_PLIST default to "yes".
|
|
with a '-' as '../-', as this is basically guaranteed to be wrong.
Examples: -n32 or -64 for IRIX ABI would be substituted as '../-64',
which of course breaks the package. Other possible CFLAGS would
have the same result.
|
|
|
|
|
|
|
|
shell exit code, and thus a failure.
Move comments out of the list of commands. (Alternately ${DO_NADA} could
have been used.)
|
|
|
|
|
