| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
|
|
and use-after-free problems in the "gif2tiff" and "tiff2pdf"
command line tools (the library is not affected)
(CVE-2013-4231, CVE-2013-4232, CVE-2013-4244)
bump PKGREV
|
|
"tiff2pdf" tool by crafted TIFF image files
(CVE-2013-1960/61)
bump PKGREV
|
|
'Please use ${ECHO_N} instead of "echo -n".'
|
|
|
|
due to integer overflow in the ppm2tiff cmd line tool (CVE-2012-4564)
bump PKGREV
|
|
|
|
MAJOR CHANGES:
None
CHANGES IN THE SOFTWARE CONFIGURATION:
Updated to use Automake 1.12.4. Avoids security problem with 'make distcheck' (CVE-2012-3386).
CHANGES IN LIBTIFF:
Various memory buffer access fixes.
Fix handling when writing RGBA jpeg compressed imagery (http://trac.osgeo.org/gdal/ticket/4732).
Fix to work properly with IJG JPEG 7+.
New functions TIFFFieldTag(), TIFFFieldName(), TIFFFieldDataType(), TIFFFieldPassCount(), TIFFFieldReadCount(), TIFFFieldWriteCount() to use as external accessors for the opaque type TIFFField.
Fix bug rewriting image tiles in a compressed file (http://trac.osgeo.org/gdal/ticket/4771).
Add TIFF/FX tag support in libtiff.
CHANGES IN THE TOOLS:
tiff2pdf: Fail when TIFFSetDirectory() fails. This prevents core dumps or perhaps even arbitrary code execution when processing a corrupt input file (CVE-2012-3401).
tiff2pdf: Fix two places where t2p_error didn't get set after a malloc failure. No crash risk AFAICS, but the program might not report exit code 1 as desired.
CHANGES IN THE CONTRIB AREA:
None
|
|
Bump PKGREVISION.
|
|
* tif_getimage.c: added support for _SEPARATED CMYK images.
* tif_getimage.c: Added support for greyscale + alpha.
* Added TIFFCreateCustomDirectory() and TIFFCreateEXIFDirectory()
functions.
* tif_print.c: Lots of fixes around printing corrupt or hostile input.
* Improve handling of corrupt ycbcrsubsampling values.
* tif_unix.c: use strerror to get meaningful error messages.
* tif_jpeg.c: fix serious bugs in JPEGDecodeRaw().
* tif_jpeg.c: Fix size overflow (zdi-can-1221,CVE-2012-1173).
|
|
Bump PKGREVISION.
|
|
-update to 4.0.1 -- this only adds symbol versioning support to ease
transition from 3.x to 4.x; this is not used in pkgsrc so the
update is purely cosmetical
|
|
|
|
|
|
At long last, libtiff 4.0.0 is finally released. Libtiff 4.0.0 is the
successor to the libtiff 3.9.X release series. It is intended to be
largely API compatible with the 3.9.X releases, but it is definitely
not ABI compatible so any software which plans to use it will need to
be recompiled. With appropriate care, source code can easily compile
with both the 3.9.X releases and libtiff 4.0.0.
This release supports the BigTIFF TIFF format in which all offsets are
unsigned 64-bit, supporting huge files. APIs which deal with tag
offsets are necessarily updated to pass 64-bit values. I/O functions
supporting the TIFFClientOpen() interface are updated to pass 64-bit
offset values.
|
|
Many bugs and security issues are resolved in this stable release.
|
|
(http://bugzilla.maptools.org/show_bug.cgi?id=2300)
to fix possible buffer overflow in the "thunder" decoder (CVE-2011-1167)
bump PKGREV
|
|
"libtiff" CVS repository.
|
|
alternative from mk/jpeg.buildlink3.mk
This allows selection of an alternative jpeg library (namely the x86 MMX,
SSE, SSE2 accelerated libjpeg-turbo) via JPEG_DEFAULT=libjpeg-turbo, and
follows the current standard model for alternatives (fam, motif, fuse etc).
The mechanical edits were applied via the following script:
#!/bin/sh
for d in */*; do
[ -d "$d" ] || continue
for i in "$d/"Makefile* "$d/"*.mk; do
case "$i" in *.orig|*"*"*) continue;; esac
out="$d/x"
sed -e 's;graphics/jpeg/buildlink3\.mk;mk/jpeg.buildlink3.mk;g' \
-e 's;BUILDLINK_PREFIX\.jpeg;JPEGBASE;g' \
< "$i" > "$out"
if cmp -s "$i" "$out"; then
rm -f "$out"
else
echo "Edited $i"
mv -f "$i" "$i.orig" && mv "$out" "$i"
fi
done
done
|
|
following vulnerabilities:
- CVE-2010-2233
- CVE-2010-2482
- CVE-2010-2483
- CVE-2010-2595
- CVE-2010-2597
There is no patch for CVE-2010-2596 yet. But it is low risk (an assertion
gets triggered) and cannot be exploited after the above vulnerabilities
are fixed (at least if I understood correctly).
No butcher was involved in fixing this package.
|
|
changes:
-Complete the fixes for CVE-2009-2347.
-Tiffcrop now supports custom page sizes.
+minor bugfixes
|
|
gory details at http://www.remotesensing.org/libtiff/v3.9.3.html.
|
|
so bump the revision.
|
|
|
|
changes:
-bugfixes
-OJPEG support updated to work with IJG JPEG 7 release
-Tiffcrop validated for most TIFF storage subformats and sample depths
|
|
This is a bugfix release to correct serious defects found in libtiff
3.9.0. In particular, it was discovered that libtiff 3.9.0 may
write defective TIFF files. This release is intended to be API and
ABI compatible with libtiff 3.8.2.
|
|
|
|
MAJOR CHANGES:
* New tiffcrop utility contributed by Richard Nolde. tiffcrop does the
same as tiffcp, but also can crop, extract, rotate and mirror images.
* tif_jbig.c: Added support for JBIG compression scheme (34661 code),
contributed by Lee Howard.
* Totally new implementation of OJPEG module from Joris Van Damme. No
need to patch libjpeg anymore. Many OJPEG files should be supported
now that was not supported previously.
------------------------------------------------
CHANGES IN THE SOFTWARE CONFIGURATION:
* tif_config.wince.h, tiffconf.wince.h, tif_wince.c: WinCE-specific
compatibility stuff from Mateusz Loskot.
* Rename config.h.vc and tif_config.h.vc to config.vc.h and
tif_config.vc.h for easier identification by folks using an IDE.
* configure, configure.ac: OJPEG support enabled by default (i.e., whe
the conformant JPEG support enabled).
* README.vms, Makefile.am, configure.com, libtiff/{Makefile.am,
tif_config.h-vms, tif_stream.cxx, tif_vms.c, tiffconf.h-vms}: Added
support for OpenVMS by Alexey Chupahin.
* nmake.opt: use /EHsc for VS2005 compatibility. Also define
_CRT_SECURE_NO_DEPRECATE to avoid noise on VS2005.
------------------------------------------------
CHANGES IN LIBTIFF:
* tif_dirinfo.c (_TIFFFindFieldInfo): Don't attempt to bsearch() on a
NULL fieldinfo list. (_TIFFFindFieldInfoByName): Don't attempt to
lfind() on a NULL fieldinfo list.
* tif_jpeg.c: Changed JPEGInitializeLibJPEG() so that it will convert
from decompressor to compressor or compress to decompress if required
by the force arguments. This works around a problem in where the
JPEGFixupTestSubsampling() may cause a decompressor to be setup on a
directory when later a compressor is required with the force flag set.
Occurs with the addtiffo program for instance.
* tif_dirwrite.c: Fixed swapping of byte arrays stored in-place in tag
offsets as per bug
http://bugzilla.remotesensing.org/show_bug.cgi?id=1363
* tif_getimage.c: workaround for 'Fractional scanline' error reading
OJPEG images with rowsperstrip that is not a multiple of vertical
subsampling factor. This bug is mentioned in
http://bugzilla.remotesensing.org/show_bug.cgi?id=1390 and
http://www.asmail.be/msg0054766825.html
* tif_dirread.c: Added special function to handle SubjectDistance EXIF
tag as per bug http://bugzilla.remotesensing.org/show_bug.cgi?id=1362
* tif_dirread.c, tif_read.c: Type of the byte counters changed from
tsize_t to uint32 to be able to work with data arrays larger than 2GB.
Fixes bug http://bugzilla.remotesensing.org/show_bug.cgi?id=89 Idea
submitted by Matt Hancher.
* tif_dir.c: Workaround for incorrect TIFFs with ExtraSamples == 999
produced by Corel Draw. As per bug
http://bugzilla.remotesensing.org/show_bug.cgi?id=1490
* tif_write.c: TIFFAppendToStrip() - clear sorted flag if we move a
strip. http://bugzilla.remotesensing.org/show_bug.cgi?id=1359
* tif_fax3.c: Save the state of printdir codec dependent method.
* tif_jpeg.c: Save the state of printdir codec dependent method as per
bug http://bugzilla.remotesensing.org/show_bug.cgi?id=1273
* tif_win32.c: Fixed problem with offset value manipulation as per bug
http://bugzilla.remotesensing.org/show_bug.cgi?id=1322
* tif_fax3.c, tif_next.c, tif_pixarlog.c: Fixed multiple
vulnerabilities, as per Gentoo bug ():
http://bugs.gentoo.org/show_bug.cgi?id=142383
* tif_lzw.c, tif_zip.c: Fixed problems with mixing encoding and decoding
on the same read-write TIFF handle. The LZW code can now maintain
encode and decode state at the same time. The ZIP code will switch
back and forth as needed.
http://bugzilla.remotesensing.org/show_bug.cgi?id=757
* tif_msdos.c: Avoid handle leak for failed opens. c/o Thierry Pierron
* tif_dirwrite.c: take care not to flush out buffer of strip/tile data
in _TIFFWriteDirectory if TIFF_BEENWRITING not set. Relates to bug
report by Peng Gao with black strip at bottom of images.
* tif_dirwrite.c: make sure to use uint32 for wordcount in
TIFFWriteNormanTag if writecount is VARIABLE2 for ASCII fields. It
already seems to have been done for other field types. Needed for
"tiffset" on files with geotiff ascii text.
* tif_dirinfo.c: Added missed EXIF tag ColorSpace (40961).
* tif_dirread.c: Move IFD fetching code in the separate function
TIFFFetchDirectory() avoiding code duplication in TIFFReadDirectory()
and TIFFReadCustomDirectory().
* tif_readdir.c: Added case in EstimateStripByteCounts() for tiled
files. Modified TIFFReadDirectory() to not invoke
EstimateStripByteCounts() for case where entry 0 and 1 are unequal but
one of them is zero.
http://bugzilla.remotesensing.org/show_bug.cgi?id=1204
* tif_open.c, tif_dirread.c, tiffiop.h: Move IFD looping checking code
in the separate function TIFFCheckDirOffset().
* tif_aux.c: Added _TIFFCheckRealloc() function.
* tif_fax3.c: Fixed problems in fax decoder as per bug
http://bugzilla.remotesensing.org/show_bug.cgi?id=1194
* tif_jbig.c: Added support for JBIG compression scheme (34661 code)
contributed by Lee Howard. As per bug
http://bugzilla.remotesensing.org/show_bug.cgi?id=896
* tif_getimage.c: Added support for planarconfig separate non-subsampled
YCbCr (i.e. separate YCbCr with subsampling [1,1]).
* tif_getimage.c: Revision of all RGB(A) put routines:
* Conversion of unassociated alpha to associated alpha now done
with more performant LUT, and calculation more correct.
* Conversion of 16bit data to 8bit data now done with more
performant LUT, and calculation more correct
* Bugfix of handling of 16bit RGB with unassociated alpha
* tif_ojpeg.c: totally new implementation
* tif_getimage.c: removed TIFFTAG_JPEGCOLORMODE handling of OJPEG images
in favor of tif_getimage.c native handling of YCbCr and desubsampling.
* tif_jpeg.c: JPEGVSetField() so that altering the photometric
interpretation causes the "upsampled" flag to be recomputed. Fixes
peculiar bug where photometric flag had to be set before jpegcolormode
flag.
------------------------------------------------
CHANGES IN THE TOOLS:
* tiff2ps.c: Added support 16-bit images as per bug
http://bugzilla.remotesensing.org/show_bug.cgi?id=1566. Patch from
William Bader.
* tiff2pdf.c: Fix for TIFFTAG_JPEGTABLES tag fetching and significant
upgrade of the whole utility as per bug
http://bugzilla.remotesensing.org/show_bug.cgi?id=1560. Now we don't
need tiffiop.h in tiff2pdf anymore and will open output PDF file using
TIFFClientOpen() machinery as it is implemented by Leon Bottou.
* tiffcrop.c: New tiffcrop utility contributed by Richard Nolde. As per
bug http://bugzilla.remotesensing.org/show_bug.cgi?id=1383
* tiff2pdf.c: Do not assume inches when the resolution units do not
specified. As per bug
http://bugzilla.remotesensing.org/show_bug.cgi?id=1366
* tiffset.c: Properly handle tags with TIFF_VARIABLE writecount. As per
bug http://bugzilla.remotesensing.org/show_bug.cgi?id=1350
* tif2rgba.c: This utility does not work properly on big-endian
architectures. It was fixed including the bug
http://bugzilla.remotesensing.org/show_bug.cgi?id=1149
* tiff2pdf.c: Fix handling of -q values.
http://bugzilla.remotesensing.org/show_bug.cgi?id=587
* tiffcmp.c: Fixed floating point comparison logic as per bug
http://bugzilla.remotesensing.org/show_bug.cgi?id=1191
* tiff2pdf.c: Fixed buffer overflow condition in t2p_write_pdf_string()
as per bug http://bugzilla.remotesensing.org/show_bug.cgi?id=1196
------------------------------------------------
CHANGES IN THE CONTRIB AREA:
* contrib/addtiffo/tif_overview.c: Fix problems with odd sized output
blocks in TIFF_DownSample_Subsampled() (bug 1542).
* contrib/dbs/xtiff/xtiff.c: Make xtiff utility compilable. Though it is
still far from the state of being working and useful.
|
|
tools taken from MapTools Bugzilla. This fixes CVE-2009-2347.
|
|
(http://bugzilla.maptools.org/show_bug.cgi?id=2065)
to fix a buffer underflow which can cause DOS or system access
(SA35515)
bump PKGREVISION
|
|
|
|
This changes the buildlink3.mk files to use an include guard for the
recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS,
BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new
variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of
enter/exit marker, which can be used to reconstruct the tree and
to determine first level includes. Avoiding := for large variables
(BUILDLINK_ORDER) speeds up parse time as += has linear complexity.
The include guard reduces system time by avoiding reading files over and
over again. For complex packages this reduces both %user and %sys time to
half of the former time.
|
|
CVE-2008-2327. Bump package revision.
|
|
|
|
Requested by solo@.
|
|
"Some vulnerabilities have been reported in libTIFF, which can be
exploited by malicious people to cause a DoS (Denial of Service)
or potentially compromise a vulnerable system.
The vulnerabilities are caused due to various heap and integer
overflows when processing TIFF images and can be exploited via
a specially crafted TIFF image.
Successful exploitation allows crashing applications linked against
libTIFF and may also allow execution of arbitrary code."
http://secunia.com/advisories/21304/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3465
Patches from Tavis Ormandy, Google Security Team via SUSE.
Bump PKGREVISION.
|
|
and add a new helper target and script, "show-buildlink3", that outputs
a listing of the buildlink3.mk files included as well as the depth at
which they are included.
For example, "make show-buildlink3" in fonts/Xft2 displays:
zlib
fontconfig
iconv
zlib
freetype2
expat
freetype2
Xrender
renderproto
|
|
of the order in which buildlink3.mk files are (recursively) included
by a package Makefile.
|
|
were detected and tiffgt was built.
No change to package.
(TODO: do not install the tiffgt manual pages. Maybe install separate
tiffgt package if needed.)
|
|
"A vulnerability in LibTIFF can be exploited by malicious people to
cause a DoS (Denial of Service) and potentially compromise a user's
system.
The vulnerability is caused due to a boundary error within tiff2pdf
when handling a TIFF file with a "DocumentName" tag that contains
UTF-8 characters. This can be exploited to cause a stack-based buffer
overflow and may allow arbitrary code execution."
http://secunia.com/advisories/20488/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2193
Patch from Ubuntu.
|
|
|
|
RECOMMENDED is removed. It becomes ABI_DEPENDS.
BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo.
BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo.
BUILDLINK_DEPENDS does not change.
IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS
which defaults to "yes".
Added to obsolete.mk checking for IGNORE_RECOMMENDED.
I did not manually go through and fix any aesthetic tab/spacing issues.
I have tested the above patch on DragonFly building and packaging
subversion and pkglint and their many dependencies.
I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I
have used IGNORE_RECOMMENDED for a long time). I have been an active user
of IGNORE_RECOMMENDED since it was available.
As suggested, I removed the documentation sentences suggesting bumping for
"security" issues.
As discussed on tech-pkg.
I will commit to revbump, pkglint, pkg_install, createbuildlink separately.
Note that if you use wip, it will fail! I will commit to pkgsrc-wip
later (within day).
|
|
/pkgstat/i386-2.1/20060404.0711/graphics/tiff/.broken.html.
Reviewed By: reed
|
|
changes: bugfixes
|
|
changes:
-many bugfixes
-support PBM files in ppm2tiff
-Added ability to create multipage TIFFs in bmp2tiff
|
|
developer is officially maintaining the package.
The rationale for changing this from "tech-pkg" to "pkgsrc-users" is
that it implies that any user can try to maintain the package (by
submitting patches to the mailing list). Since the folks most likely
to care about the package are the folks that want to use it or are
already using it, this would leverage the energy of users who aren't
developers.
|
|
around a problem caused by a bash'ism in the configure script.
Fix the script instead.
No functional change.
|
|
the inclusion of tiffio.h from C++ as seen in digikam.
Bump revision.
|
