From ce47fe063d148c130190d8baf164069176ddacab Mon Sep 17 00:00:00 2001 From: wiz Date: Tue, 12 Apr 2011 08:57:57 +0000 Subject: Update to 3.9.5: Many bugs and security issues are resolved in this stable release. --- graphics/tiff/Makefile | 5 +-- graphics/tiff/distinfo | 15 ++----- graphics/tiff/patches/patch-CVE-2011-1167 | 73 ------------------------------- graphics/tiff/patches/patch-SA43593 | 20 --------- graphics/tiff/patches/patch-aa | 59 ------------------------- graphics/tiff/patches/patch-ab | 19 -------- graphics/tiff/patches/patch-ac | 32 -------------- graphics/tiff/patches/patch-ad | 31 ------------- graphics/tiff/patches/patch-ae | 47 -------------------- 9 files changed, 6 insertions(+), 295 deletions(-) delete mode 100644 graphics/tiff/patches/patch-CVE-2011-1167 delete mode 100644 graphics/tiff/patches/patch-SA43593 delete mode 100644 graphics/tiff/patches/patch-aa delete mode 100644 graphics/tiff/patches/patch-ab delete mode 100644 graphics/tiff/patches/patch-ac delete mode 100644 graphics/tiff/patches/patch-ad delete mode 100644 graphics/tiff/patches/patch-ae (limited to 'graphics/tiff') diff --git a/graphics/tiff/Makefile b/graphics/tiff/Makefile index 712045b9ecd..cd8b71425c2 100644 --- a/graphics/tiff/Makefile +++ b/graphics/tiff/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.100 2011/03/31 11:05:44 drochner Exp $ +# $NetBSD: Makefile,v 1.101 2011/04/12 08:57:57 wiz Exp $ -DISTNAME= tiff-3.9.4 -PKGREVISION= 3 +DISTNAME= tiff-3.9.5 CATEGORIES= graphics MASTER_SITES= ftp://ftp.remotesensing.org/pub/libtiff/ \ http://libtiff.maptools.org/dl/ diff --git a/graphics/tiff/distinfo b/graphics/tiff/distinfo index e89adbe8c9f..ebc7b5bd2ea 100644 --- a/graphics/tiff/distinfo +++ b/graphics/tiff/distinfo @@ -1,12 +1,5 @@ -$NetBSD: distinfo,v 1.51 2011/03/31 11:05:44 drochner Exp $ +$NetBSD: distinfo,v 1.52 2011/04/12 08:57:57 wiz Exp $ -SHA1 (tiff-3.9.4.tar.gz) = a4e32d55afbbcabd0391a9c89995e8e8a19961de -RMD160 (tiff-3.9.4.tar.gz) = 3e0a74b6294297c16fb983ad68056a1dfbbdb1de -Size (tiff-3.9.4.tar.gz) = 1436968 bytes -SHA1 (patch-CVE-2011-1167) = 30099dc0e1a8271d65799365ce81fda3081f5d5b -SHA1 (patch-SA43593) = d24ff27a7a2e659c632d5a5fb720a908915e8595 -SHA1 (patch-aa) = 0ed02eb18454f4d91bf2fad6b9262bc442cd0822 -SHA1 (patch-ab) = 66101ec437ff222d629120e52e2011ea5b36dca0 -SHA1 (patch-ac) = 7211eebf68e73790ac1263efb16943e59cbffa95 -SHA1 (patch-ad) = bae790a9309967f874987f1da57e5f93a67094e1 -SHA1 (patch-ae) = 33dd5e9307a55273e9aaacdd7f5f9aea51aa5adc +SHA1 (tiff-3.9.5.tar.gz) = f40aab20fb2f609b5cbc1171c40b66a1445e3773 +RMD160 (tiff-3.9.5.tar.gz) = c67742bf6b9b10ca0700e69ce575007d40c4f89c +Size (tiff-3.9.5.tar.gz) = 1455502 bytes diff --git a/graphics/tiff/patches/patch-CVE-2011-1167 b/graphics/tiff/patches/patch-CVE-2011-1167 deleted file mode 100644 index 33e7be1ea7b..00000000000 --- a/graphics/tiff/patches/patch-CVE-2011-1167 +++ /dev/null @@ -1,73 +0,0 @@ -$NetBSD: patch-CVE-2011-1167,v 1.1 2011/03/31 11:05:45 drochner Exp $ - ---- libtiff/tif_thunder.c.orig 2010-06-08 18:50:43.000000000 +0000 -+++ libtiff/tif_thunder.c -@@ -25,6 +25,7 @@ - */ - - #include "tiffiop.h" -+#include - #ifdef THUNDER_SUPPORT - /* - * TIFF Library. -@@ -55,12 +56,32 @@ - static const int twobitdeltas[4] = { 0, 1, 0, -1 }; - static const int threebitdeltas[8] = { 0, 1, 2, 3, 0, -3, -2, -1 }; - --#define SETPIXEL(op, v) { \ -- lastpixel = (v) & 0xf; \ -- if (npixels++ & 1) \ -- *op++ |= lastpixel; \ -- else \ -+#define SETPIXEL(op, v) { \ -+ lastpixel = (v) & 0xf; \ -+ if ( npixels < maxpixels ) \ -+ { \ -+ if (npixels++ & 1) \ -+ *op++ |= lastpixel; \ -+ else \ - op[0] = (tidataval_t) (lastpixel << 4); \ -+ } \ -+} -+ -+static int -+ThunderSetupDecode(TIFF* tif) -+{ -+ static const char module[] = "ThunderSetupDecode"; -+ -+ if( tif->tif_dir.td_bitspersample != 4 ) -+ { -+ TIFFErrorExt(tif->tif_clientdata, module, -+ "Wrong bitspersample value (%d), Thunder decoder only supports 4bits per sample.", -+ (int) tif->tif_dir.td_bitspersample ); -+ return 0; -+ } -+ -+ -+ return (1); - } - - static int -@@ -142,7 +163,8 @@ ThunderDecodeRow(TIFF* tif, tidata_t buf - occ -= tif->tif_scanlinesize; - row += tif->tif_scanlinesize; - } -- return (1); -+ -+ return (1); - } - - int -@@ -151,6 +173,7 @@ TIFFInitThunderScan(TIFF* tif, int schem - (void) scheme; - tif->tif_decoderow = ThunderDecodeRow; - tif->tif_decodestrip = ThunderDecodeRow; -+ tif->tif_setupdecode = ThunderSetupDecode; - return (1); - } - #endif /* THUNDER_SUPPORT */ -@@ -163,3 +186,4 @@ TIFFInitThunderScan(TIFF* tif, int schem - * fill-column: 78 - * End: - */ -+ diff --git a/graphics/tiff/patches/patch-SA43593 b/graphics/tiff/patches/patch-SA43593 deleted file mode 100644 index 870a0d5919e..00000000000 --- a/graphics/tiff/patches/patch-SA43593 +++ /dev/null @@ -1,20 +0,0 @@ -$NetBSD: patch-SA43593,v 1.1 2011/03/12 16:10:43 tron Exp $ - -Fix heap-based buffer overflow which causes the vulnerability reported -in SA43593. Patch taken from the "libtiff" CVS repository. - ---- libtiff/tif_fax3.h 8 Jun 2010 18:50:42 -0000 1.5.2.1 -+++ libtiff/tif_fax3.h 10 Mar 2011 20:22:33 -0000 1.5.2.3 -@@ -478,6 +478,12 @@ - break; \ - case S_VL: \ - CHECK_b1; \ -+ if (b1 <= (int) (a0 + TabEnt->Param)) { \ -+ if (b1 < (int) (a0 + TabEnt->Param) || pa != thisrun) { \ -+ unexpected("VL", a0); \ -+ goto eol2d; \ -+ } \ -+ } \ - SETVALUE(b1 - a0 - TabEnt->Param); \ - b1 -= *--pb; \ - break; \ diff --git a/graphics/tiff/patches/patch-aa b/graphics/tiff/patches/patch-aa deleted file mode 100644 index 52c8cf04fda..00000000000 --- a/graphics/tiff/patches/patch-aa +++ /dev/null @@ -1,59 +0,0 @@ -$NetBSD: patch-aa,v 1.19 2010/08/04 17:48:22 tron Exp $ - -Fix for CVE-2010-2233 taken from here ... - -http://bugzilla.maptools.org/show_bug.cgi?id=2207 - -... and for CVE-2010-2483 taken from here: - -https://bugzilla.redhat.com/show_bug.cgi?id=603081 - ---- libtiff/tif_getimage.c.orig 2010-06-08 19:50:42.000000000 +0100 -+++ libtiff/tif_getimage.c 2010-08-04 18:20:24.000000000 +0100 -@@ -1846,6 +1846,7 @@ - DECLAREContigPutFunc(putcontig8bitYCbCr22tile) - { - uint32* cp2; -+ int32 incr = 2*toskew+w; - (void) y; - fromskew = (fromskew / 2) * 6; - cp2 = cp+w+toskew; -@@ -1872,8 +1873,8 @@ - cp2 ++ ; - pp += 6; - } -- cp += toskew*2+w; -- cp2 += toskew*2+w; -+ cp += incr; -+ cp2 += incr; - pp += fromskew; - h-=2; - } -@@ -1939,6 +1940,7 @@ - DECLAREContigPutFunc(putcontig8bitYCbCr12tile) - { - uint32* cp2; -+ int32 incr = 2*toskew+w; - (void) y; - fromskew = (fromskew / 2) * 4; - cp2 = cp+w+toskew; -@@ -1953,8 +1955,8 @@ - cp2 ++; - pp += 4; - } while (--x); -- cp += toskew*2+w; -- cp2 += toskew*2+w; -+ cp += incr; -+ cp2 += incr; - pp += fromskew; - h-=2; - } -@@ -2397,7 +2399,7 @@ - } - break; - case PHOTOMETRIC_YCBCR: -- if (img->bitspersample == 8) -+ if ((img->bitspersample==8) && (img->samplesperpixel==3)) - { - if (initYCbCrConversion(img)!=0) - { diff --git a/graphics/tiff/patches/patch-ab b/graphics/tiff/patches/patch-ab deleted file mode 100644 index f13f9d1d7e3..00000000000 --- a/graphics/tiff/patches/patch-ab +++ /dev/null @@ -1,19 +0,0 @@ -$NetBSD: patch-ab,v 1.20 2010/08/04 17:48:22 tron Exp $ - -Fix for CVE-2010-2482 taken from here: - -http://bugzilla.maptools.org/show_bug.cgi?id=1996 - ---- libtiff/tif_ojpeg.c.orig 2010-06-09 00:29:51.000000000 +0100 -+++ libtiff/tif_ojpeg.c 2010-08-04 18:14:07.000000000 +0100 -@@ -1920,6 +1920,10 @@ - sp->in_buffer_file_pos=0; - else - { -+ if (sp->tif->tif_dir.td_stripbytecount == 0) { -+ TIFFErrorExt(sp->tif->tif_clientdata,sp->tif->tif_name,"Strip byte counts are missing"); -+ return(0); -+ } - sp->in_buffer_file_togo=sp->tif->tif_dir.td_stripbytecount[sp->in_buffer_next_strile]; - if (sp->in_buffer_file_togo==0) - sp->in_buffer_file_pos=0; diff --git a/graphics/tiff/patches/patch-ac b/graphics/tiff/patches/patch-ac deleted file mode 100644 index 65fbceb8b2d..00000000000 --- a/graphics/tiff/patches/patch-ac +++ /dev/null @@ -1,32 +0,0 @@ -$NetBSD: patch-ac,v 1.22 2010/08/04 17:48:22 tron Exp $ - -Fix for CVE-2010-2482 taken from here: - -http://bugzilla.maptools.org/show_bug.cgi?id=1996 - ---- tools/tiffsplit.c.orig 2010-06-08 19:50:44.000000000 +0100 -+++ tools/tiffsplit.c 2010-08-04 18:14:07.000000000 +0100 -@@ -237,7 +237,10 @@ - tstrip_t s, ns = TIFFNumberOfStrips(in); - uint32 *bytecounts; - -- TIFFGetField(in, TIFFTAG_STRIPBYTECOUNTS, &bytecounts); -+ if (!TIFFGetField(in, TIFFTAG_STRIPBYTECOUNTS, &bytecounts)) { -+ fprintf(stderr, "tiffsplit: strip byte counts are missing\n"); -+ return (0); -+ } - for (s = 0; s < ns; s++) { - if (bytecounts[s] > (uint32)bufsize) { - buf = (unsigned char *)_TIFFrealloc(buf, bytecounts[s]); -@@ -267,7 +270,10 @@ - ttile_t t, nt = TIFFNumberOfTiles(in); - uint32 *bytecounts; - -- TIFFGetField(in, TIFFTAG_TILEBYTECOUNTS, &bytecounts); -+ if (!TIFFGetField(in, TIFFTAG_TILEBYTECOUNTS, &bytecounts)) { -+ fprintf(stderr, "tiffsplit: tile byte counts are missing\n"); -+ return (0); -+ } - for (t = 0; t < nt; t++) { - if (bytecounts[t] > (uint32) bufsize) { - buf = (unsigned char *)_TIFFrealloc(buf, bytecounts[t]); diff --git a/graphics/tiff/patches/patch-ad b/graphics/tiff/patches/patch-ad deleted file mode 100644 index 7853405d121..00000000000 --- a/graphics/tiff/patches/patch-ad +++ /dev/null @@ -1,31 +0,0 @@ -$NetBSD: patch-ad,v 1.16 2010/08/04 17:48:22 tron Exp $ - -Patch for CVE-2010-2595 taken from here: - -http://bugzilla.maptools.org/show_bug.cgi?id=2208 - ---- libtiff/tif_color.c.orig 2010-06-08 19:50:41.000000000 +0100 -+++ libtiff/tif_color.c 2010-08-04 18:24:14.000000000 +0100 -@@ -183,13 +183,18 @@ - TIFFYCbCrtoRGB(TIFFYCbCrToRGB *ycbcr, uint32 Y, int32 Cb, int32 Cr, - uint32 *r, uint32 *g, uint32 *b) - { -+ int32 i; -+ - /* XXX: Only 8-bit YCbCr input supported for now */ - Y = HICLAMP(Y, 255), Cb = CLAMP(Cb, 0, 255), Cr = CLAMP(Cr, 0, 255); - -- *r = ycbcr->clamptab[ycbcr->Y_tab[Y] + ycbcr->Cr_r_tab[Cr]]; -- *g = ycbcr->clamptab[ycbcr->Y_tab[Y] -- + (int)((ycbcr->Cb_g_tab[Cb] + ycbcr->Cr_g_tab[Cr]) >> SHIFT)]; -- *b = ycbcr->clamptab[ycbcr->Y_tab[Y] + ycbcr->Cb_b_tab[Cb]]; -+ i = ycbcr->Y_tab[Y] + ycbcr->Cr_r_tab[Cr]; -+ *r = CLAMP(i, 0, 255); -+ i = ycbcr->Y_tab[Y] -+ + (int)((ycbcr->Cb_g_tab[Cb] + ycbcr->Cr_g_tab[Cr]) >> SHIFT); -+ *g = CLAMP(i, 0, 255); -+ i = ycbcr->Y_tab[Y] + ycbcr->Cb_b_tab[Cb]; -+ *b = CLAMP(i, 0, 255); - } - - /* diff --git a/graphics/tiff/patches/patch-ae b/graphics/tiff/patches/patch-ae deleted file mode 100644 index 65caa3d5dba..00000000000 --- a/graphics/tiff/patches/patch-ae +++ /dev/null @@ -1,47 +0,0 @@ -$NetBSD: patch-ae,v 1.11 2010/08/04 17:48:22 tron Exp $ - -Fix for CVE-2010-2597 taken from here: - -http://bugzilla.maptools.org/show_bug.cgi?id=2215 - ---- libtiff/tif_strip.c.orig 2010-06-08 19:50:43.000000000 +0100 -+++ libtiff/tif_strip.c 2010-08-04 18:35:46.000000000 +0100 -@@ -124,9 +124,9 @@ - uint16 ycbcrsubsampling[2]; - tsize_t w, scanline, samplingarea; - -- TIFFGetField( tif, TIFFTAG_YCBCRSUBSAMPLING, -- ycbcrsubsampling + 0, -- ycbcrsubsampling + 1 ); -+ TIFFGetFieldDefaulted(tif, TIFFTAG_YCBCRSUBSAMPLING, -+ ycbcrsubsampling + 0, -+ ycbcrsubsampling + 1); - - samplingarea = ycbcrsubsampling[0]*ycbcrsubsampling[1]; - if (samplingarea == 0) { -@@ -234,9 +234,9 @@ - && !isUpSampled(tif)) { - uint16 ycbcrsubsampling[2]; - -- TIFFGetField(tif, TIFFTAG_YCBCRSUBSAMPLING, -- ycbcrsubsampling + 0, -- ycbcrsubsampling + 1); -+ TIFFGetFieldDefaulted(tif, TIFFTAG_YCBCRSUBSAMPLING, -+ ycbcrsubsampling + 0, -+ ycbcrsubsampling + 1); - - if (ycbcrsubsampling[0] == 0) { - TIFFErrorExt(tif->tif_clientdata, tif->tif_name, -@@ -308,9 +308,9 @@ - && !isUpSampled(tif)) { - uint16 ycbcrsubsampling[2]; - -- TIFFGetField(tif, TIFFTAG_YCBCRSUBSAMPLING, -- ycbcrsubsampling + 0, -- ycbcrsubsampling + 1); -+ TIFFGetFieldDefaulted(tif, TIFFTAG_YCBCRSUBSAMPLING, -+ ycbcrsubsampling + 0, -+ ycbcrsubsampling + 1); - - if (ycbcrsubsampling[0]*ycbcrsubsampling[1] == 0) { - TIFFErrorExt(tif->tif_clientdata, tif->tif_name, -- cgit v1.2.3