From d6d7bcf4872c6844a2d9ddcba19db2bf80d92c40 Mon Sep 17 00:00:00 2001 From: gdt Date: Mon, 4 Nov 2019 01:11:38 +0000 Subject: [PATCH] graphics/tiff: Update to 4.1.0 Upstream changes are basically minor improvements and bugfixes. Specifically upstream states that there are no ABI changes. Multiple security bugs are fixed due to fuzzing; patches are dropped because they were backported from upstream. --- graphics/tiff/Makefile | 5 +- graphics/tiff/PLIST | 4 +- graphics/tiff/distinfo | 14 ++-- graphics/tiff/patches/patch-CVE-2018-12900 | 39 ------------ graphics/tiff/patches/patch-CVE-2018-17000 | 26 -------- graphics/tiff/patches/patch-CVE-2018-19210 | 74 ---------------------- graphics/tiff/patches/patch-CVE-2019-6128 | 40 ------------ 7 files changed, 10 insertions(+), 192 deletions(-) delete mode 100644 graphics/tiff/patches/patch-CVE-2018-12900 delete mode 100644 graphics/tiff/patches/patch-CVE-2018-17000 delete mode 100644 graphics/tiff/patches/patch-CVE-2018-19210 delete mode 100644 graphics/tiff/patches/patch-CVE-2019-6128 diff --git a/graphics/tiff/Makefile b/graphics/tiff/Makefile index 1b18a7e88e8e..c06e9babf85f 100644 --- a/graphics/tiff/Makefile +++ b/graphics/tiff/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.145 2019/07/17 09:25:45 nia Exp $ +# $NetBSD: Makefile,v 1.146 2019/11/04 01:11:38 gdt Exp $ -DISTNAME= tiff-4.0.10 -PKGREVISION= 1 +DISTNAME= tiff-4.1.0 CATEGORIES= graphics MASTER_SITES= https://download.osgeo.org/libtiff/ diff --git a/graphics/tiff/PLIST b/graphics/tiff/PLIST index 2a96854bf564..dea09ed1b91f 100644 --- a/graphics/tiff/PLIST +++ b/graphics/tiff/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.26 2018/11/10 21:14:53 maya Exp $ +@comment $NetBSD: PLIST,v 1.27 2019/11/04 01:11:38 gdt Exp $ bin/fax2ps bin/fax2tiff bin/pal2rgb @@ -235,3 +235,5 @@ share/doc/tiff/html/v4.0.6.html share/doc/tiff/html/v4.0.7.html share/doc/tiff/html/v4.0.8.html share/doc/tiff/html/v4.0.9.html +share/doc/tiff/html/v4.0.10.html +share/doc/tiff/html/v4.1.0.html diff --git a/graphics/tiff/distinfo b/graphics/tiff/distinfo index d67ee9998078..8cebe4873188 100644 --- a/graphics/tiff/distinfo +++ b/graphics/tiff/distinfo @@ -1,11 +1,7 @@ -$NetBSD: distinfo,v 1.94 2019/07/17 09:25:45 nia Exp $ +$NetBSD: distinfo,v 1.95 2019/11/04 01:11:38 gdt Exp $ -SHA1 (tiff-4.0.10.tar.gz) = c783b80f05cdacf282aa022dc5f5b0ede5e021ae -RMD160 (tiff-4.0.10.tar.gz) = b25cc4002f2493e71763d0a465a50e9d6ee2aff0 -SHA512 (tiff-4.0.10.tar.gz) = d213e5db09fd56b8977b187c5a756f60d6e3e998be172550c2892dbdb4b2a8e8c750202bc863fe27d0d1c577ab9de1710d15e9f6ed665aadbfd857525a81eea8 -Size (tiff-4.0.10.tar.gz) = 2402867 bytes -SHA1 (patch-CVE-2018-12900) = 31d6dcc66a293aa722d7d27b7edd48db50cf9482 -SHA1 (patch-CVE-2018-17000) = c7e4047c007a7519cfbd09125a0b3d5de48af069 -SHA1 (patch-CVE-2018-19210) = d915af6121a13aca5b30dd8506cdae49198e67b6 -SHA1 (patch-CVE-2019-6128) = cb18a950e95ceec348294178348847eeb7340bab +SHA1 (tiff-4.1.0.tar.gz) = 7a882f8d55fd0620cbf89c47994d2d1d3b975452 +RMD160 (tiff-4.1.0.tar.gz) = 913703005630320efc075650d5d7776c73c065f9 +SHA512 (tiff-4.1.0.tar.gz) = fd541dcb11e3d5afaa1ec2f073c9497099727a52f626b338ef87dc93ca2e23ca5f47634015a4beac616d4e8f05acf7b7cd5797fb218758cc2ad31b390491c5a6 +Size (tiff-4.1.0.tar.gz) = 2421581 bytes SHA1 (patch-configure) = a0032133f06b6ac92bbf52349fabe83f74ea14a6 diff --git a/graphics/tiff/patches/patch-CVE-2018-12900 b/graphics/tiff/patches/patch-CVE-2018-12900 deleted file mode 100644 index 82a326b53cab..000000000000 --- a/graphics/tiff/patches/patch-CVE-2018-12900 +++ /dev/null @@ -1,39 +0,0 @@ -$NetBSD: patch-CVE-2018-12900,v 1.1 2019/07/17 09:25:45 nia Exp $ - -Fixes CVE-2018-12900 - -Upstream commit: -https://gitlab.com/libtiff/libtiff/commit/27124e9148b2056d0e0bf4033b4924d5d2a38d01.patch - ---- tools/tiffcp.c.orig 2018-10-13 13:58:55.000000000 +0000 -+++ tools/tiffcp.c -@@ -41,6 +41,7 @@ - #include - #include - #include -+#include - - #include - -@@ -1408,7 +1409,7 @@ DECLAREreadFunc(readSeparateTilesIntoBuf - int status = 1; - uint32 imagew = TIFFRasterScanlineSize(in); - uint32 tilew = TIFFTileRowSize(in); -- int iskew = imagew - tilew*spp; -+ int iskew; - tsize_t tilesize = TIFFTileSize(in); - tdata_t tilebuf; - uint8* bufp = (uint8*) buf; -@@ -1416,6 +1417,12 @@ DECLAREreadFunc(readSeparateTilesIntoBuf - uint32 row; - uint16 bps = 0, bytes_per_sample; - -+ if (spp > (INT_MAX / tilew)) -+ { -+ TIFFError(TIFFFileName(in), "Error, cannot handle that much samples per tile row (Tile Width * Samples/Pixel)"); -+ return 0; -+ } -+ iskew = imagew - tilew*spp; - tilebuf = _TIFFmalloc(tilesize); - if (tilebuf == 0) - return 0; diff --git a/graphics/tiff/patches/patch-CVE-2018-17000 b/graphics/tiff/patches/patch-CVE-2018-17000 deleted file mode 100644 index 9df7b141713b..000000000000 --- a/graphics/tiff/patches/patch-CVE-2018-17000 +++ /dev/null @@ -1,26 +0,0 @@ -$NetBSD: patch-CVE-2018-17000,v 1.1 2019/07/17 09:25:45 nia Exp $ - -Fixes CVE-2018-17000 - -Upstream commit: -https://gitlab.com/libtiff/libtiff/commit/802d3cbf3043be5dce5317e140ccb1c17a6a2d39.patch - ---- libtiff/tif_dirwrite.c.orig 2018-06-24 20:26:30.000000000 +0000 -+++ libtiff/tif_dirwrite.c -@@ -1893,12 +1893,14 @@ TIFFWriteDirectoryTagTransferfunction(TI - n=3; - if (n==3) - { -- if (!_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[2],m*sizeof(uint16))) -+ if (tif->tif_dir.td_transferfunction[2] == NULL || -+ !_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[2],m*sizeof(uint16))) - n=2; - } - if (n==2) - { -- if (!_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[1],m*sizeof(uint16))) -+ if (tif->tif_dir.td_transferfunction[1] == NULL || -+ !_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[1],m*sizeof(uint16))) - n=1; - } - if (n==0) diff --git a/graphics/tiff/patches/patch-CVE-2018-19210 b/graphics/tiff/patches/patch-CVE-2018-19210 deleted file mode 100644 index 0fe7e4ae68b2..000000000000 --- a/graphics/tiff/patches/patch-CVE-2018-19210 +++ /dev/null @@ -1,74 +0,0 @@ -$NetBSD: patch-CVE-2018-19210,v 1.1 2019/07/17 09:25:45 nia Exp $ - -Fixes CVE-2018-19210 - -Upstream commits: -https://gitlab.com/libtiff/libtiff/commit/1edeee44c8b9cb3f647ac175d434f5d9f2b03aeb.patch -https://gitlab.com/libtiff/libtiff/commit/38ede78b13810ff0fa8e61f86ef9aa0ab2964668.patch - ---- libtiff/tif_dir.c.orig 2018-05-05 13:50:35.000000000 +0000 -+++ libtiff/tif_dir.c -@@ -88,13 +88,15 @@ setDoubleArrayOneValue(double** vpp, dou - * Install extra samples information. - */ - static int --setExtraSamples(TIFFDirectory* td, va_list ap, uint32* v) -+setExtraSamples(TIFF* tif, va_list ap, uint32* v) - { - /* XXX: Unassociated alpha data == 999 is a known Corel Draw bug, see below */ - #define EXTRASAMPLE_COREL_UNASSALPHA 999 - - uint16* va; - uint32 i; -+ TIFFDirectory* td = &tif->tif_dir; -+ static const char module[] = "setExtraSamples"; - - *v = (uint16) va_arg(ap, uint16_vap); - if ((uint16) *v > td->td_samplesperpixel) -@@ -116,6 +118,18 @@ setExtraSamples(TIFFDirectory* td, va_li - return 0; - } - } -+ -+ if ( td->td_transferfunction[0] != NULL && (td->td_samplesperpixel - *v > 1) && -+ !(td->td_samplesperpixel - td->td_extrasamples > 1)) -+ { -+ TIFFWarningExt(tif->tif_clientdata,module, -+ "ExtraSamples tag value is changing, " -+ "but TransferFunction was read with a different value. Cancelling it"); -+ TIFFClrFieldBit(tif,FIELD_TRANSFERFUNCTION); -+ _TIFFfree(td->td_transferfunction[0]); -+ td->td_transferfunction[0] = NULL; -+ } -+ - td->td_extrasamples = (uint16) *v; - _TIFFsetShortArray(&td->td_sampleinfo, va, td->td_extrasamples); - return 1; -@@ -285,6 +299,18 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va - _TIFFfree(td->td_smaxsamplevalue); - td->td_smaxsamplevalue = NULL; - } -+ /* Test if 3 transfer functions instead of just one are now needed -+ See http://bugzilla.maptools.org/show_bug.cgi?id=2820 */ -+ if( td->td_transferfunction[0] != NULL && (v - td->td_extrasamples > 1) && -+ !(td->td_samplesperpixel - td->td_extrasamples > 1)) -+ { -+ TIFFWarningExt(tif->tif_clientdata,module, -+ "SamplesPerPixel tag value is changing, " -+ "but TransferFunction was read with a different value. Cancelling it"); -+ TIFFClrFieldBit(tif,FIELD_TRANSFERFUNCTION); -+ _TIFFfree(td->td_transferfunction[0]); -+ td->td_transferfunction[0] = NULL; -+ } - } - td->td_samplesperpixel = (uint16) v; - break; -@@ -361,7 +387,7 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va - _TIFFsetShortArray(&td->td_colormap[2], va_arg(ap, uint16*), v32); - break; - case TIFFTAG_EXTRASAMPLES: -- if (!setExtraSamples(td, ap, &v)) -+ if (!setExtraSamples(tif, ap, &v)) - goto badvalue; - break; - case TIFFTAG_MATTEING: diff --git a/graphics/tiff/patches/patch-CVE-2019-6128 b/graphics/tiff/patches/patch-CVE-2019-6128 deleted file mode 100644 index 8aaf778744c4..000000000000 --- a/graphics/tiff/patches/patch-CVE-2019-6128 +++ /dev/null @@ -1,40 +0,0 @@ -$NetBSD: patch-CVE-2019-6128,v 1.1 2019/07/17 09:25:45 nia Exp $ - -Fix for a simple memory leak that was assigned CVE-2019-6128. - -Upstream commit: -https://gitlab.com/libtiff/libtiff/commit/ae0bed1fe530a82faf2e9ea1775109dbf301a971.patch - ---- tools/pal2rgb.c.orig 2018-10-13 13:58:55.000000000 +0000 -+++ tools/pal2rgb.c -@@ -118,12 +118,14 @@ main(int argc, char* argv[]) - shortv != PHOTOMETRIC_PALETTE) { - fprintf(stderr, "%s: Expecting a palette image.\n", - argv[optind]); -+ (void) TIFFClose(in); - return (-1); - } - if (!TIFFGetField(in, TIFFTAG_COLORMAP, &rmap, &gmap, &bmap)) { - fprintf(stderr, - "%s: No colormap (not a valid palette image).\n", - argv[optind]); -+ (void) TIFFClose(in); - return (-1); - } - bitspersample = 0; -@@ -131,11 +133,14 @@ main(int argc, char* argv[]) - if (bitspersample != 8) { - fprintf(stderr, "%s: Sorry, can only handle 8-bit images.\n", - argv[optind]); -+ (void) TIFFClose(in); - return (-1); - } - out = TIFFOpen(argv[optind+1], "w"); -- if (out == NULL) -+ if (out == NULL) { -+ (void) TIFFClose(in); - return (-2); -+ } - cpTags(in, out); - TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &imagewidth); - TIFFGetField(in, TIFFTAG_IMAGELENGTH, &imagelength);