graphics/tiff: Update to 4.1.0
Upstream changes are basically minor improvements and bugfixes. Specifically upstream states that there are no ABI changes. Multiple security bugs are fixed due to fuzzing; patches are dropped because they were backported from upstream.
This commit is contained in:
parent
c00fe73fe0
commit
d6d7bcf487
7 changed files with 10 additions and 192 deletions
|
@ -1,7 +1,6 @@
|
||||||
# $NetBSD: Makefile,v 1.145 2019/07/17 09:25:45 nia Exp $
|
# $NetBSD: Makefile,v 1.146 2019/11/04 01:11:38 gdt Exp $
|
||||||
|
|
||||||
DISTNAME= tiff-4.0.10
|
DISTNAME= tiff-4.1.0
|
||||||
PKGREVISION= 1
|
|
||||||
CATEGORIES= graphics
|
CATEGORIES= graphics
|
||||||
MASTER_SITES= https://download.osgeo.org/libtiff/
|
MASTER_SITES= https://download.osgeo.org/libtiff/
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
@comment $NetBSD: PLIST,v 1.26 2018/11/10 21:14:53 maya Exp $
|
@comment $NetBSD: PLIST,v 1.27 2019/11/04 01:11:38 gdt Exp $
|
||||||
bin/fax2ps
|
bin/fax2ps
|
||||||
bin/fax2tiff
|
bin/fax2tiff
|
||||||
bin/pal2rgb
|
bin/pal2rgb
|
||||||
|
@ -235,3 +235,5 @@ share/doc/tiff/html/v4.0.6.html
|
||||||
share/doc/tiff/html/v4.0.7.html
|
share/doc/tiff/html/v4.0.7.html
|
||||||
share/doc/tiff/html/v4.0.8.html
|
share/doc/tiff/html/v4.0.8.html
|
||||||
share/doc/tiff/html/v4.0.9.html
|
share/doc/tiff/html/v4.0.9.html
|
||||||
|
share/doc/tiff/html/v4.0.10.html
|
||||||
|
share/doc/tiff/html/v4.1.0.html
|
||||||
|
|
|
@ -1,11 +1,7 @@
|
||||||
$NetBSD: distinfo,v 1.94 2019/07/17 09:25:45 nia Exp $
|
$NetBSD: distinfo,v 1.95 2019/11/04 01:11:38 gdt Exp $
|
||||||
|
|
||||||
SHA1 (tiff-4.0.10.tar.gz) = c783b80f05cdacf282aa022dc5f5b0ede5e021ae
|
SHA1 (tiff-4.1.0.tar.gz) = 7a882f8d55fd0620cbf89c47994d2d1d3b975452
|
||||||
RMD160 (tiff-4.0.10.tar.gz) = b25cc4002f2493e71763d0a465a50e9d6ee2aff0
|
RMD160 (tiff-4.1.0.tar.gz) = 913703005630320efc075650d5d7776c73c065f9
|
||||||
SHA512 (tiff-4.0.10.tar.gz) = d213e5db09fd56b8977b187c5a756f60d6e3e998be172550c2892dbdb4b2a8e8c750202bc863fe27d0d1c577ab9de1710d15e9f6ed665aadbfd857525a81eea8
|
SHA512 (tiff-4.1.0.tar.gz) = fd541dcb11e3d5afaa1ec2f073c9497099727a52f626b338ef87dc93ca2e23ca5f47634015a4beac616d4e8f05acf7b7cd5797fb218758cc2ad31b390491c5a6
|
||||||
Size (tiff-4.0.10.tar.gz) = 2402867 bytes
|
Size (tiff-4.1.0.tar.gz) = 2421581 bytes
|
||||||
SHA1 (patch-CVE-2018-12900) = 31d6dcc66a293aa722d7d27b7edd48db50cf9482
|
|
||||||
SHA1 (patch-CVE-2018-17000) = c7e4047c007a7519cfbd09125a0b3d5de48af069
|
|
||||||
SHA1 (patch-CVE-2018-19210) = d915af6121a13aca5b30dd8506cdae49198e67b6
|
|
||||||
SHA1 (patch-CVE-2019-6128) = cb18a950e95ceec348294178348847eeb7340bab
|
|
||||||
SHA1 (patch-configure) = a0032133f06b6ac92bbf52349fabe83f74ea14a6
|
SHA1 (patch-configure) = a0032133f06b6ac92bbf52349fabe83f74ea14a6
|
||||||
|
|
|
@ -1,39 +0,0 @@
|
||||||
$NetBSD: patch-CVE-2018-12900,v 1.1 2019/07/17 09:25:45 nia Exp $
|
|
||||||
|
|
||||||
Fixes CVE-2018-12900
|
|
||||||
|
|
||||||
Upstream commit:
|
|
||||||
https://gitlab.com/libtiff/libtiff/commit/27124e9148b2056d0e0bf4033b4924d5d2a38d01.patch
|
|
||||||
|
|
||||||
--- tools/tiffcp.c.orig 2018-10-13 13:58:55.000000000 +0000
|
|
||||||
+++ tools/tiffcp.c
|
|
||||||
@@ -41,6 +41,7 @@
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <string.h>
|
|
||||||
+#include <limits.h>
|
|
||||||
|
|
||||||
#include <ctype.h>
|
|
||||||
|
|
||||||
@@ -1408,7 +1409,7 @@ DECLAREreadFunc(readSeparateTilesIntoBuf
|
|
||||||
int status = 1;
|
|
||||||
uint32 imagew = TIFFRasterScanlineSize(in);
|
|
||||||
uint32 tilew = TIFFTileRowSize(in);
|
|
||||||
- int iskew = imagew - tilew*spp;
|
|
||||||
+ int iskew;
|
|
||||||
tsize_t tilesize = TIFFTileSize(in);
|
|
||||||
tdata_t tilebuf;
|
|
||||||
uint8* bufp = (uint8*) buf;
|
|
||||||
@@ -1416,6 +1417,12 @@ DECLAREreadFunc(readSeparateTilesIntoBuf
|
|
||||||
uint32 row;
|
|
||||||
uint16 bps = 0, bytes_per_sample;
|
|
||||||
|
|
||||||
+ if (spp > (INT_MAX / tilew))
|
|
||||||
+ {
|
|
||||||
+ TIFFError(TIFFFileName(in), "Error, cannot handle that much samples per tile row (Tile Width * Samples/Pixel)");
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+ iskew = imagew - tilew*spp;
|
|
||||||
tilebuf = _TIFFmalloc(tilesize);
|
|
||||||
if (tilebuf == 0)
|
|
||||||
return 0;
|
|
|
@ -1,26 +0,0 @@
|
||||||
$NetBSD: patch-CVE-2018-17000,v 1.1 2019/07/17 09:25:45 nia Exp $
|
|
||||||
|
|
||||||
Fixes CVE-2018-17000
|
|
||||||
|
|
||||||
Upstream commit:
|
|
||||||
https://gitlab.com/libtiff/libtiff/commit/802d3cbf3043be5dce5317e140ccb1c17a6a2d39.patch
|
|
||||||
|
|
||||||
--- libtiff/tif_dirwrite.c.orig 2018-06-24 20:26:30.000000000 +0000
|
|
||||||
+++ libtiff/tif_dirwrite.c
|
|
||||||
@@ -1893,12 +1893,14 @@ TIFFWriteDirectoryTagTransferfunction(TI
|
|
||||||
n=3;
|
|
||||||
if (n==3)
|
|
||||||
{
|
|
||||||
- if (!_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[2],m*sizeof(uint16)))
|
|
||||||
+ if (tif->tif_dir.td_transferfunction[2] == NULL ||
|
|
||||||
+ !_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[2],m*sizeof(uint16)))
|
|
||||||
n=2;
|
|
||||||
}
|
|
||||||
if (n==2)
|
|
||||||
{
|
|
||||||
- if (!_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[1],m*sizeof(uint16)))
|
|
||||||
+ if (tif->tif_dir.td_transferfunction[1] == NULL ||
|
|
||||||
+ !_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[1],m*sizeof(uint16)))
|
|
||||||
n=1;
|
|
||||||
}
|
|
||||||
if (n==0)
|
|
|
@ -1,74 +0,0 @@
|
||||||
$NetBSD: patch-CVE-2018-19210,v 1.1 2019/07/17 09:25:45 nia Exp $
|
|
||||||
|
|
||||||
Fixes CVE-2018-19210
|
|
||||||
|
|
||||||
Upstream commits:
|
|
||||||
https://gitlab.com/libtiff/libtiff/commit/1edeee44c8b9cb3f647ac175d434f5d9f2b03aeb.patch
|
|
||||||
https://gitlab.com/libtiff/libtiff/commit/38ede78b13810ff0fa8e61f86ef9aa0ab2964668.patch
|
|
||||||
|
|
||||||
--- libtiff/tif_dir.c.orig 2018-05-05 13:50:35.000000000 +0000
|
|
||||||
+++ libtiff/tif_dir.c
|
|
||||||
@@ -88,13 +88,15 @@ setDoubleArrayOneValue(double** vpp, dou
|
|
||||||
* Install extra samples information.
|
|
||||||
*/
|
|
||||||
static int
|
|
||||||
-setExtraSamples(TIFFDirectory* td, va_list ap, uint32* v)
|
|
||||||
+setExtraSamples(TIFF* tif, va_list ap, uint32* v)
|
|
||||||
{
|
|
||||||
/* XXX: Unassociated alpha data == 999 is a known Corel Draw bug, see below */
|
|
||||||
#define EXTRASAMPLE_COREL_UNASSALPHA 999
|
|
||||||
|
|
||||||
uint16* va;
|
|
||||||
uint32 i;
|
|
||||||
+ TIFFDirectory* td = &tif->tif_dir;
|
|
||||||
+ static const char module[] = "setExtraSamples";
|
|
||||||
|
|
||||||
*v = (uint16) va_arg(ap, uint16_vap);
|
|
||||||
if ((uint16) *v > td->td_samplesperpixel)
|
|
||||||
@@ -116,6 +118,18 @@ setExtraSamples(TIFFDirectory* td, va_li
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+ if ( td->td_transferfunction[0] != NULL && (td->td_samplesperpixel - *v > 1) &&
|
|
||||||
+ !(td->td_samplesperpixel - td->td_extrasamples > 1))
|
|
||||||
+ {
|
|
||||||
+ TIFFWarningExt(tif->tif_clientdata,module,
|
|
||||||
+ "ExtraSamples tag value is changing, "
|
|
||||||
+ "but TransferFunction was read with a different value. Cancelling it");
|
|
||||||
+ TIFFClrFieldBit(tif,FIELD_TRANSFERFUNCTION);
|
|
||||||
+ _TIFFfree(td->td_transferfunction[0]);
|
|
||||||
+ td->td_transferfunction[0] = NULL;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
td->td_extrasamples = (uint16) *v;
|
|
||||||
_TIFFsetShortArray(&td->td_sampleinfo, va, td->td_extrasamples);
|
|
||||||
return 1;
|
|
||||||
@@ -285,6 +299,18 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va
|
|
||||||
_TIFFfree(td->td_smaxsamplevalue);
|
|
||||||
td->td_smaxsamplevalue = NULL;
|
|
||||||
}
|
|
||||||
+ /* Test if 3 transfer functions instead of just one are now needed
|
|
||||||
+ See http://bugzilla.maptools.org/show_bug.cgi?id=2820 */
|
|
||||||
+ if( td->td_transferfunction[0] != NULL && (v - td->td_extrasamples > 1) &&
|
|
||||||
+ !(td->td_samplesperpixel - td->td_extrasamples > 1))
|
|
||||||
+ {
|
|
||||||
+ TIFFWarningExt(tif->tif_clientdata,module,
|
|
||||||
+ "SamplesPerPixel tag value is changing, "
|
|
||||||
+ "but TransferFunction was read with a different value. Cancelling it");
|
|
||||||
+ TIFFClrFieldBit(tif,FIELD_TRANSFERFUNCTION);
|
|
||||||
+ _TIFFfree(td->td_transferfunction[0]);
|
|
||||||
+ td->td_transferfunction[0] = NULL;
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
td->td_samplesperpixel = (uint16) v;
|
|
||||||
break;
|
|
||||||
@@ -361,7 +387,7 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va
|
|
||||||
_TIFFsetShortArray(&td->td_colormap[2], va_arg(ap, uint16*), v32);
|
|
||||||
break;
|
|
||||||
case TIFFTAG_EXTRASAMPLES:
|
|
||||||
- if (!setExtraSamples(td, ap, &v))
|
|
||||||
+ if (!setExtraSamples(tif, ap, &v))
|
|
||||||
goto badvalue;
|
|
||||||
break;
|
|
||||||
case TIFFTAG_MATTEING:
|
|
|
@ -1,40 +0,0 @@
|
||||||
$NetBSD: patch-CVE-2019-6128,v 1.1 2019/07/17 09:25:45 nia Exp $
|
|
||||||
|
|
||||||
Fix for a simple memory leak that was assigned CVE-2019-6128.
|
|
||||||
|
|
||||||
Upstream commit:
|
|
||||||
https://gitlab.com/libtiff/libtiff/commit/ae0bed1fe530a82faf2e9ea1775109dbf301a971.patch
|
|
||||||
|
|
||||||
--- tools/pal2rgb.c.orig 2018-10-13 13:58:55.000000000 +0000
|
|
||||||
+++ tools/pal2rgb.c
|
|
||||||
@@ -118,12 +118,14 @@ main(int argc, char* argv[])
|
|
||||||
shortv != PHOTOMETRIC_PALETTE) {
|
|
||||||
fprintf(stderr, "%s: Expecting a palette image.\n",
|
|
||||||
argv[optind]);
|
|
||||||
+ (void) TIFFClose(in);
|
|
||||||
return (-1);
|
|
||||||
}
|
|
||||||
if (!TIFFGetField(in, TIFFTAG_COLORMAP, &rmap, &gmap, &bmap)) {
|
|
||||||
fprintf(stderr,
|
|
||||||
"%s: No colormap (not a valid palette image).\n",
|
|
||||||
argv[optind]);
|
|
||||||
+ (void) TIFFClose(in);
|
|
||||||
return (-1);
|
|
||||||
}
|
|
||||||
bitspersample = 0;
|
|
||||||
@@ -131,11 +133,14 @@ main(int argc, char* argv[])
|
|
||||||
if (bitspersample != 8) {
|
|
||||||
fprintf(stderr, "%s: Sorry, can only handle 8-bit images.\n",
|
|
||||||
argv[optind]);
|
|
||||||
+ (void) TIFFClose(in);
|
|
||||||
return (-1);
|
|
||||||
}
|
|
||||||
out = TIFFOpen(argv[optind+1], "w");
|
|
||||||
- if (out == NULL)
|
|
||||||
+ if (out == NULL) {
|
|
||||||
+ (void) TIFFClose(in);
|
|
||||||
return (-2);
|
|
||||||
+ }
|
|
||||||
cpTags(in, out);
|
|
||||||
TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &imagewidth);
|
|
||||||
TIFFGetField(in, TIFFTAG_IMAGELENGTH, &imagelength);
|
|
Loading…
Reference in a new issue