kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Update to 3.9.5:

Browse source 
Many bugs and security issues are resolved in this stable release.
This commit is contained in:
wiz 2011-04-12 08:57:57 +00:00
parent eb09def6ad
commit ed8abb8405
9 changed files with 6 additions and 295 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
graphics/tiff/Makefile
View file

@ -1,7 +1,6 @@
# $NetBSD: Makefile,v 1.100 2011/03/31 11:05:44 drochner Exp $
# $NetBSD: Makefile,v 1.101 2011/04/12 08:57:57 wiz Exp $
DISTNAME= tiff-3.9.4
PKGREVISION= 3
DISTNAME= tiff-3.9.5
CATEGORIES= graphics
MASTER_SITES= ftp://ftp.remotesensing.org/pub/libtiff/ \
http://libtiff.maptools.org/dl/

15
graphics/tiff/distinfo
View file

@ -1,12 +1,5 @@
$NetBSD: distinfo,v 1.51 2011/03/31 11:05:44 drochner Exp $
$NetBSD: distinfo,v 1.52 2011/04/12 08:57:57 wiz Exp $
SHA1 (tiff-3.9.4.tar.gz) = a4e32d55afbbcabd0391a9c89995e8e8a19961de
RMD160 (tiff-3.9.4.tar.gz) = 3e0a74b6294297c16fb983ad68056a1dfbbdb1de
Size (tiff-3.9.4.tar.gz) = 1436968 bytes
SHA1 (patch-CVE-2011-1167) = 30099dc0e1a8271d65799365ce81fda3081f5d5b
SHA1 (patch-SA43593) = d24ff27a7a2e659c632d5a5fb720a908915e8595
SHA1 (patch-aa) = 0ed02eb18454f4d91bf2fad6b9262bc442cd0822
SHA1 (patch-ab) = 66101ec437ff222d629120e52e2011ea5b36dca0
SHA1 (patch-ac) = 7211eebf68e73790ac1263efb16943e59cbffa95
SHA1 (patch-ad) = bae790a9309967f874987f1da57e5f93a67094e1
SHA1 (patch-ae) = 33dd5e9307a55273e9aaacdd7f5f9aea51aa5adc
SHA1 (tiff-3.9.5.tar.gz) = f40aab20fb2f609b5cbc1171c40b66a1445e3773
RMD160 (tiff-3.9.5.tar.gz) = c67742bf6b9b10ca0700e69ce575007d40c4f89c
Size (tiff-3.9.5.tar.gz) = 1455502 bytes

73
graphics/tiff/patches/patch-CVE-2011-1167
View file

@ -1,73 +0,0 @@
$NetBSD: patch-CVE-2011-1167,v 1.1 2011/03/31 11:05:45 drochner Exp $
--- libtiff/tif_thunder.c.orig 2010-06-08 18:50:43.000000000 +0000
+++ libtiff/tif_thunder.c
@@ -25,6 +25,7 @@
*/
#include "tiffiop.h"
+#include <assert.h>
#ifdef THUNDER_SUPPORT
/*
* TIFF Library.
@@ -55,12 +56,32 @@
static const int twobitdeltas[4] = { 0, 1, 0, -1 };
static const int threebitdeltas[8] = { 0, 1, 2, 3, 0, -3, -2, -1 };
-#define SETPIXEL(op, v) { \
- lastpixel = (v) & 0xf; \
- if (npixels++ & 1) \
- *op++ |= lastpixel; \
- else \
+#define SETPIXEL(op, v) { \
+ lastpixel = (v) & 0xf; \
+ if ( npixels < maxpixels ) \
+ { \
+ if (npixels++ & 1) \
+ *op++ |= lastpixel; \
+ else \
op[0] = (tidataval_t) (lastpixel << 4); \
+ } \
+}
+
+static int
+ThunderSetupDecode(TIFF* tif)
+{
+ static const char module[] = "ThunderSetupDecode";
+
+ if( tif->tif_dir.td_bitspersample != 4 )
+ {
+ TIFFErrorExt(tif->tif_clientdata, module,
+ "Wrong bitspersample value (%d), Thunder decoder only supports 4bits per sample.",
+ (int) tif->tif_dir.td_bitspersample );
+ return 0;
+ }
+
+
+ return (1);
}
static int
@@ -142,7 +163,8 @@ ThunderDecodeRow(TIFF* tif, tidata_t buf
occ -= tif->tif_scanlinesize;
row += tif->tif_scanlinesize;
}
- return (1);
+
+ return (1);
}
int
@@ -151,6 +173,7 @@ TIFFInitThunderScan(TIFF* tif, int schem
(void) scheme;
tif->tif_decoderow = ThunderDecodeRow;
tif->tif_decodestrip = ThunderDecodeRow;
+ tif->tif_setupdecode = ThunderSetupDecode;
return (1);
}
#endif /* THUNDER_SUPPORT */
@@ -163,3 +186,4 @@ TIFFInitThunderScan(TIFF* tif, int schem
* fill-column: 78
* End:
*/
+

20
graphics/tiff/patches/patch-SA43593
View file

@ -1,20 +0,0 @@
$NetBSD: patch-SA43593,v 1.1 2011/03/12 16:10:43 tron Exp $
Fix heap-based buffer overflow which causes the vulnerability reported
in SA43593. Patch taken from the "libtiff" CVS repository.
--- libtiff/tif_fax3.h 8 Jun 2010 18:50:42 -0000 1.5.2.1
+++ libtiff/tif_fax3.h 10 Mar 2011 20:22:33 -0000 1.5.2.3
@@ -478,6 +478,12 @@
break; \
case S_VL: \
CHECK_b1; \
+ if (b1 <= (int) (a0 + TabEnt->Param)) { \
+ if (b1 < (int) (a0 + TabEnt->Param) || pa != thisrun) { \
+ unexpected("VL", a0); \
+ goto eol2d; \
+ } \
+ } \
SETVALUE(b1 - a0 - TabEnt->Param); \
b1 -= *--pb; \
break; \

59
graphics/tiff/patches/patch-aa
View file

@ -1,59 +0,0 @@
$NetBSD: patch-aa,v 1.19 2010/08/04 17:48:22 tron Exp $
Fix for CVE-2010-2233 taken from here ...
http://bugzilla.maptools.org/show_bug.cgi?id=2207
... and for CVE-2010-2483 taken from here:
https://bugzilla.redhat.com/show_bug.cgi?id=603081
--- libtiff/tif_getimage.c.orig 2010-06-08 19:50:42.000000000 +0100
+++ libtiff/tif_getimage.c 2010-08-04 18:20:24.000000000 +0100
@@ -1846,6 +1846,7 @@
DECLAREContigPutFunc(putcontig8bitYCbCr22tile)
{
uint32* cp2;
+ int32 incr = 2*toskew+w;
(void) y;
fromskew = (fromskew / 2) * 6;
cp2 = cp+w+toskew;
@@ -1872,8 +1873,8 @@
cp2 ++ ;
pp += 6;
}
- cp += toskew*2+w;
- cp2 += toskew*2+w;
+ cp += incr;
+ cp2 += incr;
pp += fromskew;
h-=2;
}
@@ -1939,6 +1940,7 @@
DECLAREContigPutFunc(putcontig8bitYCbCr12tile)
{
uint32* cp2;
+ int32 incr = 2*toskew+w;
(void) y;
fromskew = (fromskew / 2) * 4;
cp2 = cp+w+toskew;
@@ -1953,8 +1955,8 @@
cp2 ++;
pp += 4;
} while (--x);
- cp += toskew*2+w;
- cp2 += toskew*2+w;
+ cp += incr;
+ cp2 += incr;
pp += fromskew;
h-=2;
}
@@ -2397,7 +2399,7 @@
}
break;
case PHOTOMETRIC_YCBCR:
- if (img->bitspersample == 8)
+ if ((img->bitspersample==8) && (img->samplesperpixel==3))
{
if (initYCbCrConversion(img)!=0)
{

19
graphics/tiff/patches/patch-ab
View file

@ -1,19 +0,0 @@
$NetBSD: patch-ab,v 1.20 2010/08/04 17:48:22 tron Exp $
Fix for CVE-2010-2482 taken from here:
http://bugzilla.maptools.org/show_bug.cgi?id=1996
--- libtiff/tif_ojpeg.c.orig 2010-06-09 00:29:51.000000000 +0100
+++ libtiff/tif_ojpeg.c 2010-08-04 18:14:07.000000000 +0100
@@ -1920,6 +1920,10 @@
sp->in_buffer_file_pos=0;
else
{
+ if (sp->tif->tif_dir.td_stripbytecount == 0) {
+ TIFFErrorExt(sp->tif->tif_clientdata,sp->tif->tif_name,"Strip byte counts are missing");
+ return(0);
+ }
sp->in_buffer_file_togo=sp->tif->tif_dir.td_stripbytecount[sp->in_buffer_next_strile];
if (sp->in_buffer_file_togo==0)
sp->in_buffer_file_pos=0;

32
graphics/tiff/patches/patch-ac
View file

@ -1,32 +0,0 @@
$NetBSD: patch-ac,v 1.22 2010/08/04 17:48:22 tron Exp $
Fix for CVE-2010-2482 taken from here:
http://bugzilla.maptools.org/show_bug.cgi?id=1996
--- tools/tiffsplit.c.orig 2010-06-08 19:50:44.000000000 +0100
+++ tools/tiffsplit.c 2010-08-04 18:14:07.000000000 +0100
@@ -237,7 +237,10 @@
tstrip_t s, ns = TIFFNumberOfStrips(in);
uint32 *bytecounts;
- TIFFGetField(in, TIFFTAG_STRIPBYTECOUNTS, &bytecounts);
+ if (!TIFFGetField(in, TIFFTAG_STRIPBYTECOUNTS, &bytecounts)) {
+ fprintf(stderr, "tiffsplit: strip byte counts are missing\n");
+ return (0);
+ }
for (s = 0; s < ns; s++) {
if (bytecounts[s] > (uint32)bufsize) {
buf = (unsigned char *)_TIFFrealloc(buf, bytecounts[s]);
@@ -267,7 +270,10 @@
ttile_t t, nt = TIFFNumberOfTiles(in);
uint32 *bytecounts;
- TIFFGetField(in, TIFFTAG_TILEBYTECOUNTS, &bytecounts);
+ if (!TIFFGetField(in, TIFFTAG_TILEBYTECOUNTS, &bytecounts)) {
+ fprintf(stderr, "tiffsplit: tile byte counts are missing\n");
+ return (0);
+ }
for (t = 0; t < nt; t++) {
if (bytecounts[t] > (uint32) bufsize) {
buf = (unsigned char *)_TIFFrealloc(buf, bytecounts[t]);

31
graphics/tiff/patches/patch-ad
View file

@ -1,31 +0,0 @@
$NetBSD: patch-ad,v 1.16 2010/08/04 17:48:22 tron Exp $
Patch for CVE-2010-2595 taken from here:
http://bugzilla.maptools.org/show_bug.cgi?id=2208
--- libtiff/tif_color.c.orig 2010-06-08 19:50:41.000000000 +0100
+++ libtiff/tif_color.c 2010-08-04 18:24:14.000000000 +0100
@@ -183,13 +183,18 @@
TIFFYCbCrtoRGB(TIFFYCbCrToRGB *ycbcr, uint32 Y, int32 Cb, int32 Cr,
uint32 *r, uint32 *g, uint32 *b)
{
+ int32 i;
+
/* XXX: Only 8-bit YCbCr input supported for now */
Y = HICLAMP(Y, 255), Cb = CLAMP(Cb, 0, 255), Cr = CLAMP(Cr, 0, 255);
- *r = ycbcr->clamptab[ycbcr->Y_tab[Y] + ycbcr->Cr_r_tab[Cr]];
- *g = ycbcr->clamptab[ycbcr->Y_tab[Y]
- + (int)((ycbcr->Cb_g_tab[Cb] + ycbcr->Cr_g_tab[Cr]) >> SHIFT)];
- *b = ycbcr->clamptab[ycbcr->Y_tab[Y] + ycbcr->Cb_b_tab[Cb]];
+ i = ycbcr->Y_tab[Y] + ycbcr->Cr_r_tab[Cr];
+ *r = CLAMP(i, 0, 255);
+ i = ycbcr->Y_tab[Y]
+ + (int)((ycbcr->Cb_g_tab[Cb] + ycbcr->Cr_g_tab[Cr]) >> SHIFT);
+ *g = CLAMP(i, 0, 255);
+ i = ycbcr->Y_tab[Y] + ycbcr->Cb_b_tab[Cb];
+ *b = CLAMP(i, 0, 255);
}
/*

47
graphics/tiff/patches/patch-ae
View file

@ -1,47 +0,0 @@
$NetBSD: patch-ae,v 1.11 2010/08/04 17:48:22 tron Exp $
Fix for CVE-2010-2597 taken from here:
http://bugzilla.maptools.org/show_bug.cgi?id=2215
--- libtiff/tif_strip.c.orig 2010-06-08 19:50:43.000000000 +0100
+++ libtiff/tif_strip.c 2010-08-04 18:35:46.000000000 +0100
@@ -124,9 +124,9 @@
uint16 ycbcrsubsampling[2];
tsize_t w, scanline, samplingarea;
- TIFFGetField( tif, TIFFTAG_YCBCRSUBSAMPLING,
- ycbcrsubsampling + 0,
- ycbcrsubsampling + 1 );
+ TIFFGetFieldDefaulted(tif, TIFFTAG_YCBCRSUBSAMPLING,
+ ycbcrsubsampling + 0,
+ ycbcrsubsampling + 1);
samplingarea = ycbcrsubsampling[0]*ycbcrsubsampling[1];
if (samplingarea == 0) {
@@ -234,9 +234,9 @@
&& !isUpSampled(tif)) {
uint16 ycbcrsubsampling[2];
- TIFFGetField(tif, TIFFTAG_YCBCRSUBSAMPLING,
- ycbcrsubsampling + 0,
- ycbcrsubsampling + 1);
+ TIFFGetFieldDefaulted(tif, TIFFTAG_YCBCRSUBSAMPLING,
+ ycbcrsubsampling + 0,
+ ycbcrsubsampling + 1);
if (ycbcrsubsampling[0] == 0) {
TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
@@ -308,9 +308,9 @@
&& !isUpSampled(tif)) {
uint16 ycbcrsubsampling[2];
- TIFFGetField(tif, TIFFTAG_YCBCRSUBSAMPLING,
- ycbcrsubsampling + 0,
- ycbcrsubsampling + 1);
+ TIFFGetFieldDefaulted(tif, TIFFTAG_YCBCRSUBSAMPLING,
+ ycbcrsubsampling + 0,
+ ycbcrsubsampling + 1);
if (ycbcrsubsampling[0]*ycbcrsubsampling[1] == 0) {
TIFFErrorExt(tif->tif_clientdata, tif->tif_name,