pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/graphics/tiff



Module Name:    pkgsrc
Committed By:   he
Date:           Sat May  6 21:29:17 UTC 2017

Modified Files:
        pkgsrc/graphics/tiff: Makefile distinfo
        pkgsrc/graphics/tiff/patches: patch-libtiff_tif_dirread.c
Added Files:
        pkgsrc/graphics/tiff/patches: patch-libtiff_tif__strip.c

Log Message:
Fix CVE-2016-10270, ref.
http://bugzilla.maptools.org/show_bug.cgi?id=2608
https://github.com/vadz/libtiff/commit/9a72a69e035ee70ff5c41541c8c61cd97990d018
Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -u -r1.131 -r1.132 pkgsrc/graphics/tiff/Makefile
cvs rdiff -u -r1.77 -r1.78 pkgsrc/graphics/tiff/distinfo
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/graphics/tiff/patches/patch-libtiff_tif__strip.c
cvs rdiff -u -r1.2 -r1.3 \
    pkgsrc/graphics/tiff/patches/patch-libtiff_tif_dirread.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/graphics/tiff/Makefile
diff -u pkgsrc/graphics/tiff/Makefile:1.131 pkgsrc/graphics/tiff/Makefile:1.132
--- pkgsrc/graphics/tiff/Makefile:1.131 Sat May  6 21:02:00 2017
+++ pkgsrc/graphics/tiff/Makefile       Sat May  6 21:29:16 2017
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.131 2017/05/06 21:02:00 he Exp $
+# $NetBSD: Makefile,v 1.132 2017/05/06 21:29:16 he Exp $
 
 DISTNAME=      tiff-4.0.7
-PKGREVISION=   7
+PKGREVISION=   8
 CATEGORIES=    graphics
 MASTER_SITES=  ftp://download.osgeo.org/libtiff/
 

Index: pkgsrc/graphics/tiff/distinfo
diff -u pkgsrc/graphics/tiff/distinfo:1.77 pkgsrc/graphics/tiff/distinfo:1.78
--- pkgsrc/graphics/tiff/distinfo:1.77  Sat May  6 21:02:00 2017
+++ pkgsrc/graphics/tiff/distinfo       Sat May  6 21:29:16 2017
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.77 2017/05/06 21:02:00 he Exp $
+$NetBSD: distinfo,v 1.78 2017/05/06 21:29:16 he Exp $
 
 SHA1 (tiff-4.0.7.tar.gz) = 2c1b64478e88f93522a42dd5271214a0e5eae648
 RMD160 (tiff-4.0.7.tar.gz) = 582e19c31e7f29d9ed36995dcad7ad68802cbadb
@@ -8,8 +8,9 @@ SHA1 (patch-configure) = a0032133f06b6ac
 SHA1 (patch-html_man_Makefile.in) = 705604e2a3065da192e7354a4a9cdcd16bd6823d
 SHA1 (patch-libtiff_tif__luv.c) = c2e8ce7474119ffa02d226932ad6c8c2b230062c
 SHA1 (patch-libtiff_tif__pixarlog.c) = ad16681cf3fcb5fded048eb70c0a93f1b6447147
+SHA1 (patch-libtiff_tif__strip.c) = f7dc7b24378d0541a8f3bcc3cad78ea2d6ae14d7
 SHA1 (patch-libtiff_tif_dir.c) = 28c45b95cedeebe005b44b45393d66f61e0ea6f7
-SHA1 (patch-libtiff_tif_dirread.c) = 213b8c2f172303d095ef3edc3f850aa75de36d3d
+SHA1 (patch-libtiff_tif_dirread.c) = f6d442da817457d7ac801a3005e21c357ac31f8a
 SHA1 (patch-libtiff_tif_dirwrite.c) = 07ccbf8cf210b95d5ca7710cc2982368783b4dcb
 SHA1 (patch-libtiff_tif_getimage.c) = 267b555c8b043d0a835db4d46ef65131776601e6
 SHA1 (patch-libtiff_tif_jpeg.c) = 1049b7b243e9e145886bcac8e68e5e7889337ebc

Index: pkgsrc/graphics/tiff/patches/patch-libtiff_tif_dirread.c
diff -u pkgsrc/graphics/tiff/patches/patch-libtiff_tif_dirread.c:1.2 pkgsrc/graphics/tiff/patches/patch-libtiff_tif_dirread.c:1.3
--- pkgsrc/graphics/tiff/patches/patch-libtiff_tif_dirread.c:1.2        Fri May  5 20:14:05 2017
+++ pkgsrc/graphics/tiff/patches/patch-libtiff_tif_dirread.c    Sat May  6 21:29:16 2017
@@ -1,4 +1,4 @@
-$NetBSD: patch-libtiff_tif_dirread.c,v 1.2 2017/05/05 20:14:05 sevan Exp $
+$NetBSD: patch-libtiff_tif_dirread.c,v 1.3 2017/05/06 21:29:16 he Exp $
 
 CVE-2017-7596
 CVE-2017-7597
@@ -8,7 +8,13 @@ CVE-2017-7600
 https://github.com/vadz/libtiff/commit/3cfd62d77c2a7e147a05bd678524c345fa9c2bb8
 https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490
 
---- libtiff/tif_dirread.c.orig 2017-05-05 18:56:15.000000000 +0000
+and
+
+CVE-2016-10270
+http://bugzilla.maptools.org/show_bug.cgi?id=2608
+https://github.com/vadz/libtiff/commit/9a72a69e035ee70ff5c41541c8c61cd97990d018
+
+--- libtiff/tif_dirread.c.orig 2016-11-18 02:42:46.000000000 +0000
 +++ libtiff/tif_dirread.c
 @@ -40,6 +40,7 @@
   */
@@ -58,3 +64,59 @@ https://github.com/vadz/libtiff/commit/3
                *value=0.0;
        else
                *value=(double)((int32)m.i[0])/(double)m.i[1];
+@@ -5502,8 +5516,7 @@ ChopUpSingleUncompressedStrip(TIFF* tif)
+       uint64 rowblockbytes;
+       uint64 stripbytes;
+       uint32 strip;
+-      uint64 nstrips64;
+-      uint32 nstrips32;
++      uint32 nstrips;
+       uint32 rowsperstrip;
+       uint64* newcounts;
+       uint64* newoffsets;
+@@ -5534,18 +5547,17 @@ ChopUpSingleUncompressedStrip(TIFF* tif)
+           return;
+ 
+       /*
+-       * never increase the number of strips in an image
++       * never increase the number of rows per strip
+        */
+       if (rowsperstrip >= td->td_rowsperstrip)
+               return;
+-      nstrips64 = TIFFhowmany_64(bytecount, stripbytes);
+-      if ((nstrips64==0)||(nstrips64>0xFFFFFFFF)) /* something is wonky, do nothing. */
++      nstrips = TIFFhowmany_32(td->td_imagelength, rowsperstrip);
++      if( nstrips == 0 )
+           return;
+-      nstrips32 = (uint32)nstrips64;
+ 
+-      newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64),
++      newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
+                               "for chopped \"StripByteCounts\" array");
+-      newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64),
++      newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
+                               "for chopped \"StripOffsets\" array");
+       if (newcounts == NULL || newoffsets == NULL) {
+               /*
+@@ -5562,18 +5574,18 @@ ChopUpSingleUncompressedStrip(TIFF* tif)
+        * Fill the strip information arrays with new bytecounts and offsets
+        * that reflect the broken-up format.
+        */
+-      for (strip = 0; strip < nstrips32; strip++) {
++      for (strip = 0; strip < nstrips; strip++) {
+               if (stripbytes > bytecount)
+                       stripbytes = bytecount;
+               newcounts[strip] = stripbytes;
+-              newoffsets[strip] = offset;
++              newoffsets[strip] = stripbytes ? offset : 0;
+               offset += stripbytes;
+               bytecount -= stripbytes;
+       }
+       /*
+        * Replace old single strip info with multi-strip info.
+        */
+-      td->td_stripsperimage = td->td_nstrips = nstrips32;
++      td->td_stripsperimage = td->td_nstrips = nstrips;
+       TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, rowsperstrip);
+ 
+       _TIFFfree(td->td_stripbytecount);

Added files:

Index: pkgsrc/graphics/tiff/patches/patch-libtiff_tif__strip.c
diff -u /dev/null pkgsrc/graphics/tiff/patches/patch-libtiff_tif__strip.c:1.1
--- /dev/null   Sat May  6 21:29:17 2017
+++ pkgsrc/graphics/tiff/patches/patch-libtiff_tif__strip.c     Sat May  6 21:29:16 2017
@@ -0,0 +1,24 @@
+$NetBSD: patch-libtiff_tif__strip.c,v 1.1 2017/05/06 21:29:16 he Exp $
+
+Fix CVE-2016-10270, ref.
+http://bugzilla.maptools.org/show_bug.cgi?id=2608
+https://github.com/vadz/libtiff/commit/9a72a69e035ee70ff5c41541c8c61cd97990d018
+
+--- libtiff/tif_strip.c.orig   2016-11-10 02:12:36.000000000 +0000
++++ libtiff/tif_strip.c
+@@ -63,15 +63,6 @@ TIFFNumberOfStrips(TIFF* tif)
+       TIFFDirectory *td = &tif->tif_dir;
+       uint32 nstrips;
+ 
+-    /* If the value was already computed and store in td_nstrips, then return it,
+-       since ChopUpSingleUncompressedStrip might have altered and resized the
+-       since the td_stripbytecount and td_stripoffset arrays to the new value
+-       after the initial affectation of td_nstrips = TIFFNumberOfStrips() in
+-       tif_dirread.c ~line 3612.
+-       See http://bugzilla.maptools.org/show_bug.cgi?id=2587 */
+-    if( td->td_nstrips )
+-        return td->td_nstrips;
+-
+       nstrips = (td->td_rowsperstrip == (uint32) -1 ? 1 :
+            TIFFhowmany_32(td->td_imagelength, td->td_rowsperstrip));
+       if (td->td_planarconfig == PLANARCONFIG_SEPARATE)



Home | Main Index | Thread Index | Old Index