Merge pull request #553 from fac/2015Q4_backport_tiff

Backport tiff from 2017Q4 for security fixes
TritonDataCenter · Feb 5, 2018 · 489b0cb · 489b0cb
2 parents b7c8e26 + b0c78b2
commit 489b0cb
Show file tree

Hide file tree

Showing 7 changed files with 33 additions and 191 deletions.
diff --git a/graphics/tiff/Makefile b/graphics/tiff/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.137 2017/06/21 01:08:33 tez Exp $
+# $NetBSD: Makefile,v 1.139 2017/12/03 09:07:06 maya Exp $
 
-DISTNAME=	tiff-4.0.8
+DISTNAME=	tiff-4.0.9
 PKGREVISION=	1
 CATEGORIES=	graphics
 MASTER_SITES=	ftp://download.osgeo.org/libtiff/

diff --git a/graphics/tiff/PLIST b/graphics/tiff/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.24 2017/05/29 13:44:05 he Exp $
+@comment $NetBSD: PLIST,v 1.25 2017/11/19 16:31:04 he Exp $
 bin/fax2ps
 bin/fax2tiff
 bin/pal2rgb
@@ -233,4 +233,5 @@ share/doc/tiff/html/v4.0.4beta.html
 share/doc/tiff/html/v4.0.5.html
 share/doc/tiff/html/v4.0.6.html
 share/doc/tiff/html/v4.0.7.html
+share/doc/tiff/html/v4.0.8.html
 share/doc/tiff/html/v${PKGVERSION}.html
diff --git a/graphics/tiff/distinfo b/graphics/tiff/distinfo
@@ -1,10 +1,8 @@
-$NetBSD: distinfo,v 1.86 2017/06/21 02:47:45 pgoyette Exp $
+$NetBSD: distinfo,v 1.88 2017/12/03 09:07:06 maya Exp $
 
-SHA1 (tiff-4.0.8.tar.gz) = 88717c97480a7976c94d23b6d9ed4ac74715267f
-RMD160 (tiff-4.0.8.tar.gz) = 0d8bc26c98035810c73b8f876f76dc48efba7da8
-SHA512 (tiff-4.0.8.tar.gz) = 5d010ec4ce37aca733f7ab7db9f432987b0cd21664bd9d99452a146833c40f0d1e7309d1870b0395e947964134d5cfeb1366181e761fe353ad585803ff3d6be6
-Size (tiff-4.0.8.tar.gz) = 2065574 bytes
+SHA1 (tiff-4.0.9.tar.gz) = 87d4543579176cc568668617c22baceccd568296
+RMD160 (tiff-4.0.9.tar.gz) = ab5b3b7297e79344775b1e70c4d54c90c06836a3
+SHA512 (tiff-4.0.9.tar.gz) = 04f3d5eefccf9c1a0393659fe27f3dddd31108c401ba0dc587bca152a1c1f6bc844ba41622ff5572da8cc278593eff8c402b44e7af0a0090e91d326c2d79f6cd
+Size (tiff-4.0.9.tar.gz) = 2305681 bytes
 SHA1 (patch-configure) = a0032133f06b6ac92bbf52349fabe83f74ea14a6
-SHA1 (patch-libtiff_tif_dir.h) = 50f565eac6a7157a7c99923f4b3ffaf31b021644
-SHA1 (patch-libtiff_tif_dirinfo.c) = cd0e4da46f62d888128e558c16ebcc6a867274df
-SHA1 (patch-libtiff_tif_dirread.c) = d98b5cb0ceca8f5923c015b09f04da3b8af094e5
+SHA1 (patch-tools_pal2rgb.c) = f91652e8013940c162add870ceb9845e2730bc2c
diff --git a/graphics/tiff/patches/patch-libtiff_tif_dir.h b/graphics/tiff/patches/patch-libtiff_tif_dir.h
diff --git a/graphics/tiff/patches/patch-libtiff_tif_dirinfo.c b/graphics/tiff/patches/patch-libtiff_tif_dirinfo.c
diff --git a/graphics/tiff/patches/patch-libtiff_tif_dirread.c b/graphics/tiff/patches/patch-libtiff_tif_dirread.c
diff --git a/graphics/tiff/patches/patch-tools_pal2rgb.c b/graphics/tiff/patches/patch-tools_pal2rgb.c
@@ -0,0 +1,23 @@
+$NetBSD: patch-tools_pal2rgb.c,v 1.1 2017/12/03 09:07:06 maya Exp $
+
+CVE-2017-17095 Heap-based buffer overflow bug in pal2rgb
+
+--- tools/pal2rgb.c.orig	2015-08-28 22:17:08.172200823 +0000
++++ tools/pal2rgb.c
+@@ -39,6 +39,7 @@
+ # include "libport.h"
+ #endif
+
++#include "tiffiop.h"
+ #include "tiffio.h"
+
+ #define	streq(a,b)	(strcmp(a,b) == 0)
+@@ -185,7 +186,7 @@
+ 	  register unsigned char* pp;
+ 	  register uint32 x;
+ 	  ibuf = (unsigned char*)_TIFFmalloc(TIFFScanlineSize(in));
+-	  obuf = (unsigned char*)_TIFFmalloc(TIFFScanlineSize(out));
++	  obuf = (unsigned char*)_TIFFmalloc(TIFFSafeMultiply(tmsize_t, imagewidth, 3*sizeof(short)));
+ 	  switch (config) {
+ 	  case PLANARCONFIG_CONTIG:
+ 		for (row = 0; row < imagelength; row++) {