--- - branch: MAIN date: Mon May 29 13:44:05 UTC 2017 files: - new: '1.136' old: '1.135' path: pkgsrc/graphics/tiff/Makefile pathrev: pkgsrc/graphics/tiff/Makefile@1.136 type: modified - new: '1.24' old: '1.23' path: pkgsrc/graphics/tiff/PLIST pathrev: pkgsrc/graphics/tiff/PLIST@1.24 type: modified - new: '1.82' old: '1.81' path: pkgsrc/graphics/tiff/distinfo pathrev: pkgsrc/graphics/tiff/distinfo@1.82 type: modified - new: '0' old: '1.1' path: pkgsrc/graphics/tiff/patches/patch-html_man_Makefile.in pathrev: pkgsrc/graphics/tiff/patches/patch-html_man_Makefile.in@0 type: deleted - new: '0' old: '1.1' path: pkgsrc/graphics/tiff/patches/patch-libtiff_tif__luv.c pathrev: pkgsrc/graphics/tiff/patches/patch-libtiff_tif__luv.c@0 type: deleted - new: '0' old: '1.1' path: pkgsrc/graphics/tiff/patches/patch-libtiff_tif__pixarlog.c pathrev: pkgsrc/graphics/tiff/patches/patch-libtiff_tif__pixarlog.c@0 type: deleted - new: '0' old: '1.1' path: pkgsrc/graphics/tiff/patches/patch-libtiff_tif__strip.c pathrev: pkgsrc/graphics/tiff/patches/patch-libtiff_tif__strip.c@0 type: deleted - new: '0' old: '1.1' path: pkgsrc/graphics/tiff/patches/patch-libtiff_tif_dir.c pathrev: pkgsrc/graphics/tiff/patches/patch-libtiff_tif_dir.c@0 type: deleted - new: '0' old: '1.1' path: pkgsrc/graphics/tiff/patches/patch-libtiff_tif_dirwrite.c pathrev: pkgsrc/graphics/tiff/patches/patch-libtiff_tif_dirwrite.c@0 type: deleted - new: '0' old: '1.1' path: pkgsrc/graphics/tiff/patches/patch-libtiff_tif_getimage.c pathrev: pkgsrc/graphics/tiff/patches/patch-libtiff_tif_getimage.c@0 type: deleted - new: '0' old: '1.1' path: pkgsrc/graphics/tiff/patches/patch-libtiff_tif_jpeg.c pathrev: pkgsrc/graphics/tiff/patches/patch-libtiff_tif_jpeg.c@0 type: deleted - new: '0' old: '1.1' path: pkgsrc/graphics/tiff/patches/patch-libtiff_tif_unix.c pathrev: pkgsrc/graphics/tiff/patches/patch-libtiff_tif_unix.c@0 type: deleted - new: '0' old: '1.1' path: pkgsrc/graphics/tiff/patches/patch-libtiff_tif_win32.c pathrev: pkgsrc/graphics/tiff/patches/patch-libtiff_tif_win32.c@0 type: deleted - new: '0' old: '1.1' path: pkgsrc/graphics/tiff/patches/patch-libtiff_tiffio.h pathrev: pkgsrc/graphics/tiff/patches/patch-libtiff_tiffio.h@0 type: deleted - new: '0' old: '1.1' path: pkgsrc/graphics/tiff/patches/patch-man_Makefile.in pathrev: pkgsrc/graphics/tiff/patches/patch-man_Makefile.in@0 type: deleted - new: '0' old: '1.3' path: pkgsrc/graphics/tiff/patches/patch-libtiff_tif_dirread.c pathrev: pkgsrc/graphics/tiff/patches/patch-libtiff_tif_dirread.c@0 type: deleted - new: '0' old: '1.3' path: pkgsrc/graphics/tiff/patches/patch-libtiff_tiffiop.h pathrev: pkgsrc/graphics/tiff/patches/patch-libtiff_tiffiop.h@0 type: deleted - new: '0' old: '1.3' path: pkgsrc/graphics/tiff/patches/patch-tools_tiff2pdf.c pathrev: pkgsrc/graphics/tiff/patches/patch-tools_tiff2pdf.c@0 type: deleted - new: '0' old: '1.3' path: pkgsrc/graphics/tiff/patches/patch-tools_tiffcp.c pathrev: pkgsrc/graphics/tiff/patches/patch-tools_tiffcp.c@0 type: deleted - new: '0' old: '1.2' path: pkgsrc/graphics/tiff/patches/patch-libtiff_tif_ojpeg.c pathrev: pkgsrc/graphics/tiff/patches/patch-libtiff_tif_ojpeg.c@0 type: deleted - new: '0' old: '1.2' path: pkgsrc/graphics/tiff/patches/patch-libtiff_tif_read.c pathrev: pkgsrc/graphics/tiff/patches/patch-libtiff_tif_read.c@0 type: deleted - new: '0' old: '1.2' path: pkgsrc/graphics/tiff/patches/patch-tools_tiffcrop.c pathrev: pkgsrc/graphics/tiff/patches/patch-tools_tiffcrop.c@0 type: deleted id: 20170529T134405Z.244e0a2387763e3958a935f0a46c5563d9993479 log: "Update tiff to version 4.0.8.\n\nPkgsrc changes:\n * Adapt PLIST, remove patches for now-integrated bugfixes.\n\nAs the release announcement says:\n\n All of the changes are bug and security fixes.\n\nUpstream changes:\n\nCHANGES IN LIBTIFF:\n * libtiff/tif_getimage.c, libtiff/tif_open.c: add parenthesis to\n fix cppcheck clarifyCalculation warnings * libtiff/tif_predict.c,\n libtiff/tif_print.c: fix printf unsigned vs signed formatting\n (cppcheck invalidPrintfArgType_uint warnings)\n * libtiff/tif_read.c, libtiff/tiffiop.h: fix uint32 overflow in\n \ TIFFReadEncodedStrip() that caused an integer division by zero.\n Reported by Agostino Sarubbo. Fixes\n http://bugzilla.maptools.org/show_bug.cgi?id=2596\n * libtiff/tif_pixarlog.c, libtiff/tif_luv.c: fix heap-based buffer\n overflow on generation of PixarLog / LUV compressed files, with\n ColorMap, TransferFunction attached and nasty plays with\n bitspersample. The fix for LUV has not been tested, but suffers\n from the same kind of issue of PixarLog. Reported by Agostino\n \ Sarubbo. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2604\n * libtiff/tif_strip.c: revert the change in TIFFNumberOfStrips()\n done for http://bugzilla.maptools.org/show_bug.cgi?id=2587 /\n CVE-2016-9273 since the above change is a better fix that makes\n it unnecessary.\n * libtiff/tif_dirread.c: modify ChopUpSingleUncompressedStrip()\n to instanciate compute ntrips as TIFFhowmany_32(td->td_imagelength,\n rowsperstrip), instead of a logic based on the total size of\n data. Which is faulty is the total size of data is not sufficient\n to fill the whole image, and thus results in reading outside of\n the StripByCounts/StripOffsets arrays when using TIFFReadScanline().\n \ Reported by Agostino Sarubbo. Fixes\n http://bugzilla.maptools.org/show_bug.cgi?id=2608.\n * libtiff/tif_ojpeg.c: make OJPEGDecode() early exit in case of\n failure in OJPEGPreDecode(). This will avoid a divide by zero,\n and potential other issues. Reported by Agostino Sarubbo. Fixes\n http://bugzilla.maptools.org/show_bug.cgi?id=2611\n * libtiff/tif_write.c: fix misleading indentation as warned by GCC.\n * libtiff/tif_fax3.h: revert change done on 2016-01-09 that made\n Param member of TIFFFaxTabEnt structure a uint16 to reduce size\n of the binary. It happens that the Hylafax software uses the\n tables that follow this typedef (TIFFFaxMainTable, TIFFFaxWhiteTable,\n \ TIFFFaxBlackTable), although they are not in a public libtiff\n header. Raised by Lee Howard. Fixes\n http://bugzilla.maptools.org/show_bug.cgi?id=2636\n * libtiff/tiffio.h, libtiff/tif_getimage.c: add TIFFReadRGBAStripExt()\n and TIFFReadRGBATileExt() variants of the functions without ext,\n with an extra argument to control the stop_on_error behaviour.\n * libtiff/tif_getimage.c: fix potential memory leaks in error code\n path of TIFFRGBAImageBegin(). Fixes\n http://bugzilla.maptools.org/show_bug.cgi?id=2627\n * libtiff/tif_jpeg.c: increase libjpeg max memory usable to 10 MB\n instead of libjpeg 1MB default. This helps when creating files\n with \"big\" tile, without using libjpeg temporary files. Related\n to https://trac.osgeo.org/gdal/ticket/6757\n * libtiff/tif_jpeg.c: avoid integer division by zero in\n JPEGSetupEncode() when horizontal or vertical sampling is set\n to 0. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2653\n * libtiff/tif_dirwrite.c: in TIFFWriteDirectoryTagCheckedRational,\n replace assertion by runtime check to error out if passed value\n is strictly negative. Fixes\n http://bugzilla.maptools.org/show_bug.cgi?id=2535\n * libtiff/tif_dirread.c: avoid division by floating point 0 in\n TIFFReadDirEntryCheckedRational() and\n \ TIFFReadDirEntryCheckedSrational(), and return 0 in that case\n (instead of infinity as before presumably) Apparently some\n sanitizers do not like those divisions by zero. Fixes\n http://bugzilla.maptools.org/show_bug.cgi?id=2644\n * libtiff/tif_dir.c, tif_dirread.c, tif_dirwrite.c: implement\n various clampings of double to other data types to avoid undefined\n behaviour if the output range isn't big enough to hold the input\n value. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2643\n \ http://bugzilla.maptools.org/show_bug.cgi?id=2642\n http://bugzilla.maptools.org/show_bug.cgi?id=2646\n \ http://bugzilla.maptools.org/show_bug.cgi?id=2647\n * libtiff/tif_jpeg.c: validate BitsPerSample in JPEGSetupEncode()\n to avoid undefined behaviour caused by invalid shift exponent.\n Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2648\n * libtiff/tif_read.c: avoid potential undefined behaviour on signed\n integer addition in TIFFReadRawStrip1() in isMapped() case.\n Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2650\n * libtiff/tif_getimage.c: add explicit uint32 cast in putagreytile\n to avoid UndefinedBehaviorSanitizer warning. Patch by Nicolå\x8F©s\n Peå\x8D\x98a. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2658\n * libtiff/tif_read.c: TIFFReadBufferSetup(): use _TIFFcalloc() to\n zero initialize tif_rawdata. Fixes\n http://bugzilla.maptools.org/show_bug.cgi?id=2651\n * libtiff/tiffio.h, tif_unix.c, tif_win32.c, tif_vms.c: add _TIFFcalloc()\n * libtiff/tif_luv.c, tif_lzw.c, tif_packbits.c: return 0 in Encode\n functions instead of -1 when TIFFFlushData1() fails. Fixes\n http://bugzilla.maptools.org/show_bug.cgi?id=2130\n * libtiff/tif_ojpeg.c: fix leak in OJPEGReadHeaderInfoSecTablesQTable,\n OJPEGReadHeaderInfoSecTablesDcTable and\n OJPEGReadHeaderInfoSecTablesAcTable when read fails. Patch by\n Nicolå\x8F©s Peå\x8D\x98a. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2659\n * libtiff/tif_jpeg.c: only run JPEGFixupTagsSubsampling() if the\n YCbCrSubsampling tag is not explicitly present. This helps a\n bit to reduce the I/O amount when the tag is present (especially\n on cloud hosted files).\n * libtiff/tif_lzw.c: in LZWPostEncode(), increase, if necessary,\n the code bit-width after flushing the remaining code and before\n emitting the EOI code. Fixes\n http://bugzilla.maptools.org/show_bug.cgi?id=1982\n * libtiff/tif_pixarlog.c: fix memory leak in error code path of\n PixarLogSetupDecode(). Patch by Nicolå\x8F©s Peå\x8D\x98a. Fixes\n http://bugzilla.maptools.org/show_bug.cgi?id=2665\n * libtiff/tif_fax3.c, tif_predict.c, tif_getimage.c: fix GCC 7\n -Wimplicit-fallthrough warnings.\n * libtiff/tif_dirread.c: fix memory leak in non DEFER_STRILE_LOAD\n \ mode (ie default) when there is both a StripOffsets and TileOffsets\n tag, or a StripByteCounts and TileByteCounts Fixes\n http://bugzilla.maptools.org/show_bug.cgi?id=2689\n * libtiff/tif_ojpeg.c: fix potential memory leak in\n OJPEGReadHeaderInfoSecTablesQTable, OJPEGReadHeaderInfoSecTablesDcTable\n and OJPEGReadHeaderInfoSecTablesAcTable Patch by Nicolå\x8F©s Peå\x8D\x98a.\n Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2670\n * libtiff/tif_fax3.c: avoid crash in Fax3Close() on empty file.\n Patch by Alan Coopersmith + complement by myself. Fixes\n http://bugzilla.maptools.org/show_bug.cgi?id=2673\n * libtiff/tif_read.c: TIFFFillStrip(): add limitation to the number\n of bytes read in case td_stripbytecount[strip] is bigger than\n reasonable, so as to avoid excessive memory allocation.\n * libtiff/tif_zip.c, tif_pixarlog.c, tif_predict.c: fix memory\n leak when the underlying codec (ZIP, PixarLog) succeeds its\n setupdecode() method, but PredictorSetup fails. Credit to OSS-Fuzz\n (locally run, on GDAL)\n * libtiff/tif_read.c: TIFFFillStrip() and TIFFFillTile(): avoid\n excessive memory allocation in case of shorten files. Only\n effective on 64 bit builds and non-mapped cases. Credit to\n OSS-Fuzz (locally run, on GDAL)\n * libtiff/tif_read.c: TIFFFillStripPartial() / TIFFSeek(), avoid\n potential integer overflows with read_ahead in CHUNKY_STRIP_READ_SUPPORT\n mode. Should especially occur on 32 bit platforms.\n * libtiff/tif_read.c: TIFFFillStripPartial(): avoid excessive\n \ memory allocation in case of shorten files. Only effective on\n 64 bit builds. Credit to OSS-Fuzz (locally run, on GDAL)\n * libtiff/tif_read.c: update tif_rawcc in CHUNKY_STRIP_READ_SUPPORT\n mode with tif_rawdataloaded when calling TIFFStartStrip() or\n TIFFFillStripPartial(). This avoids reading beyond tif_rawdata\n when bytecount > tif_rawdatasize. Fixes\n https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1545.\n \ Credit to OSS-Fuzz\n * libtiff/tif_color.c: avoid potential int32 overflow in\n TIFFYCbCrToRGBInit() Fixes\n https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1533 Credit\n to OSS-Fuzz\n * libtiff/tif_pixarlog.c, tif_luv.c: avoid potential int32 overflows\n in multiply_ms() and add_ms(). Fixes\n https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1558 Credit\n to OSS-Fuzz\n * libtiff/tif_packbits.c: fix out-of-buffer read in PackBitsDecode()\n \ Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1563\n Credit to OSS-Fuzz\n * libtiff/tif_luv.c: LogL16InitState(): avoid excessive memory\n \ allocation when RowsPerStrip tag is missing. Credit to OSS-Fuzz\n (locally run, on GDAL)\n * libtiff/tif_lzw.c: update dec_bitsleft at beginning of LZWDecode(),\n \ and update tif_rawcc at end of LZWDecode(). This is needed to\n properly work with the latest chnges in tif_read.c in\n CHUNKY_STRIP_READ_SUPPORT mode.\n * libtiff/tif_pixarlog.c: PixarLogDecode(): resync tif_rawcp with\n next_in and tif_rawcc with avail_in at beginning and end of\n function, similarly to what is done in LZWDecode(). Likely needed\n so that it works properly with latest chnges in tif_read.c in\n CHUNKY_STRIP_READ_SUPPORT mode. But untested...\n * libtiff/tif_getimage.c: initYCbCrConversion(): add basic validation\n of luma and refBlackWhite coefficients (just check they are not\n NaN for now), to avoid potential float to int overflows. Fixes\n https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1663 Credit\n to OSS Fuzz\n * libtiff/tif_read.c: _TIFFVSetField(): fix outside range cast of\n double to float. Credit to Google Autofuzz project\n * libtiff/tif_getimage.c: initYCbCrConversion(): check luma[1] is\n not zero to avoid division by zero. Fixes\n https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1665 Credit\n \ to OSS Fuzz\n * libtiff/tif_read.c: _TIFFVSetField(): fix outside range cast of\n double to float. Credit to Google Autofuzz project\n * libtiff/tif_getimage.c: initYCbCrConversion(): check luma[1] is\n not zero to avoid division by zero. Fixes\n https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1665 Credit\n \ to OSS Fuzz\n * libtiff/tif_getimage.c: initYCbCrConversion(): stricter validation\n \ for refBlackWhite coefficients values. To avoid invalid float->int32\n conversion. Fixes\n https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1718 Credit\n \ to OSS Fuzz\n\nCHANGES IN THE TOOLS:\n * tools/fax2tiff.c (main): Applied patch by Jæ\x97¦rg Ahrens to fix\n passing client data for Win32 builds using tif_win32.c\n \ (USE_WIN32_FILEIO defined) for file I/O. Patch was provided via\n email on November 20, 2016.\n * tools/tiffcp.c: avoid uint32 underflow in cpDecodedStrips that\n can cause various issues, such as buffer overflows in the library.\n \ Reported by Agostino Sarubbo. Fixes\n http://bugzilla.maptools.org/show_bug.cgi?id=2598\n * tools/tiffcrop.c: fix readContigStripsIntoBuffer() in -i (ignore)\n mode so that the output buffer is correctly incremented to avoid\n write outside bounds. Reported by Agostino Sarubbo. Fixes\n http://bugzilla.maptools.org/show_bug.cgi?id=2620\n * tools/tiffcrop.c: add 3 extra bytes at end of strip buffer in\n readSeparateStripsIntoBuffer() to avoid read outside of heap\n allocated buffer. Reported by Agostino Sarubbo. Fixes\n http://bugzilla.maptools.org/show_bug.cgi?id=2621\n * tools/tiffcrop.c: fix integer division by zero when BitsPerSample\n is missing. Reported by Agostino Sarubbo. Fixes\n http://bugzilla.maptools.org/show_bug.cgi?id=2619\n * tools/tiffinfo.c: fix null pointer dereference in -r mode when\n the image has no StripByteCount tag. Reported by Agostino Sarubbo.\n Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2594\n * tools/tiffcp.c: avoid potential division by zero is BitsPerSamples\n tag is missing. Reported by Agostino Sarubbo. Fixes\n http://bugzilla.maptools.org/show_bug.cgi?id=2597\n * tools/tif_dir.c: when TIFFGetField(, TIFFTAG_NUMBEROFINKS, ) is\n called, limit the return number of inks to SamplesPerPixel, so\n that code that parses ink names doesn't go past the end of the\n buffer. Reported by Agostino Sarubbo. Fixes\n http://bugzilla.maptools.org/show_bug.cgi?id=2599\n * tools/tiffcp.c: avoid potential division by zero is BitsPerSamples\n tag is missing. Reported by Agostino Sarubbo. Fixes\n http://bugzilla.maptools.org/show_bug.cgi?id=2607\n * tools/tiffcp.c: fix uint32 underflow/overflow that can cause\n heap-based buffer overflow. Reported by Agostino Sarubbo. Fixes\n http://bugzilla.maptools.org/show_bug.cgi?id=2610\n * tools/tiffcp.c: replace assert( (bps % 8) == 0 ) by a non assert\n check. Reported by Agostino Sarubbo. Fixes\n http://bugzilla.maptools.org/show_bug.cgi?id=2605\n * tools/tiff2ps.c: fix 2 heap-based buffer overflows (in PSDataBW\n and PSDataColorContig). Reported by Agostino Sarubbo. Fixes\n http://bugzilla.maptools.org/show_bug.cgi?id=2633 and\n http://bugzilla.maptools.org/show_bug.cgi?id=2634.\n * tools/tiff2pdf.c: prevent heap-based buffer overflow in -j mode\n on a paletted image. Note: this fix errors out before the overflow\n happens. There could probably be a better fix. Fixes\n http://bugzilla.maptools.org/show_bug.cgi?id=2635\n * tools/tiff2pdf.c: fix wrong usage of memcpy() that can trigger\n unspecified behaviour. Fixes\n \ http://bugzilla.maptools.org/show_bug.cgi?id=2638\n * tools/tiff2pdf.c: avoid potential invalid memory read in\n t2p_writeproc. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2639\n * tools/tiff2pdf.c: avoid potential heap-based overflow in\n t2p_readwrite_pdf_image_tile(). Fixes\n http://bugzilla.maptools.org/show_bug.cgi?id=2640\n * tools/tiffcrop.c: remove extraneous TIFFClose() in error code\n path, that caused double free. Related to\n http://bugzilla.maptools.org/show_bug.cgi?id=2535\n * tools/tiffcp.c: error out cleanly in cpContig2SeparateByRow and\n cpSeparate2ContigByRow if BitsPerSample != 8 to avoid heap based\n overflow. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2656\n \ and http://bugzilla.maptools.org/show_bug.cgi?id=2657\n * tools/raw2tiff.c: avoid integer division by zero. Fixes\n http://bugzilla.maptools.org/show_bug.cgi?id=2631\n * tools/tiff2ps.c: call TIFFClose() in error code paths.\n * tools/fax2tiff.c: emit appropriate message if the input file is\n empty. Patch by Alan Coopersmith. Fixes\n http://bugzilla.maptools.org/show_bug.cgi?id=2672\n * tools/tiff2bw.c: close TIFF handle in error code path. Fixes\n http://bugzilla.maptools.org/show_bug.cgi?id=2677\n" module: pkgsrc subject: 'CVS commit: pkgsrc/graphics/tiff' unixtime: '1496065445' user: he