Sun Mar 29 14:47:03 2015 UTC ()
SECURITY: Update libtiff to 4.0.4beta to fix
CVE-2014-8127
CVE-2014-8128
CVE-2014-8129
CVE-2014-8130 (likely)

Remaining unfixed vulnerabilities: CVE-2014-9655, CVE-2015-1547 (but
these are unfixed upstream AFAICS).

ok wiz


(bsiegert)
diff -r1.117 -r1.118 pkgsrc/graphics/tiff/Makefile
diff -r1.17 -r1.18 pkgsrc/graphics/tiff/PLIST
diff -r1.62 -r1.63 pkgsrc/graphics/tiff/distinfo
diff -r1.1 -r0 pkgsrc/graphics/tiff/patches/patch-CVE-2012-4564
diff -r1.1 -r0 pkgsrc/graphics/tiff/patches/patch-CVE-2013-4231
diff -r1.1 -r0 pkgsrc/graphics/tiff/patches/patch-CVE-2013-4243
diff -r1.2 -r0 pkgsrc/graphics/tiff/patches/patch-CVE-2013-1960_1961
cvs diff -r1.117 -r1.118 pkgsrc/graphics/tiff/Makefile (expand / switch to unified diff)

--- pkgsrc/graphics/tiff/Makefile 2014/10/09 14:06:37 1.117
+++ pkgsrc/graphics/tiff/Makefile 2015/03/29 14:47:03 1.118
@@ -1,17 +1,16 @@ @@ -1,17 +1,16 @@
1# $NetBSD: Makefile,v 1.117 2014/10/09 14:06:37 wiz Exp $ 1# $NetBSD: Makefile,v 1.118 2015/03/29 14:47:03 bsiegert Exp $
2 2
3DISTNAME= tiff-4.0.3 3DISTNAME= tiff-4.0.4beta
4PKGREVISION= 6 
5CATEGORIES= graphics 4CATEGORIES= graphics
6MASTER_SITES= ftp://ftp.remotesensing.org/pub/libtiff/ \ 5MASTER_SITES= ftp://ftp.remotesensing.org/pub/libtiff/ \
7 http://libtiff.maptools.org/dl/ 6 http://libtiff.maptools.org/dl/
8 7
9MAINTAINER= pkgsrc-users@NetBSD.org 8MAINTAINER= pkgsrc-users@NetBSD.org
10HOMEPAGE= http://www.remotesensing.org/libtiff/ 9HOMEPAGE= http://www.remotesensing.org/libtiff/
11COMMENT= Library and tools for reading and writing TIFF data files 10COMMENT= Library and tools for reading and writing TIFF data files
12LICENSE= mit 11LICENSE= mit
13 12
14EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} 13EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX}
15 14
16USE_LANGUAGES= c c++ 15USE_LANGUAGES= c c++
17USE_LIBTOOL= yes 16USE_LIBTOOL= yes
cvs diff -r1.17 -r1.18 pkgsrc/graphics/tiff/PLIST (expand / switch to unified diff)

--- pkgsrc/graphics/tiff/PLIST 2012/10/01 18:11:29 1.17
+++ pkgsrc/graphics/tiff/PLIST 2015/03/29 14:47:03 1.18
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1@comment $NetBSD: PLIST,v 1.17 2012/10/01 18:11:29 adam Exp $ 1@comment $NetBSD: PLIST,v 1.18 2015/03/29 14:47:03 bsiegert Exp $
2bin/bmp2tiff 2bin/bmp2tiff
3bin/fax2ps 3bin/fax2ps
4bin/fax2tiff 4bin/fax2tiff
5bin/gif2tiff 5bin/gif2tiff
6bin/pal2rgb 6bin/pal2rgb
7bin/ppm2tiff 7bin/ppm2tiff
8bin/ras2tiff 8bin/ras2tiff
9bin/raw2tiff 9bin/raw2tiff
10bin/rgb2ycbcr 10bin/rgb2ycbcr
11bin/thumbnail 11bin/thumbnail
12bin/tiff2bw 12bin/tiff2bw
13bin/tiff2pdf 13bin/tiff2pdf
14bin/tiff2ps 14bin/tiff2ps
@@ -236,13 +236,15 @@ share/doc/tiff/html/v3.7.0beta2.html @@ -236,13 +236,15 @@ share/doc/tiff/html/v3.7.0beta2.html
236share/doc/tiff/html/v3.7.1.html 236share/doc/tiff/html/v3.7.1.html
237share/doc/tiff/html/v3.7.2.html 237share/doc/tiff/html/v3.7.2.html
238share/doc/tiff/html/v3.7.3.html 238share/doc/tiff/html/v3.7.3.html
239share/doc/tiff/html/v3.7.4.html 239share/doc/tiff/html/v3.7.4.html
240share/doc/tiff/html/v3.8.0.html 240share/doc/tiff/html/v3.8.0.html
241share/doc/tiff/html/v3.8.1.html 241share/doc/tiff/html/v3.8.1.html
242share/doc/tiff/html/v3.8.2.html 242share/doc/tiff/html/v3.8.2.html
243share/doc/tiff/html/v3.9.0beta.html 243share/doc/tiff/html/v3.9.0beta.html
244share/doc/tiff/html/v3.9.1.html 244share/doc/tiff/html/v3.9.1.html
245share/doc/tiff/html/v3.9.2.html 245share/doc/tiff/html/v3.9.2.html
246share/doc/tiff/html/v4.0.0.html 246share/doc/tiff/html/v4.0.0.html
247share/doc/tiff/html/v4.0.1.html 247share/doc/tiff/html/v4.0.1.html
248share/doc/tiff/html/v4.0.2.html 248share/doc/tiff/html/v4.0.2.html
 249share/doc/tiff/html/v4.0.3.html
 250share/doc/tiff/html/v4.0.4beta.html
cvs diff -r1.62 -r1.63 pkgsrc/graphics/tiff/distinfo (expand / switch to unified diff)

--- pkgsrc/graphics/tiff/distinfo 2013/09/21 18:47:05 1.62
+++ pkgsrc/graphics/tiff/distinfo 2015/03/29 14:47:03 1.63
@@ -1,10 +1,6 @@ @@ -1,10 +1,6 @@
1$NetBSD: distinfo,v 1.62 2013/09/21 18:47:05 dholland Exp $ 1$NetBSD: distinfo,v 1.63 2015/03/29 14:47:03 bsiegert Exp $
2 2
3SHA1 (tiff-4.0.3.tar.gz) = 652e97b78f1444237a82cbcfe014310e776eb6f0 3SHA1 (tiff-4.0.4beta.tar.gz) = 987568b81f6c40653eb79386fa0e163f3c6ab6fb
4RMD160 (tiff-4.0.3.tar.gz) = eacd725fb3c299682c1c2e508049d98acd170f31 4RMD160 (tiff-4.0.4beta.tar.gz) = 0f7c47bad8d6d9cd75d3bf42abf0a6133c1ea129
5Size (tiff-4.0.3.tar.gz) = 2051630 bytes 5Size (tiff-4.0.4beta.tar.gz) = 2098962 bytes
6SHA1 (patch-CVE-2012-4564) = bda3b26e431e8234e5afd984a086c980a8eb6c41 
7SHA1 (patch-CVE-2013-1960_1961) = b815edbeeb1eb23ce2633060dd390985dec794f3 
8SHA1 (patch-CVE-2013-4231) = bc1420583b9c4b0a34d26142bc35b6d0d26af529 
9SHA1 (patch-CVE-2013-4243) = e5d37df64620451f9a34a3f6c14825873db9c1bd 
10SHA1 (patch-configure) = 1fb9ef790a59ac9c1396dd8e962c75946e2c998a 6SHA1 (patch-configure) = 1fb9ef790a59ac9c1396dd8e962c75946e2c998a
File Deleted: pkgsrc/graphics/tiff/patches/Attic/patch-CVE-2012-4564
File Deleted: pkgsrc/graphics/tiff/patches/Attic/patch-CVE-2013-4231
File Deleted: pkgsrc/graphics/tiff/patches/Attic/patch-CVE-2013-4243
File Deleted: pkgsrc/graphics/tiff/patches/Attic/patch-CVE-2013-1960_1961