One more try to get the patches and distinfo done correctly.diff -r1.85 -r1.86 pkgsrc/graphics/tiff/distinfo
(pgoyette)
@@ -1,10 +1,10 @@ | @@ -1,10 +1,10 @@ | |||
1 | $NetBSD: distinfo,v 1.85 2017/06/21 02:40:27 pgoyette Exp $ | 1 | $NetBSD: distinfo,v 1.86 2017/06/21 02:47:45 pgoyette Exp $ | |
2 | 2 | |||
3 | SHA1 (tiff-4.0.8.tar.gz) = 88717c97480a7976c94d23b6d9ed4ac74715267f | 3 | SHA1 (tiff-4.0.8.tar.gz) = 88717c97480a7976c94d23b6d9ed4ac74715267f | |
4 | RMD160 (tiff-4.0.8.tar.gz) = 0d8bc26c98035810c73b8f876f76dc48efba7da8 | 4 | RMD160 (tiff-4.0.8.tar.gz) = 0d8bc26c98035810c73b8f876f76dc48efba7da8 | |
5 | SHA512 (tiff-4.0.8.tar.gz) = 5d010ec4ce37aca733f7ab7db9f432987b0cd21664bd9d99452a146833c40f0d1e7309d1870b0395e947964134d5cfeb1366181e761fe353ad585803ff3d6be6 | 5 | SHA512 (tiff-4.0.8.tar.gz) = 5d010ec4ce37aca733f7ab7db9f432987b0cd21664bd9d99452a146833c40f0d1e7309d1870b0395e947964134d5cfeb1366181e761fe353ad585803ff3d6be6 | |
6 | Size (tiff-4.0.8.tar.gz) = 2065574 bytes | 6 | Size (tiff-4.0.8.tar.gz) = 2065574 bytes | |
7 | SHA1 (patch-configure) = a0032133f06b6ac92bbf52349fabe83f74ea14a6 | 7 | SHA1 (patch-configure) = a0032133f06b6ac92bbf52349fabe83f74ea14a6 | |
8 | SHA1 (patch-libtiff_tif_dir.h) = ac7ce7317331183b81b5e9819f052081ab941aee | 8 | SHA1 (patch-libtiff_tif_dir.h) = 50f565eac6a7157a7c99923f4b3ffaf31b021644 | |
9 | SHA1 (patch-libtiff_tif_dirinfo.c) = 3c9ff36a18ed0d74de0365ac2a750544ff8b0152 | 9 | SHA1 (patch-libtiff_tif_dirinfo.c) = cd0e4da46f62d888128e558c16ebcc6a867274df | |
10 | SHA1 (patch-libtiff_tif_dirread.c) = bdf576963cdf5c511a57ba31eb4f7a2215b36647 | 10 | SHA1 (patch-libtiff_tif_dirread.c) = d98b5cb0ceca8f5923c015b09f04da3b8af094e5 |
@@ -1,31 +1,25 @@ | @@ -1,31 +1,25 @@ | |||
1 | $NetBSD: patch-libtiff_tif_dir.h,v 1.2 2017/06/21 02:38:21 pgoyette Exp $ | 1 | $NetBSD: patch-libtiff_tif_dir.h,v 1.3 2017/06/21 02:47:45 pgoyette Exp $ | |
2 | 2 | |||
3 | fix CVE-2014-8128, CVE-2016-5318, CVE-2015-7554 & CVE-2016-10095 | 3 | fix CVE-2014-8128, CVE-2016-5318, CVE-2015-7554 & CVE-2016-10095 | |
4 | per http://bugzilla.maptools.org/show_bug.cgi?id=2580 | 4 | per http://bugzilla.maptools.org/show_bug.cgi?id=2580 | |
5 | 5 | |||
6 | also CVE-2017-9147 | 6 | also CVE-2017-9147 | |
7 | (http://bugzilla.maptools.org/show_bug.cgi?id=2693) | 7 | (http://bugzilla.maptools.org/show_bug.cgi?id=2693) | |
8 | 8 | |||
9 | 9 | |||
10 | Index: tif_dir.h | 10 | Index: tif_dir.h | |
11 | =================================================================== | 11 | =================================================================== | |
12 | RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.h,v | 12 | RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.h,v | |
13 | retrieving revision 1.54 | 13 | retrieving revision 1.54 | |
14 | retrieving revision 1.55 | 14 | retrieving revision 1.55 | |
15 | diff -w -u -b -r1.54 -r1.55 | 15 | diff -w -u -b -r1.54 -r1.55 | |
16 | --- libtiff/tif_dir.h.orig 18 Feb 2011 20:53:05 -0000 1.54 | 16 | --- libtiff/tif_dir.h.orig 18 Feb 2011 20:53:05 -0000 1.54 | |
17 | +++ libtiff/tif_dir.h 1 Jun 2017 12:44:04 -0000 1.55 | 17 | +++ libtiff/tif_dir.h 1 Jun 2017 12:44:04 -0000 1.55 | |
18 | @@ -1,4 +1,4 @@ | |||
19 | -/* $Id: patch-libtiff_tif_dir.h,v 1.2 2017/06/21 02:38:21 pgoyette Exp $ */ | |||
20 | +/* $Id: patch-libtiff_tif_dir.h,v 1.2 2017/06/21 02:38:21 pgoyette Exp $ */ | |||
21 | ||||
22 | /* | |||
23 | * Copyright (c) 1988-1997 Sam Leffler | |||
24 | @@ -291,6 +291,7 @@ | 18 | @@ -291,6 +291,7 @@ | |
25 | extern int _TIFFMergeFields(TIFF*, const TIFFField[], uint32); | 19 | extern int _TIFFMergeFields(TIFF*, const TIFFField[], uint32); | |
26 | extern const TIFFField* _TIFFFindOrRegisterField(TIFF *, uint32, TIFFDataType); | 20 | extern const TIFFField* _TIFFFindOrRegisterField(TIFF *, uint32, TIFFDataType); | |
27 | extern TIFFField* _TIFFCreateAnonField(TIFF *, uint32, TIFFDataType); | 21 | extern TIFFField* _TIFFCreateAnonField(TIFF *, uint32, TIFFDataType); | |
28 | +extern int _TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag); | 22 | +extern int _TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag); | |
29 | 23 | |||
30 | #if defined(__cplusplus) | 24 | #if defined(__cplusplus) | |
31 | } | 25 | } |
@@ -1,36 +1,30 @@ | @@ -1,36 +1,30 @@ | |||
1 | $NetBSD: patch-libtiff_tif_dirinfo.c,v 1.2 2017/06/21 02:38:21 pgoyette Exp $ | 1 | $NetBSD: patch-libtiff_tif_dirinfo.c,v 1.3 2017/06/21 02:47:45 pgoyette Exp $ | |
2 | 2 | |||
3 | fix CVE-2014-8128, CVE-2016-5318, CVE-2015-7554 & CVE-2016-10095 | 3 | fix CVE-2014-8128, CVE-2016-5318, CVE-2015-7554 & CVE-2016-10095 | |
4 | per http://bugzilla.maptools.org/show_bug.cgi?id=2580 | 4 | per http://bugzilla.maptools.org/show_bug.cgi?id=2580 | |
5 | 5 | |||
6 | also CVE-2017-9147 | 6 | also CVE-2017-9147 | |
7 | (http://bugzilla.maptools.org/show_bug.cgi?id=2693) | 7 | (http://bugzilla.maptools.org/show_bug.cgi?id=2693) | |
8 | 8 | |||
9 | 9 | |||
10 | Index: tif_dirinfo.c | 10 | Index: tif_dirinfo.c | |
11 | =================================================================== | 11 | =================================================================== | |
12 | RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirinfo.c,v | 12 | RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirinfo.c,v | |
13 | retrieving revision 1.126 | 13 | retrieving revision 1.126 | |
14 | retrieving revision 1.127 | 14 | retrieving revision 1.127 | |
15 | diff -w -u -b -r1.126 -r1.127 | 15 | diff -w -u -b -r1.126 -r1.127 | |
16 | --- libtiff/tif_dirinfo.c.orig 18 Nov 2016 02:52:13 -0000 1.126 | 16 | --- libtiff/tif_dirinfo.c.orig 18 Nov 2016 02:52:13 -0000 1.126 | |
17 | +++ libtiff/tif_dirinfo.c 1 Jun 2017 12:44:04 -0000 1.127 | 17 | +++ libtiff/tif_dirinfo.c 1 Jun 2017 12:44:04 -0000 1.127 | |
18 | @@ -1,4 +1,4 @@ | |||
19 | -/* $Id: patch-libtiff_tif_dirinfo.c,v 1.2 2017/06/21 02:38:21 pgoyette Exp $ */ | |||
20 | +/* $Id: patch-libtiff_tif_dirinfo.c,v 1.2 2017/06/21 02:38:21 pgoyette Exp $ */ | |||
21 | ||||
22 | /* | |||
23 | * Copyright (c) 1988-1997 Sam Leffler | |||
24 | @@ -956,6 +956,109 @@ | 18 | @@ -956,6 +956,109 @@ | |
25 | return 0; | 19 | return 0; | |
26 | } | 20 | } | |
27 | 21 | |||
28 | +int | 22 | +int | |
29 | +_TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag) | 23 | +_TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag) | |
30 | +{ | 24 | +{ | |
31 | + /* Filter out non-codec specific tags */ | 25 | + /* Filter out non-codec specific tags */ | |
32 | + switch (tag) { | 26 | + switch (tag) { | |
33 | + /* Shared tags */ | 27 | + /* Shared tags */ | |
34 | + case TIFFTAG_PREDICTOR: | 28 | + case TIFFTAG_PREDICTOR: | |
35 | + /* JPEG tags */ | 29 | + /* JPEG tags */ | |
36 | + case TIFFTAG_JPEGTABLES: | 30 | + case TIFFTAG_JPEGTABLES: |
@@ -1,34 +1,28 @@ | @@ -1,34 +1,28 @@ | |||
1 | $NetBSD: patch-libtiff_tif_dirread.c,v 1.6 2017/06/21 02:38:21 pgoyette Exp $ | 1 | $NetBSD: patch-libtiff_tif_dirread.c,v 1.7 2017/06/21 02:47:45 pgoyette Exp $ | |
2 | 2 | |||
3 | fix CVE-2014-8128, CVE-2016-5318, CVE-2015-7554 & CVE-2016-10095 | 3 | fix CVE-2014-8128, CVE-2016-5318, CVE-2015-7554 & CVE-2016-10095 | |
4 | per http://bugzilla.maptools.org/show_bug.cgi?id=2580 | 4 | per http://bugzilla.maptools.org/show_bug.cgi?id=2580 | |
5 | 5 | |||
6 | also CVE-2017-9147 | 6 | also CVE-2017-9147 | |
7 | (http://bugzilla.maptools.org/show_bug.cgi?id=2693) | 7 | (http://bugzilla.maptools.org/show_bug.cgi?id=2693) | |
8 | 8 | |||
9 | 9 | |||
10 | Index: tif_dirread.c | 10 | Index: tif_dirread.c | |
11 | =================================================================== | 11 | =================================================================== | |
12 | RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v | 12 | RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v | |
13 | retrieving revision 1.208 | 13 | retrieving revision 1.208 | |
14 | retrieving revision 1.209 | 14 | retrieving revision 1.209 | |
15 | diff -w -u -b -r1.208 -r1.209 | 15 | diff -w -u -b -r1.208 -r1.209 | |
16 | --- libtiff/tif_dirread.c.orig 27 Apr 2017 15:46:22 -0000 1.208 | 16 | --- libtiff/tif_dirread.c.orig 27 Apr 2017 15:46:22 -0000 1.208 | |
17 | +++ libtiff/tif_dirread.c 1 Jun 2017 12:44:04 -0000 1.209 | 17 | +++ libtiff/tif_dirread.c 1 Jun 2017 12:44:04 -0000 1.209 | |
18 | @@ -1,4 +1,4 @@ | |||
19 | -/* $Id: patch-libtiff_tif_dirread.c,v 1.6 2017/06/21 02:38:21 pgoyette Exp $ */ | |||
20 | +/* $Id: patch-libtiff_tif_dirread.c,v 1.6 2017/06/21 02:38:21 pgoyette Exp $ */ | |||
21 | ||||
22 | /* | |||
23 | * Copyright (c) 1988-1997 Sam Leffler | |||
24 | @@ -3580,6 +3580,10 @@ | 18 | @@ -3580,6 +3580,10 @@ | |
25 | goto bad; | 19 | goto bad; | |
26 | dp->tdir_tag=IGNORE; | 20 | dp->tdir_tag=IGNORE; | |
27 | break; | 21 | break; | |
28 | + default: | 22 | + default: | |
29 | + if( !_TIFFCheckFieldIsValidForCodec(tif, dp->tdir_tag) ) | 23 | + if( !_TIFFCheckFieldIsValidForCodec(tif, dp->tdir_tag) ) | |
30 | + dp->tdir_tag=IGNORE; | 24 | + dp->tdir_tag=IGNORE; | |
31 | + break; | 25 | + break; | |
32 | } | 26 | } | |
33 | } | 27 | } | |
34 | } | 28 | } |