Wed Jun 21 02:47:45 2017 UTC ()
One more try to get the patches and distinfo done correctly.


(pgoyette)
diff -r1.85 -r1.86 pkgsrc/graphics/tiff/distinfo
diff -r1.2 -r1.3 pkgsrc/graphics/tiff/patches/patch-libtiff_tif_dir.h
diff -r1.2 -r1.3 pkgsrc/graphics/tiff/patches/patch-libtiff_tif_dirinfo.c
diff -r1.6 -r1.7 pkgsrc/graphics/tiff/patches/patch-libtiff_tif_dirread.c
cvs diff -r1.85 -r1.86 pkgsrc/graphics/tiff/distinfo (expand / switch to unified diff)

--- pkgsrc/graphics/tiff/distinfo 2017/06/21 02:40:27 1.85
+++ pkgsrc/graphics/tiff/distinfo 2017/06/21 02:47:45 1.86
@@ -1,10 +1,10 @@ @@ -1,10 +1,10 @@
1$NetBSD: distinfo,v 1.85 2017/06/21 02:40:27 pgoyette Exp $ 1$NetBSD: distinfo,v 1.86 2017/06/21 02:47:45 pgoyette Exp $
2 2
3SHA1 (tiff-4.0.8.tar.gz) = 88717c97480a7976c94d23b6d9ed4ac74715267f 3SHA1 (tiff-4.0.8.tar.gz) = 88717c97480a7976c94d23b6d9ed4ac74715267f
4RMD160 (tiff-4.0.8.tar.gz) = 0d8bc26c98035810c73b8f876f76dc48efba7da8 4RMD160 (tiff-4.0.8.tar.gz) = 0d8bc26c98035810c73b8f876f76dc48efba7da8
5SHA512 (tiff-4.0.8.tar.gz) = 5d010ec4ce37aca733f7ab7db9f432987b0cd21664bd9d99452a146833c40f0d1e7309d1870b0395e947964134d5cfeb1366181e761fe353ad585803ff3d6be6 5SHA512 (tiff-4.0.8.tar.gz) = 5d010ec4ce37aca733f7ab7db9f432987b0cd21664bd9d99452a146833c40f0d1e7309d1870b0395e947964134d5cfeb1366181e761fe353ad585803ff3d6be6
6Size (tiff-4.0.8.tar.gz) = 2065574 bytes 6Size (tiff-4.0.8.tar.gz) = 2065574 bytes
7SHA1 (patch-configure) = a0032133f06b6ac92bbf52349fabe83f74ea14a6 7SHA1 (patch-configure) = a0032133f06b6ac92bbf52349fabe83f74ea14a6
8SHA1 (patch-libtiff_tif_dir.h) = ac7ce7317331183b81b5e9819f052081ab941aee 8SHA1 (patch-libtiff_tif_dir.h) = 50f565eac6a7157a7c99923f4b3ffaf31b021644
9SHA1 (patch-libtiff_tif_dirinfo.c) = 3c9ff36a18ed0d74de0365ac2a750544ff8b0152 9SHA1 (patch-libtiff_tif_dirinfo.c) = cd0e4da46f62d888128e558c16ebcc6a867274df
10SHA1 (patch-libtiff_tif_dirread.c) = bdf576963cdf5c511a57ba31eb4f7a2215b36647 10SHA1 (patch-libtiff_tif_dirread.c) = d98b5cb0ceca8f5923c015b09f04da3b8af094e5
cvs diff -r1.2 -r1.3 pkgsrc/graphics/tiff/patches/Attic/patch-libtiff_tif_dir.h (expand / switch to unified diff)

--- pkgsrc/graphics/tiff/patches/Attic/patch-libtiff_tif_dir.h 2017/06/21 02:38:21 1.2
+++ pkgsrc/graphics/tiff/patches/Attic/patch-libtiff_tif_dir.h 2017/06/21 02:47:45 1.3
@@ -1,31 +1,25 @@ @@ -1,31 +1,25 @@
1$NetBSD: patch-libtiff_tif_dir.h,v 1.2 2017/06/21 02:38:21 pgoyette Exp $ 1$NetBSD: patch-libtiff_tif_dir.h,v 1.3 2017/06/21 02:47:45 pgoyette Exp $
2 2
3fix CVE-2014-8128, CVE-2016-5318, CVE-2015-7554 & CVE-2016-10095 3fix CVE-2014-8128, CVE-2016-5318, CVE-2015-7554 & CVE-2016-10095
4per http://bugzilla.maptools.org/show_bug.cgi?id=2580 4per http://bugzilla.maptools.org/show_bug.cgi?id=2580
5 5
6also CVE-2017-9147 6also CVE-2017-9147
7(http://bugzilla.maptools.org/show_bug.cgi?id=2693) 7(http://bugzilla.maptools.org/show_bug.cgi?id=2693)
8 8
9 9
10Index: tif_dir.h 10Index: tif_dir.h
11=================================================================== 11===================================================================
12RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.h,v 12RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.h,v
13retrieving revision 1.54 13retrieving revision 1.54
14retrieving revision 1.55 14retrieving revision 1.55
15diff -w -u -b -r1.54 -r1.55 15diff -w -u -b -r1.54 -r1.55
16--- libtiff/tif_dir.h.orig 18 Feb 2011 20:53:05 -0000 1.54 16--- libtiff/tif_dir.h.orig 18 Feb 2011 20:53:05 -0000 1.54
17+++ libtiff/tif_dir.h 1 Jun 2017 12:44:04 -0000 1.55 17+++ libtiff/tif_dir.h 1 Jun 2017 12:44:04 -0000 1.55
18@@ -1,4 +1,4 @@ 
19-/* $Id: patch-libtiff_tif_dir.h,v 1.2 2017/06/21 02:38:21 pgoyette Exp $ */ 
20+/* $Id: patch-libtiff_tif_dir.h,v 1.2 2017/06/21 02:38:21 pgoyette Exp $ */ 
21  
22 /* 
23 * Copyright (c) 1988-1997 Sam Leffler 
24@@ -291,6 +291,7 @@ 18@@ -291,6 +291,7 @@
25 extern int _TIFFMergeFields(TIFF*, const TIFFField[], uint32); 19 extern int _TIFFMergeFields(TIFF*, const TIFFField[], uint32);
26 extern const TIFFField* _TIFFFindOrRegisterField(TIFF *, uint32, TIFFDataType); 20 extern const TIFFField* _TIFFFindOrRegisterField(TIFF *, uint32, TIFFDataType);
27 extern TIFFField* _TIFFCreateAnonField(TIFF *, uint32, TIFFDataType); 21 extern TIFFField* _TIFFCreateAnonField(TIFF *, uint32, TIFFDataType);
28+extern int _TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag); 22+extern int _TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag);
29  23
30 #if defined(__cplusplus) 24 #if defined(__cplusplus)
31 } 25 }
cvs diff -r1.2 -r1.3 pkgsrc/graphics/tiff/patches/Attic/patch-libtiff_tif_dirinfo.c (expand / switch to unified diff)

--- pkgsrc/graphics/tiff/patches/Attic/patch-libtiff_tif_dirinfo.c 2017/06/21 02:38:21 1.2
+++ pkgsrc/graphics/tiff/patches/Attic/patch-libtiff_tif_dirinfo.c 2017/06/21 02:47:45 1.3
@@ -1,36 +1,30 @@ @@ -1,36 +1,30 @@
1$NetBSD: patch-libtiff_tif_dirinfo.c,v 1.2 2017/06/21 02:38:21 pgoyette Exp $ 1$NetBSD: patch-libtiff_tif_dirinfo.c,v 1.3 2017/06/21 02:47:45 pgoyette Exp $
2 2
3fix CVE-2014-8128, CVE-2016-5318, CVE-2015-7554 & CVE-2016-10095 3fix CVE-2014-8128, CVE-2016-5318, CVE-2015-7554 & CVE-2016-10095
4per http://bugzilla.maptools.org/show_bug.cgi?id=2580 4per http://bugzilla.maptools.org/show_bug.cgi?id=2580
5 5
6also CVE-2017-9147  6also CVE-2017-9147
7(http://bugzilla.maptools.org/show_bug.cgi?id=2693) 7(http://bugzilla.maptools.org/show_bug.cgi?id=2693)
8 8
9 9
10Index: tif_dirinfo.c 10Index: tif_dirinfo.c
11=================================================================== 11===================================================================
12RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirinfo.c,v 12RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirinfo.c,v
13retrieving revision 1.126 13retrieving revision 1.126
14retrieving revision 1.127 14retrieving revision 1.127
15diff -w -u -b -r1.126 -r1.127 15diff -w -u -b -r1.126 -r1.127
16--- libtiff/tif_dirinfo.c.orig 18 Nov 2016 02:52:13 -0000 1.126 16--- libtiff/tif_dirinfo.c.orig 18 Nov 2016 02:52:13 -0000 1.126
17+++ libtiff/tif_dirinfo.c 1 Jun 2017 12:44:04 -0000 1.127 17+++ libtiff/tif_dirinfo.c 1 Jun 2017 12:44:04 -0000 1.127
18@@ -1,4 +1,4 @@ 
19-/* $Id: patch-libtiff_tif_dirinfo.c,v 1.2 2017/06/21 02:38:21 pgoyette Exp $ */ 
20+/* $Id: patch-libtiff_tif_dirinfo.c,v 1.2 2017/06/21 02:38:21 pgoyette Exp $ */ 
21  
22 /* 
23 * Copyright (c) 1988-1997 Sam Leffler 
24@@ -956,6 +956,109 @@ 18@@ -956,6 +956,109 @@
25 return 0; 19 return 0;
26 } 20 }
27  21
28+int 22+int
29+_TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag) 23+_TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag)
30+{ 24+{
31+ /* Filter out non-codec specific tags */ 25+ /* Filter out non-codec specific tags */
32+ switch (tag) { 26+ switch (tag) {
33+ /* Shared tags */ 27+ /* Shared tags */
34+ case TIFFTAG_PREDICTOR: 28+ case TIFFTAG_PREDICTOR:
35+ /* JPEG tags */ 29+ /* JPEG tags */
36+ case TIFFTAG_JPEGTABLES: 30+ case TIFFTAG_JPEGTABLES:
cvs diff -r1.6 -r1.7 pkgsrc/graphics/tiff/patches/Attic/patch-libtiff_tif_dirread.c (expand / switch to unified diff)

--- pkgsrc/graphics/tiff/patches/Attic/patch-libtiff_tif_dirread.c 2017/06/21 02:38:21 1.6
+++ pkgsrc/graphics/tiff/patches/Attic/patch-libtiff_tif_dirread.c 2017/06/21 02:47:45 1.7
@@ -1,34 +1,28 @@ @@ -1,34 +1,28 @@
1$NetBSD: patch-libtiff_tif_dirread.c,v 1.6 2017/06/21 02:38:21 pgoyette Exp $ 1$NetBSD: patch-libtiff_tif_dirread.c,v 1.7 2017/06/21 02:47:45 pgoyette Exp $
2 2
3fix CVE-2014-8128, CVE-2016-5318, CVE-2015-7554 & CVE-2016-10095 3fix CVE-2014-8128, CVE-2016-5318, CVE-2015-7554 & CVE-2016-10095
4per http://bugzilla.maptools.org/show_bug.cgi?id=2580 4per http://bugzilla.maptools.org/show_bug.cgi?id=2580
5 5
6also CVE-2017-9147  6also CVE-2017-9147
7(http://bugzilla.maptools.org/show_bug.cgi?id=2693) 7(http://bugzilla.maptools.org/show_bug.cgi?id=2693)
8 8
9 9
10Index: tif_dirread.c 10Index: tif_dirread.c
11=================================================================== 11===================================================================
12RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v 12RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v
13retrieving revision 1.208 13retrieving revision 1.208
14retrieving revision 1.209 14retrieving revision 1.209
15diff -w -u -b -r1.208 -r1.209 15diff -w -u -b -r1.208 -r1.209
16--- libtiff/tif_dirread.c.orig 27 Apr 2017 15:46:22 -0000 1.208 16--- libtiff/tif_dirread.c.orig 27 Apr 2017 15:46:22 -0000 1.208
17+++ libtiff/tif_dirread.c 1 Jun 2017 12:44:04 -0000 1.209 17+++ libtiff/tif_dirread.c 1 Jun 2017 12:44:04 -0000 1.209
18@@ -1,4 +1,4 @@ 
19-/* $Id: patch-libtiff_tif_dirread.c,v 1.6 2017/06/21 02:38:21 pgoyette Exp $ */ 
20+/* $Id: patch-libtiff_tif_dirread.c,v 1.6 2017/06/21 02:38:21 pgoyette Exp $ */ 
21  
22 /* 
23 * Copyright (c) 1988-1997 Sam Leffler 
24@@ -3580,6 +3580,10 @@ 18@@ -3580,6 +3580,10 @@
25 goto bad; 19 goto bad;
26 dp->tdir_tag=IGNORE; 20 dp->tdir_tag=IGNORE;
27 break; 21 break;
28+ default: 22+ default:
29+ if( !_TIFFCheckFieldIsValidForCodec(tif, dp->tdir_tag) ) 23+ if( !_TIFFCheckFieldIsValidForCodec(tif, dp->tdir_tag) )
30+ dp->tdir_tag=IGNORE; 24+ dp->tdir_tag=IGNORE;
31+ break; 25+ break;
32 } 26 }
33 } 27 }
34 } 28 }