head 1.2; access; symbols pkgsrc-2018Q3:1.1.0.6 pkgsrc-2018Q3-base:1.1 pkgsrc-2018Q2:1.1.0.4 pkgsrc-2018Q2-base:1.1 pkgsrc-2018Q1:1.1.0.2 pkgsrc-2018Q1-base:1.1; locks; strict; comment @# @; 1.2 date 2018.11.10.21.14.53; author maya; state dead; branches; next 1.1; commitid lm5TEIUSGHQMrrZA; 1.1 date 2018.01.16.23.52.06; author tez; state Exp; branches 1.1.6.1; next ; commitid JHK44gmQ1Z0HT9nA; 1.1.6.1 date 2018.11.22.05.50.52; author spz; state dead; branches; next ; commitid m2GMcbBRshx9XT0B; desc @@ 1.2 log @tiff: update to 4.0.10 It has been a year since the previous release. This is the first release made from the Git repository at https://gitlab.com/libtiff/libtiff using a collaborative process. Since the previous release, a number of security issues have been fixed, and some significant new features have been added. This release adds support for Zstd and WebP compression algorithms. In their own way, each of these compression algorithms is highly complimentary to TIFF. Zstd provides improved compression and decompression speed vs zlib's Deflate as well as a broader range of compression ratios. Zstd is developed by Facebook and the implementation continues to be improved. WebP is optimized for small/medium 8-bit images while offering improved compression performance vs traditional JPEG. WebP works well in strips or tiles to compress large images down to very small files, while preserving a good looking image. WebP is developed by Google, and its implementation continues to be improved. Due to Adobe's TIFF tag registration interface going off-line, we have had to assign our own tags for Zstd and WebP. @ text @$NetBSD: patch-CVE-2017-9935,v 1.1 2018/01/16 23:52:06 tez Exp $ Patch for cve-2017-9935 from upstream git repo --- libtiff/tif_dir.c.orig +++ libtiff/tif_dir.c @@@@ -1065,6 +1065,9 @@@@ if (td->td_samplesperpixel - td->td_extrasamples > 1) { *va_arg(ap, uint16**) = td->td_transferfunction[1]; *va_arg(ap, uint16**) = td->td_transferfunction[2]; + } else { + *va_arg(ap, uint16**) = NULL; + *va_arg(ap, uint16**) = NULL; } break; case TIFFTAG_REFERENCEBLACKWHITE: --- tools/tiff2pdf.c.orig 2017-10-29 18:50:41.000000000 +0000 +++ tools/tiff2pdf.c @@@@ -237,7 +237,7 @@@@ typedef struct { float tiff_whitechromaticities[2]; float tiff_primarychromaticities[6]; float tiff_referenceblackwhite[2]; - float* tiff_transferfunction[3]; + uint16* tiff_transferfunction[3]; int pdf_image_interpolate; /* 0 (default) : do not interpolate, 1 : interpolate */ uint16 tiff_transferfunctioncount; @@@@ -1047,6 +1047,8 @@@@ void t2p_read_tiff_init(T2P* t2p, TIFF* uint16 pagen=0; uint16 paged=0; uint16 xuint16=0; + uint16 tiff_transferfunctioncount=0; + uint16* tiff_transferfunction[3]; directorycount=TIFFNumberOfDirectories(input); t2p->tiff_pages = (T2P_PAGE*) _TIFFmalloc(TIFFSafeMultiply(tmsize_t,directorycount,sizeof(T2P_PAGE))); @@@@ -1147,26 +1149,48 @@@@ void t2p_read_tiff_init(T2P* t2p, TIFF* } #endif if (TIFFGetField(input, TIFFTAG_TRANSFERFUNCTION, - &(t2p->tiff_transferfunction[0]), - &(t2p->tiff_transferfunction[1]), - &(t2p->tiff_transferfunction[2]))) { - if((t2p->tiff_transferfunction[1] != (float*) NULL) && - (t2p->tiff_transferfunction[2] != (float*) NULL) && - (t2p->tiff_transferfunction[1] != - t2p->tiff_transferfunction[0])) { - t2p->tiff_transferfunctioncount = 3; - t2p->tiff_pages[i].page_extra += 4; - t2p->pdf_xrefcount += 4; - } else { - t2p->tiff_transferfunctioncount = 1; - t2p->tiff_pages[i].page_extra += 2; - t2p->pdf_xrefcount += 2; - } - if(t2p->pdf_minorversion < 2) - t2p->pdf_minorversion = 2; + &(tiff_transferfunction[0]), + &(tiff_transferfunction[1]), + &(tiff_transferfunction[2]))) { + + if((tiff_transferfunction[1] != (uint16*) NULL) && + (tiff_transferfunction[2] != (uint16*) NULL) + ) { + tiff_transferfunctioncount=3; + } else { + tiff_transferfunctioncount=1; + } } else { - t2p->tiff_transferfunctioncount=0; + tiff_transferfunctioncount=0; } + + if (i > 0){ + if (tiff_transferfunctioncount != t2p->tiff_transferfunctioncount){ + TIFFError( + TIFF2PDF_MODULE, + "Different transfer function on page %d", + i); + t2p->t2p_error = T2P_ERR_ERROR; + return; + } + } + + t2p->tiff_transferfunctioncount = tiff_transferfunctioncount; + t2p->tiff_transferfunction[0] = tiff_transferfunction[0]; + t2p->tiff_transferfunction[1] = tiff_transferfunction[1]; + t2p->tiff_transferfunction[2] = tiff_transferfunction[2]; + if(tiff_transferfunctioncount == 3){ + t2p->tiff_pages[i].page_extra += 4; + t2p->pdf_xrefcount += 4; + if(t2p->pdf_minorversion < 2) + t2p->pdf_minorversion = 2; + } else if (tiff_transferfunctioncount == 1){ + t2p->tiff_pages[i].page_extra += 2; + t2p->pdf_xrefcount += 2; + if(t2p->pdf_minorversion < 2) + t2p->pdf_minorversion = 2; + } + if( TIFFGetField( input, TIFFTAG_ICCPROFILE, @@@@ -1827,10 +1851,9 @@@@ void t2p_read_tiff_data(T2P* t2p, TIFF* &(t2p->tiff_transferfunction[0]), &(t2p->tiff_transferfunction[1]), &(t2p->tiff_transferfunction[2]))) { - if((t2p->tiff_transferfunction[1] != (float*) NULL) && - (t2p->tiff_transferfunction[2] != (float*) NULL) && - (t2p->tiff_transferfunction[1] != - t2p->tiff_transferfunction[0])) { + if((t2p->tiff_transferfunction[1] != (uint16*) NULL) && + (t2p->tiff_transferfunction[2] != (uint16*) NULL) + ) { t2p->tiff_transferfunctioncount=3; } else { t2p->tiff_transferfunctioncount=1; @ 1.1 log @tiff: add patch for CVE-2017-9935 from upstream git repo @ text @d1 1 a1 1 $NetBSD$ @ 1.1.6.1 log @Pullup ticket #5881 - requested by maya graphics/tiff: security update Revisions pulled up: - graphics/tiff/Makefile 1.144 - graphics/tiff/PLIST 1.26 - graphics/tiff/distinfo 1.93 - graphics/tiff/patches/patch-CVE-2017-11613 deleted - graphics/tiff/patches/patch-CVE-2017-18013 deleted - graphics/tiff/patches/patch-CVE-2017-9935 deleted - graphics/tiff/patches/patch-CVE-2018-10963 deleted - graphics/tiff/patches/patch-CVE-2018-17100 deleted - graphics/tiff/patches/patch-CVE-2018-17101 deleted - graphics/tiff/patches/patch-CVE-2018-5784 deleted - graphics/tiff/patches/patch-CVE-2018-8905 deleted - graphics/tiff/patches/patch-libtiff_tif__jbig.c deleted - graphics/tiff/patches/patch-libtiff_tif__read.c deleted - graphics/tiff/patches/patch-tools_pal2rgb.c deleted ------------------------------------------------------------------- Module Name: pkgsrc Committed By: maya Date: Sat Nov 10 21:14:54 UTC 2018 Modified Files: pkgsrc/graphics/tiff: Makefile PLIST distinfo Removed Files: pkgsrc/graphics/tiff/patches: patch-CVE-2017-11613 patch-CVE-2017-18013 patch-CVE-2017-9935 patch-CVE-2018-10963 patch-CVE-2018-17100 patch-CVE-2018-17101 patch-CVE-2018-5784 patch-CVE-2018-8905 patch-libtiff_tif__jbig.c patch-libtiff_tif__read.c patch-tools_pal2rgb.c Log Message: tiff: update to 4.0.10 It has been a year since the previous release. This is the first release made from the Git repository at https://gitlab.com/libtiff/libtiff using a collaborative process. Since the previous release, a number of security issues have been fixed, and some significant new features have been added. This release adds support for Zstd and WebP compression algorithms. In their own way, each of these compression algorithms is highly complimentary to TIFF. Zstd provides improved compression and decompression speed vs zlib's Deflate as well as a broader range of compression ratios. Zstd is developed by Facebook and the implementation continues to be improved. WebP is optimized for small/medium 8-bit images while offering improved compression performance vs traditional JPEG. WebP works well in strips or tiles to compress large images down to very small files, while preserving a good looking image. WebP is developed by Google, and its implementation continues to be improved. Due to Adobe's TIFF tag registration interface going off-line, we have had to assign our own tags for Zstd and WebP. To generate a diff of this commit: cvs rdiff -u -r1.143 -r1.144 pkgsrc/graphics/tiff/Makefile cvs rdiff -u -r1.25 -r1.26 pkgsrc/graphics/tiff/PLIST cvs rdiff -u -r1.92 -r1.93 pkgsrc/graphics/tiff/distinfo cvs rdiff -u -r1.1 -r0 pkgsrc/graphics/tiff/patches/patch-CVE-2017-11613 \ pkgsrc/graphics/tiff/patches/patch-CVE-2017-18013 \ pkgsrc/graphics/tiff/patches/patch-CVE-2017-9935 \ pkgsrc/graphics/tiff/patches/patch-CVE-2018-10963 \ pkgsrc/graphics/tiff/patches/patch-CVE-2018-17100 \ pkgsrc/graphics/tiff/patches/patch-CVE-2018-17101 \ pkgsrc/graphics/tiff/patches/patch-CVE-2018-5784 \ pkgsrc/graphics/tiff/patches/patch-CVE-2018-8905 \ pkgsrc/graphics/tiff/patches/patch-libtiff_tif__jbig.c \ pkgsrc/graphics/tiff/patches/patch-libtiff_tif__read.c \ pkgsrc/graphics/tiff/patches/patch-tools_pal2rgb.c @ text @d1 1 a1 1 $NetBSD: patch-CVE-2017-9935,v 1.1 2018/01/16 23:52:06 tez Exp $ @