head 1.2; access; symbols pkgsrc-2019Q3:1.1.0.4 pkgsrc-2019Q3-base:1.1 pkgsrc-2019Q2:1.1.0.2; locks; strict; comment @# @; 1.2 date 2019.11.04.01.11.38; author gdt; state dead; branches; next 1.1; commitid uboDUgQRD1QsetJB; 1.1 date 2019.07.17.09.25.45; author nia; state Exp; branches 1.1.2.1; next ; commitid GvQSd6T8h9IawnvB; 1.1.2.1 date 2019.07.17.09.25.45; author bsiegert; state dead; branches; next 1.1.2.2; commitid MpquoBA57O3eRwvB; 1.1.2.2 date 2019.07.18.13.32.31; author bsiegert; state Exp; branches; next ; commitid MpquoBA57O3eRwvB; desc @@ 1.2 log @graphics/tiff: Update to 4.1.0 Upstream changes are basically minor improvements and bugfixes. Specifically upstream states that there are no ABI changes. Multiple security bugs are fixed due to fuzzing; patches are dropped because they were backported from upstream. @ text @$NetBSD: patch-CVE-2018-17000,v 1.1 2019/07/17 09:25:45 nia Exp $ Fixes CVE-2018-17000 Upstream commit: https://gitlab.com/libtiff/libtiff/commit/802d3cbf3043be5dce5317e140ccb1c17a6a2d39.patch --- libtiff/tif_dirwrite.c.orig 2018-06-24 20:26:30.000000000 +0000 +++ libtiff/tif_dirwrite.c @@@@ -1893,12 +1893,14 @@@@ TIFFWriteDirectoryTagTransferfunction(TI n=3; if (n==3) { - if (!_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[2],m*sizeof(uint16))) + if (tif->tif_dir.td_transferfunction[2] == NULL || + !_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[2],m*sizeof(uint16))) n=2; } if (n==2) { - if (!_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[1],m*sizeof(uint16))) + if (tif->tif_dir.td_transferfunction[1] == NULL || + !_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[1],m*sizeof(uint16))) n=1; } if (n==0) @ 1.1 log @tiff: Apply patches from upstream's git for the following CVEs: CVE-2018-12900 - buffer-overflow CVE-2018-17000 - denial-of-service CVE-2018-19210 - null-pointer-dereference CVE-2019-6128 - memory-leak Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-CVE-2018-17000 was added on branch pkgsrc-2019Q2 on 2019-07-18 13:32:31 +0000 @ text @d1 26 @ 1.1.2.2 log @Pullup ticket #6004 - requested by nia graphics/tiff: security fix Revisions pulled up: - graphics/tiff/Makefile 1.145 - graphics/tiff/distinfo 1.94 - graphics/tiff/patches/patch-CVE-2018-12900 1.1 - graphics/tiff/patches/patch-CVE-2018-17000 1.1 - graphics/tiff/patches/patch-CVE-2018-19210 1.1 - graphics/tiff/patches/patch-CVE-2019-6128 1.1 --- Module Name: pkgsrc Committed By: nia Date: Wed Jul 17 09:25:45 UTC 2019 Modified Files: pkgsrc/graphics/tiff: Makefile distinfo Added Files: pkgsrc/graphics/tiff/patches: patch-CVE-2018-12900 patch-CVE-2018-17000 patch-CVE-2018-19210 patch-CVE-2019-6128 Log Message: tiff: Apply patches from upstream's git for the following CVEs: CVE-2018-12900 - buffer-overflow CVE-2018-17000 - denial-of-service CVE-2018-19210 - null-pointer-dereference CVE-2019-6128 - memory-leak Bump PKGREVISION. @ text @a0 26 $NetBSD: patch-CVE-2018-17000,v 1.1 2019/07/17 09:25:45 nia Exp $ Fixes CVE-2018-17000 Upstream commit: https://gitlab.com/libtiff/libtiff/commit/802d3cbf3043be5dce5317e140ccb1c17a6a2d39.patch --- libtiff/tif_dirwrite.c.orig 2018-06-24 20:26:30.000000000 +0000 +++ libtiff/tif_dirwrite.c @@@@ -1893,12 +1893,14 @@@@ TIFFWriteDirectoryTagTransferfunction(TI n=3; if (n==3) { - if (!_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[2],m*sizeof(uint16))) + if (tif->tif_dir.td_transferfunction[2] == NULL || + !_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[2],m*sizeof(uint16))) n=2; } if (n==2) { - if (!_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[1],m*sizeof(uint16))) + if (tif->tif_dir.td_transferfunction[1] == NULL || + !_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[1],m*sizeof(uint16))) n=1; } if (n==0) @