head	1.2;
access;
symbols
	pkgsrc-2022Q1:1.1.0.2
	pkgsrc-2022Q1-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2022.05.29.12.24.16;	author gdt;	state dead;
branches;
next	1.1;
commitid	KI7OGkMHkcxrPWFD;

1.1
date	2022.03.25.09.32.49;	author nia;	state Exp;
branches;
next	;
commitid	fUb1w31yeh4VZzxD;


desc
@@


1.2
log
@graphics/tiff: Update to 4.4.0

Upstream does not provide NEWS.  Skimming over 1300 lines of
ChangeLog, this release contains mostly bufixes, speed improvemnents,
and other minor improvements.

This commit drops 5 patches for CVEs.  These patches all appear to
have been taken from the upstream repo.

One CVE remains:
  https://nvd.nist.gov/vuln/detail/CVE-2018-10126
  http://bugzilla.maptools.org/show_bug.cgi?id=2786
  https://gitlab.com/libtiff/libtiff/-/issues/128
@
text
@$NetBSD: patch-CVE-2022-0909,v 1.1 2022/03/25 09:32:49 nia Exp $

[PATCH] fix FPE in tiffcrop
https://gitlab.com/libtiff/libtiff/-/merge_requests/310.patch

--- libtiff/tif_dir.c.orig	2021-03-05 13:01:43.000000000 +0000
+++ libtiff/tif_dir.c
@@@@ -335,13 +335,13 @@@@ _TIFFVSetField(TIFF* tif, uint32_t tag, 
 		break;
 	case TIFFTAG_XRESOLUTION:
         dblval = va_arg(ap, double);
-        if( dblval < 0 )
+        if( dblval != dblval || dblval < 0 )
             goto badvaluedouble;
 		td->td_xresolution = _TIFFClampDoubleToFloat( dblval );
 		break;
 	case TIFFTAG_YRESOLUTION:
         dblval = va_arg(ap, double);
-        if( dblval < 0 )
+        if( dblval != dblval || dblval < 0 )
             goto badvaluedouble;
 		td->td_yresolution = _TIFFClampDoubleToFloat( dblval );
 		break;
@


1.1
log
@tiff: apply fixes for CVE-2022-0561 CVE-2022-0907 CVE-2022-0891
CVE-2022-0907 CVE-2022-0909

bump PKGREVISION again...
@
text
@d1 1
a1 1
$NetBSD$
@