head	1.2;
access;
symbols
	pkgsrc-2022Q1:1.1.0.2
	pkgsrc-2022Q1-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2022.05.29.12.24.16;	author gdt;	state dead;
branches;
next	1.1;
commitid	KI7OGkMHkcxrPWFD;

1.1
date	2022.03.25.09.32.49;	author nia;	state Exp;
branches;
next	;
commitid	fUb1w31yeh4VZzxD;


desc
@@


1.2
log
@graphics/tiff: Update to 4.4.0

Upstream does not provide NEWS.  Skimming over 1300 lines of
ChangeLog, this release contains mostly bufixes, speed improvemnents,
and other minor improvements.

This commit drops 5 patches for CVEs.  These patches all appear to
have been taken from the upstream repo.

One CVE remains:
  https://nvd.nist.gov/vuln/detail/CVE-2018-10126
  http://bugzilla.maptools.org/show_bug.cgi?id=2786
  https://gitlab.com/libtiff/libtiff/-/issues/128
@
text
@$NetBSD: patch-CVE-2022-0924,v 1.1 2022/03/25 09:32:49 nia Exp $

[PATCH] fix heap buffer overflow in tiffcp
https://gitlab.com/libtiff/libtiff/-/commit/408976c44ef0aad975e0d1b6c6dc80d60f9dc665.patch

--- tools/tiffcp.c.orig	2021-04-08 21:48:47.000000000 +0000
+++ tools/tiffcp.c
@@@@ -1661,12 +1661,27 @@@@ DECLAREwriteFunc(writeBufferToSeparateSt
 	tdata_t obuf;
 	tstrip_t strip = 0;
 	tsample_t s;
+	uint16_t bps = 0, bytes_per_sample;
 
 	obuf = limitMalloc(stripsize);
 	if (obuf == NULL)
 		return (0);
 	_TIFFmemset(obuf, 0, stripsize);
 	(void) TIFFGetFieldDefaulted(out, TIFFTAG_ROWSPERSTRIP, &rowsperstrip);
+	(void) TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps);
+	if( bps == 0 )
+        {
+            TIFFError(TIFFFileName(out), "Error, cannot read BitsPerSample");
+            _TIFFfree(obuf);
+            return 0;
+        }
+        if( (bps % 8) != 0 )
+        {
+            TIFFError(TIFFFileName(out), "Error, cannot handle BitsPerSample that is not a multiple of 8");
+            _TIFFfree(obuf);
+            return 0;
+        }
+	bytes_per_sample = bps/8;
 	for (s = 0; s < spp; s++) {
 		uint32_t row;
 		for (row = 0; row < imagelength; row += rowsperstrip) {
@@@@ -1676,7 +1691,7 @@@@ DECLAREwriteFunc(writeBufferToSeparateSt
 
 			cpContigBufToSeparateBuf(
 			    obuf, (uint8_t*) buf + row * rowsize + s,
-			    nrows, imagewidth, 0, 0, spp, 1);
+			    nrows, imagewidth, 0, 0, spp, bytes_per_sample);
 			if (TIFFWriteEncodedStrip(out, strip++, obuf, stripsize) < 0) {
 				TIFFError(TIFFFileName(out),
 				    "Error, can't write strip %"PRIu32,
@


1.1
log
@tiff: apply fixes for CVE-2022-0561 CVE-2022-0907 CVE-2022-0891
CVE-2022-0907 CVE-2022-0909

bump PKGREVISION again...
@
text
@d1 1
a1 1
$NetBSD$
@