diff --git a/graphics/tiff/Makefile b/graphics/tiff/Makefile index 9ba1d9dbf5e..4d762a3210c 100644 --- a/graphics/tiff/Makefile +++ b/graphics/tiff/Makefile @@ -1,10 +1,10 @@ -# $OpenBSD: Makefile,v 1.64 2012/04/14 15:09:55 naddy Exp $ +# $OpenBSD: Makefile,v 1.65 2012/06/27 14:27:02 jasper Exp $ COMMENT= tools and library routines for working with TIFF images -DISTNAME= tiff-4.0.1 -SHARED_LIBS= tiff 39.0 # 5.6 -SHARED_LIBS+= tiffxx 40.0 # 5.6 +DISTNAME= tiff-4.0.2 +SHARED_LIBS= tiff 39.1 # 5.6 +SHARED_LIBS+= tiffxx 40.1 # 5.6 CATEGORIES= graphics MASTER_SITES= http://download.osgeo.org/libtiff/ diff --git a/graphics/tiff/distinfo b/graphics/tiff/distinfo index d921673d251..08e708f42f3 100644 --- a/graphics/tiff/distinfo +++ b/graphics/tiff/distinfo @@ -1,5 +1,5 @@ -MD5 (tiff-4.0.1.tar.gz) = +uFJzJ2jXFmNi+iXgm38Yw== -RMD160 (tiff-4.0.1.tar.gz) = q/mKsnftruMCtDLbzs/mgGHdkdw= -SHA1 (tiff-4.0.1.tar.gz) = i684IjHJBRobPrKUWBKJqiFEcXE= -SHA256 (tiff-4.0.1.tar.gz) = mnoDnlFsN0eAOHQPFkKBglC/sUFM9ATMi1aeX51L8vA= -SIZE (tiff-4.0.1.tar.gz) = 1991580 +MD5 (tiff-4.0.2.tar.gz) = BKCPoeB+aW6CCgw/MkZaEw== +RMD160 (tiff-4.0.2.tar.gz) = UgxabRfRsMOVfjiJtm6tzgrM9T8= +SHA1 (tiff-4.0.2.tar.gz) = 2Et7M6bPs9Fco4bIwWsFBH+LU1I= +SHA256 (tiff-4.0.2.tar.gz) = qinx9b/j9EPD602sRy694Vrcj/BGS4M3bzXjsv75Ndo= +SIZE (tiff-4.0.2.tar.gz) = 2022814 diff --git a/graphics/tiff/patches/patch-libtiff_tif_getimage_c b/graphics/tiff/patches/patch-libtiff_tif_getimage_c index 6162a865e9e..d2078b3f519 100644 --- a/graphics/tiff/patches/patch-libtiff_tif_getimage_c +++ b/graphics/tiff/patches/patch-libtiff_tif_getimage_c @@ -1,12 +1,10 @@ -$OpenBSD: patch-libtiff_tif_getimage_c,v 1.7 2012/04/14 15:09:55 naddy Exp $ +$OpenBSD: patch-libtiff_tif_getimage_c,v 1.8 2012/06/27 14:27:02 jasper Exp $ 1. sprintf() This one is slightly problematic. If an application allocates less room for its error buffer than the recommended 1024, the error message buffer will still overflow. -2. CVE-2012-1173: integer overflow. - --- libtiff/tif_getimage.c.orig Wed Apr 11 18:42:32 2012 +++ libtiff/tif_getimage.c Wed Apr 11 18:53:00 2012 @@ -80,7 +80,7 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024]) @@ -220,58 +218,3 @@ buffer will still overflow. goto fail_return; } } -@@ -692,6 +692,7 @@ gtTileSeparate(TIFFRGBAImage* img, uint32* raster, uin - unsigned char* p2; - unsigned char* pa; - tmsize_t tilesize; -+ tmsize_t bufsize; - int32 fromskew, toskew; - int alpha = img->alpha; - uint32 nrow; -@@ -699,12 +700,18 @@ gtTileSeparate(TIFFRGBAImage* img, uint32* raster, uin - int colorchannels; - - tilesize = TIFFTileSize(tif); -- buf = (unsigned char*) _TIFFmalloc((alpha?4:3)*tilesize); -+ -+ bufsize = TIFFSafeMultiply(tmsize_t,alpha?4:3,tilesize); -+ if (bufsize == 0) { -+ TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer overflow in %s", "gtTileSeparate"); -+ return (0); -+ } -+ buf = (unsigned char*) _TIFFmalloc(bufsize); - if (buf == 0) { - TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "%s", "No space for tile buffer"); - return (0); - } -- _TIFFmemset(buf, 0, (alpha?4:3)*tilesize); -+ _TIFFmemset(buf, 0, bufsize); - p0 = buf; - p1 = p0 + tilesize; - p2 = p1 + tilesize; -@@ -917,17 +924,23 @@ gtStripSeparate(TIFFRGBAImage* img, uint32* raster, ui - uint32 rowsperstrip, offset_row; - uint32 imagewidth = img->width; - tmsize_t stripsize; -+ tmsize_t bufsize; - int32 fromskew, toskew; - int alpha = img->alpha; - int ret = 1, flip, colorchannels; - - stripsize = TIFFStripSize(tif); -- p0 = buf = (unsigned char *)_TIFFmalloc((alpha?4:3)*stripsize); -+ bufsize = TIFFSafeMultiply(tmsize_t,alpha?4:3,stripsize); -+ if (bufsize == 0) { -+ TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer overflow in %s", "gtStripSeparate"); -+ return (0); -+ } -+ p0 = buf = (unsigned char *)_TIFFmalloc(bufsize); - if (buf == 0) { - TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "No space for tile buffer"); - return (0); - } -- _TIFFmemset(buf, 0, (alpha?4:3)*stripsize); -+ _TIFFmemset(buf, 0, bufsize); - p1 = p0 + stripsize; - p2 = p1 + stripsize; - pa = (alpha?(p2+stripsize):NULL); diff --git a/graphics/tiff/patches/patch-libtiff_tiffiop_h b/graphics/tiff/patches/patch-libtiff_tiffiop_h deleted file mode 100644 index a20b9b42efa..00000000000 --- a/graphics/tiff/patches/patch-libtiff_tiffiop_h +++ /dev/null @@ -1,15 +0,0 @@ -$OpenBSD: patch-libtiff_tiffiop_h,v 1.4 2012/04/14 15:09:56 naddy Exp $ - -CVE-2012-1173: integer overflow - ---- libtiff/tiffiop.h.orig Wed Apr 11 18:56:30 2012 -+++ libtiff/tiffiop.h Wed Apr 11 18:56:58 2012 -@@ -250,7 +250,7 @@ struct tiff { - #define TIFFroundup_64(x, y) (TIFFhowmany_64(x,y)*(y)) - - /* Safe multiply which returns zero if there is an integer overflow */ --#define TIFFSafeMultiply(t,v,m) ((((t)m != (t)0) && (((t)((v*m)/m)) == (t)v)) ? (t)(v*m) : (t)0) -+#define TIFFSafeMultiply(t,v,m) ((((t)(m) != (t)0) && (((t)(((v)*(m))/(m))) == (t)(v))) ? (t)((v)*(m)) : (t)0) - - #define TIFFmax(A,B) ((A)>(B)?(A):(B)) - #define TIFFmin(A,B) ((A)<(B)?(A):(B)) diff --git a/graphics/tiff/pkg/PLIST b/graphics/tiff/pkg/PLIST index 2f25fb84271..2212f8b2f94 100644 --- a/graphics/tiff/pkg/PLIST +++ b/graphics/tiff/pkg/PLIST @@ -1,4 +1,4 @@ -@comment $OpenBSD: PLIST,v 1.18 2012/04/14 15:09:56 naddy Exp $ +@comment $OpenBSD: PLIST,v 1.19 2012/06/27 14:27:02 jasper Exp $ @bin bin/bmp2tiff @bin bin/fax2ps @bin bin/fax2tiff @@ -238,3 +238,5 @@ share/doc/tiff/v3.9.0beta.html share/doc/tiff/v3.9.1.html share/doc/tiff/v3.9.2.html share/doc/tiff/v4.0.0.html +share/doc/tiff/v4.0.1.html +share/doc/tiff/v4.0.2.html