cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
156,315 Commits 1 Branch 0 Tags
Commit Graph

112 Commits

Author SHA1 Message Date
landry
8fa85d6efc graphics/tiff: update to 4.2.0 
See http://www.simplesystems.org/libtiff/v4.2.0.html

bumped minor for 4 method addition.

Fixes CVE-2020-35523 and CVE-2020-35524.

commits are here if someone dares backporting them to 4.1.0 in stable..
c8d613ef49
7be2e452dd

ok sthen@ naddy@
 2021-03-16 15:34:23 +00:00
naddy
628803c84b Update to 4.1.0. 
Also enable xz and zstd compression as proposed by landry@ eight months
ago.
Include an upstream fix for a new sanity check that broke OJPEG compression;
proposed by sthen@.

ok sthen@
 2019-11-29 16:43:01 +00:00
sthen
3318ced016 replace simple PERMIT_PACKAGE_CDROM=Yes with PERMIT_PACKAGE=Yes 2019-07-12 20:46:54 +00:00
tj
1367168f53 switch some master_sites and homepage lines to https. ok sthen 2019-07-10 15:25:02 +00:00
naddy
b3b70c47ec Update to 4.0.10. 
Disable the new support for ZSTD and WebP compression for the time being
to avoid bringing in extra dependencies.
 2018-12-05 20:35:25 +00:00
sthen
25f0e460f2 Add COMPILER lines to c++ ports which currently use the default. Adjust 
some existing COMPILER lines with arch restrictions etc. In the usual
case this is now using "COMPILER = base-clang ports-gcc base-gcc" on
ports with c++ libraries in WANTLIB.

This is basically intended to be a noop on architectures using clang
as the system compiler, but help with other architectures where we
currently have many ports knocked out due to building with an unsuitable
compiler -

- some ports require c++11/newer so the GCC version in base that is used
on these archirtectures is too old.

- some ports have conflicts where an executable is built with one compiler
(e.g. gcc from base) but a library dependency is built with a different
one (e.g. gcc from ports), resulted in mixing incompatible libraries in the
same address space.

devel/gmp is intentionally skipped as it's on the path to building gcc -
the c++ library there is unused in ports (and not built by default upstream)
so intending to disable building gmpcxx in a future commit.
 2018-10-24 14:27:57 +00:00
landry
c37eb2c6a8 Update to tiff 4.0.9. 
See http://www.simplesystems.org/libtiff/v4.0.9.html for changes -
fixing a bunch of CVEs and bugs found via fuzzing.
Went in a bulk build without fallout.
 2017-11-24 11:23:50 +00:00
sthen
5e964ab0df bump LIBCXX/LIBECXX/COMPILER_LIBCXX ports. 2017-07-26 22:45:14 +00:00
espie
c114d7057b add pthread to COMPILER_LIBCXX. 
white lie, but it allows clang and gcc to be more similar
bump accordingly.
 2017-07-23 09:26:25 +00:00
espie
8ac47fd9c6 use COMPILER_LIBCXX where applicable 2017-07-16 19:18:47 +00:00
naddy
8f6b7a6780 Security update to 4.0.8: 
Fixes CVE-2017-5225, CVE-2017-7592 to -7602
 2017-05-26 20:50:57 +00:00
sthen
bcbf44ab87 use LIBCXX 2017-04-10 11:46:18 +00:00
naddy
69ccef1601 bump REVISION to clearly distinguish this from the -stable package, 
which has a different shared library major version; ok jca@ kili@
 2016-11-30 22:40:31 +00:00
naddy
1f8cdd4e20 Update to 4.0.7. 
* Multiple security fixes, including
  CVE-2016-3622, CVE-2014-8127, CVE-2016-9273, CVE-2016-9448,
  MSVR 35094, MSVR 35095, MSVR 35105
* Remove obsolete tools bmp2tiff, gif2tiff, ras2tiff, sgi2tiff, sgisv, ycbcr
 2016-11-29 20:00:35 +00:00
jasper
a5f9cad7b7 fixes for CVE-2016-3186 and CVE-2016-5875 2016-07-01 11:23:44 +00:00
naddy
ce859edcb4 garbage collect CONFIGURE_SHARED 2016-03-11 20:28:21 +00:00
naddy
7c8440a0fc Fix a number of out-of-bound reads and writes, including CVE-2015-8665 and 
CVE-2015-8683.  From upstream CVS.
 2016-01-24 16:48:48 +00:00
naddy
60c359a7bc update to 4.0.6, no major changes 2015-11-04 20:51:36 +00:00
naddy
13d3eb3dc1 Update to 4.0.4. No major changes. 2015-07-08 19:36:54 +00:00
naddy
5e20edcff3 Security update to 4.0.4beta (plus one further upstream fix). 
Should fix CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130,
CVE-2014-9655, CVE-2015-1547.
 2015-03-29 17:39:22 +00:00
jasper
bb3536112b Security fixes for 
CVE-2013-1960 - Heap-based buffer overflow
CVE-2013-1961 - Stack-based buffer overflow

ok sthen@
 2013-05-03 11:00:39 +00:00
naddy
21a6eb6a66 Reinstate the interlibrary dependencies, fix .pc files. 
Parts/help/input from brad@
 2013-03-27 16:37:09 +00:00
ajacoutot
58f1a6f9f6 USE_LIBTOOL=Yes is the default now. 2013-03-21 08:45:11 +00:00
espie
e4fa65e765 PERMIT_* / REGRESS -> TEST sweep 2013-03-11 11:10:51 +00:00
jasper
a6f7cc5f4f Security fix for CVE-2012-4564 
libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file

ok naddy@
 2012-11-06 21:31:06 +00:00
naddy
be5efd77b8 Update to 4.0.3. 
* A number of security issues have been resolved, including CVE-2012-3401.
* Accessor functions for TIFF field information have been added to
  support functionality which was available in libtiff 3.9.X.

ok jasper@
 2012-09-24 19:51:03 +00:00
jasper
06cec91f2a Update tiff to 4.0.2, includes a fix for CVE-2012-2113, 
LibTIFF "tiff2pdf" Integer Overflow Vulnerability
 2012-06-27 14:27:02 +00:00
naddy
5cab5c465d Major update to 4.0.1, which adds BigTIFF support and includes some API 
changes.  Also include upstream fix for CVE-2012-1173.
 2012-04-14 15:09:55 +00:00
naddy
1a6a73c4b1 SECURITY fix for CVE-2012-1173 (integer overflow). 
From upstream, via Sebastien Marie.
http://bugzilla.maptools.org/show_bug.cgi?id=2369
 2012-04-09 17:35:38 +00:00
naddy
5a919588de maintenance update to 3.9.6 2012-04-09 17:21:05 +00:00
sthen
88ea72915d Change SEPARATE_BUILD=(concurrent|simple) to Yes; bsd.port.mk doesn't 
make a distinction between these.  ok aja@ dcoppa@
 2012-03-29 13:38:12 +00:00
giovanni
c4a6085cf3 Update to 3.9.5, help and ok naddy@ 2011-05-09 08:14:43 +00:00
jasper
917a1f2f5b Security fix for CVE-2011-1167, libtiff heap-based buffer overflow 2011-03-23 08:08:50 +00:00
jasper
d5d6a98846 Security fix for CVE-2011-0192: buffer overflow in Fax4Decode. 2011-03-19 18:41:05 +00:00
espie
88d20077a4 new depends 2010-11-17 08:05:12 +00:00
espie
5dc31071a8 WANTLIB conversion 2010-11-09 19:00:28 +00:00
espie
0f681543b5 USE_GROFF=Yes 2010-10-18 18:13:12 +00:00
ajacoutot
10e41a8fe3 Fix MASTER_SITES. 
from patrick keshishian
 2010-07-21 06:46:33 +00:00
naddy
12aaddf055 SECURITY: 
Update to 3.9.4, which includes fixes for CVE-2009-2347 and CVE-2010-1411.
 2010-06-30 17:10:07 +00:00
jasper
5bd6d49b4a - SECURITY FIX for CVE-2009-2347 (integer overflows in tiff tools) 
patch taken from upstream bugreport:
http://bugzilla.maptools.org/show_bug.cgi?id=2079

ok ajacoutot@
 2009-07-22 13:15:00 +00:00
jasper
72d0a18369 SECURITY FIX for for SA35515, 
LibTIFF "LZWDecodeCompat()" Buffer Underflow Vulnerability

Patch from upstream bugreport #2065 (committed to CVS).
 2009-06-23 07:49:31 +00:00
naddy
cdd487f6df fix a silly C99-ism to allow building with gcc2 2009-03-07 15:31:57 +00:00
naddy
fab96bfad1 SECURITY fixes for CVE-2006-2656 and CVE-2006-3459 through 3465. 
Man page fixes.

Mostly via FreeBSD.  Approving noises from bernd@ and jasper@
 2008-10-25 09:39:29 +00:00
jasper
2247677749 Security fix for SA31610 
http://secunia.com/advisories/31610
LibTIFF LZW Decoder Buffer Underflow Vulnerability

Patch extracted from Debian's tiff_3.8.2-7+etch1

"looks fine" ajacoutot@
 2008-08-27 18:09:36 +00:00
simon
68a2007cc1 remove surrounding quotes from COMMENT/BROKEN/PERMIT_* 2007-09-15 20:09:40 +00:00
espie
9eafbbfb35 base64 checksums. 2007-04-05 16:19:55 +00:00
espie
9881f499e5 new lib specs 2006-08-03 12:53:18 +00:00
naddy
06de83c3cc SECURITY: 
Prevent sign extension on integer promotion that leads to a buffer overflow.
Minimal fix from upstream CVS.  CVE-2006-2193.
prodded by bernd@
 2006-06-12 17:31:34 +00:00
naddy
b3d4e51b49 update to 3.8.2: bugfix release 2006-03-31 20:38:29 +00:00
espie
c7e0f26245 fix broken manpages, found out because makewhatis was complaining... 2006-03-26 10:45:18 +00:00