Index: branches/2018Q1/graphics/tiff/Makefile =================================================================== --- branches/2018Q1/graphics/tiff/Makefile (revision 460431) +++ branches/2018Q1/graphics/tiff/Makefile (revision 460432) @@ -1,120 +1,121 @@ # Created by: Richard Hwang , Mikhail Teterin , Jun-ichiro itojun Itoh # $FreeBSD$ PORTNAME= tiff PORTVERSION= 4.0.9 +PORTREVISION= 1 CATEGORIES= graphics MASTER_SITES= http://download.osgeo.org/libtiff/ MAINTAINER= portmgr@FreeBSD.org COMMENT= Tools and library routines for working with TIFF images LICENSE= BSD3CLAUSE LICENSE_FILE= ${WRKSRC}/COPYRIGHT LIB_DEPENDS= libjbig.so:graphics/jbigkit USES= cpe jpeg libtool pathfix CPE_PRODUCT= libtiff CPE_VERSION= ${DISTVERSION:C/[a-z]+//} CPE_UPDATE= ${DISTVERSION:C/[0-9.]+//} USE_LDCONFIG= yes GNU_CONFIGURE= yes CONFIGURE_ARGS+= --with-jpeg-include-dir=${LOCALBASE}/include \ --with-jpeg-lib-dir=${LOCALBASE}/lib \ --without-x INSTALL_TARGET= install-strip TEST_TARGET= check MLNKS= TIFFError.3tiff TIFFSetErrorHandler.3tiff \ TIFFFlush.3tiff TIFFFlushData.3tiff \ TIFFGetField.3tiff TIFFGetFieldDefaulted.3tiff \ TIFFGetField.3tiff TIFFVGetField.3tiff \ TIFFGetField.3tiff TIFFVGetFieldDefaulted.3tiff \ TIFFOpen.3tiff TIFFFdOpen.3tiff \ TIFFOpen.3tiff TIFFClientOpen.3tiff \ TIFFRGBAImage.3tiff TIFFRGBAImageOK.3tiff \ TIFFRGBAImage.3tiff TIFFRGBAImageBegin.3tiff \ TIFFRGBAImage.3tiff TIFFRGBAImageGet.3tiff \ TIFFRGBAImage.3tiff TIFFRGBAImageEnd.3tiff \ TIFFRGBAImage.3tiff TIFFReadRGBAImageOriented.3tiff \ TIFFSetDirectory.3tiff TIFFSetSubDirectory.3tiff \ TIFFSetField.3tiff TIFFVSetField.3tiff \ TIFFWarning.3tiff TIFFSetWarningHandler.3tiff \ TIFFWriteDirectory.3tiff TIFFRewriteDirectory.3tiff \ TIFFbuffer.3tiff TIFFReadBufferSetup.3tiff \ TIFFbuffer.3tiff TIFFWriteBufferSetup.3tiff \ TIFFcodec.3tiff TIFFFindCODEC.3tiff \ TIFFcodec.3tiff TIFFRegisterCODEC.3tiff \ TIFFcodec.3tiff TIFFUnRegisterCODEC.3tiff \ TIFFmemory.3tiff TIFFfree.3tiff \ TIFFmemory.3tiff TIFFmalloc.3tiff \ TIFFmemory.3tiff TIFFmemcmp.3tiff \ TIFFmemory.3tiff TIFFmemcpy.3tiff \ TIFFmemory.3tiff TIFFmemset.3tiff \ TIFFmemory.3tiff TIFFrealloc.3tiff \ TIFFquery.3tiff TIFFCurrentDirectory.3tiff \ TIFFquery.3tiff TIFFCurrentRow.3tiff \ TIFFquery.3tiff TIFFCurrentStrip.3tiff \ TIFFquery.3tiff TIFFCurrentTile.3tiff \ TIFFquery.3tiff TIFFFileName.3tiff \ TIFFquery.3tiff TIFFFileno.3tiff \ TIFFquery.3tiff TIFFGetMode.3tiff \ TIFFquery.3tiff TIFFIsTiled.3tiff \ TIFFquery.3tiff TIFFIsByteSwapped.3tiff \ TIFFquery.3tiff TIFFIsUpSampled.3tiff \ TIFFquery.3tiff TIFFIsMSB2LSB.3tiff \ TIFFquery.3tiff TIFFLastDirectory.3tiff \ TIFFsize.3tiff TIFFScanlineSize.3tiff \ TIFFstrip.3tiff TIFFComputeStrip.3tiff \ TIFFstrip.3tiff TIFFDefaultStripSize.3tiff \ TIFFstrip.3tiff TIFFNumberOfStrips.3tiff \ TIFFstrip.3tiff TIFFStripSize.3tiff \ TIFFstrip.3tiff TIFFVStripSize.3tiff \ TIFFswab.3tiff TIFFReverseBits.3tiff \ TIFFswab.3tiff TIFFSwabArrayOfLong.3tiff \ TIFFswab.3tiff TIFFSwabArrayOfShort.3tiff \ TIFFswab.3tiff TIFFSwabLong.3tiff \ TIFFswab.3tiff TIFFSwabShort.3tiff \ TIFFtile.3tiff TIFFCheckTile.3tiff \ TIFFtile.3tiff TIFFComputeTile.3tiff \ TIFFtile.3tiff TIFFDefaultTileSize.3tiff \ TIFFtile.3tiff TIFFNumberOfTiles.3tiff \ TIFFtile.3tiff TIFFTileSize.3tiff \ TIFFtile.3tiff TIFFTileRowSize.3tiff \ TIFFtile.3tiff TIFFVTileSize.3tiff OPTIONS_DEFINE= DOCS .include .if !defined(BUILDING_INDEX) __pmlinks3!= ${ECHO_CMD} '${MLNKS:S/ / /}' | ${AWK} \ '{ if (NF % 2 != 0) { print "broken"; exit; } \ for (i=1; i<=NF; i++) { \ if ( i % 2 == 0) { print " " $$i " ;"; } \ else { print "${LN} -s " $$i " "; } \ } }' .endif post-patch: @${REINPLACE_CMD} "/\.po 0/d" ${WRKSRC}/man/* pre-configure: ${REINPLACE_CMD} \ -e 's|tiffgt.1 ||' \ ${WRKSRC}/man/Makefile.in ${REINPLACE_CMD} -e 's|^docfiles|no-docfiles|' \ -e 's|man html|man|' ${WRKSRC}/Makefile.in post-install: ( cd ${STAGEDIR}${PREFIX}/man/man3 && ${__pmlinks3} ) .if ${PORT_OPTIONS:MDOCS} ${MKDIR} ${STAGEDIR}${DOCSDIR}/images ${STAGEDIR}${DOCSDIR}/man ${INSTALL_DATA} ${WRKSRC}/html/*.html ${STAGEDIR}${DOCSDIR}/ ${INSTALL_DATA} ${WRKSRC}/html/images/*.jpg ${STAGEDIR}${DOCSDIR}/images/ ${INSTALL_DATA} ${WRKSRC}/html/images/*.gif ${STAGEDIR}${DOCSDIR}/images/ ${INSTALL_DATA} ${WRKSRC}/html/man/*.html ${STAGEDIR}${DOCSDIR}/man/ .endif .include Index: branches/2018Q1/graphics/tiff/files/patch-CVE-2017-18013 =================================================================== --- branches/2018Q1/graphics/tiff/files/patch-CVE-2017-18013 (nonexistent) +++ branches/2018Q1/graphics/tiff/files/patch-CVE-2017-18013 (revision 460432) @@ -0,0 +1,34 @@ +From c6f41df7b581402dfba3c19a1e3df4454c551a01 Mon Sep 17 00:00:00 2001 +From: Even Rouault +Date: Sun, 31 Dec 2017 15:09:41 +0100 +Subject: [PATCH] libtiff/tif_print.c: TIFFPrintDirectory(): fix null pointer dereference on corrupted file. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2770 + +--- + libtiff/tif_print.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/libtiff/tif_print.c b/libtiff/tif_print.c +index 9959d35..8deceb2 100644 +--- libtiff/tif_print.c ++++ libtiff/tif_print.c +@@ -667,13 +667,13 @@ TIFFPrintDirectory(TIFF* tif, FILE* fd, long flags) + #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) + fprintf(fd, " %3lu: [%8I64u, %8I64u]\n", + (unsigned long) s, +- (unsigned __int64) td->td_stripoffset[s], +- (unsigned __int64) td->td_stripbytecount[s]); ++ td->td_stripoffset ? (unsigned __int64) td->td_stripoffset[s] : 0, ++ td->td_stripbytecount ? (unsigned __int64) td->td_stripbytecount[s] : 0); + #else + fprintf(fd, " %3lu: [%8llu, %8llu]\n", + (unsigned long) s, +- (unsigned long long) td->td_stripoffset[s], +- (unsigned long long) td->td_stripbytecount[s]); ++ td->td_stripoffset ? (unsigned long long) td->td_stripoffset[s] : 0, ++ td->td_stripbytecount ? (unsigned long long) td->td_stripbytecount[s] : 0); + #endif + } + } +-- +libgit2 0.26.0 + Property changes on: branches/2018Q1/graphics/tiff/files/patch-CVE-2017-18013 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2018Q1/graphics/tiff/files/patch-CVE-2017-9935 =================================================================== --- branches/2018Q1/graphics/tiff/files/patch-CVE-2017-9935 (nonexistent) +++ branches/2018Q1/graphics/tiff/files/patch-CVE-2017-9935 (revision 460432) @@ -0,0 +1,117 @@ +diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c +index 2ccaf44..cbf2b69 100644 +--- libtiff/tif_dir.c ++++ libtiff/tif_dir.c +@@ -1067,6 +1067,9 @@ _TIFFVGetField(TIFF* tif, uint32 tag, va_list ap) + if (td->td_samplesperpixel - td->td_extrasamples > 1) { + *va_arg(ap, uint16**) = td->td_transferfunction[1]; + *va_arg(ap, uint16**) = td->td_transferfunction[2]; ++ } else { ++ *va_arg(ap, uint16**) = NULL; ++ *va_arg(ap, uint16**) = NULL; + } + break; + case TIFFTAG_REFERENCEBLACKWHITE: +diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c +index d1a9b09..484776c 100644 +--- tools/tiff2pdf.c ++++ tools/tiff2pdf.c +@@ -237,7 +237,7 @@ typedef struct { + float tiff_whitechromaticities[2]; + float tiff_primarychromaticities[6]; + float tiff_referenceblackwhite[2]; +- float* tiff_transferfunction[3]; ++ uint16* tiff_transferfunction[3]; + int pdf_image_interpolate; /* 0 (default) : do not interpolate, + 1 : interpolate */ + uint16 tiff_transferfunctioncount; +@@ -1047,6 +1047,8 @@ void t2p_read_tiff_init(T2P* t2p, TIFF* input){ + uint16 pagen=0; + uint16 paged=0; + uint16 xuint16=0; ++ uint16 tiff_transferfunctioncount=0; ++ uint16* tiff_transferfunction[3]; + + directorycount=TIFFNumberOfDirectories(input); + t2p->tiff_pages = (T2P_PAGE*) _TIFFmalloc(TIFFSafeMultiply(tmsize_t,directorycount,sizeof(T2P_PAGE))); +@@ -1147,26 +1149,48 @@ void t2p_read_tiff_init(T2P* t2p, TIFF* input){ + } + #endif + if (TIFFGetField(input, TIFFTAG_TRANSFERFUNCTION, +- &(t2p->tiff_transferfunction[0]), +- &(t2p->tiff_transferfunction[1]), +- &(t2p->tiff_transferfunction[2]))) { +- if((t2p->tiff_transferfunction[1] != (float*) NULL) && +- (t2p->tiff_transferfunction[2] != (float*) NULL) && +- (t2p->tiff_transferfunction[1] != +- t2p->tiff_transferfunction[0])) { +- t2p->tiff_transferfunctioncount = 3; +- t2p->tiff_pages[i].page_extra += 4; +- t2p->pdf_xrefcount += 4; +- } else { +- t2p->tiff_transferfunctioncount = 1; +- t2p->tiff_pages[i].page_extra += 2; +- t2p->pdf_xrefcount += 2; +- } +- if(t2p->pdf_minorversion < 2) +- t2p->pdf_minorversion = 2; ++ &(tiff_transferfunction[0]), ++ &(tiff_transferfunction[1]), ++ &(tiff_transferfunction[2]))) { ++ ++ if((tiff_transferfunction[1] != (uint16*) NULL) && ++ (tiff_transferfunction[2] != (uint16*) NULL) ++ ) { ++ tiff_transferfunctioncount=3; ++ } else { ++ tiff_transferfunctioncount=1; ++ } + } else { +- t2p->tiff_transferfunctioncount=0; ++ tiff_transferfunctioncount=0; + } ++ ++ if (i > 0){ ++ if (tiff_transferfunctioncount != t2p->tiff_transferfunctioncount){ ++ TIFFError( ++ TIFF2PDF_MODULE, ++ "Different transfer function on page %d", ++ i); ++ t2p->t2p_error = T2P_ERR_ERROR; ++ return; ++ } ++ } ++ ++ t2p->tiff_transferfunctioncount = tiff_transferfunctioncount; ++ t2p->tiff_transferfunction[0] = tiff_transferfunction[0]; ++ t2p->tiff_transferfunction[1] = tiff_transferfunction[1]; ++ t2p->tiff_transferfunction[2] = tiff_transferfunction[2]; ++ if(tiff_transferfunctioncount == 3){ ++ t2p->tiff_pages[i].page_extra += 4; ++ t2p->pdf_xrefcount += 4; ++ if(t2p->pdf_minorversion < 2) ++ t2p->pdf_minorversion = 2; ++ } else if (tiff_transferfunctioncount == 1){ ++ t2p->tiff_pages[i].page_extra += 2; ++ t2p->pdf_xrefcount += 2; ++ if(t2p->pdf_minorversion < 2) ++ t2p->pdf_minorversion = 2; ++ } ++ + if( TIFFGetField( + input, + TIFFTAG_ICCPROFILE, +@@ -1827,10 +1851,9 @@ void t2p_read_tiff_data(T2P* t2p, TIFF* input){ + &(t2p->tiff_transferfunction[0]), + &(t2p->tiff_transferfunction[1]), + &(t2p->tiff_transferfunction[2]))) { +- if((t2p->tiff_transferfunction[1] != (float*) NULL) && +- (t2p->tiff_transferfunction[2] != (float*) NULL) && +- (t2p->tiff_transferfunction[1] != +- t2p->tiff_transferfunction[0])) { ++ if((t2p->tiff_transferfunction[1] != (uint16*) NULL) && ++ (t2p->tiff_transferfunction[2] != (uint16*) NULL) ++ ) { + t2p->tiff_transferfunctioncount=3; + } else { + t2p->tiff_transferfunctioncount=1; Property changes on: branches/2018Q1/graphics/tiff/files/patch-CVE-2017-9935 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2018Q1 =================================================================== --- branches/2018Q1 (revision 460431) +++ branches/2018Q1 (revision 460432) Property changes on: branches/2018Q1 ___________________________________________________________________ Modified: svn:mergeinfo ## -0,0 +0,1 ## Merged /head:r460339