gnu: libtiff: Update to 4.0.9.
* gnu/packages/image.scm (libtiff): Update to 4.0.9. [source]: Remove obsolete patches. * gnu/packages/patches/libtiff-CVE-2016-10688.patch, gnu/packages/patches/libtiff-CVE-2017-9936.patch, gnu/packages/patches/libtiff-tiffgetfield-bugs.patch, gnu/packages/patches/libtiff-tiffycbcrtorgb-integer-overflow.patch, gnu/packages/patches/libtiff-tiffycbcrtorgbinit-integer-overflow.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Remove them.
This commit is contained in:
parent
ee3ebf1a35
commit
2fc4709368
|
@ -809,11 +809,6 @@ dist_patch_DATA = \
|
||||||
%D%/packages/patches/libtar-CVE-2013-4420.patch \
|
%D%/packages/patches/libtar-CVE-2013-4420.patch \
|
||||||
%D%/packages/patches/libtasn1-CVE-2017-10790.patch \
|
%D%/packages/patches/libtasn1-CVE-2017-10790.patch \
|
||||||
%D%/packages/patches/libtheora-config-guess.patch \
|
%D%/packages/patches/libtheora-config-guess.patch \
|
||||||
%D%/packages/patches/libtiff-CVE-2016-10688.patch \
|
|
||||||
%D%/packages/patches/libtiff-CVE-2017-9936.patch \
|
|
||||||
%D%/packages/patches/libtiff-tiffgetfield-bugs.patch \
|
|
||||||
%D%/packages/patches/libtiff-tiffycbcrtorgb-integer-overflow.patch \
|
|
||||||
%D%/packages/patches/libtiff-tiffycbcrtorgbinit-integer-overflow.patch \
|
|
||||||
%D%/packages/patches/libtirpc-CVE-2017-8779.patch \
|
%D%/packages/patches/libtirpc-CVE-2017-8779.patch \
|
||||||
%D%/packages/patches/libtorrent-rasterbar-boost-compat.patch \
|
%D%/packages/patches/libtorrent-rasterbar-boost-compat.patch \
|
||||||
%D%/packages/patches/libtool-skip-tests2.patch \
|
%D%/packages/patches/libtool-skip-tests2.patch \
|
||||||
|
|
|
@ -386,21 +386,15 @@ extracting icontainer icon files.")
|
||||||
(define-public libtiff
|
(define-public libtiff
|
||||||
(package
|
(package
|
||||||
(name "libtiff")
|
(name "libtiff")
|
||||||
(version "4.0.8")
|
(version "4.0.9")
|
||||||
(source
|
(source
|
||||||
(origin
|
(origin
|
||||||
(method url-fetch)
|
(method url-fetch)
|
||||||
(uri (string-append "ftp://download.osgeo.org/libtiff/tiff-"
|
(uri (string-append "ftp://download.osgeo.org/libtiff/tiff-"
|
||||||
version ".tar.gz"))
|
version ".tar.gz"))
|
||||||
(patches
|
|
||||||
(search-patches "libtiff-tiffgetfield-bugs.patch"
|
|
||||||
"libtiff-CVE-2016-10688.patch"
|
|
||||||
"libtiff-CVE-2017-9936.patch"
|
|
||||||
"libtiff-tiffycbcrtorgb-integer-overflow.patch"
|
|
||||||
"libtiff-tiffycbcrtorgbinit-integer-overflow.patch"))
|
|
||||||
(sha256
|
(sha256
|
||||||
(base32
|
(base32
|
||||||
"0419mh6kkhz5fkyl77gv0in8x4d2jpdpfs147y8mj86rrjlabmsr"))))
|
"1kfg4q01r4mqn7dj63ifhi6pmqzbf4xax6ni6kkk81ri5kndwyvf"))))
|
||||||
(build-system gnu-build-system)
|
(build-system gnu-build-system)
|
||||||
(outputs '("out"
|
(outputs '("out"
|
||||||
"doc")) ;1.3 MiB of HTML documentation
|
"doc")) ;1.3 MiB of HTML documentation
|
||||||
|
|
|
@ -1,92 +0,0 @@
|
||||||
Fix CVE-2017-10688:
|
|
||||||
|
|
||||||
http://bugzilla.maptools.org/show_bug.cgi?id=2712
|
|
||||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10688
|
|
||||||
https://security-tracker.debian.org/tracker/CVE-2017-10688
|
|
||||||
|
|
||||||
Patch lifted from upstream source repository (the changes to 'ChangeLog'
|
|
||||||
don't apply to the libtiff 4.0.8 release tarball).
|
|
||||||
|
|
||||||
3rd party Git reference:
|
|
||||||
|
|
||||||
https://github.com/vadz/libtiff/commit/6173a57d39e04d68b139f8c1aa499a24dbe74ba1
|
|
||||||
|
|
||||||
2017-06-30 Even Rouault <even.rouault at spatialys.com>
|
|
||||||
|
|
||||||
* libtiff/tif_dirwrite.c: in TIFFWriteDirectoryTagCheckedXXXX()
|
|
||||||
functions associated with LONG8/SLONG8 data type, replace assertion
|
|
||||||
that
|
|
||||||
the file is BigTIFF, by a non-fatal error.
|
|
||||||
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2712
|
|
||||||
Reported by team OWL337
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog
|
|
||||||
new revision: 1.1259; previous revision: 1.1258
|
|
||||||
/cvs/maptools/cvsroot/libtiff/libtiff/tif_dirwrite.c,v <--
|
|
||||||
libtiff/tif_dirwrite.c
|
|
||||||
new revision: 1.86; previous revision: 1.85
|
|
||||||
|
|
||||||
Index: libtiff/libtiff/tif_dirwrite.c
|
|
||||||
===================================================================
|
|
||||||
RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirwrite.c,v
|
|
||||||
retrieving revision 1.85
|
|
||||||
retrieving revision 1.86
|
|
||||||
diff -u -r1.85 -r1.86
|
|
||||||
--- libtiff/libtiff/tif_dirwrite.c 11 Jan 2017 16:09:02 -0000 1.85
|
|
||||||
+++ libtiff/libtiff/tif_dirwrite.c 30 Jun 2017 17:29:44 -0000 1.86
|
|
||||||
@@ -1,4 +1,4 @@
|
|
||||||
-/* $Id: tif_dirwrite.c,v 1.85 2017-01-11 16:09:02 erouault Exp $ */
|
|
||||||
+/* $Id: tif_dirwrite.c,v 1.86 2017-06-30 17:29:44 erouault Exp $ */
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Copyright (c) 1988-1997 Sam Leffler
|
|
||||||
@@ -2111,7 +2111,10 @@
|
|
||||||
{
|
|
||||||
uint64 m;
|
|
||||||
assert(sizeof(uint64)==8);
|
|
||||||
- assert(tif->tif_flags&TIFF_BIGTIFF);
|
|
||||||
+ if( !(tif->tif_flags&TIFF_BIGTIFF) ) {
|
|
||||||
+ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","LONG8 not allowed for ClassicTIFF");
|
|
||||||
+ return(0);
|
|
||||||
+ }
|
|
||||||
m=value;
|
|
||||||
if (tif->tif_flags&TIFF_SWAB)
|
|
||||||
TIFFSwabLong8(&m);
|
|
||||||
@@ -2124,7 +2127,10 @@
|
|
||||||
{
|
|
||||||
assert(count<0x20000000);
|
|
||||||
assert(sizeof(uint64)==8);
|
|
||||||
- assert(tif->tif_flags&TIFF_BIGTIFF);
|
|
||||||
+ if( !(tif->tif_flags&TIFF_BIGTIFF) ) {
|
|
||||||
+ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","LONG8 not allowed for ClassicTIFF");
|
|
||||||
+ return(0);
|
|
||||||
+ }
|
|
||||||
if (tif->tif_flags&TIFF_SWAB)
|
|
||||||
TIFFSwabArrayOfLong8(value,count);
|
|
||||||
return(TIFFWriteDirectoryTagData(tif,ndir,dir,tag,TIFF_LONG8,count,count*8,value));
|
|
||||||
@@ -2136,7 +2142,10 @@
|
|
||||||
{
|
|
||||||
int64 m;
|
|
||||||
assert(sizeof(int64)==8);
|
|
||||||
- assert(tif->tif_flags&TIFF_BIGTIFF);
|
|
||||||
+ if( !(tif->tif_flags&TIFF_BIGTIFF) ) {
|
|
||||||
+ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","SLONG8 not allowed for ClassicTIFF");
|
|
||||||
+ return(0);
|
|
||||||
+ }
|
|
||||||
m=value;
|
|
||||||
if (tif->tif_flags&TIFF_SWAB)
|
|
||||||
TIFFSwabLong8((uint64*)(&m));
|
|
||||||
@@ -2149,7 +2158,10 @@
|
|
||||||
{
|
|
||||||
assert(count<0x20000000);
|
|
||||||
assert(sizeof(int64)==8);
|
|
||||||
- assert(tif->tif_flags&TIFF_BIGTIFF);
|
|
||||||
+ if( !(tif->tif_flags&TIFF_BIGTIFF) ) {
|
|
||||||
+ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","SLONG8 not allowed for ClassicTIFF");
|
|
||||||
+ return(0);
|
|
||||||
+ }
|
|
||||||
if (tif->tif_flags&TIFF_SWAB)
|
|
||||||
TIFFSwabArrayOfLong8((uint64*)value,count);
|
|
||||||
return(TIFFWriteDirectoryTagData(tif,ndir,dir,tag,TIFF_SLONG8,count,count*8,value));
|
|
|
@ -1,47 +0,0 @@
|
||||||
Fix CVE-2017-9936:
|
|
||||||
|
|
||||||
http://bugzilla.maptools.org/show_bug.cgi?id=2706
|
|
||||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9936
|
|
||||||
https://security-tracker.debian.org/tracker/CVE-2017-9936
|
|
||||||
|
|
||||||
Patch lifted from upstream source repository (the changes to 'ChangeLog'
|
|
||||||
don't apply to the libtiff 4.0.8 release tarball).
|
|
||||||
|
|
||||||
3rd party Git reference:
|
|
||||||
|
|
||||||
https://github.com/vadz/libtiff/commit/fe8d7165956b88df4837034a9161dc5fd20cf67a
|
|
||||||
|
|
||||||
2017-06-26 Even Rouault <even.rouault at spatialys.com>
|
|
||||||
|
|
||||||
* libtiff/tif_jbig.c: fix memory leak in error code path of
|
|
||||||
JBIGDecode()
|
|
||||||
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2706
|
|
||||||
Reported by team OWL337
|
|
||||||
|
|
||||||
/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog
|
|
||||||
new revision: 1.1254; previous revision: 1.1253
|
|
||||||
/cvs/maptools/cvsroot/libtiff/libtiff/tif_jbig.c,v <-- libtiff/tif_jbig.c
|
|
||||||
new revision: 1.16; previous revision: 1.15
|
|
||||||
|
|
||||||
Index: libtiff/libtiff/tif_jbig.c
|
|
||||||
===================================================================
|
|
||||||
RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_jbig.c,v
|
|
||||||
retrieving revision 1.15
|
|
||||||
retrieving revision 1.16
|
|
||||||
diff -u -r1.15 -r1.16
|
|
||||||
--- libtiff/libtiff/tif_jbig.c 10 Mar 2010 18:56:48 -0000 1.15
|
|
||||||
+++ libtiff/libtiff/tif_jbig.c 26 Jun 2017 15:20:00 -0000 1.16
|
|
||||||
@@ -1,4 +1,4 @@
|
|
||||||
-/* $Id: tif_jbig.c,v 1.15 2010-03-10 18:56:48 bfriesen Exp $ */
|
|
||||||
+/* $Id: tif_jbig.c,v 1.16 2017-06-26 15:20:00 erouault Exp $ */
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Copyright (c) 1988-1997 Sam Leffler
|
|
||||||
@@ -94,6 +94,7 @@
|
|
||||||
jbg_strerror(decodeStatus)
|
|
||||||
#endif
|
|
||||||
);
|
|
||||||
+ jbg_dec_free(&decoder);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,201 +0,0 @@
|
||||||
Fix several bugs in libtiff related to use of TIFFGetField():
|
|
||||||
|
|
||||||
http://bugzilla.maptools.org/show_bug.cgi?id=2580
|
|
||||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8128
|
|
||||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7554
|
|
||||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5318
|
|
||||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10095
|
|
||||||
|
|
||||||
Patch copied from upstream CVS. 3rd-party Git reference:
|
|
||||||
https://github.com/vadz/libtiff/commit/4d4fa0b68ae9ae038959ee4f69ebe288ec892f06
|
|
||||||
|
|
||||||
2017-06-01 Even Rouault <even.rouault at spatialys.com>
|
|
||||||
|
|
||||||
* libtiff/tif_dirinfo.c, tif_dirread.c: add _TIFFCheckFieldIsValidForCodec(),
|
|
||||||
and use it in TIFFReadDirectory() so as to ignore fields whose tag is a
|
|
||||||
codec-specified tag but this codec is not enabled. This avoids TIFFGetField()
|
|
||||||
to behave differently depending on whether the codec is enabled or not, and
|
|
||||||
thus can avoid stack based buffer overflows in a number of TIFF utilities
|
|
||||||
such as tiffsplit, tiffcmp, thumbnail, etc.
|
|
||||||
Patch derived from 0063-Handle-properly-CODEC-specific-tags.patch
|
|
||||||
(http://bugzilla.maptools.org/show_bug.cgi?id=2580) by Raphaël Hertzog.
|
|
||||||
Fixes:
|
|
||||||
http://bugzilla.maptools.org/show_bug.cgi?id=2580
|
|
||||||
http://bugzilla.maptools.org/show_bug.cgi?id=2693
|
|
||||||
http://bugzilla.maptools.org/show_bug.cgi?id=2625 (CVE-2016-10095)
|
|
||||||
http://bugzilla.maptools.org/show_bug.cgi?id=2564 (CVE-2015-7554)
|
|
||||||
http://bugzilla.maptools.org/show_bug.cgi?id=2561 (CVE-2016-5318)
|
|
||||||
http://bugzilla.maptools.org/show_bug.cgi?id=2499 (CVE-2014-8128)
|
|
||||||
http://bugzilla.maptools.org/show_bug.cgi?id=2441
|
|
||||||
http://bugzilla.maptools.org/show_bug.cgi?id=2433
|
|
||||||
Index: libtiff/libtiff/tif_dirread.c
|
|
||||||
===================================================================
|
|
||||||
RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v
|
|
||||||
retrieving revision 1.208
|
|
||||||
retrieving revision 1.209
|
|
||||||
diff -u -r1.208 -r1.209
|
|
||||||
--- libtiff/libtiff/tif_dirread.c 27 Apr 2017 15:46:22 -0000 1.208
|
|
||||||
+++ libtiff/libtiff/tif_dirread.c 1 Jun 2017 12:44:04 -0000 1.209
|
|
||||||
@@ -1,4 +1,4 @@
|
|
||||||
-/* $Id: tif_dirread.c,v 1.208 2017-04-27 15:46:22 erouault Exp $ */
|
|
||||||
+/* $Id: tif_dirread.c,v 1.209 2017-06-01 12:44:04 erouault Exp $ */
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Copyright (c) 1988-1997 Sam Leffler
|
|
||||||
@@ -3580,6 +3580,10 @@
|
|
||||||
goto bad;
|
|
||||||
dp->tdir_tag=IGNORE;
|
|
||||||
break;
|
|
||||||
+ default:
|
|
||||||
+ if( !_TIFFCheckFieldIsValidForCodec(tif, dp->tdir_tag) )
|
|
||||||
+ dp->tdir_tag=IGNORE;
|
|
||||||
+ break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
Index: libtiff/libtiff/tif_dirinfo.c
|
|
||||||
===================================================================
|
|
||||||
RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirinfo.c,v
|
|
||||||
retrieving revision 1.126
|
|
||||||
retrieving revision 1.127
|
|
||||||
diff -u -r1.126 -r1.127
|
|
||||||
--- libtiff/libtiff/tif_dirinfo.c 18 Nov 2016 02:52:13 -0000 1.126
|
|
||||||
+++ libtiff/libtiff/tif_dirinfo.c 1 Jun 2017 12:44:04 -0000 1.127
|
|
||||||
@@ -1,4 +1,4 @@
|
|
||||||
-/* $Id: tif_dirinfo.c,v 1.126 2016-11-18 02:52:13 bfriesen Exp $ */
|
|
||||||
+/* $Id: tif_dirinfo.c,v 1.127 2017-06-01 12:44:04 erouault Exp $ */
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Copyright (c) 1988-1997 Sam Leffler
|
|
||||||
@@ -956,6 +956,109 @@
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
+int
|
|
||||||
+_TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag)
|
|
||||||
+{
|
|
||||||
+ /* Filter out non-codec specific tags */
|
|
||||||
+ switch (tag) {
|
|
||||||
+ /* Shared tags */
|
|
||||||
+ case TIFFTAG_PREDICTOR:
|
|
||||||
+ /* JPEG tags */
|
|
||||||
+ case TIFFTAG_JPEGTABLES:
|
|
||||||
+ /* OJPEG tags */
|
|
||||||
+ case TIFFTAG_JPEGIFOFFSET:
|
|
||||||
+ case TIFFTAG_JPEGIFBYTECOUNT:
|
|
||||||
+ case TIFFTAG_JPEGQTABLES:
|
|
||||||
+ case TIFFTAG_JPEGDCTABLES:
|
|
||||||
+ case TIFFTAG_JPEGACTABLES:
|
|
||||||
+ case TIFFTAG_JPEGPROC:
|
|
||||||
+ case TIFFTAG_JPEGRESTARTINTERVAL:
|
|
||||||
+ /* CCITT* */
|
|
||||||
+ case TIFFTAG_BADFAXLINES:
|
|
||||||
+ case TIFFTAG_CLEANFAXDATA:
|
|
||||||
+ case TIFFTAG_CONSECUTIVEBADFAXLINES:
|
|
||||||
+ case TIFFTAG_GROUP3OPTIONS:
|
|
||||||
+ case TIFFTAG_GROUP4OPTIONS:
|
|
||||||
+ break;
|
|
||||||
+ default:
|
|
||||||
+ return 1;
|
|
||||||
+ }
|
|
||||||
+ /* Check if codec specific tags are allowed for the current
|
|
||||||
+ * compression scheme (codec) */
|
|
||||||
+ switch (tif->tif_dir.td_compression) {
|
|
||||||
+ case COMPRESSION_LZW:
|
|
||||||
+ if (tag == TIFFTAG_PREDICTOR)
|
|
||||||
+ return 1;
|
|
||||||
+ break;
|
|
||||||
+ case COMPRESSION_PACKBITS:
|
|
||||||
+ /* No codec-specific tags */
|
|
||||||
+ break;
|
|
||||||
+ case COMPRESSION_THUNDERSCAN:
|
|
||||||
+ /* No codec-specific tags */
|
|
||||||
+ break;
|
|
||||||
+ case COMPRESSION_NEXT:
|
|
||||||
+ /* No codec-specific tags */
|
|
||||||
+ break;
|
|
||||||
+ case COMPRESSION_JPEG:
|
|
||||||
+ if (tag == TIFFTAG_JPEGTABLES)
|
|
||||||
+ return 1;
|
|
||||||
+ break;
|
|
||||||
+ case COMPRESSION_OJPEG:
|
|
||||||
+ switch (tag) {
|
|
||||||
+ case TIFFTAG_JPEGIFOFFSET:
|
|
||||||
+ case TIFFTAG_JPEGIFBYTECOUNT:
|
|
||||||
+ case TIFFTAG_JPEGQTABLES:
|
|
||||||
+ case TIFFTAG_JPEGDCTABLES:
|
|
||||||
+ case TIFFTAG_JPEGACTABLES:
|
|
||||||
+ case TIFFTAG_JPEGPROC:
|
|
||||||
+ case TIFFTAG_JPEGRESTARTINTERVAL:
|
|
||||||
+ return 1;
|
|
||||||
+ }
|
|
||||||
+ break;
|
|
||||||
+ case COMPRESSION_CCITTRLE:
|
|
||||||
+ case COMPRESSION_CCITTRLEW:
|
|
||||||
+ case COMPRESSION_CCITTFAX3:
|
|
||||||
+ case COMPRESSION_CCITTFAX4:
|
|
||||||
+ switch (tag) {
|
|
||||||
+ case TIFFTAG_BADFAXLINES:
|
|
||||||
+ case TIFFTAG_CLEANFAXDATA:
|
|
||||||
+ case TIFFTAG_CONSECUTIVEBADFAXLINES:
|
|
||||||
+ return 1;
|
|
||||||
+ case TIFFTAG_GROUP3OPTIONS:
|
|
||||||
+ if (tif->tif_dir.td_compression == COMPRESSION_CCITTFAX3)
|
|
||||||
+ return 1;
|
|
||||||
+ break;
|
|
||||||
+ case TIFFTAG_GROUP4OPTIONS:
|
|
||||||
+ if (tif->tif_dir.td_compression == COMPRESSION_CCITTFAX4)
|
|
||||||
+ return 1;
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ break;
|
|
||||||
+ case COMPRESSION_JBIG:
|
|
||||||
+ /* No codec-specific tags */
|
|
||||||
+ break;
|
|
||||||
+ case COMPRESSION_DEFLATE:
|
|
||||||
+ case COMPRESSION_ADOBE_DEFLATE:
|
|
||||||
+ if (tag == TIFFTAG_PREDICTOR)
|
|
||||||
+ return 1;
|
|
||||||
+ break;
|
|
||||||
+ case COMPRESSION_PIXARLOG:
|
|
||||||
+ if (tag == TIFFTAG_PREDICTOR)
|
|
||||||
+ return 1;
|
|
||||||
+ break;
|
|
||||||
+ case COMPRESSION_SGILOG:
|
|
||||||
+ case COMPRESSION_SGILOG24:
|
|
||||||
+ /* No codec-specific tags */
|
|
||||||
+ break;
|
|
||||||
+ case COMPRESSION_LZMA:
|
|
||||||
+ if (tag == TIFFTAG_PREDICTOR)
|
|
||||||
+ return 1;
|
|
||||||
+ break;
|
|
||||||
+
|
|
||||||
+ }
|
|
||||||
+ return 0;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
/* vim: set ts=8 sts=8 sw=8 noet: */
|
|
||||||
|
|
||||||
/*
|
|
||||||
Index: libtiff/libtiff/tif_dir.h
|
|
||||||
===================================================================
|
|
||||||
RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.h,v
|
|
||||||
retrieving revision 1.54
|
|
||||||
retrieving revision 1.55
|
|
||||||
diff -u -r1.54 -r1.55
|
|
||||||
--- libtiff/libtiff/tif_dir.h 18 Feb 2011 20:53:05 -0000 1.54
|
|
||||||
+++ libtiff/libtiff/tif_dir.h 1 Jun 2017 12:44:04 -0000 1.55
|
|
||||||
@@ -1,4 +1,4 @@
|
|
||||||
-/* $Id: tif_dir.h,v 1.54 2011-02-18 20:53:05 fwarmerdam Exp $ */
|
|
||||||
+/* $Id: tif_dir.h,v 1.55 2017-06-01 12:44:04 erouault Exp $ */
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Copyright (c) 1988-1997 Sam Leffler
|
|
||||||
@@ -291,6 +291,7 @@
|
|
||||||
extern int _TIFFMergeFields(TIFF*, const TIFFField[], uint32);
|
|
||||||
extern const TIFFField* _TIFFFindOrRegisterField(TIFF *, uint32, TIFFDataType);
|
|
||||||
extern TIFFField* _TIFFCreateAnonField(TIFF *, uint32, TIFFDataType);
|
|
||||||
+extern int _TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag);
|
|
||||||
|
|
||||||
#if defined(__cplusplus)
|
|
||||||
}
|
|
|
@ -1,57 +0,0 @@
|
||||||
Fix an integer overflow TIFFYCbCrtoRGB():
|
|
||||||
|
|
||||||
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1844
|
|
||||||
|
|
||||||
3rd party Git reference:
|
|
||||||
|
|
||||||
https://github.com/vadz/libtiff/commit/02669064e927074819ce1ed39aba0fccaa167717
|
|
||||||
|
|
||||||
2017-05-29 Even Rouault <even.rouault at spatialys.com>
|
|
||||||
|
|
||||||
* libtiff/tif_color.c: TIFFYCbCrToRGBInit(): stricter clamping to avoid
|
|
||||||
int32 overflow in TIFFYCbCrtoRGB().
|
|
||||||
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1844
|
|
||||||
Credit to OSS Fuzz
|
|
||||||
|
|
||||||
|
|
||||||
/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog
|
|
||||||
new revision: 1.1241; previous revision: 1.1240
|
|
||||||
/cvs/maptools/cvsroot/libtiff/libtiff/tif_color.c,v <-- libtiff/tif_color.c
|
|
||||||
new revision: 1.24; previous revision: 1.23
|
|
||||||
|
|
||||||
Index: libtiff/libtiff/tif_color.c
|
|
||||||
===================================================================
|
|
||||||
RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_color.c,v
|
|
||||||
retrieving revision 1.23
|
|
||||||
retrieving revision 1.24
|
|
||||||
diff -u -r1.23 -r1.24
|
|
||||||
--- libtiff/libtiff/tif_color.c 13 May 2017 18:17:34 -0000 1.23
|
|
||||||
+++ libtiff/libtiff/tif_color.c 29 May 2017 10:12:54 -0000 1.24
|
|
||||||
@@ -1,4 +1,4 @@
|
|
||||||
-/* $Id: tif_color.c,v 1.23 2017-05-13 18:17:34 erouault Exp $ */
|
|
||||||
+/* $Id: tif_color.c,v 1.24 2017-05-29 10:12:54 erouault Exp $ */
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Copyright (c) 1988-1997 Sam Leffler
|
|
||||||
@@ -275,10 +275,10 @@
|
|
||||||
for (i = 0, x = -128; i < 256; i++, x++) {
|
|
||||||
int32 Cr = (int32)CLAMPw(Code2V(x, refBlackWhite[4] - 128.0F,
|
|
||||||
refBlackWhite[5] - 128.0F, 127),
|
|
||||||
- -128.0F * 64, 128.0F * 64);
|
|
||||||
+ -128.0F * 32, 128.0F * 32);
|
|
||||||
int32 Cb = (int32)CLAMPw(Code2V(x, refBlackWhite[2] - 128.0F,
|
|
||||||
refBlackWhite[3] - 128.0F, 127),
|
|
||||||
- -128.0F * 64, 128.0F * 64);
|
|
||||||
+ -128.0F * 32, 128.0F * 32);
|
|
||||||
|
|
||||||
ycbcr->Cr_r_tab[i] = (int32)((D1*Cr + ONE_HALF)>>SHIFT);
|
|
||||||
ycbcr->Cb_b_tab[i] = (int32)((D3*Cb + ONE_HALF)>>SHIFT);
|
|
||||||
@@ -286,7 +286,7 @@
|
|
||||||
ycbcr->Cb_g_tab[i] = D4*Cb + ONE_HALF;
|
|
||||||
ycbcr->Y_tab[i] =
|
|
||||||
(int32)CLAMPw(Code2V(x + 128, refBlackWhite[0], refBlackWhite[1], 255),
|
|
||||||
- -128.0F * 64, 128.0F * 64);
|
|
||||||
+ -128.0F * 32, 128.0F * 32);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,43 +0,0 @@
|
||||||
Fix an integer overflow in initYCbCrConversion():
|
|
||||||
|
|
||||||
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1907
|
|
||||||
|
|
||||||
3rd party Git reference
|
|
||||||
|
|
||||||
https://github.com/vadz/libtiff/commit/468988860e0dae62ebbf991627c74bcbb4bd256f
|
|
||||||
|
|
||||||
* libtiff/tif_getimage.c: initYCbCrConversion(): stricter validation for
|
|
||||||
refBlackWhite coefficients values. To avoid invalid float->int32 conversion
|
|
||||||
(when refBlackWhite[0] == 2147483648.f)
|
|
||||||
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1907
|
|
||||||
Credit to OSS Fuzz
|
|
||||||
|
|
||||||
|
|
||||||
/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog
|
|
||||||
new revision: 1.1243; previous revision: 1.1242
|
|
||||||
/cvs/maptools/cvsroot/libtiff/libtiff/tif_getimage.c,v <-- libtiff/tif_getimage.c
|
|
||||||
new revision: 1.107; previous revision: 1.106
|
|
||||||
|
|
||||||
Index: libtiff/libtiff/tif_getimage.c
|
|
||||||
===================================================================
|
|
||||||
RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_getimage.c,v
|
|
||||||
retrieving revision 1.106
|
|
||||||
retrieving revision 1.107
|
|
||||||
diff -u -r1.106 -r1.107
|
|
||||||
--- libtiff/libtiff/tif_getimage.c 20 May 2017 11:29:02 -0000 1.106
|
|
||||||
+++ libtiff/libtiff/tif_getimage.c 29 May 2017 11:29:06 -0000 1.107
|
|
||||||
@@ -1,4 +1,4 @@
|
|
||||||
-/* $Id: tif_getimage.c,v 1.106 2017-05-20 11:29:02 erouault Exp $ */
|
|
||||||
+/* $Id: tif_getimage.c,v 1.107 2017-05-29 11:29:06 erouault Exp $ */
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Copyright (c) 1991-1997 Sam Leffler
|
|
||||||
@@ -2241,7 +2241,7 @@
|
|
||||||
|
|
||||||
static int isInRefBlackWhiteRange(float f)
|
|
||||||
{
|
|
||||||
- return f >= (float)(-0x7FFFFFFF + 128) && f <= (float)0x7FFFFFFF;
|
|
||||||
+ return f > (float)(-0x7FFFFFFF + 128) && f < (float)0x7FFFFFFF;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int
|
|
Loading…
Reference in New Issue