Browse Source

libtiff: Updated (3.8.2 -> 3.9.4) (see note)

Note:

This update is removing all obsolete security related patches, but also
includes a rediffed version of the patch fixing the thumbnail tool.
user/karasz/next/updates
Christian Wiese 15 years ago
parent
commit
c49ce66875
  1. 28
      graphic/libtiff/CVE-2006-2193.patch
  2. 39
      graphic/libtiff/CVE-2006-2656.patch
  3. 6
      graphic/libtiff/libtiff.desc
  4. 10
      graphic/libtiff/thumbnail-fixup.patch

28
graphic/libtiff/CVE-2006-2193.patch

@ -1,28 +0,0 @@
# --- SDE-COPYRIGHT-NOTE-BEGIN ---
# This copyright note is auto-generated by ./scripts/Create-CopyPatch.
#
# Filename: package/.../libtiff/CVE-2006-2193.patch
# Copyright (C) 2006 The T2 SDE Project
#
# More information can be found in the files COPYING and README.
#
# This patch file is dual-licensed. It is available under the license the
# patched project is licensed under, as long as it is an OpenSource license
# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
# of the GNU General Public License as published by the Free Software
# Foundation; either version 2 of the License, or (at your option) any later
# version.
# --- SDE-COPYRIGHT-NOTE-END ---
diff -Nur tiff-3.7.4-orig/tools/tiff2pdf.c tiff-3.7.4/tools/tiff2pdf.c
--- tiff-3.7.4-orig/tools/tiff2pdf.c 2005-06-23 13:30:28.000000000 +0000
+++ tiff-3.7.4/tools/tiff2pdf.c 2006-07-12 14:58:20.000000000 +0000
@@ -3758,7 +3758,7 @@
written += TIFFWriteFile(output, (tdata_t) "(", 1);
for (i=0;i<len;i++){
if((pdfstr[i]&0x80) || (pdfstr[i]==127) || (pdfstr[i]<32)){
- sprintf(buffer, "\\%.3o", pdfstr[i]);
+ snprintf(buffer, "\\%.3o", pdfstr[i]);
written += TIFFWriteFile(output, (tdata_t) buffer, 4);
} else {
switch (pdfstr[i]){

39
graphic/libtiff/CVE-2006-2656.patch

@ -1,39 +0,0 @@
# --- SDE-COPYRIGHT-NOTE-BEGIN ---
# This copyright note is auto-generated by ./scripts/Create-CopyPatch.
#
# Filename: package/.../libtiff/CVE-2006-2656.patch
# Copyright (C) 2006 The T2 SDE Project
#
# More information can be found in the files COPYING and README.
#
# This patch file is dual-licensed. It is available under the license the
# patched project is licensed under, as long as it is an OpenSource license
# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
# of the GNU General Public License as published by the Free Software
# Foundation; either version 2 of the License, or (at your option) any later
# version.
# --- SDE-COPYRIGHT-NOTE-END ---
diff -Nur tiff-3.7.4-orig/tools/tiffsplit.c tiff-3.7.4/tools/tiffsplit.c
--- tiff-3.7.4-orig/tools/tiffsplit.c 2005-05-26 18:38:48.000000000 +0000
+++ tiff-3.7.4/tools/tiffsplit.c 2006-05-31 14:50:05.049544500 +0000
@@ -59,14 +59,16 @@
fprintf(stderr, "usage: tiffsplit input.tif [prefix]\n");
return (-3);
}
- if (argc > 2)
- strcpy(fname, argv[2]);
+ if (argc > 2) {
+ strncpy(fname, argv[2], 1024);
+ fname[1024] = '\0';
+ }
in = TIFFOpen(argv[1], "r");
if (in != NULL) {
do {
char path[1024+1];
newfilename();
- strcpy(path, fname);
+ strncpy(path, fname, 1020);
strcat(path, ".tif");
out = TIFFOpen(path, TIFFIsBigEndian(in)?"wb":"wl");
if (out == NULL)

6
graphic/libtiff/libtiff.desc

@ -3,7 +3,7 @@
[COPY] This copyright note is auto-generated by ./scripts/Create-CopyPatch.
[COPY]
[COPY] Filename: package/.../libtiff/libtiff.desc
[COPY] Copyright (C) 2006 - 2009 The OpenSDE Project
[COPY] Copyright (C) 2006 - 2010 The OpenSDE Project
[COPY] Copyright (C) 2004 - 2006 The T2 SDE Project
[COPY] Copyright (C) 1998 - 2003 Clifford Wolf
[COPY]
@ -32,7 +32,7 @@
[L] OpenSource
[S] Beta
[V] 3.8.2
[V] 3.9.4
[P] X -----5---9 118.300
[D] 3677833972 tiff-3.8.2.tar.gz ftp://ftp.remotesensing.org/pub/libtiff/
[D] 2617198645 tiff-3.9.4.tar.gz ftp://ftp.remotesensing.org/pub/libtiff/

10
graphic/libtiff/thumbnail-fixup.patch

@ -2,6 +2,7 @@
# This copyright note is auto-generated by ./scripts/Create-CopyPatch.
#
# Filename: package/.../libtiff/thumbnail-fixup.patch
# Copyright (C) 2010 The OpenSDE Project
# Copyright (C) 2004 - 2006 The T2 SDE Project
#
# More information can be found in the files COPYING and README.
@ -21,8 +22,9 @@ Marked clamp inline, just in case.
- Rene Rebe <rene@exactcode.de> for Archivista GmbH Zürich
--- tiff-3.7.3/tools/thumbnail.c 2005-07-05 18:38:16.000000000 +0200
+++ tiff-3.7.3-hackery/tools/thumbnail.c 2005-09-30 20:36:44.000000000 +0200
diff -ruN tiff-3.9.4-orig/tools/thumbnail.c tiff-3.9.4/tools/thumbnail.c
--- tiff-3.9.4-orig/tools/thumbnail.c 2010-06-08 20:50:44.000000000 +0200
+++ tiff-3.9.4/tools/thumbnail.c 2010-08-13 12:08:46.272260086 +0200
@@ -369,7 +369,7 @@
}
}
@ -75,7 +77,7 @@ Marked clamp inline, just in case.
acc += bits[*src++];
/* fall thru... */
case 8: acc += bits[*src++];
@@ -499,8 +507,9 @@
@@ -499,6 +501,7 @@
}
acc += bits[*src & mask1];
}
@ -83,5 +85,3 @@ Marked clamp inline, just in case.
*row++ = cmap[(255*acc)/area];
}
}
/*

Loading…
Cancel
Save