Log message:
Add patch, missed in previous.

Log message:
Rename VERSION to VERSION.txt so that it does not collide with the C++
version header on case-insensitive filesystems (via MacPorts). No change
intended to installed package.

Log message:
graphics/tiff: Update to 4.3.0

Upstream changes:

  tiff requires C99 and uses C99 types.  The previous tiff types are
  deprecated.

  new codec for LERC

  bugfixes

  pruning of things no longer in use

https://libtiff.gitlab.io/libtiff/v4.3.0.html

Log message:
tiff: update to 4.2.0.

MAJOR CHANGES:

    Optional support for using libdeflate is added.
    Many of the tools now support a memory usage limit.

CHANGES IN LIBTIFF:

    A great many issues discovered by fuzzers (via oss-fuzz and other reports) \ 
have been addressed.
    EXIF 2.32 and GPS tags and functionality have been upgraded:
        Existing EXIF field definition of tags are upgraded to EXIF version 2.3.2
        EXIF-GPS structure, tags and access functions are added as special \ 
CustomDirectory (like it was done for EXIF).
        Reading error for FileSource and SceneType tags corrected.
    Make TIFFTAG_CFAPATTERN variable count.
    Cmake configuration fixes for big-endian targets.

    Added support for optional building against libdeflate for faster \ 
Zip/Deflate compression/decompression.

    We now have 2 kinds of builds with the Zip/Deflate codec:
        zlib only
        zlib + libdeflate

    Speed improvements in the 35%-50% range can be expected when libdeflate is \ 
used. Compression level up to 12 is now supported (capped to 9 when zlib is \ 
used). Still requires zlib for situations where libdeflate cannot be used (that \ 
is for scanline access, since libdeflate has no streaming mode)

    Pseudo-tag \ 
TIFFTAG_DEFLATE_SUBCODEC=DEFLATE_SUBCODEC_ZLIB/DEFLATE_SUBCODEC_LIBDEFLATE is \ 
added to control which subcodec (zlib or libdeflate) should be used (it defaults \ 
of course to libdeflate, when it is available). This is mostly aimed at being \ 
used on the writing side, to be able to reproduce output of previous libtiff \ 
versions at a binary level, in situations where this would be really needed. Or \ 
as a safety belt in case there would be unforeseen issues with using libdeflate. \ 
It can be used to know when libdeflate is available at runtime \ 
(DEFLATE_SUBCODEC_LIBDEFLATE will be the default value in that situation).

    Of course, deflate codestreams produced by libdeflate can be read by zlib, \ 
and vice-versa.

CHANGES IN THE TOOLS:

    A great many issues discovered by fuzzers (via oss-fuzz and other reports) \ 
have been addressed.
    ppm2tiff: support any bps value from 1 to 16.
    tiff2ps, tiff2rgba: A default memory limit is now enforced (256MiB) and a \ 
'-M' option is added to allow the user to adjust the limit.
    tiff2pdf, tiffcp: A default memory limit is now enforced (256MiB) and a '-m' \ 
option is added to allow the user to adjust the limit.
    tiffcrop: A default memory limit is now enforced (256MiB) and a '-k' option \ 
is added to allow the user to adjust the limit.
    tiff2pdf: fix "raw" copy of Deflate streams.
    tiff2pdf.c: properly calculate datasize when saving to JPEG YCbCr
    tiffcp: disable strip chopping when trying to convert to JBIG compression

Log message:
tiff: explicitly pass --disable-webp. Bump rev.

We don't want it to randomly pick up system libwebp on Linux.
If there is a use case for webp compression here it should use the
pkgsrc library.

Reported-by: "Dr. Thomas Orgis" <thomas.orgis@uni-hamburg.de>

Log message:
graphics/tiff: Update to 4.1.0

Upstream changes are basically minor improvements and bugfixes.

Specifically upstream states that there are no ABI changes.

Multiple security bugs are fixed due to fuzzing; patches are dropped
because they were backported from upstream.

Log message:
tiff: Apply patches from upstream's git for the following CVEs:

CVE-2018-12900 - buffer-overflow
CVE-2018-17000 - denial-of-service
CVE-2018-19210 - null-pointer-dereference
CVE-2019-6128 - memory-leak

Bump PKGREVISION.

Log message:
tiff: update to 4.0.10

It has been a year since the previous release.  This is the first
release made from the Git repository at
https://gitlab.com/libtiff/libtiff using a collaborative process.

Since the previous release, a number of security issues have been
fixed, and some significant new features have been added.

This release adds support for Zstd and WebP compression algorithms.
In their own way, each of these compression algorithms is highly
complimentary to TIFF.

Zstd provides improved compression and decompression speed vs zlib's
Deflate as well as a broader range of compression ratios.  Zstd is
developed by Facebook and the implementation continues to be improved.

WebP is optimized for small/medium 8-bit images while offering
improved compression performance vs traditional JPEG.  WebP works well
in strips or tiles to compress large images down to very small files,
while preserving a good looking image.  WebP is developed by Google,
and its implementation continues to be improved.

Due to Adobe's TIFF tag registration interface going off-line, we have
had to assign our own tags for Zstd and WebP.

Log message:
patches from upstream for
CVE-2017-11613 CVE-2017-18013 CVE-2018-5784 CVE-2018-10963
CVE-2018-17100 CVE-2018-17101

Log message:
tiff: apply fix for CVE-2018-18557

From 681748ec2f5ce88da5f9fa6831e1653e46af8a66 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Sun, 14 Oct 2018 16:38:29 +0200
Subject: [PATCH 1/1] JBIG: fix potential out-of-bounds write in JBIGDecode()

JBIGDecode doesn't check if the user provided buffer is large enough
to store the JBIG decoded image, which can potentially cause out-of-bounds
write in the buffer.
This issue was reported and analyzed by Thomas Dullien.

Also fixes a (harmless) potential use of uninitialized memory when
tif->tif_rawsize > tif->tif_rawcc

And in case libtiff is compiled with CHUNKY_STRIP_READ_SUPPORT, make sure
that whole strip data is provided to JBIGDecode()

The last part (CHUNKY_STRIP_READ_SUPPORT) was adapted by myself to fit
the libtiff release.

Bump PKGREVISION.