Log Message:
Pullup ticket #5853 - requested by maya
graphics/tiff: security patch

Revisions pulled up:
- graphics/tiff/Makefile                                        1.142
- graphics/tiff/distinfo                                        1.91
- graphics/tiff/patches/patch-libtiff_tif__jbig.c               1.1
- graphics/tiff/patches/patch-libtiff_tif__read.c               1.1

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	maya
   Date:		Thu Oct 25 22:58:05 UTC 2018

   Modified Files:
   	pkgsrc/graphics/tiff: Makefile distinfo
   Added Files:
   	pkgsrc/graphics/tiff/patches: patch-libtiff_tif__jbig.c
   	    patch-libtiff_tif__read.c

   Log Message:
   tiff: apply fix for CVE-2018-18557

   >From 681748ec2f5ce88da5f9fa6831e1653e46af8a66 Mon Sep 17 00:00:00 2001
   From: Even Rouault <even.rouault@spatialys.com>
   Date: Sun, 14 Oct 2018 16:38:29 +0200
   Subject: [PATCH 1/1] JBIG: fix potential out-of-bounds write in JBIGDecode()

   JBIGDecode doesn't check if the user provided buffer is large enough
   to store the JBIG decoded image, which can potentially cause out-of-bounds
   write in the buffer.
   This issue was reported and analyzed by Thomas Dullien.

   Also fixes a (harmless) potential use of uninitialized memory when
   tif->tif_rawsize > tif->tif_rawcc

   And in case libtiff is compiled with CHUNKY_STRIP_READ_SUPPORT, make sure
   that whole strip data is provided to JBIGDecode()

   The last part (CHUNKY_STRIP_READ_SUPPORT) was adapted by myself to fit
   the libtiff release.

   Bump PKGREVISION.

   To generate a diff of this commit:
   cvs rdiff -u -r1.141 -r1.142 pkgsrc/graphics/tiff/Makefile
   cvs rdiff -u -r1.90 -r1.91 pkgsrc/graphics/tiff/distinfo
   cvs rdiff -u -r0 -r1.1 pkgsrc/graphics/tiff/patches/patch-libtiff_tif__jbig.c \
       pkgsrc/graphics/tiff/patches/patch-libtiff_tif__read.c