Navigation:
Browse pkgsrc
(this page) 2018-11-22 06:50:52 by S.P.Zeidler | Files touched by this commit (14) |  |
Log message:
Pullup ticket #5881 - requested by maya
graphics/tiff: security update
Revisions pulled up:
- graphics/tiff/Makefile 1.144
- graphics/tiff/PLIST 1.26
- graphics/tiff/distinfo 1.93
- graphics/tiff/patches/patch-CVE-2017-11613 deleted
- graphics/tiff/patches/patch-CVE-2017-18013 deleted
- graphics/tiff/patches/patch-CVE-2017-9935 deleted
- graphics/tiff/patches/patch-CVE-2018-10963 deleted
- graphics/tiff/patches/patch-CVE-2018-17100 deleted
- graphics/tiff/patches/patch-CVE-2018-17101 deleted
- graphics/tiff/patches/patch-CVE-2018-5784 deleted
- graphics/tiff/patches/patch-CVE-2018-8905 deleted
- graphics/tiff/patches/patch-libtiff_tif__jbig.c deleted
- graphics/tiff/patches/patch-libtiff_tif__read.c deleted
- graphics/tiff/patches/patch-tools_pal2rgb.c deleted
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Sat Nov 10 21:14:54 UTC 2018
Modified Files:
pkgsrc/graphics/tiff: Makefile PLIST distinfo
Removed Files:
pkgsrc/graphics/tiff/patches: patch-CVE-2017-11613 patch-CVE-2017-18013
patch-CVE-2017-9935 patch-CVE-2018-10963 patch-CVE-2018-17100
patch-CVE-2018-17101 patch-CVE-2018-5784 patch-CVE-2018-8905
patch-libtiff_tif__jbig.c patch-libtiff_tif__read.c
patch-tools_pal2rgb.c
Log message:
tiff: update to 4.0.10
It has been a year since the previous release. This is the first
release made from the Git repository at
https://gitlab.com/libtiff/libtiff using a collaborative process.
Since the previous release, a number of security issues have been
fixed, and some significant new features have been added.
This release adds support for Zstd and WebP compression algorithms.
In their own way, each of these compression algorithms is highly
complimentary to TIFF.
Zstd provides improved compression and decompression speed vs zlib's
Deflate as well as a broader range of compression ratios. Zstd is
developed by Facebook and the implementation continues to be improved.
WebP is optimized for small/medium 8-bit images while offering
improved compression performance vs traditional JPEG. WebP works well
in strips or tiles to compress large images down to very small files,
while preserving a good looking image. WebP is developed by Google,
and its implementation continues to be improved.
Due to Adobe's TIFF tag registration interface going off-line, we have
had to assign our own tags for Zstd and WebP.
To generate a diff of this commit:
cvs rdiff -u -r1.143 -r1.144 pkgsrc/graphics/tiff/Makefile
cvs rdiff -u -r1.25 -r1.26 pkgsrc/graphics/tiff/PLIST
cvs rdiff -u -r1.92 -r1.93 pkgsrc/graphics/tiff/distinfo
cvs rdiff -u -r1.1 -r0 pkgsrc/graphics/tiff/patches/patch-CVE-2017-11613 \
pkgsrc/graphics/tiff/patches/patch-CVE-2017-18013 \
pkgsrc/graphics/tiff/patches/patch-CVE-2017-9935 \
pkgsrc/graphics/tiff/patches/patch-CVE-2018-10963 \
pkgsrc/graphics/tiff/patches/patch-CVE-2018-17100 \
pkgsrc/graphics/tiff/patches/patch-CVE-2018-17101 \
pkgsrc/graphics/tiff/patches/patch-CVE-2018-5784 \
pkgsrc/graphics/tiff/patches/patch-CVE-2018-8905 \
pkgsrc/graphics/tiff/patches/patch-libtiff_tif__jbig.c \
pkgsrc/graphics/tiff/patches/patch-libtiff_tif__read.c \
pkgsrc/graphics/tiff/patches/patch-tools_pal2rgb.c
|
| 2018-10-29 15:49:32 by Benny Siegert | Files touched by this commit (8) |
Log message: Pullup ticket #5867 - requested by spz graphics/tiff: security fix Revisions pulled up: - graphics/tiff/Makefile 1.143 - graphics/tiff/distinfo 1.92 - graphics/tiff/patches/patch-CVE-2017-11613 1.1 - graphics/tiff/patches/patch-CVE-2017-18013 1.1 - graphics/tiff/patches/patch-CVE-2018-10963 1.1 - graphics/tiff/patches/patch-CVE-2018-17100 1.1 - graphics/tiff/patches/patch-CVE-2018-17101 1.1 - graphics/tiff/patches/patch-CVE-2018-5784 1.1 --- Module Name: pkgsrc Committed By: spz Date: Sun Oct 28 09:45:07 UTC 2018 Modified Files: pkgsrc/graphics/tiff: Makefile distinfo Added Files: pkgsrc/graphics/tiff/patches: patch-CVE-2017-11613 patch-CVE-2017-18013 patch-CVE-2018-10963 patch-CVE-2018-17100 patch-CVE-2018-17101 patch-CVE-2018-5784 Log message: patches from upstream for CVE-2017-11613 CVE-2017-18013 CVE-2018-5784 CVE-2018-10963 CVE-2018-17100 CVE-2018-17101 |
| 2018-10-26 09:02:56 by S.P.Zeidler | Files touched by this commit (4) |
Log message:
Pullup ticket #5853 - requested by maya
graphics/tiff: security patch
Revisions pulled up:
- graphics/tiff/Makefile 1.142
- graphics/tiff/distinfo 1.91
- graphics/tiff/patches/patch-libtiff_tif__jbig.c 1.1
- graphics/tiff/patches/patch-libtiff_tif__read.c 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: maya
Date: Thu Oct 25 22:58:05 UTC 2018
Modified Files:
pkgsrc/graphics/tiff: Makefile distinfo
Added Files:
pkgsrc/graphics/tiff/patches: patch-libtiff_tif__jbig.c
patch-libtiff_tif__read.c
Log message:
tiff: apply fix for CVE-2018-18557
>From 681748ec2f5ce88da5f9fa6831e1653e46af8a66 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Sun, 14 Oct 2018 16:38:29 +0200
Subject: [PATCH 1/1] JBIG: fix potential out-of-bounds write in JBIGDecode()
JBIGDecode doesn't check if the user provided buffer is large enough
to store the JBIG decoded image, which can potentially cause out-of-bounds
write in the buffer.
This issue was reported and analyzed by Thomas Dullien.
Also fixes a (harmless) potential use of uninitialized memory when
tif->tif_rawsize > tif->tif_rawcc
And in case libtiff is compiled with CHUNKY_STRIP_READ_SUPPORT, make sure
that whole strip data is provided to JBIGDecode()
The last part (CHUNKY_STRIP_READ_SUPPORT) was adapted by myself to fit
the libtiff release.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.141 -r1.142 pkgsrc/graphics/tiff/Makefile
cvs rdiff -u -r1.90 -r1.91 pkgsrc/graphics/tiff/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/graphics/tiff/patches/patch-libtiff_tif__jbig.c \
pkgsrc/graphics/tiff/patches/patch-libtiff_tif__read.c
|
New packages: