libtiff: Updated (3.8.2 -> 3.9.4) (see note)

Note: This update is removing all obsolete security related patches, but also includes a rediffed version of the patch fixing the thumbnail tool.
14 years ago · c49ce66875
4 changed files with 8 additions and 75 deletions
--- a/graphic/libtiff/CVE-2006-2193.patch
+++ b/graphic/libtiff/CVE-2006-2193.patch
@ -1,28 +0,0 @@
 # --- SDE-COPYRIGHT-NOTE-BEGIN ---
 # This copyright note is auto-generated by ./scripts/Create-CopyPatch.
 #
 # Filename: package/.../libtiff/CVE-2006-2193.patch
 # Copyright (C) 2006 The T2 SDE Project
 #
 # More information can be found in the files COPYING and README.
 #
 # This patch file is dual-licensed. It is available under the license the
 # patched project is licensed under, as long as it is an OpenSource license
 # as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
 # of the GNU General Public License as published by the Free Software
 # Foundation; either version 2 of the License, or (at your option) any later
 # version.
 # --- SDE-COPYRIGHT-NOTE-END ---

 diff -Nur tiff-3.7.4-orig/tools/tiff2pdf.c tiff-3.7.4/tools/tiff2pdf.c
 --- tiff-3.7.4-orig/tools/tiff2pdf.c	2005-06-23 13:30:28.000000000 +0000
 +++ tiff-3.7.4/tools/tiff2pdf.c	2006-07-12 14:58:20.000000000 +0000
@@ -3758,7 +3758,7 @@
 	written += TIFFWriteFile(output, (tdata_t) "(", 1);
 	for (i=0;i<len;i++){
 		if((pdfstr[i]&0x80) || (pdfstr[i]==127) || (pdfstr[i]<32)){
 -			sprintf(buffer, "\\%.3o", pdfstr[i]);
 +			snprintf(buffer, "\\%.3o", pdfstr[i]);
 			written += TIFFWriteFile(output, (tdata_t) buffer, 4);
 		} else {
 			switch (pdfstr[i]){
--- a/graphic/libtiff/CVE-2006-2656.patch
+++ b/graphic/libtiff/CVE-2006-2656.patch
@ -1,39 +0,0 @@
 # --- SDE-COPYRIGHT-NOTE-BEGIN ---
 # This copyright note is auto-generated by ./scripts/Create-CopyPatch.
 #
 # Filename: package/.../libtiff/CVE-2006-2656.patch
 # Copyright (C) 2006 The T2 SDE Project
 #
 # More information can be found in the files COPYING and README.
 #
 # This patch file is dual-licensed. It is available under the license the
 # patched project is licensed under, as long as it is an OpenSource license
 # as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
 # of the GNU General Public License as published by the Free Software
 # Foundation; either version 2 of the License, or (at your option) any later
 # version.
 # --- SDE-COPYRIGHT-NOTE-END ---

 diff -Nur tiff-3.7.4-orig/tools/tiffsplit.c tiff-3.7.4/tools/tiffsplit.c
 --- tiff-3.7.4-orig/tools/tiffsplit.c	2005-05-26 18:38:48.000000000 +0000
 +++ tiff-3.7.4/tools/tiffsplit.c	2006-05-31 14:50:05.049544500 +0000
@@ -59,14 +59,16 @@
 		fprintf(stderr, "usage: tiffsplit input.tif [prefix]\n");
 		return (-3);
 	}
 -	if (argc > 2)
 -		strcpy(fname, argv[2]);
 +	if (argc > 2) {
 +		strncpy(fname, argv[2], 1024);
 +                fname[1024] = '\0';
 +        }
 	in = TIFFOpen(argv[1], "r");
 	if (in != NULL) {
 		do {
 			char path[1024+1];
 			newfilename();
 -			strcpy(path, fname);
 +			strncpy(path, fname, 1020);
 			strcat(path, ".tif");
 			out = TIFFOpen(path, TIFFIsBigEndian(in)?"wb":"wl");
 			if (out == NULL)
--- a/graphic/libtiff/libtiff.desc
+++ b/graphic/libtiff/libtiff.desc
@ -3,7 +3,7 @@
 [COPY] This copyright note is auto-generated by ./scripts/Create-CopyPatch.
 [COPY]
 [COPY] Filename: package/.../libtiff/libtiff.desc
 [COPY] Copyright (C) 2006 - 2009 The OpenSDE Project
 [COPY] Copyright (C) 2006 - 2010 The OpenSDE Project
 [COPY] Copyright (C) 2004 - 2006 The T2 SDE Project
 [COPY] Copyright (C) 1998 - 2003 Clifford Wolf
 [COPY]
@ -32,7 +32,7 @@

 [L] OpenSource
 [S] Beta
 [V] 3.8.2
 [V] 3.9.4
 [P] X -----5---9 118.300

 [D] 3677833972 tiff-3.8.2.tar.gz ftp://ftp.remotesensing.org/pub/libtiff/
 [D] 2617198645 tiff-3.9.4.tar.gz ftp://ftp.remotesensing.org/pub/libtiff/
--- a/graphic/libtiff/thumbnail-fixup.patch
+++ b/graphic/libtiff/thumbnail-fixup.patch
@ -2,6 +2,7 @@
 # This copyright note is auto-generated by ./scripts/Create-CopyPatch.
 #
 # Filename: package/.../libtiff/thumbnail-fixup.patch
 # Copyright (C) 2010 The OpenSDE Project
 # Copyright (C) 2004 - 2006 The T2 SDE Project
 #
 # More information can be found in the files COPYING and README.
@ -21,8 +22,9 @@ Marked clamp inline, just in case.

  - Rene Rebe <rene@exactcode.de> for Archivista GmbH Zürich

 --- tiff-3.7.3/tools/thumbnail.c	2005-07-05 18:38:16.000000000 +0200
 +++ tiff-3.7.3-hackery/tools/thumbnail.c	2005-09-30 20:36:44.000000000 +0200
 diff -ruN tiff-3.9.4-orig/tools/thumbnail.c tiff-3.9.4/tools/thumbnail.c
 --- tiff-3.9.4-orig/tools/thumbnail.c	2010-06-08 20:50:44.000000000 +0200
 +++ tiff-3.9.4/tools/thumbnail.c	2010-08-13 12:08:46.272260086 +0200
@@ -369,7 +369,7 @@
     }
 }
@ -75,7 +77,7 @@ Marked clamp inline, just in case.
 		    acc += bits[*src++];
 		/* fall thru... */
 	    case 8: acc += bits[*src++];
@@ -499,8 +507,9 @@
@@ -499,6 +501,7 @@
 	    }
 	    acc += bits[*src & mask1];
 	}
@ -83,5 +85,3 @@ Marked clamp inline, just in case.
 	*row++ = cmap[(255*acc)/area];
     }
 }
 
 /*