Here is an inline diff to update graphics/tiff to 4.5.1.
changelog: https://gitlab.com/libtiff/libtiff/-/releases/v4.5.1 This diff: - updates to tiff 4.5.1 - removes patches for backported fixes - updates patch line numbers - minor bumps tiff and updates library version comments to # 6.1 I minor bumped tiff and kept tiffxx. tiff should be bumped because of a new struct, TIFFRational_t, in tiffio.h. see: https://gitlab.com/libtiff/libtiff/-/commit/b90b20d36d7833f54a1f3014c324f6c21b988006#bc08ed70039d5dda0c481a3fe2ba5d16e2afed0a Also, the minor bump can also be justified because tiff.h has some new defines for DNG. see: https://gitlab.com/libtiff/libtiff/-/blame/master/libtiff/tiff.h#L590 /* DNG 1.4.0.0 */ #define TIFFTAG_DEFAULTUSERCROP 51125 /* &default user crop rectangle in relative coords */ /* DNG 1.5.0.0 */ #define TIFFTAG_DEPTHFORMAT 51177 /* &encoding of the depth data in the file */ /* DNG 1.6.0.0 */ #define TIFFTAG_PROFILEGAINTABLEMAP 52525 /* &spatially varying gain tables that can be applied as starting point */ There's multiple places to check for breaking ABI changes for tiff. 1. libtiff/libtiff.map and libtiffxx.map can be checked for exported symbols. 2. configure.ac can be checked for libtool library versioning. In this case, LIBTIFF_REVISION was cranked from 0 to 1, meaning code changed. CURRENT wasn't incremented; if it was, it would warrant a closer look. I noted the library versioning as # 6.1 in the diff from this info. LIBTIFF_CURRENT=6 LIBTIFF_REVISION=1 LIBTIFF_AGE=0 3. changelog linked above has a relevant section. API/ABI breaks: None 4. diffing headers tiffio.hxx is for the tiffxx shared library. tiff.h and tiffio.h are for the tiff shared library. 5. /usr/src/bin/check_sym I tested viewing a tiff image with gimp. `make test' passes. OK? Index: Makefile =================================================================== RCS file: /cvs/ports/graphics/tiff/Makefile,v retrieving revision 1.101 diff -u -p -u -p -r1.101 Makefile --- Makefile 22 Feb 2023 17:27:16 -0000 1.101 +++ Makefile 28 Jun 2023 07:32:27 -0000 @@ -1,9 +1,8 @@ COMMENT= tools and library routines for working with TIFF images -DISTNAME= tiff-4.5.0 -REVISION= 0 -SHARED_LIBS= tiff 42.0 # 13.0 -SHARED_LIBS+= tiffxx 42.0 # 13.0 +DISTNAME= tiff-4.5.1 +SHARED_LIBS= tiff 42.1 # 6.1 +SHARED_LIBS+= tiffxx 42.0 # 6.1 CATEGORIES= graphics MASTER_SITES= https://download.osgeo.org/libtiff/ Index: distinfo =================================================================== RCS file: /cvs/ports/graphics/tiff/distinfo,v retrieving revision 1.28 diff -u -p -u -p -r1.28 distinfo --- distinfo 19 Dec 2022 08:50:38 -0000 1.28 +++ distinfo 28 Jun 2023 07:32:27 -0000 @@ -1,2 +1,2 @@ -SHA256 (tiff-4.5.0.tar.xz) = 2vrJecXntsZQAlVpxaTnIJlbpfF7wX5idtHxJCe+Jnw= -SIZE (tiff-4.5.0.tar.xz) = 2320900 +SHA256 (tiff-4.5.1.tar.xz) = PAgIZxFMJu2rMSlkSmO3CAKKkFFLf+MSbjjhHST5+Io= +SIZE (tiff-4.5.1.tar.xz) = 2228040 Index: patches/patch-doc_Makefile_in =================================================================== RCS file: /cvs/ports/graphics/tiff/patches/patch-doc_Makefile_in,v retrieving revision 1.1 diff -u -p -u -p -r1.1 patch-doc_Makefile_in --- patches/patch-doc_Makefile_in 19 Dec 2022 08:50:38 -0000 1.1 +++ patches/patch-doc_Makefile_in 28 Jun 2023 07:32:27 -0000 @@ -1,7 +1,7 @@ Index: doc/Makefile.in --- doc/Makefile.in.orig +++ doc/Makefile.in -@@ -609,7 +609,7 @@ install-man3: $(man3_MANS) +@@ -610,7 +610,7 @@ install-man3: $(man3_MANS) if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ Index: patches/patch-libtiff_tif_close_c =================================================================== RCS file: patches/patch-libtiff_tif_close_c diff -N patches/patch-libtiff_tif_close_c --- patches/patch-libtiff_tif_close_c 22 Feb 2023 17:27:16 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,23 +0,0 @@ -TIFFClose() avoid NULL pointer dereference -https://gitlab.com/libtiff/libtiff/-/commit/d63de61b1e - -Index: libtiff/tif_close.c ---- libtiff/tif_close.c.orig -+++ libtiff/tif_close.c -@@ -130,9 +130,12 @@ void TIFFCleanup(TIFF *tif) - - void TIFFClose(TIFF *tif) - { -- TIFFCloseProc closeproc = tif->tif_closeproc; -- thandle_t fd = tif->tif_clientdata; -+ if (tif != NULL) -+ { -+ TIFFCloseProc closeproc = tif->tif_closeproc; -+ thandle_t fd = tif->tif_clientdata; - -- TIFFCleanup(tif); -- (void)(*closeproc)(fd); -+ TIFFCleanup(tif); -+ (void)(*closeproc)(fd); -+ } - } Index: patches/patch-tools_tiffcrop_c =================================================================== RCS file: patches/patch-tools_tiffcrop_c diff -N patches/patch-tools_tiffcrop_c --- patches/patch-tools_tiffcrop_c 22 Feb 2023 17:27:16 -0000 1.7 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,329 +0,0 @@ -CVE-2022-48281 -https://gitlab.com/libtiff/libtiff/-/commit/97d65859bc - -Correctly update buffersize after rotateImage() -https://gitlab.com/libtiff/libtiff/-/commit/9c22495e5e - -CVE-2023-0795 CVE-2023-0796 CVE-2023-0797 CVE-2023-0798 -and CVE-2023-0799 -https://gitlab.com/libtiff/libtiff/-/commit/69818e2f2d - -CVE-2023-0800 CVE-2023-0801 CVE-2023-0802 CVE-2023-0803 -and CVE-2023-0804 -https://gitlab.com/libtiff/libtiff/-/commit/82a7fbb1fa - -Index: tools/tiffcrop.c ---- tools/tiffcrop.c.orig -+++ tools/tiffcrop.c -@@ -296,7 +296,6 @@ struct region - uint32_t width; /* width in pixels */ - uint32_t length; /* length in pixels */ - uint32_t buffsize; /* size of buffer needed to hold the cropped region */ -- unsigned char *buffptr; /* address of start of the region */ - }; - - /* Cropping parameters from command line and image data -@@ -577,7 +576,7 @@ static int rotateContigSamples24bits(uint16_t, uint16_ - static int rotateContigSamples32bits(uint16_t, uint16_t, uint16_t, uint32_t, - uint32_t, uint32_t, uint8_t *, uint8_t *); - static int rotateImage(uint16_t, struct image_data *, uint32_t *, uint32_t *, -- unsigned char **); -+ unsigned char **, size_t *, int); - static int mirrorImage(uint16_t, uint16_t, uint16_t, uint32_t, uint32_t, - unsigned char *); - static int invertImage(uint16_t, uint16_t, uint16_t, uint32_t, uint32_t, -@@ -2920,7 +2919,10 @@ int main(int argc, char *argv[]) - } - } - -- TIFFClose(out); -+ if (out != NULL) -+ { -+ TIFFClose(out); -+ } - - return (0); - } /* end main */ -@@ -5779,7 +5781,6 @@ static void initCropMasks(struct crop_mask *cps) - cps->regionlist[i].width = 0; - cps->regionlist[i].length = 0; - cps->regionlist[i].buffsize = 0; -- cps->regionlist[i].buffptr = NULL; - cps->zonelist[i].position = 0; - cps->zonelist[i].total = 0; - } -@@ -5932,18 +5933,40 @@ static int computeInputPixelOffsets(struct crop_mask * - - crop->regionlist[i].buffsize = buffsize; - crop->bufftotal += buffsize; -+ -+ /* For composite images with more than one region, the -+ * combined_length or combined_width always needs to be equal, -+ * respectively. -+ * Otherwise, even the first section/region copy -+ * action might cause buffer overrun. */ - if (crop->img_mode == COMPOSITE_IMAGES) - { - switch (crop->edge_ref) - { - case EDGE_LEFT: - case EDGE_RIGHT: -+ if (i > 0 && zlength != crop->combined_length) -+ { -+ TIFFError( -+ "computeInputPixelOffsets", -+ "Only equal length regions can be combined for " -+ "-E left or right"); -+ return (-1); -+ } - crop->combined_length = zlength; - crop->combined_width += zwidth; - break; - case EDGE_BOTTOM: - case EDGE_TOP: /* width from left, length from top */ - default: -+ if (i > 0 && zwidth != crop->combined_width) -+ { -+ TIFFError("computeInputPixelOffsets", -+ "Only equal width regions can be " -+ "combined for -E " -+ "top or bottom"); -+ return (-1); -+ } - crop->combined_width = zwidth; - crop->combined_length += zlength; - break; -@@ -7241,9 +7264,13 @@ static int correct_orientation(struct image_data *imag - (uint16_t)(image->adjustments & ROTATE_ANY)); - return (-1); - } -- -- if (rotateImage(rotation, image, &image->width, &image->length, -- work_buff_ptr)) -+ /* Dummy variable in order not to switch two times the -+ * image->width,->length within rotateImage(), -+ * but switch xres, yres there. */ -+ uint32_t width = image->width; -+ uint32_t length = image->length; -+ if (rotateImage(rotation, image, &width, &length, work_buff_ptr, NULL, -+ TRUE)) - { - TIFFError("correct_orientation", "Unable to rotate image"); - return (-1); -@@ -7298,6 +7325,46 @@ static int extractCompositeRegions(struct image_data * - crop->combined_width = 0; - crop->combined_length = 0; - -+ /* If there is more than one region, check beforehand whether all the width -+ * and length values of the regions are the same, respectively. */ -+ switch (crop->edge_ref) -+ { -+ default: -+ case EDGE_TOP: -+ case EDGE_BOTTOM: -+ for (i = 1; i < crop->selections; i++) -+ { -+ uint32_t crop_width0 = -+ crop->regionlist[i - 1].x2 - crop->regionlist[i - 1].x1 + 1; -+ uint32_t crop_width1 = -+ crop->regionlist[i].x2 - crop->regionlist[i].x1 + 1; -+ if (crop_width0 != crop_width1) -+ { -+ TIFFError("extractCompositeRegions", -+ "Only equal width regions can be combined for -E " -+ "top or bottom"); -+ return (1); -+ } -+ } -+ break; -+ case EDGE_LEFT: -+ case EDGE_RIGHT: -+ for (i = 1; i < crop->selections; i++) -+ { -+ uint32_t crop_length0 = -+ crop->regionlist[i - 1].y2 - crop->regionlist[i - 1].y1 + 1; -+ uint32_t crop_length1 = -+ crop->regionlist[i].y2 - crop->regionlist[i].y1 + 1; -+ if (crop_length0 != crop_length1) -+ { -+ TIFFError("extractCompositeRegions", -+ "Only equal length regions can be combined for " -+ "-E left or right"); -+ return (1); -+ } -+ } -+ } -+ - for (i = 0; i < crop->selections; i++) - { - /* rows, columns, width, length are expressed in pixels */ -@@ -7312,7 +7379,6 @@ static int extractCompositeRegions(struct image_data * - /* These should not be needed for composite images */ - crop->regionlist[i].width = crop_width; - crop->regionlist[i].length = crop_length; -- crop->regionlist[i].buffptr = crop_buff; - - src_rowsize = ((img_width * bps * spp) + 7) / 8; - dst_rowsize = (((crop_width * bps * count) + 7) / 8); -@@ -7322,7 +7388,8 @@ static int extractCompositeRegions(struct image_data * - default: - case EDGE_TOP: - case EDGE_BOTTOM: -- if ((i > 0) && (crop_width != crop->regionlist[i - 1].width)) -+ if ((crop->selections > i + 1) && -+ (crop_width != crop->regionlist[i + 1].width)) - { - TIFFError("extractCompositeRegions", - "Only equal width regions can be combined for -E " -@@ -7415,7 +7482,8 @@ static int extractCompositeRegions(struct image_data * - case EDGE_LEFT: /* splice the pieces of each row together, side by - side */ - case EDGE_RIGHT: -- if ((i > 0) && (crop_length != crop->regionlist[i - 1].length)) -+ if ((crop->selections > i + 1) && -+ (crop_length != crop->regionlist[i + 1].length)) - { - TIFFError("extractCompositeRegions", - "Only equal length regions can be combined for " -@@ -7573,7 +7641,6 @@ static int extractSeparateRegion(struct image_data *im - - crop->regionlist[region].width = crop_width; - crop->regionlist[region].length = crop_length; -- crop->regionlist[region].buffptr = crop_buff; - - src = read_buff; - dst = crop_buff; -@@ -8563,8 +8630,13 @@ static int processCropSelections(struct image_data *im - if (crop->crop_mode & CROP_ROTATE) /* rotate should be last as it can - reallocate the buffer */ - { -+ /* rotateImage() set up a new buffer and calculates its size -+ * individually. Therefore, seg_buffs size needs to be updated -+ * accordingly. */ -+ size_t rot_buf_size = 0; - if (rotateImage(crop->rotation, image, &crop->combined_width, -- &crop->combined_length, &crop_buff)) -+ &crop->combined_length, &crop_buff, &rot_buf_size, -+ FALSE)) - { - TIFFError("processCropSelections", - "Failed to rotate composite regions by %" PRIu32 -@@ -8573,9 +8645,7 @@ static int processCropSelections(struct image_data *im - return (-1); - } - seg_buffs[0].buffer = crop_buff; -- seg_buffs[0].size = -- (((crop->combined_width * image->bps + 7) / 8) * image->spp) * -- crop->combined_length; -+ seg_buffs[0].size = rot_buf_size; - } - } - else /* Separated Images */ -@@ -8591,7 +8661,7 @@ static int processCropSelections(struct image_data *im - cropsize + NUM_BUFF_OVERSIZE_BYTES); - else - { -- prev_cropsize = seg_buffs[0].size; -+ prev_cropsize = seg_buffs[i].size; - if (prev_cropsize < cropsize) - { - next_buff = _TIFFrealloc( -@@ -8686,10 +8756,14 @@ static int processCropSelections(struct image_data *im - * ->yres, what it schouldn't do here, when more than one - * section is processed. ToDo: Therefore rotateImage() and its - * usage has to be reworked (e.g. like mirrorImage()) !! -- */ -+ * Furthermore, rotateImage() set up a new buffer and calculates -+ * its size individually. Therefore, seg_buffs size needs to be -+ * updated accordingly. */ -+ size_t rot_buf_size = 0; - if (rotateImage(crop->rotation, image, - &crop->regionlist[i].width, -- &crop->regionlist[i].length, &crop_buff)) -+ &crop->regionlist[i].length, &crop_buff, -+ &rot_buf_size, FALSE)) - { - TIFFError("processCropSelections", - "Failed to rotate crop region by %" PRIu16 -@@ -8702,10 +8776,7 @@ static int processCropSelections(struct image_data *im - crop->combined_width = total_width; - crop->combined_length = total_length; - seg_buffs[i].buffer = crop_buff; -- seg_buffs[i].size = -- (((crop->regionlist[i].width * image->bps + 7) / 8) * -- image->spp) * -- crop->regionlist[i].length; -+ seg_buffs[i].size = rot_buf_size; - } - } /* for crop->selections loop */ - } /* Separated Images (else case) */ -@@ -8836,7 +8907,7 @@ static int createCroppedImage(struct image_data *image - CROP_ROTATE) /* rotate should be last as it can reallocate the buffer */ - { - if (rotateImage(crop->rotation, image, &crop->combined_width, -- &crop->combined_length, crop_buff_ptr)) -+ &crop->combined_length, crop_buff_ptr, NULL, TRUE)) - { - TIFFError("createCroppedImage", - "Failed to rotate image or cropped selection by %" PRIu16 -@@ -9552,7 +9623,8 @@ static int rotateContigSamples32bits(uint16_t rotation - /* Rotate an image by a multiple of 90 degrees clockwise */ - static int rotateImage(uint16_t rotation, struct image_data *image, - uint32_t *img_width, uint32_t *img_length, -- unsigned char **ibuff_ptr) -+ unsigned char **ibuff_ptr, size_t *rot_buf_size, -+ int rot_image_params) - { - int shift_width; - uint32_t bytes_per_pixel, bytes_per_sample; -@@ -9610,6 +9682,8 @@ static int rotateImage(uint16_t rotation, struct image - return (-1); - } - _TIFFmemset(rbuff, '\0', buffsize + NUM_BUFF_OVERSIZE_BYTES); -+ if (rot_buf_size != NULL) -+ *rot_buf_size = buffsize; - - ibuff = *ibuff_ptr; - switch (rotation) -@@ -9768,11 +9842,15 @@ static int rotateImage(uint16_t rotation, struct image - - *img_width = length; - *img_length = width; -- image->width = length; -- image->length = width; -- res_temp = image->xres; -- image->xres = image->yres; -- image->yres = res_temp; -+ /* Only toggle image parameters if whole input image is rotated. */ -+ if (rot_image_params) -+ { -+ image->width = length; -+ image->length = width; -+ res_temp = image->xres; -+ image->xres = image->yres; -+ image->yres = res_temp; -+ } - break; - - case 270: -@@ -9855,11 +9933,15 @@ static int rotateImage(uint16_t rotation, struct image - - *img_width = length; - *img_length = width; -- image->width = length; -- image->length = width; -- res_temp = image->xres; -- image->xres = image->yres; -- image->yres = res_temp; -+ /* Only toggle image parameters if whole input image is rotated. */ -+ if (rot_image_params) -+ { -+ image->width = length; -+ image->length = width; -+ res_temp = image->xres; -+ image->xres = image->yres; -+ image->yres = res_temp; -+ } - break; - default: - break; Index: pkg/PLIST =================================================================== RCS file: /cvs/ports/graphics/tiff/pkg/PLIST,v retrieving revision 1.32 diff -u -p -u -p -r1.32 PLIST --- pkg/PLIST 19 Dec 2022 08:50:39 -0000 1.32 +++ pkg/PLIST 28 Jun 2023 07:32:27 -0000 @@ -200,6 +200,7 @@ share/doc/tiff/manual/_sources/images.rs share/doc/tiff/manual/_sources/index.rst.txt share/doc/tiff/manual/_sources/internals.rst.txt share/doc/tiff/manual/_sources/libtiff.rst.txt +share/doc/tiff/manual/_sources/multi_page.rst.txt share/doc/tiff/manual/_sources/project/ share/doc/tiff/manual/_sources/project/acknowledgements.rst.txt share/doc/tiff/manual/_sources/project/bugs.rst.txt @@ -265,6 +266,7 @@ share/doc/tiff/manual/_sources/releases/ share/doc/tiff/manual/_sources/releases/v4.3.0.rst.txt share/doc/tiff/manual/_sources/releases/v4.4.0.rst.txt share/doc/tiff/manual/_sources/releases/v4.5.0.rst.txt +share/doc/tiff/manual/_sources/releases/v4.5.1.rst.txt share/doc/tiff/manual/_sources/specification/ share/doc/tiff/manual/_sources/specification/bigtiff.rst.txt share/doc/tiff/manual/_sources/specification/coverage-bigtiff.rst.txt @@ -296,14 +298,11 @@ share/doc/tiff/manual/_sources/tools/tif share/doc/tiff/manual/_sources/tools/tiffset.rst.txt share/doc/tiff/manual/_sources/tools/tiffsplit.rst.txt share/doc/tiff/manual/_static/ -share/doc/tiff/manual/_static/_sphinx_javascript_frameworks_compat.js share/doc/tiff/manual/_static/basic.css share/doc/tiff/manual/_static/contents.png share/doc/tiff/manual/_static/doctools.js share/doc/tiff/manual/_static/documentation_options.js share/doc/tiff/manual/_static/file.png -share/doc/tiff/manual/_static/jquery-3.6.0.js -share/doc/tiff/manual/_static/jquery.js share/doc/tiff/manual/_static/language_data.js share/doc/tiff/manual/_static/minus.png share/doc/tiff/manual/_static/navigation.png @@ -312,8 +311,6 @@ share/doc/tiff/manual/_static/pygments.c share/doc/tiff/manual/_static/searchtools.js share/doc/tiff/manual/_static/sphinx_highlight.js share/doc/tiff/manual/_static/sphinxdoc.css -share/doc/tiff/manual/_static/underscore-1.13.1.js -share/doc/tiff/manual/_static/underscore.js share/doc/tiff/manual/addingtags.html share/doc/tiff/manual/build.html share/doc/tiff/manual/contrib.html @@ -383,6 +380,7 @@ share/doc/tiff/manual/images.html share/doc/tiff/manual/index.html share/doc/tiff/manual/internals.html share/doc/tiff/manual/libtiff.html +share/doc/tiff/manual/multi_page.html share/doc/tiff/manual/objects.inv share/doc/tiff/manual/project/ share/doc/tiff/manual/project/acknowledgements.html @@ -449,6 +447,7 @@ share/doc/tiff/manual/releases/v4.2.0.ht share/doc/tiff/manual/releases/v4.3.0.html share/doc/tiff/manual/releases/v4.4.0.html share/doc/tiff/manual/releases/v4.5.0.html +share/doc/tiff/manual/releases/v4.5.1.html share/doc/tiff/manual/search.html share/doc/tiff/manual/searchindex.js share/doc/tiff/manual/specification/
