summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--gnu/local.mk5
-rw-r--r--gnu/packages/image.scm10
-rw-r--r--gnu/packages/patches/libtiff-CVE-2016-10688.patch92
-rw-r--r--gnu/packages/patches/libtiff-CVE-2017-9936.patch47
-rw-r--r--gnu/packages/patches/libtiff-tiffgetfield-bugs.patch201
-rw-r--r--gnu/packages/patches/libtiff-tiffycbcrtorgb-integer-overflow.patch57
-rw-r--r--gnu/packages/patches/libtiff-tiffycbcrtorgbinit-integer-overflow.patch43
7 files changed, 2 insertions, 453 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 15f673c046..5a701075ff 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -809,11 +809,6 @@ dist_patch_DATA = \
%D%/packages/patches/libtar-CVE-2013-4420.patch \
%D%/packages/patches/libtasn1-CVE-2017-10790.patch \
%D%/packages/patches/libtheora-config-guess.patch \
- %D%/packages/patches/libtiff-CVE-2016-10688.patch \
- %D%/packages/patches/libtiff-CVE-2017-9936.patch \
- %D%/packages/patches/libtiff-tiffgetfield-bugs.patch \
- %D%/packages/patches/libtiff-tiffycbcrtorgb-integer-overflow.patch \
- %D%/packages/patches/libtiff-tiffycbcrtorgbinit-integer-overflow.patch \
%D%/packages/patches/libtirpc-CVE-2017-8779.patch \
%D%/packages/patches/libtorrent-rasterbar-boost-compat.patch \
%D%/packages/patches/libtool-skip-tests2.patch \
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index bc1ad88c65..5b73be9f8d 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -386,21 +386,15 @@ extracting icontainer icon files.")
(define-public libtiff
(package
(name "libtiff")
- (version "4.0.8")
+ (version "4.0.9")
(source
(origin
(method url-fetch)
(uri (string-append "ftp://download.osgeo.org/libtiff/tiff-"
version ".tar.gz"))
- (patches
- (search-patches "libtiff-tiffgetfield-bugs.patch"
- "libtiff-CVE-2016-10688.patch"
- "libtiff-CVE-2017-9936.patch"
- "libtiff-tiffycbcrtorgb-integer-overflow.patch"
- "libtiff-tiffycbcrtorgbinit-integer-overflow.patch"))
(sha256
(base32
- "0419mh6kkhz5fkyl77gv0in8x4d2jpdpfs147y8mj86rrjlabmsr"))))
+ "1kfg4q01r4mqn7dj63ifhi6pmqzbf4xax6ni6kkk81ri5kndwyvf"))))
(build-system gnu-build-system)
(outputs '("out"
"doc")) ;1.3 MiB of HTML documentation
diff --git a/gnu/packages/patches/libtiff-CVE-2016-10688.patch b/gnu/packages/patches/libtiff-CVE-2016-10688.patch
deleted file mode 100644
index 1630274c61..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2016-10688.patch
+++ /dev/null
@@ -1,92 +0,0 @@
-Fix CVE-2017-10688:
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2712
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10688
-https://security-tracker.debian.org/tracker/CVE-2017-10688
-
-Patch lifted from upstream source repository (the changes to 'ChangeLog'
-don't apply to the libtiff 4.0.8 release tarball).
-
-3rd party Git reference:
-
-https://github.com/vadz/libtiff/commit/6173a57d39e04d68b139f8c1aa499a24dbe74ba1
-
-2017-06-30 Even Rouault <even.rouault at spatialys.com>
-
- * libtiff/tif_dirwrite.c: in TIFFWriteDirectoryTagCheckedXXXX()
- functions associated with LONG8/SLONG8 data type, replace assertion
-that
- the file is BigTIFF, by a non-fatal error.
- Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2712
- Reported by team OWL337
-
-
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog
-new revision: 1.1259; previous revision: 1.1258
-/cvs/maptools/cvsroot/libtiff/libtiff/tif_dirwrite.c,v <--
-libtiff/tif_dirwrite.c
-new revision: 1.86; previous revision: 1.85
-
-Index: libtiff/libtiff/tif_dirwrite.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirwrite.c,v
-retrieving revision 1.85
-retrieving revision 1.86
-diff -u -r1.85 -r1.86
---- libtiff/libtiff/tif_dirwrite.c 11 Jan 2017 16:09:02 -0000 1.85
-+++ libtiff/libtiff/tif_dirwrite.c 30 Jun 2017 17:29:44 -0000 1.86
-@@ -1,4 +1,4 @@
--/* $Id: tif_dirwrite.c,v 1.85 2017-01-11 16:09:02 erouault Exp $ */
-+/* $Id: tif_dirwrite.c,v 1.86 2017-06-30 17:29:44 erouault Exp $ */
-
- /*
- * Copyright (c) 1988-1997 Sam Leffler
-@@ -2111,7 +2111,10 @@
- {
- uint64 m;
- assert(sizeof(uint64)==8);
-- assert(tif->tif_flags&TIFF_BIGTIFF);
-+ if( !(tif->tif_flags&TIFF_BIGTIFF) ) {
-+ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","LONG8 not allowed for ClassicTIFF");
-+ return(0);
-+ }
- m=value;
- if (tif->tif_flags&TIFF_SWAB)
- TIFFSwabLong8(&m);
-@@ -2124,7 +2127,10 @@
- {
- assert(count<0x20000000);
- assert(sizeof(uint64)==8);
-- assert(tif->tif_flags&TIFF_BIGTIFF);
-+ if( !(tif->tif_flags&TIFF_BIGTIFF) ) {
-+ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","LONG8 not allowed for ClassicTIFF");
-+ return(0);
-+ }
- if (tif->tif_flags&TIFF_SWAB)
- TIFFSwabArrayOfLong8(value,count);
- return(TIFFWriteDirectoryTagData(tif,ndir,dir,tag,TIFF_LONG8,count,count*8,value));
-@@ -2136,7 +2142,10 @@
- {
- int64 m;
- assert(sizeof(int64)==8);
-- assert(tif->tif_flags&TIFF_BIGTIFF);
-+ if( !(tif->tif_flags&TIFF_BIGTIFF) ) {
-+ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","SLONG8 not allowed for ClassicTIFF");
-+ return(0);
-+ }
- m=value;
- if (tif->tif_flags&TIFF_SWAB)
- TIFFSwabLong8((uint64*)(&m));
-@@ -2149,7 +2158,10 @@
- {
- assert(count<0x20000000);
- assert(sizeof(int64)==8);
-- assert(tif->tif_flags&TIFF_BIGTIFF);
-+ if( !(tif->tif_flags&TIFF_BIGTIFF) ) {
-+ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","SLONG8 not allowed for ClassicTIFF");
-+ return(0);
-+ }
- if (tif->tif_flags&TIFF_SWAB)
- TIFFSwabArrayOfLong8((uint64*)value,count);
- return(TIFFWriteDirectoryTagData(tif,ndir,dir,tag,TIFF_SLONG8,count,count*8,value));
diff --git a/gnu/packages/patches/libtiff-CVE-2017-9936.patch b/gnu/packages/patches/libtiff-CVE-2017-9936.patch
deleted file mode 100644
index fbdbcd0f0b..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2017-9936.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-Fix CVE-2017-9936:
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2706
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9936
-https://security-tracker.debian.org/tracker/CVE-2017-9936
-
-Patch lifted from upstream source repository (the changes to 'ChangeLog'
-don't apply to the libtiff 4.0.8 release tarball).
-
-3rd party Git reference:
-
-https://github.com/vadz/libtiff/commit/fe8d7165956b88df4837034a9161dc5fd20cf67a
-
-2017-06-26 Even Rouault <even.rouault at spatialys.com>
-
- * libtiff/tif_jbig.c: fix memory leak in error code path of
-JBIGDecode()
- Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2706
- Reported by team OWL337
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog
-new revision: 1.1254; previous revision: 1.1253
-/cvs/maptools/cvsroot/libtiff/libtiff/tif_jbig.c,v <-- libtiff/tif_jbig.c
-new revision: 1.16; previous revision: 1.15
-
-Index: libtiff/libtiff/tif_jbig.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_jbig.c,v
-retrieving revision 1.15
-retrieving revision 1.16
-diff -u -r1.15 -r1.16
---- libtiff/libtiff/tif_jbig.c 10 Mar 2010 18:56:48 -0000 1.15
-+++ libtiff/libtiff/tif_jbig.c 26 Jun 2017 15:20:00 -0000 1.16
-@@ -1,4 +1,4 @@
--/* $Id: tif_jbig.c,v 1.15 2010-03-10 18:56:48 bfriesen Exp $ */
-+/* $Id: tif_jbig.c,v 1.16 2017-06-26 15:20:00 erouault Exp $ */
-
- /*
- * Copyright (c) 1988-1997 Sam Leffler
-@@ -94,6 +94,7 @@
- jbg_strerror(decodeStatus)
- #endif
- );
-+ jbg_dec_free(&decoder);
- return 0;
- }
-
diff --git a/gnu/packages/patches/libtiff-tiffgetfield-bugs.patch b/gnu/packages/patches/libtiff-tiffgetfield-bugs.patch
deleted file mode 100644
index 84566ca23e..0000000000
--- a/gnu/packages/patches/libtiff-tiffgetfield-bugs.patch
+++ /dev/null
@@ -1,201 +0,0 @@
-Fix several bugs in libtiff related to use of TIFFGetField():
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2580
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8128
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7554
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5318
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10095
-
-Patch copied from upstream CVS. 3rd-party Git reference:
-https://github.com/vadz/libtiff/commit/4d4fa0b68ae9ae038959ee4f69ebe288ec892f06
-
-2017-06-01 Even Rouault <even.rouault at spatialys.com>
-
-* libtiff/tif_dirinfo.c, tif_dirread.c: add _TIFFCheckFieldIsValidForCodec(),
-and use it in TIFFReadDirectory() so as to ignore fields whose tag is a
-codec-specified tag but this codec is not enabled. This avoids TIFFGetField()
-to behave differently depending on whether the codec is enabled or not, and
-thus can avoid stack based buffer overflows in a number of TIFF utilities
-such as tiffsplit, tiffcmp, thumbnail, etc.
-Patch derived from 0063-Handle-properly-CODEC-specific-tags.patch
-(http://bugzilla.maptools.org/show_bug.cgi?id=2580) by Raphaƫl Hertzog.
-Fixes:
-http://bugzilla.maptools.org/show_bug.cgi?id=2580
-http://bugzilla.maptools.org/show_bug.cgi?id=2693
-http://bugzilla.maptools.org/show_bug.cgi?id=2625 (CVE-2016-10095)
-http://bugzilla.maptools.org/show_bug.cgi?id=2564 (CVE-2015-7554)
-http://bugzilla.maptools.org/show_bug.cgi?id=2561 (CVE-2016-5318)
-http://bugzilla.maptools.org/show_bug.cgi?id=2499 (CVE-2014-8128)
-http://bugzilla.maptools.org/show_bug.cgi?id=2441
-http://bugzilla.maptools.org/show_bug.cgi?id=2433
-Index: libtiff/libtiff/tif_dirread.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v
-retrieving revision 1.208
-retrieving revision 1.209
-diff -u -r1.208 -r1.209
---- libtiff/libtiff/tif_dirread.c 27 Apr 2017 15:46:22 -0000 1.208
-+++ libtiff/libtiff/tif_dirread.c 1 Jun 2017 12:44:04 -0000 1.209
-@@ -1,4 +1,4 @@
--/* $Id: tif_dirread.c,v 1.208 2017-04-27 15:46:22 erouault Exp $ */
-+/* $Id: tif_dirread.c,v 1.209 2017-06-01 12:44:04 erouault Exp $ */
-
- /*
- * Copyright (c) 1988-1997 Sam Leffler
-@@ -3580,6 +3580,10 @@
- goto bad;
- dp->tdir_tag=IGNORE;
- break;
-+ default:
-+ if( !_TIFFCheckFieldIsValidForCodec(tif, dp->tdir_tag) )
-+ dp->tdir_tag=IGNORE;
-+ break;
- }
- }
- }
-Index: libtiff/libtiff/tif_dirinfo.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirinfo.c,v
-retrieving revision 1.126
-retrieving revision 1.127
-diff -u -r1.126 -r1.127
---- libtiff/libtiff/tif_dirinfo.c 18 Nov 2016 02:52:13 -0000 1.126
-+++ libtiff/libtiff/tif_dirinfo.c 1 Jun 2017 12:44:04 -0000 1.127
-@@ -1,4 +1,4 @@
--/* $Id: tif_dirinfo.c,v 1.126 2016-11-18 02:52:13 bfriesen Exp $ */
-+/* $Id: tif_dirinfo.c,v 1.127 2017-06-01 12:44:04 erouault Exp $ */
-
- /*
- * Copyright (c) 1988-1997 Sam Leffler
-@@ -956,6 +956,109 @@
- return 0;
- }
-
-+int
-+_TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag)
-+{
-+ /* Filter out non-codec specific tags */
-+ switch (tag) {
-+ /* Shared tags */
-+ case TIFFTAG_PREDICTOR:
-+ /* JPEG tags */
-+ case TIFFTAG_JPEGTABLES:
-+ /* OJPEG tags */
-+ case TIFFTAG_JPEGIFOFFSET:
-+ case TIFFTAG_JPEGIFBYTECOUNT:
-+ case TIFFTAG_JPEGQTABLES:
-+ case TIFFTAG_JPEGDCTABLES:
-+ case TIFFTAG_JPEGACTABLES:
-+ case TIFFTAG_JPEGPROC:
-+ case TIFFTAG_JPEGRESTARTINTERVAL:
-+ /* CCITT* */
-+ case TIFFTAG_BADFAXLINES:
-+ case TIFFTAG_CLEANFAXDATA:
-+ case TIFFTAG_CONSECUTIVEBADFAXLINES:
-+ case TIFFTAG_GROUP3OPTIONS:
-+ case TIFFTAG_GROUP4OPTIONS:
-+ break;
-+ default:
-+ return 1;
-+ }
-+ /* Check if codec specific tags are allowed for the current
-+ * compression scheme (codec) */
-+ switch (tif->tif_dir.td_compression) {
-+ case COMPRESSION_LZW:
-+ if (tag == TIFFTAG_PREDICTOR)
-+ return 1;
-+ break;
-+ case COMPRESSION_PACKBITS:
-+ /* No codec-specific tags */
-+ break;
-+ case COMPRESSION_THUNDERSCAN:
-+ /* No codec-specific tags */
-+ break;
-+ case COMPRESSION_NEXT:
-+ /* No codec-specific tags */
-+ break;
-+ case COMPRESSION_JPEG:
-+ if (tag == TIFFTAG_JPEGTABLES)
-+ return 1;
-+ break;
-+ case COMPRESSION_OJPEG:
-+ switch (tag) {
-+ case TIFFTAG_JPEGIFOFFSET:
-+ case TIFFTAG_JPEGIFBYTECOUNT:
-+ case TIFFTAG_JPEGQTABLES:
-+ case TIFFTAG_JPEGDCTABLES:
-+ case TIFFTAG_JPEGACTABLES:
-+ case TIFFTAG_JPEGPROC:
-+ case TIFFTAG_JPEGRESTARTINTERVAL:
-+ return 1;
-+ }
-+ break;
-+ case COMPRESSION_CCITTRLE:
-+ case COMPRESSION_CCITTRLEW:
-+ case COMPRESSION_CCITTFAX3:
-+ case COMPRESSION_CCITTFAX4:
-+ switch (tag) {
-+ case TIFFTAG_BADFAXLINES:
-+ case TIFFTAG_CLEANFAXDATA:
-+ case TIFFTAG_CONSECUTIVEBADFAXLINES:
-+ return 1;
-+ case TIFFTAG_GROUP3OPTIONS:
-+ if (tif->tif_dir.td_compression == COMPRESSION_CCITTFAX3)
-+ return 1;
-+ break;
-+ case TIFFTAG_GROUP4OPTIONS:
-+ if (tif->tif_dir.td_compression == COMPRESSION_CCITTFAX4)
-+ return 1;
-+ break;
-+ }
-+ break;
-+ case COMPRESSION_JBIG:
-+ /* No codec-specific tags */
-+ break;
-+ case COMPRESSION_DEFLATE:
-+ case COMPRESSION_ADOBE_DEFLATE:
-+ if (tag == TIFFTAG_PREDICTOR)
-+ return 1;
-+ break;
-+ case COMPRESSION_PIXARLOG:
-+ if (tag == TIFFTAG_PREDICTOR)
-+ return 1;
-+ break;
-+ case COMPRESSION_SGILOG:
-+ case COMPRESSION_SGILOG24:
-+ /* No codec-specific tags */
-+ break;
-+ case COMPRESSION_LZMA:
-+ if (tag == TIFFTAG_PREDICTOR)
-+ return 1;
-+ break;
-+
-+ }
-+ return 0;
-+}
-+
- /* vim: set ts=8 sts=8 sw=8 noet: */
-
- /*
-Index: libtiff/libtiff/tif_dir.h
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.h,v
-retrieving revision 1.54
-retrieving revision 1.55
-diff -u -r1.54 -r1.55
---- libtiff/libtiff/tif_dir.h 18 Feb 2011 20:53:05 -0000 1.54
-+++ libtiff/libtiff/tif_dir.h 1 Jun 2017 12:44:04 -0000 1.55
-@@ -1,4 +1,4 @@
--/* $Id: tif_dir.h,v 1.54 2011-02-18 20:53:05 fwarmerdam Exp $ */
-+/* $Id: tif_dir.h,v 1.55 2017-06-01 12:44:04 erouault Exp $ */
-
- /*
- * Copyright (c) 1988-1997 Sam Leffler
-@@ -291,6 +291,7 @@
- extern int _TIFFMergeFields(TIFF*, const TIFFField[], uint32);
- extern const TIFFField* _TIFFFindOrRegisterField(TIFF *, uint32, TIFFDataType);
- extern TIFFField* _TIFFCreateAnonField(TIFF *, uint32, TIFFDataType);
-+extern int _TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag);
-
- #if defined(__cplusplus)
- }
diff --git a/gnu/packages/patches/libtiff-tiffycbcrtorgb-integer-overflow.patch b/gnu/packages/patches/libtiff-tiffycbcrtorgb-integer-overflow.patch
deleted file mode 100644
index 060740d953..0000000000
--- a/gnu/packages/patches/libtiff-tiffycbcrtorgb-integer-overflow.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-Fix an integer overflow TIFFYCbCrtoRGB():
-
-https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1844
-
-3rd party Git reference:
-
-https://github.com/vadz/libtiff/commit/02669064e927074819ce1ed39aba0fccaa167717
-
-2017-05-29 Even Rouault <even.rouault at spatialys.com>
-
- * libtiff/tif_color.c: TIFFYCbCrToRGBInit(): stricter clamping to avoid
- int32 overflow in TIFFYCbCrtoRGB().
- Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1844
- Credit to OSS Fuzz
-
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog
-new revision: 1.1241; previous revision: 1.1240
-/cvs/maptools/cvsroot/libtiff/libtiff/tif_color.c,v <-- libtiff/tif_color.c
-new revision: 1.24; previous revision: 1.23
-
-Index: libtiff/libtiff/tif_color.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_color.c,v
-retrieving revision 1.23
-retrieving revision 1.24
-diff -u -r1.23 -r1.24
---- libtiff/libtiff/tif_color.c 13 May 2017 18:17:34 -0000 1.23
-+++ libtiff/libtiff/tif_color.c 29 May 2017 10:12:54 -0000 1.24
-@@ -1,4 +1,4 @@
--/* $Id: tif_color.c,v 1.23 2017-05-13 18:17:34 erouault Exp $ */
-+/* $Id: tif_color.c,v 1.24 2017-05-29 10:12:54 erouault Exp $ */
-
- /*
- * Copyright (c) 1988-1997 Sam Leffler
-@@ -275,10 +275,10 @@
- for (i = 0, x = -128; i < 256; i++, x++) {
- int32 Cr = (int32)CLAMPw(Code2V(x, refBlackWhite[4] - 128.0F,
- refBlackWhite[5] - 128.0F, 127),
-- -128.0F * 64, 128.0F * 64);
-+ -128.0F * 32, 128.0F * 32);
- int32 Cb = (int32)CLAMPw(Code2V(x, refBlackWhite[2] - 128.0F,
- refBlackWhite[3] - 128.0F, 127),
-- -128.0F * 64, 128.0F * 64);
-+ -128.0F * 32, 128.0F * 32);
-
- ycbcr->Cr_r_tab[i] = (int32)((D1*Cr + ONE_HALF)>>SHIFT);
- ycbcr->Cb_b_tab[i] = (int32)((D3*Cb + ONE_HALF)>>SHIFT);
-@@ -286,7 +286,7 @@
- ycbcr->Cb_g_tab[i] = D4*Cb + ONE_HALF;
- ycbcr->Y_tab[i] =
- (int32)CLAMPw(Code2V(x + 128, refBlackWhite[0], refBlackWhite[1], 255),
-- -128.0F * 64, 128.0F * 64);
-+ -128.0F * 32, 128.0F * 32);
- }
- }
-
diff --git a/gnu/packages/patches/libtiff-tiffycbcrtorgbinit-integer-overflow.patch b/gnu/packages/patches/libtiff-tiffycbcrtorgbinit-integer-overflow.patch
deleted file mode 100644
index a990641a49..0000000000
--- a/gnu/packages/patches/libtiff-tiffycbcrtorgbinit-integer-overflow.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-Fix an integer overflow in initYCbCrConversion():
-
-https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1907
-
-3rd party Git reference
-
-https://github.com/vadz/libtiff/commit/468988860e0dae62ebbf991627c74bcbb4bd256f
-
- * libtiff/tif_getimage.c: initYCbCrConversion(): stricter validation for
- refBlackWhite coefficients values. To avoid invalid float->int32 conversion
- (when refBlackWhite[0] == 2147483648.f)
- Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1907
- Credit to OSS Fuzz
-
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog
-new revision: 1.1243; previous revision: 1.1242
-/cvs/maptools/cvsroot/libtiff/libtiff/tif_getimage.c,v <-- libtiff/tif_getimage.c
-new revision: 1.107; previous revision: 1.106
-
-Index: libtiff/libtiff/tif_getimage.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_getimage.c,v
-retrieving revision 1.106
-retrieving revision 1.107
-diff -u -r1.106 -r1.107
---- libtiff/libtiff/tif_getimage.c 20 May 2017 11:29:02 -0000 1.106
-+++ libtiff/libtiff/tif_getimage.c 29 May 2017 11:29:06 -0000 1.107
-@@ -1,4 +1,4 @@
--/* $Id: tif_getimage.c,v 1.106 2017-05-20 11:29:02 erouault Exp $ */
-+/* $Id: tif_getimage.c,v 1.107 2017-05-29 11:29:06 erouault Exp $ */
-
- /*
- * Copyright (c) 1991-1997 Sam Leffler
-@@ -2241,7 +2241,7 @@
-
- static int isInRefBlackWhiteRange(float f)
- {
-- return f >= (float)(-0x7FFFFFFF + 128) && f <= (float)0x7FFFFFFF;
-+ return f > (float)(-0x7FFFFFFF + 128) && f < (float)0x7FFFFFFF;
- }
-
- static int