Version: 4.3.0, Package name: tiff-4.3.0 |
Maintained by: The OpenBSD ports mailing-list |
Master sites: |
Description This software provides support for the Tag Image File Format (TIFF), a widely used format for storing image data. Included in this software distribution is a library, libtiff, for reading and writing TIFF, a small collection of tools for doing simple manipulations of TIFF images on UNIX systems, and documentation on the library and tools. A small assortment of TIFF-related software for UNIX that has been contributed by others is also included. The library is capable of dealing with images that are written to follow the 5.0 or 6.0 TIFF spec. There is also considerable support for some of the more esoteric portions of the 6.0 TIFF spec. |
Filesize: 2742.436 KB |
Version History (View Complete History) |
|
2021-05-06 09:28:49 by Landry Breuil | Files touched by this commit (13) |
Log message: graphics/tiff: update to 4.3.0 See http://www.simplesystems.org/libtiff/v4.3.0.html ok naddy@ |
2021-03-16 17:01:35 by Christian Weisgerber | Files touched by this commit (3) |
Log message: graphics/tiff: security fixes for CVE-2020-35523, CVE-2020-35524 gtTileContig(): check Tile width for overflow (CVE-2020-35523) tiff2pdf: properly calculate datasize when saving to JPEG YCbCr (CVE-2020-35524) |
2021-03-16 09:34:23 by Landry Breuil | Files touched by this commit (12) |
Log message: graphics/tiff: update to 4.2.0 See http://www.simplesystems.org/libtiff/v4.2.0.html bumped minor for 4 method addition. Fixes CVE-2020-35523 and CVE-2020-35524. commits are here if someone dares backporting them to 4.1.0 in stable.. https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2 https://gitlab.com/libtiff/libtiff/-/commit/7be2e452ddcf6d7abca88f41d3761e6edab72b22 ok sthen@ naddy@ |
2019-11-29 09:43:02 by Christian Weisgerber | Files touched by this commit (10) |
Log message: Update to 4.1.0. Also enable xz and zstd compression as proposed by landry@ eight months ago. Include an upstream fix for a new sanity check that broke OJPEG compression; proposed by sthen@. ok sthen@ |
2019-07-12 14:47:59 by Stuart Henderson | Files touched by this commit (874) |
Log message: replace simple PERMIT_PACKAGE_CDROM=Yes with PERMIT_PACKAGE=Yes |
2019-07-10 09:25:03 by T.J. Townsend | Files touched by this commit (13) |
Log message: switch some master_sites and homepage lines to https. ok sthen |
2018-12-05 13:35:25 by Christian Weisgerber | Files touched by this commit (12) |
Log message: Update to 4.0.10. Disable the new support for ZSTD and WebP compression for the time being to avoid bringing in extra dependencies. |
2018-10-24 08:28:14 by Stuart Henderson | Files touched by this commit (740) |
Log message: Add COMPILER lines to c++ ports which currently use the default. Adjust some existing COMPILER lines with arch restrictions etc. In the usual case this is now using "COMPILER = base-clang ports-gcc base-gcc" on ports with c++ libraries in WANTLIB. This is basically intended to be a noop on architectures using clang as the system compiler, but help with other architectures where we currently have many ports knocked out due to building with an unsuitable compiler - - some ports require c++11/newer so the GCC version in base that is used on these archirtectures is too old. - some ports have conflicts where an executable is built with one compiler (e.g. gcc from base) but a library dependency is built with a different one (e.g. gcc from ports), resulted in mixing incompatible libraries in the same address space. devel/gmp is intentionally skipped as it's on the path to building gcc - the c++ library there is unused in ports (and not built by default upstream) so intending to disable building gmpcxx in a future commit. |
2017-07-26 16:45:35 by Stuart Henderson | Files touched by this commit (937) |
Log message: bump LIBCXX/LIBECXX/COMPILER_LIBCXX ports. |
2017-07-23 03:26:30 by Marc Espie | Files touched by this commit (244) |
Log message: add pthread to COMPILER_LIBCXX. white lie, but it allows clang and gcc to be more similar bump accordingly. |
2017-07-16 13:19:06 by Marc Espie | Files touched by this commit (880) |
Log message: use COMPILER_LIBCXX where applicable |
2017-05-31 10:11:16 by Christian Weisgerber | Files touched by this commit (3) |
Log message: Security update to 4.0.8: Fixes CVE-2017-5225, CVE-2017-7592 to -7602 |
2017-05-26 14:50:57 by Christian Weisgerber | Files touched by this commit (6) |
Log message: Security update to 4.0.8: Fixes CVE-2017-5225, CVE-2017-7592 to -7602 |
2017-04-10 05:46:23 by Stuart Henderson | Files touched by this commit (276) |
Log message: use LIBCXX |
2016-11-30 15:40:31 by Christian Weisgerber | Files touched by this commit (1) |
Log message: bump REVISION to clearly distinguish this from the -stable package, which has a different shared library major version; ok jca@ kili@ |
2016-11-30 15:14:18 by Christian Weisgerber | Files touched by this commit (5) |
Log message: Update to 4.0.7. * Multiple security fixes, including CVE-2016-3622, CVE-2014-8127, CVE-2016-9273, CVE-2016-9448, MSVR 35094, MSVR 35095, MSVR 35105 * Remove obsolete tools bmp2tiff, gif2tiff, ras2tiff, sgi2tiff, sgisv, ycbcr Minor patches to maintain ABI compatibility with 4.0.6. |
2016-11-30 14:36:36 by Christian Weisgerber | Files touched by this commit (5) |
Log message: Update to 4.0.7. * Multiple security fixes, including CVE-2016-3622, CVE-2014-8127, CVE-2016-9273, CVE-2016-9448, MSVR 35094, MSVR 35095, MSVR 35105 * Remove obsolete tools bmp2tiff, gif2tiff, ras2tiff, sgi2tiff, sgisv, ycbcr Minor patches to maintain ABI compatibility with 4.0.6. |
2016-11-29 13:00:35 by Christian Weisgerber | Files touched by this commit (13) |
Log message: Update to 4.0.7. * Multiple security fixes, including CVE-2016-3622, CVE-2014-8127, CVE-2016-9273, CVE-2016-9448, MSVR 35094, MSVR 35095, MSVR 35105 * Remove obsolete tools bmp2tiff, gif2tiff, ras2tiff, sgi2tiff, sgisv, ycbcr |
2016-07-01 05:26:07 by Jasper Lievisse Adriaanse | Files touched by this commit (2) |
Log message: fixes for CVE-2016-3186 and CVE-2016-5875 |
2016-07-01 05:23:44 by Jasper Lievisse Adriaanse | Files touched by this commit (3) |
Log message: fixes for CVE-2016-3186 and CVE-2016-5875 |
2016-03-11 13:28:34 by Christian Weisgerber | Files touched by this commit (247) |
Log message: garbage collect CONFIGURE_SHARED |
2016-01-25 09:08:35 by Jasper Lievisse Adriaanse | Files touched by this commit (3) |
Log message: Fix a number of out-of-bound reads and writes, including CVE-2015-8665 and CVE-2015-8683. From upstream CVS. |
2016-01-24 09:48:49 by Christian Weisgerber | Files touched by this commit (4) |
Log message: Fix a number of out-of-bound reads and writes, including CVE-2015-8665 and CVE-2015-8683. From upstream CVS. |
2015-11-04 13:51:36 by Christian Weisgerber | Files touched by this commit (9) |
Log message: update to 4.0.6, no major changes |
2015-07-08 13:36:54 by Christian Weisgerber | Files touched by this commit (8) |
Log message: Update to 4.0.4. No major changes. |
2015-03-29 14:58:58 by Christian Weisgerber | Files touched by this commit (5) |
Log message: Security update to 4.0.4beta (plus one further upstream fix). Should fix CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130, CVE-2014-9655, CVE-2015-1547. |
2015-03-29 13:41:56 by Christian Weisgerber | Files touched by this commit (5) |
Log message: Security update to 4.0.4beta (plus one further upstream fix). Should fix CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130, CVE-2014-9655, CVE-2015-1547. |
2015-03-29 11:39:22 by Christian Weisgerber | Files touched by this commit (24) |
Log message: Security update to 4.0.4beta (plus one further upstream fix). Should fix CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130, CVE-2014-9655, CVE-2015-1547. |
2011-05-09 02:14:43 by Giovanni Bechis | Files touched by this commit (15) |
Log message: Update to 3.9.5, help and ok naddy@ |
2011-03-23 02:08:58 by Jasper Lievisse Adriaanse | Files touched by this commit (2) |
Log message: Security fix for CVE-2011-1167, libtiff heap-based buffer overflow |
2011-03-23 02:08:50 by Jasper Lievisse Adriaanse | Files touched by this commit (2) |
Log message: Security fix for CVE-2011-1167, libtiff heap-based buffer overflow |
2011-03-19 12:42:29 by Jasper Lievisse Adriaanse | Files touched by this commit (2) |
Log message: Security fix for CVE-2011-0192: buffer overflow in Fax4Decode. |
2011-03-19 12:41:05 by Jasper Lievisse Adriaanse | Files touched by this commit (2) |
Log message: Security fix for CVE-2011-0192: buffer overflow in Fax4Decode. |
2010-11-17 01:05:18 by Marc Espie | Files touched by this commit (317) |
Log message: new depends |
2010-11-09 12:00:28 by Marc Espie | Files touched by this commit (19) |
Log message: WANTLIB conversion |
2010-10-18 12:13:15 by Marc Espie | Files touched by this commit (150) |
Log message: USE_GROFF=Yes |
2010-07-25 18:01:33 by William Yodlowsky | Files touched by this commit (3) |
Log message: SECURITY FIX Resolves CVE-2010-1411 merged from upstream via redhat reads ok to stephan@, ok naddy@ |
2010-07-21 00:46:33 by Antoine Jacoutot | Files touched by this commit (1) |
Log message: Fix MASTER_SITES. from patrick keshishian |
2010-06-30 11:10:08 by Christian Weisgerber | Files touched by this commit (36) |
Log message: SECURITY: Update to 3.9.4, which includes fixes for CVE-2009-2347 and CVE-2010-1411. |
2009-11-01 18:50:01 by William Yodlowsky | Files touched by this commit (2) |
Log message: MFC: SECURITY FIX Resolves CVE-2009-2347: Fix several places in tiff2rgba and rgb2ycbcr that were being careless about possible integer overflow in calculation of buffer sizes. |
2009-08-22 11:24:29 by William Yodlowsky | Files touched by this commit (3) |
Log message: MFC: SECURITY FIX Resolves: SA35515: LibTIFF "LZWDecodeCompat()" Buffer Underflow Vulnerability CVE-2009-2347: Fix several places in tiff2rgba and rgb2ycbcr that were being careless about possible integer overflow in calculation of buffer sizes. |
2009-07-22 07:15:00 by Jasper Lievisse Adriaanse | Files touched by this commit (3) |
Log message: - SECURITY FIX for CVE-2009-2347 (integer overflows in tiff tools) patch taken from upstream bugreport: http://bugzilla.maptools.org/show_bug.cgi?id=2079 ok ajacoutot@ |
2009-06-23 01:49:31 by Jasper Lievisse Adriaanse | Files touched by this commit (2) |
Log message: SECURITY FIX for for SA35515, LibTIFF "LZWDecodeCompat()" Buffer Underflow Vulnerability Patch from upstream bugreport #2065 (committed to CVS). |
2009-03-07 08:31:57 by Christian Weisgerber | Files touched by this commit (2) |
Log message: fix a silly C99-ism to allow building with gcc2 |
2008-10-25 03:39:29 by Christian Weisgerber | Files touched by this commit (19) |
Log message: SECURITY fixes for CVE-2006-2656 and CVE-2006-3459 through 3465. Man page fixes. Mostly via FreeBSD. Approving noises from bernd@ and jasper@ |
2008-08-27 12:09:36 by Jasper Lievisse Adriaanse | Files touched by this commit (2) |
Log message: Security fix for SA31610 http://secunia.com/advisories/31610 LibTIFF LZW Decoder Buffer Underflow Vulnerability Patch extracted from Debian's tiff_3.8.2-7+etch1 "looks fine" ajacoutot@ |
2007-09-15 14:09:43 by Simon Bertrang | Files touched by this commit (142) |
Log message: remove surrounding quotes from COMMENT/BROKEN/PERMIT_* |
2007-04-05 10:20:19 by Marc Espie | Files touched by this commit (912) |
Log message: base64 checksums. |
2006-08-03 06:53:18 by Marc Espie | Files touched by this commit (37) |
Log message: new lib specs |
2006-06-15 05:23:45 by Nikolay Sturm | Files touched by this commit (2) |
Log message: MFC: SECURITY: Prevent sign extension on integer promotion that leads to a buffer overflow. Minimal fix from upstream CVS. CVE-2006-2193. |
2006-06-15 05:23:24 by Nikolay Sturm | Files touched by this commit (2) |
Log message: MFC: SECURITY: Prevent sign extension on integer promotion that leads to a buffer overflow. Minimal fix from upstream CVS. CVE-2006-2193. |
2006-06-12 11:31:34 by Christian Weisgerber | Files touched by this commit (2) |
Log message: SECURITY: Prevent sign extension on integer promotion that leads to a buffer overflow. Minimal fix from upstream CVS. CVE-2006-2193. prodded by bernd@ |
2006-03-31 13:38:29 by Christian Weisgerber | Files touched by this commit (3) |
Log message: update to 3.8.2: bugfix release |
2006-03-26 03:45:18 by Marc Espie | Files touched by this commit (3) |
Log message: fix broken manpages, found out because makewhatis was complaining... |
2006-03-18 10:40:02 by Christian Weisgerber | Files touched by this commit (10) |
Log message: update to 3.8.1 |
2006-01-13 17:07:32 by Marc Espie | Files touched by this commit (14) |
Log message: more C++ libs bumps. Done thru mail, plus lizards. |
2006-01-07 17:29:38 by Steven Mestdagh | Files touched by this commit (8) |
Log message: remove MODGNU_SHARED_LIBS |
2005-12-27 09:42:43 by Steven Mestdagh | Files touched by this commit (2) |
Log message: SHARED_LIBS ok espie@ |
2005-10-20 14:45:39 by Nikolay Sturm | Files touched by this commit (1) |
Log message: ups, forgot to commit this PKGNAME bump: updated packages for these ports where not build in a sane environment bump PKGNAME for fixed packages |
2005-08-31 13:46:33 by Nikolay Sturm | Files touched by this commit (7) |
Log message: updated packages for these ports where not build in a sane environment bump PKGNAME for fixed packages |
2005-07-29 11:51:26 by Brad Smith | Files touched by this commit (2) |
Log message: Fix a Denial of Service vulnerability and a buffer overflow. - Check for zero YCbCr subsampling values which cause a division by zero crash. - Properly check the BitsPerSample tag. CAN-2005-1544 |
2005-07-29 11:38:59 by Brad Smith | Files touched by this commit (2) |
Log message: Fix a Denial of Service vulnerability and a buffer overflow. - Check for zero YCbCr subsampling values which cause a division by zero crash. - Properly check the BitsPerSample tag. CAN-2005-1544 |
2005-07-17 14:54:36 by Christian Weisgerber | Files touched by this commit (11) |
Log message: Update to 3.7.3; from Bernd Ahlers <b.ahlers@ba-net.org>. Major changes: * Replace runtime endianess check with the compile time one. * Added support for the new predictor type (floating point predictor), defined at the TIFF Technical Note 3. * Added Support for custom tags, passed by value. Added support for all DNG tags. |
2005-06-19 06:19:30 by Christian Weisgerber | Files touched by this commit (1) |
Log message: new master site mirror, from FreeBSD |
2005-06-18 15:24:41 by Christian Weisgerber | Files touched by this commit (33) |
Log message: update to 3.7.2 which integrates the numerous security patches brad@ drops maintainership |
2005-05-24 23:37:33 by Robert Nagy | Files touched by this commit (3) |
Log message: SECURITY: fix multiple vulnerabilities; bump PKGNAME http://www.vuxml.org/openbsd/d045aeb6-9ea6-11d9-9623-00065bd5b0b6.html ok brad@ |
2005-04-17 07:37:43 by Marc Espie | Files touched by this commit (8) |
Log message: this stuff builds without really installing it now. |
2005-03-31 15:08:47 by Nikolay Sturm | Files touched by this commit (3) |
Log message: cumulative update with patches of recent months MFC: fix an issue with not being able to open some valid TIFF files. http://www.sigmasoft.com/~openbsd/archive/openbsd-ports/200503/msg00090.html From: Bernd Ahlers <b dot ahlers at ba-net dot org> --- Integer overflow in tif_dirread.c and tif_fax3.c for libtiff allows remote attackers to execute arbitrary code via a TIFF file containing a TIFF_ASCII or TIFF_UNDEFINED directory entry with a -1 entry count, which leads to a heap-based buffer overflow. CAN-2004-1308 --- fix an issue with alpha channels. http://bugzilla.remotesensing.org/show_bug.cgi?id=718 --- fix MASTER_SITES; From: Bernd Ahlers <b dot ahlers at ba-net dot org> --- Fix memory allocation problems and numerous integer overflows. CAN-2004-0803, CAN-2004-0804, CAN-2004-0886 ok brad@ |
2005-03-31 15:02:44 by Nikolay Sturm | Files touched by this commit (3) |
Log message: cumulative update with patches of recent months MFC: fix an issue with not being able to open some valid TIFF files. http://www.sigmasoft.com/~openbsd/archive/openbsd-ports/200503/msg00090.html From: Bernd Ahlers <b dot ahlers at ba-net dot org> --- Integer overflow in tif_dirread.c and tif_fax3.c for libtiff allows remote attackers to execute arbitrary code via a TIFF file containing a TIFF_ASCII or TIFF_UNDEFINED directory entry with a -1 entry count, which leads to a heap-based buffer overflow. CAN-2004-1308 --- fix an issue with alpha channels. http://bugzilla.remotesensing.org/show_bug.cgi?id=718 --- fix MASTER_SITES; From: Bernd Ahlers <b dot ahlers at ba-net dot org> --- Fix memory allocation problems and numerous integer overflows. CAN-2004-0803, CAN-2004-0804, CAN-2004-0886 ok brad@ |
2005-03-26 23:13:07 by Brad Smith | Files touched by this commit (2) |
Log message: missed part of the alpha channels fix. |
2005-03-26 22:12:15 by Brad Smith | Files touched by this commit (7) |
Log message: fix an issue with not being able to open some valid TIFF files. http://www.sigmasoft.com/~openbsd/archive/openbsd-ports/200503/msg00090.html From: Bernd Ahlers <b dot ahlers at ba-net dot org> |
2005-03-26 20:59:01 by Brad Smith | Files touched by this commit (1) |
Log message: - bump PKGNAME - fix MASTER_SITES; From: Bernd Ahlers <b dot ahlers at ba-net dot org> |
2005-03-26 20:57:26 by Brad Smith | Files touched by this commit (2) |
Log message: Integer overflow in tif_dirread.c and tif_fax3.c for libtiff allows remote attackers to execute arbitrary code via a TIFF file containing a TIFF_ASCII or TIFF_UNDEFINED directory entry with a -1 entry count, which leads to a heap-based buffer overflow. CAN-2004-1308 |
2005-03-26 20:41:26 by Brad Smith | Files touched by this commit (1) |
Log message: Integer overflow in the tiffdump utility for libtiff allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF file. CAN-2004-1183 |
2005-03-26 20:40:01 by Brad Smith | Files touched by this commit (1) |
Log message: fix an issue with alpha channels. http://bugzilla.remotesensing.org/show_bug.cgi?id=718 |
2005-01-05 09:50:39 by Christian Weisgerber | Files touched by this commit (106) |
Log message: SIZE |
2004-12-21 23:31:06 by Marc Espie | Files touched by this commit (6) |
Log message: fix a few WANTLIB issues. Install librpmbuild since lib/rpmgettext wants it. |
2004-10-20 14:37:48 by Brad Smith | Files touched by this commit (18) |
Log message: Fix memory allocation problems and numerous integer overflows. CAN-2004-0803, CAN-2004-0804, CAN-2004-0886 |
2004-09-14 18:50:12 by Marc Espie | Files touched by this commit (121) |
Log message: new plists |
2004-08-07 02:03:07 by Marc Espie | Files touched by this commit (5) |
Log message: new plists |
2004-05-18 17:38:50 by Brad Smith | Files touched by this commit (2) |
Log message: Add a patch to fix libtiff 3.6.1 with HylaFAX. http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=500 http://bugzilla.remotesensing.org/show_bug.cgi?id=483 Thanks to Uwe Dippel <udippel at uniten dot edu dot my> for bringing this to my attention. |
2004-05-18 17:35:35 by Brad Smith | Files touched by this commit (2) |
Log message: Add a patch to fix libtiff 3.6.1 with HylaFAX. http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=500 http://bugzilla.remotesensing.org/show_bug.cgi?id=483 Thanks to Uwe Dippel <udippel at uniten dot edu dot my> for bringing this to my attention. |
2004-02-24 17:08:10 by Brad Smith | Files touched by this commit (6) |
Log message: upgrade to libtiff 3.6.1 |
2004-02-23 17:06:43 by Christian Weisgerber | Files touched by this commit (9) |
Log message: remove workarounds for gcc2.95/sparc64 optimizer bugs |
2003-12-23 16:48:55 by Brad Smith | Files touched by this commit (1) |
Log message: argh, damn cvs. this should have been updated and not removed. |
2003-12-23 16:45:41 by Brad Smith | Files touched by this commit (13) |
Log message: upgrade to libtiff 3.6.0 |
2003-12-15 14:42:44 by Christian Weisgerber | Files touched by this commit (507) |
Log message: remove WWW lines |
2003-04-15 09:30:53 by Anil Madhavapeddy | Files touched by this commit (1) |
Log message: incomplete format string; submitted upstream, brad@ ok |
2002-10-26 18:03:17 by Christian Weisgerber | Files touched by this commit (21) |
Log message: No regression tests available. |