[PR PATCH] tiff: update to 4.3.0.

[PR PATCH] tiff: update to 4.3.0.

[skmpz]

[-- Attachment #1: Type: text/plain, Size: 1583 bytes --]

There is a new pull request by skmpz against master on the void-packages repository

https://github.com/skmpz/void-packages tiff-4.3.0
https://github.com/void-linux/void-packages/pull/30468

tiff: update to 4.3.0.
<!-- Mark items with [x] where applicable -->

#### General
- [ ] This is a new package and it conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements)

#### Have the results of the proposed changes been tested?
- [ ] I use the packages affected by the proposed changes on a regular basis and confirm this PR works for me
- [ ] I generally don't use the affected packages but briefly tested this PR

<!--
If GitHub CI cannot be used to validate the build result (for example, if the
build is likely to take several hours), make sure to
[skip CI](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration).
When skipping CI, uncomment and fill out the following section.
Note: for builds that are likely to complete in less than 2 hours, it is not
acceptable to skip CI.
-->
<!-- 
#### Does it build and run successfully? 
(Please choose at least one native build and, if supported, at least one cross build. More are better.)
- [ ] I built this PR locally for my native architecture, (ARCH-LIBC)
- [ ] I built this PR locally for these architectures (if supported. mark crossbuilds):
  - [ ] aarch64-musl
  - [ ] armv7l
  - [ ] armv6l-musl
-->


A patch file from https://github.com/void-linux/void-packages/pull/30468.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-tiff-4.3.0-30468.patch --]
[-- Type: text/x-diff, Size: 4951 bytes --]

From ea62ce954d4df3cca110e7e7f53cb878b8d72073 Mon Sep 17 00:00:00 2001
From: skmpz <dem.procopiou@gmail.com>
Date: Sat, 24 Apr 2021 09:43:45 +0300
Subject: [PATCH] tiff: update to 4.3.0.

---
 .../tiff/patches/CVE-2017-11613_part1.patch   | 40 -------------------
 .../tiff/patches/CVE-2017-11613_part2.patch   | 33 ---------------
 srcpkgs/tiff/template                         |  8 ++--
 3 files changed, 4 insertions(+), 77 deletions(-)
 delete mode 100644 srcpkgs/tiff/patches/CVE-2017-11613_part1.patch
 delete mode 100644 srcpkgs/tiff/patches/CVE-2017-11613_part2.patch

diff --git a/srcpkgs/tiff/patches/CVE-2017-11613_part1.patch b/srcpkgs/tiff/patches/CVE-2017-11613_part1.patch
deleted file mode 100644
index 12e20b21120f..000000000000
--- a/srcpkgs/tiff/patches/CVE-2017-11613_part1.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 3719385a3fac5cfb20b487619a5f08abbf967cf8 Mon Sep 17 00:00:00 2001
-From: Even Rouault <even.rouault@spatialys.com>
-Date: Sun, 11 Mar 2018 11:14:01 +0100
-Subject: [PATCH] ChopUpSingleUncompressedStrip: avoid memory exhaustion (CVE-2017-11613)
-
-In ChopUpSingleUncompressedStrip(), if the computed number of strips is big
-enough and we are in read only mode, validate that the file size is consistent
-with that number of strips to avoid useless attempts at allocating a lot of
-memory for the td_stripbytecount and td_stripoffset arrays.
-
-Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2724
----
- libtiff/tif_dirread.c | 11 +++++++++++
- 1 file changed, 11 insertions(+)
-
-diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
-index 3fc0c8e..1a3259c 100644
---- libtiff/tif_dirread.c
-+++ libtiff/tif_dirread.c
-@@ -5698,6 +5698,17 @@ ChopUpSingleUncompressedStrip(TIFF* tif)
-         if( nstrips == 0 )
-             return;
- 
-+        /* If we are going to allocate a lot of memory, make sure that the */
-+        /* file is as big as needed */
-+        if( tif->tif_mode == O_RDONLY &&
-+            nstrips > 1000000 &&
-+            (tif->tif_dir.td_stripoffset[0] >= TIFFGetFileSize(tif) ||
-+             tif->tif_dir.td_stripbytecount[0] >
-+                    TIFFGetFileSize(tif) - tif->tif_dir.td_stripoffset[0]) )
-+        {
-+            return;
-+        }
-+
- 	newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
- 				"for chopped \"StripByteCounts\" array");
- 	newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
---
-libgit2 0.27.0
-
diff --git a/srcpkgs/tiff/patches/CVE-2017-11613_part2.patch b/srcpkgs/tiff/patches/CVE-2017-11613_part2.patch
deleted file mode 100644
index bd3b13ed417c..000000000000
--- a/srcpkgs/tiff/patches/CVE-2017-11613_part2.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 7a092f8af2568d61993a8cc2e7a35a998d7d37be Mon Sep 17 00:00:00 2001
-From: Even Rouault <even.rouault@spatialys.com>
-Date: Sat, 17 Mar 2018 09:36:29 +0100
-Subject: [PATCH] ChopUpSingleUncompressedStrip: avoid memory exhaustion (CVE-2017-11613)
-
-Rework fix done in 3719385a3fac5cfb20b487619a5f08abbf967cf8 to work in more
-cases like https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6979.
-Credit to OSS Fuzz
-
-Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2724
----
- libtiff/tif_dirread.c | 5 ++---
- 1 file changed, 2 insertions(+), 3 deletions(-)
-
-diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
-index 1a3259c..6baa7b3 100644
---- libtiff/tif_dirread.c
-+++ libtiff/tif_dirread.c
-@@ -5702,9 +5702,8 @@ ChopUpSingleUncompressedStrip(TIFF* tif)
-         /* file is as big as needed */
-         if( tif->tif_mode == O_RDONLY &&
-             nstrips > 1000000 &&
--            (tif->tif_dir.td_stripoffset[0] >= TIFFGetFileSize(tif) ||
--             tif->tif_dir.td_stripbytecount[0] >
--                    TIFFGetFileSize(tif) - tif->tif_dir.td_stripoffset[0]) )
-+            (offset >= TIFFGetFileSize(tif) ||
-+             stripbytes > (TIFFGetFileSize(tif) - offset) / (nstrips - 1)) )
-         {
-             return;
-         }
---
-libgit2 0.27.0
-
diff --git a/srcpkgs/tiff/template b/srcpkgs/tiff/template
index e8531ee23d1c..4179cf8afc52 100644
--- a/srcpkgs/tiff/template
+++ b/srcpkgs/tiff/template
@@ -1,18 +1,18 @@
 # Template file for 'tiff'
 pkgname=tiff
-version=4.2.0
-revision=2
+version=4.3.0
+revision=1
 build_style=gnu-configure
 configure_args="--enable-cxx --without-x"
 hostmakedepends="automake libtool"
 makedepends="jbigkit-devel libjpeg-turbo-devel
  liblzma-devel libzstd-devel zlib-devel"
 short_desc="Library and tools for reading and writing TIFF data files"
-maintainer="Orphaned <orphan@voidlinux.org>"
+maintainer="skmpz <dem.procopiou@gmail.com>"
 license="libtiff"
 homepage="http://libtiff.maptools.org/"
 distfiles="http://download.osgeo.org/libtiff/tiff-${version}.tar.gz"
-checksum=eb0484e568ead8fa23b513e9b0041df7e327f4ee2d22db5a533929dfc19633cb
+checksum=0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8
 
 pre_configure() {
 	autoreconf -fi

Re: [PR PATCH] [Merged]: tiff: update to 4.3.0.

[ericonr]

[-- Attachment #1: Type: text/plain, Size: 1433 bytes --]

There's a merged pull request on the void-packages repository

tiff: update to 4.3.0.
https://github.com/void-linux/void-packages/pull/30468

Description:
<!-- Mark items with [x] where applicable -->

#### General
- [ ] This is a new package and it conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements)

#### Have the results of the proposed changes been tested?
- [x] I use the packages affected by the proposed changes on a regular basis and confirm this PR works for me
- [ ] I generally don't use the affected packages but briefly tested this PR

<!--
If GitHub CI cannot be used to validate the build result (for example, if the
build is likely to take several hours), make sure to
[skip CI](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration).
When skipping CI, uncomment and fill out the following section.
Note: for builds that are likely to complete in less than 2 hours, it is not
acceptable to skip CI.
-->
<!-- 
#### Does it build and run successfully? 
(Please choose at least one native build and, if supported, at least one cross build. More are better.)
- [ ] I built this PR locally for my native architecture, (ARCH-LIBC)
- [ ] I built this PR locally for these architectures (if supported. mark crossbuilds):
  - [ ] aarch64-musl
  - [ ] armv7l
  - [ ] armv6l-musl
-->