graphics/tiff: Fix CVE-2022-3970

Fix:	TIFFReadRGBATileExt(): fix (unsigned) integer overflow on
	strips/tiles > 2 GB

Obtained from:	Upstream 227500897dfb07fb7d27f7aa570050e62617e3be
		(merged as a05860a0872d323e3fbf4390187ce934dd2b165e)
MFH:		2022Q4
Security:	CVE-2022-3970
Security:	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137

Remove WWW entries moved into port Makefiles

Commit b7f05445c00f has added WWW entries to port Makefiles based on
WWW: lines in pkg-descr files.

This commit removes the WWW: lines of moved-over URLs from these
pkg-descr files.

Approved by:		portmgr (tcberner)

Add WWW entries to port Makefiles

It has been common practice to have one or more URLs at the end of the
ports' pkg-descr files, one per line and prefixed with "WWW:". These
URLs should point at a project website or other relevant resources.

Access to these URLs required processing of the pkg-descr files, and
they have often become stale over time. If more than one such URL was
present in a pkg-descr file, only the first one was tarnsfered into
the port INDEX, but for many ports only the last line did contain the
port specific URL to further information.

There have been several proposals to make a project URL available as
a macro in the ports' Makefiles, over time.

graphics: Give ports maintained by portmgr to desktop@

These ports were traditionally maintained by portmgr@ to ensure
that they receive an exp-run.

Let's entrust them to desktop@ with a stern "remember to exp-run".

Approved by:		rene
Differential Revision: https://reviews.freebsd.org/D36316

graphics/tiff: Update to 4.4.0

* Add libdeflate for improved performance as dependency
* Add zstd as dependency, this is the default in Alpine, Arch Linux,
  Debian, Fedora and OpenSUSE
* Backport upstream commit dd1bcc7abb26094e93636e85520f0d8f81ab0fab to
  fix CVE-2022-2056, CVE-2022-2057 and CVE-2022-2058
* Backport upstream commit 275735d0354e39c0ac1dc3c0db2120d6f31d1990 to
  fix CVE-2022-34526

PR:		265164
Approved by:	portmgr (antoine)
Exp-run by:	antoine

graphics: remove 'Created by' lines

A big Thank You to the original contributors of these ports:

  *  "Waitman Gobble" <uzimac@da3m0n8t3r.com>
  *  Aaron Dalton <aaron@FreeBSD.org>
  *  Abel Chow <ozsanh45vds001@sneakemail.com>
  *  Adam Weinberger <adamw@FreeBSD.org>
  *  Ade Lovett <ade@FreeBSD.org>
  *  Ade Lovett <ade@lovett.com>
  *  Akinori MUSHA aka knu <knu@idaemons.org>
  *  Aldis Berjoza <aldis@bsdroot.lv>
  *  Alex Hayward <xelah@xelah.com>
  *  Alex Ivasyuv <siegerstein@pochta.ru>
  *  Alex Samorukov <samm@os2.kiev.ua>

graphics/tiff: update to 4.3.0

Remove # $FreeBSD$ from Makefiles.

Update graphics/tiff to 4.2.0

Update graphics/tiff to 4.1.0

Fix tiff2ps error regarding "Inconsistent value of es" by allowing es to be
zero.

PR:		238372

Update MASTER_SITES

Approved by:	portmgr (blanket)

Update to 4.0.10

PR:		233146
Reported by:	Roger Leigh

Apply patches for CVE-2017-9935 and CVE-2017-18013

PR:		225544
Submitted by:	Yasuhiro KIMURA
Obtained from:	Debian
MFH after:	2 days
MFH:		2018Q1

Remove a few text occurrences of NOPORTDOCS.

Sponsored by:	Absolight

Update to 4.0.9

MFC after:	3 days
MFH:		2017Q4

Update to 4.0.8

PR:		219458, 216259
Submitted by:	Vidar Karlsen
MFH:		2017Q2

Remove libtiff.so.4 compatibility links that were added in r374303 to
prevent massive PORTREVISION bumps.  Bump dependent ports that have not
been bumped since.

Update to 4.0.7
The following tools are removed from this release: bmp2tiff, gif2tiff,
ras2tiff, rgb2ycbcr and thumbnail.

Use USES=pathfix where applicable.

PR:		213195
Submitted by:	mat
Exp-run by:	antoine
Sponsored by:	Absolight
Differential Revision:	https://reviews.freebsd.org/D8093

graphics/tiff: Patch vulnerabilities

These two patches were obtained from OpenBSD. An additional CVE is not
yet addressed, but upstream indicates they are removing the gif2tiff
utility as the mitigation in the upcoming 4.0.7.

PR:		211113
MFH:		2016Q3
Security:	CVE-2016-5875
Security:	CVE-2016-3186

Remove ${PORTSDIR}/ from dependencies, categories d, e, f, and g.

With hat:	portmgr
Sponsored by:	Absolight

Revert MAINTAINER update

These ports were intentionally set to portmgr@FreeBSD.org as MAINTAINER;
it was not a mistake. They require exp-runs and special care when
updating.

Submitted by:	antoine

MAINTAINER reset should be ports@FreeBSD.org, not portmgr

Add fixes for CVE-2015-8665, CVE-2015-8683 and other vulnerabilities.

Besides fixing the two CVEs mentioned above, this change also pulls two
other commits from libtiff upstream fixing other out-of-bounds reads that do
not have corresponding CVEs and were reported directly in libtiff's bug
tracker.

PR:		205923
Approved by:	portmgr (antoine)
Obtained from:	libtiff CVS repository
Security:	b65e4914-b3bc-11e5-8255-5453ed2e2b49
Security:	bd349f7a-b3b9-11e5-8255-5453ed2e2b49

Update to 4.0.6

PR:		203851

Update to 4.0.4

Convert to USES=jpeg

tools/tiffdither.c: check memory allocations to avoid writing to
NULL pointer. Also check multiplication overflow. Fixes #2501,
CVE-2014-8128. Derived from patch by Petr Gajdos.

Reported by:	naddy
Obtained
from:	https://github.com/vadz/libtiff/commit/147b2698c84004fe2da93c0fc7177a7c3797533d
MFH:		2015Q1

- Update to 4.0.4beta
- Add CPE information

PR:		198862
MFH:		2015Q1
Security:	CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130 CVE-2014-9655
CVE-2015-1547

- remove BROKEN
- reset MAINTAINER

- fatal regression
shared lib version going backwards

Replace USES=libtool:oldver with USES=libtool or USES=libtool:keepla in
the 32 ports that still use it.  Bump PORTREVISION on their dependent
ports except the ones that depend on these:

audio/libogg
audio/libvorbis
devel/pcre
ftp/curl
graphics/jpeg
graphics/libart_lgpl
graphics/tiff
textproc/expat2
textproc/libxslt

In these cases the same trick as in the recent gettext update is used.

- cleanup after r373197

Make mandoc happy

- use strip logic from bsd.port.mk
PR:		193918
Submitted by:	takefu@airport.fm

Cleanup plist

- cleanup r361950

Add DOCS to OPTIONS_DEFINE to ports that check for PORT_OPTIONS:MDOCS.

Bump PORTREVISION for jbigkit library version bump.

Approved by:	portmgr (implicit)

- drop option X11
- remove "tiffgt" from port
PR:		190816

Convert to USES=libtool.

The FreeBSD x11@ and graphics team proudly presents
a zeising, kwm production, with help from dumbbell, bdrewery:

NEW XORG ON FREEBSD 9-STABLE AND 10-STABLE

This update switches over to use the new xorg stack by default on FreeBSD 9
and 10 stable, on osversions where vt(9) is available.
It is still possible to use the old stack by specifying WITHOUT_NEW_XORG in
/etc/make.conf .
FreeBSD 8-STABLE and released versions of FreeBSD still use
the old version.
A package repository with binary packages for new xorg will
be available soon.

This patch also contains updates of libxcb and related ports, pixman, as well

- remove broken MANPREFIX
- update LICENSE

- use X11_CONFIGURE_WITH, X11_USE

- use STAGEDIR

- fix misplaced NO_STAGE in slaveports and ifdefs

Add NO_STAGE all over the place in preparation for the staging support (cat:
graphics)

- make portlint happier
PR:		176919

graphics/tiff
- update to 4.0.3

Switch from libglut to freeglut and retire libglut. Libglut hasn't been
developed in years and has been dropped from the MESA 8.0 distribution.
Freeglut is a rewrite of glut and is actively developed and is used by
many linux distributions instead of libglut.

Bump all ports that directly depend on libglut because of the shlib version
change.

There are some extra items in this patch.

*) Because freeglut doesn't have the same dependancies as libglut, some ports
	need extra dependencies added to USE_XORG to make them build.
*) Mark graphics/f90gl broken, f90gl depends on a header that is only shipped
	with libglut.
*) Remove option for libglut/freeglut selection in games/cake, only freeglut
	remains now.
*) While here fix a png related build issue games/vegastrike.

Thanks to miwi for running the exp-run.

Approved by:	portmgr (miwi)

Collaboration with:	zeising@
Obtained from:	xorg-dev staging area.

- update to 4.0.2

- Security patch
Security: http://www.debian.org/security/2012/dsa-2447
Security: CVE-2012-1173
Obtained from:  Frank Warmerdam

- update to 4.0.1

- update to 4.0.0 release

- extend MASTER_SITES

- fix pkg-plist
Reported by:    Alex Dupre

- drop dependency on pkg-config

- change path of libtiff-4.pc
Submitted by:   Max Brazhnikov

- update to 4.0.0beta7

Sync to new bsd.autotools.mk

- update to tiff 4.0.0
- add LICENSE
PR:             149611

- Security update to 3.9.4 to fix tiff2rgba
Security: http://www.remotesensing.org/libtiff/v3.9.4.html
Security: http://www.ocert.org/advisories/ocert-2009-012.html
Security: CVE-2009-2347
PR:             147900

- Security update to 3.8.3
Security: CVE-2010-1411
PR:             147811

- mark FORBIDDEN, buffer overrun

- update to jpeg-8

- update to 3.9.2

- include libjbig
PR:             139864
Submitted by:   Tijl Coosemans

Remove stale patches.
Reported by:    Andrei Lavreniyuk
PR:             138808

- update to 3.9.1

-Repocopy devel/libtool15 -> libtool22 and libltdl15 -> libltdl22.
-Update libtool and libltdl to 2.2.6a.
-Remove devel/libtool15 and devel/libltdl15.
-Fix ports build with libtool22/libltdl22.
-Bump ports that depend on libltdl22 due to shared library version change.
-Explain what to do update in the UPDATING.

It has been tested with GNOME2, XFCE4, KDE3, KDE4 and other many wm/desktop
and applications in the runtime.

With help:      marcus and kwm
Pointyhat-exp:  a few times by pav
Tested by:      pgollucci, "Romain Tartière" <romain@blogreen.org>, and
                a few MarcusCom CVS users. Also, I might have missed a few.
Repocopy by:    marcus
Approved by:    portmgr

- update to jpeg7
Tested by:      pav on pointyhat

- add LICENSE:

- Update X.org ports to 7.4+ (few ports are more recent than the katamari).
- Bump PORTREVISION for all ports depending on libglut since the shlib
version number went from 4 to 3.
- Bump PORTREVISION for all ports depending on libXaw as libXaw.so.8 isn't
installed anymore.
- Couple of ports fixes (mostly missing xorg components added to USE_XORG).

- better fix for manpages
Submitted by:   Christian Weisgerber (naddy)

- add Security patches
- fix missign macro in manpages
- add regression test
Security: CVE-2006-2193
Security: CVE-2006-2327
Security: CVE-2006-2656
Security: CVE-2006-3459
Security: CVE-2006-3460
Security: CVE-2006-3461
Security: CVE-2006-3462
Security: CVE-2006-3463
Security: CVE-2006-3464
Security: CVE-2006-3465
Security: CVE-2008-2327
PR:             127434
Submitted by:   <bf2006a@yahoo.com>
Obtained From:  Gentoo,Debian
Approved by:    portmgr (marcus)

Update CONFIGURE_ARGS for how we pass CONFIGURE_TARGET to configure script.
Specifically, newer autoconf (> 2.13) has different semantic of the
configure target. In short, one should use --build=CONFIGURE_TARGET
instead of CONFIGURE_TARGET directly. Otherwise, you will get a warning
and the old semantic may be removed in later autoconf releases.

To workaround this issue, many ports hack the CONFIGURE_TARGET variable
so that it contains the ``--build='' prefix.

To solve this issue, under the fact that some ports still have
configure script generated by the old autoconf, we use runtime detection
in the do-configure target so that the proper argument can be used.

Changes to Mk/*:
 - Add runtime detection magic in bsd.port.mk

- fix pkg-list for option WITH_X11
PR:             117359
Submitted by:   bf <bf2006a@yahoo.com>

- cleanup dependencies for option WITH_X11
  USE_XORG and USE_GL now defined

- use USE_LDCONFIG

- drop lcompat
tested on FreeBSD 4.11, FreeBSD 5.4, FreeBSD 6.1
Submitted by:   Daniel Lucq

- update to 3.8.2

- update to 3.8.1

Conversion to a single libtool environment.

Approved by:    portmgr (kris)

- udpate to 3.8.0

- add SHA checksum

- update to 3.7.4

- update to 3.7.3

- update to 3.7.2

- Security fix
Submitted by:   simon
Approved by:    portmgr (krion)
Obtained from:  gentoo

- add patch for transparent tiff images
http://bugzilla.remotesensing.org/show_bug.cgi?id=718
Submitted by:   Dierk Sacher
Approved by:    portmgr (krion)

- update to 3.7.1

- bugfix in YCbCr support
some tables were initialized with wrong value
missing check for division by zero
Submitted by:   Hans Petter Selasky

Quickly -- before anyone notices -- add another hunk to the just committed
patch. It is related the previous one and is discussed in the same thread

        http://remotesensing.org/pipermail/tiff/2004-October/000698.html

Add a patch fixing a double/float pointer mismatch. Bump PORTREVISION.

PR:     ports/73811
Approved by:    dinoex  (maintainer)
Submitted by:   Peter Fales (to TIFF mailing list)

- update MASTER_SITES
Submitted by:   sf

- cleanup after merge

- update to 3.7.0
- honor options WITH_X11,WITHOUT_X11
- uses LIBTOOL and GNU_CONFIGURE
- LZW compression enabled

shared lib version not bumped,
tested a few applications running it without recompilation.

- Security Fix
reference: CVE name CAN-2004-0886
Submitted by:   nectar
Obtained from:  Dmitry V. Levin

- Enable LZW compression kit for users who are able to use LZW
PR:             72039
Submitted by:   Michael Johnson

- Correct a few RLE decoder bugs in libtiff
PR:             nectar
Approved by:    portmgr (marcus)
Obtained from:  libtiff CVS

- remove BROKEN
Approved by:    kris