summaryrefslogtreecommitdiff
path: root/repo/tiff
diff options
context:
space:
mode:
Diffstat (limited to 'repo/tiff')
-rw-r--r--repo/tiff/CVE-2018-12900.patch29
-rw-r--r--repo/tiff/tiff.xibuild32
2 files changed, 61 insertions, 0 deletions
diff --git a/repo/tiff/CVE-2018-12900.patch b/repo/tiff/CVE-2018-12900.patch
new file mode 100644
index 0000000..f95cd06
--- /dev/null
+++ b/repo/tiff/CVE-2018-12900.patch
@@ -0,0 +1,29 @@
+From 86861b86f26be5301ccfa96f9bf765051f4e644a Mon Sep 17 00:00:00 2001
+From: pgajdos <pgajdos@suse.cz>
+Date: Tue, 13 Nov 2018 09:03:31 +0100
+Subject: [PATCH] prevent integer overflow
+
+---
+ tools/tiffcp.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/tools/tiffcp.c b/tools/tiffcp.c
+index 2f406e2d..ece7ba13 100644
+--- a/tools/tiffcp.c
++++ b/tools/tiffcp.c
+@@ -1435,6 +1435,12 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer)
+ status = 0;
+ goto done;
+ }
++ if (0xFFFFFFFF / tilew < spp)
++ {
++ TIFFError(TIFFFileName(in), "Error, either TileWidth (%u) or BitsPerSample (%u) is too large", tilew, bps);
++ status = 0;
++ goto done;
++ }
+ bytes_per_sample = bps/8;
+
+ for (row = 0; row < imagelength; row += tl) {
+--
+2.18.1
+
diff --git a/repo/tiff/tiff.xibuild b/repo/tiff/tiff.xibuild
new file mode 100644
index 0000000..544116b
--- /dev/null
+++ b/repo/tiff/tiff.xibuild
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+NAME="tiff"
+DESC="Provides support for the Tag Image File Format or TIFF"
+
+MAKEDEPS=""
+DEPS="musl xz zlib zstd "
+
+PKG_VER=4.3.0
+SOURCE="https://gitlab.com/libtiff/libtiff/-/archive/v$PKG_VER/libtiff-v$PKG_VER.tar.gz"
+ADDITIONAL="CVE-2018-12900.patch "
+
+prepare () {
+ apply_patches
+ autoreconf -fi
+}
+
+build () {
+ ./configure \
+ --prefix=/usr
+ --bindir=/usr/bin \
+ --sysconfdir=/etc \
+ --disable-static \
+ --enable-cxx
+
+ make
+}
+
+package () {
+ make DESTDIR=$PKG_DEST install
+}
+