From 48ca75555522716f0f686dcae3dd6cf3d8ad714d Mon Sep 17 00:00:00 2001
From: davidovski <david@davidovski.xyz>
Date: Tue, 31 May 2022 11:05:19 +0100
Subject: removed idea of repos

---
 repo/tiff/CVE-2018-12900.patch | 29 +++++++++++++++++++++++++++++
 repo/tiff/tiff.xibuild         | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 61 insertions(+)
 create mode 100644 repo/tiff/CVE-2018-12900.patch
 create mode 100644 repo/tiff/tiff.xibuild

(limited to 'repo/tiff')

diff --git a/repo/tiff/CVE-2018-12900.patch b/repo/tiff/CVE-2018-12900.patch
new file mode 100644
index 0000000..f95cd06
--- /dev/null
+++ b/repo/tiff/CVE-2018-12900.patch
@@ -0,0 +1,29 @@
+From 86861b86f26be5301ccfa96f9bf765051f4e644a Mon Sep 17 00:00:00 2001
+From: pgajdos <pgajdos@suse.cz>
+Date: Tue, 13 Nov 2018 09:03:31 +0100
+Subject: [PATCH] prevent integer overflow
+
+---
+ tools/tiffcp.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/tools/tiffcp.c b/tools/tiffcp.c
+index 2f406e2d..ece7ba13 100644
+--- a/tools/tiffcp.c
++++ b/tools/tiffcp.c
+@@ -1435,6 +1435,12 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer)
+             status = 0;
+             goto done;
+         }
++        if (0xFFFFFFFF / tilew < spp)
++        {
++            TIFFError(TIFFFileName(in), "Error, either TileWidth (%u) or BitsPerSample (%u) is too large", tilew, bps);
++            status = 0;
++            goto done;
++        }
+ 	bytes_per_sample = bps/8;
+ 
+ 	for (row = 0; row < imagelength; row += tl) {
+-- 
+2.18.1
+
diff --git a/repo/tiff/tiff.xibuild b/repo/tiff/tiff.xibuild
new file mode 100644
index 0000000..544116b
--- /dev/null
+++ b/repo/tiff/tiff.xibuild
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+NAME="tiff"
+DESC="Provides support for the Tag Image File Format or TIFF"
+
+MAKEDEPS=""
+DEPS="musl xz zlib zstd "
+
+PKG_VER=4.3.0
+SOURCE="https://gitlab.com/libtiff/libtiff/-/archive/v$PKG_VER/libtiff-v$PKG_VER.tar.gz"
+ADDITIONAL="CVE-2018-12900.patch "
+
+prepare () {
+    apply_patches
+    autoreconf -fi
+}
+
+build () {
+    ./configure \
+        --prefix=/usr
+        --bindir=/usr/bin \
+        --sysconfdir=/etc \
+        --disable-static \
+        --enable-cxx
+
+    make
+}
+
+package () {
+    make DESTDIR=$PKG_DEST install
+}
+
-- 
cgit v1.2.1