From 48ca75555522716f0f686dcae3dd6cf3d8ad714d Mon Sep 17 00:00:00 2001 From: davidovski Date: Tue, 31 May 2022 11:05:19 +0100 Subject: removed idea of repos --- repo/tiff/CVE-2018-12900.patch | 29 +++++++++++++++++++++++++++++ repo/tiff/tiff.xibuild | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+) create mode 100644 repo/tiff/CVE-2018-12900.patch create mode 100644 repo/tiff/tiff.xibuild (limited to 'repo/tiff') diff --git a/repo/tiff/CVE-2018-12900.patch b/repo/tiff/CVE-2018-12900.patch new file mode 100644 index 0000000..f95cd06 --- /dev/null +++ b/repo/tiff/CVE-2018-12900.patch @@ -0,0 +1,29 @@ +From 86861b86f26be5301ccfa96f9bf765051f4e644a Mon Sep 17 00:00:00 2001 +From: pgajdos +Date: Tue, 13 Nov 2018 09:03:31 +0100 +Subject: [PATCH] prevent integer overflow + +--- + tools/tiffcp.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/tools/tiffcp.c b/tools/tiffcp.c +index 2f406e2d..ece7ba13 100644 +--- a/tools/tiffcp.c ++++ b/tools/tiffcp.c +@@ -1435,6 +1435,12 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer) + status = 0; + goto done; + } ++ if (0xFFFFFFFF / tilew < spp) ++ { ++ TIFFError(TIFFFileName(in), "Error, either TileWidth (%u) or BitsPerSample (%u) is too large", tilew, bps); ++ status = 0; ++ goto done; ++ } + bytes_per_sample = bps/8; + + for (row = 0; row < imagelength; row += tl) { +-- +2.18.1 + diff --git a/repo/tiff/tiff.xibuild b/repo/tiff/tiff.xibuild new file mode 100644 index 0000000..544116b --- /dev/null +++ b/repo/tiff/tiff.xibuild @@ -0,0 +1,32 @@ +#!/bin/sh + +NAME="tiff" +DESC="Provides support for the Tag Image File Format or TIFF" + +MAKEDEPS="" +DEPS="musl xz zlib zstd " + +PKG_VER=4.3.0 +SOURCE="https://gitlab.com/libtiff/libtiff/-/archive/v$PKG_VER/libtiff-v$PKG_VER.tar.gz" +ADDITIONAL="CVE-2018-12900.patch " + +prepare () { + apply_patches + autoreconf -fi +} + +build () { + ./configure \ + --prefix=/usr + --bindir=/usr/bin \ + --sysconfdir=/etc \ + --disable-static \ + --enable-cxx + + make +} + +package () { + make DESTDIR=$PKG_DEST install +} + -- cgit v1.2.1