diff options
| author | Lucio Andrés Illanes Albornoz (arab, vxp) <lucio@lucioillanes.de> | 2018-05-05 15:26:37 +0000 |
|---|---|---|
| committer | Lucio Andrés Illanes Albornoz (arab, vxp) <lucio@lucioillanes.de> | 2018-05-05 15:26:37 +0000 |
| commit | af7abc4ed4eaf4a263051685eb1f7b438532169f (patch) | |
| tree | 743c75af6ea401e859bcdf9b068b59ef8108f840 /patches | |
| parent | 821c28300f1172638619c18b4ace5d8ef6dc9862 (diff) | |
| download | midipix_build-af7abc4ed4eaf4a263051685eb1f7b438532169f.tar.bz2 midipix_build-af7abc4ed4eaf4a263051685eb1f7b438532169f.tar.xz | |
vars/build.vars: updates {alsa_lib,expat,gdbm,libarchive,libassuan,libgcrypt,libuv,cmake,libxml2,npth,pcre,tiff,util_linux} to v{1.1.6,2.2.5,1.14.1,3.3.2,2.5.1,1.8.2,1.19.2,3.7.2,2.9.8,1.5,8.42,4.0.9,2.32} (via Redfoxmoon.)
vars/cmake{,_host}.vars: build w/ libuv (via Redfoxmoon.)
patches/alsa_lib-1.1.6.local.patch: updated (via Redfoxmoon.)
patches/expat-2.2.5.local.patch: updated (via Redfoxmoon.)
patches/libgcrypt-1.8.2.local.patch: added (via Redfoxmoon.)
patches/libuv-1.19.2.local.patch: added (via Redfoxmoon.)
patches/tiff/CVE-2017-18013.patch: added (via Redfoxmoon.)
patches/tiff/CVE-2018-5784.patch: added (via Redfoxmoon.)
patches/tiff/CVE-2018-7456.patch: added (via Redfoxmoon.)
Diffstat (limited to 'patches')
| -rw-r--r-- | patches/alsa_lib-1.1.6.local.patch (renamed from patches/alsa_lib-1.1.4.1.local.patch) | 0 | ||||
| -rw-r--r-- | patches/expat-2.2.5.local.patch (renamed from patches/expat-2.2.0.local.patch) | 0 | ||||
| -rw-r--r-- | patches/libassuan-2.4.3.local.patch | 192 | ||||
| -rw-r--r-- | patches/libgcrypt-1.7.4.local.patch | 170 | ||||
| -rw-r--r-- | patches/libgcrypt-1.8.2.local.patch | 14 | ||||
| -rw-r--r-- | patches/libuv-1.19.2.local.patch | 48 | ||||
| -rw-r--r-- | patches/tiff/CVE-2017-18013.patch | 34 | ||||
| -rw-r--r-- | patches/tiff/CVE-2018-5784.patch | 128 | ||||
| -rw-r--r-- | patches/tiff/CVE-2018-7456.patch | 170 |
9 files changed, 394 insertions, 362 deletions
diff --git a/patches/alsa_lib-1.1.4.1.local.patch b/patches/alsa_lib-1.1.6.local.patch index 3171801d..3171801d 100644 --- a/patches/alsa_lib-1.1.4.1.local.patch +++ b/patches/alsa_lib-1.1.6.local.patch diff --git a/patches/expat-2.2.0.local.patch b/patches/expat-2.2.5.local.patch index b6f1446b..b6f1446b 100644 --- a/patches/expat-2.2.0.local.patch +++ b/patches/expat-2.2.5.local.patch diff --git a/patches/libassuan-2.4.3.local.patch b/patches/libassuan-2.4.3.local.patch deleted file mode 100644 index 8e0265b0..00000000 --- a/patches/libassuan-2.4.3.local.patch +++ /dev/null @@ -1,192 +0,0 @@ ---- libassuan-2.4.3.orig/configure 2016-07-14 10:11:48.000000000 +0200 -+++ libassuan-2.4.3/configure 2016-10-18 22:20:05.511896688 +0200 -@@ -14171,187 +14171,8 @@ - - # Checking for libgpg-error. - -- gpg_error_config_prefix="" -- --# Check whether --with-libgpg-error-prefix was given. --if test "${with_libgpg_error_prefix+set}" = set; then : -- withval=$with_libgpg_error_prefix; gpg_error_config_prefix="$withval" --fi -- -- -- --# Check whether --with-gpg-error-prefix was given. --if test "${with_gpg_error_prefix+set}" = set; then : -- withval=$with_gpg_error_prefix; gpg_error_config_prefix="$withval" --fi -- -- -- if test x$gpg_error_config_prefix != x ; then -- if test x${GPG_ERROR_CONFIG+set} != xset ; then -- GPG_ERROR_CONFIG=$gpg_error_config_prefix/bin/gpg-error-config -- fi -- fi -- -- if test -n "$ac_tool_prefix"; then -- # Extract the first word of "${ac_tool_prefix}gpg-error-config", so it can be a program name with args. --set dummy ${ac_tool_prefix}gpg-error-config; ac_word=$2 --{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 --$as_echo_n "checking for $ac_word... " >&6; } --if ${ac_cv_path_GPG_ERROR_CONFIG+:} false; then : -- $as_echo_n "(cached) " >&6 --else -- case $GPG_ERROR_CONFIG in -- [\\/]* | ?:[\\/]*) -- ac_cv_path_GPG_ERROR_CONFIG="$GPG_ERROR_CONFIG" # Let the user override the test with a path. -- ;; -- *) -- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR --for as_dir in $PATH --do -- IFS=$as_save_IFS -- test -z "$as_dir" && as_dir=. -- for ac_exec_ext in '' $ac_executable_extensions; do -- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then -- ac_cv_path_GPG_ERROR_CONFIG="$as_dir/$ac_word$ac_exec_ext" -- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 -- break 2 -- fi --done -- done --IFS=$as_save_IFS -- -- ;; --esac --fi --GPG_ERROR_CONFIG=$ac_cv_path_GPG_ERROR_CONFIG --if test -n "$GPG_ERROR_CONFIG"; then -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GPG_ERROR_CONFIG" >&5 --$as_echo "$GPG_ERROR_CONFIG" >&6; } --else -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 --$as_echo "no" >&6; } --fi -- -- --fi --if test -z "$ac_cv_path_GPG_ERROR_CONFIG"; then -- ac_pt_GPG_ERROR_CONFIG=$GPG_ERROR_CONFIG -- # Extract the first word of "gpg-error-config", so it can be a program name with args. --set dummy gpg-error-config; ac_word=$2 --{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 --$as_echo_n "checking for $ac_word... " >&6; } --if ${ac_cv_path_ac_pt_GPG_ERROR_CONFIG+:} false; then : -- $as_echo_n "(cached) " >&6 --else -- case $ac_pt_GPG_ERROR_CONFIG in -- [\\/]* | ?:[\\/]*) -- ac_cv_path_ac_pt_GPG_ERROR_CONFIG="$ac_pt_GPG_ERROR_CONFIG" # Let the user override the test with a path. -- ;; -- *) -- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR --for as_dir in $PATH --do -- IFS=$as_save_IFS -- test -z "$as_dir" && as_dir=. -- for ac_exec_ext in '' $ac_executable_extensions; do -- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then -- ac_cv_path_ac_pt_GPG_ERROR_CONFIG="$as_dir/$ac_word$ac_exec_ext" -- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 -- break 2 -- fi --done -- done --IFS=$as_save_IFS -- -- ;; --esac --fi --ac_pt_GPG_ERROR_CONFIG=$ac_cv_path_ac_pt_GPG_ERROR_CONFIG --if test -n "$ac_pt_GPG_ERROR_CONFIG"; then -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_GPG_ERROR_CONFIG" >&5 --$as_echo "$ac_pt_GPG_ERROR_CONFIG" >&6; } --else -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 --$as_echo "no" >&6; } --fi -- -- if test "x$ac_pt_GPG_ERROR_CONFIG" = x; then -- GPG_ERROR_CONFIG="no" -- else -- case $cross_compiling:$ac_tool_warned in --yes:) --{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 --$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} --ac_tool_warned=yes ;; --esac -- GPG_ERROR_CONFIG=$ac_pt_GPG_ERROR_CONFIG -- fi --else -- GPG_ERROR_CONFIG="$ac_cv_path_GPG_ERROR_CONFIG" --fi -- -- min_gpg_error_version=1.17 -- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GPG Error - version >= $min_gpg_error_version" >&5 --$as_echo_n "checking for GPG Error - version >= $min_gpg_error_version... " >&6; } -- ok=no -- if test "$GPG_ERROR_CONFIG" != "no" \ -- && test -f "$GPG_ERROR_CONFIG" ; then -- req_major=`echo $min_gpg_error_version | \ -- sed 's/\([0-9]*\)\.\([0-9]*\)/\1/'` -- req_minor=`echo $min_gpg_error_version | \ -- sed 's/\([0-9]*\)\.\([0-9]*\)/\2/'` -- gpg_error_config_version=`$GPG_ERROR_CONFIG $gpg_error_config_args --version` -- major=`echo $gpg_error_config_version | \ -- sed 's/\([0-9]*\)\.\([0-9]*\).*/\1/'` -- minor=`echo $gpg_error_config_version | \ -- sed 's/\([0-9]*\)\.\([0-9]*\).*/\2/'` -- if test "$major" -gt "$req_major"; then -- ok=yes -- else -- if test "$major" -eq "$req_major"; then -- if test "$minor" -ge "$req_minor"; then -- ok=yes -- fi -- fi -- fi -- fi -- if test $ok = yes; then -- GPG_ERROR_CFLAGS=`$GPG_ERROR_CONFIG $gpg_error_config_args --cflags` -- GPG_ERROR_LIBS=`$GPG_ERROR_CONFIG $gpg_error_config_args --libs` -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes ($gpg_error_config_version)" >&5 --$as_echo "yes ($gpg_error_config_version)" >&6; } -- : -- gpg_error_config_host=`$GPG_ERROR_CONFIG $gpg_error_config_args --host 2>/dev/null || echo none` -- if test x"$gpg_error_config_host" != xnone ; then -- if test x"$gpg_error_config_host" != x"$host" ; then -- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: --*** --*** The config script $GPG_ERROR_CONFIG was --*** built for $gpg_error_config_host and thus may not match the --*** used host $host. --*** You may want to use the configure option --with-gpg-error-prefix --*** to specify a matching config script. --***" >&5 --$as_echo "$as_me: WARNING: --*** --*** The config script $GPG_ERROR_CONFIG was --*** built for $gpg_error_config_host and thus may not match the --*** used host $host. --*** You may want to use the configure option --with-gpg-error-prefix --*** to specify a matching config script. --***" >&2;} -- fi -- fi -- else -- GPG_ERROR_CFLAGS="" -- GPG_ERROR_LIBS="" -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 --$as_echo "no" >&6; } -- as_fn_error $? "libgpg-error was not found" "$LINENO" 5 -- fi -- -- -- -+#Overcomplicated useless checking for gpg-error, use CFLAGS and LDFLAGS! >:( -+ GPG_ERROR_LIBS="-lgpg-error" - - # - # Checks for library functions. diff --git a/patches/libgcrypt-1.7.4.local.patch b/patches/libgcrypt-1.7.4.local.patch deleted file mode 100644 index 15c9576d..00000000 --- a/patches/libgcrypt-1.7.4.local.patch +++ /dev/null @@ -1,170 +0,0 @@ ---- libgcrypt-1.7.4/configure.orig 2016-12-09 15:49:07.000000000 +0100 -+++ libgcrypt-1.7.4/configure 2016-12-17 21:18:38.325971000 +0100 -@@ -13068,6 +13068,10 @@ - PRINTABLE_OS_NAME="GNU/Linux" - ;; - -+ *-midipix*) -+ PRINTABLE_OS_NAME="Midipix" -+ ;; -+ - *) - PRINTABLE_OS_NAME=`uname -s || echo "Unknown"` - ;; -@@ -14141,155 +14145,7 @@ - # gpg-error is required. - # - -- gpg_error_config_prefix="" -- --# Check whether --with-libgpg-error-prefix was given. --if test "${with_libgpg_error_prefix+set}" = set; then : -- withval=$with_libgpg_error_prefix; gpg_error_config_prefix="$withval" --fi -- -- -- --# Check whether --with-gpg-error-prefix was given. --if test "${with_gpg_error_prefix+set}" = set; then : -- withval=$with_gpg_error_prefix; gpg_error_config_prefix="$withval" --fi -- -- -- if test x"${GPG_ERROR_CONFIG}" = x ; then -- if test x"${gpg_error_config_prefix}" != x ; then -- GPG_ERROR_CONFIG="${gpg_error_config_prefix}/bin/gpg-error-config" -- else -- case "${SYSROOT}" in -- /*) -- if test -x "${SYSROOT}/bin/gpg-error-config" ; then -- GPG_ERROR_CONFIG="${SYSROOT}/bin/gpg-error-config" -- fi -- ;; -- '') -- ;; -- *) -- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring \$SYSROOT as it is not an absolute path." >&5 --$as_echo "$as_me: WARNING: Ignoring \$SYSROOT as it is not an absolute path." >&2;} -- ;; -- esac -- fi -- fi -- -- # Extract the first word of "gpg-error-config", so it can be a program name with args. --set dummy gpg-error-config; ac_word=$2 --{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 --$as_echo_n "checking for $ac_word... " >&6; } --if ${ac_cv_path_GPG_ERROR_CONFIG+:} false; then : -- $as_echo_n "(cached) " >&6 --else -- case $GPG_ERROR_CONFIG in -- [\\/]* | ?:[\\/]*) -- ac_cv_path_GPG_ERROR_CONFIG="$GPG_ERROR_CONFIG" # Let the user override the test with a path. -- ;; -- *) -- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR --for as_dir in $PATH --do -- IFS=$as_save_IFS -- test -z "$as_dir" && as_dir=. -- for ac_exec_ext in '' $ac_executable_extensions; do -- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then -- ac_cv_path_GPG_ERROR_CONFIG="$as_dir/$ac_word$ac_exec_ext" -- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 -- break 2 -- fi --done -- done --IFS=$as_save_IFS -- -- test -z "$ac_cv_path_GPG_ERROR_CONFIG" && ac_cv_path_GPG_ERROR_CONFIG="no" -- ;; --esac --fi --GPG_ERROR_CONFIG=$ac_cv_path_GPG_ERROR_CONFIG --if test -n "$GPG_ERROR_CONFIG"; then -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GPG_ERROR_CONFIG" >&5 --$as_echo "$GPG_ERROR_CONFIG" >&6; } --else -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 --$as_echo "no" >&6; } --fi -- -- -- min_gpg_error_version="$NEED_GPG_ERROR_VERSION" -- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GPG Error - version >= $min_gpg_error_version" >&5 --$as_echo_n "checking for GPG Error - version >= $min_gpg_error_version... " >&6; } -- ok=no -- if test "$GPG_ERROR_CONFIG" != "no" \ -- && test -f "$GPG_ERROR_CONFIG" ; then -- req_major=`echo $min_gpg_error_version | \ -- sed 's/\([0-9]*\)\.\([0-9]*\)/\1/'` -- req_minor=`echo $min_gpg_error_version | \ -- sed 's/\([0-9]*\)\.\([0-9]*\)/\2/'` -- gpg_error_config_version=`$GPG_ERROR_CONFIG $gpg_error_config_args --version` -- major=`echo $gpg_error_config_version | \ -- sed 's/\([0-9]*\)\.\([0-9]*\).*/\1/'` -- minor=`echo $gpg_error_config_version | \ -- sed 's/\([0-9]*\)\.\([0-9]*\).*/\2/'` -- if test "$major" -gt "$req_major"; then -- ok=yes -- else -- if test "$major" -eq "$req_major"; then -- if test "$minor" -ge "$req_minor"; then -- ok=yes -- fi -- fi -- fi -- fi -- if test $ok = yes; then -- GPG_ERROR_CFLAGS=`$GPG_ERROR_CONFIG $gpg_error_config_args --cflags` -- GPG_ERROR_LIBS=`$GPG_ERROR_CONFIG $gpg_error_config_args --libs` -- GPG_ERROR_MT_CFLAGS=`$GPG_ERROR_CONFIG $gpg_error_config_args --mt --cflags 2>/dev/null` -- GPG_ERROR_MT_LIBS=`$GPG_ERROR_CONFIG $gpg_error_config_args --mt --libs 2>/dev/null` -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes ($gpg_error_config_version)" >&5 --$as_echo "yes ($gpg_error_config_version)" >&6; } -- : -- gpg_error_config_host=`$GPG_ERROR_CONFIG $gpg_error_config_args --host 2>/dev/null || echo none` -- if test x"$gpg_error_config_host" != xnone ; then -- if test x"$gpg_error_config_host" != x"$host" ; then -- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: --*** --*** The config script $GPG_ERROR_CONFIG was --*** built for $gpg_error_config_host and thus may not match the --*** used host $host. --*** You may want to use the configure option --with-gpg-error-prefix --*** to specify a matching config script or use \$SYSROOT. --***" >&5 --$as_echo "$as_me: WARNING: --*** --*** The config script $GPG_ERROR_CONFIG was --*** built for $gpg_error_config_host and thus may not match the --*** used host $host. --*** You may want to use the configure option --with-gpg-error-prefix --*** to specify a matching config script or use \$SYSROOT. --***" >&2;} -- gpg_config_script_warn="$gpg_config_script_warn libgpg-error" -- fi -- fi -- else -- GPG_ERROR_CFLAGS="" -- GPG_ERROR_LIBS="" -- GPG_ERROR_MT_CFLAGS="" -- GPG_ERROR_MT_LIBS="" -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 --$as_echo "no" >&6; } -- : -- fi -- -- -- -- -- --if test "x$GPG_ERROR_LIBS" = "x"; then -- as_fn_error $? "libgpg-error is needed. -- See ftp://ftp.gnupg.org/gcrypt/libgpg-error/ ." "$LINENO" 5 --fi -+ GPG_ERROR_LIBS="-lgpg-error" - - - $as_echo "#define GPG_ERR_SOURCE_DEFAULT GPG_ERR_SOURCE_GCRYPT" >>confdefs.h diff --git a/patches/libgcrypt-1.8.2.local.patch b/patches/libgcrypt-1.8.2.local.patch new file mode 100644 index 00000000..1fba56bc --- /dev/null +++ b/patches/libgcrypt-1.8.2.local.patch @@ -0,0 +1,14 @@ +diff -ru libgcrypt-1.8.2.orig/configure libgcrypt-1.8.2/configure +--- libgcrypt-1.8.2.orig/configure 2017-12-13 14:54:17.000000000 +0100 ++++ libgcrypt-1.8.2/configure 2018-05-05 00:17:43.366304238 +0200 +@@ -13074,6 +13074,10 @@ + PRINTABLE_OS_NAME="GNU/Linux" + ;; + ++ *-midipix*) ++ PRINTABLE_OS_NAME="Midipix" ++ ;; ++ + *) + PRINTABLE_OS_NAME=`uname -s || echo "Unknown"` + ;; diff --git a/patches/libuv-1.19.2.local.patch b/patches/libuv-1.19.2.local.patch new file mode 100644 index 00000000..558f3fe9 --- /dev/null +++ b/patches/libuv-1.19.2.local.patch @@ -0,0 +1,48 @@ +diff -ru libuv-v1.19.2.orig/configure.ac libuv-v1.19.2/configure.ac +--- libuv-v1.19.2.orig/configure.ac 2018-02-21 21:25:38.000000000 +0100 ++++ libuv-v1.19.2/configure.ac 2018-05-04 20:35:43.157687243 +0200 +@@ -57,6 +57,7 @@ + AM_CONDITIONAL([DRAGONFLY],[AS_CASE([$host_os],[dragonfly*], [true], [false])]) + AM_CONDITIONAL([FREEBSD], [AS_CASE([$host_os],[*freebsd*], [true], [false])]) + AM_CONDITIONAL([LINUX], [AS_CASE([$host_os],[linux*], [true], [false])]) ++AM_CONDITIONAL([MIDIPIX], [AS_CASE([$host_os],[midipix*], [true], [false])]) + AM_CONDITIONAL([MSYS], [AS_CASE([$host_os],[msys*], [true], [false])]) + AM_CONDITIONAL([NETBSD], [AS_CASE([$host_os],[netbsd*], [true], [false])]) + AM_CONDITIONAL([OPENBSD], [AS_CASE([$host_os],[openbsd*], [true], [false])]) +Only in libuv-v1.19.2: depcomp +diff -ru libuv-v1.19.2.orig/include/uv-unix.h libuv-v1.19.2/include/uv-unix.h +--- libuv-v1.19.2.orig/include/uv-unix.h 2018-02-21 21:25:38.000000000 +0100 ++++ libuv-v1.19.2/include/uv-unix.h 2018-05-04 18:53:02.286365282 +0200 +@@ -62,7 +62,7 @@ + defined(__OpenBSD__) || \ + defined(__NetBSD__) + # include "uv-bsd.h" +-#elif defined(__CYGWIN__) || defined(__MSYS__) ++#elif defined(__CYGWIN__) || defined(__MSYS__) || defined(__midipix__) + # include "uv-posix.h" + #endif + +diff -ru libuv-v1.19.2.orig/Makefile.am libuv-v1.19.2/Makefile.am +--- libuv-v1.19.2.orig/Makefile.am 2018-02-21 21:25:38.000000000 +0100 ++++ libuv-v1.19.2/Makefile.am 2018-05-04 20:55:46.028984363 +0200 +@@ -403,6 +403,20 @@ + test_run_tests_LDFLAGS += -lutil + endif + ++# src/unix/cygwin.c is mostly just stubs, implement proper codepaths at later date? ++if MIDIPIX ++include_HEADERS += include/uv-posix.h ++libuv_la_CFLAGS += -D_GNU_SOURCE ++libuv_la_SOURCES += src/unix/cygwin.c \ ++ src/unix/no-fsevents.c \ ++ src/unix/no-proctitle.c \ ++ src/unix/posix-hrtime.c \ ++ src/unix/posix-poll.c \ ++ src/unix/procfs-exepath.c \ ++ src/unix/sysinfo-loadavg.c \ ++ src/unix/sysinfo-memory.c ++endif ++ + if MSYS + libuv_la_CFLAGS += -D_GNU_SOURCE + libuv_la_SOURCES += src/unix/cygwin.c \ diff --git a/patches/tiff/CVE-2017-18013.patch b/patches/tiff/CVE-2017-18013.patch new file mode 100644 index 00000000..5f56ff25 --- /dev/null +++ b/patches/tiff/CVE-2017-18013.patch @@ -0,0 +1,34 @@ +From c6f41df7b581402dfba3c19a1e3df4454c551a01 Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Sun, 31 Dec 2017 15:09:41 +0100 +Subject: [PATCH] libtiff/tif_print.c: TIFFPrintDirectory(): fix null pointer dereference on corrupted file. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2770 + +--- + libtiff/tif_print.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/libtiff/tif_print.c b/libtiff/tif_print.c +index 9959d35..8deceb2 100644 +--- a/libtiff/tif_print.c ++++ b/libtiff/tif_print.c +@@ -667,13 +665,13 @@ TIFFPrintDirectory(TIFF* tif, FILE* fd, long flags) + #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) + fprintf(fd, " %3lu: [%8I64u, %8I64u]\n", + (unsigned long) s, +- (unsigned __int64) td->td_stripoffset[s], +- (unsigned __int64) td->td_stripbytecount[s]); ++ td->td_stripoffset ? (unsigned __int64) td->td_stripoffset[s] : 0, ++ td->td_stripbytecount ? (unsigned __int64) td->td_stripbytecount[s] : 0); + #else + fprintf(fd, " %3lu: [%8llu, %8llu]\n", + (unsigned long) s, +- (unsigned long long) td->td_stripoffset[s], +- (unsigned long long) td->td_stripbytecount[s]); ++ td->td_stripoffset ? (unsigned long long) td->td_stripoffset[s] : 0, ++ td->td_stripbytecount ? (unsigned long long) td->td_stripbytecount[s] : 0); + #endif + } + } +-- +libgit2 0.26.0 + diff --git a/patches/tiff/CVE-2018-5784.patch b/patches/tiff/CVE-2018-5784.patch new file mode 100644 index 00000000..92fc2daf --- /dev/null +++ b/patches/tiff/CVE-2018-5784.patch @@ -0,0 +1,128 @@ +From 473851d211cf8805a161820337ca74cc9615d6ef Mon Sep 17 00:00:00 2001 +From: Nathan Baker <nathanb@lenovo-chrome.com> +Date: Tue, 6 Feb 2018 10:13:57 -0500 +Subject: [PATCH] Fix for bug 2772 + +It is possible to craft a TIFF document where the IFD list is circular, +leading to an infinite loop while traversing the chain. The libtiff +directory reader has a failsafe that will break out of this loop after +reading 65535 directory entries, but it will continue processing, +consuming time and resources to process what is essentially a bogus TIFF +document. + +This change fixes the above behavior by breaking out of processing when +a TIFF document has >= 65535 directories and terminating with an error. +--- + contrib/addtiffo/tif_overview.c | 14 +++++++++++++- + tools/tiff2pdf.c | 10 ++++++++++ + tools/tiffcrop.c | 13 +++++++++++-- + 3 files changed, 34 insertions(+), 3 deletions(-) + +diff --git a/contrib/addtiffo/tif_overview.c b/contrib/addtiffo/tif_overview.c +index c61ffbb..03b3573 100644 +--- a/contrib/addtiffo/tif_overview.c ++++ b/contrib/addtiffo/tif_overview.c +@@ -65,6 +65,8 @@ + # define MAX(a,b) ((a>b) ? a : b) + #endif + ++#define TIFF_DIR_MAX 65534 ++ + void TIFFBuildOverviews( TIFF *, int, int *, int, const char *, + int (*)(double,void*), void * ); + +@@ -91,6 +93,7 @@ uint32 TIFF_WriteOverview( TIFF *hTIFF, uint32 nXSize, uint32 nYSize, + { + toff_t nBaseDirOffset; + toff_t nOffset; ++ tdir_t iNumDir; + + (void) bUseSubIFDs; + +@@ -147,7 +150,16 @@ uint32 TIFF_WriteOverview( TIFF *hTIFF, uint32 nXSize, uint32 nYSize, + return 0; + + TIFFWriteDirectory( hTIFF ); +- TIFFSetDirectory( hTIFF, (tdir_t) (TIFFNumberOfDirectories(hTIFF)-1) ); ++ iNumDir = TIFFNumberOfDirectories(hTIFF); ++ if( iNumDir > TIFF_DIR_MAX ) ++ { ++ TIFFErrorExt( TIFFClientdata(hTIFF), ++ "TIFF_WriteOverview", ++ "File `%s' has too many directories.\n", ++ TIFFFileName(hTIFF) ); ++ exit(-1); ++ } ++ TIFFSetDirectory( hTIFF, (tdir_t) (iNumDir - 1) ); + + nOffset = TIFFCurrentDirOffset( hTIFF ); + +diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c +index 984ef65..832a247 100644 +--- a/tools/tiff2pdf.c ++++ b/tools/tiff2pdf.c +@@ -68,6 +68,8 @@ extern int getopt(int, char**, char*); + + #define PS_UNIT_SIZE 72.0F + ++#define TIFF_DIR_MAX 65534 ++ + /* This type is of PDF color spaces. */ + typedef enum { + T2P_CS_BILEVEL = 0x01, /* Bilevel, black and white */ +@@ -1049,6 +1053,14 @@ void t2p_read_tiff_init(T2P* t2p, TIFF* input){ + uint16* tiff_transferfunction[3]; + + directorycount=TIFFNumberOfDirectories(input); ++ if(directorycount > TIFF_DIR_MAX) { ++ TIFFError( ++ TIFF2PDF_MODULE, ++ "TIFF contains too many directories, %s", ++ TIFFFileName(input)); ++ t2p->t2p_error = T2P_ERR_ERROR; ++ return; ++ } + t2p->tiff_pages = (T2P_PAGE*) _TIFFmalloc(TIFFSafeMultiply(tmsize_t,directorycount,sizeof(T2P_PAGE))); + if(t2p->tiff_pages==NULL){ + TIFFError( +diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c +index 91a38f6..e466dae 100644 +--- a/tools/tiffcrop.c ++++ b/tools/tiffcrop.c +@@ -217,6 +215,8 @@ extern int getopt(int argc, char * const argv[], const char *optstring); + #define DUMP_TEXT 1 + #define DUMP_RAW 2 + ++#define TIFF_DIR_MAX 65534 ++ + /* Offsets into buffer for margins and fixed width and length segments */ + struct offset { + uint32 tmargin; +@@ -2233,7 +2234,7 @@ main(int argc, char* argv[]) + pageNum = -1; + else + total_images = 0; +- /* read multiple input files and write to output file(s) */ ++ /* Read multiple input files and write to output file(s) */ + while (optind < argc - 1) + { + in = TIFFOpen (argv[optind], "r"); +@@ -2241,7 +2242,14 @@ main(int argc, char* argv[]) + return (-3); + + /* If only one input file is specified, we can use directory count */ +- total_images = TIFFNumberOfDirectories(in); ++ total_images = TIFFNumberOfDirectories(in); ++ if (total_images > TIFF_DIR_MAX) ++ { ++ TIFFError (TIFFFileName(in), "File contains too many directories"); ++ if (out != NULL) ++ (void) TIFFClose(out); ++ return (1); ++ } + if (image_count == 0) + { + dirnum = 0; +-- +libgit2 0.26.0 + diff --git a/patches/tiff/CVE-2018-7456.patch b/patches/tiff/CVE-2018-7456.patch new file mode 100644 index 00000000..b2d081a5 --- /dev/null +++ b/patches/tiff/CVE-2018-7456.patch @@ -0,0 +1,170 @@ +From be4c85b16e8801a16eec25e80eb9f3dd6a96731b Mon Sep 17 00:00:00 2001 +From: Hugo Lefeuvre <hle@debian.org> +Date: Sun, 8 Apr 2018 14:07:08 -0400 +Subject: [PATCH] Fix NULL pointer dereference in TIFFPrintDirectory + +The TIFFPrintDirectory function relies on the following assumptions, +supposed to be guaranteed by the specification: + +(a) A Transfer Function field is only present if the TIFF file has + photometric type < 3. + +(b) If SamplesPerPixel > Color Channels, then the ExtraSamples field + has count SamplesPerPixel - (Color Channels) and contains + information about supplementary channels. + +While respect of (a) and (b) are essential for the well functioning of +TIFFPrintDirectory, no checks are realized neither by the callee nor +by TIFFPrintDirectory itself. Hence, following scenarios might happen +and trigger the NULL pointer dereference: + +(1) TIFF File of photometric type 4 or more has illegal Transfer + Function field. + +(2) TIFF File has photometric type 3 or less and defines a + SamplesPerPixel field such that SamplesPerPixel > Color Channels + without defining all extra samples in the ExtraSamples fields. + +In this patch, we address both issues with respect of the following +principles: + +(A) In the case of (1), the defined transfer table should be printed + safely even if it isn't 'legal'. This allows us to avoid expensive + checks in TIFFPrintDirectory. Also, it is quite possible that + an alternative photometric type would be developed (not part of the + standard) and would allow definition of Transfer Table. We want + libtiff to be able to handle this scenario out of the box. + +(B) In the case of (2), the transfer table should be printed at its + right size, that is if TIFF file has photometric type Palette + then the transfer table should have one row and not three, even + if two extra samples are declared. + +In order to fulfill (A) we simply add a new 'i < 3' end condition to +the broken TIFFPrintDirectory loop. This makes sure that in any case +where (b) would be respected but not (a), everything stays fine. + +(B) is fulfilled by the loop condition +'i < td->td_samplesperpixel - td->td_extrasamples'. This is enough as +long as (b) is respected. + +Naturally, we also make sure (b) is respected. This is done in the +TIFFReadDirectory function by making sure any non-color channel is +counted in ExtraSamples. + +This commit addresses CVE-2018-7456. +--- + libtiff/tif_dirread.c | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + libtiff/tif_print.c | 2 +- + 2 files changed, 63 insertions(+), 1 deletion(-) + +diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c +index 6baa7b3..af5b84a 100644 +--- a/libtiff/tif_dirread.c ++++ b/libtiff/tif_dirread.c +@@ -165,6 +165,7 @@ static int TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32 nstrips, uin + static int TIFFFetchSubjectDistance(TIFF*, TIFFDirEntry*); + static void ChopUpSingleUncompressedStrip(TIFF*); + static uint64 TIFFReadUInt64(const uint8 *value); ++static int _TIFFGetMaxColorChannels(uint16 photometric); + + static int _TIFFFillStrilesInternal( TIFF *tif, int loadStripByteCount ); + +@@ -3505,6 +3506,35 @@ static void TIFFReadDirEntryOutputErr(TIFF* tif, enum TIFFReadDirEntryErr err, c + } + + /* ++ * Return the maximum number of color channels specified for a given photometric ++ * type. 0 is returned if photometric type isn't supported or no default value ++ * is defined by the specification. ++ */ ++static int _TIFFGetMaxColorChannels( uint16 photometric ) ++{ ++ switch (photometric) { ++ case PHOTOMETRIC_PALETTE: ++ case PHOTOMETRIC_MINISWHITE: ++ case PHOTOMETRIC_MINISBLACK: ++ return 1; ++ case PHOTOMETRIC_YCBCR: ++ case PHOTOMETRIC_RGB: ++ case PHOTOMETRIC_CIELAB: ++ return 3; ++ case PHOTOMETRIC_SEPARATED: ++ case PHOTOMETRIC_MASK: ++ return 4; ++ case PHOTOMETRIC_LOGL: ++ case PHOTOMETRIC_LOGLUV: ++ case PHOTOMETRIC_CFA: ++ case PHOTOMETRIC_ITULAB: ++ case PHOTOMETRIC_ICCLAB: ++ default: ++ return 0; ++ } ++} ++ ++/* + * Read the next TIFF directory from a file and convert it to the internal + * format. We read directories sequentially. + */ +@@ -3520,6 +3550,7 @@ TIFFReadDirectory(TIFF* tif) + uint32 fii=FAILED_FII; + toff_t nextdiroff; + int bitspersample_read = FALSE; ++ int color_channels; + + tif->tif_diroff=tif->tif_nextdiroff; + if (!TIFFCheckDirOffset(tif,tif->tif_nextdiroff)) +@@ -4024,6 +4055,37 @@ TIFFReadDirectory(TIFF* tif) + } + } + } ++ ++ /* ++ * Make sure all non-color channels are extrasamples. ++ * If it's not the case, define them as such. ++ */ ++ color_channels = _TIFFGetMaxColorChannels(tif->tif_dir.td_photometric); ++ if (color_channels && tif->tif_dir.td_samplesperpixel - tif->tif_dir.td_extrasamples > color_channels) { ++ uint16 old_extrasamples; ++ uint16 *new_sampleinfo; ++ ++ TIFFWarningExt(tif->tif_clientdata,module, "Sum of Photometric type-related " ++ "color channels and ExtraSamples doesn't match SamplesPerPixel. " ++ "Defining non-color channels as ExtraSamples."); ++ ++ old_extrasamples = tif->tif_dir.td_extrasamples; ++ tif->tif_dir.td_extrasamples = (tif->tif_dir.td_samplesperpixel - color_channels); ++ ++ // sampleinfo should contain information relative to these new extra samples ++ new_sampleinfo = (uint16*) _TIFFcalloc(tif->tif_dir.td_extrasamples, sizeof(uint16)); ++ if (!new_sampleinfo) { ++ TIFFErrorExt(tif->tif_clientdata, module, "Failed to allocate memory for " ++ "temporary new sampleinfo array (%d 16 bit elements)", ++ tif->tif_dir.td_extrasamples); ++ goto bad; ++ } ++ ++ memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16)); ++ _TIFFsetShortArray(&tif->tif_dir.td_sampleinfo, new_sampleinfo, tif->tif_dir.td_extrasamples); ++ _TIFFfree(new_sampleinfo); ++ } ++ + /* + * Verify Palette image has a Colormap. + */ +diff --git a/libtiff/tif_print.c b/libtiff/tif_print.c +index 8deceb2..1d86adb 100644 +--- a/libtiff/tif_print.c ++++ b/libtiff/tif_print.c +@@ -544,7 +544,7 @@ TIFFPrintDirectory(TIFF* tif, FILE* fd, long flags) + uint16 i; + fprintf(fd, " %2ld: %5u", + l, td->td_transferfunction[0][l]); +- for (i = 1; i < td->td_samplesperpixel; i++) ++ for (i = 1; i < td->td_samplesperpixel - td->td_extrasamples && i < 3; i++) + fprintf(fd, " %5u", + td->td_transferfunction[i][l]); + fputc('\n', fd); +-- +libgit2 0.27.0 + |