tiff: don't use AUTORELEASE
Seems upstream wants to get rid of it. Backport upstream patches fixing several CVEs. Signed-off-by: Rosen Penev <rosenp@gmail.com>
This commit is contained in:
Rosen Penev
parent
166be4078f
commit
65c9f9524d
3 changed files with 122 additions and 3 deletions
|
|
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
|
||||||
|
|
||||||
PKG_NAME:=tiff
|
PKG_NAME:=tiff
|
||||||
PKG_VERSION:=4.4.0
|
PKG_VERSION:=4.4.0
|
||||||
PKG_RELEASE:=$(AUTORELEASE)
|
PKG_RELEASE:=2
|
||||||
|
|
||||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
||||||
PKG_SOURCE_URL:=https://download.osgeo.org/libtiff
|
PKG_SOURCE_URL:=https://download.osgeo.org/libtiff
|
||||||
|
|
@ -66,8 +66,6 @@ CMAKE_OPTIONS += \
|
||||||
-Djpeg12=OFF \
|
-Djpeg12=OFF \
|
||||||
-Dcxx=OFF
|
-Dcxx=OFF
|
||||||
|
|
||||||
TARGET_CFLAGS += $(TARGET_CPPFLAGS)
|
|
||||||
|
|
||||||
define Build/InstallDev
|
define Build/InstallDev
|
||||||
$(call Build/InstallDev/cmake,$(1))
|
$(call Build/InstallDev/cmake,$(1))
|
||||||
$(SED) 's,/usr/include,$$$${prefix}/include,g' $(1)/usr/lib/pkgconfig/libtiff-4.pc
|
$(SED) 's,/usr/include,$$$${prefix}/include,g' $(1)/usr/lib/pkgconfig/libtiff-4.pc
|
||||||
|
|
|
||||||
93
libs/tiff/patches/010-CVE-2022-2519.patch
Normal file
93
libs/tiff/patches/010-CVE-2022-2519.patch
Normal file
|
|
@ -0,0 +1,93 @@
|
||||||
|
From 8fe3735942ea1d90d8cef843b55b3efe8ab6feaf Mon Sep 17 00:00:00 2001
|
||||||
|
From: Su_Laus <sulau@freenet.de>
|
||||||
|
Date: Mon, 15 Aug 2022 22:11:03 +0200
|
||||||
|
Subject: [PATCH] =?UTF-8?q?According=20to=20Richard=20Nolde=20https://gitl?=
|
||||||
|
=?UTF-8?q?ab.com/libtiff/libtiff/-/issues/401#note=5F877637400=20the=20ti?=
|
||||||
|
=?UTF-8?q?ffcrop=20option=20=E2=80=9E-S=E2=80=9C=20is=20also=20mutually?=
|
||||||
|
=?UTF-8?q?=20exclusive=20to=20the=20other=20crop=20options=20(-X|-Y),=20-?=
|
||||||
|
=?UTF-8?q?Z=20and=20-z.?=
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
This is now checked and ends tiffcrop if those arguments are not mutually exclusive.
|
||||||
|
|
||||||
|
This MR will fix the following tiffcrop issues: #349, #414, #422, #423, #424
|
||||||
|
---
|
||||||
|
tools/tiffcrop.c | 31 ++++++++++++++++---------------
|
||||||
|
1 file changed, 16 insertions(+), 15 deletions(-)
|
||||||
|
|
||||||
|
--- a/tools/tiffcrop.c
|
||||||
|
+++ b/tools/tiffcrop.c
|
||||||
|
@@ -108,12 +108,12 @@
|
||||||
|
* lower level, scanline level routines. Debug reports a limited set
|
||||||
|
* of messages to monitor progress without enabling dump logs.
|
||||||
|
*
|
||||||
|
- * Note: The (-X|-Y), -Z and -z options are mutually exclusive.
|
||||||
|
+ * Note: The (-X|-Y), -Z, -z and -S options are mutually exclusive.
|
||||||
|
* In no case should the options be applied to a given selection successively.
|
||||||
|
*/
|
||||||
|
|
||||||
|
-static char tiffcrop_version_id[] = "2.5";
|
||||||
|
-static char tiffcrop_rev_date[] = "02-09-2022";
|
||||||
|
+static char tiffcrop_version_id[] = "2.5.1";
|
||||||
|
+static char tiffcrop_rev_date[] = "15-08-2022";
|
||||||
|
|
||||||
|
#include "tif_config.h"
|
||||||
|
#include "libport.h"
|
||||||
|
@@ -173,12 +173,12 @@ static char tiffcrop_rev_date[] = "02-
|
||||||
|
#define ROTATECW_270 32
|
||||||
|
#define ROTATE_ANY (ROTATECW_90 | ROTATECW_180 | ROTATECW_270)
|
||||||
|
|
||||||
|
-#define CROP_NONE 0
|
||||||
|
-#define CROP_MARGINS 1
|
||||||
|
-#define CROP_WIDTH 2
|
||||||
|
-#define CROP_LENGTH 4
|
||||||
|
-#define CROP_ZONES 8
|
||||||
|
-#define CROP_REGIONS 16
|
||||||
|
+#define CROP_NONE 0 /* "-S" -> Page_MODE_ROWSCOLS and page->rows/->cols != 0 */
|
||||||
|
+#define CROP_MARGINS 1 /* "-m" */
|
||||||
|
+#define CROP_WIDTH 2 /* "-X" */
|
||||||
|
+#define CROP_LENGTH 4 /* "-Y" */
|
||||||
|
+#define CROP_ZONES 8 /* "-Z" */
|
||||||
|
+#define CROP_REGIONS 16 /* "-z" */
|
||||||
|
#define CROP_ROTATE 32
|
||||||
|
#define CROP_MIRROR 64
|
||||||
|
#define CROP_INVERT 128
|
||||||
|
@@ -316,7 +316,7 @@ struct crop_mask {
|
||||||
|
#define PAGE_MODE_RESOLUTION 1
|
||||||
|
#define PAGE_MODE_PAPERSIZE 2
|
||||||
|
#define PAGE_MODE_MARGINS 4
|
||||||
|
-#define PAGE_MODE_ROWSCOLS 8
|
||||||
|
+#define PAGE_MODE_ROWSCOLS 8 /* for -S option */
|
||||||
|
|
||||||
|
#define INVERT_DATA_ONLY 10
|
||||||
|
#define INVERT_DATA_AND_TAG 11
|
||||||
|
@@ -781,7 +781,7 @@ static const char usage_info[] =
|
||||||
|
" The four debug/dump options are independent, though it makes little sense to\n"
|
||||||
|
" specify a dump file without specifying a detail level.\n"
|
||||||
|
"\n"
|
||||||
|
-"Note: The (-X|-Y), -Z and -z options are mutually exclusive.\n"
|
||||||
|
+"Note: The (-X|-Y), -Z, -z and -S options are mutually exclusive.\n"
|
||||||
|
" In no case should the options be applied to a given selection successively.\n"
|
||||||
|
"\n"
|
||||||
|
;
|
||||||
|
@@ -2131,13 +2131,14 @@ void process_command_opts (int argc, ch
|
||||||
|
/*NOTREACHED*/
|
||||||
|
}
|
||||||
|
}
|
||||||
|
- /*-- Check for not allowed combinations (e.g. -X, -Y and -Z and -z are mutually exclusive) --*/
|
||||||
|
- char XY, Z, R;
|
||||||
|
+ /*-- Check for not allowed combinations (e.g. -X, -Y and -Z, -z and -S are mutually exclusive) --*/
|
||||||
|
+ char XY, Z, R, S;
|
||||||
|
XY = ((crop_data->crop_mode & CROP_WIDTH) || (crop_data->crop_mode & CROP_LENGTH));
|
||||||
|
Z = (crop_data->crop_mode & CROP_ZONES);
|
||||||
|
R = (crop_data->crop_mode & CROP_REGIONS);
|
||||||
|
- if ((XY && Z) || (XY && R) || (Z && R)) {
|
||||||
|
- TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z and -z are mutually exclusive.->Exit");
|
||||||
|
+ S = (page->mode & PAGE_MODE_ROWSCOLS);
|
||||||
|
+ if ((XY && Z) || (XY && R) || (XY && S) || (Z && R) || (Z && S) || (R && S)) {
|
||||||
|
+ TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z, -z and -S are mutually exclusive.->Exit");
|
||||||
|
exit(EXIT_FAILURE);
|
||||||
|
}
|
||||||
|
} /* end process_command_opts */
|
||||||
28
libs/tiff/patches/020-CVE-2022-2520.patch
Normal file
28
libs/tiff/patches/020-CVE-2022-2520.patch
Normal file
|
|
@ -0,0 +1,28 @@
|
||||||
|
From bad48e90b410df32172006c7876da449ba62cdba Mon Sep 17 00:00:00 2001
|
||||||
|
From: Su_Laus <sulau@freenet.de>
|
||||||
|
Date: Sat, 20 Aug 2022 23:35:26 +0200
|
||||||
|
Subject: [PATCH] tiffcrop -S option: Make decision simpler.
|
||||||
|
|
||||||
|
---
|
||||||
|
tools/tiffcrop.c | 10 +++++-----
|
||||||
|
1 file changed, 5 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
--- a/tools/tiffcrop.c
|
||||||
|
+++ b/tools/tiffcrop.c
|
||||||
|
@@ -2133,11 +2133,11 @@ void process_command_opts (int argc, ch
|
||||||
|
}
|
||||||
|
/*-- Check for not allowed combinations (e.g. -X, -Y and -Z, -z and -S are mutually exclusive) --*/
|
||||||
|
char XY, Z, R, S;
|
||||||
|
- XY = ((crop_data->crop_mode & CROP_WIDTH) || (crop_data->crop_mode & CROP_LENGTH));
|
||||||
|
- Z = (crop_data->crop_mode & CROP_ZONES);
|
||||||
|
- R = (crop_data->crop_mode & CROP_REGIONS);
|
||||||
|
- S = (page->mode & PAGE_MODE_ROWSCOLS);
|
||||||
|
- if ((XY && Z) || (XY && R) || (XY && S) || (Z && R) || (Z && S) || (R && S)) {
|
||||||
|
+ XY = ((crop_data->crop_mode & CROP_WIDTH) || (crop_data->crop_mode & CROP_LENGTH)) ? 1 : 0;
|
||||||
|
+ Z = (crop_data->crop_mode & CROP_ZONES) ? 1 : 0;
|
||||||
|
+ R = (crop_data->crop_mode & CROP_REGIONS) ? 1 : 0;
|
||||||
|
+ S = (page->mode & PAGE_MODE_ROWSCOLS) ? 1 : 0;
|
||||||
|
+ if (XY + Z + R + S > 1) {
|
||||||
|
TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z, -z and -S are mutually exclusive.->Exit");
|
||||||
|
exit(EXIT_FAILURE);
|
||||||
|
}
|
||||||
Loading…
Reference in a new issue