...
 
Commits (3)
......@@ -2,8 +2,8 @@
# Contributor: Leonardo Arena <rnalrd@alpinelinux.org>
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=tiff
pkgver=4.0.10
pkgrel=1
pkgver=4.1.0
pkgrel=0
pkgdesc="Library to read, create, and manipulate TIFF image files"
url="http://www.libtiff.org/"
arch="all"
......@@ -12,10 +12,8 @@ depends=
depends_dev="zlib-dev libjpeg-turbo-dev"
makedepends="libtool autoconf automake $depends_dev"
subpackages="$pkgname-doc $pkgname-dev $pkgname-tools"
source="http://download.osgeo.org/libtiff/$pkgname-$pkgver.tar.gz
CVE-2019-6128.patch
CVE-2019-7663.patch
"
source="http://download.osgeo.org/libtiff/$pkgname-$pkgver.tar.gz"
# secfixes: libtiff
# 4.0.10-r1:
# - CVE-2019-6128
......@@ -69,6 +67,4 @@ tools() {
mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
}
sha512sums="d213e5db09fd56b8977b187c5a756f60d6e3e998be172550c2892dbdb4b2a8e8c750202bc863fe27d0d1c577ab9de1710d15e9f6ed665aadbfd857525a81eea8 tiff-4.0.10.tar.gz
8dc336e6c863524e3622f61ec6583eebe13fde55649cd8c812e3f6752242a23ff72cfb680dfcbe47d1503a058f5f9001415ae112220729e4ab50fe81190e327e CVE-2019-6128.patch
6fb7e9aa0afbae96fd6e78c2401262e496f5d62980ea02712bc43f8749341d030df3625f10413f5ed3e130e88d609c2374ae69807a1f9e54ed91cbd8411aab62 CVE-2019-7663.patch"
sha512sums="fd541dcb11e3d5afaa1ec2f073c9497099727a52f626b338ef87dc93ca2e23ca5f47634015a4beac616d4e8f05acf7b7cd5797fb218758cc2ad31b390491c5a6 tiff-4.1.0.tar.gz"
From 0c74a9f49b8d7a36b17b54a7428b3526d20f88a8 Mon Sep 17 00:00:00 2001
From: Scott Gayou <github.scott@gmail.com>
Date: Wed, 23 Jan 2019 15:03:53 -0500
Subject: [PATCH] Fix for simple memory leak that was assigned CVE-2019-6128.
pal2rgb failed to free memory on a few errors. This was reported
here: http://bugzilla.maptools.org/show_bug.cgi?id=2836.
---
tools/pal2rgb.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/tools/pal2rgb.c b/tools/pal2rgb.c
index 01d8502e..9492f1cf 100644
--- a/tools/pal2rgb.c
+++ b/tools/pal2rgb.c
@@ -118,12 +118,14 @@ main(int argc, char* argv[])
shortv != PHOTOMETRIC_PALETTE) {
fprintf(stderr, "%s: Expecting a palette image.\n",
argv[optind]);
+ (void) TIFFClose(in);
return (-1);
}
if (!TIFFGetField(in, TIFFTAG_COLORMAP, &rmap, &gmap, &bmap)) {
fprintf(stderr,
"%s: No colormap (not a valid palette image).\n",
argv[optind]);
+ (void) TIFFClose(in);
return (-1);
}
bitspersample = 0;
@@ -131,11 +133,14 @@ main(int argc, char* argv[])
if (bitspersample != 8) {
fprintf(stderr, "%s: Sorry, can only handle 8-bit images.\n",
argv[optind]);
+ (void) TIFFClose(in);
return (-1);
}
out = TIFFOpen(argv[optind+1], "w");
- if (out == NULL)
+ if (out == NULL) {
+ (void) TIFFClose(in);
return (-2);
+ }
cpTags(in, out);
TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &imagewidth);
TIFFGetField(in, TIFFTAG_IMAGELENGTH, &imagelength);
--
2.21.0
From 802d3cbf3043be5dce5317e140ccb1c17a6a2d39 Mon Sep 17 00:00:00 2001
From: Thomas Bernard <miniupnp@free.fr>
Date: Tue, 29 Jan 2019 11:21:47 +0100
Subject: [PATCH] TIFFWriteDirectoryTagTransferfunction() : fix NULL
dereferencing
http://bugzilla.maptools.org/show_bug.cgi?id=2833
we must check the pointer is not NULL before memcmp() the memory
---
libtiff/tif_dirwrite.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
index c15a28db..ef30c869 100644
--- a/libtiff/tif_dirwrite.c
+++ b/libtiff/tif_dirwrite.c
@@ -1893,12 +1893,14 @@ TIFFWriteDirectoryTagTransferfunction(TIFF* tif, uint32* ndir, TIFFDirEntry* dir
n=3;
if (n==3)
{
- if (!_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[2],m*sizeof(uint16)))
+ if (tif->tif_dir.td_transferfunction[2] == NULL ||
+ !_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[2],m*sizeof(uint16)))
n=2;
}
if (n==2)
{
- if (!_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[1],m*sizeof(uint16)))
+ if (tif->tif_dir.td_transferfunction[1] == NULL ||
+ !_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[1],m*sizeof(uint16)))
n=1;
}
if (n==0)
--
2.21.0
# Contributor: A. Wilcox <awilfox@adelielinux.org>
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=wxwidgets
pkgver=3.1.2
pkgver=3.1.3
pkgrel=0
pkgdesc="C++ library for creating applications"
url="https://www.wxwidgets.org/"
......@@ -40,4 +40,4 @@ package() {
make DESTDIR="$pkgdir" install
}
sha512sums="e0c6cc58f87c7534be100b098b6db4c5a7a6b7972a8ccc0573dc38cda1b098e1d9f3ea541771173889806f093b4fb5bc0f2b57952eedf907fe7e5d7c01840cf6 wxWidgets-3.1.2.tar.bz2"
sha512sums="d19305c96f1a382ec74549f69d6a7c61ecd0abac383623c308c45f0168c670c15262efc4fb64c14fa9d1fdb3579f19abdb5c8247ead72dc926342e586d7b4532 wxWidgets-3.1.3.tar.bz2"
# Contributor: Carlo Landmeter <clandmeter@gmail.com>
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=x265
pkgver=3.0
pkgver=3.2.1
pkgrel=0
pkgdesc="Open Source H265/HEVC video encoder"
url="http://x265.org"
......@@ -47,5 +47,5 @@ package() {
make DESTDIR="$pkgdir" install
}
sha512sums="bb7665194ddd4bccbb91c16337463ad4ef32111a1e7779e4cc16964df0992aa99e578cb74fef0edbf41119105e4085574247f60541b0558cc36730ea12d2c6ba x265-3.0.tar.gz
sha512sums="5cb29b9d4475c1f686f6e31e47ccddde3db1639d5dcf9c058513389a9fdeb35a83b14e30e59498a76dec74bb0b410b6d8f5b1b45d18927be9811bb6a40d8d568 x265-3.2.1.tar.gz
ac3ecc613fe4da11672de8f397b5541fe2af29b7dd91a48859bfe8824934a5966c41ca30de242564c46f1a0cdd2a0da9331d9f547fc21120066fb3c45347c4c4 x265-unbreak-my-arm.patch"