From 734df539dd2a6b2aa08f60bd3f5805c88cc7c9be Mon Sep 17 00:00:00 2001 From: Lovell Fuller Date: Tue, 8 Nov 2016 11:54:41 +0000 Subject: [PATCH] Patch libtiff v4.0.6 with latest security fixes --- packaging/build/lin.sh | 7 +++++-- packaging/linux-armv6/Dockerfile | 2 +- packaging/linux-armv7/Dockerfile | 2 +- packaging/linux-armv8/Dockerfile | 2 +- packaging/linux-x64/Dockerfile | 4 +++- 5 files changed, 11 insertions(+), 6 deletions(-) diff --git a/packaging/build/lin.sh b/packaging/build/lin.sh index de9f1221..47c9dfa0 100755 --- a/packaging/build/lin.sh +++ b/packaging/build/lin.sh @@ -112,8 +112,11 @@ make install-strip mkdir ${DEPS}/tiff curl -Ls http://download.osgeo.org/libtiff/tiff-${VERSION_TIFF}.tar.gz | tar xzC ${DEPS}/tiff --strip-components=1 cd ${DEPS}/tiff +# Apply patches for various libtiff security vulnerabilities reported since v4.0.6 +VERSION_TIFF_GIT_MASTER_SHA=$(curl -Ls https://api.github.com/repos/vadz/libtiff/git/refs/heads/master | jq -r '.object.sha' | head -c7) +curl -Ls https://github.com/vadz/libtiff/compare/Release-v4-0-6...master.patch | patch -p1 -t || true if [ -n "${CHOST}" ]; then autoreconf -fiv; fi -./configure --host=${CHOST} --prefix=${TARGET} --enable-shared --disable-static --disable-dependency-tracking --disable-mdi --disable-cxx +./configure --host=${CHOST} --prefix=${TARGET} --enable-shared --disable-static --disable-dependency-tracking --disable-mdi --disable-pixarlog --disable-cxx make install-strip mkdir ${DEPS}/orc @@ -224,7 +227,7 @@ echo "{\n\ \"pixman\": \"${VERSION_PIXMAN}\",\n\ \"png\": \"${VERSION_PNG16}\",\n\ \"svg\": \"${VERSION_SVG}\",\n\ - \"tiff\": \"${VERSION_TIFF}\",\n\ + \"tiff\": \"${VERSION_TIFF}-${VERSION_TIFF_GIT_MASTER_SHA}\",\n\ \"vips\": \"${VERSION_VIPS}\",\n\ \"webp\": \"${VERSION_WEBP}\",\n\ \"xml\": \"${VERSION_XML2}\",\n\ diff --git a/packaging/linux-armv6/Dockerfile b/packaging/linux-armv6/Dockerfile index 70ba745f..af79a935 100644 --- a/packaging/linux-armv6/Dockerfile +++ b/packaging/linux-armv6/Dockerfile @@ -7,7 +7,7 @@ MAINTAINER Lovell Fuller # Build dependencies RUN \ apt-get update && \ - apt-get install -y build-essential curl autoconf libtool nasm gtk-doc-tools texinfo advancecomp libglib2.0-dev + apt-get install -y build-essential curl autoconf libtool nasm gtk-doc-tools texinfo advancecomp libglib2.0-dev jq # Compiler settings ENV \ diff --git a/packaging/linux-armv7/Dockerfile b/packaging/linux-armv7/Dockerfile index d213fe9b..338c1fd7 100644 --- a/packaging/linux-armv7/Dockerfile +++ b/packaging/linux-armv7/Dockerfile @@ -11,7 +11,7 @@ RUN \ curl http://emdebian.org/tools/debian/emdebian-toolchain-archive.key | apt-key add - && \ dpkg --add-architecture armhf && \ apt-get update && \ - apt-get install -y crossbuild-essential-armhf autoconf libtool nasm gtk-doc-tools texinfo advancecomp libglib2.0-dev + apt-get install -y crossbuild-essential-armhf autoconf libtool nasm gtk-doc-tools texinfo advancecomp libglib2.0-dev jq # Compiler settings ENV \ diff --git a/packaging/linux-armv8/Dockerfile b/packaging/linux-armv8/Dockerfile index a28ab4db..357ee690 100644 --- a/packaging/linux-armv8/Dockerfile +++ b/packaging/linux-armv8/Dockerfile @@ -9,7 +9,7 @@ RUN \ apt-get install -y curl && \ dpkg --add-architecture arm64 && \ apt-get update && \ - apt-get install -y crossbuild-essential-arm64 autoconf libtool nasm gtk-doc-tools texinfo advancecomp libglib2.0-dev + apt-get install -y crossbuild-essential-arm64 autoconf libtool nasm gtk-doc-tools texinfo advancecomp libglib2.0-dev jq # Compiler settings ENV \ diff --git a/packaging/linux-x64/Dockerfile b/packaging/linux-x64/Dockerfile index 877283e5..3bf32719 100644 --- a/packaging/linux-x64/Dockerfile +++ b/packaging/linux-x64/Dockerfile @@ -5,8 +5,10 @@ MAINTAINER Lovell Fuller # Build dependencies RUN \ + echo "deb http://ftp.debian.org/debian wheezy-backports main" | tee /etc/apt/sources.list.d/wheezy-backports.list && \ apt-get update && \ - apt-get install -y build-essential autoconf libtool nasm gtk-doc-tools texinfo advancecomp + apt-get install -y build-essential autoconf libtool nasm gtk-doc-tools texinfo advancecomp && \ + apt-get -t wheezy-backports install -y jq # Compiler settings ENV \