Patch libtiff v4.0.6 with latest security fixes

2025-07-12 03:50:13 +02:00 · 2016-11-08 11:54:41 +00:00 · 2016-11-08 11:54:41 +00:00 · 734df539dd
commit 734df539dd
parent 27b9481452
5 changed files with 11 additions and 6 deletions
--- a/packaging/build/lin.sh
+++ b/packaging/build/lin.sh
@ -112,8 +112,11 @@ make install-strip
 mkdir ${DEPS}/tiff
 curl -Ls http://download.osgeo.org/libtiff/tiff-${VERSION_TIFF}.tar.gz | tar xzC ${DEPS}/tiff --strip-components=1
 cd ${DEPS}/tiff
+# Apply patches for various libtiff security vulnerabilities reported since v4.0.6
+VERSION_TIFF_GIT_MASTER_SHA=$(curl -Ls https://api.github.com/repos/vadz/libtiff/git/refs/heads/master | jq -r '.object.sha' | head -c7)
+curl -Ls https://github.com/vadz/libtiff/compare/Release-v4-0-6...master.patch | patch -p1 -t || true
 if [ -n "${CHOST}" ]; then autoreconf -fiv; fi
-./configure --host=${CHOST} --prefix=${TARGET} --enable-shared --disable-static --disable-dependency-tracking --disable-mdi --disable-cxx
+./configure --host=${CHOST} --prefix=${TARGET} --enable-shared --disable-static --disable-dependency-tracking --disable-mdi --disable-pixarlog --disable-cxx
 make install-strip

 mkdir ${DEPS}/orc
@ -224,7 +227,7 @@ echo "{\n\
  \"pixman\": \"${VERSION_PIXMAN}\",\n\
  \"png\": \"${VERSION_PNG16}\",\n\
  \"svg\": \"${VERSION_SVG}\",\n\
-  \"tiff\": \"${VERSION_TIFF}\",\n\
+  \"tiff\": \"${VERSION_TIFF}-${VERSION_TIFF_GIT_MASTER_SHA}\",\n\
  \"vips\": \"${VERSION_VIPS}\",\n\
  \"webp\": \"${VERSION_WEBP}\",\n\
  \"xml\": \"${VERSION_XML2}\",\n\
--- a/packaging/linux-armv6/Dockerfile
+++ b/packaging/linux-armv6/Dockerfile
@ -7,7 +7,7 @@ MAINTAINER Lovell Fuller <npm@lovell.info>
 # Build dependencies
 RUN \
  apt-get update && \
-  apt-get install -y build-essential curl autoconf libtool nasm gtk-doc-tools texinfo advancecomp libglib2.0-dev
+  apt-get install -y build-essential curl autoconf libtool nasm gtk-doc-tools texinfo advancecomp libglib2.0-dev jq

 # Compiler settings
 ENV \
--- a/packaging/linux-armv7/Dockerfile
+++ b/packaging/linux-armv7/Dockerfile
@ -11,7 +11,7 @@ RUN \
  curl http://emdebian.org/tools/debian/emdebian-toolchain-archive.key | apt-key add - && \
  dpkg --add-architecture armhf && \
  apt-get update && \
-  apt-get install -y crossbuild-essential-armhf autoconf libtool nasm gtk-doc-tools texinfo advancecomp libglib2.0-dev
+  apt-get install -y crossbuild-essential-armhf autoconf libtool nasm gtk-doc-tools texinfo advancecomp libglib2.0-dev jq

 # Compiler settings
 ENV \
--- a/packaging/linux-armv8/Dockerfile
+++ b/packaging/linux-armv8/Dockerfile
@ -9,7 +9,7 @@ RUN \
  apt-get install -y curl && \
  dpkg --add-architecture arm64 && \
  apt-get update && \
-  apt-get install -y crossbuild-essential-arm64 autoconf libtool nasm gtk-doc-tools texinfo advancecomp libglib2.0-dev
+  apt-get install -y crossbuild-essential-arm64 autoconf libtool nasm gtk-doc-tools texinfo advancecomp libglib2.0-dev jq

 # Compiler settings
 ENV \
--- a/packaging/linux-x64/Dockerfile
+++ b/packaging/linux-x64/Dockerfile
@ -5,8 +5,10 @@ MAINTAINER Lovell Fuller <npm@lovell.info>

 # Build dependencies
 RUN \
+  echo "deb http://ftp.debian.org/debian wheezy-backports main" | tee /etc/apt/sources.list.d/wheezy-backports.list && \
  apt-get update && \
-  apt-get install -y build-essential autoconf libtool nasm gtk-doc-tools texinfo advancecomp
+  apt-get install -y build-essential autoconf libtool nasm gtk-doc-tools texinfo advancecomp && \
+  apt-get -t wheezy-backports install -y jq

 # Compiler settings
 ENV \