From e96b1c4b0b06d65c54a764fe4a59d886afc70df5 Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Sat, 28 Oct 2023 18:12:44 +0200 Subject: [PATCH] package/tiff: security bump to version 4.6.0 - Drop --without-x (now unrecognized) - Fix CVE-2023-40745: LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. - Fix CVE-2023-41175: A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. https://libtiff.gitlab.io/libtiff/releases/v4.6.0.html Signed-off-by: Fabrice Fontaine Signed-off-by: Yann E. MORIN --- package/tiff/tiff.hash | 2 +- package/tiff/tiff.mk | 6 ++---- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/package/tiff/tiff.hash b/package/tiff/tiff.hash index 0fa503a02a..3aae7dc4d5 100644 --- a/package/tiff/tiff.hash +++ b/package/tiff/tiff.hash @@ -1,3 +1,3 @@ # Locally computed -sha256 d7f38b6788e4a8f5da7940c5ac9424f494d8a79eba53d555f4a507167dca5e2b tiff-4.5.1.tar.gz +sha256 88b3979e6d5c7e32b50d7ec72fb15af724f6ab2cbf7e10880c360a77e4b5d99a tiff-4.6.0.tar.gz sha256 0780558a8bfba0af1160ec1ff11ade4f41c0d7deafd6ecfc796b492a788e380d LICENSE.md diff --git a/package/tiff/tiff.mk b/package/tiff/tiff.mk index 0006f461a0..e384e8b814 100644 --- a/package/tiff/tiff.mk +++ b/package/tiff/tiff.mk @@ -4,7 +4,7 @@ # ################################################################################ -TIFF_VERSION = 4.5.1 +TIFF_VERSION = 4.6.0 TIFF_SITE = http://download.osgeo.org/libtiff TIFF_LICENSE = tiff license TIFF_LICENSE_FILES = LICENSE.md @@ -17,14 +17,12 @@ TIFF_INSTALL_STAGING = YES TIFF_CONF_OPTS = \ --disable-contrib \ --disable-tests \ - --disable-webp \ - --without-x + --disable-webp TIFF_DEPENDENCIES = host-pkgconf HOST_TIFF_CONF_OPTS = \ --disable-cxx \ - --without-x \ --disable-zlib \ --disable-libdeflate \ --disable-lzma \