main/tiff: security fixes #7118

CVE-2017-7592, CVE-2017-7593, CVE-2017-7594, CVE-2017-7595, CVE-2017-7596,
CVE-2017-7598, CVE-2017-7601, CVE-2017-7602

CVE-2017-7597, CVE-2017-7599, CVE-75600 are already included in upstream release

1 files changed, 31 insertions, 6 deletions

diff --git a/main/tiff/APKBUILD b/main/tiff/APKBUILD
index 9ecb3090c5..fb15b96291 100644
--- a/main/tiff/APKBUILD
+++ b/main/tiff/APKBUILD
@@ -3,7 +3,7 @@
 # Maintainer: Michael Mason <ms13sp@gmail.com>
 pkgname=tiff
 pkgver=4.0.7
-pkgrel=1
+pkgrel=2
 pkgdesc="Provides support for the Tag Image File Format or TIFF"
 url="http://www.libtiff.org/"
 arch="all"
@@ -14,9 +14,28 @@ makedepends="libtool autoconf automake $depends_dev"
 subpackages="$pkgname-doc $pkgname-dev $pkgname-tools"
 source="http://download.osgeo.org/libtiff/tiff-${pkgver}.tar.gz
 	CVE-2017-5225.patch
+	CVE-2017-7592.patch
+	CVE-2017-7593.patch
+	CVE-2017-7594-1.patch
+	CVE-2017-7594-2.patch
+	CVE-2017-7595.patch
+	0001-libtiff-tif_dirwrite.c-in-TIFFWriteDirectoryTagCheck.patch
+	CVE-2017-7596.patch
+	CVE-2017-7598.patch
+	CVE-2017-7601.patch
+	CVE-2017-7602.patch
 	"
 
 # secfixes:
+#   4.0.7-r2:
+#     -	CVE-2017-7592
+#     -	CVE-2017-7593
+#     -	CVE-2017-7594
+#     -	CVE-2017-7595
+#     -	CVE-2017-7596
+#     -	CVE-2017-7598
+#     -	CVE-2017-7601
+#     -	CVE-2017-7602
 #   4.0.7-r1:
 #     - CVE-2017-5225
 
@@ -59,9 +78,15 @@ tools() {
 	mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
 }
 
-md5sums="77ae928d2c6b7fb46a21c3a29325157b  tiff-4.0.7.tar.gz
-1758d0b97458604fb770b55afcce156c  CVE-2017-5225.patch"
-sha256sums="9f43a2cfb9589e5cecaa66e16bf87f814c945f22df7ba600d63aac4632c4f019  tiff-4.0.7.tar.gz
-a1bf4d4ce292a593d525fd3c6f68090c5f6242b493e9ba80bcad70e7c2a57e68  CVE-2017-5225.patch"
 sha512sums="941357bdd5f947cdca41a1d31ae14b3fadc174ae5dce7b7981dbe58f61995f575ac2e97a7cc4fcc435184012017bec0920278263490464644f2cdfad9a6c5ddc  tiff-4.0.7.tar.gz
-001a2df978f51025771c243edee2d033c91114bdd5318a05730b910add9c70f219a848faad899f27421ca18da6ce9972013aa3ecf689cf4ea37ac5409b4b6244  CVE-2017-5225.patch"
+001a2df978f51025771c243edee2d033c91114bdd5318a05730b910add9c70f219a848faad899f27421ca18da6ce9972013aa3ecf689cf4ea37ac5409b4b6244  CVE-2017-5225.patch
+c2401f41ce4725b94159da25290270fe4029bacd934aec4d85b4468b4ee8b37fffd4f07eb12ed654863c3ad97474cd4c196db0a3a0ccf6497fc4d8e6d46a5961  CVE-2017-7592.patch
+487de0b6a4cf7f09bf23b8217ec8dbac3640f7e47cd86e885f331bc41e385146fd73c6e079768952adb6fa12148b9e52a177bf67affdfe8bdf3d8205302a3f0c  CVE-2017-7593.patch
+0d1639932613811ac7f9cc626e296a388ca922a2a9843d88e256e2f1249593799f98bbd353c84ad193d8e6a80f62f2d8751196169a07db1c47abd869676e83ed  CVE-2017-7594-1.patch
+0c77d2ade6d307c3fa1e9e44bf546d72f5664273f1e961fbe604c409e929a695282b71af137ff060a9f6adf8e471313270babc223df36d978cdca3d6681bd5a2  CVE-2017-7594-2.patch
+bfbd193adb65feab8609231334ba7867c925997940398d1155f2cef8351fabeea0f3c0840aefdcd3f648e35e503f024bfdab00d544927368256025f7e3fb5214  CVE-2017-7595.patch
+e64c3753c01029f2d951ca376ab14eaeb824e8021da5038a13e3216e499fc07c82fb8d1447642b3835cf22742785f856905220d1bbde561f4fa38ebb1fecb6e0  0001-libtiff-tif_dirwrite.c-in-TIFFWriteDirectoryTagCheck.patch
+88e5e1e07f295933357adba70e88d5c3537e3d0e07951da1736407d871f7a44e370011b436fa923853ea47a51322bb503f7c7d6273791a654cf0fb104acf69b5  CVE-2017-7596.patch
+098ece44709233abb905ede3d4034070c91e70e9c0c237568622598871062e212f40b4e0dfdd27fc66bd8a53aa3e9250072de8a991db93140e54db902224d79c  CVE-2017-7598.patch
+8264e9c82e60b33e08de53492cf0777402c1b5e54e42bf5b65360a6b1e9f54776bad496468fd4c32a31dadde760ccb1ae606d07ede36644218e2c8f30d292bd8  CVE-2017-7601.patch
+12187ae305c2efbdaec2a6cfb05bd32286b9ab90bab7801a996a0f13ef8efe12951b77b51be09e9b56f7d092b7771b06109c4d1b35374fea819559b7e042135b  CVE-2017-7602.patch"