libtiff: apply upstream security fixes

Closes #8639. Signed-off-by: ilovezfs <ilovezfs@icloud.com>
2017-01-09 06:10:33 +00:00 · 2017-01-09 06:10:33 +00:00 · f1ef2f6440
commit f1ef2f6440
parent fd2c6443a5
1 changed files with 25 additions and 0 deletions
--- a/Formula/libtiff.rb
+++ b/Formula/libtiff.rb
@ -4,6 +4,7 @@ class Libtiff < Formula
  url "http://download.osgeo.org/libtiff/tiff-4.0.7.tar.gz"
  mirror "https://mirrors.ocf.berkeley.edu/debian/pool/main/t/tiff/tiff_4.0.7.orig.tar.gz"
  sha256 "9f43a2cfb9589e5cecaa66e16bf87f814c945f22df7ba600d63aac4632c4f019"
+  revision 1

  bottle do
    cellar :any
@ -19,6 +20,30 @@ class Libtiff < Formula
  depends_on "jpeg"
  depends_on "xz" => :optional

+  # Patches from Debian for CVE-2016-10094, and various other issues.
+  # All reported upstream, so should be safe to remove this block on next stable.
+  patch do
+    url "https://mirrors.ocf.berkeley.edu/debian/pool/main/t/tiff/tiff_4.0.7-4.debian.tar.xz"
+    mirror "https://mirrorservice.org/sites/ftp.debian.org/debian/pool/main/t/tiff/tiff_4.0.7-4.debian.tar.xz"
+    sha256 "74c9c85b43e1bb1016f96665090da7d8481a48f66a53a43100ab78f729cef0c0"
+    apply "patches/01-CVE.patch",
+          "patches/02-CVE.patch",
+          "patches/03-CVE.patch",
+          "patches/04-CVE.patch",
+          "patches/05-CVE.patch",
+          "patches/06-CVE.patch",
+          "patches/07-CVE.patch",
+          "patches/08-CVE.patch",
+          "patches/09-CVE.patch",
+          "patches/10-CVE.patch",
+          "patches/11-CVE.patch",
+          "patches/12-CVE.patch",
+          "patches/13-CVE.patch",
+          "patches/14-CVE.patch",
+          "patches/15-TIFFFaxTabEnt_bugfix.patch",
+          "patches/16-CVE-2016-10094.patch"
+  end
+
  def install
    ENV.universal_binary if build.universal?
    ENV.cxx11 if build.cxx11?