summaryrefslogtreecommitdiff
path: root/user
diff options
context:
space:
mode:
authorA. Wilcox <awilcox@wilcox-tech.com>2019-06-21 23:38:53 +0000
committerA. Wilcox <awilcox@wilcox-tech.com>2019-06-21 23:38:53 +0000
commitfd45ed897742614bd2867cb46578557beb820026 (patch)
tree8eaa82bc50ad1a89272b146743ec1544163d48f3 /user
parent86d0de126ffdebdb8cee9581ce51c16a6f20b58b (diff)
parent332e0a40fabc1c4047a631273e5d5df46cbf4bb2 (diff)
downloadpackages-fd45ed897742614bd2867cb46578557beb820026.tar.gz
packages-fd45ed897742614bd2867cb46578557beb820026.tar.bz2
packages-fd45ed897742614bd2867cb46578557beb820026.tar.xz
packages-fd45ed897742614bd2867cb46578557beb820026.zip
Merge branch 'cve' into 'master'
CVE bumps: part one See merge request !249
Diffstat (limited to 'user')
-rw-r--r--user/cairo/APKBUILD13
-rw-r--r--user/cairo/CVE-2018-19876.patch30
-rw-r--r--user/flac/APKBUILD15
-rw-r--r--user/flac/CVE-2017-6888.patch27
-rw-r--r--user/libice/APKBUILD20
-rw-r--r--user/libice/CVE-2017-2626.patch142
-rw-r--r--user/libssh2/APKBUILD40
-rw-r--r--user/postgresql/APKBUILD31
-rw-r--r--user/tiff/APKBUILD13
-rw-r--r--user/tiff/CVE-2019-6128.patch49
-rw-r--r--user/tiff/CVE-2019-7663.patch37
11 files changed, 343 insertions, 74 deletions
diff --git a/user/cairo/APKBUILD b/user/cairo/APKBUILD
index 36e88f395..bfb290d7b 100644
--- a/user/cairo/APKBUILD
+++ b/user/cairo/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer:
pkgname=cairo
pkgver=1.16.0
-pkgrel=0
+pkgrel=1
pkgdesc="A vector graphics library"
url="https://cairographics.org/"
arch="all"
@@ -18,10 +18,14 @@ _ultver="2016-04-23"
source="https://cairographics.org/releases/$pkgname-$pkgver.tar.xz
fontconfig-ultimate-$_ultver.tar.gz::https://github.com/bohoomil/fontconfig-ultimate/archive/$_ultver.tar.gz
musl-stacksize.patch
+ CVE-2018-19876.patch
"
+# secfixes:
+# 1.16.0-r1:
+# - CVE-2018-19876
+
prepare() {
- cd "$builddir"
default_prepare
# infinality
@@ -32,7 +36,6 @@ prepare() {
}
build() {
- cd "$builddir"
autoreconf -vif
./configure \
--build=$CBUILD \
@@ -58,7 +61,6 @@ build() {
}
package() {
- cd "$builddir"
make DESTDIR="$pkgdir" install
}
@@ -78,4 +80,5 @@ tools() {
sha512sums="9eb27c4cf01c0b8b56f2e15e651f6d4e52c99d0005875546405b64f1132aed12fbf84727273f493d84056a13105e065009d89e94a8bfaf2be2649e232b82377f cairo-1.16.0.tar.xz
d8185f4ec74f44c4746acf7e79bba7ff7ffd9d35bdabeb25e10b4e12825942d910931aa857f1645e5c8185bcb40a1f1ffe1e7e647428e9ea66618b2aec52fac3 fontconfig-ultimate-2016-04-23.tar.gz
-86f26fe41deb5e14f553c999090d1ec1d92a534fa7984112c9a7f1d6c6a8f1b7bb735947e8ec3f26e817f56410efe8cc46c5e682f6a278d49b40a683513740e0 musl-stacksize.patch"
+86f26fe41deb5e14f553c999090d1ec1d92a534fa7984112c9a7f1d6c6a8f1b7bb735947e8ec3f26e817f56410efe8cc46c5e682f6a278d49b40a683513740e0 musl-stacksize.patch
+9020c596caa54a2ac435d5dae0f121d36d3c3f34d487b9c1032665b1bd15813506adf31984e34b5dd328ee0e068de0627e1d061230758328cae4fa993c3a9209 CVE-2018-19876.patch"
diff --git a/user/cairo/CVE-2018-19876.patch b/user/cairo/CVE-2018-19876.patch
new file mode 100644
index 000000000..33731e4fc
--- /dev/null
+++ b/user/cairo/CVE-2018-19876.patch
@@ -0,0 +1,30 @@
+From 90e85c2493fdfa3551f202ff10282463f1e36645 Mon Sep 17 00:00:00 2001
+From: Carlos Garcia Campos <cgarcia@igalia.com>
+Date: Mon, 19 Nov 2018 12:33:07 +0100
+Subject: [PATCH] ft: Use FT_Done_MM_Var instead of free when available in
+ cairo_ft_apply_variations
+
+Fixes a crash when using freetype >= 2.9
+---
+ src/cairo-ft-font.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c
+index 325dd61b4..981973f78 100644
+--- a/src/cairo-ft-font.c
++++ b/src/cairo-ft-font.c
+@@ -2393,7 +2393,11 @@ skip:
+ done:
+ free (coords);
+ free (current_coords);
++#if HAVE_FT_DONE_MM_VAR
++ FT_Done_MM_Var (face->glyph->library, ft_mm_var);
++#else
+ free (ft_mm_var);
++#endif
+ }
+ }
+
+--
+2.21.0
+
diff --git a/user/flac/APKBUILD b/user/flac/APKBUILD
index 0588e8fc2..363d5b3ac 100644
--- a/user/flac/APKBUILD
+++ b/user/flac/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=flac
pkgver=1.3.2
-pkgrel=2
+pkgrel=3
pkgdesc="Free Lossless Audio Codec"
url="https://xiph.org/flac/"
arch="all"
@@ -11,11 +11,13 @@ subpackages="$pkgname-dev $pkgname-doc"
depends=
makedepends="libogg-dev"
source="https://downloads.xiph.org/releases/flac/flac-${pkgver}.tar.xz
- "
+ CVE-2017-6888.patch"
-build() {
- cd "$builddir"
+# secfixes:
+# 1.3.2-r3:
+# - CVE-2017-6888
+build() {
local _arch_conf
case "${CARCH}" in
ppc*) _arch_conf="--enable-altivec" ;;
@@ -37,16 +39,15 @@ build() {
}
check() {
- cd "$builddir"
make check
}
package() {
- cd "$builddir"
make DESTDIR="$pkgdir" install
install -Dm0644 COPYING.Xiph \
"$pkgdir"/usr/share/licenses/$pkgname/COPYING.Xiph
}
-sha512sums="63910e8ebbe508316d446ffc9eb6d02efbd5f47d29d2ea7864da9371843c8e671854db6e89ba043fe08aef1845b8ece70db80f1cce853f591ca30d56ef7c3a15 flac-1.3.2.tar.xz"
+sha512sums="63910e8ebbe508316d446ffc9eb6d02efbd5f47d29d2ea7864da9371843c8e671854db6e89ba043fe08aef1845b8ece70db80f1cce853f591ca30d56ef7c3a15 flac-1.3.2.tar.xz
+ea241ba68a4e8d91d5db555ec8c459cff48ad8c3de511d0a92d4feb8b946a2173422015fdc9604240035ef315132fe4062ab3e6d4bc2d79aa1aed18defa32301 CVE-2017-6888.patch"
diff --git a/user/flac/CVE-2017-6888.patch b/user/flac/CVE-2017-6888.patch
new file mode 100644
index 000000000..080160bfb
--- /dev/null
+++ b/user/flac/CVE-2017-6888.patch
@@ -0,0 +1,27 @@
+From 4f47b63e9c971e6391590caf00a0f2a5ed612e67 Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo <erikd@mega-nerd.com>
+Date: Sat, 8 Apr 2017 18:34:49 +1000
+Subject: [PATCH] stream_decoder.c: Fix a memory leak
+
+Leak reported by Secunia Research.
+---
+ src/libFLAC/stream_decoder.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/libFLAC/stream_decoder.c b/src/libFLAC/stream_decoder.c
+index 14d5fe7f..a5527511 100644
+--- a/src/libFLAC/stream_decoder.c
++++ b/src/libFLAC/stream_decoder.c
+@@ -1753,6 +1753,9 @@ FLAC__bool read_metadata_vorbiscomment_(FLAC__StreamDecoder *decoder, FLAC__Stre
+ }
+ memset (obj->comments[i].entry, 0, obj->comments[i].length) ;
+ if (!FLAC__bitreader_read_byte_block_aligned_no_crc(decoder->private_->input, obj->comments[i].entry, obj->comments[i].length)) {
++ /* Current i-th entry is bad, so we delete it. */
++ free (obj->comments[i].entry) ;
++ obj->comments[i].entry = NULL ;
+ obj->num_comments = i;
+ goto skip;
+ }
+--
+2.11.0
+
diff --git a/user/libice/APKBUILD b/user/libice/APKBUILD
index 8d2fea498..1ea5a767f 100644
--- a/user/libice/APKBUILD
+++ b/user/libice/APKBUILD
@@ -1,19 +1,28 @@
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=libice
pkgver=1.0.9
-pkgrel=3
+pkgrel=4
pkgdesc="X11 Inter-Client Exchange library"
url="https://www.X.Org/"
arch="all"
license="MIT"
depends=
-makedepends="util-macros xmlto xorgproto-dev xtrans"
+makedepends="libbsd-dev util-macros xmlto xorgproto-dev xtrans"
checkdepends="check-dev"
subpackages="$pkgname-dev $pkgname-doc"
-source="https://www.X.Org/releases/individual/lib/libICE-$pkgver.tar.bz2"
-
+source="https://www.X.Org/releases/individual/lib/libICE-$pkgver.tar.bz2
+ CVE-2017-2626.patch"
builddir="$srcdir/libICE-$pkgver"
+# secfixes:
+# 1.0.9-r4:
+# - CVE-2017-2626
+
+prepare() {
+ default_prepare
+ autoreconf -vif
+}
+
build() {
cd "$builddir"
./configure \
@@ -38,4 +47,5 @@ package() {
make DESTDIR="$pkgdir" install
}
-sha512sums="daa8126ee5279c08f801274a2754132762dea2a40f4733c4b0bf8e8bdad61cba826939a2e067beb3524e256a98a2b83f23c8d4643f3e75a284ab02cc73da41b7 libICE-1.0.9.tar.bz2"
+sha512sums="daa8126ee5279c08f801274a2754132762dea2a40f4733c4b0bf8e8bdad61cba826939a2e067beb3524e256a98a2b83f23c8d4643f3e75a284ab02cc73da41b7 libICE-1.0.9.tar.bz2
+83e53a4b48c429c7fad8f4feba1b9261e1ff26d995a729e7d38f1aac29cf5f69ffeb83a1733f3e624b09ae0ee97f09be8380ab0d59fb51436e1b537461a6943c CVE-2017-2626.patch"
diff --git a/user/libice/CVE-2017-2626.patch b/user/libice/CVE-2017-2626.patch
new file mode 100644
index 000000000..ea2d8835b
--- /dev/null
+++ b/user/libice/CVE-2017-2626.patch
@@ -0,0 +1,142 @@
+From ff5e59f32255913bb1cdf51441b98c9107ae165b Mon Sep 17 00:00:00 2001
+From: Benjamin Tissoires <benjamin.tissoires@gmail.com>
+Date: Tue, 4 Apr 2017 19:12:53 +0200
+Subject: Use getentropy() if arc4random_buf() is not available
+
+This allows to fix CVE-2017-2626 on Linux platforms without pulling in
+libbsd.
+The libc getentropy() is available since glibc 2.25 but also on OpenBSD.
+For Linux, we need at least a v3.17 kernel. If the recommended
+arc4random_buf() function is not available, emulate it by first trying
+to use getentropy() on a supported glibc and kernel. If the call fails,
+fall back to the current (partly vulnerable) code.
+
+Signed-off-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
+Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
+Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
+---
+ configure.ac | 2 +-
+ src/iceauth.c | 65 ++++++++++++++++++++++++++++++++++++++++++-----------------
+ 2 files changed, 47 insertions(+), 20 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 458882a..c971ab6 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -38,7 +38,7 @@ AC_DEFINE(ICE_t, 1, [Xtrans transport type])
+
+ # Checks for library functions.
+ AC_CHECK_LIB([bsd], [arc4random_buf])
+-AC_CHECK_FUNCS([asprintf arc4random_buf])
++AC_CHECK_FUNCS([asprintf arc4random_buf getentropy])
+
+ # Allow checking code with lint, sparse, etc.
+ XORG_WITH_LINT
+diff --git a/src/iceauth.c b/src/iceauth.c
+index ed31683..de4785b 100644
+--- a/src/iceauth.c
++++ b/src/iceauth.c
+@@ -44,31 +44,19 @@ Author: Ralph Mor, X Consortium
+
+ static int was_called_state;
+
+-/*
+- * MIT-MAGIC-COOKIE-1 is a sample authentication method implemented by
+- * the SI. It is not part of standard ICElib.
+- */
++#ifndef HAVE_ARC4RANDOM_BUF
+
+-
+-char *
+-IceGenerateMagicCookie (
++static void
++emulate_getrandom_buf (
++ char *auth,
+ int len
+ )
+ {
+- char *auth;
+-#ifndef HAVE_ARC4RANDOM_BUF
+ long ldata[2];
+ int seed;
+ int value;
+ int i;
+-#endif
+
+- if ((auth = malloc (len + 1)) == NULL)
+- return (NULL);
+-
+-#ifdef HAVE_ARC4RANDOM_BUF
+- arc4random_buf(auth, len);
+-#else
+ #ifdef ITIMER_REAL
+ {
+ struct timeval now;
+@@ -76,13 +64,13 @@ IceGenerateMagicCookie (
+ ldata[0] = now.tv_sec;
+ ldata[1] = now.tv_usec;
+ }
+-#else
++#else /* ITIMER_REAL */
+ {
+ long time ();
+ ldata[0] = time ((long *) 0);
+ ldata[1] = getpid ();
+ }
+-#endif
++#endif /* ITIMER_REAL */
+ seed = (ldata[0]) + (ldata[1] << 16);
+ srand (seed);
+ for (i = 0; i < len; i++)
+@@ -90,7 +78,46 @@ IceGenerateMagicCookie (
+ value = rand ();
+ auth[i] = value & 0xff;
+ }
+-#endif
++}
++
++static void
++arc4random_buf (
++ char *auth,
++ int len
++)
++{
++ int ret;
++
++#if HAVE_GETENTROPY
++ /* weak emulation of arc4random through the entropy libc */
++ ret = getentropy (auth, len);
++ if (ret == 0)
++ return;
++#endif /* HAVE_GETENTROPY */
++
++ emulate_getrandom_buf (auth, len);
++}
++
++#endif /* !defined(HAVE_ARC4RANDOM_BUF) */
++
++/*
++ * MIT-MAGIC-COOKIE-1 is a sample authentication method implemented by
++ * the SI. It is not part of standard ICElib.
++ */
++
++
++char *
++IceGenerateMagicCookie (
++ int len
++)
++{
++ char *auth;
++
++ if ((auth = malloc (len + 1)) == NULL)
++ return (NULL);
++
++ arc4random_buf (auth, len);
++
+ auth[len] = '\0';
+ return (auth);
+ }
+--
+cgit v1.1
+
diff --git a/user/libssh2/APKBUILD b/user/libssh2/APKBUILD
deleted file mode 100644
index cb6e11f97..000000000
--- a/user/libssh2/APKBUILD
+++ /dev/null
@@ -1,40 +0,0 @@
-# Contributor: William Pitcock <nenolod@dereferenced.org>
-# Maintainer:
-pkgname=libssh2
-pkgver=1.8.2
-pkgrel=0
-pkgdesc="Library for accessing SSH servers"
-url="https://libssh2.org/"
-arch="all"
-options="!check" # Requires deprecated UsePrivilegeSeparation option.
-license="BSD-3-Clause"
-makedepends_host="openssl-dev zlib-dev"
-subpackages="$pkgname-dev $pkgname-doc"
-source="https://libssh2.org/download/libssh2-$pkgver.tar.gz"
-
-build() {
- cd "$builddir"
- ./configure \
- --build=$CBUILD \
- --host=$CHOST \
- --prefix=/usr \
- --sysconfdir=/etc \
- --mandir=/usr/share/man \
- --infodir=/usr/share/info \
- --localstatedir=/var \
- --with-libssl-prefix="${CBUILDROOT}"/usr \
- --disable-rpath
- make
-}
-
-check() {
- cd "$builddir"
- make check
-}
-
-package() {
- cd "$builddir"
- make DESTDIR="$pkgdir" install
-}
-
-sha512sums="390ab4ad93bb738415ec11a6eb92806c9b9e9e5d8ee7c442d841a58b4292c1c447a9bc99e153ba464e2e11f9c0d1913469303598c3046722d1ae821991e8cb93 libssh2-1.8.2.tar.gz"
diff --git a/user/postgresql/APKBUILD b/user/postgresql/APKBUILD
index 7fed2351e..996168875 100644
--- a/user/postgresql/APKBUILD
+++ b/user/postgresql/APKBUILD
@@ -2,7 +2,7 @@
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=postgresql
-pkgver=10.5
+pkgver=10.8
pkgrel=0
pkgdesc="Featureful object-relational database system (RDBMS)"
url="https://www.postgresql.org/"
@@ -35,23 +35,26 @@ source="https://ftp.postgresql.org/pub/source/v$pkgver/$pkgname-$pkgver.tar.bz2
# secfixes:
# 9.6.4-r0:
-# - CVE-2017-7546
-# - CVE-2017-7547
-# - CVE-2017-7548
+# - CVE-2017-7546
+# - CVE-2017-7547
+# - CVE-2017-7548
# 9.6.3-r0:
-# - CVE-2017-7484
-# - CVE-2017-7485
-# - CVE-2017-7486
+# - CVE-2017-7484
+# - CVE-2017-7485
+# - CVE-2017-7486
# 10.1-r0:
-# - CVE-2017-15098
-# - CVE-2017-15099
+# - CVE-2017-15098
+# - CVE-2017-15099
# 10.2-r0:
-# - CVE-2018-1052
-# - CVE-2018-1053
+# - CVE-2018-1052
+# - CVE-2018-1053
# 10.3-r0:
-# - CVE-2018-1058
+# - CVE-2018-1058
# 10.4-r0:
-# - CVE-2018-1115
+# - CVE-2018-1115
+# 10.8-r0:
+# - CVE-2018-16850
+# - CVE-2019-10130
prepare() {
default_prepare
@@ -249,7 +252,7 @@ _submv() {
done
}
-sha512sums="1bad30ae88beca66f7e8b99b82e7f02aac1e9230b328e6e5a762a704cdd9dc767d924f5a66c68c93586badfef91b7ff336120a567ce970eaa58bb44c662ad48c postgresql-10.5.tar.bz2
+sha512sums="c9cd0298f553e13e32d4315e17e9e61c1fd011391c5203282d9040f26fd08c85f749e6f2cea3bcc42d1ca153a1272bcd773196ef3bf2bdfb74cd12c5f523b7ca postgresql-10.8.tar.bz2
1f8e7dc58f5b0a12427cf2fd904ffa898a34f23f3332c8382b94e0d991c007289e7913a69e04498f3d93fc5701855796c207b4b1cc4a0b366f586050124d7fcc initdb.patch
5f9d8bb4957194069d01af8ab3abc6d4d83a7e7f8bd7ebe1caae5361d621a3e58f91b14b952958138a794e0a80bc154fbb7e3e78d211e2a95b9b7901335de854 perl-rpath.patch
8439a6fdfdea0a4867daeb8bc23d6c825f30c00d91d4c39f48653f5ee77341f23282ce03a77aad94b5369700f11d2cb28d5aee360e59138352a9ab331a9f9d0f conf-unix_socket_directories.patch
diff --git a/user/tiff/APKBUILD b/user/tiff/APKBUILD
index 7bb89ee3e..c3f0590f9 100644
--- a/user/tiff/APKBUILD
+++ b/user/tiff/APKBUILD
@@ -3,7 +3,7 @@
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=tiff
pkgver=4.0.10
-pkgrel=0
+pkgrel=1
pkgdesc="Library to read, create, and manipulate TIFF image files"
url="http://www.libtiff.org/"
arch="all"
@@ -13,8 +13,13 @@ depends_dev="zlib-dev libjpeg-turbo-dev"
makedepends="libtool autoconf automake $depends_dev"
subpackages="$pkgname-doc $pkgname-dev $pkgname-tools"
source="http://download.osgeo.org/libtiff/$pkgname-$pkgver.tar.gz
+ CVE-2019-6128.patch
+ CVE-2019-7663.patch
"
-# secfixes:
+# secfixes: libtiff
+# 4.0.10-r1:
+# - CVE-2019-6128
+# - CVE-2019-7663
# 4.0.9-r1:
# - CVE-2017-18013
# 4.0.9-r0:
@@ -64,4 +69,6 @@ tools() {
mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
}
-sha512sums="d213e5db09fd56b8977b187c5a756f60d6e3e998be172550c2892dbdb4b2a8e8c750202bc863fe27d0d1c577ab9de1710d15e9f6ed665aadbfd857525a81eea8 tiff-4.0.10.tar.gz"
+sha512sums="d213e5db09fd56b8977b187c5a756f60d6e3e998be172550c2892dbdb4b2a8e8c750202bc863fe27d0d1c577ab9de1710d15e9f6ed665aadbfd857525a81eea8 tiff-4.0.10.tar.gz
+8dc336e6c863524e3622f61ec6583eebe13fde55649cd8c812e3f6752242a23ff72cfb680dfcbe47d1503a058f5f9001415ae112220729e4ab50fe81190e327e CVE-2019-6128.patch
+6fb7e9aa0afbae96fd6e78c2401262e496f5d62980ea02712bc43f8749341d030df3625f10413f5ed3e130e88d609c2374ae69807a1f9e54ed91cbd8411aab62 CVE-2019-7663.patch"
diff --git a/user/tiff/CVE-2019-6128.patch b/user/tiff/CVE-2019-6128.patch
new file mode 100644
index 000000000..1b15b6f01
--- /dev/null
+++ b/user/tiff/CVE-2019-6128.patch
@@ -0,0 +1,49 @@
+From 0c74a9f49b8d7a36b17b54a7428b3526d20f88a8 Mon Sep 17 00:00:00 2001
+From: Scott Gayou <github.scott@gmail.com>
+Date: Wed, 23 Jan 2019 15:03:53 -0500
+Subject: [PATCH] Fix for simple memory leak that was assigned CVE-2019-6128.
+
+pal2rgb failed to free memory on a few errors. This was reported
+here: http://bugzilla.maptools.org/show_bug.cgi?id=2836.
+---
+ tools/pal2rgb.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/tools/pal2rgb.c b/tools/pal2rgb.c
+index 01d8502e..9492f1cf 100644
+--- a/tools/pal2rgb.c
++++ b/tools/pal2rgb.c
+@@ -118,12 +118,14 @@ main(int argc, char* argv[])
+ shortv != PHOTOMETRIC_PALETTE) {
+ fprintf(stderr, "%s: Expecting a palette image.\n",
+ argv[optind]);
++ (void) TIFFClose(in);
+ return (-1);
+ }
+ if (!TIFFGetField(in, TIFFTAG_COLORMAP, &rmap, &gmap, &bmap)) {
+ fprintf(stderr,
+ "%s: No colormap (not a valid palette image).\n",
+ argv[optind]);
++ (void) TIFFClose(in);
+ return (-1);
+ }
+ bitspersample = 0;
+@@ -131,11 +133,14 @@ main(int argc, char* argv[])
+ if (bitspersample != 8) {
+ fprintf(stderr, "%s: Sorry, can only handle 8-bit images.\n",
+ argv[optind]);
++ (void) TIFFClose(in);
+ return (-1);
+ }
+ out = TIFFOpen(argv[optind+1], "w");
+- if (out == NULL)
++ if (out == NULL) {
++ (void) TIFFClose(in);
+ return (-2);
++ }
+ cpTags(in, out);
+ TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &imagewidth);
+ TIFFGetField(in, TIFFTAG_IMAGELENGTH, &imagelength);
+--
+2.21.0
+
diff --git a/user/tiff/CVE-2019-7663.patch b/user/tiff/CVE-2019-7663.patch
new file mode 100644
index 000000000..8049566c6
--- /dev/null
+++ b/user/tiff/CVE-2019-7663.patch
@@ -0,0 +1,37 @@
+From 802d3cbf3043be5dce5317e140ccb1c17a6a2d39 Mon Sep 17 00:00:00 2001
+From: Thomas Bernard <miniupnp@free.fr>
+Date: Tue, 29 Jan 2019 11:21:47 +0100
+Subject: [PATCH] TIFFWriteDirectoryTagTransferfunction() : fix NULL
+ dereferencing
+
+http://bugzilla.maptools.org/show_bug.cgi?id=2833
+
+we must check the pointer is not NULL before memcmp() the memory
+---
+ libtiff/tif_dirwrite.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
+index c15a28db..ef30c869 100644
+--- a/libtiff/tif_dirwrite.c
++++ b/libtiff/tif_dirwrite.c
+@@ -1893,12 +1893,14 @@ TIFFWriteDirectoryTagTransferfunction(TIFF* tif, uint32* ndir, TIFFDirEntry* dir
+ n=3;
+ if (n==3)
+ {
+- if (!_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[2],m*sizeof(uint16)))
++ if (tif->tif_dir.td_transferfunction[2] == NULL ||
++ !_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[2],m*sizeof(uint16)))
+ n=2;
+ }
+ if (n==2)
+ {
+- if (!_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[1],m*sizeof(uint16)))
++ if (tif->tif_dir.td_transferfunction[1] == NULL ||
++ !_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[1],m*sizeof(uint16)))
+ n=1;
+ }
+ if (n==0)
+--
+2.21.0
+