summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRajkumar Veer <rveer@mvista.com>2017-11-03 22:25:08 -0700
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-11-21 14:43:53 +0000
commitf8db77f490f1c75770621c497549a00c5b8183cd (patch)
tree1a97992c06163d4d58c93557b90d70940a449d96
parent8192fe8abefdf37bfd1069819d04a666cd744fcb (diff)
downloadpoky-f8db77f490f1c75770621c497549a00c5b8183cd.tar.gz
tiff: Security fix for CVE-2017-7594
(From OE-Core rev: 7bdb52d06a46ad659fc85db1992f9c6ab2fcf065) Signed-off-by: Rajkumar Veer <rveer@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-multimedia/libtiff/files/CVE-2017-7594-p1.patch43
-rw-r--r--meta/recipes-multimedia/libtiff/files/CVE-2017-7594-p2.patch50
-rw-r--r--meta/recipes-multimedia/libtiff/tiff_4.0.7.bb2
3 files changed, 95 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2017-7594-p1.patch b/meta/recipes-multimedia/libtiff/files/CVE-2017-7594-p1.patch
new file mode 100644
index 0000000000..5c7e4603cc
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2017-7594-p1.patch
@@ -0,0 +1,43 @@
1rom 8283e4d1b7e53340684d12932880cbcbaf23a8c1 Mon Sep 17 00:00:00 2001
2From: erouault <erouault>
3Date: Thu, 12 Jan 2017 17:43:25 +0000
4
5* libtiff/tif_ojpeg.c: fix leak in OJPEGReadHeaderInfoSecTablesAcTable
6 when read fails.
7 Patch by Nicolas Pena.
8 Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2659
9
10Upstream-Status: Backport
11
12CVE: CVE-2017-7594 #patch1
13Signed-off-by: Rajkumar Veer <rveer@mvista.com>
14Index: tiff-4.0.7/ChangeLog
15===================================================================
16--- tiff-4.0.7.orig/ChangeLog 2017-04-24 16:13:15.000000000 +0530
17+++ tiff-4.0.7/ChangeLog 2017-04-24 16:50:26.465897646 +0530
18@@ -1,3 +1,10 @@
19+2017-01-12 Even Rouault <even.rouault at spatialys.com>
20+
21+ * libtiff/tif_ojpeg.c: fix leak in OJPEGReadHeaderInfoSecTablesAcTable
22+ when read fails.
23+ Patch by Nicolás Peña.
24+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2659
25+
26 2017-01-11 Even Rouault <even.rouault at spatialys.com>
27
28 * libtiff/tif_getimage.c: add explicit uint32 cast in putagreytile to
29Index: tiff-4.0.7/libtiff/tif_ojpeg.c
30===================================================================
31--- tiff-4.0.7.orig/libtiff/tif_ojpeg.c 2017-04-24 16:02:29.817973051 +0530
32+++ tiff-4.0.7/libtiff/tif_ojpeg.c 2017-04-24 16:52:27.349894477 +0530
33@@ -1918,7 +1918,10 @@
34 rb[sizeof(uint32)+5+n]=o[n];
35 p=(uint32)TIFFReadFile(tif,&(rb[sizeof(uint32)+21]),q);
36 if (p!=q)
37+ {
38+ _TIFFfree(rb);
39 return(0);
40+ }
41 sp->actable[m]=rb;
42 sp->sos_tda[m]=(sp->sos_tda[m]|m);
43 }
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2017-7594-p2.patch b/meta/recipes-multimedia/libtiff/files/CVE-2017-7594-p2.patch
new file mode 100644
index 0000000000..82a19c6810
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2017-7594-p2.patch
@@ -0,0 +1,50 @@
1From 2ea32f7372b65c24b2816f11c04bf59b5090d05b Mon Sep 17 00:00:00 2001
2From: erouault <erouault>
3Date: Thu, 12 Jan 2017 19:23:20 +0000
4Subject: [PATCH 2/2] * libtiff/tif_ojpeg.c: fix leak in
5 OJPEGReadHeaderInfoSecTablesQTable, OJPEGReadHeaderInfoSecTablesDcTable and
6 OJPEGReadHeaderInfoSecTablesAcTable
7
8Upstream-status: Backport
9
10CVE: CVE-2017-7594 #patch2
11Signed-off-by: Rajkumar Veer <rveer@mvista.com>
12Index: tiff-4.0.7/ChangeLog
13===================================================================
14--- tiff-4.0.7.orig/ChangeLog 2017-04-24 16:50:26.465897646 +0530
15+++ tiff-4.0.7/ChangeLog 2017-04-24 16:56:20.685888360 +0530
16@@ -1,6 +1,7 @@
17 2017-01-12 Even Rouault <even.rouault at spatialys.com>
18
19- * libtiff/tif_ojpeg.c: fix leak in OJPEGReadHeaderInfoSecTablesAcTable
20+ * libtiff/tif_ojpeg.c: fix leak in OJPEGReadHeaderInfoSecTablesQTable,
21+ OJPEGReadHeaderInfoSecTablesDcTable and OJPEGReadHeaderInfoSecTablesAcTable
22 when read fails.
23 Patch by Nicolás Peña.
24 Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2659
25Index: tiff-4.0.7/libtiff/tif_ojpeg.c
26===================================================================
27--- tiff-4.0.7.orig/libtiff/tif_ojpeg.c 2017-04-24 16:52:27.349894477 +0530
28+++ tiff-4.0.7/libtiff/tif_ojpeg.c 2017-04-24 16:59:20.001883660 +0530
29@@ -1790,7 +1790,10 @@
30 TIFFSeekFile(tif,sp->qtable_offset[m],SEEK_SET);
31 p=(uint32)TIFFReadFile(tif,&ob[sizeof(uint32)+5],64);
32 if (p!=64)
33+ {
34+ _TIFFfree(ob);
35 return(0);
36+ }
37 sp->qtable[m]=ob;
38 sp->sof_tq[m]=m;
39 }
40@@ -1854,7 +1857,10 @@
41 rb[sizeof(uint32)+5+n]=o[n];
42 p=(uint32)TIFFReadFile(tif,&(rb[sizeof(uint32)+21]),q);
43 if (p!=q)
44+ {
45+ _TIFFfree(rb);
46 return(0);
47+ }
48 sp->dctable[m]=rb;
49 sp->sos_tda[m]=(m<<4);
50 }
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.0.7.bb b/meta/recipes-multimedia/libtiff/tiff_4.0.7.bb
index 303eff088b..12ab9360a7 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.0.7.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.0.7.bb
@@ -19,6 +19,8 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
19 file://CVE-2016-10269.patch \ 19 file://CVE-2016-10269.patch \
20 file://CVE-2016-10270.patch \ 20 file://CVE-2016-10270.patch \
21 file://CVE-2017-7592.patch \ 21 file://CVE-2017-7592.patch \
22 file://CVE-2017-7594-p1.patch \
23 file://CVE-2017-7594-p2.patch \
22 " 24 "
23 25
24SRC_URI[md5sum] = "77ae928d2c6b7fb46a21c3a29325157b" 26SRC_URI[md5sum] = "77ae928d2c6b7fb46a21c3a29325157b"