diff options
author | sana kazi <sanakazisk19@gmail.com> | 2022-03-09 17:29:32 +0530 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-03-11 23:44:42 +0000 |
commit | ce4a1354ccfd7cfd226befd31c2dd2238b077250 (patch) | |
tree | 4335a03b14ea1a085c7229e3ecbcc240033ebfe1 | |
parent | f3baa35d4281ba0d56ade67463f5ca06550cd57b (diff) | |
download | poky-ce4a1354ccfd7cfd226befd31c2dd2238b077250.tar.gz |
tiff: Add backports for two CVEs from upstream
Based on commit from master
(From OE-Core rev: a5bb7cc568d5da3633f3854295b0ebe46a2dd863)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6ae14b4ff7a655b48c6d99ac565d12bf8825414f)
Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Sana Kazi <sanakazisk19@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
3 files changed, 60 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtiff/tiff/561599c99f987dc32ae110370cfdd7df7975586b.patch b/meta/recipes-multimedia/libtiff/tiff/561599c99f987dc32ae110370cfdd7df7975586b.patch new file mode 100644 index 0000000000..01ed5dcd24 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/561599c99f987dc32ae110370cfdd7df7975586b.patch | |||
@@ -0,0 +1,28 @@ | |||
1 | From 561599c99f987dc32ae110370cfdd7df7975586b Mon Sep 17 00:00:00 2001 | ||
2 | From: Even Rouault <even.rouault@spatialys.com> | ||
3 | Date: Sat, 5 Feb 2022 20:36:41 +0100 | ||
4 | Subject: [PATCH] TIFFReadDirectory(): avoid calling memcpy() with a null | ||
5 | source pointer and size of zero (fixes #362) | ||
6 | |||
7 | Upstream-Status: Backport | ||
8 | CVE: CVE-2022-0562 | ||
9 | Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> | ||
10 | Comment: Refreshed patch | ||
11 | --- | ||
12 | libtiff/tif_dirread.c | 3 ++- | ||
13 | 1 file changed, 2 insertions(+), 1 deletion(-) | ||
14 | |||
15 | diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c | ||
16 | index 2bbc4585..23194ced 100644 | ||
17 | --- a/libtiff/tif_dirread.c | ||
18 | +++ b/libtiff/tif_dirread.c | ||
19 | @@ -4126,7 +4126,8 @@ | ||
20 | goto bad; | ||
21 | } | ||
22 | |||
23 | - memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16)); | ||
24 | + if (old_extrasamples > 0) | ||
25 | + memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16)); | ||
26 | _TIFFsetShortArray(&tif->tif_dir.td_sampleinfo, new_sampleinfo, tif->tif_dir.td_extrasamples); | ||
27 | _TIFFfree(new_sampleinfo); | ||
28 | } | ||
diff --git a/meta/recipes-multimedia/libtiff/tiff/eecb0712f4c3a5b449f70c57988260a667ddbdef.patch b/meta/recipes-multimedia/libtiff/tiff/eecb0712f4c3a5b449f70c57988260a667ddbdef.patch new file mode 100644 index 0000000000..fc5d0ab5f4 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/eecb0712f4c3a5b449f70c57988260a667ddbdef.patch | |||
@@ -0,0 +1,30 @@ | |||
1 | From eecb0712f4c3a5b449f70c57988260a667ddbdef Mon Sep 17 00:00:00 2001 | ||
2 | From: Even Rouault <even.rouault@spatialys.com> | ||
3 | Date: Sun, 6 Feb 2022 13:08:38 +0100 | ||
4 | Subject: [PATCH] TIFFFetchStripThing(): avoid calling memcpy() with a null | ||
5 | source pointer and size of zero (fixes #362) | ||
6 | |||
7 | Upstream-Status: Backport | ||
8 | CVE: CVE-2022-0561 | ||
9 | Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> | ||
10 | Comment: Refreshed patch | ||
11 | --- | ||
12 | libtiff/tif_dirread.c | 5 +++-- | ||
13 | 1 file changed, 3 insertions(+), 2 deletions(-) | ||
14 | |||
15 | diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c | ||
16 | index 23194ced..50ebf8ac 100644 | ||
17 | --- a/libtiff/tif_dirread.c | ||
18 | +++ b/libtiff/tif_dirread.c | ||
19 | @@ -5683,8 +5682,9 @@ | ||
20 | _TIFFfree(data); | ||
21 | return(0); | ||
22 | } | ||
23 | - _TIFFmemcpy(resizeddata,data,(uint32)dir->tdir_count*sizeof(uint64)); | ||
24 | - _TIFFmemset(resizeddata+(uint32)dir->tdir_count,0,(nstrips-(uint32)dir->tdir_count)*sizeof(uint64)); | ||
25 | + if( dir->tdir_count ) | ||
26 | + _TIFFmemcpy(resizeddata,data, (uint32)dir->tdir_count * sizeof(uint64)); | ||
27 | + _TIFFmemset(resizeddata+(uint32)dir->tdir_count, 0, (nstrips - (uint32)dir->tdir_count) * sizeof(uint64)); | ||
28 | _TIFFfree(data); | ||
29 | data=resizeddata; | ||
30 | } | ||
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb index 0948bb4e2f..9db247ecc7 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb | |||
@@ -16,6 +16,8 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ | |||
16 | file://002_support_patch_for_CVE-2020-35521_and_CVE-2020-35522.patch \ | 16 | file://002_support_patch_for_CVE-2020-35521_and_CVE-2020-35522.patch \ |
17 | file://CVE-2020-35521_and_CVE-2020-35522.patch \ | 17 | file://CVE-2020-35521_and_CVE-2020-35522.patch \ |
18 | file://0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch \ | 18 | file://0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch \ |
19 | file://561599c99f987dc32ae110370cfdd7df7975586b.patch \ | ||
20 | file://eecb0712f4c3a5b449f70c57988260a667ddbdef.patch \ | ||
19 | " | 21 | " |
20 | SRC_URI[md5sum] = "2165e7aba557463acc0664e71a3ed424" | 22 | SRC_URI[md5sum] = "2165e7aba557463acc0664e71a3ed424" |
21 | SRC_URI[sha256sum] = "5d29f32517dadb6dbcd1255ea5bbc93a2b54b94fbf83653b4d65c7d6775b8634" | 23 | SRC_URI[sha256sum] = "5d29f32517dadb6dbcd1255ea5bbc93a2b54b94fbf83653b4d65c7d6775b8634" |