tiff: backport the fix for CVE-2022-2056, CVE-2022-2057, and CVE-2022-2058

(From OE-Core rev: dc627cea881a98e451766a8fa3a5edf82f7477c0) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit a84538dbe760fed94cfe22a39b0a6f95c61c307d) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Ross Burton <ross.burton@arm.com> 2022-07-11 14:19:03 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-07-16 06:52:45 +0100
commit: 39e1584719b28a57fa5345f2f936729b676e2ab7 (patch)
tree: f2e9052763d153c75313191f0af9aaaf55107afc
parent: 917569e54b6a6a7fbcfba24b70fd0aac4a53639d (diff)
download: poky-39e1584719b28a57fa5345f2f936729b676e2ab7.tar.gz
2 files changed, 183 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtiff/tiff/0001-fix-the-FPE-in-tiffcrop-415-427-and-428.patch b/meta/recipes-multimedia/libtiff/tiff/0001-fix-the-FPE-in-tiffcrop-415-427-and-428.patch
new file mode 100644
index 0000000000..a28df6ed8c
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/0001-fix-the-FPE-in-tiffcrop-415-427-and-428.patch
@@ -0,0 +1,182 @@
+From 029da2cf70e8e38f10d62d4b0be440fb9d145af0 Mon Sep 17 00:00:00 2001
+From: 4ugustus <wangdw.augustus@qq.com>
+Date: Sat, 11 Jun 2022 09:31:43 +0000
+Subject: [PATCH] fix the FPE in tiffcrop (#415, #427, and #428)
+CVE: CVE-2022-2056 CVE-2022-2057 CVE-2022-2058
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+Signed-off-by: Steve Sakoman <steve@sakoman.com>
+---
+ libtiff/tif_aux.c |  9 +++++++
+ libtiff/tiffiop.h |  1 +
+ tools/tiffcrop.c  | 62 ++++++++++++++++++++++++++---------------------
+ 3 files changed, 44 insertions(+), 28 deletions(-)
+diff --git a/libtiff/tif_aux.c b/libtiff/tif_aux.c
+index 140f26c..5b88c8d 100644
+--- a/libtiff/tif_aux.c
+++ b/libtiff/tif_aux.c
+@@ -402,6 +402,15 @@ float _TIFFClampDoubleToFloat( double val )
+     return (float)val;
+ }
+ 
+uint32_t _TIFFClampDoubleToUInt32(double val)
+{
+    if( val < 0 )
+        return 0;
+    if( val > 0xFFFFFFFFU || val != val )
+        return 0xFFFFFFFFU;
+    return (uint32_t)val;
+}
+
+ int _TIFFSeekOK(TIFF* tif, toff_t off)
+ {
+     /* Huge offsets, especially -1 / UINT64_MAX, can cause issues */
+diff --git a/libtiff/tiffiop.h b/libtiff/tiffiop.h
+index f1151f5..c1d0276 100644
+--- a/libtiff/tiffiop.h
+++ b/libtiff/tiffiop.h
+@@ -368,6 +368,7 @@ extern double _TIFFUInt64ToDouble(uint64_t);
+ extern float _TIFFUInt64ToFloat(uint64_t);
+ 
+ extern float _TIFFClampDoubleToFloat(double);
+extern uint32_t _TIFFClampDoubleToUInt32(double);
+ 
+ extern tmsize_t
+ _TIFFReadEncodedStripAndAllocBuffer(TIFF* tif, uint32_t strip,
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index e407bf5..b9b13d8 100644
+--- a/tools/tiffcrop.c
+++ b/tools/tiffcrop.c
+@@ -5182,17 +5182,17 @@ computeInputPixelOffsets(struct crop_mask *crop, struct image_data *image,
+       {
+       if ((crop->res_unit == RESUNIT_INCH) || (crop->res_unit == RESUNIT_CENTIMETER))
+         {
+-       x1 = (uint32_t) (crop->corners[i].X1 * scale * xres);
+-       x2 = (uint32_t) (crop->corners[i].X2 * scale * xres);
+-       y1 = (uint32_t) (crop->corners[i].Y1 * scale * yres);
+-       y2 = (uint32_t) (crop->corners[i].Y2 * scale * yres);
+       x1 = _TIFFClampDoubleToUInt32(crop->corners[i].X1 * scale * xres);
+       x2 = _TIFFClampDoubleToUInt32(crop->corners[i].X2 * scale * xres);
+       y1 = _TIFFClampDoubleToUInt32(crop->corners[i].Y1 * scale * yres);
+       y2 = _TIFFClampDoubleToUInt32(crop->corners[i].Y2 * scale * yres);
+         }
+       else
+         {
+-       x1 = (uint32_t) (crop->corners[i].X1);
+-       x2 = (uint32_t) (crop->corners[i].X2);
+-       y1 = (uint32_t) (crop->corners[i].Y1);
+-       y2 = (uint32_t) (crop->corners[i].Y2);
+       x1 = _TIFFClampDoubleToUInt32(crop->corners[i].X1);
+       x2 = _TIFFClampDoubleToUInt32(crop->corners[i].X2);
+       y1 = _TIFFClampDoubleToUInt32(crop->corners[i].Y1);
+       y2 = _TIFFClampDoubleToUInt32(crop->corners[i].Y2);
+        }
+       if (x1 < 1)
+         crop->regionlist[i].x1 = 0;
+@@ -5255,17 +5255,17 @@ computeInputPixelOffsets(struct crop_mask *crop, struct image_data *image,
+     {
+     if (crop->res_unit != RESUNIT_INCH && crop->res_unit != RESUNIT_CENTIMETER)
+       { /* User has specified pixels as reference unit */
+-      tmargin = (uint32_t)(crop->margins[0]);
+-      lmargin = (uint32_t)(crop->margins[1]);
+-      bmargin = (uint32_t)(crop->margins[2]);
+-      rmargin = (uint32_t)(crop->margins[3]);
+      tmargin = _TIFFClampDoubleToUInt32(crop->margins[0]);
+      lmargin = _TIFFClampDoubleToUInt32(crop->margins[1]);
+      bmargin = _TIFFClampDoubleToUInt32(crop->margins[2]);
+      rmargin = _TIFFClampDoubleToUInt32(crop->margins[3]);
+       }
+     else
+       { /* inches or centimeters specified */
+-      tmargin = (uint32_t)(crop->margins[0] * scale * yres);
+-      lmargin = (uint32_t)(crop->margins[1] * scale * xres);
+-      bmargin = (uint32_t)(crop->margins[2] * scale * yres);
+-      rmargin = (uint32_t)(crop->margins[3] * scale * xres);
+      tmargin = _TIFFClampDoubleToUInt32(crop->margins[0] * scale * yres);
+      lmargin = _TIFFClampDoubleToUInt32(crop->margins[1] * scale * xres);
+      bmargin = _TIFFClampDoubleToUInt32(crop->margins[2] * scale * yres);
+      rmargin = _TIFFClampDoubleToUInt32(crop->margins[3] * scale * xres);
+       }
+ 
+     if ((lmargin + rmargin) > image->width)
+@@ -5295,24 +5295,24 @@ computeInputPixelOffsets(struct crop_mask *crop, struct image_data *image,
+   if (crop->res_unit != RESUNIT_INCH && crop->res_unit != RESUNIT_CENTIMETER)
+     {
+     if (crop->crop_mode & CROP_WIDTH)
+-      width = (uint32_t)crop->width;
+      width = _TIFFClampDoubleToUInt32(crop->width);
+     else
+       width = image->width - lmargin - rmargin;
+ 
+     if (crop->crop_mode & CROP_LENGTH)
+-      length  = (uint32_t)crop->length;
+      length  = _TIFFClampDoubleToUInt32(crop->length);
+     else
+       length = image->length - tmargin - bmargin;
+     }
+   else
+     {
+     if (crop->crop_mode & CROP_WIDTH)
+-      width = (uint32_t)(crop->width * scale * image->xres);
+      width = _TIFFClampDoubleToUInt32(crop->width * scale * image->xres);
+     else
+       width = image->width - lmargin - rmargin;
+ 
+     if (crop->crop_mode & CROP_LENGTH)
+-      length  = (uint32_t)(crop->length * scale * image->yres);
+      length  = _TIFFClampDoubleToUInt32(crop->length * scale * image->yres);
+     else
+       length = image->length - tmargin - bmargin;
+     }
+@@ -5711,13 +5711,13 @@ computeOutputPixelOffsets (struct crop_mask *crop, struct image_data *image,
+     {
+     if (page->res_unit == RESUNIT_INCH || page->res_unit == RESUNIT_CENTIMETER)
+       { /* inches or centimeters specified */
+-      hmargin = (uint32_t)(page->hmargin * scale * page->hres * ((image->bps + 7) / 8));
+-      vmargin = (uint32_t)(page->vmargin * scale * page->vres * ((image->bps + 7) / 8));
+      hmargin = _TIFFClampDoubleToUInt32(page->hmargin * scale * page->hres * ((image->bps + 7) / 8));
+      vmargin = _TIFFClampDoubleToUInt32(page->vmargin * scale * page->vres * ((image->bps + 7) / 8));
+       }
+     else
+       { /* Otherwise user has specified pixels as reference unit */
+-      hmargin = (uint32_t)(page->hmargin * scale * ((image->bps + 7) / 8));
+-      vmargin = (uint32_t)(page->vmargin * scale * ((image->bps + 7) / 8));
+      hmargin = _TIFFClampDoubleToUInt32(page->hmargin * scale * ((image->bps + 7) / 8));
+      vmargin = _TIFFClampDoubleToUInt32(page->vmargin * scale * ((image->bps + 7) / 8));
+       }
+ 
+     if ((hmargin * 2.0) > (pwidth * page->hres))
+@@ -5755,13 +5755,13 @@ computeOutputPixelOffsets (struct crop_mask *crop, struct image_data *image,
+     {
+     if (page->mode & PAGE_MODE_PAPERSIZE )
+       {
+-      owidth  = (uint32_t)((pwidth * page->hres) - (hmargin * 2));
+-      olength = (uint32_t)((plength * page->vres) - (vmargin * 2));
+      owidth  = _TIFFClampDoubleToUInt32((pwidth * page->hres) - (hmargin * 2));
+      olength = _TIFFClampDoubleToUInt32((plength * page->vres) - (vmargin * 2));
+       }
+     else
+       {
+-      owidth = (uint32_t)(iwidth - (hmargin * 2 * page->hres));
+-      olength = (uint32_t)(ilength - (vmargin * 2 * page->vres));
+      owidth = _TIFFClampDoubleToUInt32(iwidth - (hmargin * 2 * page->hres));
+      olength = _TIFFClampDoubleToUInt32(ilength - (vmargin * 2 * page->vres));
+       }
+     }
+ 
+@@ -5770,6 +5770,12 @@ computeOutputPixelOffsets (struct crop_mask *crop, struct image_data *image,
+   if (olength > ilength)
+     olength = ilength;
+ 
+  if (owidth == 0 || olength == 0)
+  {
+    TIFFError("computeOutputPixelOffsets", "Integer overflow when calculating the number of pages");
+    exit(EXIT_FAILURE);
+  }
+
+   /* Compute the number of pages required for Portrait or Landscape */
+   switch (page->orient)
+     {
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
index 7a5e4816a6..c2d4b35d49 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
@@ -18,6 +18,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
           file://0004-TIFFFetchNormalTag-avoid-calling-memcpy-with-a-null-.patch \
           file://0005-fix-the-FPE-in-tiffcrop-393.patch \
           file://0006-fix-heap-buffer-overflow-in-tiffcp-278.patch \
+           file://0001-fix-the-FPE-in-tiffcrop-415-427-and-428.patch \
           "
 SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8"
author	Ross Burton <ross.burton@arm.com>	2022-07-11 14:19:03 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-07-16 06:52:45 +0100
commit	39e1584719b28a57fa5345f2f936729b676e2ab7 (patch)
tree	f2e9052763d153c75313191f0af9aaaf55107afc
parent	917569e54b6a6a7fbcfba24b70fd0aac4a53639d (diff)
download	poky-39e1584719b28a57fa5345f2f936729b676e2ab7.tar.gz

diff --git a/meta/recipes-multimedia/libtiff/tiff/0001-fix-the-FPE-in-tiffcrop-415-427-and-428.patch b/meta/recipes-multimedia/libtiff/tiff/0001-fix-the-FPE-in-tiffcrop-415-427-and-428.patch new file mode 100644 index 0000000000..a28df6ed8c --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/0001-fix-the-FPE-in-tiffcrop-415-427-and-428.patch
@@ -0,0 +1,182 @@
		1	From 029da2cf70e8e38f10d62d4b0be440fb9d145af0 Mon Sep 17 00:00:00 2001
		2	From: 4ugustus <wangdw.augustus@qq.com>
		3	Date: Sat, 11 Jun 2022 09:31:43 +0000
		4	Subject: [PATCH] fix the FPE in tiffcrop (#415, #427, and #428)
		5
		6	CVE: CVE-2022-2056 CVE-2022-2057 CVE-2022-2058
		7	Upstream-Status: Backport
		8	Signed-off-by: Ross Burton <ross.burton@arm.com>
		9	Signed-off-by: Steve Sakoman <steve@sakoman.com>
		10
		11	---
		12	libtiff/tif_aux.c \| 9 +++++++
		13	libtiff/tiffiop.h \| 1 +
		14	tools/tiffcrop.c \| 62 ++++++++++++++++++++++++++---------------------
		15	3 files changed, 44 insertions(+), 28 deletions(-)
		16
		17	diff --git a/libtiff/tif_aux.c b/libtiff/tif_aux.c
		18	index 140f26c..5b88c8d 100644
		19	--- a/libtiff/tif_aux.c
		20	+++ b/libtiff/tif_aux.c
		21	@@ -402,6 +402,15 @@ float _TIFFClampDoubleToFloat( double val )
		22	return (float)val;
		23	}
		24
		25	+uint32_t _TIFFClampDoubleToUInt32(double val)
		26	+{
		27	+ if( val < 0 )
		28	+ return 0;
		29	+ if( val > 0xFFFFFFFFU \|\| val != val )
		30	+ return 0xFFFFFFFFU;
		31	+ return (uint32_t)val;
		32	+}
		33	+
		34	int _TIFFSeekOK(TIFF* tif, toff_t off)
		35	{
		36	/* Huge offsets, especially -1 / UINT64_MAX, can cause issues */
		37	diff --git a/libtiff/tiffiop.h b/libtiff/tiffiop.h
		38	index f1151f5..c1d0276 100644
		39	--- a/libtiff/tiffiop.h
		40	+++ b/libtiff/tiffiop.h
		41	@@ -368,6 +368,7 @@ extern double _TIFFUInt64ToDouble(uint64_t);
		42	extern float _TIFFUInt64ToFloat(uint64_t);
		43
		44	extern float _TIFFClampDoubleToFloat(double);
		45	+extern uint32_t _TIFFClampDoubleToUInt32(double);
		46
		47	extern tmsize_t
		48	_TIFFReadEncodedStripAndAllocBuffer(TIFF* tif, uint32_t strip,
		49	diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
		50	index e407bf5..b9b13d8 100644
		51	--- a/tools/tiffcrop.c
		52	+++ b/tools/tiffcrop.c
		53	@@ -5182,17 +5182,17 @@ computeInputPixelOffsets(struct crop_mask crop, struct image_data image,
		54	{
		55	if ((crop->res_unit == RESUNIT_INCH) \|\| (crop->res_unit == RESUNIT_CENTIMETER))
		56	{
		57	- x1 = (uint32_t) (crop->corners[i].X1 * scale * xres);
		58	- x2 = (uint32_t) (crop->corners[i].X2 * scale * xres);
		59	- y1 = (uint32_t) (crop->corners[i].Y1 * scale * yres);
		60	- y2 = (uint32_t) (crop->corners[i].Y2 * scale * yres);
		61	+ x1 = _TIFFClampDoubleToUInt32(crop->corners[i].X1 * scale * xres);
		62	+ x2 = _TIFFClampDoubleToUInt32(crop->corners[i].X2 * scale * xres);
		63	+ y1 = _TIFFClampDoubleToUInt32(crop->corners[i].Y1 * scale * yres);
		64	+ y2 = _TIFFClampDoubleToUInt32(crop->corners[i].Y2 * scale * yres);
		65	}
		66	else
		67	{
		68	- x1 = (uint32_t) (crop->corners[i].X1);
		69	- x2 = (uint32_t) (crop->corners[i].X2);
		70	- y1 = (uint32_t) (crop->corners[i].Y1);
		71	- y2 = (uint32_t) (crop->corners[i].Y2);
		72	+ x1 = _TIFFClampDoubleToUInt32(crop->corners[i].X1);
		73	+ x2 = _TIFFClampDoubleToUInt32(crop->corners[i].X2);
		74	+ y1 = _TIFFClampDoubleToUInt32(crop->corners[i].Y1);
		75	+ y2 = _TIFFClampDoubleToUInt32(crop->corners[i].Y2);
		76	}
		77	if (x1 < 1)
		78	crop->regionlist[i].x1 = 0;
		79	@@ -5255,17 +5255,17 @@ computeInputPixelOffsets(struct crop_mask crop, struct image_data image,
		80	{
		81	if (crop->res_unit != RESUNIT_INCH && crop->res_unit != RESUNIT_CENTIMETER)
		82	{ /* User has specified pixels as reference unit */
		83	- tmargin = (uint32_t)(crop->margins[0]);
		84	- lmargin = (uint32_t)(crop->margins[1]);
		85	- bmargin = (uint32_t)(crop->margins[2]);
		86	- rmargin = (uint32_t)(crop->margins[3]);
		87	+ tmargin = _TIFFClampDoubleToUInt32(crop->margins[0]);
		88	+ lmargin = _TIFFClampDoubleToUInt32(crop->margins[1]);
		89	+ bmargin = _TIFFClampDoubleToUInt32(crop->margins[2]);
		90	+ rmargin = _TIFFClampDoubleToUInt32(crop->margins[3]);
		91	}
		92	else
		93	{ /* inches or centimeters specified */
		94	- tmargin = (uint32_t)(crop->margins[0] * scale * yres);
		95	- lmargin = (uint32_t)(crop->margins[1] * scale * xres);
		96	- bmargin = (uint32_t)(crop->margins[2] * scale * yres);
		97	- rmargin = (uint32_t)(crop->margins[3] * scale * xres);
		98	+ tmargin = _TIFFClampDoubleToUInt32(crop->margins[0] * scale * yres);
		99	+ lmargin = _TIFFClampDoubleToUInt32(crop->margins[1] * scale * xres);
		100	+ bmargin = _TIFFClampDoubleToUInt32(crop->margins[2] * scale * yres);
		101	+ rmargin = _TIFFClampDoubleToUInt32(crop->margins[3] * scale * xres);
		102	}
		103
		104	if ((lmargin + rmargin) > image->width)
		105	@@ -5295,24 +5295,24 @@ computeInputPixelOffsets(struct crop_mask crop, struct image_data image,
		106	if (crop->res_unit != RESUNIT_INCH && crop->res_unit != RESUNIT_CENTIMETER)
		107	{
		108	if (crop->crop_mode & CROP_WIDTH)
		109	- width = (uint32_t)crop->width;
		110	+ width = _TIFFClampDoubleToUInt32(crop->width);
		111	else
		112	width = image->width - lmargin - rmargin;
		113
		114	if (crop->crop_mode & CROP_LENGTH)
		115	- length = (uint32_t)crop->length;
		116	+ length = _TIFFClampDoubleToUInt32(crop->length);
		117	else
		118	length = image->length - tmargin - bmargin;
		119	}
		120	else
		121	{
		122	if (crop->crop_mode & CROP_WIDTH)
		123	- width = (uint32_t)(crop->width * scale * image->xres);
		124	+ width = _TIFFClampDoubleToUInt32(crop->width * scale * image->xres);
		125	else
		126	width = image->width - lmargin - rmargin;
		127
		128	if (crop->crop_mode & CROP_LENGTH)
		129	- length = (uint32_t)(crop->length * scale * image->yres);
		130	+ length = _TIFFClampDoubleToUInt32(crop->length * scale * image->yres);
		131	else
		132	length = image->length - tmargin - bmargin;
		133	}
		134	@@ -5711,13 +5711,13 @@ computeOutputPixelOffsets (struct crop_mask crop, struct image_data image,
		135	{
		136	if (page->res_unit == RESUNIT_INCH \|\| page->res_unit == RESUNIT_CENTIMETER)
		137	{ /* inches or centimeters specified */
		138	- hmargin = (uint32_t)(page->hmargin * scale * page->hres * ((image->bps + 7) / 8));
		139	- vmargin = (uint32_t)(page->vmargin * scale * page->vres * ((image->bps + 7) / 8));
		140	+ hmargin = _TIFFClampDoubleToUInt32(page->hmargin * scale * page->hres * ((image->bps + 7) / 8));
		141	+ vmargin = _TIFFClampDoubleToUInt32(page->vmargin * scale * page->vres * ((image->bps + 7) / 8));
		142	}
		143	else
		144	{ /* Otherwise user has specified pixels as reference unit */
		145	- hmargin = (uint32_t)(page->hmargin * scale * ((image->bps + 7) / 8));
		146	- vmargin = (uint32_t)(page->vmargin * scale * ((image->bps + 7) / 8));
		147	+ hmargin = _TIFFClampDoubleToUInt32(page->hmargin * scale * ((image->bps + 7) / 8));
		148	+ vmargin = _TIFFClampDoubleToUInt32(page->vmargin * scale * ((image->bps + 7) / 8));
		149	}
		150
		151	if ((hmargin * 2.0) > (pwidth * page->hres))
		152	@@ -5755,13 +5755,13 @@ computeOutputPixelOffsets (struct crop_mask crop, struct image_data image,
		153	{
		154	if (page->mode & PAGE_MODE_PAPERSIZE )
		155	{
		156	- owidth = (uint32_t)((pwidth * page->hres) - (hmargin * 2));
		157	- olength = (uint32_t)((plength * page->vres) - (vmargin * 2));
		158	+ owidth = _TIFFClampDoubleToUInt32((pwidth * page->hres) - (hmargin * 2));
		159	+ olength = _TIFFClampDoubleToUInt32((plength * page->vres) - (vmargin * 2));
		160	}
		161	else
		162	{
		163	- owidth = (uint32_t)(iwidth - (hmargin * 2 * page->hres));
		164	- olength = (uint32_t)(ilength - (vmargin * 2 * page->vres));
		165	+ owidth = _TIFFClampDoubleToUInt32(iwidth - (hmargin * 2 * page->hres));
		166	+ olength = _TIFFClampDoubleToUInt32(ilength - (vmargin * 2 * page->vres));
		167	}
		168	}
		169
		170	@@ -5770,6 +5770,12 @@ computeOutputPixelOffsets (struct crop_mask crop, struct image_data image,
		171	if (olength > ilength)
		172	olength = ilength;
		173
		174	+ if (owidth == 0 \|\| olength == 0)
		175	+ {
		176	+ TIFFError("computeOutputPixelOffsets", "Integer overflow when calculating the number of pages");
		177	+ exit(EXIT_FAILURE);
		178	+ }
		179	+
		180	/* Compute the number of pages required for Portrait or Landscape */
		181	switch (page->orient)
		182	{


diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb index 7a5e4816a6..c2d4b35d49 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
@@ -18,6 +18,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
18	file://0004-TIFFFetchNormalTag-avoid-calling-memcpy-with-a-null-.patch \	18	file://0004-TIFFFetchNormalTag-avoid-calling-memcpy-with-a-null-.patch \
19	file://0005-fix-the-FPE-in-tiffcrop-393.patch \	19	file://0005-fix-the-FPE-in-tiffcrop-393.patch \
20	file://0006-fix-heap-buffer-overflow-in-tiffcp-278.patch \	20	file://0006-fix-heap-buffer-overflow-in-tiffcp-278.patch \
		21	file://0001-fix-the-FPE-in-tiffcrop-415-427-and-428.patch \
21	"	22	"
22		23
23	SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8"	24	SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8"