tiff: 4.0.8 -> 4.0.9

1.Upgrade tiff from 4.0.8 to 4.0.9. 2.Delete CVE-2017-10688.patch, CVE-2017-11335.patch, CVE-2017-13726.patch, CVE-2017-13727.patch, CVE-2017-9147.patch, CVE-2017-9936.patch, since it is integrated upstream. (From OE-Core rev: df894b523d74f8fd723d1c8fb03f55e46c6af0f5) Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Huang Qiyu <huangqy.fnst@cn.fujitsu.com> 2018-01-18 10:29:37 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-01-19 12:37:14 +0000
commit: 975591a8d6cbea068d52417df0dfdd20aa586175 (patch)
tree: a356cfaae66b4eff6569d6054acd8604964c9011 /meta/recipes-multimedia/libtiff/files/CVE-2017-11335.patch
parent: 6d22e5395408a98d1908a73297f0d07cde7591c7 (diff)
download: poky-975591a8d6cbea068d52417df0dfdd20aa586175.tar.gz
1 files changed, 0 insertions, 54 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2017-11335.patch b/meta/recipes-multimedia/libtiff/files/CVE-2017-11335.patch
deleted file mode 100644
index d08e7612b7..0000000000
--- a/meta/recipes-multimedia/libtiff/files/CVE-2017-11335.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From e8b15ccf8c9c593000f8202cf34cc6c4b936d01e Mon Sep 17 00:00:00 2001
-From: Even Rouault <even.rouault@spatialys.com>
-Date: Sat, 15 Jul 2017 11:13:46 +0000
-Subject: [PATCH] * tools/tiff2pdf.c: prevent heap buffer overflow write in
- "Raw" mode on PlanarConfig=Contig input images. Fixes
- http://bugzilla.maptools.org/show_bug.cgi?id=2715 Reported by team OWL337
-Upstream-Status: Backport
-[https://github.com/vadz/libtiff/commit/69bfeec247899776b1b396651adb47436e5f1556]
-CVE: CVE-2017-11355
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
- ChangeLog        | 7 +++++++
- tools/tiff2pdf.c | 7 ++++++-
- 2 files changed, 13 insertions(+), 1 deletion(-)
-diff --git a/ChangeLog b/ChangeLog
-index 42eaeb7..6980da8 100644
--- a/ChangeLog
-+++ b/ChangeLog
-@@ -1,3 +1,10 @@
-+2017-07-15  Even Rouault <even.rouault at spatialys.com>
-+
-+       * tools/tiff2pdf.c: prevent heap buffer overflow write in "Raw"
-+       mode on PlanarConfig=Contig input images.
-+       Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2715
-+       Reported by team OWL337
-+
- 2017-06-30  Even Rouault <even.rouault at spatialys.com>
- 
-        * libtiff/tif_dirwrite.c: in TIFFWriteDirectoryTagCheckedXXXX()
-diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c
-index db196e0..cd1e235 100644
--- a/tools/tiff2pdf.c
-+++ b/tools/tiff2pdf.c
-@@ -1737,7 +1737,12 @@ void t2p_read_tiff_data(T2P* t2p, TIFF* input){
-            return;
- 
-        t2p->pdf_transcode = T2P_TRANSCODE_ENCODE;
-       if(t2p->pdf_nopassthrough==0){
-+        /* It seems that T2P_TRANSCODE_RAW mode doesn't support separate->contig */
-+        /* conversion. At least t2p_read_tiff_size and t2p_read_tiff_size_tile */
-+        /* do not take into account the number of samples, and thus */
-+        /* that can cause heap buffer overflows such as in */
-+        /* http://bugzilla.maptools.org/show_bug.cgi?id=2715 */
-+       if(t2p->pdf_nopassthrough==0 && t2p->tiff_planar!=PLANARCONFIG_SEPARATE){
- #ifdef CCITT_SUPPORT
-                if(t2p->tiff_compression==COMPRESSION_CCITTFAX4  
-                        ){
-- 
-2.7.4
author	Huang Qiyu <huangqy.fnst@cn.fujitsu.com>	2018-01-18 10:29:37 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-01-19 12:37:14 +0000
commit	975591a8d6cbea068d52417df0dfdd20aa586175 (patch)
tree	a356cfaae66b4eff6569d6054acd8604964c9011 /meta/recipes-multimedia/libtiff/files/CVE-2017-11335.patch
parent	6d22e5395408a98d1908a73297f0d07cde7591c7 (diff)
download	poky-975591a8d6cbea068d52417df0dfdd20aa586175.tar.gz

diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2017-11335.patch b/meta/recipes-multimedia/libtiff/files/CVE-2017-11335.patch deleted file mode 100644 index d08e7612b7..0000000000 --- a/meta/recipes-multimedia/libtiff/files/CVE-2017-11335.patch +++ /dev/null
@@ -1,54 +0,0 @@
1	From e8b15ccf8c9c593000f8202cf34cc6c4b936d01e Mon Sep 17 00:00:00 2001
2	From: Even Rouault <even.rouault@spatialys.com>
3	Date: Sat, 15 Jul 2017 11:13:46 +0000
4	Subject: [PATCH] * tools/tiff2pdf.c: prevent heap buffer overflow write in
5	"Raw" mode on PlanarConfig=Contig input images. Fixes
6	http://bugzilla.maptools.org/show_bug.cgi?id=2715 Reported by team OWL337
7
8	Upstream-Status: Backport
9	[https://github.com/vadz/libtiff/commit/69bfeec247899776b1b396651adb47436e5f1556]
10
11	CVE: CVE-2017-11355
12
13	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
14	---
15	ChangeLog \| 7 +++++++
16	tools/tiff2pdf.c \| 7 ++++++-
17	2 files changed, 13 insertions(+), 1 deletion(-)
18
19	diff --git a/ChangeLog b/ChangeLog
20	index 42eaeb7..6980da8 100644
21	--- a/ChangeLog
22	+++ b/ChangeLog
23	@@ -1,3 +1,10 @@
24	+2017-07-15 Even Rouault <even.rouault at spatialys.com>
25	+
26	+ * tools/tiff2pdf.c: prevent heap buffer overflow write in "Raw"
27	+ mode on PlanarConfig=Contig input images.
28	+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2715
29	+ Reported by team OWL337
30	+
31	2017-06-30 Even Rouault <even.rouault at spatialys.com>
32
33	* libtiff/tif_dirwrite.c: in TIFFWriteDirectoryTagCheckedXXXX()
34	diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c
35	index db196e0..cd1e235 100644
36	--- a/tools/tiff2pdf.c
37	+++ b/tools/tiff2pdf.c
38	@@ -1737,7 +1737,12 @@ void t2p_read_tiff_data(T2P* t2p, TIFF* input){
39	return;
40
41	t2p->pdf_transcode = T2P_TRANSCODE_ENCODE;
42	- if(t2p->pdf_nopassthrough==0){
43	+ /* It seems that T2P_TRANSCODE_RAW mode doesn't support separate->contig */
44	+ /* conversion. At least t2p_read_tiff_size and t2p_read_tiff_size_tile */
45	+ /* do not take into account the number of samples, and thus */
46	+ /* that can cause heap buffer overflows such as in */
47	+ /* http://bugzilla.maptools.org/show_bug.cgi?id=2715 */
48	+ if(t2p->pdf_nopassthrough==0 && t2p->tiff_planar!=PLANARCONFIG_SEPARATE){
49	#ifdef CCITT_SUPPORT
50	if(t2p->tiff_compression==COMPRESSION_CCITTFAX4
51	){
52	--
53	2.7.4
54