tiff: Security fix CVE-2017-13726 and CVE-2017-13727

References: https://nvd.nist.gov/vuln/detail/CVE-2017-13726 https://nvd.nist.gov/vuln/detail/CVE-2017-13727 Patches from: CVE-2017-13726: https://github.com/vadz/libtiff/commit/f91ca83a21a6a583050e5a5755ce1441b2bf1d7e CVE-2017-13727: https://github.com/vadz/libtiff/commit/b6af137bf9ef852f1a48a50a5afb88f9e9da01cc (From OE-Core rev: 8dc9d74b7e6816f59eb61dcda6a93c0753a5e4ab) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Yi Zhao <yi.zhao@windriver.com> 2017-09-21 11:21:39 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-09-22 17:15:30 +0100
commit: 89c81eedcaf45eecad9e5b20214d89e15db310c7 (patch)
tree: 932a300156e1be7994c0b1aa6d05ed4c205287e9 /meta/recipes-multimedia/libtiff/files/CVE-2017-13726.patch
parent: 141bfb844ed3d36a873a6514ba28964d42fec70c (diff)
download: poky-89c81eedcaf45eecad9e5b20214d89e15db310c7.tar.gz
1 files changed, 54 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2017-13726.patch b/meta/recipes-multimedia/libtiff/files/CVE-2017-13726.patch
new file mode 100644
index 0000000000..c60ffa698d
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2017-13726.patch
@@ -0,0 +1,54 @@
+From 5317ce215936ce611846557bb104b49d3b4c8345 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Wed, 23 Aug 2017 13:21:41 +0000
+Subject: [PATCH] * libtiff/tif_dirwrite.c: replace assertion related to not
+ finding the SubIFD tag by runtime check. Fixes
+ http://bugzilla.maptools.org/show_bug.cgi?id=2727 Reported by team OWL337
+Upstream-Status: Backport
+[https://github.com/vadz/libtiff/commit/f91ca83a21a6a583050e5a5755ce1441b2bf1d7e]
+CVE: CVE-2017-13726
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ ChangeLog              | 7 +++++++
+ libtiff/tif_dirwrite.c | 7 ++++++-
+ 2 files changed, 13 insertions(+), 1 deletion(-)
+diff --git a/ChangeLog b/ChangeLog
+index 6980da8..3e299d9 100644
+--- a/ChangeLog
+++ b/ChangeLog
+@@ -1,3 +1,10 @@
+2017-08-23  Even Rouault <even.rouault at spatialys.com>
+
+       * libtiff/tif_dirwrite.c: replace assertion related to not finding the
+       SubIFD tag by runtime check.
+       Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2727
+       Reported by team OWL337
+
+ 2017-07-15  Even Rouault <even.rouault at spatialys.com>
+ 
+        * tools/tiff2pdf.c: prevent heap buffer overflow write in "Raw"
+diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
+index 8d6686b..14090ae 100644
+--- a/libtiff/tif_dirwrite.c
+++ b/libtiff/tif_dirwrite.c
+@@ -821,7 +821,12 @@ TIFFWriteDirectorySec(TIFF* tif, int isimage, int imagedone, uint64* pdiroff)
+                        TIFFDirEntry* nb;
+                        for (na=0, nb=dir; ; na++, nb++)
+                        {
+-                               assert(na<ndir);
+                               if( na == ndir )
+                                {
+                                    TIFFErrorExt(tif->tif_clientdata,module,
+                                                 "Cannot find SubIFD tag");
+                                    goto bad;
+                                }
+                                if (nb->tdir_tag==TIFFTAG_SUBIFD)
+                                        break;
+                        }
+-- 
+2.7.4
author	Yi Zhao <yi.zhao@windriver.com>	2017-09-21 11:21:39 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-09-22 17:15:30 +0100
commit	89c81eedcaf45eecad9e5b20214d89e15db310c7 (patch)
tree	932a300156e1be7994c0b1aa6d05ed4c205287e9 /meta/recipes-multimedia/libtiff/files/CVE-2017-13726.patch
parent	141bfb844ed3d36a873a6514ba28964d42fec70c (diff)
download	poky-89c81eedcaf45eecad9e5b20214d89e15db310c7.tar.gz

diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2017-13726.patch b/meta/recipes-multimedia/libtiff/files/CVE-2017-13726.patch new file mode 100644 index 0000000000..c60ffa698d --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/CVE-2017-13726.patch
@@ -0,0 +1,54 @@
	1	From 5317ce215936ce611846557bb104b49d3b4c8345 Mon Sep 17 00:00:00 2001
	2	From: Even Rouault <even.rouault@spatialys.com>
	3	Date: Wed, 23 Aug 2017 13:21:41 +0000
	4	Subject: [PATCH] * libtiff/tif_dirwrite.c: replace assertion related to not
	5	finding the SubIFD tag by runtime check. Fixes
	6	http://bugzilla.maptools.org/show_bug.cgi?id=2727 Reported by team OWL337
	7
	8	Upstream-Status: Backport
	9	[https://github.com/vadz/libtiff/commit/f91ca83a21a6a583050e5a5755ce1441b2bf1d7e]
	10
	11	CVE: CVE-2017-13726
	12
	13	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
	14	---
	15	ChangeLog \| 7 +++++++
	16	libtiff/tif_dirwrite.c \| 7 ++++++-
	17	2 files changed, 13 insertions(+), 1 deletion(-)
	18
	19	diff --git a/ChangeLog b/ChangeLog
	20	index 6980da8..3e299d9 100644
	21	--- a/ChangeLog
	22	+++ b/ChangeLog
	23	@@ -1,3 +1,10 @@
	24	+2017-08-23 Even Rouault <even.rouault at spatialys.com>
	25	+
	26	+ * libtiff/tif_dirwrite.c: replace assertion related to not finding the
	27	+ SubIFD tag by runtime check.
	28	+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2727
	29	+ Reported by team OWL337
	30	+
	31	2017-07-15 Even Rouault <even.rouault at spatialys.com>
	32
	33	* tools/tiff2pdf.c: prevent heap buffer overflow write in "Raw"
	34	diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
	35	index 8d6686b..14090ae 100644
	36	--- a/libtiff/tif_dirwrite.c
	37	+++ b/libtiff/tif_dirwrite.c
	38	@@ -821,7 +821,12 @@ TIFFWriteDirectorySec(TIFF* tif, int isimage, int imagedone, uint64* pdiroff)
	39	TIFFDirEntry* nb;
	40	for (na=0, nb=dir; ; na++, nb++)
	41	{
	42	- assert(na<ndir);
	43	+ if( na == ndir )
	44	+ {
	45	+ TIFFErrorExt(tif->tif_clientdata,module,
	46	+ "Cannot find SubIFD tag");
	47	+ goto bad;
	48	+ }
	49	if (nb->tdir_tag==TIFFTAG_SUBIFD)
	50	break;
	51	}
	52	--
	53	2.7.4
	54