tiff: fix multiple CVEs

Backport fixes for: * CVE-2023-2908 - Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f * CVE-2023-3316 - Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/d63de61b1ec3385f6383ef9a1f453e4b8b11d536 * CVE-2023-3618 - Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/881a070194783561fd209b7c789a4e75566f7f37 && https://gitlab.com/libtiff/libtiff/-/commit/b5c7d4c4e03333ac16b5cfb11acaaeaa493334f8 (From OE-Core rev: 4929d08cefac9ae2ebbdf94ccdc51a0f67f28164) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Hitendra Prajapati <hprajapati@mvista.com> 2023-08-02 11:05:52 +0530
committer: Steve Sakoman <steve@sakoman.com> 2023-08-16 03:55:12 -1000
commit: ebca640cbb023aaa9d5fa0516fb13c395136f60c (patch)
tree: 961b842edad37feb7af855abaf950befee62c02b /meta/recipes-multimedia/libtiff/files/CVE-2023-2908.patch
parent: b5f81a875de8a146c4f698d9bd06ac1a152a01f7 (diff)
download: poky-ebca640cbb023aaa9d5fa0516fb13c395136f60c.tar.gz
1 files changed, 33 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-2908.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-2908.patch
new file mode 100644
index 0000000000..62a5e1831c
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2023-2908.patch
@@ -0,0 +1,33 @@
+From 8c0859a80444c90b8dfb862a9f16de74e16f0a9e Mon Sep 17 00:00:00 2001
+From: xiaoxiaoafeifei <lliangliang2007@163.com>
+Date: Fri, 21 Apr 2023 13:01:34 +0000
+Subject: [PATCH] countInkNamesString(): fix `UndefinedBehaviorSanitizer`:
+ applying zero offset to null pointer
+Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f]
+CVE: CVE-2023-2908
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ libtiff/tif_dir.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c
+index 9d8267a..6389b40 100644
+--- a/libtiff/tif_dir.c
+++ b/libtiff/tif_dir.c
+@@ -145,10 +145,10 @@ static uint16
+ countInkNamesString(TIFF *tif, uint32 slen, const char *s)
+ {
+        uint16 i = 0;
+-       const char *ep = s + slen;
+-       const char *cp = s;
+ 
+        if (slen > 0) {
+               const char *ep = s + slen;
+               const char *cp = s;
+                do {
+                        for (; cp < ep && *cp != '\0'; cp++) {}
+                        if (cp >= ep)
+-- 
+2.25.1
author	Hitendra Prajapati <hprajapati@mvista.com>	2023-08-02 11:05:52 +0530
committer	Steve Sakoman <steve@sakoman.com>	2023-08-16 03:55:12 -1000
commit	ebca640cbb023aaa9d5fa0516fb13c395136f60c (patch)
tree	961b842edad37feb7af855abaf950befee62c02b /meta/recipes-multimedia/libtiff/files/CVE-2023-2908.patch
parent	b5f81a875de8a146c4f698d9bd06ac1a152a01f7 (diff)
download	poky-ebca640cbb023aaa9d5fa0516fb13c395136f60c.tar.gz

diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-2908.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-2908.patch new file mode 100644 index 0000000000..62a5e1831c --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/CVE-2023-2908.patch
@@ -0,0 +1,33 @@
	1	From 8c0859a80444c90b8dfb862a9f16de74e16f0a9e Mon Sep 17 00:00:00 2001
	2	From: xiaoxiaoafeifei <lliangliang2007@163.com>
	3	Date: Fri, 21 Apr 2023 13:01:34 +0000
	4	Subject: [PATCH] countInkNamesString(): fix `UndefinedBehaviorSanitizer`:
	5	applying zero offset to null pointer
	6
	7	Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f]
	8	CVE: CVE-2023-2908
	9	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
	10	---
	11	libtiff/tif_dir.c \| 4 ++--
	12	1 file changed, 2 insertions(+), 2 deletions(-)
	13
	14	diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c
	15	index 9d8267a..6389b40 100644
	16	--- a/libtiff/tif_dir.c
	17	+++ b/libtiff/tif_dir.c
	18	@@ -145,10 +145,10 @@ static uint16
	19	countInkNamesString(TIFF tif, uint32 slen, const char s)
	20	{
	21	uint16 i = 0;
	22	- const char *ep = s + slen;
	23	- const char *cp = s;
	24
	25	if (slen > 0) {
	26	+ const char *ep = s + slen;
	27	+ const char *cp = s;
	28	do {
	29	for (; cp < ep && *cp != '\0'; cp++) {}
	30	if (cp >= ep)
	31	--
	32	2.25.1
	33