initial commit for Enea Linux 5.0 arm

Signed-off-by: Tudor Florea <tudor.florea@enea.com>
author: Tudor Florea <tudor.florea@enea.com> 2015-10-09 22:59:03 +0200
committer: Tudor Florea <tudor.florea@enea.com> 2015-10-09 22:59:03 +0200
commit: 972dcfcdbfe75dcfeb777150c136576cf1a71e99 (patch)
tree: 97a61cd7e293d7ae9d56ef7ed0f81253365bb026 /meta/recipes-multimedia/libtiff/files/tiff-CVE-2012-4564.patch
download: poky-972dcfcdbfe75dcfeb777150c136576cf1a71e99.tar.gz
1 files changed, 99 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/tiff-CVE-2012-4564.patch b/meta/recipes-multimedia/libtiff/files/tiff-CVE-2012-4564.patch
new file mode 100644
index 0000000000..23649790c4
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/tiff-CVE-2012-4564.patch
@@ -0,0 +1,99 @@
+Upstream-Status: Backport
+Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
+Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
+Index: tools/ppm2tiff.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/tools/ppm2tiff.c,v
+retrieving revision 1.16
+retrieving revision 1.18
+diff -u -r1.16 -r1.18
+--- a/tools/ppm2tiff.c  10 Apr 2010 19:22:34 -0000      1.16
+++ b/tools/ppm2tiff.c  10 Dec 2012 18:19:11 -0000      1.18
+@@ -1,4 +1,4 @@
+-/* $Id: ppm2tiff.c,v 1.16 2010-04-10 19:22:34 bfriesen Exp $ */
+/* $Id: ppm2tiff.c,v 1.18 2012-12-10 18:19:11 tgl Exp $ */
+ 
+ /*
+  * Copyright (c) 1991-1997 Sam Leffler
+@@ -72,6 +72,17 @@
+        exit(-2);
+ }
+ 
+static tmsize_t
+multiply_ms(tmsize_t m1, tmsize_t m2)
+{
+       tmsize_t bytes = m1 * m2;
+
+       if (m1 && bytes / m1 != m2)
+               bytes = 0;
+
+       return bytes;
+}
+
+ int
+ main(int argc, char* argv[])
+ {
+@@ -79,7 +90,7 @@
+        uint32 rowsperstrip = (uint32) -1;
+        double resolution = -1;
+        unsigned char *buf = NULL;
+-       tsize_t linebytes = 0;
+       tmsize_t linebytes = 0;
+        uint16 spp = 1;
+        uint16 bpp = 8;
+        TIFF *out;
+@@ -89,6 +100,7 @@
+        int c;
+        extern int optind;
+        extern char* optarg;
+       tmsize_t scanline_size;
+ 
+        if (argc < 2) {
+            fprintf(stderr, "%s: Too few arguments\n", argv[0]);
+@@ -221,7 +233,8 @@
+        }
+        switch (bpp) {
+                case 1:
+-                       linebytes = (spp * w + (8 - 1)) / 8;
+                       /* if round-up overflows, result will be zero, OK */
+                       linebytes = (multiply_ms(spp, w) + (8 - 1)) / 8;
+                        if (rowsperstrip == (uint32) -1) {
+                                TIFFSetField(out, TIFFTAG_ROWSPERSTRIP, h);
+                        } else {
+@@ -230,15 +243,31 @@
+                        }
+                        break;
+                case 8:
+-                       linebytes = spp * w;
+                       linebytes = multiply_ms(spp, w);
+                        TIFFSetField(out, TIFFTAG_ROWSPERSTRIP,
+                            TIFFDefaultStripSize(out, rowsperstrip));
+                        break;
+        }
+-       if (TIFFScanlineSize(out) > linebytes)
+       if (linebytes == 0) {
+               fprintf(stderr, "%s: scanline size overflow\n", infile);
+               (void) TIFFClose(out);
+               exit(-2);                                       
+       }
+       scanline_size = TIFFScanlineSize(out);
+       if (scanline_size == 0) {
+               /* overflow - TIFFScanlineSize already printed a message */
+               (void) TIFFClose(out);
+               exit(-2);                                       
+       }
+       if (scanline_size < linebytes)
+                buf = (unsigned char *)_TIFFmalloc(linebytes);
+        else
+-               buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
+               buf = (unsigned char *)_TIFFmalloc(scanline_size);
+       if (buf == NULL) {
+               fprintf(stderr, "%s: Not enough memory\n", infile);
+               (void) TIFFClose(out);
+               exit(-2);
+       }
+        if (resolution > 0) {
+                TIFFSetField(out, TIFFTAG_XRESOLUTION, resolution);
+                TIFFSetField(out, TIFFTAG_YRESOLUTION, resolution);
author	Tudor Florea <tudor.florea@enea.com>	2015-10-09 22:59:03 +0200
committer	Tudor Florea <tudor.florea@enea.com>	2015-10-09 22:59:03 +0200
commit	972dcfcdbfe75dcfeb777150c136576cf1a71e99 (patch)
tree	97a61cd7e293d7ae9d56ef7ed0f81253365bb026 /meta/recipes-multimedia/libtiff/files/tiff-CVE-2012-4564.patch
download	poky-972dcfcdbfe75dcfeb777150c136576cf1a71e99.tar.gz

diff --git a/meta/recipes-multimedia/libtiff/files/tiff-CVE-2012-4564.patch b/meta/recipes-multimedia/libtiff/files/tiff-CVE-2012-4564.patch new file mode 100644 index 0000000000..23649790c4 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/tiff-CVE-2012-4564.patch
@@ -0,0 +1,99 @@
	1	Upstream-Status: Backport
	2
	3	Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
	4	Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
	5
	6	Index: tools/ppm2tiff.c
	7	===================================================================
	8	RCS file: /cvs/maptools/cvsroot/libtiff/tools/ppm2tiff.c,v
	9	retrieving revision 1.16
	10	retrieving revision 1.18
	11	diff -u -r1.16 -r1.18
	12	--- a/tools/ppm2tiff.c 10 Apr 2010 19:22:34 -0000 1.16
	13	+++ b/tools/ppm2tiff.c 10 Dec 2012 18:19:11 -0000 1.18
	14	@@ -1,4 +1,4 @@
	15	-/* $Id: ppm2tiff.c,v 1.16 2010-04-10 19:22:34 bfriesen Exp $ */
	16	+/* $Id: ppm2tiff.c,v 1.18 2012-12-10 18:19:11 tgl Exp $ */
	17
	18	/*
	19	* Copyright (c) 1991-1997 Sam Leffler
	20	@@ -72,6 +72,17 @@
	21	exit(-2);
	22	}
	23
	24	+static tmsize_t
	25	+multiply_ms(tmsize_t m1, tmsize_t m2)
	26	+{
	27	+ tmsize_t bytes = m1 * m2;
	28	+
	29	+ if (m1 && bytes / m1 != m2)
	30	+ bytes = 0;
	31	+
	32	+ return bytes;
	33	+}
	34	+
	35	int
	36	main(int argc, char* argv[])
	37	{
	38	@@ -79,7 +90,7 @@
	39	uint32 rowsperstrip = (uint32) -1;
	40	double resolution = -1;
	41	unsigned char *buf = NULL;
	42	- tsize_t linebytes = 0;
	43	+ tmsize_t linebytes = 0;
	44	uint16 spp = 1;
	45	uint16 bpp = 8;
	46	TIFF *out;
	47	@@ -89,6 +100,7 @@
	48	int c;
	49	extern int optind;
	50	extern char* optarg;
	51	+ tmsize_t scanline_size;
	52
	53	if (argc < 2) {
	54	fprintf(stderr, "%s: Too few arguments\n", argv[0]);
	55	@@ -221,7 +233,8 @@
	56	}
	57	switch (bpp) {
	58	case 1:
	59	- linebytes = (spp * w + (8 - 1)) / 8;
	60	+ /* if round-up overflows, result will be zero, OK */
	61	+ linebytes = (multiply_ms(spp, w) + (8 - 1)) / 8;
	62	if (rowsperstrip == (uint32) -1) {
	63	TIFFSetField(out, TIFFTAG_ROWSPERSTRIP, h);
	64	} else {
	65	@@ -230,15 +243,31 @@
	66	}
	67	break;
	68	case 8:
	69	- linebytes = spp * w;
	70	+ linebytes = multiply_ms(spp, w);
	71	TIFFSetField(out, TIFFTAG_ROWSPERSTRIP,
	72	TIFFDefaultStripSize(out, rowsperstrip));
	73	break;
	74	}
	75	- if (TIFFScanlineSize(out) > linebytes)
	76	+ if (linebytes == 0) {
	77	+ fprintf(stderr, "%s: scanline size overflow\n", infile);
	78	+ (void) TIFFClose(out);
	79	+ exit(-2);
	80	+ }
	81	+ scanline_size = TIFFScanlineSize(out);
	82	+ if (scanline_size == 0) {
	83	+ /* overflow - TIFFScanlineSize already printed a message */
	84	+ (void) TIFFClose(out);
	85	+ exit(-2);
	86	+ }
	87	+ if (scanline_size < linebytes)
	88	buf = (unsigned char *)_TIFFmalloc(linebytes);
	89	else
	90	- buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
	91	+ buf = (unsigned char *)_TIFFmalloc(scanline_size);
	92	+ if (buf == NULL) {
	93	+ fprintf(stderr, "%s: Not enough memory\n", infile);
	94	+ (void) TIFFClose(out);
	95	+ exit(-2);
	96	+ }
	97	if (resolution > 0) {
	98	TIFFSetField(out, TIFFTAG_XRESOLUTION, resolution);
	99	TIFFSetField(out, TIFFTAG_YRESOLUTION, resolution);