diff options
author | Rajkumar Veer <rveer@mvista.com> | 2017-11-03 22:35:09 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-11-05 22:39:49 +0000 |
commit | a2ad903fa96790a7a529b4bee7c1bb3da0234cdc (patch) | |
tree | c3cfea1a4686f9832ac35581e3b1143a72d2b603 /meta/recipes-multimedia/libtiff/files | |
parent | 2aed68963f5c73985d02f3d378a7614169e09602 (diff) | |
download | poky-a2ad903fa96790a7a529b4bee7c1bb3da0234cdc.tar.gz |
tiff: Security fix for CVE-2017-7593
(From OE-Core rev: b6ec8ab42befaa07c859a5c5cc14611b821a1304)
Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-multimedia/libtiff/files')
-rw-r--r-- | meta/recipes-multimedia/libtiff/files/CVE-2017-7593.patch | 98 |
1 files changed, 98 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2017-7593.patch b/meta/recipes-multimedia/libtiff/files/CVE-2017-7593.patch new file mode 100644 index 0000000000..380dfcbbba --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/CVE-2017-7593.patch | |||
@@ -0,0 +1,98 @@ | |||
1 | From d60332057b9575ada4f264489582b13e30137be1 Mon Sep 17 00:00:00 2001 | ||
2 | From: erouault <erouault> | ||
3 | Date: Wed, 11 Jan 2017 19:02:49 +0000 | ||
4 | Subject: [PATCH] * libtiff/tiffiop.h, tif_unix.c, tif_win32.c, tif_vms.c: add | ||
5 | _TIFFcalloc() | ||
6 | |||
7 | * libtiff/tif_read.c: TIFFReadBufferSetup(): use _TIFFcalloc() to zero | ||
8 | initialize tif_rawdata. | ||
9 | Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2651 | ||
10 | |||
11 | Upstream-Status: Backport | ||
12 | |||
13 | CVE: CVE-2017-7593 | ||
14 | Signed-off-by: Rajkumar Veer <rveer@mvista.com> | ||
15 | Index: tiff-4.0.7/ChangeLog | ||
16 | =================================================================== | ||
17 | --- tiff-4.0.7.orig/ChangeLog 2017-04-25 19:03:20.584155452 +0530 | ||
18 | +++ tiff-4.0.7/ChangeLog 2017-04-26 12:09:41.986866896 +0530 | ||
19 | @@ -44,6 +44,14 @@ | ||
20 | |||
21 | 2017-01-11 Even Rouault <even.rouault at spatialys.com> | ||
22 | |||
23 | + * libtiff/tiffiop.h, tif_unix.c, tif_win32.c : add _TIFFcalloc() | ||
24 | + | ||
25 | + * libtiff/tif_read.c: TIFFReadBufferSetup(): use _TIFFcalloc() to zero | ||
26 | + initialize tif_rawdata. | ||
27 | + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2651 | ||
28 | + | ||
29 | +2017-01-11 Even Rouault <even.rouault at spatialys.com> | ||
30 | + | ||
31 | * libtiff/tif_getimage.c: add explicit uint32 cast in putagreytile to | ||
32 | avoid UndefinedBehaviorSanitizer warning. | ||
33 | Patch by Nicolas Pena. | ||
34 | Index: tiff-4.0.7/libtiff/tif_read.c | ||
35 | =================================================================== | ||
36 | --- tiff-4.0.7.orig/libtiff/tif_read.c 2017-04-25 19:03:20.584155452 +0530 | ||
37 | +++ tiff-4.0.7/libtiff/tif_read.c 2017-04-26 12:11:42.814863729 +0530 | ||
38 | @@ -986,7 +986,9 @@ | ||
39 | "Invalid buffer size"); | ||
40 | return (0); | ||
41 | } | ||
42 | - tif->tif_rawdata = (uint8*) _TIFFmalloc(tif->tif_rawdatasize); | ||
43 | + /* Initialize to zero to avoid uninitialized buffers in case of */ | ||
44 | + /* short reads (http://bugzilla.maptools.org/show_bug.cgi?id=2651) */ | ||
45 | + tif->tif_rawdata = (uint8*) _TIFFcalloc(1, tif->tif_rawdatasize); | ||
46 | tif->tif_flags |= TIFF_MYBUFFER; | ||
47 | } | ||
48 | if (tif->tif_rawdata == NULL) { | ||
49 | Index: tiff-4.0.7/libtiff/tif_unix.c | ||
50 | =================================================================== | ||
51 | --- tiff-4.0.7.orig/libtiff/tif_unix.c 2015-08-29 03:46:22.707817041 +0530 | ||
52 | +++ tiff-4.0.7/libtiff/tif_unix.c 2017-04-26 12:13:07.442861510 +0530 | ||
53 | @@ -316,6 +316,14 @@ | ||
54 | return (malloc((size_t) s)); | ||
55 | } | ||
56 | |||
57 | +void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz) | ||
58 | +{ | ||
59 | + if( nmemb == 0 || siz == 0 ) | ||
60 | + return ((void *) NULL); | ||
61 | + | ||
62 | + return calloc((size_t) nmemb, (size_t)siz); | ||
63 | +} | ||
64 | + | ||
65 | void | ||
66 | _TIFFfree(void* p) | ||
67 | { | ||
68 | Index: tiff-4.0.7/libtiff/tif_win32.c | ||
69 | =================================================================== | ||
70 | --- tiff-4.0.7.orig/libtiff/tif_win32.c 2015-08-29 03:46:22.730570169 +0530 | ||
71 | +++ tiff-4.0.7/libtiff/tif_win32.c 2017-04-26 12:14:12.918859794 +0530 | ||
72 | @@ -360,6 +360,14 @@ | ||
73 | return (malloc((size_t) s)); | ||
74 | } | ||
75 | |||
76 | +void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz) | ||
77 | +{ | ||
78 | + if( nmemb == 0 || siz == 0 ) | ||
79 | + return ((void *) NULL); | ||
80 | + | ||
81 | + return calloc((size_t) nmemb, (size_t)siz); | ||
82 | +} | ||
83 | + | ||
84 | void | ||
85 | _TIFFfree(void* p) | ||
86 | { | ||
87 | Index: tiff-4.0.7/libtiff/tiffio.h | ||
88 | =================================================================== | ||
89 | --- tiff-4.0.7.orig/libtiff/tiffio.h 2016-01-24 21:09:51.894442042 +0530 | ||
90 | +++ tiff-4.0.7/libtiff/tiffio.h 2017-04-26 12:15:55.034857117 +0530 | ||
91 | @@ -293,6 +293,7 @@ | ||
92 | */ | ||
93 | |||
94 | extern void* _TIFFmalloc(tmsize_t s); | ||
95 | +extern void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz); | ||
96 | extern void* _TIFFrealloc(void* p, tmsize_t s); | ||
97 | extern void _TIFFmemset(void* p, int v, tmsize_t c); | ||
98 | extern void _TIFFmemcpy(void* d, const void* s, tmsize_t c); | ||