tiff: Security fix CVE-2016-9535

* libtiff/tif_predict.h, libtiff/tif_predict.c: Replace assertions by runtime checks to avoid assertions in debug mode, or buffer overflows in release mode. Can happen when dealing with unusual tile size like YCbCr with subsampling. External References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9535 Patch from: https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1 https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33 (From OE-Core rev: 61d3feb9cad9f61f6551b43f4f19bfa33cadd275) Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Mingli Yu <Mingli.Yu@windriver.com> 2016-12-07 16:01:11 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-12-08 10:31:29 +0000
commit: 799e8b124fe9f06cbab44c17e51bdc72c6535d53 (patch)
tree: 0769ce30ebbe369095bf2342ec8d632706481445 /meta/recipes-multimedia/libtiff/tiff_4.0.6.bb
parent: 8f706df62d11f2c3e5777386bdd16c3126607e81 (diff)
download: poky-799e8b124fe9f06cbab44c17e51bdc72c6535d53.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.0.6.bb b/meta/recipes-multimedia/libtiff/tiff_4.0.6.bb
index a6f714c4b5..6495d1fad5 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.0.6.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.0.6.bb
@@ -21,6 +21,8 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
           file://CVE-2016-3632.patch \
           file://CVE-2016-9540.patch \
           file://CVE-2016-9539.patch \
+           file://CVE-2016-9535-1.patch \
+           file://CVE-2016-9535-2.patch \
          "
 SRC_URI[md5sum] = "d1d2e940dea0b5ad435f21f03d96dd72"
author	Mingli Yu <Mingli.Yu@windriver.com>	2016-12-07 16:01:11 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2016-12-08 10:31:29 +0000
commit	799e8b124fe9f06cbab44c17e51bdc72c6535d53 (patch)
tree	0769ce30ebbe369095bf2342ec8d632706481445 /meta/recipes-multimedia/libtiff/tiff_4.0.6.bb
parent	8f706df62d11f2c3e5777386bdd16c3126607e81 (diff)
download	poky-799e8b124fe9f06cbab44c17e51bdc72c6535d53.tar.gz

diff --git a/meta/recipes-multimedia/libtiff/tiff_4.0.6.bb b/meta/recipes-multimedia/libtiff/tiff_4.0.6.bb index a6f714c4b5..6495d1fad5 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.0.6.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.0.6.bb
@@ -21,6 +21,8 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
21	file://CVE-2016-3632.patch \	21	file://CVE-2016-3632.patch \
22	file://CVE-2016-9540.patch \	22	file://CVE-2016-9540.patch \
23	file://CVE-2016-9539.patch \	23	file://CVE-2016-9539.patch \
		24	file://CVE-2016-9535-1.patch \
		25	file://CVE-2016-9535-2.patch \
24	"	26	"
25		27
26	SRC_URI[md5sum] = "d1d2e940dea0b5ad435f21f03d96dd72"	28	SRC_URI[md5sum] = "d1d2e940dea0b5ad435f21f03d96dd72"