initial commit for Enea Linux 4.0-140929daisy-140929

Migrated from the internal git server on the daisy-enea-point-release branch Signed-off-by: Tudor Florea <tudor.florea@enea.com>
author: Tudor Florea <tudor.florea@enea.com> 2014-10-16 03:05:19 +0200
committer: Tudor Florea <tudor.florea@enea.com> 2014-10-16 03:05:19 +0200
commit: c527fd1f14c27855a37f2e8ac5346ce8d940ced2 (patch)
tree: bb002c1fdf011c41dbd2f0927bed23ecb5f83c97 /meta/recipes-multimedia/libtiff
download: poky-daisy-140929.tar.gz
6 files changed, 295 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/libtiff-CVE-2013-1960.patch b/meta/recipes-multimedia/libtiff/files/libtiff-CVE-2013-1960.patch
new file mode 100644
index 0000000000..e4348f1d2c
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/libtiff-CVE-2013-1960.patch
@@ -0,0 +1,151 @@
+This patch comes from: http://pkgs.fedoraproject.org/cgit/libtiff.git/plain/libtiff-CVE-2013-1960.patch
+Upstream-Status: Pending
+Signed-off-by: Ming Liu <ming.liu@windriver.com>
+diff -Naur a/tools/tiff2pdf.c b/tools/tiff2pdf.c
+--- a/tools/tiff2pdf.c  2012-07-25 22:56:43.000000000 -0400
+++ b/tools/tiff2pdf.c  2013-05-02 12:04:49.057090227 -0400
+@@ -3341,33 +3341,56 @@
+        uint32 height){
+ 
+        tsize_t i=0;
+-       uint16 ri =0;
+-       uint16 v_samp=1;
+-       uint16 h_samp=1;
+-       int j=0;
+-       
+-       i++;
+-       
+-       while(i<(*striplength)){
+
+       while (i < *striplength) {
+               tsize_t datalen;
+               uint16 ri;
+               uint16 v_samp;
+               uint16 h_samp;
+               int j;
+               int ncomp;
+
+               /* marker header: one or more FFs */
+               if (strip[i] != 0xff)
+                       return(0);
+               i++;
+               while (i < *striplength && strip[i] == 0xff)
+                       i++;
+               if (i >= *striplength)
+                       return(0);
+               /* SOI is the only pre-SOS marker without a length word */
+               if (strip[i] == 0xd8)
+                       datalen = 0;
+               else {
+                       if ((*striplength - i) <= 2)
+                               return(0);
+                       datalen = (strip[i+1] << 8) | strip[i+2];
+                       if (datalen < 2 || datalen >= (*striplength - i))
+                               return(0);
+               }
+                switch( strip[i] ){
+-                       case 0xd8:
+-                               /* SOI - start of image */
+                       case 0xd8:      /* SOI - start of image */
+                                _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), 2);
+                                *bufferoffset+=2;
+-                               i+=2;
+                                break;
+-                       case 0xc0:
+-                       case 0xc1:
+-                       case 0xc3:
+-                       case 0xc9:
+-                       case 0xca:
+                       case 0xc0:      /* SOF0 */
+                       case 0xc1:      /* SOF1 */
+                       case 0xc3:      /* SOF3 */
+                       case 0xc9:      /* SOF9 */
+                       case 0xca:      /* SOF10 */
+                                if(no==0){
+-                                       _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2);
+-                                       for(j=0;j<buffer[*bufferoffset+9];j++){
+-                                               if( (buffer[*bufferoffset+11+(2*j)]>>4) > h_samp) 
+-                                                       h_samp = (buffer[*bufferoffset+11+(2*j)]>>4);
+-                                               if( (buffer[*bufferoffset+11+(2*j)] & 0x0f) > v_samp) 
+-                                                       v_samp = (buffer[*bufferoffset+11+(2*j)] & 0x0f);
+                                       _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2);
+                                       ncomp = buffer[*bufferoffset+9];
+                                       if (ncomp < 1 || ncomp > 4)
+                                               return(0);
+                                       v_samp=1;
+                                       h_samp=1;
+                                       for(j=0;j<ncomp;j++){
+                                               uint16 samp = buffer[*bufferoffset+11+(3*j)];
+                                               if( (samp>>4) > h_samp) 
+                                                       h_samp = (samp>>4);
+                                               if( (samp & 0x0f) > v_samp) 
+                                                       v_samp = (samp & 0x0f);
+                                        }
+                                        v_samp*=8;
+                                        h_samp*=8;
+@@ -3381,45 +3404,43 @@
+                                           (unsigned char) ((height>>8) & 0xff);
+                                        buffer[*bufferoffset+6]=
+                                             (unsigned char) (height & 0xff);
+-                                       *bufferoffset+=strip[i+2]+2;
+-                                       i+=strip[i+2]+2;
+-
+                                       *bufferoffset+=datalen+2;
+                                       /* insert a DRI marker */
+                                        buffer[(*bufferoffset)++]=0xff;
+                                        buffer[(*bufferoffset)++]=0xdd;
+                                        buffer[(*bufferoffset)++]=0x00;
+                                        buffer[(*bufferoffset)++]=0x04;
+                                        buffer[(*bufferoffset)++]=(ri >> 8) & 0xff;
+                                        buffer[(*bufferoffset)++]= ri & 0xff;
+-                               } else {
+-                                       i+=strip[i+2]+2;
+                                }
+                                break;
+-                       case 0xc4:
+-                       case 0xdb:
+-                               _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2);
+-                               *bufferoffset+=strip[i+2]+2;
+-                               i+=strip[i+2]+2;
+                       case 0xc4: /* DHT */
+                       case 0xdb: /* DQT */
+                               _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2);
+                               *bufferoffset+=datalen+2;
+                                break;
+-                       case 0xda:
+                       case 0xda: /* SOS */
+                                if(no==0){
+-                                       _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2);
+-                                       *bufferoffset+=strip[i+2]+2;
+-                                       i+=strip[i+2]+2;
+                                       _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2);
+                                       *bufferoffset+=datalen+2;
+                                } else {
+                                        buffer[(*bufferoffset)++]=0xff;
+                                        buffer[(*bufferoffset)++]=
+                                             (unsigned char)(0xd0 | ((no-1)%8));
+-                                       i+=strip[i+2]+2;
+                                }
+-                               _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), (*striplength)-i-1);
+-                               *bufferoffset+=(*striplength)-i-1;
+                               i += datalen + 1;
+                               /* copy remainder of strip */
+                               _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i]), *striplength - i);
+                               *bufferoffset+= *striplength - i;
+                                return(1);
+                        default:
+-                               i+=strip[i+2]+2;
+                               /* ignore any other marker */
+                               break;
+                }
+               i += datalen + 1;
+        }
+-       
+ 
+       /* failed to find SOS marker */
+        return(0);
+ }
+ #endif
diff --git a/meta/recipes-multimedia/libtiff/files/libtiff-CVE-2013-4232.patch b/meta/recipes-multimedia/libtiff/files/libtiff-CVE-2013-4232.patch
new file mode 100644
index 0000000000..9ebf8f9a2d
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/libtiff-CVE-2013-4232.patch
@@ -0,0 +1,15 @@
+This patch comes from: http://bugzilla.maptools.org/attachment.cgi?id=513&action=diff 
+Upstream-Status: Pending
+Signed-off-by: Baogen shang <baogen.shang@windriver.com>
+--- a/tools/tiff2pdf.c  2013-10-21 10:36:38.214170346 +0800
+++ b/tools/tiff2pdf.c  2013-10-21 10:38:58.246170329 +0800
+@@ -2387,6 +2387,7 @@
+                                        TIFFFileName(input));
+                                t2p->t2p_error = T2P_ERR_ERROR;
+                          _TIFFfree(buffer);
+                         return(0);
+                        } else {
+                                buffer=samplebuffer;
+                                t2p->tiff_datasize *= t2p->tiff_samplesperpixel;
diff --git a/meta/recipes-multimedia/libtiff/files/libtiff-CVE-2013-4243.patch b/meta/recipes-multimedia/libtiff/files/libtiff-CVE-2013-4243.patch
new file mode 100644
index 0000000000..642a117976
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/libtiff-CVE-2013-4243.patch
@@ -0,0 +1,40 @@
+This patch comes from: http://bugzilla.maptools.org/attachment.cgi?id=518&action=diff#tools/gif2tiff.c_sec2
+Upstream-Status: Pending
+Signed-off-by: Baogen shang <baogen.shang@windriver.com>
+--- a/tools/gif2tiff.c  2013-10-14 17:08:43.966239709 +0800
+++ b/tools/gif2tiff.c  2013-10-14 17:18:22.994239638 +0800
+@@ -280,6 +280,10 @@
+         fprintf(stderr, "no colormap present for image\n");
+         return (0);
+     }
+    if (width == 0 || height == 0) {
+        fprintf(stderr, "Invalid value of width or height\n");
+        return(0);
+    }
+     if ((raster = (unsigned char*) _TIFFmalloc(width*height+EXTRAFUDGE)) == NULL) {
+         fprintf(stderr, "not enough memory for image\n");
+         return (0);
+@@ -397,6 +401,10 @@
+        return 1;
+     }
+ 
+    if (*fill >= raster + width*height) {
+        fprintf(stderr, "raster full before eoi code\n");
+        return 0;
+    }
+     if (oldcode == -1) {
+        *(*fill)++ = suffix[code];
+        firstchar = oldcode = code;
+@@ -428,6 +436,10 @@
+     }
+     oldcode = incode;
+     do {
+    if (*fill >= raster + width*height) {
+        fprintf(stderr, "raster full before eoi code\n");
+        return 0;
+    }
+        *(*fill)++ = *--stackp;
+     } while (stackp > stack);
+     return 1;
diff --git a/meta/recipes-multimedia/libtiff/files/libtiff-CVE-2013-4244.patch b/meta/recipes-multimedia/libtiff/files/libtiff-CVE-2013-4244.patch
new file mode 100644
index 0000000000..1a668307ae
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/libtiff-CVE-2013-4244.patch
@@ -0,0 +1,19 @@
+This patch comes from: https://github.com/vadz/libtiff/commit/ce6841d9e41d621ba23cf18b190ee6a23b2cc833
+Upstream-Status: Backport
+Signed-off-by: Baogen shang <baogen.shang@windriver.com>
+--- a/tools/gif2tiff.c  2013-12-17 16:46:02.160814995 +0800
+++ b/tools/gif2tiff.c  2013-12-17 16:52:25.140814949 +0800
+@@ -406,6 +406,11 @@
+         return 0;
+     }
+     if (oldcode == -1) {
+    if (code >= clear) {
+        fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear);
+        return 0;
+       }
+
+        *(*fill)++ = suffix[code];
+        firstchar = oldcode = code;
+        return 1;
diff --git a/meta/recipes-multimedia/libtiff/files/libtool2.patch b/meta/recipes-multimedia/libtiff/files/libtool2.patch
new file mode 100644
index 0000000000..457202eae5
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/libtool2.patch
@@ -0,0 +1,19 @@
+Upstream-Status: Inappropriate [configuration]
+---
+ configure.ac |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+Index: tiff-3.9.5/configure.ac
+===================================================================
+--- tiff-3.9.5.orig/configure.ac
+++ tiff-3.9.5/configure.ac
+@@ -27,7 +27,7 @@ dnl Process this file with autoconf to p
+ AC_PREREQ(2.64)
+ AC_INIT([LibTIFF Software],[3.9.5],[tiff@lists.maptools.org],[tiff])
+ AC_CONFIG_AUX_DIR(config)
+-AC_CONFIG_MACRO_DIR(m4)
+dnl AC_CONFIG_MACRO_DIR(m4)
+ AC_LANG(C)
+ 
+ dnl Compute the canonical host (run-time) system type variable
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.0.3.bb b/meta/recipes-multimedia/libtiff/tiff_4.0.3.bb
new file mode 100644
index 0000000000..fb9e0bf67d
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff_4.0.3.bb
@@ -0,0 +1,51 @@
+SUMMARY = "Provides support for the Tag Image File Format (TIFF)"
+LICENSE = "BSD-2-Clause"
+LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=34da3db46fab7501992f9615d7e158cf"
+HOMEPAGE = "http://www.remotesensing.org/libtiff/"
+SRC_URI = "ftp://ftp.remotesensing.org/pub/libtiff/tiff-${PV}.tar.gz \
+           file://libtool2.patch \
+           file://libtiff-CVE-2013-1960.patch \
+           file://libtiff-CVE-2013-4232.patch \
+           file://libtiff-CVE-2013-4243.patch \
+           file://libtiff-CVE-2013-4244.patch"
+SRC_URI[md5sum] = "051c1068e6a0627f461948c365290410"
+SRC_URI[sha256sum] = "ea1aebe282319537fb2d4d7805f478dd4e0e05c33d0928baba76a7c963684872"
+inherit autotools
+CACHED_CONFIGUREVARS = "ax_cv_check_gl_libgl=no"
+PACKAGECONFIG ?= "cxx jpeg zlib lzma \
+                  strip-chopping extrasample-as-alpha check-ycbcr-subsampling"
+PACKAGECONFIG[cxx] = "--enable-cxx,--disable-cxx,,"
+PACKAGECONFIG[jpeg] = "--enable-jpeg,--disable-jpeg,jpeg,"
+PACKAGECONFIG[zlib] = "--enable-zlib,--disable-zlib,zlib,"
+PACKAGECONFIG[lzma] = "--enable-lzma,--disable-lzma,xz,"
+# Convert single-strip uncompressed images to multiple strips of specified
+# size (default: 8192) to reduce memory usage
+PACKAGECONFIG[strip-chopping] = "--enable-strip-chopping,--disable-strip-chopping,,"
+# Treat a fourth sample with no EXTRASAMPLE_ value as being ASSOCALPHA
+PACKAGECONFIG[extrasample-as-alpha] = "--enable-extrasample-as-alpha,--disable-extrasample-as-alpha,,"
+# Control picking up YCbCr subsample info. Disable to support files lacking
+# the tag
+PACKAGECONFIG[check-ycbcr-subsampling] = "--enable-check-ycbcr-subsampling,--disable-check-ycbcr-subsampling,,"
+# Support a mechanism allowing reading large strips (usually one strip files)
+# in chunks when using TIFFReadScanline. Experimental 4.0+ feature
+PACKAGECONFIG[chunky-strip-read] = "--enable-chunky-strip-read,--disable-chunky-strip-read,,"
+PACKAGES =+ "tiffxx tiffxx-dbg tiffxx-dev tiffxx-staticdev tiff-utils tiff-utils-dbg"
+FILES_tiffxx = "${libdir}/libtiffxx.so.*"
+FILES_tiffxx-dev = "${libdir}/libtiffxx.so ${libdir}/libtiffxx.la"
+FILES_tiffxx-staticdev = "${libdir}/libtiffxx.a"
+FILES_tiffxx-dbg += "${libdir}/.debug/libtiffxx.so*"
+FILES_tiff-utils = "${bindir}/*"
+FILES_tiff-utils-dbg += "${bindir}/.debug/"
+BBCLASSEXTEND = "native"
author	Tudor Florea <tudor.florea@enea.com>	2014-10-16 03:05:19 +0200
committer	Tudor Florea <tudor.florea@enea.com>	2014-10-16 03:05:19 +0200
commit	c527fd1f14c27855a37f2e8ac5346ce8d940ced2 (patch)
tree	bb002c1fdf011c41dbd2f0927bed23ecb5f83c97 /meta/recipes-multimedia/libtiff
download	poky-daisy-140929.tar.gz

diff --git a/meta/recipes-multimedia/libtiff/files/libtiff-CVE-2013-1960.patch b/meta/recipes-multimedia/libtiff/files/libtiff-CVE-2013-1960.patch new file mode 100644 index 0000000000..e4348f1d2c --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/libtiff-CVE-2013-1960.patch
@@ -0,0 +1,151 @@
	1	This patch comes from: http://pkgs.fedoraproject.org/cgit/libtiff.git/plain/libtiff-CVE-2013-1960.patch
	2
	3	Upstream-Status: Pending
	4
	5	Signed-off-by: Ming Liu <ming.liu@windriver.com>
	6
	7	diff -Naur a/tools/tiff2pdf.c b/tools/tiff2pdf.c
	8	--- a/tools/tiff2pdf.c 2012-07-25 22:56:43.000000000 -0400
	9	+++ b/tools/tiff2pdf.c 2013-05-02 12:04:49.057090227 -0400
	10	@@ -3341,33 +3341,56 @@
	11	uint32 height){
	12
	13	tsize_t i=0;
	14	- uint16 ri =0;
	15	- uint16 v_samp=1;
	16	- uint16 h_samp=1;
	17	- int j=0;
	18	-
	19	- i++;
	20	-
	21	- while(i<(*striplength)){
	22	+
	23	+ while (i < *striplength) {
	24	+ tsize_t datalen;
	25	+ uint16 ri;
	26	+ uint16 v_samp;
	27	+ uint16 h_samp;
	28	+ int j;
	29	+ int ncomp;
	30	+
	31	+ /* marker header: one or more FFs */
	32	+ if (strip[i] != 0xff)
	33	+ return(0);
	34	+ i++;
	35	+ while (i < *striplength && strip[i] == 0xff)
	36	+ i++;
	37	+ if (i >= *striplength)
	38	+ return(0);
	39	+ /* SOI is the only pre-SOS marker without a length word */
	40	+ if (strip[i] == 0xd8)
	41	+ datalen = 0;
	42	+ else {
	43	+ if ((*striplength - i) <= 2)
	44	+ return(0);
	45	+ datalen = (strip[i+1] << 8) \| strip[i+2];
	46	+ if (datalen < 2 \|\| datalen >= (*striplength - i))
	47	+ return(0);
	48	+ }
	49	switch( strip[i] ){
	50	- case 0xd8:
	51	- /* SOI - start of image */
	52	+ case 0xd8: /* SOI - start of image */
	53	_TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), 2);
	54	*bufferoffset+=2;
	55	- i+=2;
	56	break;
	57	- case 0xc0:
	58	- case 0xc1:
	59	- case 0xc3:
	60	- case 0xc9:
	61	- case 0xca:
	62	+ case 0xc0: /* SOF0 */
	63	+ case 0xc1: /* SOF1 */
	64	+ case 0xc3: /* SOF3 */
	65	+ case 0xc9: /* SOF9 */
	66	+ case 0xca: /* SOF10 */
	67	if(no==0){
	68	- _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2);
	69	- for(j=0;j<buffer[*bufferoffset+9];j++){
	70	- if( (buffer[bufferoffset+11+(2j)]>>4) > h_samp)
	71	- h_samp = (buffer[bufferoffset+11+(2j)]>>4);
	72	- if( (buffer[bufferoffset+11+(2j)] & 0x0f) > v_samp)
	73	- v_samp = (buffer[bufferoffset+11+(2j)] & 0x0f);
	74	+ _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2);
	75	+ ncomp = buffer[*bufferoffset+9];
	76	+ if (ncomp < 1 \|\| ncomp > 4)
	77	+ return(0);
	78	+ v_samp=1;
	79	+ h_samp=1;
	80	+ for(j=0;j<ncomp;j++){
	81	+ uint16 samp = buffer[bufferoffset+11+(3j)];
	82	+ if( (samp>>4) > h_samp)
	83	+ h_samp = (samp>>4);
	84	+ if( (samp & 0x0f) > v_samp)
	85	+ v_samp = (samp & 0x0f);
	86	}
	87	v_samp*=8;
	88	h_samp*=8;
	89	@@ -3381,45 +3404,43 @@
	90	(unsigned char) ((height>>8) & 0xff);
	91	buffer[*bufferoffset+6]=
	92	(unsigned char) (height & 0xff);
	93	- *bufferoffset+=strip[i+2]+2;
	94	- i+=strip[i+2]+2;
	95	-
	96	+ *bufferoffset+=datalen+2;
	97	+ /* insert a DRI marker */
	98	buffer[(*bufferoffset)++]=0xff;
	99	buffer[(*bufferoffset)++]=0xdd;
	100	buffer[(*bufferoffset)++]=0x00;
	101	buffer[(*bufferoffset)++]=0x04;
	102	buffer[(*bufferoffset)++]=(ri >> 8) & 0xff;
	103	buffer[(*bufferoffset)++]= ri & 0xff;
	104	- } else {
	105	- i+=strip[i+2]+2;
	106	}
	107	break;
	108	- case 0xc4:
	109	- case 0xdb:
	110	- _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2);
	111	- *bufferoffset+=strip[i+2]+2;
	112	- i+=strip[i+2]+2;
	113	+ case 0xc4: /* DHT */
	114	+ case 0xdb: /* DQT */
	115	+ _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2);
	116	+ *bufferoffset+=datalen+2;
	117	break;
	118	- case 0xda:
	119	+ case 0xda: /* SOS */
	120	if(no==0){
	121	- _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2);
	122	- *bufferoffset+=strip[i+2]+2;
	123	- i+=strip[i+2]+2;
	124	+ _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2);
	125	+ *bufferoffset+=datalen+2;
	126	} else {
	127	buffer[(*bufferoffset)++]=0xff;
	128	buffer[(*bufferoffset)++]=
	129	(unsigned char)(0xd0 \| ((no-1)%8));
	130	- i+=strip[i+2]+2;
	131	}
	132	- _TIFFmemcpy(&(buffer[bufferoffset]), &(strip[i-1]), (striplength)-i-1);
	133	- bufferoffset+=(striplength)-i-1;
	134	+ i += datalen + 1;
	135	+ /* copy remainder of strip */
	136	+ _TIFFmemcpy(&(buffer[bufferoffset]), &(strip[i]), striplength - i);
	137	+ bufferoffset+= striplength - i;
	138	return(1);
	139	default:
	140	- i+=strip[i+2]+2;
	141	+ /* ignore any other marker */
	142	+ break;
	143	}
	144	+ i += datalen + 1;
	145	}
	146	-
	147
	148	+ /* failed to find SOS marker */
	149	return(0);
	150	}
	151	#endif


diff --git a/meta/recipes-multimedia/libtiff/files/libtiff-CVE-2013-4232.patch b/meta/recipes-multimedia/libtiff/files/libtiff-CVE-2013-4232.patch new file mode 100644 index 0000000000..9ebf8f9a2d --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/libtiff-CVE-2013-4232.patch
@@ -0,0 +1,15 @@
	1	This patch comes from: http://bugzilla.maptools.org/attachment.cgi?id=513&action=diff
	2
	3	Upstream-Status: Pending
	4
	5	Signed-off-by: Baogen shang <baogen.shang@windriver.com>
	6	--- a/tools/tiff2pdf.c 2013-10-21 10:36:38.214170346 +0800
	7	+++ b/tools/tiff2pdf.c 2013-10-21 10:38:58.246170329 +0800
	8	@@ -2387,6 +2387,7 @@
	9	TIFFFileName(input));
	10	t2p->t2p_error = T2P_ERR_ERROR;
	11	_TIFFfree(buffer);
	12	+ return(0);
	13	} else {
	14	buffer=samplebuffer;
	15	t2p->tiff_datasize *= t2p->tiff_samplesperpixel;


diff --git a/meta/recipes-multimedia/libtiff/files/libtiff-CVE-2013-4243.patch b/meta/recipes-multimedia/libtiff/files/libtiff-CVE-2013-4243.patch new file mode 100644 index 0000000000..642a117976 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/libtiff-CVE-2013-4243.patch
@@ -0,0 +1,40 @@
	1	This patch comes from: http://bugzilla.maptools.org/attachment.cgi?id=518&action=diff#tools/gif2tiff.c_sec2
	2
	3	Upstream-Status: Pending
	4
	5	Signed-off-by: Baogen shang <baogen.shang@windriver.com>
	6	--- a/tools/gif2tiff.c 2013-10-14 17:08:43.966239709 +0800
	7	+++ b/tools/gif2tiff.c 2013-10-14 17:18:22.994239638 +0800
	8	@@ -280,6 +280,10 @@
	9	fprintf(stderr, "no colormap present for image\n");
	10	return (0);
	11	}
	12	+ if (width == 0 \|\| height == 0) {
	13	+ fprintf(stderr, "Invalid value of width or height\n");
	14	+ return(0);
	15	+ }
	16	if ((raster = (unsigned char) _TIFFmalloc(widthheight+EXTRAFUDGE)) == NULL) {
	17	fprintf(stderr, "not enough memory for image\n");
	18	return (0);
	19	@@ -397,6 +401,10 @@
	20	return 1;
	21	}
	22
	23	+ if (fill >= raster + widthheight) {
	24	+ fprintf(stderr, "raster full before eoi code\n");
	25	+ return 0;
	26	+ }
	27	if (oldcode == -1) {
	28	(fill)++ = suffix[code];
	29	firstchar = oldcode = code;
	30	@@ -428,6 +436,10 @@
	31	}
	32	oldcode = incode;
	33	do {
	34	+ if (fill >= raster + widthheight) {
	35	+ fprintf(stderr, "raster full before eoi code\n");
	36	+ return 0;
	37	+ }
	38	(fill)++ = *--stackp;
	39	} while (stackp > stack);
	40	return 1;


diff --git a/meta/recipes-multimedia/libtiff/files/libtiff-CVE-2013-4244.patch b/meta/recipes-multimedia/libtiff/files/libtiff-CVE-2013-4244.patch new file mode 100644 index 0000000000..1a668307ae --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/libtiff-CVE-2013-4244.patch
@@ -0,0 +1,19 @@
	1	This patch comes from: https://github.com/vadz/libtiff/commit/ce6841d9e41d621ba23cf18b190ee6a23b2cc833
	2
	3	Upstream-Status: Backport
	4
	5	Signed-off-by: Baogen shang <baogen.shang@windriver.com>
	6	--- a/tools/gif2tiff.c 2013-12-17 16:46:02.160814995 +0800
	7	+++ b/tools/gif2tiff.c 2013-12-17 16:52:25.140814949 +0800
	8	@@ -406,6 +406,11 @@
	9	return 0;
	10	}
	11	if (oldcode == -1) {
	12	+ if (code >= clear) {
	13	+ fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear);
	14	+ return 0;
	15	+ }
	16	+
	17	(fill)++ = suffix[code];
	18	firstchar = oldcode = code;
	19	return 1;


diff --git a/meta/recipes-multimedia/libtiff/files/libtool2.patch b/meta/recipes-multimedia/libtiff/files/libtool2.patch new file mode 100644 index 0000000000..457202eae5 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/libtool2.patch
@@ -0,0 +1,19 @@
	1	Upstream-Status: Inappropriate [configuration]
	2
	3	---
	4	configure.ac \| 2 +-
	5	1 file changed, 1 insertion(+), 1 deletion(-)
	6
	7	Index: tiff-3.9.5/configure.ac
	8	===================================================================
	9	--- tiff-3.9.5.orig/configure.ac
	10	+++ tiff-3.9.5/configure.ac
	11	@@ -27,7 +27,7 @@ dnl Process this file with autoconf to p
	12	AC_PREREQ(2.64)
	13	AC_INIT([LibTIFF Software],[3.9.5],[tiff@lists.maptools.org],[tiff])
	14	AC_CONFIG_AUX_DIR(config)
	15	-AC_CONFIG_MACRO_DIR(m4)
	16	+dnl AC_CONFIG_MACRO_DIR(m4)
	17	AC_LANG(C)
	18
	19	dnl Compute the canonical host (run-time) system type variable


diff --git a/meta/recipes-multimedia/libtiff/tiff_4.0.3.bb b/meta/recipes-multimedia/libtiff/tiff_4.0.3.bb new file mode 100644 index 0000000000..fb9e0bf67d --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff_4.0.3.bb
@@ -0,0 +1,51 @@
	1	SUMMARY = "Provides support for the Tag Image File Format (TIFF)"
	2	LICENSE = "BSD-2-Clause"
	3	LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=34da3db46fab7501992f9615d7e158cf"
	4	HOMEPAGE = "http://www.remotesensing.org/libtiff/"
	5
	6	SRC_URI = "ftp://ftp.remotesensing.org/pub/libtiff/tiff-${PV}.tar.gz \
	7	file://libtool2.patch \
	8	file://libtiff-CVE-2013-1960.patch \
	9	file://libtiff-CVE-2013-4232.patch \
	10	file://libtiff-CVE-2013-4243.patch \
	11	file://libtiff-CVE-2013-4244.patch"
	12
	13	SRC_URI[md5sum] = "051c1068e6a0627f461948c365290410"
	14	SRC_URI[sha256sum] = "ea1aebe282319537fb2d4d7805f478dd4e0e05c33d0928baba76a7c963684872"
	15
	16	inherit autotools
	17
	18	CACHED_CONFIGUREVARS = "ax_cv_check_gl_libgl=no"
	19
	20	PACKAGECONFIG ?= "cxx jpeg zlib lzma \
	21	strip-chopping extrasample-as-alpha check-ycbcr-subsampling"
	22
	23	PACKAGECONFIG[cxx] = "--enable-cxx,--disable-cxx,,"
	24	PACKAGECONFIG[jpeg] = "--enable-jpeg,--disable-jpeg,jpeg,"
	25	PACKAGECONFIG[zlib] = "--enable-zlib,--disable-zlib,zlib,"
	26	PACKAGECONFIG[lzma] = "--enable-lzma,--disable-lzma,xz,"
	27
	28	# Convert single-strip uncompressed images to multiple strips of specified
	29	# size (default: 8192) to reduce memory usage
	30	PACKAGECONFIG[strip-chopping] = "--enable-strip-chopping,--disable-strip-chopping,,"
	31
	32	# Treat a fourth sample with no EXTRASAMPLE_ value as being ASSOCALPHA
	33	PACKAGECONFIG[extrasample-as-alpha] = "--enable-extrasample-as-alpha,--disable-extrasample-as-alpha,,"
	34
	35	# Control picking up YCbCr subsample info. Disable to support files lacking
	36	# the tag
	37	PACKAGECONFIG[check-ycbcr-subsampling] = "--enable-check-ycbcr-subsampling,--disable-check-ycbcr-subsampling,,"
	38
	39	# Support a mechanism allowing reading large strips (usually one strip files)
	40	# in chunks when using TIFFReadScanline. Experimental 4.0+ feature
	41	PACKAGECONFIG[chunky-strip-read] = "--enable-chunky-strip-read,--disable-chunky-strip-read,,"
	42
	43	PACKAGES =+ "tiffxx tiffxx-dbg tiffxx-dev tiffxx-staticdev tiff-utils tiff-utils-dbg"
	44	FILES_tiffxx = "${libdir}/libtiffxx.so.*"
	45	FILES_tiffxx-dev = "${libdir}/libtiffxx.so ${libdir}/libtiffxx.la"
	46	FILES_tiffxx-staticdev = "${libdir}/libtiffxx.a"
	47	FILES_tiffxx-dbg += "${libdir}/.debug/libtiffxx.so*"
	48	FILES_tiff-utils = "${bindir}/*"
	49	FILES_tiff-utils-dbg += "${bindir}/.debug/"
	50
	51	BBCLASSEXTEND = "native"