diff options
author | Fan Xin <fan.xin@jp.fujitsu.com> | 2017-06-07 17:11:56 +0900 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-06-09 17:12:14 +0100 |
commit | 68e25dfade6bd00b1c7186ffc8aa944e9b1bf28a (patch) | |
tree | 61f9bc2266489883cb453442b70e84d2cd4dd7d2 /meta/recipes-multimedia/libtiff | |
parent | 1b9e549949f444fe4cea7d2bca0a2d3655ec5391 (diff) | |
download | poky-68e25dfade6bd00b1c7186ffc8aa944e9b1bf28a.tar.gz |
libtiff: Upgrade to 4.0.8
1. Upgrade libtiff from 4.0.7 to 4.0.8
2. Delete the following patch file due to CVE-2017-5225 has been fixed in 4.0.8
libtiff-CVE-2017-5225.patch
(From OE-Core rev: 825927e85933322e6f195f0d937359017a9a9b97)
Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-multimedia/libtiff')
-rw-r--r-- | meta/recipes-multimedia/libtiff/files/libtiff-CVE-2017-5225.patch | 92 | ||||
-rw-r--r-- | meta/recipes-multimedia/libtiff/tiff_4.0.8.bb (renamed from meta/recipes-multimedia/libtiff/tiff_4.0.7.bb) | 5 |
2 files changed, 2 insertions, 95 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/libtiff-CVE-2017-5225.patch b/meta/recipes-multimedia/libtiff/files/libtiff-CVE-2017-5225.patch deleted file mode 100644 index 3263353a75..0000000000 --- a/meta/recipes-multimedia/libtiff/files/libtiff-CVE-2017-5225.patch +++ /dev/null | |||
@@ -1,92 +0,0 @@ | |||
1 | From a24df1e93833dfeaa69bf4d510518dc4684db64d Mon Sep 17 00:00:00 2001 | ||
2 | From: Li Zhou <li.zhou@windriver.com> | ||
3 | Date: Wed, 25 Jan 2017 17:07:21 +0800 | ||
4 | Subject: [PATCH] libtiff: fix CVE-2017-5225 | ||
5 | |||
6 | tools/tiffcp.c: error out cleanly in cpContig2SeparateByRow | ||
7 | and cpSeparate2ContigByRow if BitsPerSample != 8 to avoid heap based | ||
8 | overflow. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2656 and | ||
9 | http://bugzilla.maptools.org/show_bug.cgi?id=2657 | ||
10 | |||
11 | Upstream-Status: Backport | ||
12 | CVE: CVE-2017-5225 | ||
13 | Signed-off-by: Li Zhou <li.zhou@windriver.com> | ||
14 | --- | ||
15 | ChangeLog | 7 +++++++ | ||
16 | tools/tiffcp.c | 24 ++++++++++++++++++++++-- | ||
17 | 2 files changed, 29 insertions(+), 2 deletions(-) | ||
18 | |||
19 | diff --git a/ChangeLog b/ChangeLog | ||
20 | index 9b9d397..7e82795 100644 | ||
21 | --- a/ChangeLog | ||
22 | +++ b/ChangeLog | ||
23 | @@ -1,3 +1,10 @@ | ||
24 | +2017-01-11 Even Rouault <even.rouault at spatialys.com> | ||
25 | + | ||
26 | + * tools/tiffcp.c: error out cleanly in cpContig2SeparateByRow and | ||
27 | + cpSeparate2ContigByRow if BitsPerSample != 8 to avoid heap based overflow. | ||
28 | + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2656 and | ||
29 | + http://bugzilla.maptools.org/show_bug.cgi?id=2657 | ||
30 | + | ||
31 | 2016-11-19 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> | ||
32 | |||
33 | * libtiff 4.0.7 released. | ||
34 | diff --git a/tools/tiffcp.c b/tools/tiffcp.c | ||
35 | index 338a3d1..2e84577 100644 | ||
36 | --- a/tools/tiffcp.c | ||
37 | +++ b/tools/tiffcp.c | ||
38 | @@ -592,7 +592,7 @@ static copyFunc pickCopyFunc(TIFF*, TIFF*, uint16, uint16); | ||
39 | static int | ||
40 | tiffcp(TIFF* in, TIFF* out) | ||
41 | { | ||
42 | - uint16 bitspersample, samplesperpixel = 1; | ||
43 | + uint16 bitspersample = 1, samplesperpixel = 1; | ||
44 | uint16 input_compression, input_photometric = PHOTOMETRIC_MINISBLACK; | ||
45 | copyFunc cf; | ||
46 | uint32 width, length; | ||
47 | @@ -1068,6 +1068,16 @@ DECLAREcpFunc(cpContig2SeparateByRow) | ||
48 | register uint32 n; | ||
49 | uint32 row; | ||
50 | tsample_t s; | ||
51 | + uint16 bps = 0; | ||
52 | + | ||
53 | + (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps); | ||
54 | + if( bps != 8 ) | ||
55 | + { | ||
56 | + TIFFError(TIFFFileName(in), | ||
57 | + "Error, can only handle BitsPerSample=8 in %s", | ||
58 | + "cpContig2SeparateByRow"); | ||
59 | + return 0; | ||
60 | + } | ||
61 | |||
62 | inbuf = _TIFFmalloc(scanlinesizein); | ||
63 | outbuf = _TIFFmalloc(scanlinesizeout); | ||
64 | @@ -1121,6 +1131,16 @@ DECLAREcpFunc(cpSeparate2ContigByRow) | ||
65 | register uint32 n; | ||
66 | uint32 row; | ||
67 | tsample_t s; | ||
68 | + uint16 bps = 0; | ||
69 | + | ||
70 | + (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps); | ||
71 | + if( bps != 8 ) | ||
72 | + { | ||
73 | + TIFFError(TIFFFileName(in), | ||
74 | + "Error, can only handle BitsPerSample=8 in %s", | ||
75 | + "cpSeparate2ContigByRow"); | ||
76 | + return 0; | ||
77 | + } | ||
78 | |||
79 | inbuf = _TIFFmalloc(scanlinesizein); | ||
80 | outbuf = _TIFFmalloc(scanlinesizeout); | ||
81 | @@ -1763,7 +1783,7 @@ pickCopyFunc(TIFF* in, TIFF* out, uint16 bitspersample, uint16 samplesperpixel) | ||
82 | uint32 w, l, tw, tl; | ||
83 | int bychunk; | ||
84 | |||
85 | - (void) TIFFGetField(in, TIFFTAG_PLANARCONFIG, &shortv); | ||
86 | + (void) TIFFGetFieldDefaulted(in, TIFFTAG_PLANARCONFIG, &shortv); | ||
87 | if (shortv != config && bitspersample != 8 && samplesperpixel > 1) { | ||
88 | fprintf(stderr, | ||
89 | "%s: Cannot handle different planar configuration w/ bits/sample != 8\n", | ||
90 | -- | ||
91 | 1.9.1 | ||
92 | |||
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.0.7.bb b/meta/recipes-multimedia/libtiff/tiff_4.0.8.bb index e58173604e..4a7aeccd23 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.0.7.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.0.8.bb | |||
@@ -6,11 +6,10 @@ CVE_PRODUCT = "libtiff" | |||
6 | 6 | ||
7 | SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ | 7 | SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ |
8 | file://libtool2.patch \ | 8 | file://libtool2.patch \ |
9 | file://libtiff-CVE-2017-5225.patch \ | ||
10 | " | 9 | " |
11 | 10 | ||
12 | SRC_URI[md5sum] = "77ae928d2c6b7fb46a21c3a29325157b" | 11 | SRC_URI[md5sum] = "2a7d1c1318416ddf36d5f6fa4600069b" |
13 | SRC_URI[sha256sum] = "9f43a2cfb9589e5cecaa66e16bf87f814c945f22df7ba600d63aac4632c4f019" | 12 | SRC_URI[sha256sum] = "59d7a5a8ccd92059913f246877db95a2918e6c04fb9d43fd74e5c3390dac2910" |
14 | 13 | ||
15 | # exclude betas | 14 | # exclude betas |
16 | UPSTREAM_CHECK_REGEX = "tiff-(?P<pver>\d+(\.\d+)+).tar" | 15 | UPSTREAM_CHECK_REGEX = "tiff-(?P<pver>\d+(\.\d+)+).tar" |