diff options
author | Ross Burton <ross.burton@arm.com> | 2023-02-20 16:28:16 +0000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-02-24 11:04:27 +0000 |
commit | 1e9b6bf803d8a5e1640feb0981e879362a07ee58 (patch) | |
tree | 19959b9b400b68a4e3c02117153142e6fc4e04f1 /meta/recipes-multimedia/libtiff | |
parent | d4be0469a833b22e6af94a9e099e35b033151f5a (diff) | |
download | poky-1e9b6bf803d8a5e1640feb0981e879362a07ee58.tar.gz |
tiff: backport fix for CVE-2022-48281
(From OE-Core rev: bf0cf66c10c95ddada595dd5a84b45235c09ebab)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-multimedia/libtiff')
-rw-r--r-- | meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch | 29 | ||||
-rw-r--r-- | meta/recipes-multimedia/libtiff/tiff_4.5.0.bb | 3 |
2 files changed, 31 insertions, 1 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch b/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch new file mode 100644 index 0000000000..e356d377ea --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch | |||
@@ -0,0 +1,29 @@ | |||
1 | CVE: CVE-2022-48281 | ||
2 | Upstream-Status: Backport | ||
3 | Signed-off-by: Ross Burton <ross.burton@arm.com> | ||
4 | |||
5 | From 97d65859bc29ee334012e9c73022d8a8e55ed586 Mon Sep 17 00:00:00 2001 | ||
6 | From: Su Laus <sulau@freenet.de> | ||
7 | Date: Sat, 21 Jan 2023 15:58:10 +0000 | ||
8 | Subject: [PATCH] tiffcrop: Correct simple copy paste error. Fix #488. | ||
9 | |||
10 | --- | ||
11 | tools/tiffcrop.c | 2 +- | ||
12 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
13 | |||
14 | diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c | ||
15 | index 14fa18da..7db69883 100644 | ||
16 | --- a/tools/tiffcrop.c | ||
17 | +++ b/tools/tiffcrop.c | ||
18 | @@ -8591,7 +8591,7 @@ static int processCropSelections(struct image_data *image, | ||
19 | cropsize + NUM_BUFF_OVERSIZE_BYTES); | ||
20 | else | ||
21 | { | ||
22 | - prev_cropsize = seg_buffs[0].size; | ||
23 | + prev_cropsize = seg_buffs[i].size; | ||
24 | if (prev_cropsize < cropsize) | ||
25 | { | ||
26 | next_buff = _TIFFrealloc( | ||
27 | -- | ||
28 | GitLab | ||
29 | |||
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.5.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.5.0.bb index e2cb512892..f8a2482a84 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.5.0.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.5.0.bb | |||
@@ -8,7 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENSE.md;md5=a3e32d664d6db1386b4689c8121531c3" | |||
8 | 8 | ||
9 | CVE_PRODUCT = "libtiff" | 9 | CVE_PRODUCT = "libtiff" |
10 | 10 | ||
11 | SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz" | 11 | SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ |
12 | file://CVE-2022-48281.patch" | ||
12 | 13 | ||
13 | SRC_URI[sha256sum] = "c7a1d9296649233979fa3eacffef3fa024d73d05d589cb622727b5b08c423464" | 14 | SRC_URI[sha256sum] = "c7a1d9296649233979fa3eacffef3fa024d73d05d589cb622727b5b08c423464" |
14 | 15 | ||