summaryrefslogtreecommitdiffstats
path: root/meta/recipes-multimedia
diff options
context:
space:
mode:
authorRoss Burton <ross.burton@arm.com>2022-09-05 12:28:13 +0100
committerRichard Purdie <richard.purdie@linuxfoundation.org>2022-09-08 14:59:39 +0100
commitc8d04cde0fe606c597f526078845b940ea247fca (patch)
tree4f03eed9f4ab59cda4a49da811ebb4f0b77f046e /meta/recipes-multimedia
parent1e73562ea7472604094cd084ae8f208a38dab545 (diff)
downloadpoky-c8d04cde0fe606c597f526078845b940ea247fca.tar.gz
tiff: backport fix for CVE-2022-2953
(From OE-Core rev: aa018b5bec49c06e64a493a413f42558a17947cf) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-multimedia')
-rw-r--r--meta/recipes-multimedia/libtiff/files/CVE-2022-2953.patch86
-rw-r--r--meta/recipes-multimedia/libtiff/tiff_4.4.0.bb1
2 files changed, 87 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2022-2953.patch b/meta/recipes-multimedia/libtiff/files/CVE-2022-2953.patch
new file mode 100644
index 0000000000..98020ff92f
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2022-2953.patch
@@ -0,0 +1,86 @@
1CVE: CVE-2022-2053
2Upstream-Status: Backport
3Signed-off-by: Ross Burton <ross.burton@arm.com>
4
5From 8fe3735942ea1d90d8cef843b55b3efe8ab6feaf Mon Sep 17 00:00:00 2001
6From: Su_Laus <sulau@freenet.de>
7Date: Mon, 15 Aug 2022 22:11:03 +0200
8Subject: [PATCH] =?UTF-8?q?According=20to=20Richard=20Nolde=20https://gitl?=
9 =?UTF-8?q?ab.com/libtiff/libtiff/-/issues/401#note=5F877637400=20the=20ti?=
10 =?UTF-8?q?ffcrop=20option=20=E2=80=9E-S=E2=80=9C=20is=20also=20mutually?=
11 =?UTF-8?q?=20exclusive=20to=20the=20other=20crop=20options=20(-X|-Y),=20-?=
12 =?UTF-8?q?Z=20and=20-z.?=
13MIME-Version: 1.0
14Content-Type: text/plain; charset=UTF-8
15Content-Transfer-Encoding: 8bit
16
17This is now checked and ends tiffcrop if those arguments are not mutually exclusive.
18
19This MR will fix the following tiffcrop issues: #349, #414, #422, #423, #424
20---
21 tools/tiffcrop.c | 31 ++++++++++++++++---------------
22 1 file changed, 16 insertions(+), 15 deletions(-)
23
24diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
25index 90286a5e..c3b758ec 100644
26--- a/tools/tiffcrop.c
27+++ b/tools/tiffcrop.c
28@@ -173,12 +173,12 @@ static char tiffcrop_rev_date[] = "02-09-2022";
29 #define ROTATECW_270 32
30 #define ROTATE_ANY (ROTATECW_90 | ROTATECW_180 | ROTATECW_270)
31
32-#define CROP_NONE 0
33-#define CROP_MARGINS 1
34-#define CROP_WIDTH 2
35-#define CROP_LENGTH 4
36-#define CROP_ZONES 8
37-#define CROP_REGIONS 16
38+#define CROP_NONE 0 /* "-S" -> Page_MODE_ROWSCOLS and page->rows/->cols != 0 */
39+#define CROP_MARGINS 1 /* "-m" */
40+#define CROP_WIDTH 2 /* "-X" */
41+#define CROP_LENGTH 4 /* "-Y" */
42+#define CROP_ZONES 8 /* "-Z" */
43+#define CROP_REGIONS 16 /* "-z" */
44 #define CROP_ROTATE 32
45 #define CROP_MIRROR 64
46 #define CROP_INVERT 128
47@@ -316,7 +316,7 @@ struct crop_mask {
48 #define PAGE_MODE_RESOLUTION 1
49 #define PAGE_MODE_PAPERSIZE 2
50 #define PAGE_MODE_MARGINS 4
51-#define PAGE_MODE_ROWSCOLS 8
52+#define PAGE_MODE_ROWSCOLS 8 /* for -S option */
53
54 #define INVERT_DATA_ONLY 10
55 #define INVERT_DATA_AND_TAG 11
56@@ -781,7 +781,7 @@ static const char usage_info[] =
57 " The four debug/dump options are independent, though it makes little sense to\n"
58 " specify a dump file without specifying a detail level.\n"
59 "\n"
60-"Note: The (-X|-Y), -Z and -z options are mutually exclusive.\n"
61+"Note: The (-X|-Y), -Z, -z and -S options are mutually exclusive.\n"
62 " In no case should the options be applied to a given selection successively.\n"
63 "\n"
64 ;
65@@ -2131,13 +2131,14 @@ void process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32
66 /*NOTREACHED*/
67 }
68 }
69- /*-- Check for not allowed combinations (e.g. -X, -Y and -Z and -z are mutually exclusive) --*/
70- char XY, Z, R;
71+ /*-- Check for not allowed combinations (e.g. -X, -Y and -Z, -z and -S are mutually exclusive) --*/
72+ char XY, Z, R, S;
73 XY = ((crop_data->crop_mode & CROP_WIDTH) || (crop_data->crop_mode & CROP_LENGTH));
74 Z = (crop_data->crop_mode & CROP_ZONES);
75 R = (crop_data->crop_mode & CROP_REGIONS);
76- if ((XY && Z) || (XY && R) || (Z && R)) {
77- TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z and -z are mutually exclusive.->Exit");
78+ S = (page->mode & PAGE_MODE_ROWSCOLS);
79+ if ((XY && Z) || (XY && R) || (XY && S) || (Z && R) || (Z && S) || (R && S)) {
80+ TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z, -z and -S are mutually exclusive.->Exit");
81 exit(EXIT_FAILURE);
82 }
83 } /* end process_command_opts */
84--
852.34.1
86
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.4.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.4.0.bb
index e30df0b3e9..caf6f60479 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.4.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.4.0.bb
@@ -11,6 +11,7 @@ CVE_PRODUCT = "libtiff"
11SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ 11SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
12 file://0001-fix-the-FPE-in-tiffcrop-415-427-and-428.patch \ 12 file://0001-fix-the-FPE-in-tiffcrop-415-427-and-428.patch \
13 file://CVE-2022-34526.patch \ 13 file://CVE-2022-34526.patch \
14 file://CVE-2022-2953.patch \
14 " 15 "
15 16
16SRC_URI[sha256sum] = "917223b37538959aca3b790d2d73aa6e626b688e02dcda272aec24c2f498abed" 17SRC_URI[sha256sum] = "917223b37538959aca3b790d2d73aa6e626b688e02dcda272aec24c2f498abed"