libTiff: CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 DoS from Divide By Zero Error

Source: https://gitlab.com/libtiff/libtiff MR: 119341 Type: Security Fix Disposition: Backport from https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab ChangeID: 6cea4937a34a618567a42cef8c41961ade2f3a07 Description: CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 libTiff: DoS from Divide By Zero Error. (From OE-Core rev: 429c2c89b65b8e226d4e0d6f94d43300989c143e) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Hitendra Prajapati <hprajapati@mvista.com> 2022-07-27 13:46:02 +0530
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-08-08 16:23:34 +0100
commit: 038831674e259312ef5e72d11bcdf754e50f264b (patch)
tree: 99a989db65abc7ec56c5b084a19a37c334b23d65 /meta
parent: 25606f450dc91ef1a09cfa3d5117b1e1e4bcc6f2 (diff)
download: poky-038831674e259312ef5e72d11bcdf754e50f264b.tar.gz
2 files changed, 184 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2022-2056-CVE-2022-2057-CVE-2022-2058.patch b/meta/recipes-multimedia/libtiff/files/CVE-2022-2056-CVE-2022-2057-CVE-2022-2058.patch
new file mode 100644
index 0000000000..01e81349a2
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2022-2056-CVE-2022-2057-CVE-2022-2058.patch
@@ -0,0 +1,183 @@
+From 8261237113a53cd21029c4a8cbb62c47b4c19523 Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Wed, 27 Jul 2022 11:30:18 +0530
+Subject: [PATCH] CVE-2022-2056 CVE-2022-2057 CVE-2022-2058
+Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab]
+CVE: CVE-2022-2056 CVE-2022-2057 CVE-2022-2058
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ libtiff/tif_aux.c |  9 +++++++
+ libtiff/tiffiop.h |  1 +
+ tools/tiffcrop.c  | 62 ++++++++++++++++++++++++++---------------------
+ 3 files changed, 44 insertions(+), 28 deletions(-)
+diff --git a/libtiff/tif_aux.c b/libtiff/tif_aux.c
+index 8188db5..3dac542 100644
+--- a/libtiff/tif_aux.c
+++ b/libtiff/tif_aux.c
+@@ -402,6 +402,15 @@ float _TIFFClampDoubleToFloat( double val )
+     return (float)val;
+ }
+ 
+uint32 _TIFFClampDoubleToUInt32(double val)
+{
+    if( val < 0 )
+        return 0;
+    if( val > 0xFFFFFFFFU || val != val )
+        return 0xFFFFFFFFU;
+    return (uint32)val;
+}
+
+ int _TIFFSeekOK(TIFF* tif, toff_t off)
+ {
+     /* Huge offsets, especially -1 / UINT64_MAX, can cause issues */
+diff --git a/libtiff/tiffiop.h b/libtiff/tiffiop.h
+index 45a7932..c6f6f93 100644
+--- a/libtiff/tiffiop.h
+++ b/libtiff/tiffiop.h
+@@ -393,6 +393,7 @@ extern double _TIFFUInt64ToDouble(uint64);
+ extern float _TIFFUInt64ToFloat(uint64);
+ 
+ extern float _TIFFClampDoubleToFloat(double);
+extern uint32 _TIFFClampDoubleToUInt32(double);
+ 
+ extern tmsize_t
+ _TIFFReadEncodedStripAndAllocBuffer(TIFF* tif, uint32 strip,
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index c2c2052..79dd0a0 100644
+--- a/tools/tiffcrop.c
+++ b/tools/tiffcrop.c
+@@ -5141,17 +5141,17 @@ computeInputPixelOffsets(struct crop_mask *crop, struct image_data *image,
+       {
+       if ((crop->res_unit == RESUNIT_INCH) || (crop->res_unit == RESUNIT_CENTIMETER))
+         {
+-       x1 = (uint32) (crop->corners[i].X1 * scale * xres);
+-       x2 = (uint32) (crop->corners[i].X2 * scale * xres);
+-       y1 = (uint32) (crop->corners[i].Y1 * scale * yres);
+-       y2 = (uint32) (crop->corners[i].Y2 * scale * yres);
+       x1 = _TIFFClampDoubleToUInt32(crop->corners[i].X1 * scale * xres);
+       x2 = _TIFFClampDoubleToUInt32(crop->corners[i].X2 * scale * xres);
+       y1 = _TIFFClampDoubleToUInt32(crop->corners[i].Y1 * scale * yres);
+       y2 = _TIFFClampDoubleToUInt32(crop->corners[i].Y2 * scale * yres);
+         }
+       else
+         {
+-       x1 = (uint32) (crop->corners[i].X1);
+-       x2 = (uint32) (crop->corners[i].X2);
+-       y1 = (uint32) (crop->corners[i].Y1);
+-       y2 = (uint32) (crop->corners[i].Y2);       
+       x1 = _TIFFClampDoubleToUInt32(crop->corners[i].X1);
+       x2 = _TIFFClampDoubleToUInt32(crop->corners[i].X2);
+       y1 = _TIFFClampDoubleToUInt32(crop->corners[i].Y1);
+       y2 = _TIFFClampDoubleToUInt32(crop->corners[i].Y2);
+        }
+       if (x1 < 1)
+         crop->regionlist[i].x1 = 0;
+@@ -5214,17 +5214,17 @@ computeInputPixelOffsets(struct crop_mask *crop, struct image_data *image,
+     {
+     if (crop->res_unit != RESUNIT_INCH && crop->res_unit != RESUNIT_CENTIMETER)
+       { /* User has specified pixels as reference unit */
+-      tmargin = (uint32)(crop->margins[0]);
+-      lmargin = (uint32)(crop->margins[1]);
+-      bmargin = (uint32)(crop->margins[2]);
+-      rmargin = (uint32)(crop->margins[3]);
+      tmargin = _TIFFClampDoubleToUInt32(crop->margins[0]);
+      lmargin = _TIFFClampDoubleToUInt32(crop->margins[1]);
+      bmargin = _TIFFClampDoubleToUInt32(crop->margins[2]);
+      rmargin = _TIFFClampDoubleToUInt32(crop->margins[3]);
+       }
+     else
+       { /* inches or centimeters specified */
+-      tmargin = (uint32)(crop->margins[0] * scale * yres);
+-      lmargin = (uint32)(crop->margins[1] * scale * xres);
+-      bmargin = (uint32)(crop->margins[2] * scale * yres);
+-      rmargin = (uint32)(crop->margins[3] * scale * xres);
+      tmargin = _TIFFClampDoubleToUInt32(crop->margins[0] * scale * yres);
+      lmargin = _TIFFClampDoubleToUInt32(crop->margins[1] * scale * xres);
+      bmargin = _TIFFClampDoubleToUInt32(crop->margins[2] * scale * yres);
+      rmargin = _TIFFClampDoubleToUInt32(crop->margins[3] * scale * xres);
+       }
+ 
+     if ((lmargin + rmargin) > image->width)
+@@ -5254,24 +5254,24 @@ computeInputPixelOffsets(struct crop_mask *crop, struct image_data *image,
+   if (crop->res_unit != RESUNIT_INCH && crop->res_unit != RESUNIT_CENTIMETER)
+     {
+     if (crop->crop_mode & CROP_WIDTH)
+-      width = (uint32)crop->width;
+      width = _TIFFClampDoubleToUInt32(crop->width);
+     else
+       width = image->width - lmargin - rmargin;
+ 
+     if (crop->crop_mode & CROP_LENGTH)
+-      length  = (uint32)crop->length;
+      length  = _TIFFClampDoubleToUInt32(crop->length);
+     else
+       length = image->length - tmargin - bmargin;
+     }
+   else
+     {
+     if (crop->crop_mode & CROP_WIDTH)
+-      width = (uint32)(crop->width * scale * image->xres);
+      width = _TIFFClampDoubleToUInt32(crop->width * scale * image->xres);
+     else
+       width = image->width - lmargin - rmargin;
+ 
+     if (crop->crop_mode & CROP_LENGTH)
+-      length  = (uint32)(crop->length * scale * image->yres);
+      length  = _TIFFClampDoubleToUInt32(crop->length * scale * image->yres);
+     else
+       length = image->length - tmargin - bmargin;
+     }
+@@ -5670,13 +5670,13 @@ computeOutputPixelOffsets (struct crop_mask *crop, struct image_data *image,
+     {
+     if (page->res_unit == RESUNIT_INCH || page->res_unit == RESUNIT_CENTIMETER)
+       { /* inches or centimeters specified */
+-      hmargin = (uint32)(page->hmargin * scale * page->hres * ((image->bps + 7)/ 8));
+-      vmargin = (uint32)(page->vmargin * scale * page->vres * ((image->bps + 7)/ 8));
+      hmargin = _TIFFClampDoubleToUInt32(page->hmargin * scale * page->hres * ((image->bps + 7) / 8));
+      vmargin = _TIFFClampDoubleToUInt32(page->vmargin * scale * page->vres * ((image->bps + 7) / 8));
+       }
+     else
+       { /* Otherwise user has specified pixels as reference unit */
+-      hmargin = (uint32)(page->hmargin * scale * ((image->bps + 7)/ 8));
+-      vmargin = (uint32)(page->vmargin * scale * ((image->bps + 7)/ 8));
+      hmargin = _TIFFClampDoubleToUInt32(page->hmargin * scale * ((image->bps + 7) / 8));
+      vmargin = _TIFFClampDoubleToUInt32(page->vmargin * scale * ((image->bps + 7) / 8));
+       }
+ 
+     if ((hmargin * 2.0) > (pwidth * page->hres))
+@@ -5714,13 +5714,13 @@ computeOutputPixelOffsets (struct crop_mask *crop, struct image_data *image,
+     {
+     if (page->mode & PAGE_MODE_PAPERSIZE )
+       {
+-      owidth  = (uint32)((pwidth * page->hres) - (hmargin * 2));
+-      olength = (uint32)((plength * page->vres) - (vmargin * 2));
+      owidth  = _TIFFClampDoubleToUInt32((pwidth * page->hres) - (hmargin * 2));
+      olength = _TIFFClampDoubleToUInt32((plength * page->vres) - (vmargin * 2));
+       }
+     else
+       {
+-      owidth = (uint32)(iwidth - (hmargin * 2 * page->hres));
+-      olength = (uint32)(ilength - (vmargin * 2 * page->vres));
+      owidth = _TIFFClampDoubleToUInt32(iwidth - (hmargin * 2 * page->hres));
+      olength = _TIFFClampDoubleToUInt32(ilength - (vmargin * 2 * page->vres));
+       }
+     }
+ 
+@@ -5729,6 +5729,12 @@ computeOutputPixelOffsets (struct crop_mask *crop, struct image_data *image,
+   if (olength > ilength)
+     olength = ilength;
+ 
+  if (owidth == 0 || olength == 0)
+  {
+    TIFFError("computeOutputPixelOffsets", "Integer overflow when calculating the number of pages");
+    exit(EXIT_FAILURE);
+  }
+
+   /* Compute the number of pages required for Portrait or Landscape */
+   switch (page->orient)
+     {
+-- 
+2.25.1
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
index 75bc20de78..4383f7af8e 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
@@ -24,6 +24,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
           file://CVE-2022-0909.patch \
           file://CVE-2022-0891.patch \
           file://CVE-2022-0924.patch \
+           file://CVE-2022-2056-CVE-2022-2057-CVE-2022-2058.patch \
          "
 SRC_URI[md5sum] = "2165e7aba557463acc0664e71a3ed424"
 SRC_URI[sha256sum] = "5d29f32517dadb6dbcd1255ea5bbc93a2b54b94fbf83653b4d65c7d6775b8634"
author	Hitendra Prajapati <hprajapati@mvista.com>	2022-07-27 13:46:02 +0530
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-08-08 16:23:34 +0100
commit	038831674e259312ef5e72d11bcdf754e50f264b (patch)
tree	99a989db65abc7ec56c5b084a19a37c334b23d65 /meta
parent	25606f450dc91ef1a09cfa3d5117b1e1e4bcc6f2 (diff)
download	poky-038831674e259312ef5e72d11bcdf754e50f264b.tar.gz

diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2022-2056-CVE-2022-2057-CVE-2022-2058.patch b/meta/recipes-multimedia/libtiff/files/CVE-2022-2056-CVE-2022-2057-CVE-2022-2058.patch new file mode 100644 index 0000000000..01e81349a2 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/CVE-2022-2056-CVE-2022-2057-CVE-2022-2058.patch
@@ -0,0 +1,183 @@
		1	From 8261237113a53cd21029c4a8cbb62c47b4c19523 Mon Sep 17 00:00:00 2001
		2	From: Hitendra Prajapati <hprajapati@mvista.com>
		3	Date: Wed, 27 Jul 2022 11:30:18 +0530
		4	Subject: [PATCH] CVE-2022-2056 CVE-2022-2057 CVE-2022-2058
		5
		6	Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab]
		7	CVE: CVE-2022-2056 CVE-2022-2057 CVE-2022-2058
		8	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
		9	---
		10	libtiff/tif_aux.c \| 9 +++++++
		11	libtiff/tiffiop.h \| 1 +
		12	tools/tiffcrop.c \| 62 ++++++++++++++++++++++++++---------------------
		13	3 files changed, 44 insertions(+), 28 deletions(-)
		14
		15	diff --git a/libtiff/tif_aux.c b/libtiff/tif_aux.c
		16	index 8188db5..3dac542 100644
		17	--- a/libtiff/tif_aux.c
		18	+++ b/libtiff/tif_aux.c
		19	@@ -402,6 +402,15 @@ float _TIFFClampDoubleToFloat( double val )
		20	return (float)val;
		21	}
		22
		23	+uint32 _TIFFClampDoubleToUInt32(double val)
		24	+{
		25	+ if( val < 0 )
		26	+ return 0;
		27	+ if( val > 0xFFFFFFFFU \|\| val != val )
		28	+ return 0xFFFFFFFFU;
		29	+ return (uint32)val;
		30	+}
		31	+
		32	int _TIFFSeekOK(TIFF* tif, toff_t off)
		33	{
		34	/* Huge offsets, especially -1 / UINT64_MAX, can cause issues */
		35	diff --git a/libtiff/tiffiop.h b/libtiff/tiffiop.h
		36	index 45a7932..c6f6f93 100644
		37	--- a/libtiff/tiffiop.h
		38	+++ b/libtiff/tiffiop.h
		39	@@ -393,6 +393,7 @@ extern double _TIFFUInt64ToDouble(uint64);
		40	extern float _TIFFUInt64ToFloat(uint64);
		41
		42	extern float _TIFFClampDoubleToFloat(double);
		43	+extern uint32 _TIFFClampDoubleToUInt32(double);
		44
		45	extern tmsize_t
		46	_TIFFReadEncodedStripAndAllocBuffer(TIFF* tif, uint32 strip,
		47	diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
		48	index c2c2052..79dd0a0 100644
		49	--- a/tools/tiffcrop.c
		50	+++ b/tools/tiffcrop.c
		51	@@ -5141,17 +5141,17 @@ computeInputPixelOffsets(struct crop_mask crop, struct image_data image,
		52	{
		53	if ((crop->res_unit == RESUNIT_INCH) \|\| (crop->res_unit == RESUNIT_CENTIMETER))
		54	{
		55	- x1 = (uint32) (crop->corners[i].X1 * scale * xres);
		56	- x2 = (uint32) (crop->corners[i].X2 * scale * xres);
		57	- y1 = (uint32) (crop->corners[i].Y1 * scale * yres);
		58	- y2 = (uint32) (crop->corners[i].Y2 * scale * yres);
		59	+ x1 = _TIFFClampDoubleToUInt32(crop->corners[i].X1 * scale * xres);
		60	+ x2 = _TIFFClampDoubleToUInt32(crop->corners[i].X2 * scale * xres);
		61	+ y1 = _TIFFClampDoubleToUInt32(crop->corners[i].Y1 * scale * yres);
		62	+ y2 = _TIFFClampDoubleToUInt32(crop->corners[i].Y2 * scale * yres);
		63	}
		64	else
		65	{
		66	- x1 = (uint32) (crop->corners[i].X1);
		67	- x2 = (uint32) (crop->corners[i].X2);
		68	- y1 = (uint32) (crop->corners[i].Y1);
		69	- y2 = (uint32) (crop->corners[i].Y2);
		70	+ x1 = _TIFFClampDoubleToUInt32(crop->corners[i].X1);
		71	+ x2 = _TIFFClampDoubleToUInt32(crop->corners[i].X2);
		72	+ y1 = _TIFFClampDoubleToUInt32(crop->corners[i].Y1);
		73	+ y2 = _TIFFClampDoubleToUInt32(crop->corners[i].Y2);
		74	}
		75	if (x1 < 1)
		76	crop->regionlist[i].x1 = 0;
		77	@@ -5214,17 +5214,17 @@ computeInputPixelOffsets(struct crop_mask crop, struct image_data image,
		78	{
		79	if (crop->res_unit != RESUNIT_INCH && crop->res_unit != RESUNIT_CENTIMETER)
		80	{ /* User has specified pixels as reference unit */
		81	- tmargin = (uint32)(crop->margins[0]);
		82	- lmargin = (uint32)(crop->margins[1]);
		83	- bmargin = (uint32)(crop->margins[2]);
		84	- rmargin = (uint32)(crop->margins[3]);
		85	+ tmargin = _TIFFClampDoubleToUInt32(crop->margins[0]);
		86	+ lmargin = _TIFFClampDoubleToUInt32(crop->margins[1]);
		87	+ bmargin = _TIFFClampDoubleToUInt32(crop->margins[2]);
		88	+ rmargin = _TIFFClampDoubleToUInt32(crop->margins[3]);
		89	}
		90	else
		91	{ /* inches or centimeters specified */
		92	- tmargin = (uint32)(crop->margins[0] * scale * yres);
		93	- lmargin = (uint32)(crop->margins[1] * scale * xres);
		94	- bmargin = (uint32)(crop->margins[2] * scale * yres);
		95	- rmargin = (uint32)(crop->margins[3] * scale * xres);
		96	+ tmargin = _TIFFClampDoubleToUInt32(crop->margins[0] * scale * yres);
		97	+ lmargin = _TIFFClampDoubleToUInt32(crop->margins[1] * scale * xres);
		98	+ bmargin = _TIFFClampDoubleToUInt32(crop->margins[2] * scale * yres);
		99	+ rmargin = _TIFFClampDoubleToUInt32(crop->margins[3] * scale * xres);
		100	}
		101
		102	if ((lmargin + rmargin) > image->width)
		103	@@ -5254,24 +5254,24 @@ computeInputPixelOffsets(struct crop_mask crop, struct image_data image,
		104	if (crop->res_unit != RESUNIT_INCH && crop->res_unit != RESUNIT_CENTIMETER)
		105	{
		106	if (crop->crop_mode & CROP_WIDTH)
		107	- width = (uint32)crop->width;
		108	+ width = _TIFFClampDoubleToUInt32(crop->width);
		109	else
		110	width = image->width - lmargin - rmargin;
		111
		112	if (crop->crop_mode & CROP_LENGTH)
		113	- length = (uint32)crop->length;
		114	+ length = _TIFFClampDoubleToUInt32(crop->length);
		115	else
		116	length = image->length - tmargin - bmargin;
		117	}
		118	else
		119	{
		120	if (crop->crop_mode & CROP_WIDTH)
		121	- width = (uint32)(crop->width * scale * image->xres);
		122	+ width = _TIFFClampDoubleToUInt32(crop->width * scale * image->xres);
		123	else
		124	width = image->width - lmargin - rmargin;
		125
		126	if (crop->crop_mode & CROP_LENGTH)
		127	- length = (uint32)(crop->length * scale * image->yres);
		128	+ length = _TIFFClampDoubleToUInt32(crop->length * scale * image->yres);
		129	else
		130	length = image->length - tmargin - bmargin;
		131	}
		132	@@ -5670,13 +5670,13 @@ computeOutputPixelOffsets (struct crop_mask crop, struct image_data image,
		133	{
		134	if (page->res_unit == RESUNIT_INCH \|\| page->res_unit == RESUNIT_CENTIMETER)
		135	{ /* inches or centimeters specified */
		136	- hmargin = (uint32)(page->hmargin * scale * page->hres * ((image->bps + 7)/ 8));
		137	- vmargin = (uint32)(page->vmargin * scale * page->vres * ((image->bps + 7)/ 8));
		138	+ hmargin = _TIFFClampDoubleToUInt32(page->hmargin * scale * page->hres * ((image->bps + 7) / 8));
		139	+ vmargin = _TIFFClampDoubleToUInt32(page->vmargin * scale * page->vres * ((image->bps + 7) / 8));
		140	}
		141	else
		142	{ /* Otherwise user has specified pixels as reference unit */
		143	- hmargin = (uint32)(page->hmargin * scale * ((image->bps + 7)/ 8));
		144	- vmargin = (uint32)(page->vmargin * scale * ((image->bps + 7)/ 8));
		145	+ hmargin = _TIFFClampDoubleToUInt32(page->hmargin * scale * ((image->bps + 7) / 8));
		146	+ vmargin = _TIFFClampDoubleToUInt32(page->vmargin * scale * ((image->bps + 7) / 8));
		147	}
		148
		149	if ((hmargin * 2.0) > (pwidth * page->hres))
		150	@@ -5714,13 +5714,13 @@ computeOutputPixelOffsets (struct crop_mask crop, struct image_data image,
		151	{
		152	if (page->mode & PAGE_MODE_PAPERSIZE )
		153	{
		154	- owidth = (uint32)((pwidth * page->hres) - (hmargin * 2));
		155	- olength = (uint32)((plength * page->vres) - (vmargin * 2));
		156	+ owidth = _TIFFClampDoubleToUInt32((pwidth * page->hres) - (hmargin * 2));
		157	+ olength = _TIFFClampDoubleToUInt32((plength * page->vres) - (vmargin * 2));
		158	}
		159	else
		160	{
		161	- owidth = (uint32)(iwidth - (hmargin * 2 * page->hres));
		162	- olength = (uint32)(ilength - (vmargin * 2 * page->vres));
		163	+ owidth = _TIFFClampDoubleToUInt32(iwidth - (hmargin * 2 * page->hres));
		164	+ olength = _TIFFClampDoubleToUInt32(ilength - (vmargin * 2 * page->vres));
		165	}
		166	}
		167
		168	@@ -5729,6 +5729,12 @@ computeOutputPixelOffsets (struct crop_mask crop, struct image_data image,
		169	if (olength > ilength)
		170	olength = ilength;
		171
		172	+ if (owidth == 0 \|\| olength == 0)
		173	+ {
		174	+ TIFFError("computeOutputPixelOffsets", "Integer overflow when calculating the number of pages");
		175	+ exit(EXIT_FAILURE);
		176	+ }
		177	+
		178	/* Compute the number of pages required for Portrait or Landscape */
		179	switch (page->orient)
		180	{
		181	--
		182	2.25.1
		183


diff --git a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb index 75bc20de78..4383f7af8e 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
@@ -24,6 +24,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
24	file://CVE-2022-0909.patch \	24	file://CVE-2022-0909.patch \
25	file://CVE-2022-0891.patch \	25	file://CVE-2022-0891.patch \
26	file://CVE-2022-0924.patch \	26	file://CVE-2022-0924.patch \
		27	file://CVE-2022-2056-CVE-2022-2057-CVE-2022-2058.patch \
27	"	28	"
28	SRC_URI[md5sum] = "2165e7aba557463acc0664e71a3ed424"	29	SRC_URI[md5sum] = "2165e7aba557463acc0664e71a3ed424"
29	SRC_URI[sha256sum] = "5d29f32517dadb6dbcd1255ea5bbc93a2b54b94fbf83653b4d65c7d6775b8634"	30	SRC_URI[sha256sum] = "5d29f32517dadb6dbcd1255ea5bbc93a2b54b94fbf83653b4d65c7d6775b8634"