summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorRichard Purdie <richard.purdie@linuxfoundation.org>2022-02-20 14:53:13 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2022-02-21 07:52:04 +0000
commite600227b136aa21b54f16e218858d640c8942f73 (patch)
tree03711207709ff46d4e068425b20df630a7be9f0c /meta
parentf625c01d91b80b6aca95afcc506a8b55f1c4f311 (diff)
downloadpoky-e600227b136aa21b54f16e218858d640c8942f73.tar.gz
tiff: Add backports for two CVEs from upstream
(From OE-Core rev: 6ae14b4ff7a655b48c6d99ac565d12bf8825414f) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-multimedia/libtiff/tiff/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch (renamed from meta/recipes-multimedia/libtiff/files/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch)0
-rw-r--r--meta/recipes-multimedia/libtiff/tiff/561599c99f987dc32ae110370cfdd7df7975586b.patch30
-rw-r--r--meta/recipes-multimedia/libtiff/tiff/eecb0712f4c3a5b449f70c57988260a667ddbdef.patch32
-rw-r--r--meta/recipes-multimedia/libtiff/tiff_4.3.0.bb4
4 files changed, 65 insertions, 1 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch b/meta/recipes-multimedia/libtiff/tiff/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch
index 72776f09ba..72776f09ba 100644
--- a/meta/recipes-multimedia/libtiff/files/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch
+++ b/meta/recipes-multimedia/libtiff/tiff/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch
diff --git a/meta/recipes-multimedia/libtiff/tiff/561599c99f987dc32ae110370cfdd7df7975586b.patch b/meta/recipes-multimedia/libtiff/tiff/561599c99f987dc32ae110370cfdd7df7975586b.patch
new file mode 100644
index 0000000000..0b41dde606
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/561599c99f987dc32ae110370cfdd7df7975586b.patch
@@ -0,0 +1,30 @@
1From 561599c99f987dc32ae110370cfdd7df7975586b Mon Sep 17 00:00:00 2001
2From: Even Rouault <even.rouault@spatialys.com>
3Date: Sat, 5 Feb 2022 20:36:41 +0100
4Subject: [PATCH] TIFFReadDirectory(): avoid calling memcpy() with a null
5 source pointer and size of zero (fixes #362)
6
7Upstream-Status: Backport
8CVE: CVE-2022-0562
9
10---
11 libtiff/tif_dirread.c | 3 ++-
12 1 file changed, 2 insertions(+), 1 deletion(-)
13
14diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
15index 2bbc4585..23194ced 100644
16--- a/libtiff/tif_dirread.c
17+++ b/libtiff/tif_dirread.c
18@@ -4177,7 +4177,8 @@ TIFFReadDirectory(TIFF* tif)
19 goto bad;
20 }
21
22- memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16_t));
23+ if (old_extrasamples > 0)
24+ memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16_t));
25 _TIFFsetShortArray(&tif->tif_dir.td_sampleinfo, new_sampleinfo, tif->tif_dir.td_extrasamples);
26 _TIFFfree(new_sampleinfo);
27 }
28--
29GitLab
30
diff --git a/meta/recipes-multimedia/libtiff/tiff/eecb0712f4c3a5b449f70c57988260a667ddbdef.patch b/meta/recipes-multimedia/libtiff/tiff/eecb0712f4c3a5b449f70c57988260a667ddbdef.patch
new file mode 100644
index 0000000000..74f9649fdf
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/eecb0712f4c3a5b449f70c57988260a667ddbdef.patch
@@ -0,0 +1,32 @@
1From eecb0712f4c3a5b449f70c57988260a667ddbdef Mon Sep 17 00:00:00 2001
2From: Even Rouault <even.rouault@spatialys.com>
3Date: Sun, 6 Feb 2022 13:08:38 +0100
4Subject: [PATCH] TIFFFetchStripThing(): avoid calling memcpy() with a null
5 source pointer and size of zero (fixes #362)
6
7Upstream-Status: Backport
8CVE: CVE-2022-0561
9
10---
11 libtiff/tif_dirread.c | 5 +++--
12 1 file changed, 3 insertions(+), 2 deletions(-)
13
14diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
15index 23194ced..50ebf8ac 100644
16--- a/libtiff/tif_dirread.c
17+++ b/libtiff/tif_dirread.c
18@@ -5777,8 +5777,9 @@ TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32_t nstrips, uint64_t** l
19 _TIFFfree(data);
20 return(0);
21 }
22- _TIFFmemcpy(resizeddata,data, (uint32_t)dir->tdir_count * sizeof(uint64_t));
23- _TIFFmemset(resizeddata+(uint32_t)dir->tdir_count, 0, (nstrips - (uint32_t)dir->tdir_count) * sizeof(uint64_t));
24+ if( dir->tdir_count )
25+ _TIFFmemcpy(resizeddata,data, (uint32_t)dir->tdir_count * sizeof(uint64_t));
26+ _TIFFmemset(resizeddata+(uint32_t)dir->tdir_count, 0, (nstrips - (uint32_t)dir->tdir_count) * sizeof(uint64_t));
27 _TIFFfree(data);
28 data=resizeddata;
29 }
30--
31GitLab
32
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
index ef8e8460fb..86b55ad284 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
@@ -9,7 +9,9 @@ LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=34da3db46fab7501992f9615d7e158cf"
9CVE_PRODUCT = "libtiff" 9CVE_PRODUCT = "libtiff"
10 10
11SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ 11SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
12 file://0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch" 12 file://0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch \
13 file://561599c99f987dc32ae110370cfdd7df7975586b.patch \
14 file://eecb0712f4c3a5b449f70c57988260a667ddbdef.patch"
13 15
14SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8" 16SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8"
15 17