summaryrefslogtreecommitdiffstats
path: root/meta/recipes-multimedia/libtiff/files/CVE-2022-3597_3626_3627.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-multimedia/libtiff/files/CVE-2022-3597_3626_3627.patch')
-rw-r--r--meta/recipes-multimedia/libtiff/files/CVE-2022-3597_3626_3627.patch123
1 files changed, 123 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2022-3597_3626_3627.patch b/meta/recipes-multimedia/libtiff/files/CVE-2022-3597_3626_3627.patch
new file mode 100644
index 0000000000..18a4b4e0ff
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2022-3597_3626_3627.patch
@@ -0,0 +1,123 @@
1From f7c06c395daf1b2c52ab431e00db2d9fc2ac993e Mon Sep 17 00:00:00 2001
2From: Su Laus <sulau@freenet.de>
3Date: Tue, 10 May 2022 20:03:17 +0000
4Subject: [PATCH] tiffcrop: Fix issue #330 and some more from 320 to 349
5
6Upstream-Status: Backport [import from debian http://security.debian.org/debian-security/pool/updates/main/t/tiff/tiff_4.1.0+git191117-2~deb10u7.debian.tar.xz ]
7CVE: CVE-2022-3597 CVE-2022-3626 CVE-2022-3627
8Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
9
10Origin: https://gitlab.com/libtiff/libtiff/-/commit/e319508023580e2f70e6e626f745b5b2a1707313
11Origin: https://gitlab.com/libtiff/libtiff/-/commit/8fe3735942ea1d90d8cef843b55b3efe8ab6feaf
12Origin: https://gitlab.com/libtiff/libtiff/-/commit/bad48e90b410df32172006c7876da449ba62cdba
13Origin: https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047
14Reviewed-by: Sylvain Beucler <beuc@debian.org>
15Last-Update: 2023-01-17
16
17---
18 tools/tiffcrop.c | 50 ++++++++++++++++++++++++++++++++++++++++--------
19 1 file changed, 42 insertions(+), 8 deletions(-)
20
21diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
22index c923920..a0789a3 100644
23--- a/tools/tiffcrop.c
24+++ b/tools/tiffcrop.c
25@@ -103,7 +103,12 @@
26 * selects which functions dump data, with higher numbers selecting
27 * lower level, scanline level routines. Debug reports a limited set
28 * of messages to monitor progess without enabling dump logs.
29- */
30+ *
31+ * Note 1: The (-X|-Y), -Z, -z and -S options are mutually exclusive.
32+ * In no case should the options be applied to a given selection successively.
33+ * Note 2: Any of the -X, -Y, -Z and -z options together with other PAGE_MODE_x options
34+ * such as -H, -V, -P, -J or -K are not supported and may cause buffer overflows.
35+ */
36
37 static char tiffcrop_version_id[] = "2.4.1";
38 static char tiffcrop_rev_date[] = "03-03-2010";
39@@ -176,12 +181,12 @@ extern int getopt(int argc, char * const argv[], const char *optstring);
40 #define ROTATECW_270 32
41 #define ROTATE_ANY (ROTATECW_90 | ROTATECW_180 | ROTATECW_270)
42
43-#define CROP_NONE 0
44-#define CROP_MARGINS 1
45-#define CROP_WIDTH 2
46-#define CROP_LENGTH 4
47-#define CROP_ZONES 8
48-#define CROP_REGIONS 16
49+#define CROP_NONE 0 /* "-S" -> Page_MODE_ROWSCOLS and page->rows/->cols != 0 */
50+#define CROP_MARGINS 1 /* "-m" */
51+#define CROP_WIDTH 2 /* "-X" */
52+#define CROP_LENGTH 4 /* "-Y" */
53+#define CROP_ZONES 8 /* "-Z" */
54+#define CROP_REGIONS 16 /* "-z" */
55 #define CROP_ROTATE 32
56 #define CROP_MIRROR 64
57 #define CROP_INVERT 128
58@@ -323,7 +328,7 @@ struct crop_mask {
59 #define PAGE_MODE_RESOLUTION 1
60 #define PAGE_MODE_PAPERSIZE 2
61 #define PAGE_MODE_MARGINS 4
62-#define PAGE_MODE_ROWSCOLS 8
63+#define PAGE_MODE_ROWSCOLS 8 /* for -S option */
64
65 #define INVERT_DATA_ONLY 10
66 #define INVERT_DATA_AND_TAG 11
67@@ -754,6 +759,12 @@ static char* usage_info[] = {
68 " The four debug/dump options are independent, though it makes little sense to",
69 " specify a dump file without specifying a detail level.",
70 " ",
71+"Note 1: The (-X|-Y), -Z, -z and -S options are mutually exclusive.",
72+" In no case should the options be applied to a given selection successively.",
73+" ",
74+"Note 2: Any of the -X, -Y, -Z and -z options together with other PAGE_MODE_x options",
75+" such as - H, -V, -P, -J or -K are not supported and may cause buffer overflows.",
76+" ",
77 NULL
78 };
79
80@@ -2112,6 +2123,27 @@ void process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32
81 /*NOTREACHED*/
82 }
83 }
84+ /*-- Check for not allowed combinations (e.g. -X, -Y and -Z, -z and -S are mutually exclusive) --*/
85+ char XY, Z, R, S;
86+ XY = ((crop_data->crop_mode & CROP_WIDTH) || (crop_data->crop_mode & CROP_LENGTH)) ? 1 : 0;
87+ Z = (crop_data->crop_mode & CROP_ZONES) ? 1 : 0;
88+ R = (crop_data->crop_mode & CROP_REGIONS) ? 1 : 0;
89+ S = (page->mode & PAGE_MODE_ROWSCOLS) ? 1 : 0;
90+ if (XY + Z + R + S > 1) {
91+ TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z, -z and -S are mutually exclusive.->exit");
92+ exit(EXIT_FAILURE);
93+ }
94+
95+ /* Check for not allowed combination:
96+ * Any of the -X, -Y, -Z and -z options together with other PAGE_MODE_x options
97+ * such as -H, -V, -P, -J or -K are not supported and may cause buffer overflows.
98+. */
99+ if ((XY + Z + R > 0) && page->mode != PAGE_MODE_NONE) {
100+ TIFFError("tiffcrop input error",
101+ "Any of the crop options -X, -Y, -Z and -z together with other PAGE_MODE_x options such as - H, -V, -P, -J or -K is not supported and may cause buffer overflows..->exit");
102+ exit(EXIT_FAILURE);
103+ }
104+
105 } /* end process_command_opts */
106
107 /* Start a new output file if one has not been previously opened or
108@@ -2384,6 +2416,7 @@ main(int argc, char* argv[])
109 exit (-1);
110 }
111
112+ /* Crop input image and copy zones and regions from input image into seg_buffs or crop_buff. */
113 if (crop.selections > 0)
114 {
115 if (processCropSelections(&image, &crop, &read_buff, seg_buffs))
116@@ -2400,6 +2433,7 @@ main(int argc, char* argv[])
117 exit (-1);
118 }
119 }
120+ /* Format and write selected image parts to output file(s). */
121 if (page.mode == PAGE_MODE_NONE)
122 { /* Whole image or sections not based on output page size */
123 if (crop.selections > 0)