1 files changed, 35 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-26966.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-26966.patch
new file mode 100644
index 0000000000..48657e6aa4
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2023-26966.patch
@@ -0,0 +1,35 @@
+From b0e1c25dd1d065200c8d8f59ad0afe014861a1b9 Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Thu, 16 Feb 2023 12:03:16 +0100
+Subject: [PATCH] tif_luv: Check and correct for NaN data in uv_encode().
+Closes #530
+Upstream-Status: Backport [import from debian http://security.debian.org/debian-security/pool/updates/main/t/tiff/tiff_4.1.0+git191117-2~deb10u8.debian.tar.xz]
+CVE: CVE-2023-26966
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ libtiff/tif_luv.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+diff --git a/libtiff/tif_luv.c b/libtiff/tif_luv.c
+index 6fe4858..8b2c5f1 100644
+--- a/libtiff/tif_luv.c
+++ b/libtiff/tif_luv.c
+@@ -923,6 +923,13 @@ uv_encode(double u, double v, int em)      /* encode (u',v') coordinates */
+ {
+        register int    vi, ui;
+ 
+       /* check for NaN */
+       if (u != u || v != v)
+       {
+               u = U_NEU;
+               v = V_NEU;
+        }
+
+        if (v < UV_VSTART)
+                return oog_encode(u, v);
+        vi = itrunc((v - UV_VSTART)*(1./UV_SQSIZ), em);
+-- 
+2.25.1

diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-26966.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-26966.patch new file mode 100644 index 0000000000..48657e6aa4 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/CVE-2023-26966.patch
@@ -0,0 +1,35 @@
	1	From b0e1c25dd1d065200c8d8f59ad0afe014861a1b9 Mon Sep 17 00:00:00 2001
	2	From: Su_Laus <sulau@freenet.de>
	3	Date: Thu, 16 Feb 2023 12:03:16 +0100
	4	Subject: [PATCH] tif_luv: Check and correct for NaN data in uv_encode().
	5
	6	Closes #530
	7
	8	Upstream-Status: Backport [import from debian http://security.debian.org/debian-security/pool/updates/main/t/tiff/tiff_4.1.0+git191117-2~deb10u8.debian.tar.xz]
	9	CVE: CVE-2023-26966
	10	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
	11	---
	12	libtiff/tif_luv.c \| 7 +++++++
	13	1 file changed, 7 insertions(+)
	14
	15	diff --git a/libtiff/tif_luv.c b/libtiff/tif_luv.c
	16	index 6fe4858..8b2c5f1 100644
	17	--- a/libtiff/tif_luv.c
	18	+++ b/libtiff/tif_luv.c
	19	@@ -923,6 +923,13 @@ uv_encode(double u, double v, int em) /* encode (u',v') coordinates */
	20	{
	21	register int vi, ui;
	22
	23	+ /* check for NaN */
	24	+ if (u != u \|\| v != v)
	25	+ {
	26	+ u = U_NEU;
	27	+ v = V_NEU;
	28	+ }
	29	+
	30	if (v < UV_VSTART)
	31	return oog_encode(u, v);
	32	vi = itrunc((v - UV_VSTART)*(1./UV_SQSIZ), em);
	33	--
	34	2.25.1
	35