From 5655adda729d3d53efcbb54d5dbe1991515230e0 Mon Sep 17 00:00:00 2001 From: Zheng Ruoqin Date: Sun, 24 Nov 2019 15:50:19 -0800 Subject: tiff: Refresh patch Refresh CVE-2019-7663.patch as it can't be applyed when using PATCHTOOL = "patch". (From OE-Core rev: 9c44ecdb9bd6d70f0dfde2a8f0b52015fb6a1d86) Signed-off-by: Zheng Ruoqin Signed-off-by: Anuj Mittal Signed-off-by: Richard Purdie --- .../libtiff/tiff/CVE-2019-7663.patch | 71 ++++++++-------------- 1 file changed, 26 insertions(+), 45 deletions(-) (limited to 'meta/recipes-multimedia') diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2019-7663.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2019-7663.patch index f244fb2f32..94e4e33e83 100644 --- a/meta/recipes-multimedia/libtiff/tiff/CVE-2019-7663.patch +++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2019-7663.patch @@ -1,22 +1,37 @@ -CVE: CVE-2019-7663 -Upstream-Status: Backport -Signed-off-by: Ross Burton +CVE: CVE-2019-7663 +Upstream-Status: Backport +Signed-off-by: +Ross Burton From c6fc6c1fa895024c86285c58efd6424cf8078f32 Mon Sep 17 00:00:00 2001 From: Thomas Bernard Date: Mon, 11 Feb 2019 10:05:33 +0100 Subject: [PATCH 1/2] check that (Tile Width)*(Samples/Pixel) do no overflow -fixes bug 2833 +From da6454aa80b9bb3154dfab4e8b21637de47531e0 Mon Sep 17 00:00:00 2001 +From: Thomas Bernard +Date: Mon, 11 Feb 2019 21:42:03 +0100 +Subject: [PATCH 2/2] tiffcp.c: use INT_MAX + +Signed-off-by: Zheng Ruoqin +Refresh this patch as it can't be applyed when using PATCHTOOL = "patch". --- - tools/tiffcp.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) + tools/tiffcp.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/tools/tiffcp.c b/tools/tiffcp.c -index 2f406e2d..f0ee2c02 100644 +index 2f406e2..8c81aa4 100644 --- a/tools/tiffcp.c +++ b/tools/tiffcp.c -@@ -1408,7 +1408,7 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer) +@@ -41,6 +41,7 @@ + #include + #include + #include ++#include + + #include + +@@ -1408,7 +1409,7 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer) int status = 1; uint32 imagew = TIFFRasterScanlineSize(in); uint32 tilew = TIFFTileRowSize(in); @@ -25,11 +40,11 @@ index 2f406e2d..f0ee2c02 100644 tsize_t tilesize = TIFFTileSize(in); tdata_t tilebuf; uint8* bufp = (uint8*) buf; -@@ -1416,6 +1416,12 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer) +@@ -1416,6 +1417,12 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer) uint32 row; uint16 bps = 0, bytes_per_sample; -+ if (spp > (0x7fffffff / tilew)) ++ if (spp > (INT_MAX / tilew)) + { + TIFFError(TIFFFileName(in), "Error, cannot handle that much samples per tile row (Tile Width * Samples/Pixel)"); + return 0; @@ -39,39 +54,5 @@ index 2f406e2d..f0ee2c02 100644 if (tilebuf == 0) return 0; -- -2.20.1 - - -From da6454aa80b9bb3154dfab4e8b21637de47531e0 Mon Sep 17 00:00:00 2001 -From: Thomas Bernard -Date: Mon, 11 Feb 2019 21:42:03 +0100 -Subject: [PATCH 2/2] tiffcp.c: use INT_MAX - ---- - tools/tiffcp.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/tools/tiffcp.c b/tools/tiffcp.c -index f0ee2c02..8c81aa4f 100644 ---- a/tools/tiffcp.c -+++ b/tools/tiffcp.c -@@ -41,6 +41,7 @@ - #include - #include - #include -+#include - - #include - -@@ -1416,7 +1417,7 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer) - uint32 row; - uint16 bps = 0, bytes_per_sample; - -- if (spp > (0x7fffffff / tilew)) -+ if (spp > (INT_MAX / tilew)) - { - TIFFError(TIFFFileName(in), "Error, cannot handle that much samples per tile row (Tile Width * Samples/Pixel)"); - return 0; --- -2.20.1 +2.7.4 -- cgit v1.2.3-54-g00ecf