libtiff: fix CVE-2023-26966 Buffer Overflow

Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/b0e1c25dd1d065200c8d8f59ad0afe014861a1b9 (From OE-Core rev: 0619953c9d87ec2dd670dc50f15170e5c42f95c7) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Hitendra Prajapati <hprajapati@mvista.com> 2023-08-30 17:51:14 +0530
committer: Steve Sakoman <steve@sakoman.com> 2023-09-08 16:09:41 -1000
commit: be24e2265142fcfe8151811e165c151e948c1bff (patch)
tree: bcca28ade78511354d464edaeb46eafbafeb78e9
parent: a56109b944049152635f86d5bcde58a7996718a0 (diff)
download: poky-be24e2265142fcfe8151811e165c151e948c1bff.tar.gz
2 files changed, 36 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-26966.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-26966.patch
new file mode 100644
index 0000000000..85764304f9
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-26966.patch
@@ -0,0 +1,35 @@
+From b0e1c25dd1d065200c8d8f59ad0afe014861a1b9 Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Thu, 16 Feb 2023 12:03:16 +0100
+Subject: [PATCH] tif_luv: Check and correct for NaN data in uv_encode().
+Closes #530
+Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/b0e1c25dd1d065200c8d8f59ad0afe014861a1b9]
+CVE: CVE-2023-26966
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ libtiff/tif_luv.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+diff --git a/libtiff/tif_luv.c b/libtiff/tif_luv.c
+index 13765ea..40b2719 100644
+--- a/libtiff/tif_luv.c
+++ b/libtiff/tif_luv.c
+@@ -908,6 +908,13 @@ uv_encode(double u, double v, int em)      /* encode (u',v') coordinates */
+ {
+        register int    vi, ui;
+ 
+       /* check for NaN */
+       if (u != u || v != v)
+       {
+               u = U_NEU;
+               v = V_NEU;
+        }
+
+        if (v < UV_VSTART)
+                return oog_encode(u, v);
+        vi = tiff_itrunc((v - UV_VSTART)*(1./UV_SQSIZ), em);
+-- 
+2.25.1
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
index 8e69621afb..61d8142e41 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
@@ -42,6 +42,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
           file://CVE-2023-3316.patch \
           file://CVE-2023-3618-1.patch \
           file://CVE-2023-3618-2.patch \
+           file://CVE-2023-26966.patch \
           "
 SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8"
author	Hitendra Prajapati <hprajapati@mvista.com>	2023-08-30 17:51:14 +0530
committer	Steve Sakoman <steve@sakoman.com>	2023-09-08 16:09:41 -1000
commit	be24e2265142fcfe8151811e165c151e948c1bff (patch)
tree	bcca28ade78511354d464edaeb46eafbafeb78e9
parent	a56109b944049152635f86d5bcde58a7996718a0 (diff)
download	poky-be24e2265142fcfe8151811e165c151e948c1bff.tar.gz

diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-26966.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-26966.patch new file mode 100644 index 0000000000..85764304f9 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-26966.patch
@@ -0,0 +1,35 @@
		1	From b0e1c25dd1d065200c8d8f59ad0afe014861a1b9 Mon Sep 17 00:00:00 2001
		2	From: Su_Laus <sulau@freenet.de>
		3	Date: Thu, 16 Feb 2023 12:03:16 +0100
		4	Subject: [PATCH] tif_luv: Check and correct for NaN data in uv_encode().
		5
		6	Closes #530
		7
		8	Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/b0e1c25dd1d065200c8d8f59ad0afe014861a1b9]
		9	CVE: CVE-2023-26966
		10	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
		11	---
		12	libtiff/tif_luv.c \| 7 +++++++
		13	1 file changed, 7 insertions(+)
		14
		15	diff --git a/libtiff/tif_luv.c b/libtiff/tif_luv.c
		16	index 13765ea..40b2719 100644
		17	--- a/libtiff/tif_luv.c
		18	+++ b/libtiff/tif_luv.c
		19	@@ -908,6 +908,13 @@ uv_encode(double u, double v, int em) /* encode (u',v') coordinates */
		20	{
		21	register int vi, ui;
		22
		23	+ /* check for NaN */
		24	+ if (u != u \|\| v != v)
		25	+ {
		26	+ u = U_NEU;
		27	+ v = V_NEU;
		28	+ }
		29	+
		30	if (v < UV_VSTART)
		31	return oog_encode(u, v);
		32	vi = tiff_itrunc((v - UV_VSTART)*(1./UV_SQSIZ), em);
		33	--
		34	2.25.1
		35


diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb index 8e69621afb..61d8142e41 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
@@ -42,6 +42,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
42	file://CVE-2023-3316.patch \	42	file://CVE-2023-3316.patch \
43	file://CVE-2023-3618-1.patch \	43	file://CVE-2023-3618-1.patch \
44	file://CVE-2023-3618-2.patch \	44	file://CVE-2023-3618-2.patch \
		45	file://CVE-2023-26966.patch \
45	"	46	"
46		47
47	SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8"	48	SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8"