tiff: upgrade 4.7.0 -> 4.7.1

Removed patches included in this new release License-Update: BSD license added based on [1] [1] https://gitlab.com/libtiff/libtiff/-/commit/a0b623c7809ea2aa4978d5d7b7bd10e519294c78 (From OE-Core rev: 9161c31aa37341f758fd8f3d095177e8b6de1448) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Peter Marko <peter.marko@siemens.com> 2025-09-25 18:12:04 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2025-10-01 10:52:54 +0100
commit: 7640659f3cd54b797171a8950b3cbef005531278 (patch)
tree: eb732240e5b224172abe48f8d4602b38f4bcebd8 /meta
parent: 9f7c6b7a096d0e2b367e7fdda7902a430a5c8705 (diff)
download: poky-7640659f3cd54b797171a8950b3cbef005531278.tar.gz
9 files changed, 3 insertions, 380 deletions
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2024-13978_1.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2024-13978_1.patch
deleted file mode 100644
index 8bb7cf280d..0000000000
--- a/meta/recipes-multimedia/libtiff/tiff/CVE-2024-13978_1.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-From 6dd7006103f9612fbd22e9c7c1b93d16691370a4 Mon Sep 17 00:00:00 2001
-From: Lee Howard <faxguy@howardsilvan.com>
-Date: Fri, 27 Sep 2024 11:21:57 -0700
-Subject: [PATCH 1/7] Fix issue #649 in fax2ps caused by regression in commit
- https://gitlab.com/libtiff/libtiff/-/commit/28c38d648b64a66c3218778c4745225fe3e3a06d
- where TIFFTAG_FAXFILLFUNC is being used rather than an output buffer.
-CVE: CVE-2024-13978
-Upstream-Status: Backport from [https://gitlab.com/libtiff/libtiff/-/commit/7be20ccaab97455f192de0ac561ceda7cd9e12d1]
-Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
---
- libtiff/tif_read.c | 21 ++++++++++++++++-----
- 1 file changed, 16 insertions(+), 5 deletions(-)
-diff --git a/libtiff/tif_read.c b/libtiff/tif_read.c
-index 7efab59..964f119 100644
--- a/libtiff/tif_read.c
-+++ b/libtiff/tif_read.c
-@@ -466,7 +466,9 @@ int TIFFReadScanline(TIFF *tif, void *buf, uint32_t row, uint16_t sample)
-     }
-     else
-     {
-        memset(buf, 0, (size_t)tif->tif_scanlinesize);
-+        /* See TIFFReadEncodedStrip comment regarding TIFFTAG_FAXFILLFUNC. */
-+        if (buf)
-+            memset(buf, 0, (size_t)tif->tif_scanlinesize);
-     }
-     return (e > 0 ? 1 : -1);
- }
-@@ -554,7 +556,10 @@ tmsize_t TIFFReadEncodedStrip(TIFF *tif, uint32_t strip, void *buf,
-         stripsize = size;
-     if (!TIFFFillStrip(tif, strip))
-     {
-        memset(buf, 0, (size_t)stripsize);
-+        /* The output buf may be NULL, in particular if TIFFTAG_FAXFILLFUNC
-+           is being used. Thus, memset must be conditional on buf not NULL. */
-+        if (buf)
-+            memset(buf, 0, (size_t)stripsize);
-         return ((tmsize_t)(-1));
-     }
-     if ((*tif->tif_decodestrip)(tif, buf, stripsize, plane) <= 0)
-@@ -976,7 +981,9 @@ tmsize_t TIFFReadEncodedTile(TIFF *tif, uint32_t tile, void *buf, tmsize_t size)
-         size = tilesize;
-     if (!TIFFFillTile(tif, tile))
-     {
-        memset(buf, 0, (size_t)size);
-+        /* See TIFFReadEncodedStrip comment regarding TIFFTAG_FAXFILLFUNC. */
-+        if (buf)
-+            memset(buf, 0, (size_t)size);
-         return ((tmsize_t)(-1));
-     }
-     else if ((*tif->tif_decodetile)(tif, (uint8_t *)buf, size,
-@@ -1569,7 +1576,9 @@ int TIFFReadFromUserBuffer(TIFF *tif, uint32_t strile, void *inbuf,
-         if (!TIFFStartTile(tif, strile))
-         {
-             ret = 0;
-            memset(outbuf, 0, (size_t)outsize);
-+            /* See related TIFFReadEncodedStrip comment. */
-+            if (outbuf)
-+                memset(outbuf, 0, (size_t)outsize);
-         }
-         else if (!(*tif->tif_decodetile)(
-                      tif, (uint8_t *)outbuf, outsize,
-@@ -1596,7 +1605,9 @@ int TIFFReadFromUserBuffer(TIFF *tif, uint32_t strile, void *inbuf,
-             if (!TIFFStartStrip(tif, strile))
-             {
-                 ret = 0;
-                memset(outbuf, 0, (size_t)outsize);
-+                /* See related TIFFReadEncodedStrip comment. */
-+                if (outbuf)
-+                    memset(outbuf, 0, (size_t)outsize);
-             }
-             else if (!(*tif->tif_decodestrip)(
-                          tif, (uint8_t *)outbuf, outsize,
-- 
-2.47.3
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2024-13978_2.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2024-13978_2.patch
deleted file mode 100644
index a022fd41e2..0000000000
--- a/meta/recipes-multimedia/libtiff/tiff/CVE-2024-13978_2.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From a80b9eb70a8137e2571b2f32bd05d1a22a5603c4 Mon Sep 17 00:00:00 2001
-From: Lee Howard <faxguy@howardsilvan.com>
-Date: Sat, 5 Oct 2024 09:45:30 -0700
-Subject: [PATCH 2/7] Check TIFFTAG_TILELENGTH and TIFFTAGTILEWIDTH for valid
- input, addresses issue #650
-CVE: CVE-2024-13978
-Upstream-Status: Backport from [https://gitlab.com/libtiff/libtiff/-/commit/2ebfffb0e8836bfb1cd7d85c059cd285c59761a4]
-Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
---
- tools/tiff2pdf.c | 16 ++++++++++++++++
- 1 file changed, 16 insertions(+)
-diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c
-index 6dfc239..2010fee 100644
--- a/tools/tiff2pdf.c
-+++ b/tools/tiff2pdf.c
-@@ -1371,8 +1371,24 @@ void t2p_read_tiff_init(T2P *t2p, TIFF *input)
-             t2p->pdf_xrefcount += (t2p->tiff_tiles[i].tiles_tilecount - 1) * 2;
-             TIFFGetField(input, TIFFTAG_TILEWIDTH,
-                          &(t2p->tiff_tiles[i].tiles_tilewidth));
-+            if (t2p->tiff_tiles[i].tiles_tilewidth < 1)
-+            {
-+                TIFFError(TIFF2PDF_MODULE, "Invalid tile width (%d), %s",
-+                          t2p->tiff_tiles[i].tiles_tilewidth,
-+                          TIFFFileName(input));
-+                t2p->t2p_error = T2P_ERR_ERROR;
-+                return;
-+            }
-             TIFFGetField(input, TIFFTAG_TILELENGTH,
-                          &(t2p->tiff_tiles[i].tiles_tilelength));
-+            if (t2p->tiff_tiles[i].tiles_tilelength < 1)
-+            {
-+                TIFFError(TIFF2PDF_MODULE, "Invalid tile length (%d), %s",
-+                          t2p->tiff_tiles[i].tiles_tilelength,
-+                          TIFFFileName(input));
-+                t2p->t2p_error = T2P_ERR_ERROR;
-+                return;
-+            }
-             t2p->tiff_tiles[i].tiles_tiles = (T2P_TILE *)_TIFFmalloc(
-                 TIFFSafeMultiply(tmsize_t, t2p->tiff_tiles[i].tiles_tilecount,
-                                  sizeof(T2P_TILE)));
-- 
-2.47.3
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8176_1.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8176_1.patch
deleted file mode 100644
index 14d3cb445e..0000000000
--- a/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8176_1.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From ed35364de1e3ad444e6f954514ee68eb9be496d2 Mon Sep 17 00:00:00 2001
-From: Lee Howard <faxguy@howardsilvan.com>
-Date: Mon, 19 May 2025 10:53:30 -0700
-Subject: [PATCH 3/7] Don't skip the first line of the input image. Addresses
- issue #703
-CVE: CVE-2025-8176
-Upstream-Status: Backport from [https://gitlab.com/libtiff/libtiff/-/commit/3994cf3b3bc6b54c32f240ca5a412cffa11633fa]
-Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
---
- tools/tiffdither.c | 4 ++--
- tools/tiffmedian.c | 4 ++--
- 2 files changed, 4 insertions(+), 4 deletions(-)
-diff --git a/tools/tiffdither.c b/tools/tiffdither.c
-index 714fe03..bfed6df 100644
--- a/tools/tiffdither.c
-+++ b/tools/tiffdither.c
-@@ -98,7 +98,7 @@ static int fsdither(TIFF *in, TIFF *out)
-     nextptr = nextline;
-     for (j = 0; j < imagewidth; ++j)
-         *nextptr++ = *inptr++;
-    for (i = 1; i < imagelength; ++i)
-+    for (i = 0; i < imagelength; ++i)
-     {
-         tmpptr = thisline;
-         thisline = nextline;
-@@ -146,7 +146,7 @@ static int fsdither(TIFF *in, TIFF *out)
-                     nextptr[0] += v / 16;
-             }
-         }
-        if (TIFFWriteScanline(out, outline, i - 1, 0) < 0)
-+        if (TIFFWriteScanline(out, outline, i, 0) < 0)
-             goto skip_on_error;
-     }
-     goto exit_label;
-diff --git a/tools/tiffmedian.c b/tools/tiffmedian.c
-index 02b0bc2..f6cf26c 100644
--- a/tools/tiffmedian.c
-+++ b/tools/tiffmedian.c
-@@ -917,7 +917,7 @@ static void quant_fsdither(TIFF *in, TIFF *out)
-     outline = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
- 
-     GetInputLine(in, 0, goto bad); /* get first line */
-    for (i = 1; i <= imagelength; ++i)
-+    for (i = 0; i <= imagelength; ++i)
-     {
-         SWAP(short *, thisline, nextline);
-         lastline = (i >= imax);
-@@ -997,7 +997,7 @@ static void quant_fsdither(TIFF *in, TIFF *out)
-                 nextptr += 3;
-             }
-         }
-        if (TIFFWriteScanline(out, outline, i - 1, 0) < 0)
-+        if (TIFFWriteScanline(out, outline, i, 0) < 0)
-             break;
-     }
- bad:
-- 
-2.47.3
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8176_2.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8176_2.patch
deleted file mode 100644
index 74cf5ae277..0000000000
--- a/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8176_2.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From c090daf37e7f2ad09ec7e9cfabd1c5fde3dee6eb Mon Sep 17 00:00:00 2001
-From: Lee Howard <faxguy@howardsilvan.com>
-Date: Sat, 24 May 2025 21:25:16 -0700
-Subject: [PATCH 4/7] Fix tiffmedian bug #707
-CVE: CVE-2025-8176
-Upstream-Status: Backport from [https://gitlab.com/libtiff/libtiff/-/commit/ce46f002eca4148497363f80fab33f9396bcbeda]
-Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
---
- tools/tiffmedian.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-diff --git a/tools/tiffmedian.c b/tools/tiffmedian.c
-index f6cf26c..8c9978b 100644
--- a/tools/tiffmedian.c
-+++ b/tools/tiffmedian.c
-@@ -414,7 +414,10 @@ static void get_histogram(TIFF *in, Colorbox *box)
-     for (i = 0; i < imagelength; i++)
-     {
-         if (TIFFReadScanline(in, inputline, i, 0) <= 0)
-            break;
-+        {
-+            fprintf(stderr, "Error reading scanline\n");
-+            exit(EXIT_FAILURE);
-+        }
-         inptr = inputline;
-         for (j = imagewidth; j-- > 0;)
-         {
-- 
-2.47.3
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8176_3.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8176_3.patch
deleted file mode 100644
index e0f41f8d71..0000000000
--- a/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8176_3.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From bd645550275963797343e8e91a9a8fee318428e0 Mon Sep 17 00:00:00 2001
-From: Lee Howard <faxguy@howardsilvan.com>
-Date: Sat, 24 May 2025 21:38:09 -0700
-Subject: [PATCH 5/7] conflict resolution
-CVE: CVE-2025-8176
-Upstream-Status: Backport from [https://gitlab.com/libtiff/libtiff/-/commit/ecc4ddbf1f0fed7957d1e20361e37f01907898e0]
-Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
---
- tools/tiffmedian.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/tools/tiffmedian.c b/tools/tiffmedian.c
-index 8c9978b..47e0524 100644
--- a/tools/tiffmedian.c
-+++ b/tools/tiffmedian.c
-@@ -920,7 +920,7 @@ static void quant_fsdither(TIFF *in, TIFF *out)
-     outline = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
- 
-     GetInputLine(in, 0, goto bad); /* get first line */
-    for (i = 0; i <= imagelength; ++i)
-+    for (i = 0; i < imagelength; ++i)
-     {
-         SWAP(short *, thisline, nextline);
-         lastline = (i >= imax);
-- 
-2.47.3
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8177_1.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8177_1.patch
deleted file mode 100644
index 9437ffcc20..0000000000
--- a/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8177_1.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 01bf5ba7f4a27c5e28ce467a66b13e066556e545 Mon Sep 17 00:00:00 2001
-From: Lee Howard <faxguy@howardsilvan.com>
-Date: Thu, 19 Jun 2025 11:51:33 -0700
-Subject: [PATCH 6/7] Fix for thumbnail issue #715
-CVE: CVE-2025-8177
-Upstream-Status: Backport from [https://gitlab.com/libtiff/libtiff/-/commit/75d8eca6f106c01aadf76b8500a7d062b12f2d82]
-Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
---
- tools/thumbnail.c | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-diff --git a/tools/thumbnail.c b/tools/thumbnail.c
-index b4cb114..432d172 100644
--- a/tools/thumbnail.c
-+++ b/tools/thumbnail.c
-@@ -620,7 +620,15 @@ static void setrow(uint8_t *row, uint32_t nrows, const uint8_t *rows[])
-             }
-             acc += bits[*src & mask1];
-         }
-        *row++ = cmap[(255 * acc) / area];
-+        if (255 * acc / area < 256)
-+        {
-+            *row++ = cmap[(255 * acc) / area];
-+        }
-+        else
-+        {
-+            fprintf(stderr, "acc=%d, area=%d\n", acc, area);
-+            row++;
-+        }
-     }
- }
- 
-- 
-2.47.3
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8177_2.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8177_2.patch
deleted file mode 100644
index 356e3ba402..0000000000
--- a/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8177_2.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From c3ad38afb9986b9ddcd7d95367ded152488260cd Mon Sep 17 00:00:00 2001
-From: Lee Howard <faxguy@howardsilvan.com>
-Date: Mon, 23 Jun 2025 10:09:07 -0700
-Subject: [PATCH 7/7] set a default value - assumes cmap[0] was not, itself,
- uninitialized
-CVE: CVE-2025-8177
-Upstream-Status: Backport from [https://gitlab.com/libtiff/libtiff/-/commit/e8c9d6c616b19438695fd829e58ae4fde5bfbc22]
-Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
---
- tools/thumbnail.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/tools/thumbnail.c b/tools/thumbnail.c
-index 432d172..110ea42 100644
--- a/tools/thumbnail.c
-+++ b/tools/thumbnail.c
-@@ -627,7 +627,7 @@ static void setrow(uint8_t *row, uint32_t nrows, const uint8_t *rows[])
-         else
-         {
-             fprintf(stderr, "acc=%d, area=%d\n", acc, area);
-            row++;
-+            *row++ = cmap[0];
-         }
-     }
- }
-- 
-2.47.3
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8534.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8534.patch
deleted file mode 100644
index b3bc0e0d94..0000000000
--- a/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8534.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From 6ba36f159fd396ad11bf6b7874554197736ecc8b Mon Sep 17 00:00:00 2001
-From: Su_Laus <sulau@freenet.de>
-Date: Sat, 2 Aug 2025 18:55:54 +0200
-Subject: [PATCH] tiff2ps: check return of TIFFGetFiled() for 
- TIFFTAG_STRIPBYTECOUNTS and TIFFTAG_TILEBYTECOUNTS to avoid NULL pointer 
- dereference.
-Closes #718
-CVE: CVE-2025-8534
-Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/6ba36f159fd396ad11bf6b7874554197736ecc8b]
-Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
---
- tools/tiff2ps.c | 20 +++++++++++++++++---
- 1 file changed, 17 insertions(+), 3 deletions(-)
-diff --git a/tools/tiff2ps.c b/tools/tiff2ps.c
-index e5425bf..5c54205 100644
--- a/tools/tiff2ps.c
-+++ b/tools/tiff2ps.c
-@@ -2432,12 +2432,22 @@ int PS_Lvl2page(FILE *fd, TIFF *tif, uint32_t w, uint32_t h)
-     if (tiled_image)
-     {
-         num_chunks = TIFFNumberOfTiles(tif);
-        TIFFGetField(tif, TIFFTAG_TILEBYTECOUNTS, &bc);
-+        if (!TIFFGetField(tif, TIFFTAG_TILEBYTECOUNTS, &bc))
-+        {
-+            TIFFError(filename,
-+                      "Can't read bytecounts of tiles at PS_Lvl2page()");
-+            return (FALSE);
-+        }
-     }
-     else
-     {
-         num_chunks = TIFFNumberOfStrips(tif);
-        TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &bc);
-+        if (!TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &bc))
-+        {
-+            TIFFError(filename,
-+                      "Can't read bytecounts of strips at PS_Lvl2page()");
-+            return (FALSE);
-+        }
-     }
- 
-     if (use_rawdata)
-@@ -3107,7 +3117,11 @@ void PSRawDataBW(FILE *fd, TIFF *tif, uint32_t w, uint32_t h)
-     (void)w;
-     (void)h;
-     TIFFGetFieldDefaulted(tif, TIFFTAG_FILLORDER, &fillorder);
-    TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &bc);
-+    if (!TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &bc))
-+    {
-+        TIFFError(filename, "Can't read bytecounts of strips at PSRawDataBW()");
-+        return;
-+    }
- 
-     /*
-      * Find largest strip:
-- 
-2.40.0
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.7.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.7.1.bb
index 4fb74f387e..f46c806cf2 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.7.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.7.1.bb
@@ -3,23 +3,15 @@ DESCRIPTION = "Library provides support for the Tag Image File Format \
 (TIFF), a widely used format for storing image data.  This library \
 provide means to easily access and create TIFF image files."
 HOMEPAGE = "http://www.libtiff.org/"
-LICENSE = "libtiff"
+LICENSE = "libtiff & BSD-4.3TAHOE"
-LIC_FILES_CHKSUM = "file://LICENSE.md;md5=a3e32d664d6db1386b4689c8121531c3"
+LIC_FILES_CHKSUM = "file://LICENSE.md;md5=4ab490c3088a0acff254eb2f8c577547"
 CVE_PRODUCT = "libtiff"
 SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
-           file://CVE-2024-13978_1.patch \
-           file://CVE-2024-13978_2.patch \
-           file://CVE-2025-8176_1.patch \
-           file://CVE-2025-8176_2.patch \
-           file://CVE-2025-8176_3.patch \
-           file://CVE-2025-8177_1.patch \
-           file://CVE-2025-8177_2.patch \
-           file://CVE-2025-8534.patch \
           "
-SRC_URI[sha256sum] = "67160e3457365ab96c5b3286a0903aa6e78bdc44c4bc737d2e486bcecb6ba976"
+SRC_URI[sha256sum] = "f698d94f3103da8ca7438d84e0344e453fe0ba3b7486e04c5bf7a9a3fabe9b69"
 # exclude betas
 UPSTREAM_CHECK_REGEX = "tiff-(?P<pver>\d+(\.\d+)+).tar"
author	Peter Marko <peter.marko@siemens.com>	2025-09-25 18:12:04 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2025-10-01 10:52:54 +0100
commit	7640659f3cd54b797171a8950b3cbef005531278 (patch)
tree	eb732240e5b224172abe48f8d4602b38f4bcebd8 /meta
parent	9f7c6b7a096d0e2b367e7fdda7902a430a5c8705 (diff)
download	poky-7640659f3cd54b797171a8950b3cbef005531278.tar.gz

diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2024-13978_1.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2024-13978_1.patch deleted file mode 100644 index 8bb7cf280d..0000000000 --- a/meta/recipes-multimedia/libtiff/tiff/CVE-2024-13978_1.patch +++ /dev/null
@@ -1,77 +0,0 @@
1	From 6dd7006103f9612fbd22e9c7c1b93d16691370a4 Mon Sep 17 00:00:00 2001
2	From: Lee Howard <faxguy@howardsilvan.com>
3	Date: Fri, 27 Sep 2024 11:21:57 -0700
4	Subject: [PATCH 1/7] Fix issue #649 in fax2ps caused by regression in commit
5	https://gitlab.com/libtiff/libtiff/-/commit/28c38d648b64a66c3218778c4745225fe3e3a06d
6	where TIFFTAG_FAXFILLFUNC is being used rather than an output buffer.
7
8	CVE: CVE-2024-13978
9	Upstream-Status: Backport from [https://gitlab.com/libtiff/libtiff/-/commit/7be20ccaab97455f192de0ac561ceda7cd9e12d1]
10	Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
11	---
12	libtiff/tif_read.c \| 21 ++++++++++++++++-----
13	1 file changed, 16 insertions(+), 5 deletions(-)
14
15	diff --git a/libtiff/tif_read.c b/libtiff/tif_read.c
16	index 7efab59..964f119 100644
17	--- a/libtiff/tif_read.c
18	+++ b/libtiff/tif_read.c
19	@@ -466,7 +466,9 @@ int TIFFReadScanline(TIFF tif, void buf, uint32_t row, uint16_t sample)
20	}
21	else
22	{
23	- memset(buf, 0, (size_t)tif->tif_scanlinesize);
24	+ /* See TIFFReadEncodedStrip comment regarding TIFFTAG_FAXFILLFUNC. */
25	+ if (buf)
26	+ memset(buf, 0, (size_t)tif->tif_scanlinesize);
27	}
28	return (e > 0 ? 1 : -1);
29	}
30	@@ -554,7 +556,10 @@ tmsize_t TIFFReadEncodedStrip(TIFF tif, uint32_t strip, void buf,
31	stripsize = size;
32	if (!TIFFFillStrip(tif, strip))
33	{
34	- memset(buf, 0, (size_t)stripsize);
35	+ /* The output buf may be NULL, in particular if TIFFTAG_FAXFILLFUNC
36	+ is being used. Thus, memset must be conditional on buf not NULL. */
37	+ if (buf)
38	+ memset(buf, 0, (size_t)stripsize);
39	return ((tmsize_t)(-1));
40	}
41	if ((*tif->tif_decodestrip)(tif, buf, stripsize, plane) <= 0)
42	@@ -976,7 +981,9 @@ tmsize_t TIFFReadEncodedTile(TIFF tif, uint32_t tile, void buf, tmsize_t size)
43	size = tilesize;
44	if (!TIFFFillTile(tif, tile))
45	{
46	- memset(buf, 0, (size_t)size);
47	+ /* See TIFFReadEncodedStrip comment regarding TIFFTAG_FAXFILLFUNC. */
48	+ if (buf)
49	+ memset(buf, 0, (size_t)size);
50	return ((tmsize_t)(-1));
51	}
52	else if ((tif->tif_decodetile)(tif, (uint8_t )buf, size,
53	@@ -1569,7 +1576,9 @@ int TIFFReadFromUserBuffer(TIFF tif, uint32_t strile, void inbuf,
54	if (!TIFFStartTile(tif, strile))
55	{
56	ret = 0;
57	- memset(outbuf, 0, (size_t)outsize);
58	+ /* See related TIFFReadEncodedStrip comment. */
59	+ if (outbuf)
60	+ memset(outbuf, 0, (size_t)outsize);
61	}
62	else if (!(*tif->tif_decodetile)(
63	tif, (uint8_t *)outbuf, outsize,
64	@@ -1596,7 +1605,9 @@ int TIFFReadFromUserBuffer(TIFF tif, uint32_t strile, void inbuf,
65	if (!TIFFStartStrip(tif, strile))
66	{
67	ret = 0;
68	- memset(outbuf, 0, (size_t)outsize);
69	+ /* See related TIFFReadEncodedStrip comment. */
70	+ if (outbuf)
71	+ memset(outbuf, 0, (size_t)outsize);
72	}
73	else if (!(*tif->tif_decodestrip)(
74	tif, (uint8_t *)outbuf, outsize,
75	--
76	2.47.3
77


diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2024-13978_2.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2024-13978_2.patch deleted file mode 100644 index a022fd41e2..0000000000 --- a/meta/recipes-multimedia/libtiff/tiff/CVE-2024-13978_2.patch +++ /dev/null
@@ -1,45 +0,0 @@
1	From a80b9eb70a8137e2571b2f32bd05d1a22a5603c4 Mon Sep 17 00:00:00 2001
2	From: Lee Howard <faxguy@howardsilvan.com>
3	Date: Sat, 5 Oct 2024 09:45:30 -0700
4	Subject: [PATCH 2/7] Check TIFFTAG_TILELENGTH and TIFFTAGTILEWIDTH for valid
5	input, addresses issue #650
6
7	CVE: CVE-2024-13978
8	Upstream-Status: Backport from [https://gitlab.com/libtiff/libtiff/-/commit/2ebfffb0e8836bfb1cd7d85c059cd285c59761a4]
9	Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
10	---
11	tools/tiff2pdf.c \| 16 ++++++++++++++++
12	1 file changed, 16 insertions(+)
13
14	diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c
15	index 6dfc239..2010fee 100644
16	--- a/tools/tiff2pdf.c
17	+++ b/tools/tiff2pdf.c
18	@@ -1371,8 +1371,24 @@ void t2p_read_tiff_init(T2P t2p, TIFF input)
19	t2p->pdf_xrefcount += (t2p->tiff_tiles[i].tiles_tilecount - 1) * 2;
20	TIFFGetField(input, TIFFTAG_TILEWIDTH,
21	&(t2p->tiff_tiles[i].tiles_tilewidth));
22	+ if (t2p->tiff_tiles[i].tiles_tilewidth < 1)
23	+ {
24	+ TIFFError(TIFF2PDF_MODULE, "Invalid tile width (%d), %s",
25	+ t2p->tiff_tiles[i].tiles_tilewidth,
26	+ TIFFFileName(input));
27	+ t2p->t2p_error = T2P_ERR_ERROR;
28	+ return;
29	+ }
30	TIFFGetField(input, TIFFTAG_TILELENGTH,
31	&(t2p->tiff_tiles[i].tiles_tilelength));
32	+ if (t2p->tiff_tiles[i].tiles_tilelength < 1)
33	+ {
34	+ TIFFError(TIFF2PDF_MODULE, "Invalid tile length (%d), %s",
35	+ t2p->tiff_tiles[i].tiles_tilelength,
36	+ TIFFFileName(input));
37	+ t2p->t2p_error = T2P_ERR_ERROR;
38	+ return;
39	+ }
40	t2p->tiff_tiles[i].tiles_tiles = (T2P_TILE *)_TIFFmalloc(
41	TIFFSafeMultiply(tmsize_t, t2p->tiff_tiles[i].tiles_tilecount,
42	sizeof(T2P_TILE)));
43	--
44	2.47.3
45


diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8176_1.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8176_1.patch deleted file mode 100644 index 14d3cb445e..0000000000 --- a/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8176_1.patch +++ /dev/null
@@ -1,61 +0,0 @@
1	From ed35364de1e3ad444e6f954514ee68eb9be496d2 Mon Sep 17 00:00:00 2001
2	From: Lee Howard <faxguy@howardsilvan.com>
3	Date: Mon, 19 May 2025 10:53:30 -0700
4	Subject: [PATCH 3/7] Don't skip the first line of the input image. Addresses
5	issue #703
6
7	CVE: CVE-2025-8176
8	Upstream-Status: Backport from [https://gitlab.com/libtiff/libtiff/-/commit/3994cf3b3bc6b54c32f240ca5a412cffa11633fa]
9	Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
10	---
11	tools/tiffdither.c \| 4 ++--
12	tools/tiffmedian.c \| 4 ++--
13	2 files changed, 4 insertions(+), 4 deletions(-)
14
15	diff --git a/tools/tiffdither.c b/tools/tiffdither.c
16	index 714fe03..bfed6df 100644
17	--- a/tools/tiffdither.c
18	+++ b/tools/tiffdither.c
19	@@ -98,7 +98,7 @@ static int fsdither(TIFF in, TIFF out)
20	nextptr = nextline;
21	for (j = 0; j < imagewidth; ++j)
22	nextptr++ = inptr++;
23	- for (i = 1; i < imagelength; ++i)
24	+ for (i = 0; i < imagelength; ++i)
25	{
26	tmpptr = thisline;
27	thisline = nextline;
28	@@ -146,7 +146,7 @@ static int fsdither(TIFF in, TIFF out)
29	nextptr[0] += v / 16;
30	}
31	}
32	- if (TIFFWriteScanline(out, outline, i - 1, 0) < 0)
33	+ if (TIFFWriteScanline(out, outline, i, 0) < 0)
34	goto skip_on_error;
35	}
36	goto exit_label;
37	diff --git a/tools/tiffmedian.c b/tools/tiffmedian.c
38	index 02b0bc2..f6cf26c 100644
39	--- a/tools/tiffmedian.c
40	+++ b/tools/tiffmedian.c
41	@@ -917,7 +917,7 @@ static void quant_fsdither(TIFF in, TIFF out)
42	outline = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
43
44	GetInputLine(in, 0, goto bad); /* get first line */
45	- for (i = 1; i <= imagelength; ++i)
46	+ for (i = 0; i <= imagelength; ++i)
47	{
48	SWAP(short *, thisline, nextline);
49	lastline = (i >= imax);
50	@@ -997,7 +997,7 @@ static void quant_fsdither(TIFF in, TIFF out)
51	nextptr += 3;
52	}
53	}
54	- if (TIFFWriteScanline(out, outline, i - 1, 0) < 0)
55	+ if (TIFFWriteScanline(out, outline, i, 0) < 0)
56	break;
57	}
58	bad:
59	--
60	2.47.3
61


diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8176_2.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8176_2.patch deleted file mode 100644 index 74cf5ae277..0000000000 --- a/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8176_2.patch +++ /dev/null
@@ -1,31 +0,0 @@
1	From c090daf37e7f2ad09ec7e9cfabd1c5fde3dee6eb Mon Sep 17 00:00:00 2001
2	From: Lee Howard <faxguy@howardsilvan.com>
3	Date: Sat, 24 May 2025 21:25:16 -0700
4	Subject: [PATCH 4/7] Fix tiffmedian bug #707
5
6	CVE: CVE-2025-8176
7	Upstream-Status: Backport from [https://gitlab.com/libtiff/libtiff/-/commit/ce46f002eca4148497363f80fab33f9396bcbeda]
8	Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
9	---
10	tools/tiffmedian.c \| 5 ++++-
11	1 file changed, 4 insertions(+), 1 deletion(-)
12
13	diff --git a/tools/tiffmedian.c b/tools/tiffmedian.c
14	index f6cf26c..8c9978b 100644
15	--- a/tools/tiffmedian.c
16	+++ b/tools/tiffmedian.c
17	@@ -414,7 +414,10 @@ static void get_histogram(TIFF in, Colorbox box)
18	for (i = 0; i < imagelength; i++)
19	{
20	if (TIFFReadScanline(in, inputline, i, 0) <= 0)
21	- break;
22	+ {
23	+ fprintf(stderr, "Error reading scanline\n");
24	+ exit(EXIT_FAILURE);
25	+ }
26	inptr = inputline;
27	for (j = imagewidth; j-- > 0;)
28	{
29	--
30	2.47.3
31


diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8176_3.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8176_3.patch deleted file mode 100644 index e0f41f8d71..0000000000 --- a/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8176_3.patch +++ /dev/null
@@ -1,28 +0,0 @@
1	From bd645550275963797343e8e91a9a8fee318428e0 Mon Sep 17 00:00:00 2001
2	From: Lee Howard <faxguy@howardsilvan.com>
3	Date: Sat, 24 May 2025 21:38:09 -0700
4	Subject: [PATCH 5/7] conflict resolution
5
6	CVE: CVE-2025-8176
7	Upstream-Status: Backport from [https://gitlab.com/libtiff/libtiff/-/commit/ecc4ddbf1f0fed7957d1e20361e37f01907898e0]
8	Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
9	---
10	tools/tiffmedian.c \| 2 +-
11	1 file changed, 1 insertion(+), 1 deletion(-)
12
13	diff --git a/tools/tiffmedian.c b/tools/tiffmedian.c
14	index 8c9978b..47e0524 100644
15	--- a/tools/tiffmedian.c
16	+++ b/tools/tiffmedian.c
17	@@ -920,7 +920,7 @@ static void quant_fsdither(TIFF in, TIFF out)
18	outline = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
19
20	GetInputLine(in, 0, goto bad); /* get first line */
21	- for (i = 0; i <= imagelength; ++i)
22	+ for (i = 0; i < imagelength; ++i)
23	{
24	SWAP(short *, thisline, nextline);
25	lastline = (i >= imax);
26	--
27	2.47.3
28


diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8177_1.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8177_1.patch deleted file mode 100644 index 9437ffcc20..0000000000 --- a/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8177_1.patch +++ /dev/null
@@ -1,36 +0,0 @@
1	From 01bf5ba7f4a27c5e28ce467a66b13e066556e545 Mon Sep 17 00:00:00 2001
2	From: Lee Howard <faxguy@howardsilvan.com>
3	Date: Thu, 19 Jun 2025 11:51:33 -0700
4	Subject: [PATCH 6/7] Fix for thumbnail issue #715
5
6	CVE: CVE-2025-8177
7	Upstream-Status: Backport from [https://gitlab.com/libtiff/libtiff/-/commit/75d8eca6f106c01aadf76b8500a7d062b12f2d82]
8	Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
9	---
10	tools/thumbnail.c \| 10 +++++++++-
11	1 file changed, 9 insertions(+), 1 deletion(-)
12
13	diff --git a/tools/thumbnail.c b/tools/thumbnail.c
14	index b4cb114..432d172 100644
15	--- a/tools/thumbnail.c
16	+++ b/tools/thumbnail.c
17	@@ -620,7 +620,15 @@ static void setrow(uint8_t row, uint32_t nrows, const uint8_t rows[])
18	}
19	acc += bits[*src & mask1];
20	}
21	- row++ = cmap[(255 acc) / area];
22	+ if (255 * acc / area < 256)
23	+ {
24	+ row++ = cmap[(255 acc) / area];
25	+ }
26	+ else
27	+ {
28	+ fprintf(stderr, "acc=%d, area=%d\n", acc, area);
29	+ row++;
30	+ }
31	}
32	}
33
34	--
35	2.47.3
36


diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8177_2.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8177_2.patch deleted file mode 100644 index 356e3ba402..0000000000 --- a/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8177_2.patch +++ /dev/null
@@ -1,29 +0,0 @@
1	From c3ad38afb9986b9ddcd7d95367ded152488260cd Mon Sep 17 00:00:00 2001
2	From: Lee Howard <faxguy@howardsilvan.com>
3	Date: Mon, 23 Jun 2025 10:09:07 -0700
4	Subject: [PATCH 7/7] set a default value - assumes cmap[0] was not, itself,
5	uninitialized
6
7	CVE: CVE-2025-8177
8	Upstream-Status: Backport from [https://gitlab.com/libtiff/libtiff/-/commit/e8c9d6c616b19438695fd829e58ae4fde5bfbc22]
9	Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
10	---
11	tools/thumbnail.c \| 2 +-
12	1 file changed, 1 insertion(+), 1 deletion(-)
13
14	diff --git a/tools/thumbnail.c b/tools/thumbnail.c
15	index 432d172..110ea42 100644
16	--- a/tools/thumbnail.c
17	+++ b/tools/thumbnail.c
18	@@ -627,7 +627,7 @@ static void setrow(uint8_t row, uint32_t nrows, const uint8_t rows[])
19	else
20	{
21	fprintf(stderr, "acc=%d, area=%d\n", acc, area);
22	- row++;
23	+ *row++ = cmap[0];
24	}
25	}
26	}
27	--
28	2.47.3
29


diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8534.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8534.patch deleted file mode 100644 index b3bc0e0d94..0000000000 --- a/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8534.patch +++ /dev/null
@@ -1,62 +0,0 @@
1	From 6ba36f159fd396ad11bf6b7874554197736ecc8b Mon Sep 17 00:00:00 2001
2	From: Su_Laus <sulau@freenet.de>
3	Date: Sat, 2 Aug 2025 18:55:54 +0200
4	Subject: [PATCH] tiff2ps: check return of TIFFGetFiled() for
5	TIFFTAG_STRIPBYTECOUNTS and TIFFTAG_TILEBYTECOUNTS to avoid NULL pointer
6	dereference.
7
8	Closes #718
9
10	CVE: CVE-2025-8534
11	Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/6ba36f159fd396ad11bf6b7874554197736ecc8b]
12
13	Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
14	---
15	tools/tiff2ps.c \| 20 +++++++++++++++++---
16	1 file changed, 17 insertions(+), 3 deletions(-)
17
18	diff --git a/tools/tiff2ps.c b/tools/tiff2ps.c
19	index e5425bf..5c54205 100644
20	--- a/tools/tiff2ps.c
21	+++ b/tools/tiff2ps.c
22	@@ -2432,12 +2432,22 @@ int PS_Lvl2page(FILE fd, TIFF tif, uint32_t w, uint32_t h)
23	if (tiled_image)
24	{
25	num_chunks = TIFFNumberOfTiles(tif);
26	- TIFFGetField(tif, TIFFTAG_TILEBYTECOUNTS, &bc);
27	+ if (!TIFFGetField(tif, TIFFTAG_TILEBYTECOUNTS, &bc))
28	+ {
29	+ TIFFError(filename,
30	+ "Can't read bytecounts of tiles at PS_Lvl2page()");
31	+ return (FALSE);
32	+ }
33	}
34	else
35	{
36	num_chunks = TIFFNumberOfStrips(tif);
37	- TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &bc);
38	+ if (!TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &bc))
39	+ {
40	+ TIFFError(filename,
41	+ "Can't read bytecounts of strips at PS_Lvl2page()");
42	+ return (FALSE);
43	+ }
44	}
45
46	if (use_rawdata)
47	@@ -3107,7 +3117,11 @@ void PSRawDataBW(FILE fd, TIFF tif, uint32_t w, uint32_t h)
48	(void)w;
49	(void)h;
50	TIFFGetFieldDefaulted(tif, TIFFTAG_FILLORDER, &fillorder);
51	- TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &bc);
52	+ if (!TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &bc))
53	+ {
54	+ TIFFError(filename, "Can't read bytecounts of strips at PSRawDataBW()");
55	+ return;
56	+ }
57
58	/*
59	* Find largest strip:
60	--
61	2.40.0
62


diff --git a/meta/recipes-multimedia/libtiff/tiff_4.7.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.7.1.bb index 4fb74f387e..f46c806cf2 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.7.0.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.7.1.bb
@@ -3,23 +3,15 @@ DESCRIPTION = "Library provides support for the Tag Image File Format \
3	(TIFF), a widely used format for storing image data. This library \	3	(TIFF), a widely used format for storing image data. This library \
4	provide means to easily access and create TIFF image files."	4	provide means to easily access and create TIFF image files."
5	HOMEPAGE = "http://www.libtiff.org/"	5	HOMEPAGE = "http://www.libtiff.org/"
6	LICENSE = "libtiff"	6	LICENSE = "libtiff & BSD-4.3TAHOE"
7	LIC_FILES_CHKSUM = "file://LICENSE.md;md5=a3e32d664d6db1386b4689c8121531c3"	7	LIC_FILES_CHKSUM = "file://LICENSE.md;md5=4ab490c3088a0acff254eb2f8c577547"
8		8
9	CVE_PRODUCT = "libtiff"	9	CVE_PRODUCT = "libtiff"
10		10
11	SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \	11	SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
12	file://CVE-2024-13978_1.patch \
13	file://CVE-2024-13978_2.patch \
14	file://CVE-2025-8176_1.patch \
15	file://CVE-2025-8176_2.patch \
16	file://CVE-2025-8176_3.patch \
17	file://CVE-2025-8177_1.patch \
18	file://CVE-2025-8177_2.patch \
19	file://CVE-2025-8534.patch \
20	"	12	"
21		13
22	SRC_URI[sha256sum] = "67160e3457365ab96c5b3286a0903aa6e78bdc44c4bc737d2e486bcecb6ba976"	14	SRC_URI[sha256sum] = "f698d94f3103da8ca7438d84e0344e453fe0ba3b7486e04c5bf7a9a3fabe9b69"
23		15
24	# exclude betas	16	# exclude betas
25	UPSTREAM_CHECK_REGEX = "tiff-(?P<pver>\d+(\.\d+)+).tar"	17	UPSTREAM_CHECK_REGEX = "tiff-(?P<pver>\d+(\.\d+)+).tar"