summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--meta/recipes-multimedia/libtiff/tiff/0001-fix-the-FPE-in-tiffcrop-415-427-and-428.patch2
-rw-r--r--meta/recipes-multimedia/libtiff/tiff/0001-tif_jbig.c-fix-crash-when-reading-a-file-with-multip.patch14
-rw-r--r--meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-Fix-issue-330-and-some-more-from-320-to-349.patch86
-rw-r--r--meta/recipes-multimedia/libtiff/tiff/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch13
-rw-r--r--meta/recipes-multimedia/libtiff/tiff/0002-tiffcrop-fix-issue-380-and-382-heap-buffer-overflow-.patch14
-rw-r--r--meta/recipes-multimedia/libtiff/tiff/0003-add-checks-for-return-value-of-limitMalloc-392.patch15
-rw-r--r--meta/recipes-multimedia/libtiff/tiff/0004-TIFFFetchNormalTag-avoid-calling-memcpy-with-a-null-.patch16
-rw-r--r--meta/recipes-multimedia/libtiff/tiff/0005-fix-the-FPE-in-tiffcrop-393.patch15
-rw-r--r--meta/recipes-multimedia/libtiff/tiff/0006-fix-heap-buffer-overflow-in-tiffcp-278.patch15
-rw-r--r--meta/recipes-multimedia/libtiff/tiff/561599c99f987dc32ae110370cfdd7df7975586b.patch9
-rw-r--r--meta/recipes-multimedia/libtiff/tiff/CVE-2022-1354.patch8
-rw-r--r--meta/recipes-multimedia/libtiff/tiff/CVE-2022-1355.patch8
-rw-r--r--meta/recipes-multimedia/libtiff/tiff/CVE-2022-2867.patch2
-rw-r--r--meta/recipes-multimedia/libtiff/tiff/CVE-2022-2869.patch2
-rw-r--r--meta/recipes-multimedia/libtiff/tiff/CVE-2022-2953.patch30
-rw-r--r--meta/recipes-multimedia/libtiff/tiff/CVE-2022-34526.patch6
-rw-r--r--meta/recipes-multimedia/libtiff/tiff/b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch2
-rw-r--r--meta/recipes-multimedia/libtiff/tiff/eecb0712f4c3a5b449f70c57988260a667ddbdef.patch9
18 files changed, 118 insertions, 148 deletions
diff --git a/meta/recipes-multimedia/libtiff/tiff/0001-fix-the-FPE-in-tiffcrop-415-427-and-428.patch b/meta/recipes-multimedia/libtiff/tiff/0001-fix-the-FPE-in-tiffcrop-415-427-and-428.patch
index a28df6ed8c..a9dd42d755 100644
--- a/meta/recipes-multimedia/libtiff/tiff/0001-fix-the-FPE-in-tiffcrop-415-427-and-428.patch
+++ b/meta/recipes-multimedia/libtiff/tiff/0001-fix-the-FPE-in-tiffcrop-415-427-and-428.patch
@@ -1,4 +1,4 @@
1From 029da2cf70e8e38f10d62d4b0be440fb9d145af0 Mon Sep 17 00:00:00 2001 1From 6cfe933df4dbac5479801b2bd10103ef7db815ee Mon Sep 17 00:00:00 2001
2From: 4ugustus <wangdw.augustus@qq.com> 2From: 4ugustus <wangdw.augustus@qq.com>
3Date: Sat, 11 Jun 2022 09:31:43 +0000 3Date: Sat, 11 Jun 2022 09:31:43 +0000
4Subject: [PATCH] fix the FPE in tiffcrop (#415, #427, and #428) 4Subject: [PATCH] fix the FPE in tiffcrop (#415, #427, and #428)
diff --git a/meta/recipes-multimedia/libtiff/tiff/0001-tif_jbig.c-fix-crash-when-reading-a-file-with-multip.patch b/meta/recipes-multimedia/libtiff/tiff/0001-tif_jbig.c-fix-crash-when-reading-a-file-with-multip.patch
index f1a4ab4251..a4d8bebe8c 100644
--- a/meta/recipes-multimedia/libtiff/tiff/0001-tif_jbig.c-fix-crash-when-reading-a-file-with-multip.patch
+++ b/meta/recipes-multimedia/libtiff/tiff/0001-tif_jbig.c-fix-crash-when-reading-a-file-with-multip.patch
@@ -1,11 +1,12 @@
1From adfd6be615635705c2f4eb8dfe49e2f463786361 Mon Sep 17 00:00:00 2001
2From: Even Rouault <even.rouault@spatialys.com>
3Date: Thu, 24 Feb 2022 22:26:02 +0100
4Subject: [PATCH] tif_jbig.c: fix crash when reading a file with multiple
5
1CVE: CVE-2022-0865 6CVE: CVE-2022-0865
2Upstream-Status: Backport 7Upstream-Status: Backport
3Signed-off-by: Ross Burton <ross.burton@arm.com> 8Signed-off-by: Ross Burton <ross.burton@arm.com>
4 9
5From 88da11ae3c4db527cb870fb1017456cc8fbac2e7 Mon Sep 17 00:00:00 2001
6From: Even Rouault <even.rouault@spatialys.com>
7Date: Thu, 24 Feb 2022 22:26:02 +0100
8Subject: [PATCH 1/6] tif_jbig.c: fix crash when reading a file with multiple
9 IFD in memory-mapped mode and when bit reversal is needed (fixes #385) 10 IFD in memory-mapped mode and when bit reversal is needed (fixes #385)
10 11
11--- 12---
@@ -13,7 +14,7 @@ Subject: [PATCH 1/6] tif_jbig.c: fix crash when reading a file with multiple
13 1 file changed, 10 insertions(+) 14 1 file changed, 10 insertions(+)
14 15
15diff --git a/libtiff/tif_jbig.c b/libtiff/tif_jbig.c 16diff --git a/libtiff/tif_jbig.c b/libtiff/tif_jbig.c
16index 74086338..8bfa4cef 100644 17index 7408633..8bfa4ce 100644
17--- a/libtiff/tif_jbig.c 18--- a/libtiff/tif_jbig.c
18+++ b/libtiff/tif_jbig.c 19+++ b/libtiff/tif_jbig.c
19@@ -209,6 +209,16 @@ int TIFFInitJBIG(TIFF* tif, int scheme) 20@@ -209,6 +209,16 @@ int TIFFInitJBIG(TIFF* tif, int scheme)
@@ -33,6 +34,3 @@ index 74086338..8bfa4cef 100644
33 34
34 /* Setup the function pointers for encode, decode, and cleanup. */ 35 /* Setup the function pointers for encode, decode, and cleanup. */
35 tif->tif_setupdecode = JBIGSetupDecode; 36 tif->tif_setupdecode = JBIGSetupDecode;
36--
372.25.1
38
diff --git a/meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-Fix-issue-330-and-some-more-from-320-to-349.patch b/meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-Fix-issue-330-and-some-more-from-320-to-349.patch
index 07acf5eb90..7c4feabc38 100644
--- a/meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-Fix-issue-330-and-some-more-from-320-to-349.patch
+++ b/meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-Fix-issue-330-and-some-more-from-320-to-349.patch
@@ -1,7 +1,8 @@
1From e319508023580e2f70e6e626f745b5b2a1707313 Mon Sep 17 00:00:00 2001 1From 0ab805f46f68500da3b49d6f89380bab169bf6bb Mon Sep 17 00:00:00 2001
2From: Su Laus <sulau@freenet.de> 2From: Su Laus <sulau@freenet.de>
3Date: Tue, 10 May 2022 20:03:17 +0000 3Date: Tue, 10 May 2022 20:03:17 +0000
4Subject: [PATCH] tiffcrop: Fix issue #330 and some more from 320 to 349 4Subject: [PATCH] tiffcrop: Fix issue #330 and some more from 320 to 349
5
5Upstream-Status: Backport 6Upstream-Status: Backport
6Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com> 7Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com>
7--- 8---
@@ -9,7 +10,7 @@ Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com>
9 1 file changed, 210 insertions(+), 72 deletions(-) 10 1 file changed, 210 insertions(+), 72 deletions(-)
10 11
11diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c 12diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
12index 77cf6ed1..791ec5e7 100644 13index 99e4208..b596f9e 100644
13--- a/tools/tiffcrop.c 14--- a/tools/tiffcrop.c
14+++ b/tools/tiffcrop.c 15+++ b/tools/tiffcrop.c
15@@ -63,20 +63,24 @@ 16@@ -63,20 +63,24 @@
@@ -67,7 +68,7 @@ index 77cf6ed1..791ec5e7 100644
67 ; 68 ;
68 69
69 /* This function could be modified to pass starting sample offset 70 /* This function could be modified to pass starting sample offset
70@@ -2121,6 +2131,15 @@ void process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32 71@@ -2123,6 +2133,15 @@ void process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32
71 /*NOTREACHED*/ 72 /*NOTREACHED*/
72 } 73 }
73 } 74 }
@@ -83,7 +84,7 @@ index 77cf6ed1..791ec5e7 100644
83 } /* end process_command_opts */ 84 } /* end process_command_opts */
84 85
85 /* Start a new output file if one has not been previously opened or 86 /* Start a new output file if one has not been previously opened or
86@@ -2746,7 +2765,7 @@ extractContigSamplesBytes (uint8_t *in, uint8_t *out, uint32_t cols, 87@@ -2748,7 +2767,7 @@ extractContigSamplesBytes (uint8_t *in, uint8_t *out, uint32_t cols,
87 tsample_t count, uint32_t start, uint32_t end) 88 tsample_t count, uint32_t start, uint32_t end)
88 { 89 {
89 int i, bytes_per_sample, sindex; 90 int i, bytes_per_sample, sindex;
@@ -92,7 +93,7 @@ index 77cf6ed1..791ec5e7 100644
92 uint32_t src_byte /*, src_bit */; 93 uint32_t src_byte /*, src_bit */;
93 uint8_t *src = in; 94 uint8_t *src = in;
94 uint8_t *dst = out; 95 uint8_t *dst = out;
95@@ -2757,6 +2776,10 @@ extractContigSamplesBytes (uint8_t *in, uint8_t *out, uint32_t cols, 96@@ -2759,6 +2778,10 @@ extractContigSamplesBytes (uint8_t *in, uint8_t *out, uint32_t cols,
96 return (1); 97 return (1);
97 } 98 }
98 99
@@ -103,7 +104,7 @@ index 77cf6ed1..791ec5e7 100644
103 if ((start > end) || (start > cols)) 104 if ((start > end) || (start > cols))
104 { 105 {
105 TIFFError ("extractContigSamplesBytes", 106 TIFFError ("extractContigSamplesBytes",
106@@ -2769,6 +2792,9 @@ extractContigSamplesBytes (uint8_t *in, uint8_t *out, uint32_t cols, 107@@ -2771,6 +2794,9 @@ extractContigSamplesBytes (uint8_t *in, uint8_t *out, uint32_t cols,
107 "Invalid end column value %"PRIu32" ignored", end); 108 "Invalid end column value %"PRIu32" ignored", end);
108 end = cols; 109 end = cols;
109 } 110 }
@@ -113,7 +114,7 @@ index 77cf6ed1..791ec5e7 100644
113 114
114 dst_rowsize = (bps * (end - start) * count) / 8; 115 dst_rowsize = (bps * (end - start) * count) / 8;
115 116
116@@ -2812,7 +2838,7 @@ extractContigSamples8bits (uint8_t *in, uint8_t *out, uint32_t cols, 117@@ -2814,7 +2840,7 @@ extractContigSamples8bits (uint8_t *in, uint8_t *out, uint32_t cols,
117 tsample_t count, uint32_t start, uint32_t end) 118 tsample_t count, uint32_t start, uint32_t end)
118 { 119 {
119 int ready_bits = 0, sindex = 0; 120 int ready_bits = 0, sindex = 0;
@@ -122,7 +123,7 @@ index 77cf6ed1..791ec5e7 100644
122 uint8_t maskbits = 0, matchbits = 0; 123 uint8_t maskbits = 0, matchbits = 0;
123 uint8_t buff1 = 0, buff2 = 0; 124 uint8_t buff1 = 0, buff2 = 0;
124 uint8_t *src = in; 125 uint8_t *src = in;
125@@ -2824,6 +2850,10 @@ extractContigSamples8bits (uint8_t *in, uint8_t *out, uint32_t cols, 126@@ -2826,6 +2852,10 @@ extractContigSamples8bits (uint8_t *in, uint8_t *out, uint32_t cols,
126 return (1); 127 return (1);
127 } 128 }
128 129
@@ -133,7 +134,7 @@ index 77cf6ed1..791ec5e7 100644
133 if ((start > end) || (start > cols)) 134 if ((start > end) || (start > cols))
134 { 135 {
135 TIFFError ("extractContigSamples8bits", 136 TIFFError ("extractContigSamples8bits",
136@@ -2836,7 +2866,10 @@ extractContigSamples8bits (uint8_t *in, uint8_t *out, uint32_t cols, 137@@ -2838,7 +2868,10 @@ extractContigSamples8bits (uint8_t *in, uint8_t *out, uint32_t cols,
137 "Invalid end column value %"PRIu32" ignored", end); 138 "Invalid end column value %"PRIu32" ignored", end);
138 end = cols; 139 end = cols;
139 } 140 }
@@ -145,7 +146,7 @@ index 77cf6ed1..791ec5e7 100644
145 ready_bits = 0; 146 ready_bits = 0;
146 maskbits = (uint8_t)-1 >> (8 - bps); 147 maskbits = (uint8_t)-1 >> (8 - bps);
147 buff1 = buff2 = 0; 148 buff1 = buff2 = 0;
148@@ -2889,7 +2922,7 @@ extractContigSamples16bits (uint8_t *in, uint8_t *out, uint32_t cols, 149@@ -2891,7 +2924,7 @@ extractContigSamples16bits (uint8_t *in, uint8_t *out, uint32_t cols,
149 tsample_t count, uint32_t start, uint32_t end) 150 tsample_t count, uint32_t start, uint32_t end)
150 { 151 {
151 int ready_bits = 0, sindex = 0; 152 int ready_bits = 0, sindex = 0;
@@ -154,7 +155,7 @@ index 77cf6ed1..791ec5e7 100644
154 uint16_t maskbits = 0, matchbits = 0; 155 uint16_t maskbits = 0, matchbits = 0;
155 uint16_t buff1 = 0, buff2 = 0; 156 uint16_t buff1 = 0, buff2 = 0;
156 uint8_t bytebuff = 0; 157 uint8_t bytebuff = 0;
157@@ -2902,6 +2935,10 @@ extractContigSamples16bits (uint8_t *in, uint8_t *out, uint32_t cols, 158@@ -2904,6 +2937,10 @@ extractContigSamples16bits (uint8_t *in, uint8_t *out, uint32_t cols,
158 return (1); 159 return (1);
159 } 160 }
160 161
@@ -165,7 +166,7 @@ index 77cf6ed1..791ec5e7 100644
165 if ((start > end) || (start > cols)) 166 if ((start > end) || (start > cols))
166 { 167 {
167 TIFFError ("extractContigSamples16bits", 168 TIFFError ("extractContigSamples16bits",
168@@ -2914,6 +2951,9 @@ extractContigSamples16bits (uint8_t *in, uint8_t *out, uint32_t cols, 169@@ -2916,6 +2953,9 @@ extractContigSamples16bits (uint8_t *in, uint8_t *out, uint32_t cols,
169 "Invalid end column value %"PRIu32" ignored", end); 170 "Invalid end column value %"PRIu32" ignored", end);
170 end = cols; 171 end = cols;
171 } 172 }
@@ -175,7 +176,7 @@ index 77cf6ed1..791ec5e7 100644
175 176
176 ready_bits = 0; 177 ready_bits = 0;
177 maskbits = (uint16_t)-1 >> (16 - bps); 178 maskbits = (uint16_t)-1 >> (16 - bps);
178@@ -2978,7 +3018,7 @@ extractContigSamples24bits (uint8_t *in, uint8_t *out, uint32_t cols, 179@@ -2980,7 +3020,7 @@ extractContigSamples24bits (uint8_t *in, uint8_t *out, uint32_t cols,
179 tsample_t count, uint32_t start, uint32_t end) 180 tsample_t count, uint32_t start, uint32_t end)
180 { 181 {
181 int ready_bits = 0, sindex = 0; 182 int ready_bits = 0, sindex = 0;
@@ -184,7 +185,7 @@ index 77cf6ed1..791ec5e7 100644
184 uint32_t maskbits = 0, matchbits = 0; 185 uint32_t maskbits = 0, matchbits = 0;
185 uint32_t buff1 = 0, buff2 = 0; 186 uint32_t buff1 = 0, buff2 = 0;
186 uint8_t bytebuff1 = 0, bytebuff2 = 0; 187 uint8_t bytebuff1 = 0, bytebuff2 = 0;
187@@ -2991,6 +3031,10 @@ extractContigSamples24bits (uint8_t *in, uint8_t *out, uint32_t cols, 188@@ -2993,6 +3033,10 @@ extractContigSamples24bits (uint8_t *in, uint8_t *out, uint32_t cols,
188 return (1); 189 return (1);
189 } 190 }
190 191
@@ -195,7 +196,7 @@ index 77cf6ed1..791ec5e7 100644
195 if ((start > end) || (start > cols)) 196 if ((start > end) || (start > cols))
196 { 197 {
197 TIFFError ("extractContigSamples24bits", 198 TIFFError ("extractContigSamples24bits",
198@@ -3003,6 +3047,9 @@ extractContigSamples24bits (uint8_t *in, uint8_t *out, uint32_t cols, 199@@ -3005,6 +3049,9 @@ extractContigSamples24bits (uint8_t *in, uint8_t *out, uint32_t cols,
199 "Invalid end column value %"PRIu32" ignored", end); 200 "Invalid end column value %"PRIu32" ignored", end);
200 end = cols; 201 end = cols;
201 } 202 }
@@ -205,7 +206,7 @@ index 77cf6ed1..791ec5e7 100644
205 206
206 ready_bits = 0; 207 ready_bits = 0;
207 maskbits = (uint32_t)-1 >> (32 - bps); 208 maskbits = (uint32_t)-1 >> (32 - bps);
208@@ -3087,7 +3134,7 @@ extractContigSamples32bits (uint8_t *in, uint8_t *out, uint32_t cols, 209@@ -3089,7 +3136,7 @@ extractContigSamples32bits (uint8_t *in, uint8_t *out, uint32_t cols,
209 tsample_t count, uint32_t start, uint32_t end) 210 tsample_t count, uint32_t start, uint32_t end)
210 { 211 {
211 int ready_bits = 0, sindex = 0 /*, shift_width = 0 */; 212 int ready_bits = 0, sindex = 0 /*, shift_width = 0 */;
@@ -214,7 +215,7 @@ index 77cf6ed1..791ec5e7 100644
214 uint32_t longbuff1 = 0, longbuff2 = 0; 215 uint32_t longbuff1 = 0, longbuff2 = 0;
215 uint64_t maskbits = 0, matchbits = 0; 216 uint64_t maskbits = 0, matchbits = 0;
216 uint64_t buff1 = 0, buff2 = 0, buff3 = 0; 217 uint64_t buff1 = 0, buff2 = 0, buff3 = 0;
217@@ -3102,6 +3149,10 @@ extractContigSamples32bits (uint8_t *in, uint8_t *out, uint32_t cols, 218@@ -3104,6 +3151,10 @@ extractContigSamples32bits (uint8_t *in, uint8_t *out, uint32_t cols,
218 } 219 }
219 220
220 221
@@ -225,7 +226,7 @@ index 77cf6ed1..791ec5e7 100644
225 if ((start > end) || (start > cols)) 226 if ((start > end) || (start > cols))
226 { 227 {
227 TIFFError ("extractContigSamples32bits", 228 TIFFError ("extractContigSamples32bits",
228@@ -3114,6 +3165,9 @@ extractContigSamples32bits (uint8_t *in, uint8_t *out, uint32_t cols, 229@@ -3116,6 +3167,9 @@ extractContigSamples32bits (uint8_t *in, uint8_t *out, uint32_t cols,
229 "Invalid end column value %"PRIu32" ignored", end); 230 "Invalid end column value %"PRIu32" ignored", end);
230 end = cols; 231 end = cols;
231 } 232 }
@@ -235,7 +236,7 @@ index 77cf6ed1..791ec5e7 100644
235 236
236 /* shift_width = ((bps + 7) / 8) + 1; */ 237 /* shift_width = ((bps + 7) / 8) + 1; */
237 ready_bits = 0; 238 ready_bits = 0;
238@@ -3193,7 +3247,7 @@ extractContigSamplesShifted8bits (uint8_t *in, uint8_t *out, uint32_t cols, 239@@ -3195,7 +3249,7 @@ extractContigSamplesShifted8bits (uint8_t *in, uint8_t *out, uint32_t cols,
239 int shift) 240 int shift)
240 { 241 {
241 int ready_bits = 0, sindex = 0; 242 int ready_bits = 0, sindex = 0;
@@ -244,7 +245,7 @@ index 77cf6ed1..791ec5e7 100644
244 uint8_t maskbits = 0, matchbits = 0; 245 uint8_t maskbits = 0, matchbits = 0;
245 uint8_t buff1 = 0, buff2 = 0; 246 uint8_t buff1 = 0, buff2 = 0;
246 uint8_t *src = in; 247 uint8_t *src = in;
247@@ -3205,6 +3259,10 @@ extractContigSamplesShifted8bits (uint8_t *in, uint8_t *out, uint32_t cols, 248@@ -3207,6 +3261,10 @@ extractContigSamplesShifted8bits (uint8_t *in, uint8_t *out, uint32_t cols,
248 return (1); 249 return (1);
249 } 250 }
250 251
@@ -255,7 +256,7 @@ index 77cf6ed1..791ec5e7 100644
255 if ((start > end) || (start > cols)) 256 if ((start > end) || (start > cols))
256 { 257 {
257 TIFFError ("extractContigSamplesShifted8bits", 258 TIFFError ("extractContigSamplesShifted8bits",
258@@ -3217,6 +3275,9 @@ extractContigSamplesShifted8bits (uint8_t *in, uint8_t *out, uint32_t cols, 259@@ -3219,6 +3277,9 @@ extractContigSamplesShifted8bits (uint8_t *in, uint8_t *out, uint32_t cols,
259 "Invalid end column value %"PRIu32" ignored", end); 260 "Invalid end column value %"PRIu32" ignored", end);
260 end = cols; 261 end = cols;
261 } 262 }
@@ -265,7 +266,7 @@ index 77cf6ed1..791ec5e7 100644
265 266
266 ready_bits = shift; 267 ready_bits = shift;
267 maskbits = (uint8_t)-1 >> (8 - bps); 268 maskbits = (uint8_t)-1 >> (8 - bps);
268@@ -3273,7 +3334,7 @@ extractContigSamplesShifted16bits (uint8_t *in, uint8_t *out, uint32_t cols, 269@@ -3275,7 +3336,7 @@ extractContigSamplesShifted16bits (uint8_t *in, uint8_t *out, uint32_t cols,
269 int shift) 270 int shift)
270 { 271 {
271 int ready_bits = 0, sindex = 0; 272 int ready_bits = 0, sindex = 0;
@@ -274,7 +275,7 @@ index 77cf6ed1..791ec5e7 100644
274 uint16_t maskbits = 0, matchbits = 0; 275 uint16_t maskbits = 0, matchbits = 0;
275 uint16_t buff1 = 0, buff2 = 0; 276 uint16_t buff1 = 0, buff2 = 0;
276 uint8_t bytebuff = 0; 277 uint8_t bytebuff = 0;
277@@ -3286,6 +3347,10 @@ extractContigSamplesShifted16bits (uint8_t *in, uint8_t *out, uint32_t cols, 278@@ -3288,6 +3349,10 @@ extractContigSamplesShifted16bits (uint8_t *in, uint8_t *out, uint32_t cols,
278 return (1); 279 return (1);
279 } 280 }
280 281
@@ -285,7 +286,7 @@ index 77cf6ed1..791ec5e7 100644
285 if ((start > end) || (start > cols)) 286 if ((start > end) || (start > cols))
286 { 287 {
287 TIFFError ("extractContigSamplesShifted16bits", 288 TIFFError ("extractContigSamplesShifted16bits",
288@@ -3298,6 +3363,9 @@ extractContigSamplesShifted16bits (uint8_t *in, uint8_t *out, uint32_t cols, 289@@ -3300,6 +3365,9 @@ extractContigSamplesShifted16bits (uint8_t *in, uint8_t *out, uint32_t cols,
289 "Invalid end column value %"PRIu32" ignored", end); 290 "Invalid end column value %"PRIu32" ignored", end);
290 end = cols; 291 end = cols;
291 } 292 }
@@ -295,7 +296,7 @@ index 77cf6ed1..791ec5e7 100644
295 296
296 ready_bits = shift; 297 ready_bits = shift;
297 maskbits = (uint16_t)-1 >> (16 - bps); 298 maskbits = (uint16_t)-1 >> (16 - bps);
298@@ -3363,7 +3431,7 @@ extractContigSamplesShifted24bits (uint8_t *in, uint8_t *out, uint32_t cols, 299@@ -3365,7 +3433,7 @@ extractContigSamplesShifted24bits (uint8_t *in, uint8_t *out, uint32_t cols,
299 int shift) 300 int shift)
300 { 301 {
301 int ready_bits = 0, sindex = 0; 302 int ready_bits = 0, sindex = 0;
@@ -304,7 +305,7 @@ index 77cf6ed1..791ec5e7 100644
304 uint32_t maskbits = 0, matchbits = 0; 305 uint32_t maskbits = 0, matchbits = 0;
305 uint32_t buff1 = 0, buff2 = 0; 306 uint32_t buff1 = 0, buff2 = 0;
306 uint8_t bytebuff1 = 0, bytebuff2 = 0; 307 uint8_t bytebuff1 = 0, bytebuff2 = 0;
307@@ -3376,6 +3444,16 @@ extractContigSamplesShifted24bits (uint8_t *in, uint8_t *out, uint32_t cols, 308@@ -3378,6 +3446,16 @@ extractContigSamplesShifted24bits (uint8_t *in, uint8_t *out, uint32_t cols,
308 return (1); 309 return (1);
309 } 310 }
310 311
@@ -321,7 +322,7 @@ index 77cf6ed1..791ec5e7 100644
321 if ((start > end) || (start > cols)) 322 if ((start > end) || (start > cols))
322 { 323 {
323 TIFFError ("extractContigSamplesShifted24bits", 324 TIFFError ("extractContigSamplesShifted24bits",
324@@ -3388,6 +3466,9 @@ extractContigSamplesShifted24bits (uint8_t *in, uint8_t *out, uint32_t cols, 325@@ -3390,6 +3468,9 @@ extractContigSamplesShifted24bits (uint8_t *in, uint8_t *out, uint32_t cols,
325 "Invalid end column value %"PRIu32" ignored", end); 326 "Invalid end column value %"PRIu32" ignored", end);
326 end = cols; 327 end = cols;
327 } 328 }
@@ -331,7 +332,7 @@ index 77cf6ed1..791ec5e7 100644
331 332
332 ready_bits = shift; 333 ready_bits = shift;
333 maskbits = (uint32_t)-1 >> (32 - bps); 334 maskbits = (uint32_t)-1 >> (32 - bps);
334@@ -3449,7 +3530,7 @@ extractContigSamplesShifted24bits (uint8_t *in, uint8_t *out, uint32_t cols, 335@@ -3451,7 +3532,7 @@ extractContigSamplesShifted24bits (uint8_t *in, uint8_t *out, uint32_t cols,
335 buff2 = (buff2 << 8); 336 buff2 = (buff2 << 8);
336 bytebuff2 = bytebuff1; 337 bytebuff2 = bytebuff1;
337 ready_bits -= 8; 338 ready_bits -= 8;
@@ -340,7 +341,7 @@ index 77cf6ed1..791ec5e7 100644
340 341
341 return (0); 342 return (0);
342 } /* end extractContigSamplesShifted24bits */ 343 } /* end extractContigSamplesShifted24bits */
343@@ -3461,7 +3542,7 @@ extractContigSamplesShifted32bits (uint8_t *in, uint8_t *out, uint32_t cols, 344@@ -3463,7 +3544,7 @@ extractContigSamplesShifted32bits (uint8_t *in, uint8_t *out, uint32_t cols,
344 int shift) 345 int shift)
345 { 346 {
346 int ready_bits = 0, sindex = 0 /*, shift_width = 0 */; 347 int ready_bits = 0, sindex = 0 /*, shift_width = 0 */;
@@ -349,7 +350,7 @@ index 77cf6ed1..791ec5e7 100644
349 uint32_t longbuff1 = 0, longbuff2 = 0; 350 uint32_t longbuff1 = 0, longbuff2 = 0;
350 uint64_t maskbits = 0, matchbits = 0; 351 uint64_t maskbits = 0, matchbits = 0;
351 uint64_t buff1 = 0, buff2 = 0, buff3 = 0; 352 uint64_t buff1 = 0, buff2 = 0, buff3 = 0;
352@@ -3476,6 +3557,10 @@ extractContigSamplesShifted32bits (uint8_t *in, uint8_t *out, uint32_t cols, 353@@ -3478,6 +3559,10 @@ extractContigSamplesShifted32bits (uint8_t *in, uint8_t *out, uint32_t cols,
353 } 354 }
354 355
355 356
@@ -360,7 +361,7 @@ index 77cf6ed1..791ec5e7 100644
360 if ((start > end) || (start > cols)) 361 if ((start > end) || (start > cols))
361 { 362 {
362 TIFFError ("extractContigSamplesShifted32bits", 363 TIFFError ("extractContigSamplesShifted32bits",
363@@ -3488,6 +3573,9 @@ extractContigSamplesShifted32bits (uint8_t *in, uint8_t *out, uint32_t cols, 364@@ -3490,6 +3575,9 @@ extractContigSamplesShifted32bits (uint8_t *in, uint8_t *out, uint32_t cols,
364 "Invalid end column value %"PRIu32" ignored", end); 365 "Invalid end column value %"PRIu32" ignored", end);
365 end = cols; 366 end = cols;
366 } 367 }
@@ -370,7 +371,7 @@ index 77cf6ed1..791ec5e7 100644
370 371
371 /* shift_width = ((bps + 7) / 8) + 1; */ 372 /* shift_width = ((bps + 7) / 8) + 1; */
372 ready_bits = shift; 373 ready_bits = shift;
373@@ -5429,7 +5517,7 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt 374@@ -5431,7 +5519,7 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt
374 { 375 {
375 struct offset offsets; 376 struct offset offsets;
376 int i; 377 int i;
@@ -379,7 +380,7 @@ index 77cf6ed1..791ec5e7 100644
379 uint32_t seg, total, need_buff = 0; 380 uint32_t seg, total, need_buff = 0;
380 uint32_t buffsize; 381 uint32_t buffsize;
381 uint32_t zwidth, zlength; 382 uint32_t zwidth, zlength;
382@@ -5510,8 +5598,13 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt 383@@ -5512,8 +5600,13 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt
383 seg = crop->zonelist[j].position; 384 seg = crop->zonelist[j].position;
384 total = crop->zonelist[j].total; 385 total = crop->zonelist[j].total;
385 386
@@ -394,7 +395,7 @@ index 77cf6ed1..791ec5e7 100644
394 continue; 395 continue;
395 } 396 }
396 397
397@@ -5524,17 +5617,23 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt 398@@ -5526,17 +5619,23 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt
398 399
399 crop->regionlist[i].x1 = offsets.startx + 400 crop->regionlist[i].x1 = offsets.startx +
400 (uint32_t)(offsets.crop_width * 1.0 * (seg - 1) / total); 401 (uint32_t)(offsets.crop_width * 1.0 * (seg - 1) / total);
@@ -428,7 +429,7 @@ index 77cf6ed1..791ec5e7 100644
428 zwidth = crop->regionlist[i].x2 - crop->regionlist[i].x1 + 1; 429 zwidth = crop->regionlist[i].x2 - crop->regionlist[i].x1 + 1;
429 430
430 /* This is passed to extractCropZone or extractCompositeZones */ 431 /* This is passed to extractCropZone or extractCompositeZones */
431@@ -5549,22 +5648,27 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt 432@@ -5551,22 +5650,27 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt
432 crop->regionlist[i].x1 = offsets.startx; 433 crop->regionlist[i].x1 = offsets.startx;
433 crop->regionlist[i].x2 = offsets.endx; 434 crop->regionlist[i].x2 = offsets.endx;
434 435
@@ -471,7 +472,7 @@ index 77cf6ed1..791ec5e7 100644
471 zlength = crop->regionlist[i].y2 - crop->regionlist[i].y1 + 1; 472 zlength = crop->regionlist[i].y2 - crop->regionlist[i].y1 + 1;
472 473
473 /* This is passed to extractCropZone or extractCompositeZones */ 474 /* This is passed to extractCropZone or extractCompositeZones */
474@@ -5575,32 +5679,42 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt 475@@ -5577,32 +5681,42 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt
475 crop->combined_width = (uint32_t)zwidth; 476 crop->combined_width = (uint32_t)zwidth;
476 break; 477 break;
477 case EDGE_RIGHT: /* zones from right to left, length from top */ 478 case EDGE_RIGHT: /* zones from right to left, length from top */
@@ -539,7 +540,7 @@ index 77cf6ed1..791ec5e7 100644
539 case EDGE_TOP: /* width from left, zones from top to bottom */ 540 case EDGE_TOP: /* width from left, zones from top to bottom */
540 default: 541 default:
541 zwidth = offsets.crop_width; 542 zwidth = offsets.crop_width;
542@@ -5608,6 +5722,14 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt 543@@ -5610,6 +5724,14 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt
543 crop->regionlist[i].x2 = offsets.endx; 544 crop->regionlist[i].x2 = offsets.endx;
544 545
545 crop->regionlist[i].y1 = offsets.starty + (uint32_t)(offsets.crop_length * 1.0 * (seg - 1) / total); 546 crop->regionlist[i].y1 = offsets.starty + (uint32_t)(offsets.crop_length * 1.0 * (seg - 1) / total);
@@ -554,7 +555,7 @@ index 77cf6ed1..791ec5e7 100644
554 test = offsets.starty + (uint32_t)(offsets.crop_length * 1.0 * seg / total); 555 test = offsets.starty + (uint32_t)(offsets.crop_length * 1.0 * seg / total);
555 if (test < 1 ) 556 if (test < 1 )
556 crop->regionlist[i].y2 = 0; 557 crop->regionlist[i].y2 = 0;
557@@ -5618,6 +5740,18 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt 558@@ -5620,6 +5742,18 @@ getCropOffsets(struct image_data *image, struct crop_mask *crop, struct dump_opt
558 else 559 else
559 crop->regionlist[i].y2 = test - 1; 560 crop->regionlist[i].y2 = test - 1;
560 } 561 }
@@ -573,7 +574,7 @@ index 77cf6ed1..791ec5e7 100644
573 zlength = crop->regionlist[i].y2 - crop->regionlist[i].y1 + 1; 574 zlength = crop->regionlist[i].y2 - crop->regionlist[i].y1 + 1;
574 575
575 /* This is passed to extractCropZone or extractCompositeZones */ 576 /* This is passed to extractCropZone or extractCompositeZones */
576@@ -7551,7 +7685,8 @@ processCropSelections(struct image_data *image, struct crop_mask *crop, 577@@ -7543,7 +7677,8 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
577 total_width = total_length = 0; 578 total_width = total_length = 0;
578 for (i = 0; i < crop->selections; i++) 579 for (i = 0; i < crop->selections; i++)
579 { 580 {
@@ -583,7 +584,7 @@ index 77cf6ed1..791ec5e7 100644
583 crop_buff = seg_buffs[i].buffer; 584 crop_buff = seg_buffs[i].buffer;
584 if (!crop_buff) 585 if (!crop_buff)
585 crop_buff = (unsigned char *)limitMalloc(cropsize); 586 crop_buff = (unsigned char *)limitMalloc(cropsize);
586@@ -7640,6 +7775,9 @@ processCropSelections(struct image_data *image, struct crop_mask *crop, 587@@ -7632,6 +7767,9 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
587 588
588 if (crop->crop_mode & CROP_ROTATE) /* rotate should be last as it can reallocate the buffer */ 589 if (crop->crop_mode & CROP_ROTATE) /* rotate should be last as it can reallocate the buffer */
589 { 590 {
@@ -593,7 +594,7 @@ index 77cf6ed1..791ec5e7 100644
593 if (rotateImage(crop->rotation, image, &crop->regionlist[i].width, 594 if (rotateImage(crop->rotation, image, &crop->regionlist[i].width,
594 &crop->regionlist[i].length, &crop_buff)) 595 &crop->regionlist[i].length, &crop_buff))
595 { 596 {
596@@ -7655,8 +7793,8 @@ processCropSelections(struct image_data *image, struct crop_mask *crop, 597@@ -7647,8 +7785,8 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
597 seg_buffs[i].size = (((crop->regionlist[i].width * image->bps + 7 ) / 8) 598 seg_buffs[i].size = (((crop->regionlist[i].width * image->bps + 7 ) / 8)
598 * image->spp) * crop->regionlist[i].length; 599 * image->spp) * crop->regionlist[i].length;
599 } 600 }
@@ -604,6 +605,3 @@ index 77cf6ed1..791ec5e7 100644
604 return (0); 605 return (0);
605 } /* end processCropSelections */ 606 } /* end processCropSelections */
606 607
607--
6082.33.0
609
diff --git a/meta/recipes-multimedia/libtiff/tiff/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch b/meta/recipes-multimedia/libtiff/tiff/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch
index 72776f09ba..e79964de55 100644
--- a/meta/recipes-multimedia/libtiff/tiff/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch
+++ b/meta/recipes-multimedia/libtiff/tiff/0001-tiffset-fix-global-buffer-overflow-for-ASCII-tags-wh.patch
@@ -1,11 +1,12 @@
1From bc71e64b6f4477ed69064802b1252bab904a89b4 Mon Sep 17 00:00:00 2001
2From: 4ugustus <wangdw.augustus@qq.com>
3Date: Tue, 25 Jan 2022 16:25:28 +0000
4Subject: [PATCH] tiffset: fix global-buffer-overflow for ASCII tags where
5
1CVE: CVE-2022-22844 6CVE: CVE-2022-22844
2Upstream-Status: Backport 7Upstream-Status: Backport
3Signed-off-by: Ross Burton <ross.burton@arm.com> 8Signed-off-by: Ross Burton <ross.burton@arm.com>
4 9
5From b12a0326e6064b6e0b051d1184a219877472f69b Mon Sep 17 00:00:00 2001
6From: 4ugustus <wangdw.augustus@qq.com>
7Date: Tue, 25 Jan 2022 16:25:28 +0000
8Subject: [PATCH] tiffset: fix global-buffer-overflow for ASCII tags where
9 count is required (fixes #355) 10 count is required (fixes #355)
10 11
11--- 12---
@@ -13,7 +14,7 @@ Subject: [PATCH] tiffset: fix global-buffer-overflow for ASCII tags where
13 1 file changed, 13 insertions(+), 3 deletions(-) 14 1 file changed, 13 insertions(+), 3 deletions(-)
14 15
15diff --git a/tools/tiffset.c b/tools/tiffset.c 16diff --git a/tools/tiffset.c b/tools/tiffset.c
16index 8c9e23c5..e7a88c09 100644 17index 8c9e23c..e7a88c0 100644
17--- a/tools/tiffset.c 18--- a/tools/tiffset.c
18+++ b/tools/tiffset.c 19+++ b/tools/tiffset.c
19@@ -146,9 +146,19 @@ main(int argc, char* argv[]) 20@@ -146,9 +146,19 @@ main(int argc, char* argv[])
@@ -39,5 +40,3 @@ index 8c9e23c5..e7a88c09 100644
39 } else if (TIFFFieldWriteCount(fip) > 0 40 } else if (TIFFFieldWriteCount(fip) > 0
40 || TIFFFieldWriteCount(fip) == TIFF_VARIABLE) { 41 || TIFFFieldWriteCount(fip) == TIFF_VARIABLE) {
41 int ret = 1; 42 int ret = 1;
42--
432.25.1
diff --git a/meta/recipes-multimedia/libtiff/tiff/0002-tiffcrop-fix-issue-380-and-382-heap-buffer-overflow-.patch b/meta/recipes-multimedia/libtiff/tiff/0002-tiffcrop-fix-issue-380-and-382-heap-buffer-overflow-.patch
index 812ffb232d..2becf53806 100644
--- a/meta/recipes-multimedia/libtiff/tiff/0002-tiffcrop-fix-issue-380-and-382-heap-buffer-overflow-.patch
+++ b/meta/recipes-multimedia/libtiff/tiff/0002-tiffcrop-fix-issue-380-and-382-heap-buffer-overflow-.patch
@@ -1,12 +1,13 @@
1From 9b2645d830b4ad004824cf28d81f3b974faf0037 Mon Sep 17 00:00:00 2001
2From: Su Laus <sulau@freenet.de>
3Date: Tue, 8 Mar 2022 17:02:44 +0000
4Subject: [PATCH] tiffcrop: fix issue #380 and #382 heap buffer overflow in
5
1CVE: CVE-2022-0891 6CVE: CVE-2022-0891
2CVE: CVE-2022-1056 7CVE: CVE-2022-1056
3Upstream-Status: Backport 8Upstream-Status: Backport
4Signed-off-by: Ross Burton <ross.burton@arm.com> 9Signed-off-by: Ross Burton <ross.burton@arm.com>
5 10
6From e46b49e60fddb2e924302fb1751f79eb9cfb2253 Mon Sep 17 00:00:00 2001
7From: Su Laus <sulau@freenet.de>
8Date: Tue, 8 Mar 2022 17:02:44 +0000
9Subject: [PATCH 2/6] tiffcrop: fix issue #380 and #382 heap buffer overflow in
10 extractImageSection 11 extractImageSection
11 12
12--- 13---
@@ -14,7 +15,7 @@ Subject: [PATCH 2/6] tiffcrop: fix issue #380 and #382 heap buffer overflow in
14 1 file changed, 36 insertions(+), 56 deletions(-) 15 1 file changed, 36 insertions(+), 56 deletions(-)
15 16
16diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c 17diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
17index b85c2ce7..302a7e91 100644 18index b85c2ce..302a7e9 100644
18--- a/tools/tiffcrop.c 19--- a/tools/tiffcrop.c
19+++ b/tools/tiffcrop.c 20+++ b/tools/tiffcrop.c
20@@ -105,8 +105,8 @@ 21@@ -105,8 +105,8 @@
@@ -214,6 +215,3 @@ index b85c2ce7..302a7e91 100644
214 /* allocate a buffer if we don't have one already */ 215 /* allocate a buffer if we don't have one already */
215 if (createImageSection(sectsize, sect_buff_ptr)) 216 if (createImageSection(sectsize, sect_buff_ptr))
216 { 217 {
217--
2182.25.1
219
diff --git a/meta/recipes-multimedia/libtiff/tiff/0003-add-checks-for-return-value-of-limitMalloc-392.patch b/meta/recipes-multimedia/libtiff/tiff/0003-add-checks-for-return-value-of-limitMalloc-392.patch
index a0b856b9e1..b48a3df1a9 100644
--- a/meta/recipes-multimedia/libtiff/tiff/0003-add-checks-for-return-value-of-limitMalloc-392.patch
+++ b/meta/recipes-multimedia/libtiff/tiff/0003-add-checks-for-return-value-of-limitMalloc-392.patch
@@ -1,18 +1,18 @@
1From b4743cc69d2f506e1f1c4db9adc8e58d75805e4d Mon Sep 17 00:00:00 2001
2From: Augustus <wangdw.augustus@qq.com>
3Date: Mon, 7 Mar 2022 18:21:49 +0800
4Subject: [PATCH] add checks for return value of limitMalloc (#392)
5
1CVE: CVE-2022-0907 6CVE: CVE-2022-0907
2Upstream-Status: Backport 7Upstream-Status: Backport
3Signed-off-by: Ross Burton <ross.burton@arm.com> 8Signed-off-by: Ross Burton <ross.burton@arm.com>
4 9
5From a139191cc86f4dc44c74a0f22928e0fb38ed2485 Mon Sep 17 00:00:00 2001
6From: Augustus <wangdw.augustus@qq.com>
7Date: Mon, 7 Mar 2022 18:21:49 +0800
8Subject: [PATCH 3/6] add checks for return value of limitMalloc (#392)
9
10--- 10---
11 tools/tiffcrop.c | 33 +++++++++++++++++++++------------ 11 tools/tiffcrop.c | 33 +++++++++++++++++++++------------
12 1 file changed, 21 insertions(+), 12 deletions(-) 12 1 file changed, 21 insertions(+), 12 deletions(-)
13 13
14diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c 14diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
15index 302a7e91..e407bf51 100644 15index 302a7e9..e407bf5 100644
16--- a/tools/tiffcrop.c 16--- a/tools/tiffcrop.c
17+++ b/tools/tiffcrop.c 17+++ b/tools/tiffcrop.c
18@@ -7357,7 +7357,11 @@ createImageSection(uint32_t sectsize, unsigned char **sect_buff_ptr) 18@@ -7357,7 +7357,11 @@ createImageSection(uint32_t sectsize, unsigned char **sect_buff_ptr)
@@ -88,6 +88,3 @@ index 302a7e91..e407bf51 100644
88 * End: 88 * End:
89 */ 89 */
90+ 90+
91--
922.25.1
93
diff --git a/meta/recipes-multimedia/libtiff/tiff/0004-TIFFFetchNormalTag-avoid-calling-memcpy-with-a-null-.patch b/meta/recipes-multimedia/libtiff/tiff/0004-TIFFFetchNormalTag-avoid-calling-memcpy-with-a-null-.patch
index 719dabaecc..6f2df44bd5 100644
--- a/meta/recipes-multimedia/libtiff/tiff/0004-TIFFFetchNormalTag-avoid-calling-memcpy-with-a-null-.patch
+++ b/meta/recipes-multimedia/libtiff/tiff/0004-TIFFFetchNormalTag-avoid-calling-memcpy-with-a-null-.patch
@@ -1,11 +1,12 @@
1From 0343619094bfc7b8e23814f672411b008db2aa66 Mon Sep 17 00:00:00 2001
2From: Even Rouault <even.rouault@spatialys.com>
3Date: Thu, 17 Feb 2022 15:28:43 +0100
4Subject: [PATCH] TIFFFetchNormalTag(): avoid calling memcpy() with a null
5
1CVE: CVE-2022-0908 6CVE: CVE-2022-0908
2Upstream-Status: Backport 7Upstream-Status: Backport
3Signed-off-by: Ross Burton <ross.burton@arm.com> 8Signed-off-by: Ross Burton <ross.burton@arm.com>
4 9
5From ef5a0bf271823df168642444d051528a68205cb0 Mon Sep 17 00:00:00 2001
6From: Even Rouault <even.rouault@spatialys.com>
7Date: Thu, 17 Feb 2022 15:28:43 +0100
8Subject: [PATCH 4/6] TIFFFetchNormalTag(): avoid calling memcpy() with a null
9 source pointer and size of zero (fixes #383) 10 source pointer and size of zero (fixes #383)
10 11
11--- 12---
@@ -13,10 +14,10 @@ Subject: [PATCH 4/6] TIFFFetchNormalTag(): avoid calling memcpy() with a null
13 1 file changed, 4 insertions(+), 1 deletion(-) 14 1 file changed, 4 insertions(+), 1 deletion(-)
14 15
15diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c 16diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
16index d84147a0..4e8ce729 100644 17index d654a1c..a31109a 100644
17--- a/libtiff/tif_dirread.c 18--- a/libtiff/tif_dirread.c
18+++ b/libtiff/tif_dirread.c 19+++ b/libtiff/tif_dirread.c
19@@ -5079,7 +5079,10 @@ TIFFFetchNormalTag(TIFF* tif, TIFFDirEntry* dp, int recover) 20@@ -5080,7 +5080,10 @@ TIFFFetchNormalTag(TIFF* tif, TIFFDirEntry* dp, int recover)
20 _TIFFfree(data); 21 _TIFFfree(data);
21 return(0); 22 return(0);
22 } 23 }
@@ -28,6 +29,3 @@ index d84147a0..4e8ce729 100644
28 o[(uint32_t)dp->tdir_count]=0; 29 o[(uint32_t)dp->tdir_count]=0;
29 if (data!=0) 30 if (data!=0)
30 _TIFFfree(data); 31 _TIFFfree(data);
31--
322.25.1
33
diff --git a/meta/recipes-multimedia/libtiff/tiff/0005-fix-the-FPE-in-tiffcrop-393.patch b/meta/recipes-multimedia/libtiff/tiff/0005-fix-the-FPE-in-tiffcrop-393.patch
index 64dbe9ef92..21dc552036 100644
--- a/meta/recipes-multimedia/libtiff/tiff/0005-fix-the-FPE-in-tiffcrop-393.patch
+++ b/meta/recipes-multimedia/libtiff/tiff/0005-fix-the-FPE-in-tiffcrop-393.patch
@@ -1,18 +1,18 @@
1From e56d66a033b533f26872a20cb2052473962a0f2e Mon Sep 17 00:00:00 2001
2From: 4ugustus <wangdw.augustus@qq.com>
3Date: Tue, 8 Mar 2022 16:22:04 +0000
4Subject: [PATCH] fix the FPE in tiffcrop (#393)
5
1CVE: CVE-2022-0909 6CVE: CVE-2022-0909
2Upstream-Status: Backport 7Upstream-Status: Backport
3Signed-off-by: Ross Burton <ross.burton@arm.com> 8Signed-off-by: Ross Burton <ross.burton@arm.com>
4 9
5From 4768355a074d562177e0a8b551c561d1af7eb74a Mon Sep 17 00:00:00 2001
6From: 4ugustus <wangdw.augustus@qq.com>
7Date: Tue, 8 Mar 2022 16:22:04 +0000
8Subject: [PATCH 5/6] fix the FPE in tiffcrop (#393)
9
10--- 10---
11 libtiff/tif_dir.c | 4 ++-- 11 libtiff/tif_dir.c | 4 ++--
12 1 file changed, 2 insertions(+), 2 deletions(-) 12 1 file changed, 2 insertions(+), 2 deletions(-)
13 13
14diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c 14diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c
15index a6c254fc..77da6ea4 100644 15index a6c254f..77da6ea 100644
16--- a/libtiff/tif_dir.c 16--- a/libtiff/tif_dir.c
17+++ b/libtiff/tif_dir.c 17+++ b/libtiff/tif_dir.c
18@@ -335,13 +335,13 @@ _TIFFVSetField(TIFF* tif, uint32_t tag, va_list ap) 18@@ -335,13 +335,13 @@ _TIFFVSetField(TIFF* tif, uint32_t tag, va_list ap)
@@ -31,6 +31,3 @@ index a6c254fc..77da6ea4 100644
31 goto badvaluedouble; 31 goto badvaluedouble;
32 td->td_yresolution = _TIFFClampDoubleToFloat( dblval ); 32 td->td_yresolution = _TIFFClampDoubleToFloat( dblval );
33 break; 33 break;
34--
352.25.1
36
diff --git a/meta/recipes-multimedia/libtiff/tiff/0006-fix-heap-buffer-overflow-in-tiffcp-278.patch b/meta/recipes-multimedia/libtiff/tiff/0006-fix-heap-buffer-overflow-in-tiffcp-278.patch
index afd5e59960..337b84d992 100644
--- a/meta/recipes-multimedia/libtiff/tiff/0006-fix-heap-buffer-overflow-in-tiffcp-278.patch
+++ b/meta/recipes-multimedia/libtiff/tiff/0006-fix-heap-buffer-overflow-in-tiffcp-278.patch
@@ -1,18 +1,18 @@
1From 2dd282a54e5fccf9b501973e6da5f83ebde8e980 Mon Sep 17 00:00:00 2001
2From: 4ugustus <wangdw.augustus@qq.com>
3Date: Thu, 10 Mar 2022 08:48:00 +0000
4Subject: [PATCH] fix heap buffer overflow in tiffcp (#278)
5
1CVE: CVE-2022-0924 6CVE: CVE-2022-0924
2Upstream-Status: Backport 7Upstream-Status: Backport
3Signed-off-by: Ross Burton <ross.burton@arm.com> 8Signed-off-by: Ross Burton <ross.burton@arm.com>
4 9
5From 1074b9691322b1e3671cd8ea0b6b3509d08978fb Mon Sep 17 00:00:00 2001
6From: 4ugustus <wangdw.augustus@qq.com>
7Date: Thu, 10 Mar 2022 08:48:00 +0000
8Subject: [PATCH 6/6] fix heap buffer overflow in tiffcp (#278)
9
10--- 10---
11 tools/tiffcp.c | 17 ++++++++++++++++- 11 tools/tiffcp.c | 17 ++++++++++++++++-
12 1 file changed, 16 insertions(+), 1 deletion(-) 12 1 file changed, 16 insertions(+), 1 deletion(-)
13 13
14diff --git a/tools/tiffcp.c b/tools/tiffcp.c 14diff --git a/tools/tiffcp.c b/tools/tiffcp.c
15index 1f889516..552d8fad 100644 15index 1f88951..552d8fa 100644
16--- a/tools/tiffcp.c 16--- a/tools/tiffcp.c
17+++ b/tools/tiffcp.c 17+++ b/tools/tiffcp.c
18@@ -1661,12 +1661,27 @@ DECLAREwriteFunc(writeBufferToSeparateStrips) 18@@ -1661,12 +1661,27 @@ DECLAREwriteFunc(writeBufferToSeparateStrips)
@@ -52,6 +52,3 @@ index 1f889516..552d8fad 100644
52 if (TIFFWriteEncodedStrip(out, strip++, obuf, stripsize) < 0) { 52 if (TIFFWriteEncodedStrip(out, strip++, obuf, stripsize) < 0) {
53 TIFFError(TIFFFileName(out), 53 TIFFError(TIFFFileName(out),
54 "Error, can't write strip %"PRIu32, 54 "Error, can't write strip %"PRIu32,
55--
562.25.1
57
diff --git a/meta/recipes-multimedia/libtiff/tiff/561599c99f987dc32ae110370cfdd7df7975586b.patch b/meta/recipes-multimedia/libtiff/tiff/561599c99f987dc32ae110370cfdd7df7975586b.patch
index 0b41dde606..e5b34fd258 100644
--- a/meta/recipes-multimedia/libtiff/tiff/561599c99f987dc32ae110370cfdd7df7975586b.patch
+++ b/meta/recipes-multimedia/libtiff/tiff/561599c99f987dc32ae110370cfdd7df7975586b.patch
@@ -1,4 +1,4 @@
1From 561599c99f987dc32ae110370cfdd7df7975586b Mon Sep 17 00:00:00 2001 1From 7b91458541769f3d7eddc55a39d01730af2489fc Mon Sep 17 00:00:00 2001
2From: Even Rouault <even.rouault@spatialys.com> 2From: Even Rouault <even.rouault@spatialys.com>
3Date: Sat, 5 Feb 2022 20:36:41 +0100 3Date: Sat, 5 Feb 2022 20:36:41 +0100
4Subject: [PATCH] TIFFReadDirectory(): avoid calling memcpy() with a null 4Subject: [PATCH] TIFFReadDirectory(): avoid calling memcpy() with a null
@@ -12,10 +12,10 @@ CVE: CVE-2022-0562
12 1 file changed, 2 insertions(+), 1 deletion(-) 12 1 file changed, 2 insertions(+), 1 deletion(-)
13 13
14diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c 14diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
15index 2bbc4585..23194ced 100644 15index d84147a..ae52ad4 100644
16--- a/libtiff/tif_dirread.c 16--- a/libtiff/tif_dirread.c
17+++ b/libtiff/tif_dirread.c 17+++ b/libtiff/tif_dirread.c
18@@ -4177,7 +4177,8 @@ TIFFReadDirectory(TIFF* tif) 18@@ -4173,7 +4173,8 @@ TIFFReadDirectory(TIFF* tif)
19 goto bad; 19 goto bad;
20 } 20 }
21 21
@@ -25,6 +25,3 @@ index 2bbc4585..23194ced 100644
25 _TIFFsetShortArray(&tif->tif_dir.td_sampleinfo, new_sampleinfo, tif->tif_dir.td_extrasamples); 25 _TIFFsetShortArray(&tif->tif_dir.td_sampleinfo, new_sampleinfo, tif->tif_dir.td_extrasamples);
26 _TIFFfree(new_sampleinfo); 26 _TIFFfree(new_sampleinfo);
27 } 27 }
28--
29GitLab
30
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2022-1354.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-1354.patch
index 71b85cac10..989ccbfa50 100644
--- a/meta/recipes-multimedia/libtiff/tiff/CVE-2022-1354.patch
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-1354.patch
@@ -1,4 +1,4 @@
1From 87881e093691a35c60b91cafed058ba2dd5d9807 Mon Sep 17 00:00:00 2001 1From 281fa3cf0e0e8a44b93478c63d90dbfb64359e88 Mon Sep 17 00:00:00 2001
2From: Even Rouault <even.rouault@spatialys.com> 2From: Even Rouault <even.rouault@spatialys.com>
3Date: Sun, 5 Dec 2021 14:37:46 +0100 3Date: Sun, 5 Dec 2021 14:37:46 +0100
4Subject: [PATCH] TIFFReadDirectory: fix OJPEG hack (fixes #319) 4Subject: [PATCH] TIFFReadDirectory: fix OJPEG hack (fixes #319)
@@ -16,12 +16,13 @@ Upstream-Status: Backport
16[https://gitlab.com/libtiff/libtiff/-/commit/87f580f39011109b3bb5f6eca13fac543a542798] 16[https://gitlab.com/libtiff/libtiff/-/commit/87f580f39011109b3bb5f6eca13fac543a542798]
17 17
18Signed-off-by: Yi Zhao <yi.zhao@windriver.com> 18Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
19
19--- 20---
20 libtiff/tif_dirread.c | 162 ++++++++++++++++++++++-------------------- 21 libtiff/tif_dirread.c | 162 ++++++++++++++++++++++--------------------
21 1 file changed, 83 insertions(+), 79 deletions(-) 22 1 file changed, 83 insertions(+), 79 deletions(-)
22 23
23diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c 24diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
24index 8f434ef5..14c031d1 100644 25index a31109a..d7cccbe 100644
25--- a/libtiff/tif_dirread.c 26--- a/libtiff/tif_dirread.c
26+++ b/libtiff/tif_dirread.c 27+++ b/libtiff/tif_dirread.c
27@@ -3794,50 +3794,7 @@ TIFFReadDirectory(TIFF* tif) 28@@ -3794,50 +3794,7 @@ TIFFReadDirectory(TIFF* tif)
@@ -207,6 +208,3 @@ index 8f434ef5..14c031d1 100644
207 /* 208 /*
208 * Make sure all non-color channels are extrasamples. 209 * Make sure all non-color channels are extrasamples.
209 * If it's not the case, define them as such. 210 * If it's not the case, define them as such.
210--
2112.25.1
212
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2022-1355.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-1355.patch
index e59f5aad55..19ce68dfbc 100644
--- a/meta/recipes-multimedia/libtiff/tiff/CVE-2022-1355.patch
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-1355.patch
@@ -1,4 +1,4 @@
1From fb1db384959698edd6caeea84e28253d272a0f96 Mon Sep 17 00:00:00 2001 1From 19d775e058bf6bb0b0e9c56f406b775f9e725355 Mon Sep 17 00:00:00 2001
2From: Su_Laus <sulau@freenet.de> 2From: Su_Laus <sulau@freenet.de>
3Date: Sat, 2 Apr 2022 22:33:31 +0200 3Date: Sat, 2 Apr 2022 22:33:31 +0200
4Subject: [PATCH] tiffcp: avoid buffer overflow in "mode" string (fixes #400) 4Subject: [PATCH] tiffcp: avoid buffer overflow in "mode" string (fixes #400)
@@ -9,12 +9,13 @@ Upstream-Status: Backport
9[https://gitlab.com/libtiff/libtiff/-/commit/c1ae29f9ebacd29b7c3e0c7db671af7db3584bc2] 9[https://gitlab.com/libtiff/libtiff/-/commit/c1ae29f9ebacd29b7c3e0c7db671af7db3584bc2]
10 10
11Signed-off-by: Yi Zhao <yi.zhao@windriver.com> 11Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
12
12--- 13---
13 tools/tiffcp.c | 25 ++++++++++++++++++++----- 14 tools/tiffcp.c | 25 ++++++++++++++++++++-----
14 1 file changed, 20 insertions(+), 5 deletions(-) 15 1 file changed, 20 insertions(+), 5 deletions(-)
15 16
16diff --git a/tools/tiffcp.c b/tools/tiffcp.c 17diff --git a/tools/tiffcp.c b/tools/tiffcp.c
17index fd129bb7..8d944ff6 100644 18index 552d8fa..57eef90 100644
18--- a/tools/tiffcp.c 19--- a/tools/tiffcp.c
19+++ b/tools/tiffcp.c 20+++ b/tools/tiffcp.c
20@@ -274,19 +274,34 @@ main(int argc, char* argv[]) 21@@ -274,19 +274,34 @@ main(int argc, char* argv[])
@@ -57,6 +58,3 @@ index fd129bb7..8d944ff6 100644
57 break; 58 break;
58 case 'x': 59 case 'x':
59 pageInSeq = 1; 60 pageInSeq = 1;
60--
612.25.1
62
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2022-2867.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-2867.patch
index ae33a3b4e7..73905acb17 100644
--- a/meta/recipes-multimedia/libtiff/tiff/CVE-2022-2867.patch
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-2867.patch
@@ -1,4 +1,4 @@
1From 6ad097dac1d4908705f5a9d43dea76b7f2de89eb Mon Sep 17 00:00:00 2001 1From cca32f0d4f3dd2bd73d044bd6991ab3c764fc718 Mon Sep 17 00:00:00 2001
2From: Su_Laus <sulau@freenet.de> 2From: Su_Laus <sulau@freenet.de>
3Date: Sun, 6 Feb 2022 17:53:53 +0100 3Date: Sun, 6 Feb 2022 17:53:53 +0100
4Subject: [PATCH] tiffcrop.c: This update fixes also issues #350 and #351. 4Subject: [PATCH] tiffcrop.c: This update fixes also issues #350 and #351.
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2022-2869.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-2869.patch
index 9a23e23fed..bda3427c0f 100644
--- a/meta/recipes-multimedia/libtiff/tiff/CVE-2022-2869.patch
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-2869.patch
@@ -1,4 +1,4 @@
1From 0ec36342df880f5ad41576cb1b03061b8697dabd Mon Sep 17 00:00:00 2001 1From b4cf40182c865db554c6e67034afa6ea12c5554d Mon Sep 17 00:00:00 2001
2From: Su_Laus <sulau@freenet.de> 2From: Su_Laus <sulau@freenet.de>
3Date: Sun, 6 Feb 2022 10:53:45 +0100 3Date: Sun, 6 Feb 2022 10:53:45 +0100
4Subject: [PATCH] tiffcrop.c: Fix issue #352 heap-buffer-overflow by correcting 4Subject: [PATCH] tiffcrop.c: Fix issue #352 heap-buffer-overflow by correcting
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2022-2953.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-2953.patch
index 3a3a915688..92906521b0 100644
--- a/meta/recipes-multimedia/libtiff/tiff/CVE-2022-2953.patch
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-2953.patch
@@ -1,16 +1,18 @@
1From 05ef5e05a0b8d18ab075e09b1ea349acc0035e67 Mon Sep 17 00:00:00 2001
2From: Su_Laus <sulau@freenet.de>
3Date: Mon, 15 Aug 2022 22:11:03 +0200
4Subject: [PATCH] tiffcrop: disable incompatibility of -S
5
1CVE: CVE-2022-2953 6CVE: CVE-2022-2953
2Upstream-Status: Backport 7Upstream-Status: Backport
3Signed-off-by: Ross Burton <ross.burton@arm.com> 8Signed-off-by: Ross Burton <ross.burton@arm.com>
4Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com> 9Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com>
5 10
6From 8fe3735942ea1d90d8cef843b55b3efe8ab6feaf Mon Sep 17 00:00:00 2001 11According to Richard Nolde
7From: Su_Laus <sulau@freenet.de> 12https://gitlab.com/libtiff/libtiff/-/issues/401#note_877637400 the
8Date: Mon, 15 Aug 2022 22:11:03 +0200 13tiffcrop option "-S" is also mutually exclusive to the other crop
9Subject: [PATCH] =?UTF-8?q?According=20to=20Richard=20Nolde=20https://gitl?= 14options (-X|-Y), -Z and -z.
10 =?UTF-8?q?ab.com/libtiff/libtiff/-/issues/401#note=5F877637400=20the=20ti?= 15
11 =?UTF-8?q?ffcrop=20option=20=E2=80=9E-S=E2=80=9C=20is=20also=20mutually?=
12 =?UTF-8?q?=20exclusive=20to=20the=20other=20crop=20options=20(-X|-Y),=20-?=
13 =?UTF-8?q?Z=20and=20-z.?=
14MIME-Version: 1.0 16MIME-Version: 1.0
15Content-Type: text/plain; charset=UTF-8 17Content-Type: text/plain; charset=UTF-8
16Content-Transfer-Encoding: 8bit 18Content-Transfer-Encoding: 8bit
@@ -18,12 +20,13 @@ Content-Transfer-Encoding: 8bit
18This is now checked and ends tiffcrop if those arguments are not mutually exclusive. 20This is now checked and ends tiffcrop if those arguments are not mutually exclusive.
19 21
20This MR will fix the following tiffcrop issues: #349, #414, #422, #423, #424 22This MR will fix the following tiffcrop issues: #349, #414, #422, #423, #424
23
21--- 24---
22 tools/tiffcrop.c | 31 ++++++++++++++++--------------- 25 tools/tiffcrop.c | 25 +++++++++++++------------
23 1 file changed, 16 insertions(+), 15 deletions(-) 26 1 file changed, 13 insertions(+), 12 deletions(-)
24 27
25diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c 28diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
26index 90286a5e..c3b758ec 100644 29index b596f9e..8af85c9 100644
27--- a/tools/tiffcrop.c 30--- a/tools/tiffcrop.c
28+++ b/tools/tiffcrop.c 31+++ b/tools/tiffcrop.c
29@@ -173,12 +173,12 @@ static char tiffcrop_rev_date[] = "02-09-2022"; 32@@ -173,12 +173,12 @@ static char tiffcrop_rev_date[] = "02-09-2022";
@@ -63,7 +66,7 @@ index 90286a5e..c3b758ec 100644
63 " In no case should the options be applied to a given selection successively.\n" 66 " In no case should the options be applied to a given selection successively.\n"
64 "\n" 67 "\n"
65 ; 68 ;
66@@ -2131,13 +2131,14 @@ void process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32 69@@ -2133,13 +2133,14 @@ void process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32
67 /*NOTREACHED*/ 70 /*NOTREACHED*/
68 } 71 }
69 } 72 }
@@ -82,6 +85,3 @@ index 90286a5e..c3b758ec 100644
82 exit(EXIT_FAILURE); 85 exit(EXIT_FAILURE);
83 } 86 }
84 } /* end process_command_opts */ 87 } /* end process_command_opts */
85--
862.34.1
87
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2022-34526.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-34526.patch
index 48ca56982f..f3f8121735 100644
--- a/meta/recipes-multimedia/libtiff/tiff/CVE-2022-34526.patch
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-34526.patch
@@ -1,4 +1,4 @@
1From 3fc1fdda0068981340cc7ae136173731275e2c5e Mon Sep 17 00:00:00 2001 1From 786a8b6fd1384c6e20c17729822d1f61ed569320 Mon Sep 17 00:00:00 2001
2From: Hitendra Prajapati <hprajapati@mvista.com> 2From: Hitendra Prajapati <hprajapati@mvista.com>
3Date: Thu, 18 Aug 2022 10:46:30 +0530 3Date: Thu, 18 Aug 2022 10:46:30 +0530
4Subject: [PATCH] CVE-2022-34526 4Subject: [PATCH] CVE-2022-34526
@@ -6,6 +6,7 @@ Subject: [PATCH] CVE-2022-34526
6Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/275735d0354e39c0ac1dc3c0db2120d6f31d1990] 6Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/275735d0354e39c0ac1dc3c0db2120d6f31d1990]
7CVE: CVE-2022-34526 7CVE: CVE-2022-34526
8Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> 8Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
9
9--- 10---
10 libtiff/tif_dirinfo.c | 3 +++ 11 libtiff/tif_dirinfo.c | 3 +++
11 1 file changed, 3 insertions(+) 12 1 file changed, 3 insertions(+)
@@ -24,6 +25,3 @@ index 8565dfb..0f722a5 100644
24 /* Check if codec specific tags are allowed for the current 25 /* Check if codec specific tags are allowed for the current
25 * compression scheme (codec) */ 26 * compression scheme (codec) */
26 switch (tif->tif_dir.td_compression) { 27 switch (tif->tif_dir.td_compression) {
27--
282.25.1
29
diff --git a/meta/recipes-multimedia/libtiff/tiff/b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch b/meta/recipes-multimedia/libtiff/tiff/b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch
index 1fa6a11104..272dd3d713 100644
--- a/meta/recipes-multimedia/libtiff/tiff/b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch
+++ b/meta/recipes-multimedia/libtiff/tiff/b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch
@@ -1,4 +1,4 @@
1From 740111312ca6ae718f233d914662a9969e6820ee Mon Sep 17 00:00:00 2001 1From fb89eab3ed46bbb0276bdee05b570455f6a27d2f Mon Sep 17 00:00:00 2001
2From: Su_Laus <sulau@freenet.de> 2From: Su_Laus <sulau@freenet.de>
3Date: Sun, 6 Feb 2022 19:52:17 +0100 3Date: Sun, 6 Feb 2022 19:52:17 +0100
4Subject: [PATCH] Move the crop_width and crop_length computation after the 4Subject: [PATCH] Move the crop_width and crop_length computation after the
diff --git a/meta/recipes-multimedia/libtiff/tiff/eecb0712f4c3a5b449f70c57988260a667ddbdef.patch b/meta/recipes-multimedia/libtiff/tiff/eecb0712f4c3a5b449f70c57988260a667ddbdef.patch
index 74f9649fdf..5a84491711 100644
--- a/meta/recipes-multimedia/libtiff/tiff/eecb0712f4c3a5b449f70c57988260a667ddbdef.patch
+++ b/meta/recipes-multimedia/libtiff/tiff/eecb0712f4c3a5b449f70c57988260a667ddbdef.patch
@@ -1,4 +1,4 @@
1From eecb0712f4c3a5b449f70c57988260a667ddbdef Mon Sep 17 00:00:00 2001 1From 895867b72bd6c46da79de1a07d0993cd104e92cd Mon Sep 17 00:00:00 2001
2From: Even Rouault <even.rouault@spatialys.com> 2From: Even Rouault <even.rouault@spatialys.com>
3Date: Sun, 6 Feb 2022 13:08:38 +0100 3Date: Sun, 6 Feb 2022 13:08:38 +0100
4Subject: [PATCH] TIFFFetchStripThing(): avoid calling memcpy() with a null 4Subject: [PATCH] TIFFFetchStripThing(): avoid calling memcpy() with a null
@@ -12,10 +12,10 @@ CVE: CVE-2022-0561
12 1 file changed, 3 insertions(+), 2 deletions(-) 12 1 file changed, 3 insertions(+), 2 deletions(-)
13 13
14diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c 14diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
15index 23194ced..50ebf8ac 100644 15index ae52ad4..d654a1c 100644
16--- a/libtiff/tif_dirread.c 16--- a/libtiff/tif_dirread.c
17+++ b/libtiff/tif_dirread.c 17+++ b/libtiff/tif_dirread.c
18@@ -5777,8 +5777,9 @@ TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32_t nstrips, uint64_t** l 18@@ -5766,8 +5766,9 @@ TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32_t nstrips, uint64_t** l
19 _TIFFfree(data); 19 _TIFFfree(data);
20 return(0); 20 return(0);
21 } 21 }
@@ -27,6 +27,3 @@ index 23194ced..50ebf8ac 100644
27 _TIFFfree(data); 27 _TIFFfree(data);
28 data=resizeddata; 28 data=resizeddata;
29 } 29 }
30--
31GitLab
32
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-11-01 07:56:49 +0000