diff options
| author |   Armin Kuster <akuster808@gmail.com> | 2016-12-10 09:38:43 -0800 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-01-11 17:21:45 +0000 |
| commit | baf73313b3f63537853278992fa7c00775a6eff4 (patch) | |
| tree | d5983f67c33f88b81df914f0cfbf5883d4de4877 /meta/recipes-multimedia/libtiff/files/CVE-2016-3623.patch | |
| parent | 985beaaa1309a97d42aa0f886096db041060a95e (diff) | |
| download | openembedded-core-contrib-baf73313b3f63537853278992fa7c00775a6eff4.tar.gz | |
libtiff: Update to 4.0.7
Major changes:
The libtiff tools bmp2tiff, gif2tiff, ras2tiff, sgi2tiff, sgisv, and ycbcr are completely removed from the distribution, used for demos.
CVEs fixed:
CVE-2016-9297
CVE-2016-9448
CVE-2016-9273
CVE-2014-8127
CVE-2016-3658
CVE-2016-5875
CVE-2016-5652
CVE-2016-3632
plus more that are not identified in the changelog.
removed patches integrated into update.
more info: http://libtiff.maptools.org/v4.0.7.html
(From OE-Core rev: 9945cbccc4c737c84ad441773061acbf90c7baed)
(From OE-Core rev: 009b330591b27bd14d4c8ceb767c78fd7eb924fd)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-multimedia/libtiff/files/CVE-2016-3623.patch')
| -rw-r--r-- | meta/recipes-multimedia/libtiff/files/CVE-2016-3623.patch | 52 |
1 files changed, 0 insertions, 52 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2016-3623.patch b/meta/recipes-multimedia/libtiff/files/CVE-2016-3623.patch deleted file mode 100644 index f554ac5464..0000000000 --- a/meta/recipes-multimedia/libtiff/files/CVE-2016-3623.patch +++ /dev/null @@ -1,52 +0,0 @@ -From bd024f07019f5d9fea236675607a69f74a66bc7b Mon Sep 17 00:00:00 2001 -From: erouault <erouault> -Date: Mon, 15 Aug 2016 21:26:56 +0000 -Subject: [PATCH] * tools/rgb2ycbcr.c: validate values of -v and -h parameters - to avoid potential divide by zero. Fixes CVE-2016-3623 (bugzilla #2569) - -CVE: CVE-2016-3623 -Upstream-Status: Backport -https://github.com/vadz/libtiff/commit/bd024f07019f5d9fea236675607a69f74a66bc7b - -Signed-off-by: Yi Zhao <yi.zhao@windirver.com> ---- - ChangeLog | 5 +++++ - tools/rgb2ycbcr.c | 4 ++++ - 2 files changed, 9 insertions(+) - -diff --git a/ChangeLog b/ChangeLog -index 5d60608..3e6642a 100644 ---- a/ChangeLog -+++ b/ChangeLog -@@ -1,5 +1,10 @@ - 2016-08-15 Even Rouault <even.rouault at spatialys.com> - -+ * tools/rgb2ycbcr.c: validate values of -v and -h parameters to -+ avoid potential divide by zero. Fixes CVE-2016-3623 (bugzilla #2569) -+ -+2016-08-15 Even Rouault <even.rouault at spatialys.com> -+ - * tools/tiffcrop.c: Fix out-of-bounds write in loadImage(). - From patch libtiff-CVE-2016-3991.patch from - libtiff-4.0.3-25.el7_2.src.rpm by Nikola Forro (bugzilla #2543) -diff --git a/tools/rgb2ycbcr.c b/tools/rgb2ycbcr.c -index 3829d6b..51f4259 100644 ---- a/tools/rgb2ycbcr.c -+++ b/tools/rgb2ycbcr.c -@@ -95,9 +95,13 @@ main(int argc, char* argv[]) - break; - case 'h': - horizSubSampling = atoi(optarg); -+ if( horizSubSampling != 1 && horizSubSampling != 2 && horizSubSampling != 4 ) -+ usage(-1); - break; - case 'v': - vertSubSampling = atoi(optarg); -+ if( vertSubSampling != 1 && vertSubSampling != 2 && vertSubSampling != 4 ) -+ usage(-1); - break; - case 'r': - rowsperstrip = atoi(optarg); --- -2.7.4 - |