1 files changed, 0 insertions, 111 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2016-3658.patch b/meta/recipes-multimedia/libtiff/files/CVE-2016-3658.patch
deleted file mode 100644
index 6cb12f2907..0000000000
--- a/meta/recipes-multimedia/libtiff/files/CVE-2016-3658.patch
+++ /dev/null
@@ -1,111 +0,0 @@
-From: 45c68450bef8ad876f310b495165c513cad8b67d
-From: Even Rouault <even.rouault@spatialys.com>
-
-* libtiff/tif_dir.c: discard values of SMinSampleValue and
-SMaxSampleValue when they have been read and the value of
-SamplesPerPixel is changed afterwards (like when reading a
-OJPEG compressed image with a missing SamplesPerPixel tag,
-and whose photometric is RGB or YCbCr, forcing SamplesPerPixel
-being 3). Otherwise when rewriting the directory (for example
-with tiffset, we will expect 3 values whereas the array had been
-allocated with just one), thus causing a out of bound read access.
-Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2500
-(CVE-2014-8127, duplicate: CVE-2016-3658)
-
-* libtiff/tif_write.c: avoid null pointer dereference on td_stripoffset
-when writing directory, if FIELD_STRIPOFFSETS was artificially set
-for a hack case	in OJPEG case.
-Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2500
-(CVE-2014-8127, duplicate: CVE-2016-3658)
-
-CVE: CVE-2016-3658
-Upstream-Status: Backport
-https://github.com/vadz/libtiff/commit/45c68450bef8ad876f310b495165c513cad8b67d
-
-Signed-off-by: Zhixiong.Chi <zhixiong.chi@windriver.com>
-
-Index: tiff-4.0.6/ChangeLog
-===================================================================
---- tiff-4.0.6.orig/ChangeLog	2016-11-14 10:52:10.008748230 +0800
-+++ tiff-4.0.6/ChangeLog	2016-11-14 16:17:46.140884438 +0800
-@@ -1,3 +1,22 @@
-+2016-10-25 Even Rouault <even.rouault at spatialys.com>
-+
-+	* libtiff/tif_dir.c: discard values of SMinSampleValue and
-+	SMaxSampleValue when they have been read and the value of
-+	SamplesPerPixel is changed afterwards (like when reading a
-+	OJPEG compressed image with a missing SamplesPerPixel tag,
-+	and whose photometric is RGB or YCbCr, forcing SamplesPerPixel
-+	being 3). Otherwise when rewriting the directory (for example
-+	with tiffset, we will expect 3 values whereas the array had been
-+	allocated with just one), thus causing a out of bound read access.
-+	Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2500
-+	(CVE-2014-8127, duplicate: CVE-2016-3658)
-+
-+	* libtiff/tif_write.c: avoid null pointer dereference on td_stripoffset
-+	when writing directory, if FIELD_STRIPOFFSETS was artificially set
-+	for a hack case	in OJPEG case.
-+	Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2500
-+	(CVE-2014-8127, duplicate: CVE-2016-3658)
-+
- 2016-09-24  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
- 
- 	* libtiff/tif_getimage.c (TIFFRGBAImageOK): Reject attempts to
-Index: tiff-4.0.6/libtiff/tif_dir.c
-===================================================================
---- tiff-4.0.6.orig/libtiff/tif_dir.c	2015-06-01 07:11:43.000000000 +0800
-+++ tiff-4.0.6/libtiff/tif_dir.c	2016-11-14 16:20:17.800885495 +0800
-@@ -254,6 +254,28 @@
- 		v = (uint16) va_arg(ap, uint16_vap);
- 		if (v == 0)
- 			goto badvalue;
-+		if( v != td->td_samplesperpixel )
-+		{
-+		    /* See http://bugzilla.maptools.org/show_bug.cgi?id=2500 */
-+		    if( td->td_sminsamplevalue != NULL )
-+		    {
-+		        TIFFWarningExt(tif->tif_clientdata,module,
-+		            "SamplesPerPixel tag value is changing, "
-+		            "but SMinSampleValue tag was read with a different value. Cancelling it");
-+		        TIFFClrFieldBit(tif,FIELD_SMINSAMPLEVALUE);
-+		        _TIFFfree(td->td_sminsamplevalue);
-+		        td->td_sminsamplevalue = NULL;
-+		    }
-+		    if( td->td_smaxsamplevalue != NULL )
-+		    {
-+		        TIFFWarningExt(tif->tif_clientdata,module,
-+		            "SamplesPerPixel tag value is changing, "
-+		            "but SMaxSampleValue tag was read with a different value. Cancelling it");
-+		        TIFFClrFieldBit(tif,FIELD_SMAXSAMPLEVALUE);
-+		        _TIFFfree(td->td_smaxsamplevalue);
-+		        td->td_smaxsamplevalue = NULL;
-+		    }
-+		}
- 		td->td_samplesperpixel = (uint16) v;
- 		break;
- 	case TIFFTAG_ROWSPERSTRIP:
-Index: tiff-4.0.6/libtiff/tif_dirwrite.c
-===================================================================
---- tiff-4.0.6.orig/libtiff/tif_dirwrite.c	2015-05-31 08:38:46.000000000 +0800
-+++ tiff-4.0.6/libtiff/tif_dirwrite.c	2016-11-14 16:23:54.688887007 +0800
-@@ -542,7 +542,19 @@
- 			{
- 				if (!isTiled(tif))
- 				{
--					if (!TIFFWriteDirectoryTagLongLong8Array(tif,&ndir,dir,TIFFTAG_STRIPOFFSETS,tif->tif_dir.td_nstrips,tif->tif_dir.td_stripoffset))
-+					/* td_stripoffset might be NULL in an odd OJPEG case. See
-+					 *  tif_dirread.c around line 3634.
-+					 * XXX: OJPEG hack.
-+					 * If a) compression is OJPEG, b) it's not a tiled TIFF,
-+					 * and c) the number of strips is 1,
-+					 * then we tolerate the absence of stripoffsets tag,
-+					 * because, presumably, all required data is in the
-+					 * JpegInterchangeFormat stream.
-+					 * We can get here when using tiffset on such a file.
-+					 * See http://bugzilla.maptools.org/show_bug.cgi?id=2500
-+					*/
-+					if (tif->tif_dir.td_stripoffset != NULL &&
-+					    !TIFFWriteDirectoryTagLongLong8Array(tif,&ndir,dir,TIFFTAG_STRIPOFFSETS,tif->tif_dir.td_nstrips,tif->tif_dir.td_stripoffset))
- 						goto bad;
- 				}
- 				else