diff options
| author |   Huang Qiyu <huangqy.fnst@cn.fujitsu.com> | 2018-01-18 10:29:37 +0800 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-01-19 12:18:04 +0000 |
| commit | df894b523d74f8fd723d1c8fb03f55e46c6af0f5 (patch) | |
| tree | 45acf94f0a97d7b0eae2b7c1c420e9e5a6c86c9f /meta/recipes-multimedia/libtiff/files/CVE-2017-9147.patch | |
| parent | cd8aadcfb3cc7af8ad0d44b1ee2101c499621f95 (diff) | |
| download | openembedded-core-df894b523d74f8fd723d1c8fb03f55e46c6af0f5.tar.gz | |
tiff: 4.0.8 -> 4.0.9
1.Upgrade tiff from 4.0.8 to 4.0.9.
2.Delete CVE-2017-10688.patch, CVE-2017-11335.patch, CVE-2017-13726.patch, CVE-2017-13727.patch, CVE-2017-9147.patch, CVE-2017-9936.patch, since it is integrated upstream.
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Diffstat (limited to 'meta/recipes-multimedia/libtiff/files/CVE-2017-9147.patch')
| -rw-r--r-- | meta/recipes-multimedia/libtiff/files/CVE-2017-9147.patch | 206 |
1 files changed, 0 insertions, 206 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2017-9147.patch b/meta/recipes-multimedia/libtiff/files/CVE-2017-9147.patch deleted file mode 100644 index 3392285901..0000000000 --- a/meta/recipes-multimedia/libtiff/files/CVE-2017-9147.patch +++ /dev/null @@ -1,206 +0,0 @@ -From 0acf01fea714af573b814e10cf105c3359a236c3 Mon Sep 17 00:00:00 2001 -From: erouault <erouault> -Date: Thu, 1 Jun 2017 12:44:04 +0000 -Subject: [PATCH] * libtiff/tif_dirinfo.c, tif_dirread.c: add _TIFFCheckFieldIsValidForCodec(), -and use it in TIFFReadDirectory() so as to ignore fields whose tag is a -codec-specified tag but this codec is not enabled. This avoids TIFFGetField() -to behave differently depending on whether the codec is enabled or not, and -thus can avoid stack based buffer overflows in a number of TIFF utilities -such as tiffsplit, tiffcmp, thumbnail, etc. -Patch derived from 0063-Handle-properly-CODEC-specific-tags.patch -(http://bugzilla.maptools.org/show_bug.cgi?id=2580) by Raphaël Hertzog. -Fixes: -http://bugzilla.maptools.org/show_bug.cgi?id=2580 -http://bugzilla.maptools.org/show_bug.cgi?id=2693 -http://bugzilla.maptools.org/show_bug.cgi?id=2625 (CVE-2016-10095) -http://bugzilla.maptools.org/show_bug.cgi?id=2564 (CVE-2015-7554) -http://bugzilla.maptools.org/show_bug.cgi?id=2561 (CVE-2016-5318) -http://bugzilla.maptools.org/show_bug.cgi?id=2499 (CVE-2014-8128) -http://bugzilla.maptools.org/show_bug.cgi?id=2441 -http://bugzilla.maptools.org/show_bug.cgi?id=2433 - -Upstream-Status: Backport -[https://github.com/vadz/libtiff/commit/4d4fa0b68ae9ae038959ee4f69ebe288ec892f06] - -CVE: CVE-2017-9147 - -Signed-off-by: Yi Zhao <yi.zhao@windriver.com> ---- - ChangeLog | 20 ++++++++++ - libtiff/tif_dir.h | 1 + - libtiff/tif_dirinfo.c | 103 ++++++++++++++++++++++++++++++++++++++++++++++++++ - libtiff/tif_dirread.c | 4 ++ - 4 files changed, 128 insertions(+) - -diff --git a/ChangeLog b/ChangeLog -index ee8d9d0..5739292 100644 ---- a/ChangeLog -+++ b/ChangeLog -@@ -1,3 +1,23 @@ -+2017-06-01 Even Rouault <even.rouault at spatialys.com> -+ -+ * libtiff/tif_dirinfo.c, tif_dirread.c: add _TIFFCheckFieldIsValidForCodec(), -+ and use it in TIFFReadDirectory() so as to ignore fields whose tag is a -+ codec-specified tag but this codec is not enabled. This avoids TIFFGetField() -+ to behave differently depending on whether the codec is enabled or not, and -+ thus can avoid stack based buffer overflows in a number of TIFF utilities -+ such as tiffsplit, tiffcmp, thumbnail, etc. -+ Patch derived from 0063-Handle-properly-CODEC-specific-tags.patch -+ (http://bugzilla.maptools.org/show_bug.cgi?id=2580) by Raphaël Hertzog. -+ Fixes: -+ http://bugzilla.maptools.org/show_bug.cgi?id=2580 -+ http://bugzilla.maptools.org/show_bug.cgi?id=2693 -+ http://bugzilla.maptools.org/show_bug.cgi?id=2625 (CVE-2016-10095) -+ http://bugzilla.maptools.org/show_bug.cgi?id=2564 (CVE-2015-7554) -+ http://bugzilla.maptools.org/show_bug.cgi?id=2561 (CVE-2016-5318) -+ http://bugzilla.maptools.org/show_bug.cgi?id=2499 (CVE-2014-8128) -+ http://bugzilla.maptools.org/show_bug.cgi?id=2441 -+ http://bugzilla.maptools.org/show_bug.cgi?id=2433 -+ - 2017-05-21 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> - - * configure.ac: libtiff 4.0.8 released. -diff --git a/libtiff/tif_dir.h b/libtiff/tif_dir.h -index e12b44b..5206be4 100644 ---- a/libtiff/tif_dir.h -+++ b/libtiff/tif_dir.h -@@ -291,6 +291,7 @@ struct _TIFFField { - extern int _TIFFMergeFields(TIFF*, const TIFFField[], uint32); - extern const TIFFField* _TIFFFindOrRegisterField(TIFF *, uint32, TIFFDataType); - extern TIFFField* _TIFFCreateAnonField(TIFF *, uint32, TIFFDataType); -+extern int _TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag); - - #if defined(__cplusplus) - } -diff --git a/libtiff/tif_dirinfo.c b/libtiff/tif_dirinfo.c -index 0c8ef42..97c0df0 100644 ---- a/libtiff/tif_dirinfo.c -+++ b/libtiff/tif_dirinfo.c -@@ -956,6 +956,109 @@ TIFFMergeFieldInfo(TIFF* tif, const TIFFFieldInfo info[], uint32 n) - return 0; - } - -+int -+_TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag) -+{ -+ /* Filter out non-codec specific tags */ -+ switch (tag) { -+ /* Shared tags */ -+ case TIFFTAG_PREDICTOR: -+ /* JPEG tags */ -+ case TIFFTAG_JPEGTABLES: -+ /* OJPEG tags */ -+ case TIFFTAG_JPEGIFOFFSET: -+ case TIFFTAG_JPEGIFBYTECOUNT: -+ case TIFFTAG_JPEGQTABLES: -+ case TIFFTAG_JPEGDCTABLES: -+ case TIFFTAG_JPEGACTABLES: -+ case TIFFTAG_JPEGPROC: -+ case TIFFTAG_JPEGRESTARTINTERVAL: -+ /* CCITT* */ -+ case TIFFTAG_BADFAXLINES: -+ case TIFFTAG_CLEANFAXDATA: -+ case TIFFTAG_CONSECUTIVEBADFAXLINES: -+ case TIFFTAG_GROUP3OPTIONS: -+ case TIFFTAG_GROUP4OPTIONS: -+ break; -+ default: -+ return 1; -+ } -+ /* Check if codec specific tags are allowed for the current -+ * compression scheme (codec) */ -+ switch (tif->tif_dir.td_compression) { -+ case COMPRESSION_LZW: -+ if (tag == TIFFTAG_PREDICTOR) -+ return 1; -+ break; -+ case COMPRESSION_PACKBITS: -+ /* No codec-specific tags */ -+ break; -+ case COMPRESSION_THUNDERSCAN: -+ /* No codec-specific tags */ -+ break; -+ case COMPRESSION_NEXT: -+ /* No codec-specific tags */ -+ break; -+ case COMPRESSION_JPEG: -+ if (tag == TIFFTAG_JPEGTABLES) -+ return 1; -+ break; -+ case COMPRESSION_OJPEG: -+ switch (tag) { -+ case TIFFTAG_JPEGIFOFFSET: -+ case TIFFTAG_JPEGIFBYTECOUNT: -+ case TIFFTAG_JPEGQTABLES: -+ case TIFFTAG_JPEGDCTABLES: -+ case TIFFTAG_JPEGACTABLES: -+ case TIFFTAG_JPEGPROC: -+ case TIFFTAG_JPEGRESTARTINTERVAL: -+ return 1; -+ } -+ break; -+ case COMPRESSION_CCITTRLE: -+ case COMPRESSION_CCITTRLEW: -+ case COMPRESSION_CCITTFAX3: -+ case COMPRESSION_CCITTFAX4: -+ switch (tag) { -+ case TIFFTAG_BADFAXLINES: -+ case TIFFTAG_CLEANFAXDATA: -+ case TIFFTAG_CONSECUTIVEBADFAXLINES: -+ return 1; -+ case TIFFTAG_GROUP3OPTIONS: -+ if (tif->tif_dir.td_compression == COMPRESSION_CCITTFAX3) -+ return 1; -+ break; -+ case TIFFTAG_GROUP4OPTIONS: -+ if (tif->tif_dir.td_compression == COMPRESSION_CCITTFAX4) -+ return 1; -+ break; -+ } -+ break; -+ case COMPRESSION_JBIG: -+ /* No codec-specific tags */ -+ break; -+ case COMPRESSION_DEFLATE: -+ case COMPRESSION_ADOBE_DEFLATE: -+ if (tag == TIFFTAG_PREDICTOR) -+ return 1; -+ break; -+ case COMPRESSION_PIXARLOG: -+ if (tag == TIFFTAG_PREDICTOR) -+ return 1; -+ break; -+ case COMPRESSION_SGILOG: -+ case COMPRESSION_SGILOG24: -+ /* No codec-specific tags */ -+ break; -+ case COMPRESSION_LZMA: -+ if (tag == TIFFTAG_PREDICTOR) -+ return 1; -+ break; -+ -+ } -+ return 0; -+} -+ - /* vim: set ts=8 sts=8 sw=8 noet: */ - - /* -diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c -index 1d4f0b9..f1dc3d7 100644 ---- a/libtiff/tif_dirread.c -+++ b/libtiff/tif_dirread.c -@@ -3580,6 +3580,10 @@ TIFFReadDirectory(TIFF* tif) - goto bad; - dp->tdir_tag=IGNORE; - break; -+ default: -+ if( !_TIFFCheckFieldIsValidForCodec(tif, dp->tdir_tag) ) -+ dp->tdir_tag=IGNORE; -+ break; - } - } - } --- -2.7.4 - |